From 5479d49dc9fc604d9b915520e8e9761aa62cb133 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 27 Feb 2018 14:11:56 +0000
Subject: [PATCH] More tidying

---
 src/freedombone-app-etherpad  | 463 ++++++++++++++--------------
 src/freedombone-app-fedwiki   | 241 ++++++++-------
 src/freedombone-app-friendica | 498 +++++++++++++++---------------
 src/freedombone-app-ghost     | 380 +++++++++++------------
 src/freedombone-app-gnusocial | 564 +++++++++++++++++-----------------
 src/freedombone-app-gogs      | 435 +++++++++++++-------------
 src/freedombone-app-htmly     | 545 ++++++++++++++++----------------
 src/freedombone-app-hubzilla  | 510 +++++++++++++++---------------
 src/freedombone-app-icecast   | 436 +++++++++++++-------------
 src/freedombone-app-ipfs      | 284 ++++++++---------
 src/freedombone-app-irc       | 403 ++++++++++++------------
 src/freedombone-app-jitsi     | 167 +++++-----
 src/freedombone-app-kanboard  | 391 ++++++++++++-----------
 src/freedombone-app-keyserver | 401 ++++++++++++------------
 src/freedombone-app-koel      | 493 ++++++++++++++---------------
 src/freedombone-app-lychee    | 368 +++++++++++-----------
 src/freedombone-app-mailpile  | 172 +++++------
 src/freedombone-app-matrix    | 324 +++++++++----------
 18 files changed, 3558 insertions(+), 3517 deletions(-)

diff --git a/src/freedombone-app-etherpad b/src/freedombone-app-etherpad
index 3082e6fd..330de307 100755
--- a/src/freedombone-app-etherpad
+++ b/src/freedombone-app-etherpad
@@ -41,7 +41,7 @@ ETHERPAD_REPO="https://github.com/ether/etherpad-lite"
 ETHERPAD_COMMIT='454f539561a8d9de51ed107a29d974eb79198bc6'
 ETHERPAD_ADMIN_PASSWORD=
 ETHERPAD_TITLE=$'Freedombone Docs'
-ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
+ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\\n\\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
 
 etherpad_variables=(ONION_ONLY
                     DEFAULT_DOMAIN_NAME
@@ -67,109 +67,109 @@ function change_password_etherpad {
     read_config_param ETHERPAD_DOMAIN_NAME
 
     if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
-        user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
+        user_line=$(grep "\"$change_username\": {" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json")
         if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": true }|g" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
         else
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
         fi
-        ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
+        "${PROJECT_NAME}-pass" -u "$change_username" -a etherpad -p "$2"
         systemctl restart etherpad
     fi
 }
 
 function etherpad_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
-            ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
+            ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
+    if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function create_etherpad_settings {
-    settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
-    echo '{' > $settings_file
-    echo "  \"title\": \"${ETHERPAD_TITLE}\"," >> $settings_file
-    echo '  "favicon": "favicon.ico",' >> $settings_file
+    settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
+    { echo '{';
+      echo "  \"title\": \"${ETHERPAD_TITLE}\",";
+      echo '  "favicon": "favicon.ico",';
 
-    echo '  "ip": "127.0.0.1",' >> $settings_file
-    echo "  \"port\" : ${ETHERPAD_PORT}," >> $settings_file
+      echo '  "ip": "127.0.0.1",';
+      echo "  \"port\" : ${ETHERPAD_PORT},";
 
-    echo '  "showSettingsInAdminPage" : true,' >> $settings_file
-    echo '   "dbType" : "mysql",' >> $settings_file
-    echo '   "dbSettings" : {' >> $settings_file
-    echo '                    "user"    : "root",' >> $settings_file
-    echo '                    "host"    : "localhost",' >> $settings_file
-    echo "                    \"password\": \"${MARIADB_PASSWORD}\"," >> $settings_file
-    echo '                    "database": "etherpad",' >> $settings_file
-    echo '                    "charset" : "utf8mb4"' >> $settings_file
-    echo '                  },' >> $settings_file
+      echo '  "showSettingsInAdminPage" : true,';
+      echo '   "dbType" : "mysql",';
+      echo '   "dbSettings" : {';
+      echo '                    "user"    : "root",';
+      echo '                    "host"    : "localhost",';
+      echo "                    \"password\": \"${MARIADB_PASSWORD}\",";
+      echo '                    "database": "etherpad",';
+      echo '                    "charset" : "utf8mb4"';
+      echo '                  },';
 
-    echo "  \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"," >> $settings_file
+      echo "  \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\",";
 
-    echo '  "padOptions": {' >> $settings_file
-    echo '    "noColors": false,' >> $settings_file
-    echo '    "showControls": true,' >> $settings_file
-    echo '    "showChat": true,' >> $settings_file
-    echo '    "showLineNumbers": false,' >> $settings_file
-    echo '    "useMonospaceFont": false,' >> $settings_file
-    echo '    "userName": false,' >> $settings_file
-    echo '    "userColor": true,' >> $settings_file
-    echo '    "rtl": false,' >> $settings_file
-    echo '    "alwaysShowChat": true,' >> $settings_file
-    echo '    "chatAndUsers": true,' >> $settings_file
-    echo '    "lang": "en-gb"' >> $settings_file
-    echo '  },' >> $settings_file
+      echo '  "padOptions": {';
+      echo '    "noColors": false,';
+      echo '    "showControls": true,';
+      echo '    "showChat": true,';
+      echo '    "showLineNumbers": false,';
+      echo '    "useMonospaceFont": false,';
+      echo '    "userName": false,';
+      echo '    "userColor": true,';
+      echo '    "rtl": false,';
+      echo '    "alwaysShowChat": true,';
+      echo '    "chatAndUsers": true,';
+      echo '    "lang": "en-gb"';
+      echo '  },';
 
-    echo '  "suppressErrorsInPadText" : true,' >> $settings_file
-    echo '  "requireSession" : false,' >> $settings_file
-    echo '  "editOnly" : false,' >> $settings_file
-    echo '  "sessionNoPassword" : false,' >> $settings_file
-    echo '  "minify" : true,' >> $settings_file
-    echo '  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours' >> $settings_file
-    echo '  "abiword" : null,' >> $settings_file
-    echo '  "soffice" : null,' >> $settings_file
-    echo '  "tidyHtml" : null,' >> $settings_file
-    echo '  "allowUnknownFileEnds" : false,' >> $settings_file
-    echo '  "requireAuthentication" : true,' >> $settings_file
-    echo '  "requireAuthorization" : true,' >> $settings_file
-    echo '  "trustProxy" : false,' >> $settings_file
-    echo '  "disableIPlogging" : true,' >> $settings_file
+      echo '  "suppressErrorsInPadText" : true,';
+      echo '  "requireSession" : false,';
+      echo '  "editOnly" : false,';
+      echo '  "sessionNoPassword" : false,';
+      echo '  "minify" : true,';
+      echo '  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours';
+      echo '  "abiword" : null,';
+      echo '  "soffice" : null,';
+      echo '  "tidyHtml" : null,';
+      echo '  "allowUnknownFileEnds" : false,';
+      echo '  "requireAuthentication" : true,';
+      echo '  "requireAuthorization" : true,';
+      echo '  "trustProxy" : false,';
+      echo '  "disableIPlogging" : true,';
 
-    echo '  "users": {' >> $settings_file
-    echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
-    echo '  },' >> $settings_file
+      echo '  "users": {';
+      echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }";
+      echo '  },';
 
-    echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
-    echo '  "loadTest": false,' >> $settings_file
-    echo '  "indentationOnNewLine": false,' >> $settings_file
+      echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],';
+      echo '  "loadTest": false,';
+      echo '  "indentationOnNewLine": false,';
 
-    echo '  "toolbar": {' >> $settings_file
-    echo '    "left": [' >> $settings_file
-    echo '      ["bold", "italic", "underline", "strikethrough"],' >> $settings_file
-    echo '      ["orderedlist", "unorderedlist", "indent", "outdent"],' >> $settings_file
-    echo '      ["undo", "redo"],' >> $settings_file
-    echo '      ["clearauthorship"]' >> $settings_file
-    echo '    ],' >> $settings_file
-    echo '    "right": [' >> $settings_file
-    echo '      ["importexport", "timeslider", "savedrevision"],' >> $settings_file
-    echo '      ["settings", "embed"],' >> $settings_file
-    echo '      ["showusers"]' >> $settings_file
-    echo '    ],' >> $settings_file
-    echo '    "timeslider": [' >> $settings_file
-    echo '      ["timeslider_export", "timeslider_returnToPad"]' >> $settings_file
-    echo '    ]' >> $settings_file
-    echo '  },' >> $settings_file
-    echo '  "loglevel": "INFO"' >> $settings_file
-    echo '}' >> $settings_file
+      echo '  "toolbar": {';
+      echo '    "left": [';
+      echo '      ["bold", "italic", "underline", "strikethrough"],';
+      echo '      ["orderedlist", "unorderedlist", "indent", "outdent"],';
+      echo '      ["undo", "redo"],';
+      echo '      ["clearauthorship"]';
+      echo '    ],';
+      echo '    "right": [';
+      echo '      ["importexport", "timeslider", "savedrevision"],';
+      echo '      ["settings", "embed"],';
+      echo '      ["showusers"]';
+      echo '    ],';
+      echo '    "timeslider": [';
+      echo '      ["timeslider_export", "timeslider_returnToPad"]';
+      echo '    ]';
+      echo '  },';
+      echo '  "loglevel": "INFO"';
+      echo '}'; } > $settings_file
     chmod 600 $settings_file
 }
 
@@ -177,7 +177,7 @@ function remove_user_etherpad {
     remove_username="$1"
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp etherpad
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp etherpad
 
     if grep -q "\"$remove_username\": {" $settings_file; then
         sed -i "/\"$remove_username\": {/d" $settings_file
@@ -191,7 +191,7 @@ function add_user_etherpad {
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 
     if ! grep -q "\"$new_username\": {" $settings_file; then
-        ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
+        "${PROJECT_NAME}-pass" -u "$new_username" -a etherpad -p "$2"
         sed -i "/\"users\": {/a    \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
         if grep -q "\"$new_username\": {" $settings_file; then
             systemctl restart etherpad
@@ -204,11 +204,11 @@ function add_user_etherpad {
 }
 
 function install_interactive_etherpad {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         ETHERPAD_DOMAIN_NAME='etherpad.local'
         write_config_param "ETHERPAD_DOMAIN_NAME" "$ETHERPAD_DOMAIN_NAME"
     else
@@ -220,18 +220,17 @@ function install_interactive_etherpad {
 
 function etherpad_set_title {
     read_config_param "ETHERPAD_TITLE"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Etherpad Title" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>$data
+           --inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_title=$(<$data)
+            temp_title=$(<"$data")
             if [ ${#temp_title} -gt 0 ]; then
                 ETHERPAD_TITLE="$temp_title"
-                settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json
+                settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
 
                 write_config_param "ETHERPAD_TITLE" "$ETHERPAD_TITLE"
                 sed -i "s|\"title\":.*|\"title\": \"${ETHERPAD_TITLE}\"|g" $settings_file
@@ -241,22 +240,22 @@ function etherpad_set_title {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function etherpad_set_welcome_message {
     read_config_param "ETHERPAD_WELCOME_MESSAGE"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Etherpad Welcome Message" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>$data
+           --inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_welcome=$(<$data)
+            temp_welcome=$(<"$data")
             if [ ${#temp_welcome} -gt 0 ]; then
                 ETHERPAD_WELCOME_MESSAGE="$temp_welcome"
-                settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json
+                settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
 
                 write_config_param "ETHERPAD_WELCOME_MESSAGE" "$ETHERPAD_WELCOME_MESSAGE"
                 sed -i "s|\"defaultPadText\" :.*|\"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"|g" $settings_file
@@ -266,29 +265,33 @@ function etherpad_set_welcome_message {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_etherpad {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Etherpad Settings" \
                --radiolist $"Choose an operation:" 12 70 3 \
                1 $"Set Title" off \
                2 $"Set a welcome message" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) etherpad_set_title;;
             2) etherpad_set_welcome_message;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -311,18 +314,18 @@ function upgrade_etherpad {
 
 function backup_local_etherpad {
     ETHERPAD_DOMAIN_NAME='etherpad'
-    if grep -q "etherpad domain" $COMPLETION_FILE; then
+    if grep -q "etherpad domain" "$COMPLETION_FILE"; then
         ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
     fi
 
     source_directory=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    if [ -d "$source_directory" ]; then
         dest_directory=etherpad
         function_check suspend_site
-        suspend_site ${ETHERPAD_DOMAIN_NAME}
+        suspend_site "${ETHERPAD_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb etherpad
@@ -333,50 +336,50 @@ function backup_local_etherpad {
 }
 
 function restore_local_etherpad {
-    if ! grep -q "etherpad domain" $COMPLETION_FILE; then
+    if ! grep -q "etherpad domain" "$COMPLETION_FILE"; then
         return
     fi
     ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
-    if [ $ETHERPAD_DOMAIN_NAME ]; then
+    if [ "$ETHERPAD_DOMAIN_NAME" ]; then
         temp_restore_dir=/root/tempetherpad
-        etherpad_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
+        #etherpad_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
 
         function_check etherpad_create_database
         etherpad_create_database
 
-        restore_database etherpad ${ETHERPAD_DOMAIN_NAME}
+        restore_database etherpad "${ETHERPAD_DOMAIN_NAME}"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-        if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
-            chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+        chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
+        if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
+            chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
         fi
-        if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
-            chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
+        if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
+            chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
-        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
+        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
         MARIADB_PASSWORD=
     fi
 }
 
 function backup_remote_etherpad {
-    if grep -q "etherpad domain" $COMPLETION_FILE; then
+    if grep -q "etherpad domain" "$COMPLETION_FILE"; then
         ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
-        temp_backup_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        temp_backup_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
+        if [ -d "$temp_backup_dir" ]; then
             function_check suspend_site
-            suspend_site ${ETHERPAD_DOMAIN_NAME}
+            suspend_site "${ETHERPAD_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend etherpad
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir etherpad
+            backup_directory_to_friend "$temp_backup_dir" etherpad
 
             function_check restart_site
             restart_site
@@ -387,29 +390,29 @@ function backup_remote_etherpad {
 }
 
 function restore_remote_etherpad {
-    if grep -q "etherpad domain" $COMPLETION_FILE; then
+    if grep -q "etherpad domain" "$COMPLETION_FILE"; then
         ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
 
         function_check etherpad_create_database
         etherpad_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend etherpad ${ETHERPAD_DOMAIN_NAME}
+        restore_database_from_friend etherpad "${ETHERPAD_DOMAIN_NAME}"
         if [ -d /root/tempetherpad ]; then
             rm -rf /root/tempetherpad
         fi
 
-        chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-        if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
-            chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+        chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
+        if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
+            chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
         fi
-        if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
-            chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
+        if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
+            chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
-        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
+        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
         MARIADB_PASSWORD=
     fi
 }
@@ -427,13 +430,13 @@ function remove_etherpad {
         rm /etc/systemd/system/etherpad.service
     fi
     systemctl daemon-reload
-    nginx_dissite $ETHERPAD_DOMAIN_NAME
-    remove_certs $ETHERPAD_DOMAIN_NAME
-    if [ -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$ETHERPAD_DOMAIN_NAME
+    nginx_dissite "$ETHERPAD_DOMAIN_NAME"
+    remove_certs "$ETHERPAD_DOMAIN_NAME"
+    if [ -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$ETHERPAD_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database etherpad
@@ -441,7 +444,7 @@ function remove_etherpad {
     remove_onion_service etherpad ${ETHERPAD_ONION_PORT}
     remove_app etherpad
     remove_completion_param install_etherpad
-    sed -i '/etherpad/d' $COMPLETION_FILE
+    sed -i '/etherpad/d' "$COMPLETION_FILE"
     remove_backup_database_local etherpad
     remove_nodejs etherpad
 
@@ -449,22 +452,22 @@ function remove_etherpad {
     userdel -r etherpad
 
     function_check remove_ddns_domain
-    remove_ddns_domain $ETHERPAD_DOMAIN_NAME
+    remove_ddns_domain "$ETHERPAD_DOMAIN_NAME"
 }
 
 function install_etherpad {
-    if [ ! $ETHERPAD_DOMAIN_NAME ]; then
+    if [ ! "$ETHERPAD_DOMAIN_NAME" ]; then
         echo $'No domain name was given for etherpad'
         exit 7359
     fi
 
     check_ram_availability 2000
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
-            ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
+            ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -484,133 +487,133 @@ function install_etherpad {
     function_check install_nodejs
     install_nodejs etherpad
 
-    if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
-        mkdir /var/www/$ETHERPAD_DOMAIN_NAME
+    if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$ETHERPAD_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/etherpad ]; then
-            mkdir /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/etherpad/. /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-            cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/etherpad/. "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 32468346
             git pull
         else
             function_check git_clone
-            git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+            git_clone "$ETHERPAD_REPO" "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone etherpad repo'
             exit 56382
         fi
     fi
 
-    cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-    git checkout $ETHERPAD_COMMIT -b $ETHERPAD_COMMIT
+    cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 24654824
+    git checkout "$ETHERPAD_COMMIT" -b "$ETHERPAD_COMMIT"
     set_completion_param "etherpad commit" "$ETHERPAD_COMMIT"
 
-    chmod a+w /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-    chown www-data:www-data /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+    chmod a+w "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
+    chown www-data:www-data "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
 
     function_check etherpad_create_database
     etherpad_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $ETHERPAD_DOMAIN_NAME
+    add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
 
     create_etherpad_settings
 
-    adduser --system --home=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/ --group etherpad
-    chown -R etherpad: /var/www/$ETHERPAD_DOMAIN_NAME/htdocs/
+    adduser --system --home="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/" --group etherpad
+    chown -R etherpad: "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/"
 
-    echo '[Unit]' > /etc/systemd/system/etherpad.service
-    echo 'Description=etherpad-lite (real-time collaborative document editing)' >> /etc/systemd/system/etherpad.service
-    echo 'After=syslog.target network.target' >> /etc/systemd/system/etherpad.service
-    echo '' >> /etc/systemd/system/etherpad.service
-    echo '[Service]' >> /etc/systemd/system/etherpad.service
-    echo 'Type=simple' >> /etc/systemd/system/etherpad.service
-    echo 'User=etherpad' >> /etc/systemd/system/etherpad.service
-    echo 'Group=etherpad' >> /etc/systemd/system/etherpad.service
-    echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" >> /etc/systemd/system/etherpad.service
-    echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh" >> /etc/systemd/system/etherpad.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/etherpad.service
-    echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/etherpad.service
-    echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/etherpad.service
-    echo '' >> /etc/systemd/system/etherpad.service
-    echo '[Install]' >> /etc/systemd/system/etherpad.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/etherpad.service
+    { echo '[Unit]';
+      echo 'Description=etherpad-lite (real-time collaborative document editing)';
+      echo 'After=syslog.target network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=etherpad';
+      echo 'Group=etherpad';
+      echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs";
+      echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/etherpad.service
     chmod +x /etc/systemd/system/etherpad.service
 
     etherpad_nginx_site=/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $ETHERPAD_DOMAIN_NAME
-        echo 'server {' >> $etherpad_nginx_site
-        echo '  listen 443 ssl;' >> $etherpad_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $etherpad_nginx_site
-        echo "  server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  # Security' >> $etherpad_nginx_site
+        nginx_http_redirect "$ETHERPAD_DOMAIN_NAME"
+        { echo 'server {';
+        echo '  listen 443 ssl;';
+        echo '  #listen [::]:443 ssl;';
+        echo "  server_name $ETHERPAD_DOMAIN_NAME;";
+        echo '';
+        echo '  # Security'; } >> "$etherpad_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $ETHERPAD_DOMAIN_NAME
+        nginx_ssl "$ETHERPAD_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME
+        nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  # Logs' >> $etherpad_nginx_site
-        echo '  access_log /dev/null;' >> $etherpad_nginx_site
-        echo '  error_log /dev/null;' >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  # Root' >> $etherpad_nginx_site
-        echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  location / {' >> $etherpad_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+        echo '';
+        echo '  # Logs';
+        echo '  access_log /dev/null;';
+        echo '  error_log /dev/null;';
+        echo '';
+        echo '  # Root';
+        echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
+        echo '';
+        echo '  location / {'; } >> "$etherpad_nginx_site"
         function_check nginx_limits
-        nginx_limits $ETHERPAD_DOMAIN_NAME '15m'
-        echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site
-        echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
-        echo '    proxy_buffering   off;' >> $etherpad_nginx_site
-        echo '  }' >> $etherpad_nginx_site
-        echo '}' >> $etherpad_nginx_site
+        nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
+        { echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;";
+          echo "    proxy_set_header  Host \$host;";
+          echo '    proxy_buffering   off;';
+          echo '  }';
+          echo '}'; } >> "$etherpad_nginx_site"
     else
-        echo -n '' > $etherpad_nginx_site
+        echo -n '' > "$etherpad_nginx_site"
     fi
-    echo 'server {' >> $etherpad_nginx_site
-    echo "    listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;" >> $etherpad_nginx_site
-    echo "    server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;";
+      echo "    server_name $ETHERPAD_ONION_HOSTNAME;";
+      echo ''; } >> "$etherpad_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME
-    echo '' >> $etherpad_nginx_site
-    echo '  # Logs' >> $etherpad_nginx_site
-    echo '  access_log /dev/null;' >> $etherpad_nginx_site
-    echo '  error_log /dev/null;' >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
-    echo '  # Root' >> $etherpad_nginx_site
-    echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
-    echo '  location / {' >> $etherpad_nginx_site
+    nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  location / {'; } >> "$etherpad_nginx_site"
     function_check nginx_limits
-    nginx_limits $ETHERPAD_DOMAIN_NAME '15m'
-    echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site
-    echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
-    echo '    proxy_buffering   off;' >> $etherpad_nginx_site
-    echo '  }' >> $etherpad_nginx_site
-    echo '}' >> $etherpad_nginx_site
+    nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
+    { echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;";
+      echo "    proxy_set_header  Host \$host;";
+      echo '    proxy_buffering   off;';
+      echo '  }';
+      echo '}'; } >> "$etherpad_nginx_site"
 
     function_check create_site_certificate
-    create_site_certificate $ETHERPAD_DOMAIN_NAME 'yes'
+    create_site_certificate "$ETHERPAD_DOMAIN_NAME" 'yes'
 
-    if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt ]; then
-        mv /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+    if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" ]; then
+        mv "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
     fi
-    if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
-        chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+    if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
+        chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
     fi
-    if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
-        chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
+    if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
+        chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
     fi
     usermod -a -G ssl-cert etherpad
 
@@ -623,14 +626,14 @@ function install_etherpad {
     backup_database_local etherpad
 
     function_check nginx_ensite
-    nginx_ensite $ETHERPAD_DOMAIN_NAME
+    nginx_ensite "$ETHERPAD_DOMAIN_NAME"
 
     ETHERPAD_ONION_HOSTNAME=$(add_onion_service etherpad 80 ${ETHERPAD_ONION_PORT})
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $ETHERPAD_DOMAIN_NAME
+    add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
 
     set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME"
 
diff --git a/src/freedombone-app-fedwiki b/src/freedombone-app-fedwiki
index d8b27591..8197e49a 100755
--- a/src/freedombone-app-fedwiki
+++ b/src/freedombone-app-fedwiki
@@ -127,7 +127,7 @@ function add_user_fedwiki {
 }
 
 function install_interactive_fedwiki {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -148,7 +148,7 @@ function change_password_fedwiki {
         echo $'Fedwiki password is too short'
         return
     fi
-    ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
     sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
     sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json
     systemctl daemon-reload
@@ -177,12 +177,12 @@ function upgrade_fedwiki {
 
 function backup_local_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
 
     systemctl stop fedwiki
-    suspend_site ${FEDWIKI_DOMAIN_NAME}
+    suspend_site "${FEDWIKI_DOMAIN_NAME}"
 
     fedwiki_path=$FEDWIKI_DATA
     if [ -d $fedwiki_path ]; then
@@ -195,11 +195,11 @@ function backup_local_fedwiki {
 
 function restore_local_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
-    if [ $FEDWIKI_DOMAIN_NAME ]; then
-        suspend_site ${FEDWIKI_DOMAIN_NAME}
+    if [ "$FEDWIKI_DOMAIN_NAME" ]; then
+        suspend_site "${FEDWIKI_DOMAIN_NAME}"
         systemctl stop fedwiki
 
         temp_restore_dir=/root/tempfedwiki
@@ -215,8 +215,8 @@ function restore_local_fedwiki {
             rm -rf $temp_restore_dir
         fi
 
-        FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
-        ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
+        FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
+        "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
         sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
         write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
         systemctl daemon-reload
@@ -227,12 +227,12 @@ function restore_local_fedwiki {
 
 function backup_remote_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
 
     systemctl stop fedwiki
-    suspend_site ${FEDWIKI_DOMAIN_NAME}
+    suspend_site "${FEDWIKI_DOMAIN_NAME}"
 
     temp_backup_dir=$FEDWIKI_DATA
     if [ -d $temp_backup_dir ]; then
@@ -248,12 +248,12 @@ function backup_remote_fedwiki {
 
 function restore_remote_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
 
     systemctl stop fedwiki
-    suspend_site ${FEDWIKI_DOMAIN_NAME}
+    suspend_site "${FEDWIKI_DOMAIN_NAME}"
 
     temp_restore_dir=/root/tempfedwiki
     function_check restore_directory_from_friend
@@ -268,8 +268,8 @@ function restore_remote_fedwiki {
         rm -rf $temp_restore_dir
     fi
 
-    FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
-    ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
+    FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
+    "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
     sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
     write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
     systemctl daemon-reload
@@ -294,20 +294,20 @@ function remove_fedwiki {
     remove_nodejs fedwiki
 
     read_config_param "FEDWIKI_DOMAIN_NAME"
-    nginx_dissite $FEDWIKI_DOMAIN_NAME
-    remove_certs ${FEDWIKI_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME
+    nginx_dissite "$FEDWIKI_DOMAIN_NAME"
+    remove_certs "${FEDWIKI_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$FEDWIKI_DOMAIN_NAME ]; then
-        rm -rf /var/www/$FEDWIKI_DOMAIN_NAME
+    if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME"
     fi
     remove_config_param FEDWIKI_DOMAIN_NAME
     remove_config_param FEDWIKI_CODE
     function_check remove_onion_service
     remove_onion_service fedwiki ${FEDWIKI_ONION_PORT}
     remove_completion_param "install_fedwiki"
-    sed -i '/fedwiki/d' $COMPLETION_FILE
+    sed -i '/fedwiki/d' "$COMPLETION_FILE"
 
     groupdel -f fedwiki
     userdel -r fedwiki
@@ -317,101 +317,102 @@ function remove_fedwiki {
     fi
 
     function_check remove_ddns_domain
-    remove_ddns_domain $FEDWIKI_DOMAIN_NAME
+    remove_ddns_domain "$FEDWIKI_DOMAIN_NAME"
 }
 
 function fedwiki_setup_web {
-    fedwiki_nginx_file=/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME
+    fedwiki_nginx_file="/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
 
-    if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $fedwiki_nginx_file
-        echo '  listen 80;' >> $fedwiki_nginx_file
-        echo '  listen [::]:80;' >> $fedwiki_nginx_file
-        echo "  server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
-        echo '  rewrite ^ https://$server_name$request_uri? permanent;' >> $fedwiki_nginx_file
-        echo '}' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
-        echo 'server {' >> $fedwiki_nginx_file
-        echo '  listen 443 ssl;' >> $fedwiki_nginx_file
-        echo '  #listen [::]:443 ssl;' >> $fedwiki_nginx_file
-        echo "  server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        { echo 'server {';
+        echo '  listen 80;';
+        echo '  listen [::]:80;';
+        echo "  server_name $FEDWIKI_DOMAIN_NAME;";
+        echo "  rewrite ^ https://\$server_name\$request_uri? permanent;";
+        echo '}';
+        echo '';
+        echo 'server {';
+        echo '  listen 443 ssl;';
+        echo '  #listen [::]:443 ssl;';
+        echo "  server_name $FEDWIKI_DOMAIN_NAME;";
+        echo ''; } > "$fedwiki_nginx_file"
         function_check nginx_ssl
-        nginx_ssl $FEDWIKI_DOMAIN_NAME mobile
+        nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile
 
-        sed -i '/Content-Security-Policy/d' $fedwiki_nginx_file
-        sed -i '/X-XSS-Protection/d' $fedwiki_nginx_file
-        sed -i '/X-Robots-Tag/d' $fedwiki_nginx_file
-        sed -i '/X-Download-Options/d' $fedwiki_nginx_file
-        sed -i '/X-Permitted-Cross-Domain-Policies/d' $fedwiki_nginx_file
+        sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
+        sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
+        sed -i '/X-Robots-Tag/d' "$fedwiki_nginx_file"
+        sed -i '/X-Download-Options/d' "$fedwiki_nginx_file"
+        sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
 
-        echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
-        echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
-        echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
-        echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
-        echo '  location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
-        echo '    alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
-        echo '  }' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
-        echo '  location / {' >> $fedwiki_nginx_file
-        echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
-        echo '    proxy_set_header Host $host;' >> $fedwiki_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
-        echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
-        echo '  }' >> $fedwiki_nginx_file
-        echo '}' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
+        { echo '  add_header X-Robots-Tag none;';
+          echo '  add_header X-Download-Options noopen;';
+          echo '  add_header X-Frame-Options DENY;';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  location /fonts-font-awesome/ {';
+          echo '    alias /usr/share/fonts-font-awesome/;';
+          echo '  }';
+          echo '';
+          echo '  location / {';
+          echo "    proxy_pass http://localhost:${FEDWIKI_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    client_max_body_size 1M;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> "$fedwiki_nginx_file"
     else
-        echo -n '' > $fedwiki_nginx_file
+        echo -n '' > "$fedwiki_nginx_file"
     fi
-    echo 'server {' >> $fedwiki_nginx_file
-    echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file
-    echo "  server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file
-    echo '' >> $fedwiki_nginx_file
-    echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
-    echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
-    echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
-    echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
-    echo '' >> $fedwiki_nginx_file
-    echo '  location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
-    echo '    alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
-    echo '  }' >> $fedwiki_nginx_file
-    echo '' >> $fedwiki_nginx_file
-    echo '  location / {' >> $fedwiki_nginx_file
-    echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
-    echo '    proxy_set_header Host $host;' >> $fedwiki_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
-    echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
-    echo '  }' >> $fedwiki_nginx_file
-    echo '}' >> $fedwiki_nginx_file
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
+      echo "  server_name $FEDWIKI_ONION_HOSTNAME;";
+      echo '';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Frame-Options DENY;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '';
+      echo '  location /fonts-font-awesome/ {';
+      echo '    alias /usr/share/fonts-font-awesome/;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${FEDWIKI_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    client_max_body_size 1M;';
+      echo '  }';
+      echo '}'; } >> "$fedwiki_nginx_file"
 
     function_check create_site_certificate
-    create_site_certificate $FEDWIKI_DOMAIN_NAME 'yes'
+    create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $FEDWIKI_DOMAIN_NAME
+    nginx_ensite "$FEDWIKI_DOMAIN_NAME"
 }
 
 function install_fedwiki {
-    if [[ $VARIANT == "mesh"* ]]; then
+    # shellcheck disable=SC2153
+    if [[ "$VARIANT" == "mesh"* ]]; then
         return
     fi
 
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [ ! $FEDWIKI_DOMAIN_NAME ]; then
+    if [ ! "$FEDWIKI_DOMAIN_NAME" ]; then
         echo $'The fedwiki domain name was not specified'
         exit 893635
     fi
 
-    if [ ! -d /var/www/$FEDWIKI_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$FEDWIKI_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs"
     fi
 
     if [ ! -d $FEDWIKI_DATA ]; then
@@ -429,14 +430,12 @@ function install_fedwiki {
 
     apt-get -yq install fonts-font-awesome
 
-    npm install -g wiki@$FEDWIKI_VERSION
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g wiki@$FEDWIKI_VERSION; then
         echo $'Failed to install fedwiki'
         exit 6293523
     fi
 
-    npm install -g wiki-security-friends@0.1.0
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g wiki-security-friends@0.1.0; then
         echo $'Failed to install wiki-security-friends'
         exit 783533
     fi
@@ -457,44 +456,44 @@ function install_fedwiki {
         FEDWIKI_COOKIE="$(create_password 20)"
     fi
 
-    echo '[Unit]' > /etc/systemd/system/fedwiki.service
-    echo 'Description=Fedwiki federated wiki' >> /etc/systemd/system/fedwiki.service
-    echo 'After=syslog.target' >> /etc/systemd/system/fedwiki.service
-    echo 'After=network.target' >> /etc/systemd/system/fedwiki.service
-    echo '' >> /etc/systemd/system/fedwiki.service
-    echo '[Service]' >> /etc/systemd/system/fedwiki.service
-    echo 'User=fedwiki' >> /etc/systemd/system/fedwiki.service
-    echo 'Group=fedwiki' >> /etc/systemd/system/fedwiki.service
-    echo "WorkingDirectory=/usr/local/lib/node_modules/wiki" >> /etc/systemd/system/fedwiki.service
-    echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'" >> /etc/systemd/system/fedwiki.service
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/fedwiki.service
-    echo 'StandardError=syslog' >> /etc/systemd/system/fedwiki.service
-    echo 'SyslogIdentifier=fedwiki' >> /etc/systemd/system/fedwiki.service
-    echo 'Restart=always' >> /etc/systemd/system/fedwiki.service
-    echo "Environment=NODE_ENV=production" >> /etc/systemd/system/fedwiki.service
-    echo '' >> /etc/systemd/system/fedwiki.service
-    echo '[Install]' >> /etc/systemd/system/fedwiki.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/fedwiki.service
+    { echo '[Unit]';
+      echo 'Description=Fedwiki federated wiki';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=fedwiki';
+      echo 'Group=fedwiki';
+      echo "WorkingDirectory=/usr/local/lib/node_modules/wiki";
+      echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=fedwiki';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/fedwiki.service
 
     if [ ! -d ${FEDWIKI_DATA}/status ]; then
         mkdir -p ${FEDWIKI_DATA}/status
     fi
     fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
-    echo '{' > $fedwiki_auth_file
-    echo "  \"name\": \"${MY_USERNAME}\"," >> $fedwiki_auth_file
-    echo '  "friend": {' >> $fedwiki_auth_file
-    echo "    \"secret\": \"${FEDWIKI_COOKIE}\"" >> $fedwiki_auth_file
-    echo '  }' >> $fedwiki_auth_file
-    echo '}' >> $fedwiki_auth_file
+    { echo '{';
+      echo "  \"name\": \"${MY_USERNAME}\",";
+      echo '  "friend": {';
+      echo "    \"secret\": \"${FEDWIKI_COOKIE}\"";
+      echo '  }';
+      echo '}'; } > $fedwiki_auth_file
 
     chown -R fedwiki:fedwiki $FEDWIKI_DATA
 
     fedwiki_setup_web
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a fedwiki -p "$FEDWIKI_COOKIE"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a fedwiki -p "$FEDWIKI_COOKIE"
 
     function_check add_ddns_domain
-    add_ddns_domain $FEDWIKI_DOMAIN_NAME
+    add_ddns_domain "$FEDWIKI_DOMAIN_NAME"
 
     fedwiki_remove_bad_links
 
diff --git a/src/freedombone-app-friendica b/src/freedombone-app-friendica
index db1ad7bc..7eee5abe 100755
--- a/src/freedombone-app-friendica
+++ b/src/freedombone-app-friendica
@@ -60,7 +60,7 @@ function logging_off_friendica {
 
 function remove_user_friendica {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp friendica
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp friendica
 }
 
 function add_user_friendica {
@@ -71,27 +71,26 @@ function add_user_friendica {
 
     new_username="$1"
     new_user_password="$2"
-    ${PROJECT_NAME}-pass -u $new_username -a friendica -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a friendica -p "$new_user_password"
     echo '0'
 }
 
 function friendica_renew_cert {
     dialog --title $"Renew SSL certificate" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
+           --yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
     FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
-    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Renew SSL certificate" \
                --msgbox $"Friendica install directory not found" 6 40
         return
     fi
-    ${PROJECT_NAME}-renew-cert -h $FRIENDICA_DOMAIN_NAME -p 'letsencrypt'
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-renew-cert" -h "$FRIENDICA_DOMAIN_NAME" -p 'letsencrypt'; then
         any_key
     else
         dialog --title $"Renew SSL certificate" \
@@ -100,52 +99,54 @@ function friendica_renew_cert {
 }
 
 function friendica_channel_directory_server {
-    if ! grep -q "friendica domain" $COMPLETION_FILE; then
+    if ! grep -q "friendica domain" "$COMPLETION_FILE"; then
         dialog --title $"Friendica channel directory server" \
                --msgbox $"Friendica is not installed on this system" 6 40
         return
     fi
     FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
-    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Friendica channel directory server" \
                --msgbox $"Friendica install directory not found" 6 40
         return
     fi
 
-    CURR_DIR_SERVER=$(cat /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php | grep directory | awk -F "'" '{print $6}')
+    CURR_DIR_SERVER=$(grep directory "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php" | awk -F "'" '{print $6}')
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Friendica channel directory server" \
            --backtitle $"Freedombone Control Panel" \
            --inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>$data
     sel=$?
     case $sel in
         0)
-            friendica_domain_server=$(<$data)
+            friendica_domain_server=$(<"$data")
             if [[ "$friendica_domain_server" != *"."* ]]; then
+                rm -f "$data"
                 return
             fi
             if [[ "$friendica_domain_server" != "http"* ]]; then
                 dialog --title $"Friendica channel directory server" \
                        --msgbox $"Invalid domain - include the https://" 6 40
+                rm -f "$data"
                 return
             fi
-            sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
+            sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
             dialog --title $"Friendica channel directory server" \
                    --msgbox $"Domain channel directory server changed to $friendica_domain_server" 6 40
             ;;
     esac
+    rm -f "$data"
 }
 
 function friendica_close_registrations {
-    sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
+    sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
     dialog --title $"Friendica Account Registrations" \
            --msgbox $"New registrations are now closed" 6 40
 }
 
 function friendica_allow_registrations {
-    sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
+    sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
     dialog --title $"Friendica Account Registrations" \
            --msgbox $"New registrations are permitted" 6 40
 }
@@ -153,8 +154,7 @@ function friendica_allow_registrations {
 function configure_interactive_friendica {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Friendica" \
                --radiolist $"Choose an operation:" 15 70 6 \
@@ -162,19 +162,21 @@ function configure_interactive_friendica {
                2 $"Renew SSL certificate" off \
                3 $"Close new account registrations" off \
                4 $"Allow new account registrations" off \
-               5 $"Back to main menu" on 2> $data
+               5 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
             1) break;;
             255) break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) friendica_channel_directory_server;;
             2) friendica_renew_cert;;
             3) friendica_close_registrations;;
             4) friendica_allow_registrations;;
-            5) break;;
+            5) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -190,7 +192,7 @@ function install_interactive_friendica {
 }
 
 function change_password_friendica {
-    FRIENDICA_USERNAME="$1"
+    #FRIENDICA_USERNAME="$1"
     FRIENDICA_PASSWORD="$2"
     if [ ${#FRIENDICA_PASSWORD} -lt 8 ]; then
         echo $'Friendica password is too short'
@@ -201,14 +203,14 @@ function change_password_friendica {
 }
 
 function friendica_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        FRIENDICA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        FRIENDICA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     fi
-    if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then
-        FRIENDICA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
+        FRIENDICA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a friendica -p "$FRIENDICA_ADMIN_PASSWORD"
-    if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a friendica -p "$FRIENDICA_ADMIN_PASSWORD"
+    if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -229,17 +231,17 @@ function upgrade_friendica {
     FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
 
     function_check set_repo_commit
-    set_repo_commit $FRIENDICA_PATH "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO
-    set_repo_commit $FRIENDICA_PATH/addon "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO
+    set_repo_commit "$FRIENDICA_PATH" "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO
+    set_repo_commit "$FRIENDICA_PATH/addon" "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO
 }
 
 function backup_local_friendica {
-    friendica_path=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs
-    if [ -d $friendica_path ]; then
+    friendica_path="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
+    if [ -d "$friendica_path" ]; then
         function_check backup_database_to_usb
         backup_database_to_usb friendica
 
-        backup_directory_to_usb $friendica_path friendica
+        backup_directory_to_usb "$friendica_path" friendica
     fi
 }
 
@@ -250,31 +252,31 @@ function restore_local_friendica {
     function_check friendica_create_database
     friendica_create_database
 
-    restore_database friendica ${FRIENDICA_DOMAIN_NAME}
-    if [ -d $USB_MOUNT/backup/friendica ]; then
-        if [ ! -d $friendica_dir/store/[data]/smarty3 ]; then
-            mkdir -p $friendica_dir/store/[data]/smarty3
+    restore_database friendica "${FRIENDICA_DOMAIN_NAME}"
+    if [ -d "$USB_MOUNT/backup/friendica" ]; then
+        if [ ! -d "$friendica_dir/store/[data]/smarty3" ]; then
+            mkdir -p "$friendica_dir/store/[data]/smarty3"
         fi
-        chmod 1777 $friendica_dir/store/[data]/smarty3
-        chown -R www-data:www-data $friendica_dir/*
+        chmod 1777 "$friendica_dir/store/[data]/smarty3"
+        chown -R www-data:www-data "$friendica_dir/*"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
-        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
+        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
         MARIADB_PASSWORD=
     fi
 }
 
 function backup_remote_friendica {
-    temp_backup_dir=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs
-    if [ -d $temp_backup_dir ]; then
-        suspend_site ${FRIENDICA_DOMAIN_NAME}
+    temp_backup_dir="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
+    if [ -d "$temp_backup_dir" ]; then
+        suspend_site "${FRIENDICA_DOMAIN_NAME}"
         backup_database_to_friend friendica
         echo "Backing up Friendica installation"
-        backup_directory_to_friend $temp_backup_dir friendica
+        backup_directory_to_friend "$temp_backup_dir" friendica
         restart_site
         echo "Backup of Friendica complete"
     else
@@ -289,21 +291,21 @@ function restore_remote_friendica {
     function_check friendica_create_database
     friendica_create_database
 
-    restore_database_from_friend friendica ${FRIENDICA_DOMAIN_NAME}
-    if [ -d $SERVER_DIRECTORY/backup/friendica ]; then
-        if [ ! -d /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
-            mkdir -p /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
+    restore_database_from_friend friendica "${FRIENDICA_DOMAIN_NAME}"
+    if [ -d "$SERVER_DIRECTORY/backup/friendica" ]; then
+        if [ ! -d "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
+            mkdir -p "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
         fi
-        chmod 1777 /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
-        chown -R www-data:www-data /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*
+        chmod 1777 "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
+        chown -R www-data:www-data "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*"
     fi
     if [ -d /root/tempfriendica ]; then
         rm -rf /root/tempfriendica
     fi
 
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-    FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
-    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+    FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
+    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
     MARIADB_PASSWORD=
 }
 
@@ -311,35 +313,35 @@ function remove_friendica {
     if [ ${#FRIENDICA_DOMAIN_NAME} -eq 0 ]; then
         return
     fi
-    nginx_dissite $FRIENDICA_DOMAIN_NAME
-    remove_certs ${FRIENDICA_DOMAIN_NAME}
-    if [ -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
-        rm -rf /var/www/$FRIENDICA_DOMAIN_NAME
+    nginx_dissite "$FRIENDICA_DOMAIN_NAME"
+    remove_certs "${FRIENDICA_DOMAIN_NAME}"
+    if [ -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$FRIENDICA_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database friendica
     function_check remove_onion_service
     remove_onion_service friendica ${FRIENDICA_ONION_PORT}
-    sed -i '/friendica/d' $COMPLETION_FILE
+    sed -i '/friendica/d' "$COMPLETION_FILE"
     sed -i '/poller.php/d' /etc/crontab
 
     function_check remove_ddns_domain
-    remove_ddns_domain $FRIENDICA_DOMAIN_NAME
+    remove_ddns_domain "$FRIENDICA_DOMAIN_NAME"
 }
 
 function install_friendica {
-    if [ ! $FRIENDICA_DOMAIN_NAME ]; then
+    if [ ! "$FRIENDICA_DOMAIN_NAME" ]; then
         return
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         return
     fi
 
-    FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
+    FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
 
     function_check install_mariadb
     install_mariadb
@@ -354,38 +356,38 @@ function install_friendica {
     apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
     apt-get -yq install php-memcached
 
-    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
-        mkdir /var/www/$FRIENDICA_DOMAIN_NAME
+    if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$FRIENDICA_DOMAIN_NAME"
     fi
-    if [ ! -d $FRIENDICA_PATH ]; then
-        mkdir $FRIENDICA_PATH
+    if [ ! -d "$FRIENDICA_PATH" ]; then
+        mkdir "$FRIENDICA_PATH"
     fi
 
-    if [ ! -f $FRIENDICA_PATH/index.php ]; then
-        cd $INSTALL_DIR
+    if [ ! -f "$FRIENDICA_PATH/index.php" ]; then
+        cd "$INSTALL_DIR" || exit 2346824864
 
         if [ -d /repos/friendica ]; then
             mkdir friendica
             cp -r -p /repos/friendica/. friendica
-            cd friendica
+            cd friendica || exit 24682462
             git pull
         else
             function_check git_clone
-            git_clone $FRIENDICA_REPO friendica
+            git_clone "$FRIENDICA_REPO" friendica
         fi
 
         git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT
         set_completion_param "friendica commit" "$FRIENDICA_COMMIT"
 
-        rm -rf $FRIENDICA_PATH
-        mv friendica $FRIENDICA_PATH
+        rm -rf "$FRIENDICA_PATH"
+        mv friendica "$FRIENDICA_PATH"
 
-        git_clone $FRIENDICA_ADDONS_REPO $FRIENDICA_PATH/addon
-        cd $FRIENDICA_PATH/addon
-        git checkout $FRIENDICA_ADDONS_COMMIT -b $FRIENDICA_ADDONS_COMMIT
+        git_clone "$FRIENDICA_ADDONS_REPO" "$FRIENDICA_PATH/addon"
+        cd "$FRIENDICA_PATH/addon" || exit 34835685
+        git checkout "$FRIENDICA_ADDONS_COMMIT" -b "$FRIENDICA_ADDONS_COMMIT"
         set_completion_param "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT"
 
-        chown -R www-data:www-data $FRIENDICA_PATH
+        chown -R www-data:www-data "$FRIENDICA_PATH"
     fi
 
     FRIENDICA_ONION_HOSTNAME=
@@ -400,158 +402,158 @@ function install_friendica {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $FRIENDICA_DOMAIN_NAME
+    add_ddns_domain "$FRIENDICA_DOMAIN_NAME"
 
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $FRIENDICA_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    server_name $FRIENDICA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_http_redirect "$FRIENDICA_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root $FRIENDICA_PATH;";
+          echo "    server_name $FRIENDICA_DOMAIN_NAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $FRIENDICA_DOMAIN_NAME
+        nginx_ssl "$FRIENDICA_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_read_timeout 30;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
     else
-        echo 'server {' > /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    server_name $FRIENDICA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        { echo 'server {';
+          echo "    listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;";
+          echo "    root $FRIENDICA_PATH;";
+          echo "    server_name $FRIENDICA_ONION_HOSTNAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;';
+          echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } > "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo '        try_files $uri $uri/ /index.php;';
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_read_timeout 30;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
     fi
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $FRIENDICA_DOMAIN_NAME 'yes'
+    create_site_certificate "$FRIENDICA_DOMAIN_NAME" 'yes'
 
-    if [ ! -d $FRIENDICA_PATH/view/tpl/smarty3 ]; then
-        mkdir $FRIENDICA_PATH/view/tpl/smarty3
+    if [ ! -d "$FRIENDICA_PATH/view/tpl/smarty3" ]; then
+        mkdir "$FRIENDICA_PATH/view/tpl/smarty3"
     fi
     if [ ! -d "$FRIENDICA_PATH/store" ]; then
         mkdir "$FRIENDICA_PATH/store"
@@ -563,9 +565,9 @@ function install_friendica {
         mkdir "$FRIENDICA_PATH/store/[data]/smarty3"
         chmod 1777 "$FRIENDICA_PATH/store/[data]/smarty3"
     fi
-    chmod 1777 $FRIENDICA_PATH/view/tpl
+    chmod 1777 "$FRIENDICA_PATH/view/tpl"
     chown -R www-data:www-data "$FRIENDICA_PATH/store"
-    chmod 1777 $FRIENDICA_PATH/view/tpl/smarty3
+    chmod 1777 "$FRIENDICA_PATH/view/tpl/smarty3"
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -575,55 +577,55 @@ function install_friendica {
     function_check backup_database_local
     backup_database_local friendica
 
-    chown -R www-data:www-data $FRIENDICA_PATH
+    chown -R www-data:www-data "$FRIENDICA_PATH"
 
     function_check nginx_ensite
-    nginx_ensite $FRIENDICA_DOMAIN_NAME
+    nginx_ensite "$FRIENDICA_DOMAIN_NAME"
 
     # initialize the database
-    if [ ! -f $FRIENDICA_PATH/database.sql ]; then
+    if [ ! -f "$FRIENDICA_PATH/database.sql" ]; then
         echo $'No database schema found for friendica'
         exit 252782
     fi
     function_check initialise_database
-    initialise_database friendica $FRIENDICA_PATH/database.sql
+    initialise_database friendica "$FRIENDICA_PATH/database.sql"
 
     # create the config file
-    echo '<?php' > $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_host = 'localhost';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_user = 'root';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_data = 'friendica';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$default_timezone = 'Europe/London';" >> $FRIENDICA_PATH/.htconfig.php
+    { echo '<?php';
+      echo "\$db_host = 'localhost';";
+      echo "\$db_user = 'root';";
+      echo "\$db_pass = '${MARIADB_PASSWORD}';";
+      echo "\$db_data = 'friendica';";
+      echo "\$default_timezone = 'Europe/London';"; } > "$FRIENDICA_PATH/.htconfig.php"
     if [[ $ONION_ONLY == 'no' ]]; then
-        echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> $FRIENDICA_PATH/.htconfig.php
+        echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
     else
-        echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> $FRIENDICA_PATH/.htconfig.php
+        echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
     fi
-    echo "\$a->config['sitename'] = \"Friendica\";" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['register_policy'] = REGISTER_OPEN;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['register_text'] = '';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['no_regfullname'] = true;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['max_import_size'] = 200000;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['maximagesize'] = 800000;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['php_path'] = '/usr/bin/php';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['theme'] = 'vier';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['huburl'] = '[internal]';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['language'] = 'en';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['rino_encrypt'] = 2;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');" >> $FRIENDICA_PATH/.htconfig.php
-    chown www-data:www-data $FRIENDICA_PATH/.htconfig.php
-    chmod 755 $FRIENDICA_PATH/.htconfig.php
+    { echo "\$a->config['sitename'] = \"Friendica\";";
+      echo "\$a->config['register_policy'] = REGISTER_OPEN;";
+      echo "\$a->config['register_text'] = '';";
+      echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';";
+      echo "\$a->config['system']['no_regfullname'] = true;";
+      echo "\$a->config['max_import_size'] = 200000;";
+      echo "\$a->config['system']['maximagesize'] = 800000;";
+      echo "\$a->config['php_path'] = '/usr/bin/php';";
+      echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';";
+      echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';";
+      echo "\$a->config['system']['theme'] = 'vier';";
+      echo "\$a->config['system']['huburl'] = '[internal]';";
+      echo "\$a->config['system']['language'] = 'en';";
+      echo "\$a->config['system']['rino_encrypt'] = 2;";
+      echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');"; } >> "$FRIENDICA_PATH/.htconfig.php"
+    chown www-data:www-data "$FRIENDICA_PATH/.htconfig.php"
+    chmod 755 "$FRIENDICA_PATH/.htconfig.php"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
     systemctl restart cron
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no
 
     set_completion_param "friendica domain" "${FRIENDICA_DOMAIN_NAME}"
     APP_INSTALLED=1
diff --git a/src/freedombone-app-ghost b/src/freedombone-app-ghost
index fa5fb464..e5008d93 100755
--- a/src/freedombone-app-ghost
+++ b/src/freedombone-app-ghost
@@ -48,14 +48,14 @@ ghost_variables=(GHOST_DOMAIN_NAME
 
 function ghost_bust {
     # kill the started ghost process
-    kill_pid=$(ps aux | grep "ghost run" | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "ghost run" | head -n 1)
+    kill -9 "$kill_pid"
 
-    kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "ghost" | head -n 1)
+    kill -9 "$kill_pid"
 
-    kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "ghost" | head -n 1)
+    kill -9 "$kill_pid"
 }
 
 function logging_on_ghost {
@@ -77,9 +77,9 @@ function ghost_replace_jquery {
     sed -i "s|http://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
     sed -i "s|https://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
 
-    cd /var/www/${GHOST_DOMAIN_NAME}/htdocs/current
-    find ./ -type f -exec sed -i -e 's|https://code.jquery.com|$curr_domain|g' {} \;
-    find ./ -type f -exec sed -i -e 's|http://code.jquery.com|$curr_domain|g' {} \;
+    cd "/var/www/${GHOST_DOMAIN_NAME}/htdocs/current" || exit 3468368
+    find ./ -type f -exec sed -i -e "s|https://code.jquery.com|$curr_domain|g" {} \;
+    find ./ -type f -exec sed -i -e "s|http://code.jquery.com|$curr_domain|g" {} \;
 }
 
 function ghost_rss_button {
@@ -98,14 +98,14 @@ function ghost_remove_offsite_links {
     ghost_rss_button
 
     # remove google font links
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current
-    find ./ -type f -exec sed -i -e 's/fonts.googleapis.com/$curr_domain/g' {} \;
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 246872424
+    find ./ -type f -exec sed -i -e "s/fonts.googleapis.com/$curr_domain/g" {} \;
 
     # copy jquery locally
     previous_jquery_version='1.12.0'
     jquery_version='1.12.4'
     if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then
-        cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+        cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468746824
         wget https://code.jquery.com/jquery-${jquery_version}.js
         jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
         if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@@ -119,27 +119,27 @@ function ghost_remove_offsite_links {
 }
 
 function ghost_replace_proprietary_services {
-    replace_file=$1
+    replace_file="$1"
 
-    sed -i 's|Twitter Profile|GNU Social Profile|g' $replace_file
-    sed -i 's|Twitter profile|GNU Social Profile|g' $replace_file
-    sed -i 's|Twitter Username|GNU Social Username|g' $replace_file
-    sed -i 's|twitter.com|quitter.se|g' $replace_file
-    sed -i 's|Facebook Page|Hubzilla Channel|g' $replace_file
-    sed -i 's|Facebook Profile|Hubzilla Channel|g' $replace_file
-    sed -i 's|Facebook profile|Hubzilla Channel|g' $replace_file
-    sed -i 's|www.facebook.com/username|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/test|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' $replace_file
-    sed -i 's|Facebook Username|Hubzilla Channel|g' $replace_file
-    sed -i 's|www.facebook.com|hubzilladomain|g' $replace_file
-    sed -i 's|facebook value|hubzilla value|g' $replace_file
+    sed -i 's|Twitter Profile|GNU Social Profile|g' "$replace_file"
+    sed -i 's|Twitter profile|GNU Social Profile|g' "$replace_file"
+    sed -i 's|Twitter Username|GNU Social Username|g' "$replace_file"
+    sed -i 's|twitter.com|quitter.se|g' "$replace_file"
+    sed -i 's|Facebook Page|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|Facebook Profile|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|Facebook profile|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|www.facebook.com/username|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/test|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|Facebook Username|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|www.facebook.com|hubzilladomain|g' "$replace_file"
+    sed -i 's|facebook value|hubzilla value|g' "$replace_file"
 
-    sed -i '/<section class="share">/,/<\/section>/d' $replace_file
+    sed -i '/<section class="share">/,/<\/section>/d' "$replace_file"
 }
 
 function ghost_replace_services {
@@ -163,7 +163,7 @@ function add_user_ghost {
 }
 
 function install_interactive_ghost {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -178,13 +178,13 @@ function install_interactive_ghost {
 }
 
 function change_password_ghost {
-    GHOST_USERNAME="$1"
+    #GHOST_USERNAME="$1"
     GHOST_PASSWORD="$2"
     if [ ${#GHOST_PASSWORD} -lt 8 ]; then
         echo $'Ghost password is too short'
         return
     fi
-    #${PROJECT_NAME}-pass -u $GHOST_USERNAME -a ghost -p "$GHOST_PASSWORD"
+    #"${PROJECT_NAME}-pass" -u "$GHOST_USERNAME" -a ghost -p "$GHOST_PASSWORD"
 }
 
 function reconfigure_ghost {
@@ -206,7 +206,7 @@ function upgrade_ghost {
     systemctl stop ghost
     ghost_bust
 
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468463
 
     npm i -g ghost-cli
     /usr/local/bin/ghost update &
@@ -220,26 +220,26 @@ function upgrade_ghost {
     chown -R root:root /usr/local/lib
     chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
     systemctl restart ghost
-    sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE}
+    sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
 }
 
 function backup_local_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
-    suspend_site ${GHOST_DOMAIN_NAME}
+    suspend_site "${GHOST_DOMAIN_NAME}"
     systemctl stop ghost
 
     ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
-    if [ -d $ghost_path ]; then
-        backup_directory_to_usb $ghost_path ghostcontent
+    if [ -d "$ghost_path" ]; then
+        backup_directory_to_usb "$ghost_path" ghostcontent
     fi
 
     ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
-    if [ -d $ghost_path ]; then
-        backup_directory_to_usb $ghost_path ghostcurrent
+    if [ -d "$ghost_path" ]; then
+        backup_directory_to_usb "$ghost_path" ghostcurrent
     fi
 
     systemctl start ghost
@@ -248,26 +248,26 @@ function backup_local_ghost {
 
 function restore_local_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
-    if [ $GHOST_DOMAIN_NAME ]; then
-        suspend_site ${GHOST_DOMAIN_NAME}
+    if [ "$GHOST_DOMAIN_NAME" ]; then
+        suspend_site "${GHOST_DOMAIN_NAME}"
         systemctl stop ghost
 
         temp_restore_dir=/root/tempghostcontent
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir ghostcontent
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-                cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+            if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+                cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
             else
-                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-                    mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+                if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+                    mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
                 fi
-                cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+                cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
             fi
-            chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+            chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
             rm -rf $temp_restore_dir
         fi
 
@@ -275,15 +275,15 @@ function restore_local_ghost {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir ghostcurrent
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-                cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+                cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
             else
-                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-                    mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+                if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+                    mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
                 fi
-                cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+                cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
             fi
-            chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
             rm -rf $temp_restore_dir
         fi
 
@@ -294,15 +294,15 @@ function restore_local_ghost {
 
 function backup_remote_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
-    suspend_site ${GHOST_DOMAIN_NAME}
+    suspend_site "${GHOST_DOMAIN_NAME}"
 
     temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
-    if [ -d $temp_backup_dir ]; then
-        backup_directory_to_friend $temp_backup_dir ghostcontent
+    if [ -d "$temp_backup_dir" ]; then
+        backup_directory_to_friend "$temp_backup_dir" ghostcontent
     else
         restart_site
         echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
@@ -310,8 +310,8 @@ function backup_remote_ghost {
     fi
 
     temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
-    if [ -d $temp_backup_dir ]; then
-        backup_directory_to_friend $temp_backup_dir ghostcurrent
+    if [ -d "$temp_backup_dir" ]; then
+        backup_directory_to_friend "$temp_backup_dir" ghostcurrent
     else
         restart_site
         echo $"Ghost domain specified but not found in $temp_backup_dir"
@@ -323,10 +323,10 @@ function backup_remote_ghost {
 
 function restore_remote_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
-    suspend_site ${GHOST_DOMAIN_NAME}
+    suspend_site "${GHOST_DOMAIN_NAME}"
 
     systemctl stop ghost
 
@@ -334,15 +334,15 @@ function restore_remote_ghost {
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir ghostcontent
     if [ -d $temp_restore_dir ]; then
-        if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-            cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+        if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+            cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
         else
-            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-                mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+            if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+                mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
             fi
-            cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+            cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
         fi
-        chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
+        chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
         rm -rf $temp_restore_dir
     fi
 
@@ -350,15 +350,15 @@ function restore_remote_ghost {
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir ghostcurrent
     if [ -d $temp_restore_dir ]; then
-        if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-            cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+        if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+            cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
         else
-            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-                mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+                mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
             fi
-            cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
         fi
-        chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
+        chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
         rm -rf $temp_restore_dir
     fi
 
@@ -382,27 +382,27 @@ function remove_ghost {
     remove_nodejs ghost
 
     read_config_param "GHOST_DOMAIN_NAME"
-    nginx_dissite $GHOST_DOMAIN_NAME
-    remove_certs ${GHOST_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME
+    nginx_dissite "$GHOST_DOMAIN_NAME"
+    remove_certs "${GHOST_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$GHOST_DOMAIN_NAME ]; then
-        rm -rf /var/www/$GHOST_DOMAIN_NAME
+    if [ -d "/var/www/$GHOST_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$GHOST_DOMAIN_NAME"
     fi
     remove_config_param GHOST_DOMAIN_NAME
     remove_config_param GHOST_CODE
     function_check remove_onion_service
     remove_onion_service ghost ${GHOST_ONION_PORT}
     remove_completion_param "install_ghost"
-    sed -i '/Ghost/d' $COMPLETION_FILE
-    sed -i '/ghost/d' $COMPLETION_FILE
+    sed -i '/Ghost/d' "$COMPLETION_FILE"
+    sed -i '/ghost/d' "$COMPLETION_FILE"
 
     groupdel -f ghost
     userdel -r ghost
 
     function_check remove_ddns_domain
-    remove_ddns_domain $GHOST_DOMAIN_NAME
+    remove_ddns_domain "$GHOST_DOMAIN_NAME"
 }
 
 function install_ghost {
@@ -412,7 +412,7 @@ function install_ghost {
         ONION_ONLY='no'
     fi
 
-    if [ ! $GHOST_DOMAIN_NAME ]; then
+    if [ ! "$GHOST_DOMAIN_NAME" ]; then
         echo $'The ghost domain name was not specified'
         exit 5062
     fi
@@ -420,10 +420,10 @@ function install_ghost {
     # for the avatar changing command
     apt-get -yq install unzip wget
 
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs"
     fi
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 26422842
 
     function_check install_nodejs
     install_nodejs ghost
@@ -440,66 +440,66 @@ function install_ghost {
     npm install -g yarn
     yarn install --no-emoji --no-progress
     yarn cache clean
-    adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost
-    rm -rf /var/www/$GHOST_DOMAIN_NAME/htdocs/*
+    adduser --system --home="/var/www/${GHOST_DOMAIN_NAME}/htdocs/" --group ghost
+    rm -rf "/var/www/$GHOST_DOMAIN_NAME/htdocs/*"
     printf 'y' | ghost install ${GHOST_VERSION} --user ghost --db=sqlite3 --port ${GHOST_PORT} --verbose
 
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/versions ]; then
+    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions" ]; then
         echo $'versions directory was not found'
         exit 782523462
     fi
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
+    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
         echo $'content directory was not found'
         exit 68352682
     fi
 
     npm install -g knex-migrator
-    if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js ]; then
+    if [ ! -f "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" ]; then
         echo $'MigratorConfig.js was not found'
         exit 62783538
     fi
-    cp /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js /var/www/$GHOST_DOMAIN_NAME/htdocs
-    chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current
+    cp "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" "/var/www/$GHOST_DOMAIN_NAME/htdocs"
+    chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 783452464
     knex-migrator init
 
     ghost_bust
 
-    echo '{' > /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+    echo '{' > "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
     if [[ "$ONION_ONLY" == 'no' ]]; then
         # NOTE: url must be http, not https
-        echo "  \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+        echo "  \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
     else
-        echo "  \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+        echo "  \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
     fi
-    echo '    "paths": {' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
-    echo "        \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"" >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
-    echo '    }' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
-    echo '}' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+    { echo '    "paths": {';
+      echo "        \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"";
+      echo '    }';
+      echo '}'; } >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
 
-    echo '[Unit]' > /etc/systemd/system/ghost.service
-    echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service
-    echo 'After=syslog.target' >> /etc/systemd/system/ghost.service
-    echo 'After=network.target' >> /etc/systemd/system/ghost.service
-    echo '' >> /etc/systemd/system/ghost.service
-    echo '[Service]' >> /etc/systemd/system/ghost.service
-    echo 'Type=simple' >> /etc/systemd/system/ghost.service
-    echo 'User=ghost' >> /etc/systemd/system/ghost.service
-    echo 'Group=ghost' >> /etc/systemd/system/ghost.service
-    echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs" >> /etc/systemd/system/ghost.service
-    echo "ExecStart=/usr/local/bin/ghost run -D" >> /etc/systemd/system/ghost.service
-    echo "ExecStop=/usr/local/bin/ghost stop" >> /etc/systemd/system/ghost.service
-    echo "ExecRestart=/usr/local/bin/ghost restart" >> /etc/systemd/system/ghost.service
-    echo 'Restart=always' >> /etc/systemd/system/ghost.service
-    echo 'RestartSec=60' >> /etc/systemd/system/ghost.service
-    echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}" >> /etc/systemd/system/ghost.service
-    echo '' >> /etc/systemd/system/ghost.service
-    echo '[Install]' >> /etc/systemd/system/ghost.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ghost.service
+    { echo '[Unit]';
+      echo 'Description=Ghost Blog';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=ghost';
+      echo 'Group=ghost';
+      echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs";
+      echo "ExecStart=/usr/local/bin/ghost run -D";
+      echo "ExecStop=/usr/local/bin/ghost stop";
+      echo "ExecRestart=/usr/local/bin/ghost restart";
+      echo 'Restart=always';
+      echo 'RestartSec=60';
+      echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ghost.service
 
     ghost_remove_offsite_links
 
-    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
+    chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
 
     systemctl enable ghost
     systemctl daemon-reload
@@ -507,94 +507,94 @@ function install_ghost {
 
     if [[ ${ONION_ONLY} == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect ${GHOST_DOMAIN_NAME}
-        echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    root /var/www/${GHOST_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    server_name ${GHOST_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_http_redirect "${GHOST_DOMAIN_NAME}"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root /var/www/${GHOST_DOMAIN_NAME}/htdocs;";
+          echo "    server_name ${GHOST_DOMAIN_NAME};";
+          echo '    access_log /dev/null;';
+          echo "    error_log /dev/null;";
+          echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
         function_check nginx_ssl
-        nginx_ssl ${GHOST_DOMAIN_NAME}
+        nginx_ssl "${GHOST_DOMAIN_NAME}"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
-        echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
+        { echo '    add_header Strict-Transport-Security max-age=0;';
+          echo '';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
         function_check nginx_limits
-        nginx_limits ${GHOST_DOMAIN_NAME} '10G'
-        echo "        proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
+        { echo "        proxy_pass http://localhost:${GHOST_PORT};";
+          echo '    }';
+          echo '';
+          echo '    fastcgi_buffers 64 4K;';
+          echo '';
+          echo '    error_page 403 /core/templates/403.php;';
+          echo '    error_page 404 /core/templates/404.php;';
+          echo '';
+          echo '    location = /robots.txt {';
+          echo '        allow all;';
+          echo '        log_not_found off;';
+          echo '        access_log /dev/null;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     else
-        echo -n '' > /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        echo -n '' > "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    listen 127.0.0.1:${GHOST_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    root /var/www/$GHOST_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    server_name $GHOST_ONION_HOSTNAME;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${GHOST_ONION_PORT} default_server;";
+      echo "    root /var/www/$GHOST_DOMAIN_NAME/htdocs;";
+      echo "    server_name $GHOST_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
+    { echo '    add_header Strict-Transport-Security max-age=0;';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     function_check nginx_limits
-    nginx_limits ${GHOST_DOMAIN_NAME} '10G'
-    echo "        proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
+    { echo "        proxy_pass http://localhost:${GHOST_PORT};";
+      echo '    }';
+      echo '';
+      echo '    fastcgi_buffers 64 4K;';
+      echo '';
+      echo '    error_page 403 /core/templates/403.php;';
+      echo '    error_page 404 /core/templates/404.php;';
+      echo '';
+      echo '    location = /robots.txt {';
+      echo '        allow all;';
+      echo '        log_not_found off;';
+      echo '        access_log /dev/null;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
 
     function_check create_site_certificate
-    create_site_certificate $GHOST_DOMAIN_NAME 'yes'
+    create_site_certificate "$GHOST_DOMAIN_NAME" 'yes'
 
     ghost_replace_services
 
     function_check nginx_ensite
-    nginx_ensite $GHOST_DOMAIN_NAME
+    nginx_ensite "$GHOST_DOMAIN_NAME"
 
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a ghost -p "$GHOST_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a ghost -p "$GHOST_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $GHOST_DOMAIN_NAME
+    add_ddns_domain "$GHOST_DOMAIN_NAME"
 
     chown root:root /usr/local/bin/ghost
     chown -R root:root /usr/local/lib
-    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
+    chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
     set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
-    if ! grep -q "ghost version:" ${COMPLETION_FILE}; then
-        echo "ghost version:${GHOST_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "ghost version:" "${COMPLETION_FILE}"; then
+        echo "ghost version:${GHOST_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
     fi
 
     APP_INSTALLED=1
diff --git a/src/freedombone-app-gnusocial b/src/freedombone-app-gnusocial
index 765313ad..87dbbf4a 100755
--- a/src/freedombone-app-gnusocial
+++ b/src/freedombone-app-gnusocial
@@ -68,19 +68,19 @@ function logging_off_gnusocial {
 function gnusocial_fix_endless_reloads {
     # This fixes a bug introduced with commit 5f7032dfee1fd202c14e76a9f8b37af35d584901
     # and which causes OrFox to endlessly reload the page
-    sed -i 's| && common_local_referer()||g' /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/lib/apiauthaction.php
+    sed -i 's| && common_local_referer()||g' "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/lib/apiauthaction.php"
 }
 
 function remove_user_gnusocial {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp gnusocial
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp gnusocial
 
     function_check get_completion_param
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-    if [ -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
-        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-        php scripts/deleteprofile.php -n $remove_username -y
+    if [ -d "/var/www/$GNUSOCIAL_DOMAIN_NAME" ]; then
+        cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 236482468
+        php scripts/deleteprofile.php -n "$remove_username" -y
     fi
 }
 
@@ -88,13 +88,13 @@ function add_user_gnusocial {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a gnusocial -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a gnusocial -p "$new_user_password"
 
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs ]; then
-        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-        php scripts/registeruser.php -n $new_username -w "$new_user_password" -e "$new_username@$HOSTNAME"
-        ${PROJECT_NAME}-addemail -u $new_username -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
+    if [ -d "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs" ]; then
+        cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 27462842
+        php scripts/registeruser.php -n "$new_username" -w "$new_user_password" -e "$new_username@$HOSTNAME"
+        "${PROJECT_NAME}-addemail" -u "$new_username" -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
         echo '0'
     else
         echo '1'
@@ -102,7 +102,7 @@ function add_user_gnusocial {
 }
 
 function install_interactive_gnusocial {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -112,54 +112,55 @@ function install_interactive_gnusocial {
         GNUSOCIAL_DETAILS_COMPLETE=
         while [ ! $GNUSOCIAL_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"GNU Social Configuration" \
-                       --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'GNUSOCIAL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$GNUSOCIAL_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$GNUSOCIAL_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       $"Title:" 2 1 "$(grep "$GNUSOCIAL_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$GNUSOCIAL_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
                        $"Code:" 4 1 "$(grep 'GNUSOCIAL_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"GNU Social Configuration" \
-                       --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'GNUSOCIAL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$GNUSOCIAL_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$GNUSOCIAL_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
-                       2> $data
+                       $"Title:" 2 1 "$(grep "$GNUSOCIAL_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$GNUSOCIAL_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            GNUSOCIAL_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            title=$(cat $data | sed -n 2p)
+            GNUSOCIAL_DOMAIN_NAME=$(sed -n 1p < "$data")
+            title=$(sed -n 2p < "$data")
             if [ ${#title} -gt 1 ]; then
-                GNUSOCIAL_TITLE=$welcome_msg
+                GNUSOCIAL_TITLE="$title"
             fi
-            img_url=$(cat $data | sed -n 3p)
+            img_url=$(sed -n 3p < "$data")
             if [ ${#img_url} -gt 1 ]; then
                 GNUSOCIAL_BACKGROUND_IMAGE_URL=$img_url
             fi
-            if [ $GNUSOCIAL_DOMAIN_NAME ]; then
-                if [[ $GNUSOCIAL_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            if [ "$GNUSOCIAL_DOMAIN_NAME" ]; then
+                if [[ "$GNUSOCIAL_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     GNUSOCIAL_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$GNUSOCIAL_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $GNUSOCIAL_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$GNUSOCIAL_DOMAIN_NAME" ]]; then
                     GNUSOCIAL_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        GNUSOCIAL_CODE=$(cat $data | sed -n 4p)
+                        GNUSOCIAL_CODE=$(sed -n 4p < "$data")
                         validate_freedns_code "$GNUSOCIAL_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             GNUSOCIAL_DOMAIN_NAME=
                         fi
                     fi
@@ -168,11 +169,12 @@ function install_interactive_gnusocial {
             if [ $GNUSOCIAL_DOMAIN_NAME ]; then
                 GNUSOCIAL_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # remove any invalid characters
         if [ ${#GNUSOCIAL_TITLE} -gt 0 ]; then
-            new_title=$(echo "$GNUSOCIAL_TITLE" | sed "s|'||g")
+            new_title=${GNUSOCIAL_TITLE//\'/}
             GNUSOCIAL_TITLE="$new_title"
         fi
 
@@ -191,26 +193,26 @@ function change_password_gnusocial {
 
     read_config_param 'GNUSOCIAL_DOMAIN_NAME'
 
-    cd /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/scripts
+    cd "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/scripts" || exit 246824642
     php setpassword.php "$curr_username" "$new_user_password"
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a gnusocial -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a gnusocial -p "$new_user_password"
 }
 
 function gnusocial_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        GNUSOCIAL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        GNUSOCIAL_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $GNUSOCIAL_ADMIN_PASSWORD ]; then
-            GNUSOCIAL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$GNUSOCIAL_ADMIN_PASSWORD" ]; then
+            GNUSOCIAL_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $GNUSOCIAL_ADMIN_PASSWORD ]; then
+    if [ ! "$GNUSOCIAL_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database gnusocial "$GNUSOCIAL_ADMIN_PASSWORD" $MY_USERNAME
+    create_database gnusocial "$GNUSOCIAL_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_gnusocial {
@@ -220,71 +222,72 @@ function reconfigure_gnusocial {
 function gnusocial_set_background_image {
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"GNU Social" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a background image URL' 10 60 2>$data
+           --inputbox $'Set a background image URL' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_background=$(<$data)
+            temp_background=$(<"$data")
             if [ ${#temp_background} -gt 0 ]; then
                 GNUSOCIAL_BACKGROUND_IMAGE_URL="$temp_background"
                 write_config_param "GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_BACKGROUND_IMAGE_URL"
-                if [[ $(pleroma_set_background_image_from_url /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE" | tail -n 1) == "0" ]]; then
+                if [[ $(pleroma_set_background_image_from_url "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE" | tail -n 1) == "0" ]]; then
                     dialog --title $"Set GNU Social login background" \
                            --msgbox $"The background image has been set" 6 60
                 fi
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function gnusocial_set_title {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"GNU Social" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a title' 10 60 2>$data
+           --inputbox $'Set a title' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_title=$(<$data)
+            new_title=$(<"$data")
             if [ ${#new_title} -gt 0 ]; then
                 GNUSOCIAL_TITLE="$new_title"
                 GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
                 write_config_param "GNUSOCIAL_TITLE" "$GNUSOCIAL_TITLE"
-                cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/static
+                cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/static" || exit 246824242
                 sed -i "s|\"name\":.*|\"name\": \"${GNUSOCIAL_TITLE}\",|g" config.json
                 dialog --title $"Set GNU Social title" \
                        --msgbox $"The title has been set" 6 60
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function gnusocial_set_expire_months {
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     read_config_param "GNUSOCIAL_EXPIRE_MONTHS"
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"GNU Social" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$GNUSOCIAL_EXPIRE_MONTHS" 2>$data
+           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$GNUSOCIAL_EXPIRE_MONTHS" 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_expiry_months=$(<$data)
+            new_expiry_months=$(<"$data")
             if [ ${#new_expiry_months} -gt 0 ]; then
                 # should contain no spaces
                 if [[ "$new_expiry_months" == *" "* ]]; then
+                    rm -f "$data"
                     return
                 fi
                 # should be a number
                 re='^[0-9]+$'
                 if ! [[ $new_expiry_months =~ $re ]] ; then
+                    rm -f "$data"
                     return
                 fi
                 # set the new value
@@ -296,14 +299,14 @@ function gnusocial_set_expire_months {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_gnusocial {
     read_config_param GNUSOCIAL_EXPIRE_MONTHS
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"GNU Social" \
                --radiolist $"Choose an operation:" 16 70 7 \
@@ -313,13 +316,15 @@ function configure_interactive_gnusocial {
                4 $"Select Qvitter user interface" off \
                5 $"Select Pleroma user interface" off \
                6 $"Select Classic user interface" off \
-               7 $"Exit" on 2> $data
+               7 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) gnusocial_set_background_image;;
             2) gnusocial_set_title;;
             3) gnusocial_set_expire_months;;
@@ -328,6 +333,7 @@ function configure_interactive_gnusocial {
             6) gnusocial_use_classic gnusocial;;
             7) break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -337,67 +343,67 @@ function upgrade_gnusocial {
         return
     fi
 
-    if grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs "gnusocial commit" "$GNUSOCIAL_COMMIT" $GNUSOCIAL_REPO
+    set_repo_commit "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" "gnusocial commit" "$GNUSOCIAL_COMMIT" "$GNUSOCIAL_REPO"
 
     gnusocial_fix_endless_reloads
 
     # Ensure that installation script is removed
-    if [ -f /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/install.php ]; then
-        rm /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/install.php
+    if [ -f "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/install.php" ]; then
+        rm "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/install.php"
     fi
 
-    if [ -f /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index_qvitter.php ]; then
-        if [ -f /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index.php ]; then
-            mv /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index.php /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index_qvitter.php
+    if [ -f "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index_qvitter.php" ]; then
+        if [ -f "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index.php" ]; then
+            mv "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index.php" "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index_qvitter.php"
         fi
     fi
 
     gnusocial_block_user_script
-    gnusocial_block_domain_script gnusocial $GNUSOCIAL_DOMAIN_NAME
+    gnusocial_block_domain_script gnusocial "$GNUSOCIAL_DOMAIN_NAME"
 
-    gnusocial_hourly_script gnusocial $GNUSOCIAL_DOMAIN_NAME
-    if [ -d $INSTALL_DIR/pleroma ]; then
+    gnusocial_hourly_script gnusocial "$GNUSOCIAL_DOMAIN_NAME"
+    if [ -d "$INSTALL_DIR/pleroma" ]; then
         upgrade_pleroma_frontend "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
     fi
     install_gnusocial_default_background "gnusocial" "$GNUSOCIAL_DOMAIN_NAME"
-    chown -R www-data:www-data /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_gnusocial {
     GNUSOCIAL_DOMAIN_NAME='gnusocial'
-    if grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     fi
 
     # don't backup more data than we need to
     /etc/cron.daily/gnusocial-expire
 
-    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    source_directory="/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup"
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static" "$source_directory"
     fi
 
     function_check suspend_site
-    suspend_site ${GNUSOCIAL_DOMAIN_NAME}
+    suspend_site "${GNUSOCIAL_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=gnusocialconfig
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
-    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
+    source_directory="/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file"
     dest_directory=gnusocialfile
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check backup_database_to_usb
     backup_database_to_usb gnusocial
@@ -407,16 +413,16 @@ function backup_local_gnusocial {
 }
 
 function restore_local_gnusocial {
-    if ! grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if ! grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         return
     fi
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-    if [ $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ "$GNUSOCIAL_DOMAIN_NAME" ]; then
         echo $"Restoring gnusocial"
         temp_restore_dir=/root/tempgnusocial
-        gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
+        gnusocial_dir="/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs"
         # stop the daemons
-        cd $gnusocial_dir
+        cd "$gnusocial_dir" || exit 24627248428
         scripts/stopdaemons.sh
 
         function_check gnusocial_create_database
@@ -430,36 +436,36 @@ function restore_local_gnusocial {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir gnusocialconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$gnusocial_dir ]; then
-                cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
-                cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
+            if [ -d "$temp_restore_dir$gnusocial_dir" ]; then
+                cp "$temp_restore_dir$gnusocial_dir/backup/config.php" "$gnusocial_dir/"
+                cp -rp "$temp_restore_dir$gnusocial_dir/static" "$gnusocial_dir/"
             else
-                cp $temp_restore_dir/backup/config.php $gnusocial_dir/
-                if [ ! -d $gnusocial_dir/static ]; then
-                    mkdir $gnusocial_dir/static
+                cp "$temp_restore_dir/backup/config.php" "$gnusocial_dir/"
+                if [ ! -d "$gnusocial_dir/static" ]; then
+                    mkdir "$gnusocial_dir/static"
                 fi
-                cp -rp $temp_restore_dir/static/* $gnusocial_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$gnusocial_dir/static/"
             fi
-            chown www-data:www-data $gnusocial_dir/config.php
-            chown -R www-data:www-data $gnusocial_dir/static
+            chown www-data:www-data "$gnusocial_dir/config.php"
+            chown -R www-data:www-data "$gnusocial_dir/static"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_usb $temp_restore_dir gnusocialfile
-        if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$gnusocial_dir/file ]; then
-                cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
+        if [ -d "$temp_restore_dir" ]; then
+            if [ -d "$temp_restore_dir$gnusocial_dir/file" ]; then
+                cp -rp "$temp_restore_dir$gnusocial_dir/file" "$gnusocial_dir/"
             else
-                if [ ! -d $gnusocial_dir/file ]; then
-                    mkdir $gnusocial_dir/file
+                if [ ! -d "$gnusocial_dir/file" ]; then
+                    mkdir "$gnusocial_dir/file"
                 fi
-                cp -rp $temp_restore_dir/* $gnusocial_dir/file
+                cp -rp "$temp_restore_dir/*" "$gnusocial_dir/file"
             fi
-            chown -R www-data:www-data $gnusocial_dir/file
-            rm -rf $temp_restore_dir
+            chown -R www-data:www-data "$gnusocial_dir/file"
+            rm -rf "$temp_restore_dir"
         fi
 
-        gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
+        gnusocial_update_after_restore gnusocial "${GNUSOCIAL_DOMAIN_NAME}"
 
         echo $"Restore of gnusocial complete"
     fi
@@ -467,7 +473,7 @@ function restore_local_gnusocial {
 
 function backup_remote_gnusocial {
     GNUSOCIAL_DOMAIN_NAME='gnusocial'
-    if grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     fi
 
@@ -475,24 +481,24 @@ function backup_remote_gnusocial {
     /etc/cron.daily/gnusocial-expire
 
     source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static" "$source_directory"
     fi
 
     function_check suspend_site
-    suspend_site ${GNUSOCIAL_DOMAIN_NAME}
+    suspend_site "${GNUSOCIAL_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=gnusocialconfig
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
     dest_directory=gnusocialfile
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check backup_database_to_friend
     backup_database_to_friend gnusocial
@@ -502,16 +508,16 @@ function backup_remote_gnusocial {
 }
 
 function restore_remote_gnusocial {
-    if ! grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if ! grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         return
     fi
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-    if [ $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ "$GNUSOCIAL_DOMAIN_NAME" ]; then
         echo $"Restoring gnusocial"
         temp_restore_dir=/root/tempgnusocial
         gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd $gnusocial_dir
+        cd "$gnusocial_dir" || exit 2468246824
         scripts/stopdaemons.sh
 
         function_check gnusocial_create_database
@@ -526,36 +532,36 @@ function restore_remote_gnusocial {
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir gnusocialconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$gnusocial_dir ]; then
-                cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
-                cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
+            if [ -d "$temp_restore_dir$gnusocial_dir" ]; then
+                cp "$temp_restore_dir$gnusocial_dir/backup/config.php" "$gnusocial_dir/"
+                cp -rp "$temp_restore_dir$gnusocial_dir/static" "$gnusocial_dir/"
             else
-                cp $temp_restore_dir/backup/config.php $gnusocial_dir/
-                if [ ! -d $gnusocial_dir/static ]; then
-                    mkdir $gnusocial_dir/static
+                cp "$temp_restore_dir/backup/config.php" "$gnusocial_dir/"
+                if [ ! -d "$gnusocial_dir/static" ]; then
+                    mkdir "$gnusocial_dir/static"
                 fi
-                cp -rp $temp_restore_dir/static/* $gnusocial_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$gnusocial_dir/static/"
             fi
-            chown www-data:www-data $gnusocial_dir/config.php
-            chown -R www-data:www-data $gnusocial_dir/static
+            chown www-data:www-data "$gnusocial_dir/config.php"
+            chown -R www-data:www-data "$gnusocial_dir/static"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_friend $temp_restore_dir gnusocialfile
         if [ -d $temp_restore_dir ]; then
-            if [ ! -d $temp_restore_dir$gnusocial_dir/file ]; then
-                cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
+            if [ ! -d "$temp_restore_dir$gnusocial_dir/file" ]; then
+                cp -rp "$temp_restore_dir$gnusocial_dir/file" "$gnusocial_dir/"
             else
-                if [ ! -d $gnusocial_dir/file ]; then
-                    mkdir $gnusocial_dir/file
+                if [ ! -d "$gnusocial_dir/file" ]; then
+                    mkdir "$gnusocial_dir/file"
                 fi
-                cp -rp $temp_restore_dir/* $gnusocial_dir/file/
+                cp -rp "$temp_restore_dir/*" "$gnusocial_dir/file/"
             fi
-            chown -R www-data:www-data $gnusocial_dir/file
+            chown -R www-data:www-data "$gnusocial_dir/file"
             rm -rf $temp_restore_dir
         fi
 
-        gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
+        gnusocial_update_after_restore gnusocial "${GNUSOCIAL_DOMAIN_NAME}"
 
         echo $"Restore of gnusocial complete"
     fi
@@ -571,23 +577,23 @@ function remove_gnusocial {
     read_config_param "GNUSOCIAL_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $GNUSOCIAL_DOMAIN_NAME"
-    nginx_dissite $GNUSOCIAL_DOMAIN_NAME
-    remove_certs $GNUSOCIAL_DOMAIN_NAME
+    nginx_dissite "$GNUSOCIAL_DOMAIN_NAME"
+    remove_certs "$GNUSOCIAL_DOMAIN_NAME"
     if [ -f /etc/cron.hourly/gnusocial-daemons ]; then
         rm /etc/cron.hourly/gnusocial-daemons
     fi
-    if [ -f /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
-        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+    if [ -f "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh" ]; then
+        cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 2648244287
         scripts/stopdaemons.sh
     fi
-    kill_pid=$(ps aux | grep /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
+    kill -9 "$kill_pid"
 
-    if [ -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
-        rm -rf /var/www/$GNUSOCIAL_DOMAIN_NAME
+    if [ -d "/var/www/$GNUSOCIAL_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$GNUSOCIAL_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database gnusocial
@@ -598,7 +604,7 @@ function remove_gnusocial {
     fi
     remove_app gnusocial
     remove_completion_param install_gnusocial
-    sed -i '/gnusocial/d' $COMPLETION_FILE
+    sed -i '/gnusocial/d' "$COMPLETION_FILE"
     remove_backup_database_local gnusocial
 
     if grep -q 'gnusocial-firewall' /etc/crontab; then
@@ -606,11 +612,11 @@ function remove_gnusocial {
     fi
 
     function_check remove_ddns_domain
-    remove_ddns_domain $GNUSOCIAL_DOMAIN_NAME
+    remove_ddns_domain "$GNUSOCIAL_DOMAIN_NAME"
 }
 
 function install_gnusocial_main {
-    if [ ! $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ ! "$GNUSOCIAL_DOMAIN_NAME" ]; then
         echo $'No domain name was given for gnusocial'
         exit 7359
     fi
@@ -619,7 +625,7 @@ function install_gnusocial_main {
         return
     fi
 
-    gnusocial_hourly_script gnusocial $GNUSOCIAL_DOMAIN_NAME
+    gnusocial_hourly_script gnusocial "$GNUSOCIAL_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -633,38 +639,38 @@ function install_gnusocial_main {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
-        mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME
+    if [ ! -d "/var/www/$GNUSOCIAL_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$GNUSOCIAL_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/gnusocial ]; then
-            mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-            cp -r -p /repos/gnusocial/. /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-            cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/gnusocial/. "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
+            cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 24682628424
             git pull
         else
             function_check git_clone
-            git_clone $GNUSOCIAL_REPO /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+            git_clone "$GNUSOCIAL_REPO" "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone gnusocial repo'
             exit 87525
         fi
     fi
 
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-    git checkout $GNUSOCIAL_COMMIT -b $GNUSOCIAL_COMMIT
+    cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 26482468482
+    git checkout "$GNUSOCIAL_COMMIT" -b "$GNUSOCIAL_COMMIT"
     set_completion_param "gnusocial commit" "$GNUSOCIAL_COMMIT"
 
     gnusocial_fix_endless_reloads
 
-    chmod g+w /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/avatar
-    chmod a+w /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/file
-    chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-    chmod +x /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/maildaemon.php
+    chmod g+w "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/avatar"
+    chmod a+w "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/file"
+    chown -R www-data:www-data "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
+    chmod +x "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/maildaemon.php"
 
     function_check gnusocial_create_database
     gnusocial_create_database
@@ -680,118 +686,118 @@ function install_gnusocial_main {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $GNUSOCIAL_DOMAIN_NAME
+    add_ddns_domain "$GNUSOCIAL_DOMAIN_NAME"
 
     GNUSOCIAL_ONION_HOSTNAME=$(add_onion_service gnusocial 80 ${GNUSOCIAL_ONION_PORT})
 
     gnusocial_nginx_site=/etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $GNUSOCIAL_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $gnusocial_nginx_site
-        echo '  listen 443 ssl;' >> $gnusocial_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $gnusocial_nginx_site
-        echo "  server_name $GNUSOCIAL_DOMAIN_NAME;" >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
+        nginx_http_redirect "$GNUSOCIAL_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $GNUSOCIAL_DOMAIN_NAME;";
+          echo ''; } >> "$gnusocial_nginx_site"
         function_check nginx_compress
-        nginx_compress $GNUSOCIAL_DOMAIN_NAME
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Security' >> $gnusocial_nginx_site
+        nginx_compress "$GNUSOCIAL_DOMAIN_NAME"
+        echo '' >> "$gnusocial_nginx_site"
+        echo '  # Security' >> "$gnusocial_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $GNUSOCIAL_DOMAIN_NAME
+        nginx_ssl "$GNUSOCIAL_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $GNUSOCIAL_DOMAIN_NAME
+        nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Logs' >> $gnusocial_nginx_site
-        echo '  access_log /dev/null;' >> $gnusocial_nginx_site
-        echo '  error_log /dev/null;' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Root' >> $gnusocial_nginx_site
-        echo "  root /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs;" >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Index' >> $gnusocial_nginx_site
-        echo '  index index.php;' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # PHP' >> $gnusocial_nginx_site
-        echo '  location ~ \.php {' >> $gnusocial_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
-        echo '  }' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Location' >> $gnusocial_nginx_site
-        echo '  location / {' >> $gnusocial_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$gnusocial_nginx_site"
         function_check nginx_limits
-        nginx_limits $GNUSOCIAL_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @gnusocial;' >> $gnusocial_nginx_site
-        echo '  }' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Fancy URLs' >> $gnusocial_nginx_site
-        echo '  location @gnusocial {' >> $gnusocial_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $gnusocial_nginx_site
-        echo '  }' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $gnusocial_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
-        echo '    deny all;' >> $gnusocial_nginx_site
-        echo '  }' >> $gnusocial_nginx_site
-        echo '}' >> $gnusocial_nginx_site
+        nginx_limits "$GNUSOCIAL_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @gnusocial;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @gnusocial {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}'; } >> "$gnusocial_nginx_site"
     else
-        echo -n '' > $gnusocial_nginx_site
+        echo -n '' > "$gnusocial_nginx_site"
     fi
-    echo 'server {' >> $gnusocial_nginx_site
-    echo "    listen 127.0.0.1:$GNUSOCIAL_ONION_PORT default_server;" >> $gnusocial_nginx_site
-    echo "    server_name $GNUSOCIAL_ONION_HOSTNAME;" >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$GNUSOCIAL_ONION_PORT default_server;";
+      echo "    server_name $GNUSOCIAL_ONION_HOSTNAME;";
+      echo ''; } >> "$gnusocial_nginx_site"
     function_check nginx_compress
-    nginx_compress $GNUSOCIAL_DOMAIN_NAME
-    echo '' >> $gnusocial_nginx_site
+    nginx_compress "$GNUSOCIAL_DOMAIN_NAME"
+    echo '' >> "$gnusocial_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $GNUSOCIAL_DOMAIN_NAME
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Logs' >> $gnusocial_nginx_site
-    echo '  access_log /dev/null;' >> $gnusocial_nginx_site
-    echo '  error_log /dev/null;' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Root' >> $gnusocial_nginx_site
-    echo "  root /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs;" >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Index' >> $gnusocial_nginx_site
-    echo '  index index.php;' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # PHP' >> $gnusocial_nginx_site
-    echo '  location ~ \.php {' >> $gnusocial_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
-    echo '  }' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Location' >> $gnusocial_nginx_site
-    echo '  location / {' >> $gnusocial_nginx_site
+    nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$gnusocial_nginx_site"
     function_check nginx_limits
-    nginx_limits $GNUSOCIAL_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @gnusocial;' >> $gnusocial_nginx_site
-    echo '  }' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Fancy URLs' >> $gnusocial_nginx_site
-    echo '  location @gnusocial {' >> $gnusocial_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $gnusocial_nginx_site
-    echo '  }' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $gnusocial_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
-    echo '    deny all;' >> $gnusocial_nginx_site
-    echo '  }' >> $gnusocial_nginx_site
-    echo '}' >> $gnusocial_nginx_site
+    nginx_limits "$GNUSOCIAL_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @gnusocial;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @gnusocial {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$gnusocial_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $GNUSOCIAL_DOMAIN_NAME 'yes'
+    create_site_certificate "$GNUSOCIAL_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -802,7 +808,7 @@ function install_gnusocial_main {
     backup_database_local gnusocial
 
     function_check nginx_ensite
-    nginx_ensite $GNUSOCIAL_DOMAIN_NAME
+    nginx_ensite "$GNUSOCIAL_DOMAIN_NAME"
 
     # NOTE: For the typical case always enable SSL and only
     # disable it if in onion only mode. This is due to complexities
@@ -818,9 +824,9 @@ function install_gnusocial_main {
     fi
 
     # Create the configuration
-    gnusocial_installer=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/scripts/install_cli.php
-    if [ ! -f $gnusocial_installer ]; then
-        rm -rf /var/www/$GNUSOCIAL_DOMAIN_NAME
+    gnusocial_installer="/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/scripts/install_cli.php"
+    if [ ! -f "$gnusocial_installer" ]; then
+        rm -rf "/var/www/$GNUSOCIAL_DOMAIN_NAME"
         echo $'No gnusocial commandline installer found'
         exit 53026
     fi
@@ -841,42 +847,42 @@ function install_gnusocial_main {
     #fi
 
     # check gnusocial has a config file
-    gnusocial_config_file=/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php
-    if [ ! -f $gnusocial_config_file ]; then
+    gnusocial_config_file="/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php"
+    if [ ! -f "$gnusocial_config_file" ]; then
         drop_database gnusocial
-        rm -rf /var/www/$GNUSOCIAL_DOMAIN_NAME
+        rm -rf "/var/www/$GNUSOCIAL_DOMAIN_NAME"
         echo $'Gnusocial config.php not found'
         exit 87586
     fi
 
     # Some useful settings
-    if ! grep -q "Recommended GNU social settings" $gnusocial_config_file; then
-        echo "" >> $gnusocial_config_file
-        echo "// Recommended GNU social settings" >> $gnusocial_config_file
-        echo "\$config['thumbnail']['maxsize'] = 3000;" >> $gnusocial_config_file
-        echo "\$config['profile']['delete'] = true;" >> $gnusocial_config_file
-        echo "\$config['profile']['changenick'] = true;" >> $gnusocial_config_file
-        echo "\$config['public']['localonly'] = false;" >> $gnusocial_config_file
-        echo "addPlugin('StoreRemoteMedia');" >> $gnusocial_config_file
-        echo "\$config['queue']['enabled'] = true;" >> $gnusocial_config_file
-        echo "\$config['queue']['daemon'] = true;" >> $gnusocial_config_file
-        echo "\$config['ostatus']['hub_retries'] = 3;" >> $gnusocial_config_file
+    if ! grep -q "Recommended GNU social settings" "$gnusocial_config_file"; then
+        { echo "";
+          echo "// Recommended GNU social settings";
+          echo "\$config['thumbnail']['maxsize'] = 3000;";
+          echo "\$config['profile']['delete'] = true;";
+          echo "\$config['profile']['changenick'] = true;";
+          echo "\$config['public']['localonly'] = false;";
+          echo "addPlugin('StoreRemoteMedia');";
+          echo "\$config['queue']['enabled'] = true;";
+          echo "\$config['queue']['daemon'] = true;";
+          echo "\$config['ostatus']['hub_retries'] = 3;"; } >> "$gnusocial_config_file"
     fi
 
     # turn off logging
-    echo "\$config['site']['logfile'] = '/dev/null';" >> $gnusocial_config_file
-    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> $gnusocial_config_file
+    echo "\$config['site']['logfile'] = '/dev/null';" >> "$gnusocial_config_file"
+    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> "$gnusocial_config_file"
 
     # This improves performance
-    sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $gnusocial_config_file
+    sed -i "s|//\$config\\['db'\\]\\['schemacheck'\\].*|\$config\\['db'\\]\\['schemacheck'\\] = 'script';|g" "$gnusocial_config_file"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a gnusocial -p "$GNUSOCIAL_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a gnusocial -p "$GNUSOCIAL_ADMIN_PASSWORD"
     gnusocial_block_user_script
     gnusocial_block_domain_script gnusocial "$GNUSOCIAL_DOMAIN_NAME"
 
@@ -886,7 +892,7 @@ function install_gnusocial_main {
 }
 
 function install_gnusocial {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -907,7 +913,7 @@ function install_gnusocial {
         install_nodejs pleroma-gnusocial
         install_pleroma_front_end "gnusocial" "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
         install_gnusocial_default_background "gnusocial" "$GNUSOCIAL_DOMAIN_NAME"
-        sed -i 's|"theme":.*|"theme": "base16-apathy.css",|g' /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static/config.json
+        sed -i 's|"theme":.*|"theme": "base16-apathy.css",|g' "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static/config.json"
     fi
 
     # unleash the daemons!
@@ -919,8 +925,8 @@ function install_gnusocial {
     # And doesn't forget logins
     gnusocial_use_qvitter gnusocial
 
-    if [ $GNUSOCIAL_BACKGROUND_IMAGE_URL ]; then
-        pleroma_set_background_image_from_url /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
+    if [ "$GNUSOCIAL_BACKGROUND_IMAGE_URL" ]; then
+        pleroma_set_background_image_from_url "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
     fi
 
     APP_INSTALLED=1
diff --git a/src/freedombone-app-gogs b/src/freedombone-app-gogs
index 63a130a8..cdd0ac1b 100755
--- a/src/freedombone-app-gogs
+++ b/src/freedombone-app-gogs
@@ -127,14 +127,14 @@ function gogs_parameters {
 }
 
 function gogs_create_database {
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+        GIT_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! ${GIT_ADMIN_PASSWORD} ]; then
-            GIT_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "${GIT_ADMIN_PASSWORD}" ]; then
+            GIT_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $GIT_ADMIN_PASSWORD ]; then
+    if [ ! "$GIT_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -147,7 +147,7 @@ function reconfigure_gogs {
 }
 
 function upgrade_gogs {
-    if ! grep -q 'gogs version:' $COMPLETION_FILE; then
+    if ! grep -q 'gogs version:' "$COMPLETION_FILE"; then
         return
     fi
 
@@ -160,24 +160,24 @@ function upgrade_gogs {
 
     GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
     GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini
-    cp $GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini
+    cp "$GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini"
 
-    if [ -d $INSTALL_DIR/gogs-repositories ]; then
-        rm -rf $INSTALL_DIR/gogs-repositories
+    if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
+        rm -rf "$INSTALL_DIR/gogs-repositories"
     fi
     if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
-        mv /home/${GOGS_USERNAME}/gogs-repositories $INSTALL_DIR
+        mv "/home/${GOGS_USERNAME}/gogs-repositories" "$INSTALL_DIR"
     fi
 
     gogs_parameters
     echo "gogs binary upgrade: ${GOGS_BIN}"
 
-    if [ ! -d ${INSTALL_DIR} ]; then
-        mkdir -p ${INSTALL_DIR}
+    if [ ! -d "${INSTALL_DIR}" ]; then
+        mkdir -p "${INSTALL_DIR}"
     fi
-    cd ${INSTALL_DIR}
-    if [ -d ${INSTALL_DIR}/gogs ]; then
-        rm -rf ${INSTALL_DIR}/gogs
+    cd "${INSTALL_DIR}" || exit 26784427
+    if [ -d "${INSTALL_DIR}/gogs" ]; then
+        rm -rf "${INSTALL_DIR}/gogs"
     fi
     GOGS_FILE=linux_${CURR_ARCH}.tar.gz
     if [ ! -f ${GOGS_FILE} ]; then
@@ -196,13 +196,13 @@ function upgrade_gogs {
             unzip -o ${GOGS_FILE}
         fi
     else
-        tar -xzf ${INSTALL_DIR}/${GOGS_FILE}
+        tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
     fi
-    if [ ! -d ${INSTALL_DIR}/gogs ]; then
+    if [ ! -d "${INSTALL_DIR}/gogs" ]; then
         exit 37823
     fi
-    rm -rf /home/${GOGS_USERNAME}/*
-    cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME}
+    rm -rf "/home/${GOGS_USERNAME:?}/"*
+    cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
     if [ -f ${GOGS_FILE} ]; then
         rm ${GOGS_FILE}
     fi
@@ -211,31 +211,31 @@ function upgrade_gogs {
         mkdir -p ${GOGS_CONFIG_PATH}
     fi
 
-    cp $INSTALL_DIR/gogs_config.ini $GOGS_CONFIG_FILE
+    cp "$INSTALL_DIR/gogs_config.ini" "$GOGS_CONFIG_FILE"
     if [ ! -f $GOGS_CONFIG_FILE ]; then
         echo $'Gogs ini file not upgraded'
         exit 873535
     fi
-    rm $INSTALL_DIR/gogs_config.ini
+    rm "$INSTALL_DIR/gogs_config.ini"
     if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
         rm -rf /home/${GOGS_USERNAME}/gogs-repositories
     fi
-    if [ -d $INSTALL_DIR/gogs-repositories ]; then
-        mv $INSTALL_DIR/gogs-repositories /home/${GOGS_USERNAME}/gogs-repositories
+    if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
+        mv "$INSTALL_DIR/gogs-repositories" "/home/${GOGS_USERNAME}/gogs-repositories"
     fi
-    chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
+    chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
 
-    sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" "${COMPLETION_FILE}"
     systemctl restart mariadb
     systemctl restart gogs
 }
 
 function backup_local_gogs {
-    if ! grep -q "gogs domain" ${COMPLETION_FILE}; then
+    if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
         return
     fi
 
-    if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
+    if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
         return
     fi
 
@@ -245,15 +245,15 @@ function backup_local_gogs {
     backup_database_to_usb gogs
 
     function_check backup_directory_to_usb
-    backup_directory_to_usb /home/${GOGS_USERNAME}/custom gogs
-    backup_directory_to_usb /home/${GOGS_USERNAME}/gogs-repositories gogsrepos
-    backup_directory_to_usb /home/${GOGS_USERNAME}/.ssh gogsssh
+    backup_directory_to_usb "/home/${GOGS_USERNAME}/custom" gogs
+    backup_directory_to_usb "/home/${GOGS_USERNAME}/gogs-repositories" gogsrepos
+    backup_directory_to_usb "/home/${GOGS_USERNAME}/.ssh" gogsssh
 
     echo $"Gogs backup complete"
 }
 
 function restore_local_gogs {
-    if ! grep -q "gogs domain" ${COMPLETION_FILE}; then
+    if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
         return
     fi
 
@@ -261,22 +261,23 @@ function restore_local_gogs {
         function_check gogs_create_database
         gogs_create_database
 
-        GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
-        GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
+        GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
+        GOGS_CONFIG_FILE="${GOGS_CONFIG_PATH}/app.ini"
 
         function_check restore_database
-        restore_database gogs ${GIT_DOMAIN_NAME}
+        restore_database gogs "${GIT_DOMAIN_NAME}"
         temp_restore_dir=/root/tempgogs
-        if [ -d ${USB_MOUNT}/backup/gogs ]; then
+        if [ -d "${USB_MOUNT}/backup/gogs" ]; then
             echo $"Restoring Gogs settings"
             if [ ! -d $GOGS_CONFIG_PATH ]; then
                 mkdir -p $GOGS_CONFIG_PATH
             fi
-            if [ -d /root/tempgogs/home/${GOGS_USERNAME}/custom ]; then
-                cp -r /root/tempgogs/home/${GOGS_USERNAME}/custom/* /home/${GOGS_USERNAME}/custom/
+            if [ -d "/root/tempgogs/home/${GOGS_USERNAME}/custom" ]; then
+                cp -r "/root/tempgogs/home/${GOGS_USERNAME}/custom/*" "/home/${GOGS_USERNAME}/custom/"
             else
-                cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
+                cp -r "/root/tempgogs/*" "/home/${GOGS_USERNAME}/custom/"
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -286,15 +287,16 @@ function restore_local_gogs {
             fi
             echo $"Restoring Gogs repos"
             function_check restore_directory_from_usb
-            restore_directory_from_usb ${temp_restore_dir}repos gogsrepos
-            if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
-                mkdir /home/${GOGS_USERNAME}/gogs-repositories
+            restore_directory_from_usb "${temp_restore_dir}repos" gogsrepos
+            if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
+                mkdir "/home/${GOGS_USERNAME}/gogs-repositories"
             fi
-            if [ -d ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories ]; then
-                cp -r ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/* /home/${GOGS_USERNAME}/gogs-repositories/
+            if [ -d "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories" ]; then
+                cp -r "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
             else
-                cp -r ${temp_restore_dir}repos/* /home/${GOGS_USERNAME}/gogs-repositories/
+                cp -r "${temp_restore_dir}repos/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -313,6 +315,7 @@ function restore_local_gogs {
             else
                 cp -r ${temp_restore_dir}/* /home/${GOGS_USERNAME}/.ssh/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -326,7 +329,7 @@ function restore_local_gogs {
             chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
         MARIADB_PASSWORD=
         systemctl restart gogs
@@ -363,7 +366,7 @@ function backup_remote_gogs {
 }
 
 function restore_remote_gogs {
-    if grep -q "gogs domain" $COMPLETION_FILE; then
+    if grep -q "gogs domain" "$COMPLETION_FILE"; then
         GIT_DOMAIN_NAME=$(get_completion_param "gogs domain")
 
         function_check gogs_create_database
@@ -373,8 +376,8 @@ function restore_remote_gogs {
         GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
 
         function_check restore_database_from_friend
-        restore_database_from_friend gogs ${GIT_DOMAIN_NAME}
-        if [ -d ${SERVER_DIRECTORY}/backup/gogs ]; then
+        restore_database_from_friend gogs "${GIT_DOMAIN_NAME}"
+        if [ -d "${SERVER_DIRECTORY}/backup/gogs" ]; then
             if [ ! -d $GOGS_CONFIG_PATH ]; then
                 mkdir -p $GOGS_CONFIG_PATH
             fi
@@ -383,6 +386,7 @@ function restore_remote_gogs {
             else
                 cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 58852
             fi
@@ -396,6 +400,7 @@ function restore_remote_gogs {
             else
                 cp -r /root/tempgogsrepos/* /home/${GOGS_USERNAME}/gogs-repositories/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 7649
             fi
@@ -409,6 +414,7 @@ function restore_remote_gogs {
             else
                 cp -r /root/tempgogsssh/* /home/${GOGS_USERNAME}/.ssh/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 74239
             fi
@@ -419,7 +425,7 @@ function restore_remote_gogs {
             echo $"Restore of Gogs complete"
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
         MARIADB_PASSWORD=
         systemctl restart gogs
@@ -433,33 +439,33 @@ function remove_gogs {
     systemctl stop gogs
     systemctl disable gogs
 
-    nginx_dissite ${GIT_DOMAIN_NAME}
-    remove_certs ${GIT_DOMAIN_NAME}
-    if [ -d /var/www/${GIT_DOMAIN_NAME} ]; then
-        rm -rf /var/www/${GIT_DOMAIN_NAME}
+    nginx_dissite "${GIT_DOMAIN_NAME}"
+    remove_certs "${GIT_DOMAIN_NAME}"
+    if [ -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
+        rm -rf "/var/www/${GIT_DOMAIN_NAME}"
     fi
-    if [ -f /etc/nginx/sites-available/${GIT_DOMAIN_NAME} ]; then
-        rm /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    if [ -f "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}" ]; then
+        rm "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     fi
     function_check drop_database
     drop_database gogs
     rm /etc/systemd/system/gogs.service
     systemctl daemon-reload
-    rm -rf /home/${GOGS_USERNAME}/*
+    rm -rf "/home/${GOGS_USERNAME:?}/"*
     remove_onion_service gogs ${GIT_ONION_PORT} 9418
     remove_completion_param "install_gogs"
-    sed -i '/gogs /d' $COMPLETION_FILE
+    sed -i '/gogs /d' "$COMPLETION_FILE"
     remove_backup_database_local gogs
 
     groupdel -f gogs
     userdel -r gogs
 
     function_check remove_ddns_domain
-    remove_ddns_domain $GIT_DOMAIN_NAME
+    remove_ddns_domain "$GIT_DOMAIN_NAME"
 }
 
 function install_gogs {
-    if [ ! $GIT_DOMAIN_NAME ]; then
+    if [ ! "$GIT_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -474,14 +480,14 @@ function install_gogs {
 
     gogs_parameters
 
-    if [ ! -d ${INSTALL_DIR} ]; then
-        mkdir -p ${INSTALL_DIR}
+    if [ ! -d "${INSTALL_DIR}" ]; then
+        mkdir -p "${INSTALL_DIR}"
     fi
-    cd ${INSTALL_DIR}
-    if [ -d $INSTALL_DIR/gogs ]; then
-        rm -rf $INSTALL_DIR/gogs
+    cd "${INSTALL_DIR}" || exit 24682467284
+    if [ -d "$INSTALL_DIR/gogs" ]; then
+        rm -rf "$INSTALL_DIR/gogs"
     fi
-    GOGS_FILE=linux_${CURR_ARCH}.tar.gz
+    GOGS_FILE="linux_${CURR_ARCH}.tar.gz"
     if [ ! -f ${GOGS_FILE} ]; then
         wget ${GOGS_BIN}
     fi
@@ -496,13 +502,13 @@ function install_gogs {
             unzip -o ${GOGS_FILE}
         fi
     else
-        tar -xzf ${INSTALL_DIR}/${GOGS_FILE}
+        tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
     fi
-    if [ ! -d ${INSTALL_DIR}/gogs ]; then
+    if [ ! -d "${INSTALL_DIR}/gogs" ]; then
         exit 37823
     fi
-    rm -rf /home/${GOGS_USERNAME}/*
-    cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME}
+    rm -rf "/home/${GOGS_USERNAME:?}/"*
+    cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
     if [ -f ${GOGS_FILE} ]; then
         rm ${GOGS_FILE}
     fi
@@ -512,9 +518,10 @@ function install_gogs {
         exit 345562
     fi
 
-    echo "export GOROOT=/home/go" >> /home/${GOGS_USERNAME}/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> /home/${GOGS_USERNAME}/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> /home/${GOGS_USERNAME}/.bashrc
+    { echo "export GOROOT=/home/go";
+      # shellcheck disable=SC2153
+      echo "export GOPATH=\${GOROOT}/go${GO_VERSION}/bin";
+      echo "export PATH=\$PATH:\$GOPATH"; } >> "/home/${GOGS_USERNAME}/.bashrc"
     chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
 
     function_check install_mariadb
@@ -536,122 +543,122 @@ function install_gogs {
 
     chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
 
-    echo '[Unit]' > /etc/systemd/system/gogs.service
-    echo 'Description=Gogs (Go Git Service)' >> /etc/systemd/system/gogs.service
-    echo 'After=syslog.target' >> /etc/systemd/system/gogs.service
-    echo 'After=network.target' >> /etc/systemd/system/gogs.service
-    echo 'After=mysqld.service' >> /etc/systemd/system/gogs.service
-    echo '' >> /etc/systemd/system/gogs.service
-    echo '[Service]' >> /etc/systemd/system/gogs.service
-    echo '#LimitMEMLOCK=infinity' >> /etc/systemd/system/gogs.service
-    echo '#LimitNOFILE=65535' >> /etc/systemd/system/gogs.service
-    echo 'Type=simple' >> /etc/systemd/system/gogs.service
-    echo 'User=gogs' >> /etc/systemd/system/gogs.service
-    echo 'Group=gogs' >> /etc/systemd/system/gogs.service
-    echo "WorkingDirectory=/home/${GOGS_USERNAME}" >> /etc/systemd/system/gogs.service
-    echo "ExecStart=/home/${GOGS_USERNAME}/gogs web" >> /etc/systemd/system/gogs.service
-    echo 'Restart=always' >> /etc/systemd/system/gogs.service
-    echo 'RestartSec=10' >> /etc/systemd/system/gogs.service
-    echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"" >> /etc/systemd/system/gogs.service
-    echo '' >> /etc/systemd/system/gogs.service
-    echo '[Install]' >> /etc/systemd/system/gogs.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gogs.service
+    { echo '[Unit]';
+      echo 'Description=Gogs (Go Git Service)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=mysqld.service';
+      echo '';
+      echo '[Service]';
+      echo '#LimitMEMLOCK=infinity';
+      echo '#LimitNOFILE=65535';
+      echo 'Type=simple';
+      echo 'User=gogs';
+      echo 'Group=gogs';
+      echo "WorkingDirectory=/home/${GOGS_USERNAME}";
+      echo "ExecStart=/home/${GOGS_USERNAME}/gogs web";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/gogs.service
 
     systemctl enable gogs
     systemctl daemon-reload
     systemctl start gogs
 
-    if [ ! -d /var/www/${GIT_DOMAIN_NAME} ]; then
-        mkdir /var/www/${GIT_DOMAIN_NAME}
+    if [ ! -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
+        mkdir "/var/www/${GIT_DOMAIN_NAME}"
     fi
-    if [ -d /var/www/${GIT_DOMAIN_NAME}/htdocs ]; then
-        rm -rf /var/www/${GIT_DOMAIN_NAME}/htdocs
+    if [ -d "/var/www/${GIT_DOMAIN_NAME}/htdocs" ]; then
+        rm -rf "/var/www/${GIT_DOMAIN_NAME}/htdocs"
     fi
 
-    if [[ ${ONION_ONLY} == "no" ]]; then
+    if [[ "${ONION_ONLY}" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect ${GIT_DOMAIN_NAME}
-        echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    root /var/www/${GIT_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    server_name ${GIT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_http_redirect "${GIT_DOMAIN_NAME}"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root /var/www/${GIT_DOMAIN_NAME}/htdocs;";
+          echo "    server_name ${GIT_DOMAIN_NAME};";
+          echo '    access_log /dev/null;';
+          echo "    error_log /dev/null;";
+          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
         function_check nginx_ssl
-        nginx_ssl ${GIT_DOMAIN_NAME}
+        nginx_ssl "${GIT_DOMAIN_NAME}"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${GIT_DOMAIN_NAME}
-        echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
+        { echo '    add_header Strict-Transport-Security max-age=0;';
+          echo '';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
         function_check nginx_limits
-        nginx_limits ${GIT_DOMAIN_NAME} '10G'
-        echo '        proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_limits "${GIT_DOMAIN_NAME}" '10G'
+        { echo '        proxy_pass http://localhost:3000;';
+          echo '    }';
+          echo '';
+          echo '    fastcgi_buffers 64 4K;';
+          echo '';
+          echo '    error_page 403 /core/templates/403.php;';
+          echo '    error_page 404 /core/templates/404.php;';
+          echo '';
+          echo '    location = /robots.txt {';
+          echo '        allow all;';
+          echo '        log_not_found off;';
+          echo '        access_log /dev/null;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     else
-        echo -n '' > /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        echo -n '' > "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    listen 127.0.0.1:${GIT_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${GIT_ONION_PORT} default_server;";
+      echo "    root /var/www/$GIT_DOMAIN_NAME/htdocs;";
+      echo "    server_name $GIT_DOMAIN_NAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing ${GIT_DOMAIN_NAME}
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
+    { echo '    add_header Strict-Transport-Security max-age=0;';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     function_check nginx_limits
-    nginx_limits ${GIT_DOMAIN_NAME} '10G'
-    echo '        proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    nginx_limits "${GIT_DOMAIN_NAME}" '10G'
+    { echo '        proxy_pass http://localhost:3000;';
+      echo '    }';
+      echo '';
+      echo '    fastcgi_buffers 64 4K;';
+      echo '';
+      echo '    error_page 403 /core/templates/403.php;';
+      echo '    error_page 404 /core/templates/404.php;';
+      echo '';
+      echo '    location = /robots.txt {';
+      echo '        allow all;';
+      echo '        log_not_found off;';
+      echo '        access_log /dev/null;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate ${GIT_DOMAIN_NAME} 'yes'
+    create_site_certificate "${GIT_DOMAIN_NAME}" 'yes'
 
-    nginx_ensite ${GIT_DOMAIN_NAME}
+    nginx_ensite "${GIT_DOMAIN_NAME}"
 
     if [ ! -d /var/lib/tor ]; then
         echo $'No Tor installation found. Gogs onion site cannot be configured.'
         exit 877367
     fi
     if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
-        echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/' >> /etc/tor/torrc
-        echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
-        echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}" >> /etc/tor/torrc
-        echo "HiddenServicePort 9418 127.0.0.1:9418" >> /etc/tor/torrc
+        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
+          echo 'HiddenServiceVersion 3';
+          echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
+          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> /etc/tor/torrc
         echo $'Added onion site for Gogs'
     fi
 
@@ -670,34 +677,34 @@ function install_gogs {
     set_completion_param "gogs onion domain" "$GIT_ONION_HOSTNAME"
 
     function_check add_ddns_domain
-    add_ddns_domain ${GIT_DOMAIN_NAME}
+    add_ddns_domain "${GIT_DOMAIN_NAME}"
 
     # obtain the secret key
-    GOGS_SECRET_KEY="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a gogs -p "*"
+    GOGS_SECRET_KEY="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a gogs -p "*"
 
     # create the configuration
-    GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
+    GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
     if [ ! -d ${GOGS_CONFIG_PATH} ]; then
         mkdir -p ${GOGS_CONFIG_PATH}
     fi
     GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
-    echo "RUN_USER = $GOGS_USERNAME" > ${GOGS_CONFIG_FILE}
-    echo 'RUN_MODE = prod' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[database]' >> ${GOGS_CONFIG_FILE}
-    echo 'DB_TYPE = mysql' >> ${GOGS_CONFIG_FILE}
-    echo 'HOST = 127.0.0.1:3306' >> ${GOGS_CONFIG_FILE}
-    echo 'NAME = gogs' >> ${GOGS_CONFIG_FILE}
-    echo 'USER = root' >> ${GOGS_CONFIG_FILE}
-    echo "PASSWD = $MARIADB_PASSWORD" >> ${GOGS_CONFIG_FILE}
-    echo 'SSL_MODE = disable' >> ${GOGS_CONFIG_FILE}
-    echo 'PATH = data/gogs.db' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[repository]' >> ${GOGS_CONFIG_FILE}
-    echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories" >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[server]' >> ${GOGS_CONFIG_FILE}
+    { echo "RUN_USER = $GOGS_USERNAME";
+      echo 'RUN_MODE = prod';
+      echo '';
+      echo '[database]';
+      echo 'DB_TYPE = mysql';
+      echo 'HOST = 127.0.0.1:3306';
+      echo 'NAME = gogs';
+      echo 'USER = root';
+      echo "PASSWD = $MARIADB_PASSWORD";
+      echo 'SSL_MODE = disable';
+      echo 'PATH = data/gogs.db';
+      echo '';
+      echo '[repository]';
+      echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories";
+      echo '';
+      echo '[server]'; } >> ${GOGS_CONFIG_FILE}
     if [[ ${ONION_ONLY} == 'no' ]]; then
         echo "DOMAIN = ${GIT_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
         echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
@@ -705,51 +712,51 @@ function install_gogs {
         echo "DOMAIN = ${GIT_ONION_HOSTNAME}" >> ${GOGS_CONFIG_FILE}
         echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
     fi
-    echo 'HTTP_PORT = 3000' >> ${GOGS_CONFIG_FILE}
-    echo "SSH_PORT = $SSH_PORT" >> ${GOGS_CONFIG_FILE}
-    echo 'SSH_DOMAIN = %(DOMAIN)s' >> ${GOGS_CONFIG_FILE}
-    echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem" >> ${GOGS_CONFIG_FILE}
-    echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key" >> ${GOGS_CONFIG_FILE}
-    echo 'DISABLE_ROUTER_LOG = true' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[session]' >> ${GOGS_CONFIG_FILE}
-    echo 'PROVIDER = file' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[log]' >> ${GOGS_CONFIG_FILE}
-    echo 'MODE = file' >> ${GOGS_CONFIG_FILE}
-    echo 'LEVEL = Info' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[security]' >> ${GOGS_CONFIG_FILE}
-    echo 'INSTALL_LOCK = true' >> ${GOGS_CONFIG_FILE}
-    echo "SECRET_KEY = $GOGS_SECRET_KEY" >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[service]' >> ${GOGS_CONFIG_FILE}
-    echo 'DISABLE_REGISTRATION = false' >> ${GOGS_CONFIG_FILE}
-    echo 'SHOW_REGISTRATION_BUTTON = true' >> ${GOGS_CONFIG_FILE}
-    echo 'REQUIRE_SIGNIN_VIEW = false' >> ${GOGS_CONFIG_FILE}
-    echo 'ENABLE_CAPTCHA = false' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[other]' >> ${GOGS_CONFIG_FILE}
-    echo 'SHOW_FOOTER_BRANDING = false' >> ${GOGS_CONFIG_FILE}
-    echo 'SHOW_FOOTER_VERSION = false' >> ${GOGS_CONFIG_FILE}
+    { echo 'HTTP_PORT = 3000';
+      echo "SSH_PORT = $SSH_PORT";
+      echo 'SSH_DOMAIN = %(DOMAIN)s';
+      echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem";
+      echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key";
+      echo 'DISABLE_ROUTER_LOG = true';
+      echo '';
+      echo '[session]';
+      echo 'PROVIDER = file';
+      echo '';
+      echo '[log]';
+      echo 'MODE = file';
+      echo 'LEVEL = Info';
+      echo '';
+      echo '[security]';
+      echo 'INSTALL_LOCK = true';
+      echo "SECRET_KEY = $GOGS_SECRET_KEY";
+      echo '';
+      echo '[service]';
+      echo 'DISABLE_REGISTRATION = false';
+      echo 'SHOW_REGISTRATION_BUTTON = true';
+      echo 'REQUIRE_SIGNIN_VIEW = false';
+      echo 'ENABLE_CAPTCHA = false';
+      echo '';
+      echo '[other]';
+      echo 'SHOW_FOOTER_BRANDING = false';
+      echo 'SHOW_FOOTER_VERSION = false'; } >> ${GOGS_CONFIG_FILE}
 
     chmod 750 ${GOGS_CONFIG_FILE}
-    chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
+    chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
 
     systemctl restart gogs
 
-    if ! grep -q "gogs domain:" ${COMPLETION_FILE}; then
-        echo "gogs domain:${GIT_DOMAIN_NAME}" >> ${COMPLETION_FILE}
+    if ! grep -q "gogs domain:" "${COMPLETION_FILE}"; then
+        echo "gogs domain:${GIT_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" ${COMPLETION_FILE}
+        sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
     fi
 
     function_check configure_firewall_for_git
     configure_firewall_for_git
-    if ! grep -q "gogs version:" ${COMPLETION_FILE}; then
-        echo "gogs version:${GOGS_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "gogs version:" "${COMPLETION_FILE}"; then
+        echo "gogs version:${GOGS_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" "${COMPLETION_FILE}"
     fi
     APP_INSTALLED=1
 }
diff --git a/src/freedombone-app-htmly b/src/freedombone-app-htmly
index 5f281e05..5b130d73 100755
--- a/src/freedombone-app-htmly
+++ b/src/freedombone-app-htmly
@@ -69,18 +69,18 @@ function set_avatar_from_url {
     fi
 
     # download the image
-    cd $BASE_DIR/customimages
+    cd "$BASE_DIR/customimages" || exit 2468246
     # convert to png
-    wget $AVATAR -O avatar
-    if [[ $AVATAR == *".gif" ]]; then
+    wget "$AVATAR" -O avatar
+    if [[ "$AVATAR" == *".gif" ]]; then
         mv avatar avatar.gif
         mogrify -format png avatar.gif
     fi
-    if [[ $AVATAR == *".jpg" ]]; then
+    if [[ "$AVATAR" == *".jpg" ]]; then
         mv avatar avatar.jpg
         mogrify -format png avatar.jpg
     fi
-    if [[ $AVATAR == *".jpeg" ]]; then
+    if [[ "$AVATAR" == *".jpeg" ]]; then
         mv avatar avatar.jpeg
         mogrify -format png avatar.jpeg
     fi
@@ -101,10 +101,10 @@ function set_avatar_from_url {
 function remove_user_htmly {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp htmly
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp htmly
 
-    if [ -f /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini ]; then
-        rm /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini
+    if [ -f "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini" ]; then
+        rm "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini"
     fi
 }
 
@@ -117,39 +117,38 @@ function add_user_htmly {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a htmly -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a htmly -p "$new_user_password"
 
     if [ ! -d /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users ]; then
         echo '2'
         return
     fi
-    NEW_USER_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$new_user_password")
+    NEW_USER_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$new_user_password")
     if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then
         echo '3'
         return
     fi
-    echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
+    { echo ';Password';
+      echo "password = $NEW_USER_PASSWORD_HASH";
+      echo 'encryption = password_hash';
+      echo ';Role';
+      echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini"
     echo '0'
 }
 
 function configure_interactive_htmly {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change htmly avatar" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data
+           --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>"$data"
     sel=$?
     case $sel in
         0)
-            IMAGE_URL=$(<$data)
+            IMAGE_URL=$(<"$data")
             if [ ${#IMAGE_URL} -gt 5 ]; then
                 clear
                 AVATAR_SET=
-                set_avatar_from_url $IMAGE_URL
+                set_avatar_from_url "$IMAGE_URL"
                 if [ $AVATAR_SET ]; then
                     dialog --title $"Change htmly avatar" \
                            --msgbox $"Your htmly avatar has been changed" 6 40
@@ -157,10 +156,11 @@ function configure_interactive_htmly {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function install_interactive_htmly {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -186,13 +186,13 @@ function change_password_htmly {
         echo $'Htmly password is too short'
         return
     fi
-    ${PROJECT_NAME}-pass -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD"
-    HTMLY_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_PASSWORD")
+    "${PROJECT_NAME}-pass" -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD"
+    HTMLY_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_PASSWORD")
     if [ ${#HTMLY_PASSWORD_HASH} -lt 8 ]; then
         echo $'Htmly admin password could not be hashed'
         exit 625728
     fi
-    sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini
+    sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini"
 }
 
 function reconfigure_htmly {
@@ -208,23 +208,23 @@ function upgrade_htmly {
     read_config_param "HTMLY_DOMAIN_NAME"
 
     function_check set_repo_commit
-    set_repo_commit /var/www/$HTMLY_DOMAIN_NAME/htdocs "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
+    set_repo_commit "/var/www/$HTMLY_DOMAIN_NAME/htdocs" "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
 }
 
 function backup_local_htmly {
     HTMLY_DOMAIN_NAME='htmly.local'
-    if grep -q "htmly domain" $COMPLETION_FILE; then
+    if grep -q "htmly domain" "$COMPLETION_FILE"; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
     fi
 
-    source_directory=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
         dest_directory=htmly
         function_check suspend_site
-        suspend_site ${HTMLY_DOMAIN_NAME}
+        suspend_site "${HTMLY_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check restart_site
         restart_site
@@ -233,73 +233,74 @@ function backup_local_htmly {
 
 function restore_local_htmly {
     HTMLY_DOMAIN_NAME='htmly.local'
-    if grep -q "htmly domain" $COMPLETION_FILE; then
+    if grep -q "htmly domain" "$COMPLETION_FILE"; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
     fi
-    if [ $HTMLY_DOMAIN_NAME ]; then
+    if [ "$HTMLY_DOMAIN_NAME" ]; then
         temp_restore_dir=/root/temphtmly
-        if [ -d $USB_MOUNT/backup/htmly ]; then
+        if [ -d "$USB_MOUNT/backup/htmly" ]; then
             restore_directory_from_usb $temp_restore_dir htmly
         else
             restore_directory_from_usb $temp_restore_dir blog
         fi
-        if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous
+        if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
             fi
-            mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous
+            mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
         fi
-        if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
+        if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
             temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
-            cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/
+            cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
         else
-            if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-                mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+                mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
-            cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/
+            cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
             set_user_permissions
             backup_unmount_drive
             exit 54675
         fi
         rm -rf ${temp_restore_dir}
-        if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
+        if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
             echo $"No content directory found after restoring htmly"
             set_user_permissions
             backup_unmount_drive
             exit 34578
         fi
-        chown -R www-data:www-data /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+        chown -R www-data:www-data "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
         # Ensure that the bundled SSL cert is being used
-        if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
-            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
+        if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
+            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
         fi
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
-                    mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
+                if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
+                    mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
                 fi
             fi
         done
-        if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
+        if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
         fi
     fi
 }
 
 function backup_remote_htmly {
-    if grep -q "htmly domain" $COMPLETION_FILE; then
+    if grep -q "htmly domain" "$COMPLETION_FILE"; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
         temp_backup_dir=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             echo $"Backing up htmly"
-            backup_directory_to_friend $temp_backup_dir htmly
+            backup_directory_to_friend "$temp_backup_dir" htmly
             echo $"Backup of htmly complete"
         else
             echo $"Htmly domain specified but not found in $temp_backup_dir"
@@ -309,56 +310,57 @@ function backup_remote_htmly {
 }
 
 function restore_remote_htmly {
-    if [ -d $SERVER_DIRECTORY/backup/htmly ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/htmly" ]; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
         echo $"Restoring htmly installation $HTMLY_DOMAIN_NAME"
         temp_restore_dir=/root/temphtmly
         mkdir $temp_restore_dir
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir htmly
-        if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous
+        if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
             fi
-            mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous
+            mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
         fi
 
-        if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
+        if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
             temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
-            cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/
+            cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
         else
-            if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-                mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+                mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
-            cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/
+            cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
             exit 593
         fi
         rm -rf ${temp_restore_dir}
-        if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
+        if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
             echo $"No content directory found after restoring htmly"
             exit 287
         fi
         # Ensure that the bundled SSL cert is being used
-        if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
-            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
+        if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
+            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
         fi
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
-                    mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
+                if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
+                    mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
                 fi
             fi
         done
-        if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
+        if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
         fi
         echo $"Restore of htmly complete"
     fi
@@ -370,258 +372,264 @@ function remove_htmly {
     fi
 
     read_config_param "HTMLY_DOMAIN_NAME"
-    nginx_dissite $HTMLY_DOMAIN_NAME
-    remove_certs ${HTMLY_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_dissite "$HTMLY_DOMAIN_NAME"
+    remove_certs "${HTMLY_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$HTMLY_DOMAIN_NAME ]; then
-        rm -rf /var/www/$HTMLY_DOMAIN_NAME
+    if [ -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$HTMLY_DOMAIN_NAME"
     fi
     remove_config_param HTMLY_DOMAIN_NAME
     remove_config_param HTMLY_CODE
     function_check remove_onion_service
     remove_onion_service htmly ${HTMLY_ONION_PORT}
     remove_completion_param "install_htmly"
-    sed -i '/Htmly/d' $COMPLETION_FILE
-    sed -i '/htmly/d' $COMPLETION_FILE
+    sed -i '/Htmly/d' "$COMPLETION_FILE"
+    sed -i '/htmly/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $HTMLY_DOMAIN_NAME
+    remove_ddns_domain "$HTMLY_DOMAIN_NAME"
 }
 
 function install_htmly_social_networks {
     # set social networks
-    if grep -q "social.hubzilla" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
-        sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-        sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    if grep -q "social.hubzilla" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
+        sed -i "s|;social.hubzilla|social.hubzilla|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+        sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
     fi
-    if grep -q "social.gnusocial" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
-        sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-        sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    if grep -q "social.gnusocial" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
+        sed -i "s|;social.gnusocial|social.gnusocial|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+        sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
     fi
 
     # clear proprietary social network strings
-    sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|social.google.*|social.google = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    sed -i 's|social.facebook.*|social.facebook = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i 's|social.twitter.*|social.twitter = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i 's|social.google.*|social.google = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
 }
 
 function install_htmly_user {
     # create a user password
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        HTMLY_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        HTMLY_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        HTMLY_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        HTMLY_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
 
     # create a user
-    HTMLY_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_ADMIN_PASSWORD")
+    HTMLY_ADMIN_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_ADMIN_PASSWORD")
     if [ ${#HTMLY_ADMIN_PASSWORD_HASH} -lt 8 ]; then
         echo $'Htmly admin password could not be hashed'
         exit 625728
     fi
-    echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo "password = $HTMLY_ADMIN_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+    { echo ';Password';
+      echo "password = $HTMLY_ADMIN_PASSWORD_HASH";
+      echo 'encryption = password_hash';
+      echo ';Role';
+      echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini"
 }
 
 function install_htmly_settings {
-    cp /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|site.url.*|site.url = '/'|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|Your name|$MY_NAME|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    cp "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|site.url.*|site.url = '/'|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i 's|timezone.*|timezone = "Europe/London"|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|Your name|$MY_NAME|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
 }
 
 function install_htmly_website {
     function_check nginx_http_redirect
-    nginx_http_redirect $HTMLY_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_http_redirect "$HTMLY_DOMAIN_NAME"
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;";
+      echo "    server_name $HTMLY_DOMAIN_NAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.php;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_ssl
-    nginx_ssl $HTMLY_DOMAIN_NAME
+    nginx_ssl "$HTMLY_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $HTMLY_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $HTMLY_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_limits "$HTMLY_DOMAIN_NAME"
+    { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+      echo '    }';
+      echo '';
+      echo '    # statically serve these file types when possible';
+      echo '    # otherwise fall back to front controller';
+      echo '    # allow browser to cache them';
+      echo '    # added .htm for advanced source code editor library';
+      echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+      echo '        expires 30d;';
+      echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+      echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {';
+      echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.php;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.php;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
 }
 
 function install_htmly_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;";
+      echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;"; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
+
+    if [[ "$ONION_ONLY" != 'yes' ]]; then
+        echo "    server_name $HTMLY_DOMAIN_NAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
+    else
+        echo "    server_name $HTMLY_ONION_HOSTNAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
+    fi
+
+    { echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.php;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $HTMLY_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $HTMLY_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_limits "$HTMLY_DOMAIN_NAME"
+    { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+      echo '    }';
+      echo '';
+      echo '    # statically serve these file types when possible';
+      echo '    # otherwise fall back to front controller';
+      echo '    # allow browser to cache them';
+      echo '    # added .htm for advanced source code editor library';
+      echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+      echo '        expires 30d;';
+      echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+      echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $HTMLY_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_limits "$HTMLY_DOMAIN_NAME"
+    { echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.php;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.php;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
 }
 
 function install_htmly_from_repo {
-    if [ ! -d /var/www/$HTMLY_DOMAIN_NAME ]; then
-        mkdir /var/www/$HTMLY_DOMAIN_NAME
+    if [ ! -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$HTMLY_DOMAIN_NAME"
     fi
 
-    cd /var/www/$HTMLY_DOMAIN_NAME
+    cd "/var/www/$HTMLY_DOMAIN_NAME" || exit 34684682
 
     if [ -d /repos/htmly ]; then
         mkdir htdocs
         cp -r -p /repos/htmly/. htdocs
-        cd htdocs
+        cd htdocs || exit 3468735
         git pull
     else
         git_clone $HTMLY_REPO htdocs
     fi
 
-    cd htdocs
+    cd htdocs || exit 3479835
     git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT
     set_completion_param "htmly commit" "$HTMLY_COMMIT"
 }
 
 function install_htmly {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [ ! $HTMLY_DOMAIN_NAME ]; then
+    if [ ! "$HTMLY_DOMAIN_NAME" ]; then
         echo $'The htmly domain name was not specified'
         exit 5062
     fi
@@ -636,13 +644,14 @@ function install_htmly {
         function_check install_htmly_website
         install_htmly_website
     else
-        echo -n '' > /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     fi
+    HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
     function_check install_htmly_website_onion
     install_htmly_website_onion
 
     function_check create_site_certificate
-    create_site_certificate $HTMLY_DOMAIN_NAME 'yes'
+    create_site_certificate "$HTMLY_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
@@ -656,20 +665,18 @@ function install_htmly {
     function_check install_htmly_user
     install_htmly_user
 
-    chown -R www-data:www-data /var/www/$HTMLY_DOMAIN_NAME/htdocs
-
-    HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
+    chown -R www-data:www-data "/var/www/$HTMLY_DOMAIN_NAME/htdocs"
 
     function_check nginx_ensite
-    nginx_ensite $HTMLY_DOMAIN_NAME
+    nginx_ensite "$HTMLY_DOMAIN_NAME"
 
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a htmly -p "$HTMLY_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a htmly -p "$HTMLY_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $HTMLY_DOMAIN_NAME
+    add_ddns_domain "$HTMLY_DOMAIN_NAME"
 
     set_completion_param "htmly domain" "$HTMLY_DOMAIN_NAME"
     APP_INSTALLED=1
diff --git a/src/freedombone-app-hubzilla b/src/freedombone-app-hubzilla
index d873eee6..af245261 100755
--- a/src/freedombone-app-hubzilla
+++ b/src/freedombone-app-hubzilla
@@ -60,7 +60,7 @@ function logging_off_hubzilla {
 
 function remove_user_hubzilla {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp hubzilla
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp hubzilla
 }
 
 function add_user_hubzilla {
@@ -71,27 +71,26 @@ function add_user_hubzilla {
 
     new_username="$1"
     new_user_password="$2"
-    ${PROJECT_NAME}-pass -u $new_username -a hubzilla -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a hubzilla -p "$new_user_password"
     echo '0'
 }
 
 function hubzilla_renew_cert {
     dialog --title $"Renew SSL certificate" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
+           --yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
     HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
-    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Renew SSL certificate" \
                --msgbox $"Hubzilla install directory not found" 6 40
         return
     fi
-    ${PROJECT_NAME}-renew-cert -h $HUBZILLA_DOMAIN_NAME -p 'letsencrypt'
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-renew-cert" -h "$HUBZILLA_DOMAIN_NAME" -p 'letsencrypt'; then
         any_key
     else
         dialog --title $"Renew SSL certificate" \
@@ -100,68 +99,71 @@ function hubzilla_renew_cert {
 }
 
 function hubzilla_channel_directory_server {
-    if ! grep -q "hubzilla domain" $COMPLETION_FILE; then
+    if ! grep -q "hubzilla domain" "$COMPLETION_FILE"; then
         dialog --title $"Hubzilla channel directory server" \
                --msgbox $"Hubzilla is not installed on this system" 6 40
         return
     fi
     HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
-    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Hubzilla channel directory server" \
                --msgbox $"Hubzilla install directory not found" 6 40
         return
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Hubzilla channel directory server" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>$data
+           --inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            hubzilla_domain_server=$(<$data)
+            hubzilla_domain_server=$(<"$data")
             if [[ $hubzilla_domain_server != *"."* ]]; then
+                rm -f "$data"
                 return
             fi
             if [[ $hubzilla_domain_server != "https"* ]]; then
                 dialog --title $"Hubzilla channel directory server" \
-                       --msgbox $"\nInvalid domain - include the https://" 7 60
+                       --msgbox $"\\nInvalid domain - include the https://" 7 60
+                rm -f "$data"
                 return
             fi
-            ./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config system directory_server $hubzilla_domain_server
+            "./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config" system directory_server "$hubzilla_domain_server"
             dialog --title $"Hubzilla channel directory server" \
-                   --msgbox $"\nDomain channel directory server changed to\n\n  $hubzilla_domain_server" 10 60
+                   --msgbox $"\\nDomain channel directory server changed to\\n\\n  $hubzilla_domain_server" 10 60
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_hubzilla {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Hubzilla" \
                --radiolist $"Choose an operation:" 13 70 4 \
                1 $"Set channel directory server" off \
                2 $"Renew SSL certificate" off \
-               3 $"Back to main menu" on 2> $data
+               3 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
             1) break;;
             255) break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) hubzilla_channel_directory_server;;
             2) hubzilla_renew_cert;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function install_interactive_hubzilla {
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         return
     fi
 
@@ -172,7 +174,7 @@ function install_interactive_hubzilla {
 }
 
 function change_password_hubzilla {
-    HUBZILLA_USERNAME="$1"
+#    HUBZILLA_USERNAME="$1"
     HUBZILLA_PASSWORD="$2"
     if [ ${#HUBZILLA_PASSWORD} -lt 8 ]; then
         echo $'Hubzilla password is too short'
@@ -183,14 +185,14 @@ function change_password_hubzilla {
 }
 
 function hubzilla_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        HUBZILLA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     fi
-    if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
-        HUBZILLA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
+        HUBZILLA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD"
-    if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD"
+    if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -211,25 +213,25 @@ function upgrade_hubzilla {
     HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
 
     function_check set_repo_commit
-    set_repo_commit $HUBZILLA_PATH "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
-    set_repo_commit $HUBZILLA_PATH/addon "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
-    if [ -d $HUBZILLA_PATH/redmatrix-themes1 ]; then
-        cd $HUBZILLA_PATH/redmatrix-themes1
+    set_repo_commit "$HUBZILLA_PATH" "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
+    set_repo_commit "$HUBZILLA_PATH/addon" "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
+    if [ -d "$HUBZILLA_PATH/redmatrix-themes1" ]; then
+        cd "$HUBZILLA_PATH/redmatrix-themes1" || exit 246782456
         git merge --abort
         git stash
         git pull
-        cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
-        chown -R www-data:www-data $HUBZILLA_PATH
+        cp -r "$HUBZILLA_PATH/redmatrix-themes1/*" "$HUBZILLA_PATH/view/theme/"
+        chown -R www-data:www-data "$HUBZILLA_PATH"
     fi
 }
 
 function backup_local_hubzilla {
     hubzilla_path=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
-    if [ -d $hubzilla_path ]; then
+    if [ -d "$hubzilla_path" ]; then
         function_check backup_database_to_usb
         backup_database_to_usb hubzilla
 
-        backup_directory_to_usb $hubzilla_path hubzilla
+        backup_directory_to_usb "$hubzilla_path" hubzilla
     fi
 }
 
@@ -240,31 +242,31 @@ function restore_local_hubzilla {
     function_check hubzilla_create_database
     hubzilla_create_database
 
-    restore_database hubzilla ${HUBZILLA_DOMAIN_NAME}
-    if [ -d $USB_MOUNT/backup/hubzilla ]; then
-        if [ ! -d $hubzilla_dir/store/[data]/smarty3 ]; then
-            mkdir -p $hubzilla_dir/store/[data]/smarty3
+    restore_database hubzilla "${HUBZILLA_DOMAIN_NAME}"
+    if [ -d "$USB_MOUNT/backup/hubzilla" ]; then
+        if [ ! -d "$hubzilla_dir/store/[data]/smarty3" ]; then
+            mkdir -p "$hubzilla_dir/store/[data]/smarty3"
         fi
-        chmod 1777 $hubzilla_dir/store/[data]/smarty3
-        chown -R www-data:www-data $hubzilla_dir/*
+        chmod 1777 "$hubzilla_dir/store/[data]/smarty3"
+        chown -R www-data:www-data "$hubzilla_dir/*"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
-        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
+        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
         MARIADB_PASSWORD=
     fi
 }
 
 function backup_remote_hubzilla {
-    temp_backup_dir=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
-    if [ -d $temp_backup_dir ]; then
-        suspend_site ${HUBZILLA_DOMAIN_NAME}
+    temp_backup_dir="/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs"
+    if [ -d "$temp_backup_dir" ]; then
+        suspend_site "${HUBZILLA_DOMAIN_NAME}"
         backup_database_to_friend hubzilla
         echo "Backing up Hubzilla installation"
-        backup_directory_to_friend $temp_backup_dir hubzilla
+        backup_directory_to_friend "$temp_backup_dir" hubzilla
         restart_site
         echo "Backup of Hubzilla complete"
     else
@@ -279,21 +281,21 @@ function restore_remote_hubzilla {
     function_check hubzilla_create_database
     hubzilla_create_database
 
-    restore_database_from_friend hubzilla ${HUBZILLA_DOMAIN_NAME}
-    if [ -d $SERVER_DIRECTORY/backup/hubzilla ]; then
-        if [ ! -d /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
-            mkdir -p /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
+    restore_database_from_friend hubzilla "${HUBZILLA_DOMAIN_NAME}"
+    if [ -d "$SERVER_DIRECTORY/backup/hubzilla" ]; then
+        if [ ! -d "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
+            mkdir -p "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
         fi
-        chmod 1777 /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
-        chown -R www-data:www-data /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*
+        chmod 1777 "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
+        chown -R www-data:www-data "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*"
     fi
     if [ -d /root/temphubzilla ]; then
         rm -rf /root/temphubzilla
     fi
 
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
     HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
-    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
+    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
     MARIADB_PASSWORD=
 }
 
@@ -301,41 +303,41 @@ function remove_hubzilla {
     if [ ${#HUBZILLA_DOMAIN_NAME} -eq 0 ]; then
         return
     fi
-    nginx_dissite $HUBZILLA_DOMAIN_NAME
-    remove_certs ${HUBZILLA_DOMAIN_NAME}
-    if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
-        rm -rf /var/www/$HUBZILLA_DOMAIN_NAME
+    nginx_dissite "$HUBZILLA_DOMAIN_NAME"
+    remove_certs "${HUBZILLA_DOMAIN_NAME}"
+    if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$HUBZILLA_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database hubzilla
     function_check remove_onion_service
     remove_onion_service hubzilla ${HUBZILLA_ONION_PORT}
-    sed -i '/hubzilla/d' $COMPLETION_FILE
+    sed -i '/hubzilla/d' "$COMPLETION_FILE"
     sed -i '/poller.php/d' /etc/crontab
 
     function_check remove_ddns_domain
-    remove_ddns_domain $HUBZILLA_DOMAIN_NAME
+    remove_ddns_domain "$HUBZILLA_DOMAIN_NAME"
 }
 
 function install_hubzilla {
-    if [ ! $HUBZILLA_DOMAIN_NAME ]; then
+    if [ ! "$HUBZILLA_DOMAIN_NAME" ]; then
         return
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         echo $"Hubzilla won't work on an onion address"
         exit 529925
     fi
 
-    HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
+    HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
 
     function_check install_mariadb
     install_mariadb
 
-    if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
+    if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
         remove_hubzilla
     fi
 
@@ -349,44 +351,44 @@ function install_hubzilla {
     apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
     apt-get -yq install php-memcached memcached
 
-    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
-        mkdir /var/www/$HUBZILLA_DOMAIN_NAME
+    if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$HUBZILLA_DOMAIN_NAME"
     fi
-    if [ ! -d $HUBZILLA_PATH ]; then
-        mkdir -p $HUBZILLA_PATH
+    if [ ! -d "$HUBZILLA_PATH" ]; then
+        mkdir -p "$HUBZILLA_PATH"
     fi
 
-    if [ ! -f $HUBZILLA_PATH/index.php ]; then
+    if [ ! -f "$HUBZILLA_PATH/index.php" ]; then
         if [ -d /repos/hubzilla ]; then
-            mkdir $HUBZILLA_PATH
-            cp -r -p /repos/hubzilla/. $HUBZILLA_PATH
-            cd $HUBZILLA_PATH
+            mkdir "$HUBZILLA_PATH"
+            cp -r -p /repos/hubzilla/. "$HUBZILLA_PATH"
+            cd "$HUBZILLA_PATH" || exit 245672478
             git pull
         else
             function_check git_clone
-            git_clone $HUBZILLA_REPO $HUBZILLA_PATH
+            git_clone "$HUBZILLA_REPO" "$HUBZILLA_PATH"
         fi
 
-        git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
+        git checkout "$HUBZILLA_COMMIT" -b "$HUBZILLA_COMMIT"
         set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT"
 
         if [ -d /repos/hubzilla-addons ]; then
-            mkdir $HUBZILLA_PATH/addon
-            cp -r -p /repos/hubzilla-addons/. $HUBZILLA_PATH/addon
-            cd $HUBZILLA_PATH/addon
+            mkdir "$HUBZILLA_PATH/addon"
+            cp -r -p /repos/hubzilla-addons/. "$HUBZILLA_PATH/addon"
+            cd "$HUBZILLA_PATH/addon" || exit 24682464
             git pull
         else
-            git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
+            git_clone "$HUBZILLA_ADDONS_REPO" "$HUBZILLA_PATH/addon"
         fi
 
-        cd $HUBZILLA_PATH/addon
-        git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
+        cd "$HUBZILLA_PATH/addon" || exit 24982468
+        git checkout "$HUBZILLA_ADDONS_COMMIT" -b "$HUBZILLA_ADDONS_COMMIT"
         set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT"
 
-        chown -R www-data:www-data $HUBZILLA_PATH
+        chown -R www-data:www-data "$HUBZILLA_PATH"
     fi
 
-    if [ ! -f $HUBZILLA_PATH/install/schema_mysql.sql ]; then
+    if [ ! -f "$HUBZILLA_PATH/install/schema_mysql.sql" ]; then
         echo $'No database schema found for hubzilla'
         exit 252782
     fi
@@ -403,156 +405,156 @@ function install_hubzilla {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $HUBZILLA_DOMAIN_NAME
+    add_ddns_domain "$HUBZILLA_DOMAIN_NAME"
 
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $HUBZILLA_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_http_redirect "$HUBZILLA_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root $HUBZILLA_PATH;";
+          echo "    server_name $HUBZILLA_DOMAIN_NAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $HUBZILLA_DOMAIN_NAME
+        nginx_ssl "$HUBZILLA_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
     else
-        echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    server_name $HUBZILLA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        { echo 'server {';
+        echo "    listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;";
+        echo "    root $HUBZILLA_PATH;";
+        echo "    server_name $HUBZILLA_ONION_HOSTNAME;";
+        echo "    error_log /dev/null;";
+        echo '    index index.php;';
+        echo '    charset utf-8;';
+        echo '    access_log /dev/null;';
+        echo '    add_header Strict-Transport-Security max-age=15768000;';
+        echo '';
+        echo '    # rewrite to front controller as default rule';
+        echo '    location / {'; } > "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
     fi
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $HUBZILLA_DOMAIN_NAME 'yes'
+    create_site_certificate "$HUBZILLA_DOMAIN_NAME" 'yes'
 
-    if [ ! -d $HUBZILLA_PATH/view/tpl/smarty3 ]; then
-        mkdir $HUBZILLA_PATH/view/tpl/smarty3
+    if [ ! -d "$HUBZILLA_PATH/view/tpl/smarty3" ]; then
+        mkdir "$HUBZILLA_PATH/view/tpl/smarty3"
     fi
     if [ ! -d "$HUBZILLA_PATH/store" ]; then
         mkdir "$HUBZILLA_PATH/store"
@@ -564,9 +566,9 @@ function install_hubzilla {
         mkdir "$HUBZILLA_PATH/store/[data]/smarty3"
         chmod 1777 "$HUBZILLA_PATH/store/[data]/smarty3"
     fi
-    chmod 1777 $HUBZILLA_PATH/view/tpl
+    chmod 1777 "$HUBZILLA_PATH/view/tpl"
     chown -R www-data:www-data "$HUBZILLA_PATH/store"
-    chmod 1777 $HUBZILLA_PATH/view/tpl/smarty3
+    chmod 1777 "$HUBZILLA_PATH/view/tpl/smarty3"
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -576,50 +578,50 @@ function install_hubzilla {
     function_check backup_database_local
     backup_database_local hubzilla
 
-    chown -R www-data:www-data $HUBZILLA_PATH
+    chown -R www-data:www-data "$HUBZILLA_PATH"
 
     function_check nginx_ensite
-    nginx_ensite $HUBZILLA_DOMAIN_NAME
+    nginx_ensite "$HUBZILLA_DOMAIN_NAME"
 
     function_check initialise_database
-    initialise_database hubzilla $HUBZILLA_PATH/install/schema_mysql.sql
+    initialise_database hubzilla "$HUBZILLA_PATH/install/schema_mysql.sql"
 
     # create the config file
-    echo '<?php' > $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_host = 'localhost';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_port = '0';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_user = 'root';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_data = 'hubzilla';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_type = '0';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$default_timezone = 'Europe/London';" >> $HUBZILLA_PATH/.htconfig.php
-    if [[ $ONION_ONLY == 'no' ]]; then
-        echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> $HUBZILLA_PATH/.htconfig.php
+    { echo '<?php';
+      echo "\$db_host = 'localhost';";
+      echo "\$db_port = '0';";
+      echo "\$db_user = 'root';";
+      echo "\$db_pass = '${MARIADB_PASSWORD}';";
+      echo "\$db_data = 'hubzilla';";
+      echo "\$db_type = '0';";
+      echo "\$default_timezone = 'Europe/London';"; } > "$HUBZILLA_PATH/.htconfig.php"
+    if [[ "$ONION_ONLY" == 'no' ]]; then
+        echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
     else
-        echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> $HUBZILLA_PATH/.htconfig.php
+        echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
     fi
-    echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> "$HUBZILLA_PATH/.htconfig.php"
     HUBZILLA_LOCATION_HASH="$(create_password 30)"
-    echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['register_text'] = '';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['verify_email'] = 1;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['sellpage'] = '';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['max_import_size'] = 200000;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['php_path'] = '/usr/bin/php';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['theme'] = 'redbasic';" >> $HUBZILLA_PATH/.htconfig.php
-    chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
-    chmod 755 $HUBZILLA_PATH/.htconfig.php
+    { echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';";
+      echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;";
+      echo "\$a->config['system']['register_text'] = '';";
+      echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';";
+      echo "\$a->config['system']['verify_email'] = 1;";
+      echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;";
+      echo "\$a->config['system']['sellpage'] = '';";
+      echo "\$a->config['system']['max_import_size'] = 200000;";
+      echo "\$a->config['system']['php_path'] = '/usr/bin/php';";
+      echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;";
+      echo "\$a->config['system']['theme'] = 'redbasic';"; } >> "$HUBZILLA_PATH/.htconfig.php"
+    chown www-data:www-data "$HUBZILLA_PATH/.htconfig.php"
+    chmod 755 "$HUBZILLA_PATH/.htconfig.php"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
     systemctl restart cron
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
 
     set_completion_param "hubzilla domain" "${HUBZILLA_DOMAIN_NAME}"
     APP_INSTALLED=1
diff --git a/src/freedombone-app-icecast b/src/freedombone-app-icecast
index 05f6e43f..28d99b02 100755
--- a/src/freedombone-app-icecast
+++ b/src/freedombone-app-icecast
@@ -68,36 +68,36 @@ function icecast_update_daemon {
         rm /etc/init.d/icecast2
     fi
 
-    echo '#!/bin/sh' > /usr/bin/stop_icecast
-    echo 'kill $(pidof ices2)' >> /usr/bin/stop_icecast
-    echo 'systemctl stop icecast2' >> /usr/bin/stop_icecast
+    { echo '#!/bin/sh';
+      echo "kill \$(pidof ices2)";
+      echo 'systemctl stop icecast2'; } > /usr/bin/stop_icecast
     chmod +x /usr/bin/stop_icecast
 
     # Note that the sleep here actually is important
-    echo '#!/bin/bash' > /usr/bin/start_icecast
-    echo 'isrunning=$(ps aux | grep ices2)' >> /usr/bin/start_icecast
-    echo 'if [[ "$isrunning" != *"ices-playlist"* ]]; then' >> /usr/bin/start_icecast
-    echo '    systemctl start icecast2' >> /usr/bin/start_icecast
-    echo '    sleep 3' >> /usr/bin/start_icecast
-    echo '    cd /etc/ices2' >> /usr/bin/start_icecast
-    echo '    ices2 ices-playlist.xml' >> /usr/bin/start_icecast
-    echo 'fi' >> /usr/bin/start_icecast
+    { echo '#!/bin/bash';
+      echo "isrunning=\$(ps aux | grep ices2)";
+      echo "if [[ \"\$isrunning\" != *\"ices-playlist\"* ]]; then";
+      echo '    systemctl start icecast2';
+      echo '    sleep 3';
+      echo '    cd /etc/ices2';
+      echo '    ices2 ices-playlist.xml';
+      echo 'fi'; } > /usr/bin/start_icecast
     chmod +x /usr/bin/start_icecast
 
-    echo '[Unit]' > /etc/systemd/system/icecast2.service
-    echo 'Description=Icecast' >> /etc/systemd/system/icecast2.service
-    echo 'After=network.target' >> /etc/systemd/system/icecast2.service
-    echo 'After=tor.service' >> /etc/systemd/system/icecast2.service
-    echo '' >> /etc/systemd/system/icecast2.service
-    echo '[Service]' >> /etc/systemd/system/icecast2.service
-    echo 'User=icecast2' >> /etc/systemd/system/icecast2.service
-    echo 'Group=icecast' >> /etc/systemd/system/icecast2.service
-    echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml' >> /etc/systemd/system/icecast2.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/icecast2.service
-    echo 'RestartSec=10' >> /etc/systemd/system/icecast2.service
-    echo '' >> /etc/systemd/system/icecast2.service
-    echo '[Install]' >> /etc/systemd/system/icecast2.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/icecast2.service
+    { echo '[Unit]';
+      echo 'Description=Icecast';
+      echo 'After=network.target';
+      echo 'After=tor.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=icecast2';
+      echo 'Group=icecast';
+      echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml';
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/icecast2.service
 
     chown -R icecast2:icecast /etc/ices2
     chown -R icecast2:icecast /etc/icecast2
@@ -121,7 +121,7 @@ function change_password_icecast {
         /etc/icecast2/icecast.xml
     sed -i "s|<password>.*|<password>${new_user_password}</password>|g" /etc/ices2/ices-playlist.xml
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a icecast -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a icecast -p "$new_user_password"
     start_icecast
 }
 
@@ -139,7 +139,7 @@ function reconfigure_icecast {
 
 function icecast_convert_files {
     clear
-    cd ${1}
+    cd "${1}" || exit 2346824648
 
     echo $'Converting any mp3 files to ogg format'
     find . -type f -name '*.mp3' -exec bash -c 'ffmpeg -i "$0" -c:a libvorbis -q:a 4 "${0/%mp3/ogg}"' '{}' \;
@@ -153,20 +153,20 @@ function icecast_convert_files {
 }
 
 function icecast_add_file_to_playlist {
-    files_dir=${1}
-    if [ ! -d $files_dir ]; then
+    files_dir="${1}"
+    if [ ! -d "$files_dir" ]; then
         return
     fi
 
     echo $'Adding ogg files to playlist'
-    find $files_dir -type f -name '*.ogg' -print0 | while read -d $'\0' file; do
+    find "$files_dir" -type f -name '*.ogg' -print0 | while read -r -d $'\0' file; do
         if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
             echo "$file" >> $ICECAST_PLAYLIST_FILE
         fi
     done
 
     echo $'Adding ogv files to playlist'
-    find $files_dir -type f -name '*.ogv' -print0 | while read -d $'\0' file; do
+    find "$files_dir" -type f -name '*.ogv' -print0 | while read -r -d $'\0' file; do
         if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
             echo "$file" >> $ICECAST_PLAYLIST_FILE
         fi
@@ -178,14 +178,14 @@ function icecast_add_file_to_playlist {
 }
 
 function icecast_import_from_directory {
-    data=$(tempfile 2>/dev/null)
-    dialog --title "Choose a directory containing stream files" --dselect /home/$MY_USERNAME/ 30 60 2> $data
-    selected_dir=$(cat $data)
-    rm $data
+    data=$(mktemp 2>/dev/null)
+    dialog --title "Choose a directory containing stream files" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
+    selected_dir=$(cat "$data")
+    rm -f "$data"
     if [[ "$selected_dir" == "$ICECAST_DIR" ]]; then
         return
     fi
-    if [ ! -d $selected_dir ]; then
+    if [ ! -d "$selected_dir" ]; then
         return
     fi
     if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@@ -201,7 +201,7 @@ function icecast_import_from_directory {
     dialog --title $"Import stream files directory into Icecast" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nImport the directory:\n\n  $selected_dir" 12 75
+           --yesno $"\\nImport the directory:\\n\\n  $selected_dir" 12 75
     sel=$?
     case $sel in
         1) return;;
@@ -215,8 +215,8 @@ function icecast_import_from_directory {
     dest_dir=$(basename "$selected_dir")
     mv "$selected_dir" $ICECAST_DIR
 
-    icecast_convert_files $ICECAST_DIR/$dest_dir
-    icecast_add_file_to_playlist $ICECAST_DIR/$dest_dir
+    icecast_convert_files "$ICECAST_DIR/$dest_dir"
+    icecast_add_file_to_playlist "$ICECAST_DIR/$dest_dir"
 
     dialog --title $"Import stream files directory into Icecast" \
            --msgbox $"Import success" 6 40
@@ -226,18 +226,18 @@ function icecast_import_from_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Import stream files from USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
         dialog --title $"Import stream files from USB drive" --msgbox $'No stream files directory found on USB drive' 6 50
-        backup_unmount_drive ${USB_DRIVE}
+        backup_unmount_drive "${USB_DRIVE}"
     fi
-    cp -ru $USB_MOUNT$ICECAST_DIR/* $ICECAST_DIR
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru "$USB_MOUNT$ICECAST_DIR/*" $ICECAST_DIR
+    backup_unmount_drive "${USB_DRIVE}"
     icecast_convert_files $ICECAST_DIR
     dialog --title $"Import stream files from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
 }
@@ -246,40 +246,41 @@ function icecast_export_to_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Export stream files to USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then
-        mkdir -p $USB_MOUNT$ICECAST_DIR
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
+        mkdir -p "$USB_MOUNT$ICECAST_DIR"
     fi
-    cp -ru $ICECAST_DIR/* $USB_MOUNT$ICECAST_DIR
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru "$ICECAST_DIR/*" "$USB_MOUNT$ICECAST_DIR"
+    backup_unmount_drive "${USB_DRIVE}"
     dialog --title $"Export stream files to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
 }
 
 function icecast_format_drive {
     detect_usb_drive
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Format USB drive $USB_DRIVE for stream file storage" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to format drive\n\n    ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
+           --yesno $"\\nPlease confirm that you wish to format drive\\n\\n    ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1)  rm -f "$data"
+            return;;
+        255) rm -f "$data"
+             return;;
     esac
-    rm $data
+    rm -f "$data"
 
     clear
     echo ''
     echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
     echo ''
-    ${PROJECT_NAME}-format $USB_DRIVE
+    "${PROJECT_NAME}-format" "$USB_DRIVE"
     dialog --title $"Format USB drive $USB_DRIVE for stream file storage" --msgbox $'Format complete. You may now export stream files or remove the USB drive' 6 50
 }
 
@@ -290,42 +291,41 @@ function icecast_edit_playlist {
 }
 
 function icecast_change_login {
-    read_config_param $MY_USERNAME
-    ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser)
+    read_config_param "$MY_USERNAME"
+    ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change Icecast stream visitor login" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>$data
+           --inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>"$data"
     sel=$?
     case $sel in
-        0)  ICECAST_USER_PASSWORD=$(<$data)
+        0)  ICECAST_USER_PASSWORD=$(<"$data")
             if [[ "$ICECAST_USER_PASSWORD" != *' '* ]]; then
                 if [ ${#ICECAST_USER_PASSWORD} -gt 8 ]; then
-                    ${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p $ICECAST_USER_PASSWORD
+                    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
                     dialog --title $"Change Icecast stream visitor login" \
                            --msgbox $"Password changed to $ICECAST_USER_PASSWORD" 6 75
                 fi
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function icecast_enable_login {
     dialog --title $"Enable Icecast login" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nDo you want to add a login so that random web users can't access your stream?" 10 60
+           --yesno $"\\nDo you want to add a login so that random web users can't access your stream?" 10 60
     sel=$?
     case $sel in
         0) if grep -q '#auth_basic' /etc/nginx/sites-available/icecast; then
                sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/icecast
                systemctl restart nginx
            fi
-           read_config_param $MY_USERNAME
-           ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser)
+           read_config_param "$MY_USERNAME"
+           ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
            dialog --title $"Enable Icecast login" \
                   --msgbox $"Icecast logins are now enabled with the password $ICECAST_USER_PASSWORD" 6 65
            ICECAST_USER_PASSWORD=
@@ -341,23 +341,24 @@ function icecast_enable_login {
 }
 
 function icecast_set_stream_name {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Change Icecast stream details" \
-           --form "\n" 8 60 4 \
+           --form "\\n" 8 60 4 \
            $"Stream name:" 1 1 "Example stream name" 1 18 40 1000 \
            $"Description:" 2 1 "A short description of your stream" 2 18 40 1000 \
            $"Genre:" 3 1 "Example genre" 3 18 40 1000 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    stream_name=$(cat $data | sed -n 1p)
-    stream_description=$(cat $data | sed -n 2p)
-    stream_genre=$(cat $data | sed -n 3p)
+    stream_name=$(sed -n 1p < "$data")
+    stream_description=$(sed -n 2p < "$data")
+    stream_genre=$(sed -n 3p < "$data")
     if [ ${#stream_name} -gt 2 ]; then
         sed -i "s|<name>.*|<name>${stream_name}</name>|g" /etc/ices2/ices-playlist.xml
     fi
@@ -367,42 +368,41 @@ function icecast_set_stream_name {
     if [ ${#stream_genre} -gt 2 ]; then
         sed -i "s|<genre>.*|<genre>${stream_genre}</genre>|g" /etc/ices2/ices-playlist.xml
     fi
-    rm $data
+    rm -f "$data"
     stop_icecast
     start_icecast
 }
 
 function icecast_set_maximum_streams {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Set the maximum clients" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Maximum number of clients" 8 40 "10" 2>$data
+           --inputbox $"Maximum number of clients" 8 40 "10" 2>"$data"
     sel=$?
     case $sel in
         0)
-            max_clients=$(<$data)
+            max_clients=$(<"$data")
             if [ ${#max_clients} -gt 0 ]; then
                 if [[ "$max_clients" != *' '* ]]; then
-                    if [[ $max_clients =~ '^[0-9]+$' ]] ; then
+                    # shellcheck disable=SC2076
+                    if [[ "$max_clients" =~ '^[0-9]+$' ]] ; then
                         sed -i "s|<clients>.*|<clients>${max_clients}</clients>|g" /etc/icecast2/icecast.xml
                         stop_icecast
                         start_icecast
                         dialog --title $"Set the maximum clients" \
-                               --msgbox $"\nMaximum Icecast clients was set to ${max_clients}" 8 50
+                               --msgbox $"\\nMaximum Icecast clients was set to ${max_clients}" 8 50
                     fi
                 fi
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function configure_interactive_icecast {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Icecast" \
                --radiolist $"Choose an operation:" 19 70 12 \
@@ -417,13 +417,15 @@ function configure_interactive_icecast {
                9 $"Restart stream" off \
                10 $"Set Stream Name/Description/Genre" off \
                11 $"Set maximum number of clients/streams" off \
-               12 $"Exit" on 2> $data
+               12 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) icecast_import_from_directory;;
             2) icecast_import_from_usb;;
             3) icecast_format_drive;;
@@ -440,8 +442,10 @@ function configure_interactive_icecast {
                start_icecast;;
             10) icecast_set_stream_name;;
             11) icecast_set_maximum_streams;;
-            12) break;;
+            12) rm -f "$data"
+                break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -556,7 +560,7 @@ function remove_icecast {
     fi
     function_check remove_onion_service
     remove_onion_service icecast ${ICECAST_ONION_PORT}
-    sed -i '/icecast/d' $COMPLETION_FILE
+    sed -i '/icecast/d' "$COMPLETION_FILE"
 }
 
 function install_icecast {
@@ -572,11 +576,11 @@ function install_icecast {
         exit 7923528
     fi
 
-    if [ ! ${ICECAST_PASSWORD} ]; then
-        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-            ICECAST_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "${ICECAST_PASSWORD}" ]; then
+        if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+            ICECAST_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            ICECAST_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            ICECAST_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -600,22 +604,22 @@ function install_icecast {
     fi
 
     icecast_nginx_site=/etc/nginx/sites-available/icecast
-    echo 'server {' > $icecast_nginx_site
-    echo "    listen 127.0.0.1:$ICECAST_ONION_PORT default_server;" >> $icecast_nginx_site
-    echo "    server_name $ICECAST_ONION_HOSTNAME;" >> $icecast_nginx_site
-    echo '' >> $icecast_nginx_site
-    echo '  # Logs' >> $icecast_nginx_site
-    echo '  access_log /dev/null;' >> $icecast_nginx_site
-    echo '  error_log /dev/null;' >> $icecast_nginx_site
-    echo '' >> $icecast_nginx_site
-    echo '  location / {' >> $icecast_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$ICECAST_ONION_PORT default_server;";
+      echo "    server_name $ICECAST_ONION_HOSTNAME;";
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  location / {'; } > $icecast_nginx_site
     function_check nginx_limits
-    nginx_limits $ICECAST_ONION_HOSTNAME '15m'
-    echo "      proxy_pass http://localhost:$ICECAST_PORT;" >> $icecast_nginx_site
-    echo "      #auth_basic \"${ICECAST_LOGIN_TEXT}\";" >> $icecast_nginx_site
-    echo '      #auth_basic_user_file /etc/nginx/.icepasswd;' >> $icecast_nginx_site
-    echo '  }' >> $icecast_nginx_site
-    echo '}' >> $icecast_nginx_site
+    nginx_limits "$ICECAST_ONION_HOSTNAME" '15m'
+    { echo "      proxy_pass http://localhost:$ICECAST_PORT;";
+      echo "      #auth_basic \"${ICECAST_LOGIN_TEXT}\";";
+      echo '      #auth_basic_user_file /etc/nginx/.icepasswd;';
+      echo '  }';
+      echo '}'; } >> $icecast_nginx_site
 
     if [ ! -d /var/log/ices ]; then
         mkdir -p /var/log/ices
@@ -624,105 +628,105 @@ function install_icecast {
         mkdir -p /etc/ices2
     fi
 
-    echo '<?xml version="1.0"?>' > /etc/ices2/ices-playlist.xml
-    echo '<ices>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- run in background -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <background>1</background>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- where logs, etc go. -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <logpath>/var/log/ices</logpath>' >> /etc/ices2/ices-playlist.xml
-    echo '    <logfile>ices.log</logfile>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- 1=error,2=warn,3=info,4=debug -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <loglevel>1</loglevel>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- set this to 1 to log to the console instead of to the file above -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <consolelog>0</consolelog>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- optional filename to write process id to -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- <pidfile>/home/ices/ices.pid</pidfile> -->' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '    <stream>' >> /etc/ices2/ices-playlist.xml
-    echo '        <!-- metadata used for stream listing (not currently used) -->' >> /etc/ices2/ices-playlist.xml
-    echo '        <metadata>' >> /etc/ices2/ices-playlist.xml
-    echo '            <name>Example stream name</name>' >> /etc/ices2/ices-playlist.xml
-    echo '            <genre>Example genre</genre>' >> /etc/ices2/ices-playlist.xml
-    echo '            <description>A short description of your stream</description>' >> /etc/ices2/ices-playlist.xml
-    echo '        </metadata>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '        <!-- input module' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            The module used here is the playlist module - it has ' >> /etc/ices2/ices-playlist.xml
-    echo '            "submodules" for different types of playlist. There are' >> /etc/ices2/ices-playlist.xml
-    echo '            two currently implemented, "basic", which is a simple' >> /etc/ices2/ices-playlist.xml
-    echo '            file-based playlist, and "script" which invokes a command' >> /etc/ices2/ices-playlist.xml
-    echo '            to returns a filename to start playing. -->' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '        <input>' >> /etc/ices2/ices-playlist.xml
-    echo '            <module>playlist</module>' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="type">basic</param>' >> /etc/ices2/ices-playlist.xml
-    echo "            <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>" >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- random play -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="random">0</param>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- if the playlist get updated that start at the beginning -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="restart-after-reread">0</param>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- if set to 1 , plays once through, then exits. -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="once">0</param>' >> /etc/ices2/ices-playlist.xml
-    echo '        </input>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Stream instance' >> /etc/ices2/ices-playlist.xml
-    echo '            You may have one or more instances here. This allows you to ' >> /etc/ices2/ices-playlist.xml
-    echo '            send the same input data to one or more servers (or to different' >> /etc/ices2/ices-playlist.xml
-    echo '            mountpoints on the same server). Each of them can have different' >> /etc/ices2/ices-playlist.xml
-    echo '            parameters. This is primarily useful for a) relaying to multiple' >> /etc/ices2/ices-playlist.xml
-    echo '            independent servers, and b) encoding/reencoding to multiple' >> /etc/ices2/ices-playlist.xml
-    echo '            bitrates.' >> /etc/ices2/ices-playlist.xml
-    echo '            If one instance fails (for example, the associated server goes' >> /etc/ices2/ices-playlist.xml
-    echo '            down, etc), the others will continue to function correctly.' >> /etc/ices2/ices-playlist.xml
-    echo '            This example defines two instances as two mountpoints on the' >> /etc/ices2/ices-playlist.xml
-    echo '            same server.  -->' >> /etc/ices2/ices-playlist.xml
-    echo '        <instance>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Server details:' >> /etc/ices2/ices-playlist.xml
-    echo '                You define hostname and port for the server here, along with' >> /etc/ices2/ices-playlist.xml
-    echo '                the source password and mountpoint.  -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <hostname>localhost</hostname>' >> /etc/ices2/ices-playlist.xml
-    echo "            <port>$ICECAST_PORT</port>" >> /etc/ices2/ices-playlist.xml
-    echo "            <password>$ICECAST_PASSWORD</password>" >> /etc/ices2/ices-playlist.xml
-    echo '            <mount>/example1.ogg</mount>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Reconnect parameters:' >> /etc/ices2/ices-playlist.xml
-    echo '                When something goes wrong (e.g. the server crashes, or the' >> /etc/ices2/ices-playlist.xml
-    echo '                network drops) and ices disconnects from the server, these' >> /etc/ices2/ices-playlist.xml
-    echo '                control how often it tries to reconnect, and how many times' >> /etc/ices2/ices-playlist.xml
-    echo '                it tries to reconnect. Delay is in seconds.' >> /etc/ices2/ices-playlist.xml
-    echo '                If you set reconnectattempts to -1, it will continue ' >> /etc/ices2/ices-playlist.xml
-    echo '                indefinately. Suggest setting reconnectdelay to a large value' >> /etc/ices2/ices-playlist.xml
-    echo '                if you do this.' >> /etc/ices2/ices-playlist.xml
-    echo '            -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <reconnectdelay>2</reconnectdelay>' >> /etc/ices2/ices-playlist.xml
-    echo '            <reconnectattempts>5</reconnectattempts> ' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- maxqueuelength:' >> /etc/ices2/ices-playlist.xml
-    echo '                This describes how long the internal data queues may be. This' >> /etc/ices2/ices-playlist.xml
-    echo '                basically lets you control how much data gets buffered before' >> /etc/ices2/ices-playlist.xml
-    echo '                ices decides it cant send to the server fast enough, and ' >> /etc/ices2/ices-playlist.xml
-    echo '                either shuts down or flushes the queue (dropping the data)' >> /etc/ices2/ices-playlist.xml
-    echo '                and continues. ' >> /etc/ices2/ices-playlist.xml
-    echo '                For advanced users only.' >> /etc/ices2/ices-playlist.xml
-    echo '            -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <maxqueuelength>80</maxqueuelength>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Live encoding/reencoding:' >> /etc/ices2/ices-playlist.xml
-    echo '                Currrently, the parameters given here for encoding MUST' >> /etc/ices2/ices-playlist.xml
-    echo '                match the input data for channels and sample rate. That ' >> /etc/ices2/ices-playlist.xml
-    echo '                restriction will be relaxed in the future.' >> /etc/ices2/ices-playlist.xml
-    echo '                Remove this section if you dont want your files getting reencoded.' >> /etc/ices2/ices-playlist.xml
-    echo '            -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <encode>  ' >> /etc/ices2/ices-playlist.xml
-    echo '                <nominal-bitrate>64000</nominal-bitrate>' >> /etc/ices2/ices-playlist.xml
-    echo '                <samplerate>22050</samplerate>' >> /etc/ices2/ices-playlist.xml
-    echo '                <channels>1</channels>' >> /etc/ices2/ices-playlist.xml
-    echo '            </encode>' >> /etc/ices2/ices-playlist.xml
-    echo '        </instance>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '        </stream>' >> /etc/ices2/ices-playlist.xml
-    echo '</ices>' >> /etc/ices2/ices-playlist.xml
+    { echo '<?xml version="1.0"?>';
+      echo '<ices>';
+      echo '    <!-- run in background -->';
+      echo '    <background>1</background>';
+      echo '    <!-- where logs, etc go. -->';
+      echo '    <logpath>/var/log/ices</logpath>';
+      echo '    <logfile>ices.log</logfile>';
+      echo '    <!-- 1=error,2=warn,3=info,4=debug -->';
+      echo '    <loglevel>1</loglevel>';
+      echo '    <!-- set this to 1 to log to the console instead of to the file above -->';
+      echo '    <consolelog>0</consolelog>';
+      echo '';
+      echo '    <!-- optional filename to write process id to -->';
+      echo '    <!-- <pidfile>/home/ices/ices.pid</pidfile> -->';
+      echo '';
+      echo '    <stream>';
+      echo '        <!-- metadata used for stream listing (not currently used) -->';
+      echo '        <metadata>';
+      echo '            <name>Example stream name</name>';
+      echo '            <genre>Example genre</genre>';
+      echo '            <description>A short description of your stream</description>';
+      echo '        </metadata>';
+      echo '';
+      echo '        <!-- input module';
+      echo '';
+      echo '            The module used here is the playlist module - it has ';
+      echo '            "submodules" for different types of playlist. There are';
+      echo '            two currently implemented, "basic", which is a simple';
+      echo '            file-based playlist, and "script" which invokes a command';
+      echo '            to returns a filename to start playing. -->';
+      echo '';
+      echo '        <input>';
+      echo '            <module>playlist</module>';
+      echo '            <param name="type">basic</param>';
+      echo "            <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>";
+      echo '            <!-- random play -->';
+      echo '            <param name="random">0</param>';
+      echo '            <!-- if the playlist get updated that start at the beginning -->';
+      echo '            <param name="restart-after-reread">0</param>';
+      echo '            <!-- if set to 1 , plays once through, then exits. -->';
+      echo '            <param name="once">0</param>';
+      echo '        </input>';
+      echo '';
+      echo '            <!-- Stream instance';
+      echo '            You may have one or more instances here. This allows you to ';
+      echo '            send the same input data to one or more servers (or to different';
+      echo '            mountpoints on the same server). Each of them can have different';
+      echo '            parameters. This is primarily useful for a) relaying to multiple';
+      echo '            independent servers, and b) encoding/reencoding to multiple';
+      echo '            bitrates.';
+      echo '            If one instance fails (for example, the associated server goes';
+      echo '            down, etc), the others will continue to function correctly.';
+      echo '            This example defines two instances as two mountpoints on the';
+      echo '            same server.  -->';
+      echo '        <instance>';
+      echo '            <!-- Server details:';
+      echo '                You define hostname and port for the server here, along with';
+      echo '                the source password and mountpoint.  -->';
+      echo '            <hostname>localhost</hostname>';
+      echo "            <port>$ICECAST_PORT</port>";
+      echo "            <password>$ICECAST_PASSWORD</password>";
+      echo '            <mount>/example1.ogg</mount>';
+      echo '            <!-- Reconnect parameters:';
+      echo '                When something goes wrong (e.g. the server crashes, or the';
+      echo '                network drops) and ices disconnects from the server, these';
+      echo '                control how often it tries to reconnect, and how many times';
+      echo '                it tries to reconnect. Delay is in seconds.';
+      echo '                If you set reconnectattempts to -1, it will continue ';
+      echo '                indefinately. Suggest setting reconnectdelay to a large value';
+      echo '                if you do this.';
+      echo '            -->';
+      echo '            <reconnectdelay>2</reconnectdelay>';
+      echo '            <reconnectattempts>5</reconnectattempts> ';
+      echo '';
+      echo '            <!-- maxqueuelength:';
+      echo '                This describes how long the internal data queues may be. This';
+      echo '                basically lets you control how much data gets buffered before';
+      echo '                ices decides it cant send to the server fast enough, and ';
+      echo '                either shuts down or flushes the queue (dropping the data)';
+      echo '                and continues. ';
+      echo '                For advanced users only.';
+      echo '            -->';
+      echo '            <maxqueuelength>80</maxqueuelength>';
+      echo '';
+      echo '            <!-- Live encoding/reencoding:';
+      echo '                Currrently, the parameters given here for encoding MUST';
+      echo '                match the input data for channels and sample rate. That ';
+      echo '                restriction will be relaxed in the future.';
+      echo '                Remove this section if you dont want your files getting reencoded.';
+      echo '            -->';
+      echo '            <encode>  ';
+      echo '                <nominal-bitrate>64000</nominal-bitrate>';
+      echo '                <samplerate>22050</samplerate>';
+      echo '                <channels>1</channels>';
+      echo '            </encode>';
+      echo '        </instance>';
+      echo '';
+      echo '        </stream>';
+      echo '</ices>'; } > /etc/ices2/ices-playlist.xml
 
     sed -i 's|ENABLE=.*|ENABLE=true|g' /etc/default/icecast2
 
@@ -733,18 +737,18 @@ function install_icecast {
 
 
     # create a password for users
-    ICECAST_USER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    ICECAST_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     if grep -q "$MY_USERNAME:" /etc/nginx/.icepasswd; then
         sed -i "/$MY_USERNAME:/d" /etc/nginx/.icepasswd
     fi
-    echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd $MY_USERNAME
+    echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd "$MY_USERNAME"
     if [ ! -f /etc/nginx/.icepasswd ]; then
         echo $'/etc/nginx/.icepasswd not found'
         exit 73528235
     fi
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a icecast -p "$ICECAST_PASSWORD"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p "$ICECAST_USER_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecast -p "$ICECAST_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
 
     groupadd icecast
     useradd -c "Icecast system account" -d /etc/icecast2 -m -r -g icecast icecast2
diff --git a/src/freedombone-app-ipfs b/src/freedombone-app-ipfs
index 09d9bb5a..d5859ae0 100755
--- a/src/freedombone-app-ipfs
+++ b/src/freedombone-app-ipfs
@@ -76,7 +76,7 @@ function upgrade_ipfs_go {
     fi
 
     function_check set_repo_commit
-    set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
+    set_repo_commit "$GOPATH/src/github.com/ipfs/go-ipfs" "ipfs commit" "$IPFS_COMMIT" "$IPFS_REPO"
 }
 
 function upgrade_ipfs_js {
@@ -97,33 +97,34 @@ function upgrade_ipfs {
 }
 
 function backup_local_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
+    if ! grep -q "Admin user" "$COMPLETION_FILE"; then
         return
     fi
     ADMIN_USERNAME=$(get_completion_param "Admin user")
-    source_directory=/home/$ADMIN_USERNAME/.ipfs
-    if [ -d $source_directory ]; then
+    source_directory="/home/$ADMIN_USERNAME/.ipfs"
+    if [ -d "$source_directory" ]; then
         dest_directory=ipfs
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
     fi
 }
 
 function restore_local_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
+    if ! grep -q "Admin user" "$COMPLETION_FILE"; then
         return
     fi
-    if [ -d $USB_MOUNT/backup/ipfs ]; then
+    if [ -d "$USB_MOUNT/backup/ipfs" ]; then
         echo $"Restoring IPFS"
         temp_restore_dir=/root/tempipfs
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir ipfs
         ADMIN_USERNAME=$(get_completion_param "Admin user")
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then
-            cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
+            cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
         else
-            cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs
+            cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             function_check set_user_permissions
@@ -138,28 +139,29 @@ function restore_local_ipfs {
 }
 
 function backup_remote_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
+    if ! grep -q "Admin user" "$COMPLETION_FILE"; then
         return
     fi
     ADMIN_USERNAME=$(get_completion_param "Admin user")
-    if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then
+    if [ -d "/home/$ADMIN_USERNAME/.ipfs" ]; then
         echo $"Backing up IPFS"
-        backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs
+        backup_directory_to_friend "/home/$ADMIN_USERNAME/.ipfs" ipfs
         echo $"Backup of IPFS complete"
     fi
 }
 
 function restore_remote_ipfs {
-    if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/ipfs" ]; then
         echo $"Restoring IPFS"
         temp_restore_dir=/root/tempipfs
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir ipfs
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then
-            cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
+            cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
         else
-            cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs
+            cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check set_user_permissions
             set_user_permissions
@@ -177,11 +179,11 @@ function remove_ipfs_go {
     systemctl daemon-reload
     rm /etc/systemd/system/ipfs.service
     systemctl daemon-reload
-    rm -rf $GOPATH/src/github.com/ipfs
+    rm -rf "$GOPATH/src/github.com/ipfs"
     firewall_remove $IPFS_PORT tcp
     remove_completion_param install_ipfs
     remove_completion_param configure_firewall_for_ipfs
-    sed -i '/ipfs/d' $COMPLETION_FILE
+    sed -i '/ipfs/d' "$COMPLETION_FILE"
 }
 
 function remove_ipfs_js {
@@ -194,9 +196,9 @@ function remove_ipfs_js {
     npm uninstall ronin --global
 
     firewall_remove $IPFS_PORT tcp
-    sed -i '/install_ipfs/d' $COMPLETION_FILE
-    sed -i '/ipfs/d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE
+    sed -i '/install_ipfs/d' "$COMPLETION_FILE"
+    sed -i '/ipfs/d' "$COMPLETION_FILE"
+    sed -i '/configure_firewall_for_ipfs/d' "$COMPLETION_FILE"
 }
 
 function remove_ipfs {
@@ -221,14 +223,15 @@ function mesh_install_ipfs_js {
         return
     fi
 
-    chroot ${rootdir} apt-get -yq install libpam0g-dev fuse
+    # shellcheck disable=SC2154
+    chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse
 
-    if [ ! -f ${rootdir}/usr/bin/nodejs ]; then
+    if [ ! -f "${rootdir}/usr/bin/nodejs" ]; then
         echo $'nodejs was not installed'
         exit 63962
     fi
 
-    cat <<EOF > ${rootdir}/root/install-ipfs.sh
+    cat <<EOF > "${rootdir}/root/install-ipfs.sh"
 #!/bin/bash
 PATH="/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/bin"
 NODE_PATH="/usr/lib/node_modules"
@@ -241,57 +244,57 @@ npm install -g ronin@${IPFS_JS_RONIN_VERSION} --save
 npm install -g ipfs@${IPFS_JS_VERSION} --save
 exit 0
 EOF
-    chroot ${rootdir} /bin/chmod +x /root/install-ipfs.sh
-    chroot ${rootdir} /root/install-ipfs.sh
-    rm -f ${rootdir}/root/install-ipfs.sh
+    chroot "${rootdir}" /bin/chmod +x /root/install-ipfs.sh
+    chroot "${rootdir}" /root/install-ipfs.sh
+    rm -f "${rootdir}/root/install-ipfs.sh"
 
     IPFS_PATH=/usr/bin
 
-    if [ ! -f ${rootdir}$IPFS_PATH/jsipfs ]; then
+    if [ ! -f "${rootdir}$IPFS_PATH/jsipfs" ]; then
         exit 637292
     fi
 
     # directories to mount to
-    if [ ! -d ${rootdir}/ipfs ]; then
-        chroot ${rootdir} /bin/mkdir /ipfs
-        chroot ${rootdir} /bin/mkdir /ipns
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipfs
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipns
+    if [ ! -d "${rootdir}/ipfs" ]; then
+        chroot "${rootdir}" /bin/mkdir /ipfs
+        chroot "${rootdir}" /bin/mkdir /ipns
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipns
     fi
 
-    if [ -f ${rootdir}/etc/fuse.conf ]; then
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+    if [ -f "${rootdir}/etc/fuse.conf" ]; then
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
     fi
-    if [ -f ${rootdir}/dev/fuse ]; then
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+    if [ -f "${rootdir}/dev/fuse" ]; then
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
     fi
 
     IPFS_DAEMON_NAME=ipfs
     IPFS_DAEMON_FILE=${rootdir}/etc/systemd/system/${IPFS_DAEMON_NAME}.service
-    echo '[Unit]' > $IPFS_DAEMON_FILE
-    echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE
-    echo 'After=syslog.target' >> $IPFS_DAEMON_FILE
-    echo 'After=network.target' >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Service]' >> $IPFS_DAEMON_FILE
-    echo 'Type=simple' >> $IPFS_DAEMON_FILE
-    echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE
-    echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Install]' >> $IPFS_DAEMON_FILE
-    echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE
+    { echo '[Unit]';
+      echo 'Description=IPFS javascript daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=$MY_USERNAME";
+      echo "Group=$MY_USERNAME";
+      echo "WorkingDirectory=/home/$MY_USERNAME";
+      echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
+      echo 'Restart=on-failure';
+      echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$IPFS_DAEMON_FILE"
 
-    chroot ${rootdir} systemctl enable ${IPFS_DAEMON_NAME}
+    chroot "${rootdir}" systemctl enable ${IPFS_DAEMON_NAME}
 
     mark_completed "${FUNCNAME[0]}"
 }
 
 function install_ipfs_js {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_ipfs_js
         return
     fi
@@ -321,8 +324,8 @@ function install_ipfs_js {
     fi
 
     # initialise
-    su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - $MY_USERNAME
-    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
+    su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - "$MY_USERNAME"
+    if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
         echo "IPFS could not be initialised for user $MY_USERNAME"
         exit 7358
     fi
@@ -331,35 +334,35 @@ function install_ipfs_js {
     if [ ! -d /ipfs ]; then
         mkdir /ipfs
         mkdir /ipns
-        chown $MY_USERNAME:$MY_USERNAME /ipfs
-        chown $MY_USERNAME:$MY_USERNAME /ipns
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipns
     fi
 
     if [ -f /etc/fuse.conf ]; then
-        chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+        chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
     fi
     if [ -f /dev/fuse ]; then
-        chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+        chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
     fi
 
     IPFS_DAEMON_NAME=ipfs
     IPFS_DAEMON_FILE=/etc/systemd/system/${IPFS_DAEMON_NAME}.service
-    echo '[Unit]' > $IPFS_DAEMON_FILE
-    echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE
-    echo 'After=syslog.target' >> $IPFS_DAEMON_FILE
-    echo 'After=network.target' >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Service]' >> $IPFS_DAEMON_FILE
-    echo 'Type=simple' >> $IPFS_DAEMON_FILE
-    echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE
-    echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Install]' >> $IPFS_DAEMON_FILE
-    echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE
+    { echo '[Unit]';
+      echo 'Description=IPFS javascript daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=$MY_USERNAME";
+      echo "Group=$MY_USERNAME";
+      echo "WorkingDirectory=/home/$MY_USERNAME";
+      echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
+      echo 'Restart=on-failure';
+      echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $IPFS_DAEMON_FILE
 
     systemctl enable ${IPFS_DAEMON_NAME}
     systemctl daemon-reload
@@ -387,17 +390,17 @@ function install_ipfs_js {
 }
 
 function mesh_install_ipfs_go {
-    chroot ${rootdir} apt-get -yq install libpam0g-dev fuse wget
+    chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse wget
 
     mesh_upgrade_golang
 
     IPFS_ARCH=
     IPFS_PATH=/usr/bin
 
-    if [ ! -d $rootdir$INSTALL_DIR/ipfs ]; then
-        mkdir -p $rootdir$INSTALL_DIR/ipfs
+    if [ ! -d "$rootdir$INSTALL_DIR/ipfs" ]; then
+        mkdir -p "$rootdir$INSTALL_DIR/ipfs"
     fi
-    cd $rootdir$INSTALL_DIR/ipfs
+    cd "$rootdir$INSTALL_DIR/ipfs" || exit 23468264
 
     if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then
         IPFS_ARCH=386
@@ -431,42 +434,42 @@ function mesh_install_ipfs_go {
 
     IPFS_FILE=go-ipfs_v${IPFS_GO_VERSION}_linux-${IPFS_ARCH}.tar.gz
     wget https://ipfs.io/ipns/dist.ipfs.io/go-ipfs/v${IPFS_GO_VERSION}/${IPFS_FILE}
-    if [ ! -f $rootdir$INSTALL_DIR/ipfs/${IPFS_FILE} ]; then
+    if [ ! -f "$rootdir$INSTALL_DIR/ipfs/${IPFS_FILE}" ]; then
         echo $'IPFS package could not be downloaded'
         exit 63725
     fi
     tar -xzvf ${IPFS_FILE}
-    if [ ! -f $rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs ]; then
+    if [ ! -f "$rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs" ]; then
         echo $"ipfs was not found in downloaded package"
         exit 638235
     fi
-    chroot "$rootdir" /bin/cp $INSTALL_DIR/ipfs/go-ipfs/ipfs $IPFS_PATH
-    if [ ! -f $rootdir$IPFS_PATH/ipfs ]; then
+    chroot "$rootdir" /bin/cp "$INSTALL_DIR/ipfs/go-ipfs/ipfs" $IPFS_PATH
+    if [ ! -f "$rootdir$IPFS_PATH/ipfs" ]; then
         echo $'IPFS was not installed'
         exit 63722
     fi
 
     IPFS_USER_DAEMON=${rootdir}/home/${MY_USERNAME}/.config/systemd/user/ipfs.service
-    mkdir -p ${rootdir}/home/${MY_USERNAME}/.config/systemd/user
+    mkdir -p "${rootdir}/home/${MY_USERNAME}/.config/systemd/user"
 
-    echo '[Unit]' > $IPFS_USER_DAEMON
-    echo 'Description=IPFS go daemon' >> $IPFS_USER_DAEMON
-    echo 'After=syslog.target' >> $IPFS_USER_DAEMON
-    echo 'After=network.target' >> $IPFS_USER_DAEMON
-    echo '' >> $IPFS_USER_DAEMON
-    echo '[Service]' >> $IPFS_USER_DAEMON
-    echo 'Type=simple' >> $IPFS_USER_DAEMON
-    echo "ExecStart=$IPFS_PATH/ipfs daemon" >> $IPFS_USER_DAEMON
-    echo 'Restart=on-failure' >> $IPFS_USER_DAEMON
-    echo 'RestartSec=60' >> $IPFS_USER_DAEMON
-    echo '' >> $IPFS_USER_DAEMON
-    echo '[Install]' >> $IPFS_USER_DAEMON
-    echo 'WantedBy=default.target' >> $IPFS_USER_DAEMON
-    chroot ${rootdir} /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/${MY_USERNAME}/.config
+    { echo '[Unit]';
+      echo 'Description=IPFS go daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "ExecStart=$IPFS_PATH/ipfs daemon";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=60';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=default.target'; } > "$IPFS_USER_DAEMON"
+    chroot "${rootdir}" /bin/chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/${MY_USERNAME}/.config"
 }
 
 function install_ipfs_go {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_ipfs_go
         return
     fi
@@ -490,61 +493,58 @@ function install_ipfs_go {
         else
             sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
         fi
-        systemctl set-environment GOPATH=$GOPATH
+        systemctl set-environment GOPATH="$GOPATH"
         if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
             echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
         else
             sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
         fi
-        if [ ! -d $GOPATH ]; then
-            mkdir -p $GOPATH
+        if [ ! -d "$GOPATH" ]; then
+            mkdir -p "$GOPATH"
         fi
     fi
 
     IPFS_PATH=$GOPATH/bin
     export PATH="$GOPATH/bin:$PATH:"
     if ! grep -q 'GOPATH/bin' ~/.bashrc; then
-        echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
+        echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> ~/.bashrc
     else
         sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
     fi
 
     # set gopath for the user
-    if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
-        echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
-        echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
+    if ! grep -q "GOPATH=" "/home/$MY_USERNAME/.bashrc"; then
+        echo "export GOPATH=$GOPATH" >> "/home/$MY_USERNAME/.bashrc"
+        echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> "/home/$MY_USERNAME/.bashrc"
     else
-        sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
+        sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" "/home/$MY_USERNAME/.bashrc"
     fi
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.bashrc"
 
-    go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs
-    if [ ! "$?" = "0" ]; then
+    if ! go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs; then
         exit 8242
     fi
 
-    if [ ! -d $GOPATH/src/$IPFS_GO_REPO_BASE ]; then
+    if [ ! -d "$GOPATH/src/$IPFS_GO_REPO_BASE" ]; then
         echo $'go get failed to get ipfs'
         exit 63923
     fi
 
-    cd $GOPATH/src/$IPFS_GO_REPO_BASE
-    git checkout $IPFS_COMMIT -b $IPFS_COMMIT
-    if [ ! "$?" = "0" ]; then
+    cd "$GOPATH/src/$IPFS_GO_REPO_BASE" || exit 346824
+    if ! git checkout $IPFS_COMMIT -b $IPFS_COMMIT; then
         exit 735639
     fi
 
     set_completion_param "ipfs commit" "$IPFS_COMMIT"
 
-    make install
-    if [ ! "$?" = "0" ]; then
+    if ! make install; then
         exit 547242
     fi
 
     # initialise
-    chmod 755 $IPFS_PATH/ipfs
-    su -c "$IPFS_PATH/ipfs init -b 2048" - $MY_USERNAME
-    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
+    chmod 755 "$IPFS_PATH/ipfs"
+    su -c "$IPFS_PATH/ipfs init -b 2048" - "$MY_USERNAME"
+    if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
         echo "IPFS could not be initialised for user $MY_USERNAME"
         exit 7358
     fi
@@ -553,33 +553,33 @@ function install_ipfs_go {
     if [ ! -d /ipfs ]; then
         mkdir /ipfs
         mkdir /ipns
-        chown $MY_USERNAME:$MY_USERNAME /ipfs
-        chown $MY_USERNAME:$MY_USERNAME /ipns
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipns
     fi
 
     if [ -f /etc/fuse.conf ]; then
-        chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+        chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
     fi
     if [ -f /dev/fuse ]; then
-        chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+        chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
     fi
 
-    echo '[Unit]' > /etc/systemd/system/ipfs.service
-    echo 'Description=IPFS go daemon' >> /etc/systemd/system/ipfs.service
-    echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
-    echo 'After=network.target' >> /etc/systemd/system/ipfs.service
-    echo '' >> /etc/systemd/system/ipfs.service
-    echo '[Service]' >> /etc/systemd/system/ipfs.service
-    echo 'Type=simple' >> /etc/systemd/system/ipfs.service
-    echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
-    echo '' >> /etc/systemd/system/ipfs.service
-    echo '[Install]' >> /etc/systemd/system/ipfs.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
+    { echo '[Unit]';
+      echo 'Description=IPFS go daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=$MY_USERNAME";
+      echo "Group=$MY_USERNAME";
+      echo "WorkingDirectory=/home/$MY_USERNAME";
+      echo "ExecStart=$IPFS_PATH/ipfs daemon --mount";
+      echo 'Restart=on-failure';
+      echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ipfs.service
 
     systemctl enable ipfs
     systemctl daemon-reload
diff --git a/src/freedombone-app-irc b/src/freedombone-app-irc
index 90883700..5e4e56df 100755
--- a/src/freedombone-app-irc
+++ b/src/freedombone-app-irc
@@ -63,7 +63,7 @@ function logging_off_irc {
 }
 
 function irc_get_global_password {
-    echo $(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}')
+    grep "Password =" /etc/ngircd/ngircd.conf | head -n 1 | awk -F '=' '{print $2}'
 }
 
 function start_irc_bouncer {
@@ -93,70 +93,70 @@ function create_irssi_config {
         new_name="$new_username"
     fi
 
-    echo 'servers = (' > /home/${new_username}/.irssi/config
-    echo '  {' >> /home/${new_username}/.irssi/config
-    echo '    address = "chat.freenode.net";' >> /home/${new_username}/.irssi/config
-    echo '    chatnet = "Freenode";' >> /home/${new_username}/.irssi/config
-    echo '    port = "6667";' >> /home/${new_username}/.irssi/config
-    echo '    autoconnect = "no";' >> /home/${new_username}/.irssi/config
-    echo '  },' >> /home/${new_username}/.irssi/config
-    echo '  {' >> /home/${new_username}/.irssi/config
-    echo '    address = "irc.oftc.net";' >> /home/${new_username}/.irssi/config
-    echo '    chatnet = "OFTC";' >> /home/${new_username}/.irssi/config
-    echo '    port = "6667";' >> /home/${new_username}/.irssi/config
-    echo '    autoconnect = "no";' >> /home/${new_username}/.irssi/config
-    echo '  },' >> /home/${new_username}/.irssi/config
-    echo '  {' >> /home/${new_username}/.irssi/config
-    echo "    address = \"127.0.0.1\";" >> /home/${new_username}/.irssi/config
-    echo '    ssl_verify = "no";' >> /home/${new_username}/.irssi/config
+    { echo 'servers = (';
+      echo '  {';
+      echo '    address = "chat.freenode.net";';
+      echo '    chatnet = "Freenode";';
+      echo '    port = "6667";';
+      echo '    autoconnect = "no";';
+      echo '  },';
+      echo '  {';
+      echo '    address = "irc.oftc.net";';
+      echo '    chatnet = "OFTC";';
+      echo '    port = "6667";';
+      echo '    autoconnect = "no";';
+      echo '  },';
+      echo '  {';
+      echo "    address = \"127.0.0.1\";";
+      echo '    ssl_verify = "no";'; } > "/home/${new_username}/.irssi/config"
     if [[ ${ONION_ONLY} == 'no' ]]; then
-        echo '    use_ssl = "yes";' >> /home/${new_username}/.irssi/config
-        echo "    port = \"${IRC_BOUNCER_PORT}\";" >> /home/${new_username}/.irssi/config
+        echo '    use_ssl = "yes";' >> "/home/${new_username}/.irssi/config"
+        echo "    port = \"${IRC_BOUNCER_PORT}\";" >> "/home/${new_username}/.irssi/config"
     else
-        echo '    use_ssl = "no";' >> /home/${new_username}/.irssi/config
-        IRC_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep "irc onion domain" | head -n 1 | awk -F ':' '{print $2}')
-        echo "    port = \"${IRC_ONION_PORT}\";" >> /home/${new_username}/.irssi/config
+        echo '    use_ssl = "no";' >> "/home/${new_username}/.irssi/config"
+        IRC_ONION_HOSTNAME=$(grep "irc onion domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}')
+        echo "    port = \"${IRC_ONION_PORT}\";" >> "/home/${new_username}/.irssi/config"
     fi
-    echo '    chatnet = "Freedombone";' >> /home/${new_username}/.irssi/config
-    echo '    autoconnect = "yes";' >> /home/${new_username}/.irssi/config
-    if [ ${IRC_PASSWORD} ]; then
-        echo "    password = \"${IRC_PASSWORD}\";" >> /home/${new_username}/.irssi/config
+    echo '    chatnet = "Freedombone";' >> "/home/${new_username}/.irssi/config"
+    echo '    autoconnect = "yes";' >> "/home/${new_username}/.irssi/config"
+    if [ "${IRC_PASSWORD}" ]; then
+        echo "    password = \"${IRC_PASSWORD}\";" >> "/home/${new_username}/.irssi/config"
     fi
-    echo '  }' >> /home/${new_username}/.irssi/config
-    echo ');' >> /home/${new_username}/.irssi/config
-    echo '' >> /home/${new_username}/.irssi/config
-    echo 'chatnets = {' >> /home/${new_username}/.irssi/config
-    echo '  Freedombone = {' >> /home/${new_username}/.irssi/config
-    echo '    type = "IRC";' >> /home/${new_username}/.irssi/config
-    echo '    max_kicks = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_msgs = "4";' >> /home/${new_username}/.irssi/config
-    echo '    max_whois = "1";' >> /home/${new_username}/.irssi/config
-    echo '  };' >> /home/${new_username}/.irssi/config
-    echo '  Freenode = {' >> /home/${new_username}/.irssi/config
-    echo '    type = "IRC";' >> /home/${new_username}/.irssi/config
-    echo '    max_kicks = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_msgs = "4";' >> /home/${new_username}/.irssi/config
-    echo '    max_whois = "1";' >> /home/${new_username}/.irssi/config
-    echo '  };' >> /home/${new_username}/.irssi/config
-    echo '  OFTC = {' >> /home/${new_username}/.irssi/config
-    echo '    type = "IRC";' >> /home/${new_username}/.irssi/config
-    echo '    max_kicks = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_msgs = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_whois = "1";' >> /home/${new_username}/.irssi/config
-    echo '  };' >> /home/${new_username}/.irssi/config
-    echo '};' >> /home/${new_username}/.irssi/config
-    echo '' >> /home/${new_username}/.irssi/config
-    echo 'channels = (' >> /home/${new_username}/.irssi/config
-    echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/${new_username}/.irssi/config
-    echo ');' >> /home/${new_username}/.irssi/config
-    echo '' >> /home/${new_username}/.irssi/config
-    echo 'settings = {' >> /home/${new_username}/.irssi/config
-    echo "  core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };" >> /home/${new_username}/.irssi/config
-    echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/${new_username}/.irssi/config
-    echo '};' >> /home/${new_username}/.irssi/config
-    echo 'ignores = ( { level = "CTCPS"; } );' >> /home/${new_username}/.irssi/config
+    { echo '  }';
+      echo ');';
+      echo '';
+      echo 'chatnets = {';
+      echo '  Freedombone = {';
+      echo '    type = "IRC";';
+      echo '    max_kicks = "1";';
+      echo '    max_msgs = "4";';
+      echo '    max_whois = "1";';
+      echo '  };';
+      echo '  Freenode = {';
+      echo '    type = "IRC";';
+      echo '    max_kicks = "1";';
+      echo '    max_msgs = "4";';
+      echo '    max_whois = "1";';
+      echo '  };';
+      echo '  OFTC = {';
+      echo '    type = "IRC";';
+      echo '    max_kicks = "1";';
+      echo '    max_msgs = "1";';
+      echo '    max_whois = "1";';
+      echo '  };';
+      echo '};';
+      echo '';
+      echo 'channels = (';
+      echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },';
+      echo ');';
+      echo '';
+      echo 'settings = {';
+      echo "  core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };";
+      echo '  "fe-text" = { actlist_sort = "refnum"; };';
+      echo '};';
+      echo 'ignores = ( { level = "CTCPS"; } );'; } >> "/home/${new_username}/.irssi/config"
 
-    chown -R ${new_username}:${new_username} /home/${new_username}/.irssi
+    chown -R "${new_username}":"${new_username}" "/home/${new_username}/.irssi"
 }
 
 function remove_user_irc_bouncer {
@@ -172,14 +172,14 @@ function remove_user_irc_bouncer {
 function remove_user_irc {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp irc
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp irc
 
-    remove_user_irc_bouncer ${remove_username}
-    if [ -d /home/${remove_username}/.irssi ]; then
-        rm -rf /home/${remove_username}/.irssi
+    remove_user_irc_bouncer "${remove_username}"
+    if [ -d "/home/${remove_username}/.irssi" ]; then
+        rm -rf "/home/${remove_username}/.irssi"
     fi
-    if [ -d /home/${remove_username}/irclogs ]; then
-        rm -rf /home/${remove_username}/irclogs
+    if [ -d "/home/${remove_username}/irclogs" ]; then
+        rm -rf "/home/${remove_username}/irclogs"
     fi
 }
 
@@ -192,9 +192,9 @@ function irc_set_global_password_base {
     for d in /home/*/ ; do
         IRC_USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$IRC_USERNAME") == "1" ]]; then
-            if [ -f /home/${IRC_USERNAME}/.irssi/config ]; then
-                sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" /home/${IRC_USERNAME}/.irssi/config
-                chown -R ${IRC_USERNAME}:${IRC_USERNAME} /home/${IRC_USERNAME}/.irssi
+            if [ -f "/home/${IRC_USERNAME}/.irssi/config" ]; then
+                sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" "/home/${IRC_USERNAME}/.irssi/config"
+                chown -R "${IRC_USERNAME}":"${IRC_USERNAME}" "/home/${IRC_USERNAME}/.irssi"
             fi
         fi
     done
@@ -217,11 +217,11 @@ function irc_set_global_password_base {
     sed -i "s|Server     = 127.0.0.1.*|Server     = 127.0.0.1 ${IRC_PORT} ${NEW_IRC_PASSWORD}|g" /home/znc/.znc/configs/znc.conf
 
     # Update the password
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a irc -p "$NEW_IRC_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a irc -p "$NEW_IRC_PASSWORD"
 
     # matrix bridge to irc
-    if [ -f $INSTALL_DIR/matrix_irc_bridge/config.yaml ]; then
-        sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" $INSTALL_DIR/matrix_irc_bridge/config.yaml
+    if [ -f "$INSTALL_DIR/matrix_irc_bridge/config.yaml" ]; then
+        sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" "$INSTALL_DIR/matrix_irc_bridge/config.yaml"
         systemctl restart matrix_irc_bridge
     fi
 
@@ -244,7 +244,7 @@ function add_user_irc_bouncer {
     new_user_password=$(irc_get_global_password)
     IRC_PASSWORD="$new_user_password"
     is_admin='true'
-    if [ ! $3 ]; then
+    if [ ! "$3" ]; then
         is_admin='false'
     fi
 
@@ -255,7 +255,7 @@ function add_user_irc_bouncer {
     read_config_param IRC_PORT
     read_config_param DEFAULT_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $new_username -a irc -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a irc -p "$new_user_password"
 
     stop_irc_bouncer
 
@@ -269,73 +269,73 @@ function add_user_irc_bouncer {
         return
     fi
 
-    echo "<User ${new_username}>" >> /home/znc/.znc/configs/znc.conf
-    echo "    Admin      = ${is_admin}" >> /home/znc/.znc/configs/znc.conf
-    echo "    AltNick = ${new_username}_" >> /home/znc/.znc/configs/znc.conf
-    echo '    AppendTimestamp = false' >> /home/znc/.znc/configs/znc.conf
-    echo '    AutoClearChanBuffer = true' >> /home/znc/.znc/configs/znc.conf
-    echo '    AutoClearQueryBuffer = true' >> /home/znc/.znc/configs/znc.conf
-    echo "    Buffer = ${IRC_BUFFER_LENGTH}" >> /home/znc/.znc/configs/znc.conf
-    echo '    DenyLoadMod = false' >> /home/znc/.znc/configs/znc.conf
-    echo '    DenySetBindHost = false' >> /home/znc/.znc/configs/znc.conf
-    echo "    Ident = ${new_username}" >> /home/znc/.znc/configs/znc.conf
-    echo '    JoinTries = 10' >> /home/znc/.znc/configs/znc.conf
-    echo '    LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '    LoadModule = controlpanel' >> /home/znc/.znc/configs/znc.conf
-    echo '    MaxJoins = 10' >> /home/znc/.znc/configs/znc.conf
-    echo '    MaxNetworks = 10' >> /home/znc/.znc/configs/znc.conf
-    echo '    MaxQueryBuffers = 50' >> /home/znc/.znc/configs/znc.conf
-    echo '    MultiClients = true' >> /home/znc/.znc/configs/znc.conf
-    echo "    Nick = ${new_username}" >> /home/znc/.znc/configs/znc.conf
-    echo '    PrependTimestamp = true' >> /home/znc/.znc/configs/znc.conf
-    echo '    QuitMsg = Bye' >> /home/znc/.znc/configs/znc.conf
-    echo "    RealName = ${new_username}" >> /home/znc/.znc/configs/znc.conf
-    echo '    StatusPrefix = *' >> /home/znc/.znc/configs/znc.conf
-    echo '    TimestampFormat = [%H:%M:%S]' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo "    <Network ${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo "        Server     = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}" >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo "        <Chan #${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf
-    echo '        </Chan>' >> /home/znc/.znc/configs/znc.conf
-    echo '    </Network>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '    <Network oftc>' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf
-    echo '        IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf
-    echo '        Server = irc.oftc.net 6697' >> /home/znc/.znc/configs/znc.conf
-    echo '    </Network>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '    <Network freenode>' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf
-    echo '        IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf
-    echo '        Server = irc.freenode.net 6697' >> /home/znc/.znc/configs/znc.conf
-    echo '    </Network>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '    <Pass password>' >> /home/znc/.znc/configs/znc.conf
-    echo "        Hash = ${new_user_hash}" >> /home/znc/.znc/configs/znc.conf
-    echo '        Method = sha256' >> /home/znc/.znc/configs/znc.conf
-    echo "        Salt = ${ZNC_SALT}" >> /home/znc/.znc/configs/znc.conf
-    echo '    </Pass>' >> /home/znc/.znc/configs/znc.conf
-    echo '</User>' >> /home/znc/.znc/configs/znc.conf
+    { echo "<User ${new_username}>";
+      echo "    Admin      = ${is_admin}";
+      echo "    AltNick = ${new_username}_";
+      echo '    AppendTimestamp = false';
+      echo '    AutoClearChanBuffer = true';
+      echo '    AutoClearQueryBuffer = true';
+      echo "    Buffer = ${IRC_BUFFER_LENGTH}";
+      echo '    DenyLoadMod = false';
+      echo '    DenySetBindHost = false';
+      echo "    Ident = ${new_username}";
+      echo '    JoinTries = 10';
+      echo '    LoadModule = chansaver';
+      echo '    LoadModule = controlpanel';
+      echo '    MaxJoins = 10';
+      echo '    MaxNetworks = 10';
+      echo '    MaxQueryBuffers = 50';
+      echo '    MultiClients = true';
+      echo "    Nick = ${new_username}";
+      echo '    PrependTimestamp = true';
+      echo '    QuitMsg = Bye';
+      echo "    RealName = ${new_username}";
+      echo '    StatusPrefix = *';
+      echo '    TimestampFormat = [%H:%M:%S]';
+      echo '';
+      echo "    <Network ${PROJECT_NAME}>";
+      echo '        LoadModule = chansaver';
+      echo '        LoadModule = simple_away';
+      echo '';
+      echo "        Server     = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}";
+      echo '';
+      echo "        <Chan #${PROJECT_NAME}>";
+      echo '        </Chan>';
+      echo '    </Network>';
+      echo '';
+      echo '    <Network oftc>';
+      echo '        LoadModule = chansaver';
+      echo '        LoadModule = simple_away';
+      echo '        FloodBurst = 4';
+      echo '        FloodRate = 1.00';
+      echo '        IRCConnectEnabled = true';
+      echo '        Server = irc.oftc.net 6697';
+      echo '    </Network>';
+      echo '';
+      echo '    <Network freenode>';
+      echo '        LoadModule = chansaver';
+      echo '        LoadModule = simple_away';
+      echo '        FloodBurst = 4';
+      echo '        FloodRate = 1.00';
+      echo '        IRCConnectEnabled = true';
+      echo '        Server = irc.freenode.net 6697';
+      echo '    </Network>';
+      echo '';
+      echo '    <Pass password>';
+      echo "        Hash = ${new_user_hash}";
+      echo '        Method = sha256';
+      echo "        Salt = ${ZNC_SALT}";
+      echo '    </Pass>';
+      echo '</User>'; } >> /home/znc/.znc/configs/znc.conf
 
-    mkdir -p /home/znc/.znc/users/${new_username}/moddata
-    mkdir -p /home/znc/.znc/users/${new_username}/networks
-    mkdir /home/znc/.znc/users/${new_username}/moddata/chanserver
-    mkdir /home/znc/.znc/users/${new_username}/moddata/controlpanel
-    mkdir /home/znc/.znc/users/${new_username}/moddata/perform
-    mkdir /home/znc/.znc/users/${new_username}/moddata/webadmin
-    mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver
-    mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away
+    mkdir -p "/home/znc/.znc/users/${new_username}/moddata"
+    mkdir -p "/home/znc/.znc/users/${new_username}/networks"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/chanserver"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/controlpanel"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/perform"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/webadmin"
+    mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver"
+    mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away"
 
     mkdir -p /home/znc/.znc/moddata/webadmin
 
@@ -353,8 +353,8 @@ function add_user_irc {
         IRC_PASSWORD=
     fi
 
-    if [ ! -d /home/${new_username}/.irssi ]; then
-        mkdir /home/${new_username}/.irssi
+    if [ ! -d "/home/${new_username}/.irssi" ]; then
+        mkdir "/home/${new_username}/.irssi"
     fi
 
     create_irssi_config "${new_username}"
@@ -374,19 +374,21 @@ function irc_show_password {
 
 function irc_set_global_password {
     EXISTING_IRC_PASSWORD=$(irc_get_global_password)
+    data=$(mktemp 2>/dev/null)
     dialog --title $"IRC Password" \
            --clear \
            --backtitle $"Freedombone Control Panel" \
-           --passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> $data
+           --passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> "$data"
     sel=$?
     case $sel in
         0)
-            NEW_IRC_PASSWORD=$(<$data)
+            NEW_IRC_PASSWORD=$(<"$data")
             irc_set_global_password_base "$NEW_IRC_PASSWORD"
             dialog --title $"IRC Password" \
                    --msgbox $"The IRC password was changed" 6 40
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_irc {
@@ -398,24 +400,26 @@ function configure_interactive_irc {
 
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"IRC Menu" \
                --radiolist $"Choose an operation:" 14 70 4 \
                1 $"Set a password for all IRC users" off \
                2 $"Show current IRC login password" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) irc_set_global_password;;
             2) irc_show_password;;
             3) break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -466,7 +470,7 @@ function remove_irc {
     remove_onion_service irc ${IRC_ONION_PORT}
     remove_completion_param install_irc
     remove_completion_param configure_firewall_for_irc
-    sed -i '/IRC /d' ${COMPLETION_FILE}
+    sed -i '/IRC /d' "${COMPLETION_FILE}"
     sed -i '/znc 2> /d' /etc/crontab
     stop_irc_bouncer
     if [ -d /home/znc ]; then
@@ -496,7 +500,7 @@ function configure_firewall_for_irc {
     save_firewall_settings
 
     firewall_add IRC ${IRC_BOUNCER_PORT} tcp
-    echo 'configure_firewall_for_irc' >> ${COMPLETION_FILE}
+    echo 'configure_firewall_for_irc' >> "${COMPLETION_FILE}"
 }
 
 function install_irc_server {
@@ -511,29 +515,29 @@ function install_irc_server {
     fi
 
     # obtain a cert for the default domain
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+    if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
         echo $'Obtaining certificate for the main domain'
-        create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
+        create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
     fi
 
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "0" ]]; then
-        ${PROJECT_NAME}-addcert -h ngircd --dhkey ${DH_KEYLENGTH}
+    if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}")" == "0" ]]; then
+        "${PROJECT_NAME}-addcert" -h ngircd --dhkey "${DH_KEYLENGTH}"
         function_check check_certificates
         check_certificates ngircd
     fi
 
     DEFAULTDOMAIN=${DEFAULT_DOMAIN_NAME}
 
-    IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    IRC_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
 
     set_password_for_all_users irc "$IRC_PASSWORD"
 
 
-    echo '**************************************************' > /etc/ngircd/motd
-    echo $'*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd
-    echo '*                                                *' >> /etc/ngircd/motd
-    echo $'*               Freedom in the Cloud             *' >> /etc/ngircd/motd
-    echo '**************************************************' >> /etc/ngircd/motd
+    { echo '**************************************************';
+      echo $'*           F R E E D O M B O N E   I R C        *';
+      echo '*                                                *';
+      echo $'*               Freedom in the Cloud             *';
+      echo '**************************************************'; } > /etc/ngircd/motd
     sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
     sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
     sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
@@ -541,7 +545,7 @@ function install_irc_server {
     sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
     sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/g" /etc/ngircd/ngircd.conf
     if [[ $ONION_ONLY == 'no' ]]; then
-        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
             sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf
         else
             sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf
@@ -562,10 +566,10 @@ function install_irc_server {
     sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
     sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
     IRC_SALT="$(create_password 30)"
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+        IRC_OPERATOR_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        IRC_OPERATOR_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
     sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
     sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
@@ -574,7 +578,7 @@ function install_irc_server {
     sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
     sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
     sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
-    if [ ${IRC_PASSWORD} ]; then
+    if [ "${IRC_PASSWORD}" ]; then
         sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
     fi
     # upgrade a cypher
@@ -585,7 +589,8 @@ function install_irc_server {
     touch /var/run/ngircd/ngircd.pid
     chown -R irc:irc /var/run/ngircd
 
-    IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_BOUNCER_PORT} ${IRC_ONION_PORT})
+    # shellcheck disable=SC2034
+    IRC_ONION_HOSTNAME=$(add_onion_service irc "${IRC_BOUNCER_PORT}" "${IRC_ONION_PORT}")
 
     if [ ! -d /var/run/ircd ]; then
         mkdir /var/run/ircd
@@ -608,8 +613,8 @@ function install_irc_client {
     fi
     apt-get -yq install irssi
 
-    if [ ! -d /home/${MY_USERNAME}/.irssi ]; then
-        mkdir /home/${MY_USERNAME}/.irssi
+    if [ ! -d "/home/${MY_USERNAME}/.irssi" ]; then
+        mkdir "/home/${MY_USERNAME}/.irssi"
     fi
 
     create_irssi_config "${MY_USERNAME}" "$MY_NAME"
@@ -632,41 +637,41 @@ function install_irc_bouncer {
     mkdir -p /home/znc/.znc/configs
     mkdir -p /home/znc/.znc/users
 
-    echo 'AnonIPLimit = 10' > /home/znc/.znc/configs/znc.conf
-    echo 'ConnectDelay = 5' >> /home/znc/.znc/configs/znc.conf
-    echo 'HideVersion = false' >> /home/znc/.znc/configs/znc.conf
-    echo 'MaxBufferSize = 500' >> /home/znc/.znc/configs/znc.conf
-    echo 'ProtectWebSessions = true' >> /home/znc/.znc/configs/znc.conf
-    echo 'SSLCertFile = /home/znc/.znc/znc.pem' >> /home/znc/.znc/configs/znc.conf
-    echo 'ServerThrottle = 30' >> /home/znc/.znc/configs/znc.conf
-    echo 'Version = 1.6.2' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '<Listener listener0>' >> /home/znc/.znc/configs/znc.conf
-    echo '  AllowIRC = true' >> /home/znc/.znc/configs/znc.conf
-    echo '  AllowWeb = false' >> /home/znc/.znc/configs/znc.conf
-    echo '  IPv4 = true' >> /home/znc/.znc/configs/znc.conf
-    echo '  IPv6 = true' >> /home/znc/.znc/configs/znc.conf
-    echo '  Port = 6697' >> /home/znc/.znc/configs/znc.conf
-    if [[ ${ONION_ONLY} == 'no' ]]; then
+    { echo 'AnonIPLimit = 10';
+      echo 'ConnectDelay = 5';
+      echo 'HideVersion = false';
+      echo 'MaxBufferSize = 500';
+      echo 'ProtectWebSessions = true';
+      echo 'SSLCertFile = /home/znc/.znc/znc.pem';
+      echo 'ServerThrottle = 30';
+      echo 'Version = 1.6.2';
+      echo '';
+      echo '<Listener listener0>';
+      echo '  AllowIRC = true';
+      echo '  AllowWeb = false';
+      echo '  IPv4 = true';
+      echo '  IPv6 = true';
+      echo '  Port = 6697'; } > /home/znc/.znc/configs/znc.conf
+    if [[ "${ONION_ONLY}" == 'no' ]]; then
         echo '  SSL = true' >> /home/znc/.znc/configs/znc.conf
     else
         echo '  SSL = false' >> /home/znc/.znc/configs/znc.conf
     fi
-    echo '  URIPrefix = /' >> /home/znc/.znc/configs/znc.conf
-    echo '</Listener>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
+    { echo '  URIPrefix = /';
+      echo '</Listener>';
+      echo ''; } >> /home/znc/.znc/configs/znc.conf
 
     if [ $IRC_PORT -ne $IRC_ONION_PORT ]; then
-        echo '<Listener listener1>' >> /home/znc/.znc/configs/znc.conf
-        echo '  AllowIRC = true' >> /home/znc/.znc/configs/znc.conf
-        echo '  AllowWeb = false' >> /home/znc/.znc/configs/znc.conf
-        echo '  IPv4 = true' >> /home/znc/.znc/configs/znc.conf
-        echo '  IPv6 = true' >> /home/znc/.znc/configs/znc.conf
-        echo "  Port = ${IRC_ONION_PORT}" >> /home/znc/.znc/configs/znc.conf
-        echo '  SSL = false' >> /home/znc/.znc/configs/znc.conf
-        echo '  URIPrefix = /' >> /home/znc/.znc/configs/znc.conf
-        echo '</Listener>' >> /home/znc/.znc/configs/znc.conf
-        echo '' >> /home/znc/.znc/configs/znc.conf
+        { echo '<Listener listener1>';
+          echo '  AllowIRC = true';
+          echo '  AllowWeb = false';
+          echo '  IPv4 = true';
+          echo '  IPv6 = true';
+          echo "  Port = ${IRC_ONION_PORT}";
+          echo '  SSL = false';
+          echo '  URIPrefix = /';
+          echo '</Listener>';
+          echo ''; } >> /home/znc/.znc/configs/znc.conf
     fi
 
     chown -R znc:znc /home/znc/.znc
diff --git a/src/freedombone-app-jitsi b/src/freedombone-app-jitsi
index 162ffef3..0a87e522 100755
--- a/src/freedombone-app-jitsi
+++ b/src/freedombone-app-jitsi
@@ -105,7 +105,7 @@ function add_user_jitsi {
 }
 
 function install_interactive_jitsi {
-    if [ ! ${ONION_ONLY} ]; then
+    if [ ! "${ONION_ONLY}" ]; then
         ONION_ONLY='no'
     fi
 
@@ -202,7 +202,7 @@ function remove_jitsi {
 
     remove_app jitsi
     remove_completion_param install_jitsi
-    sed -i '/jitsi/d' ${COMPLETION_FILE}
+    sed -i '/jitsi/d' "${COMPLETION_FILE}"
 
     function_check remove_ddns_domain
     remove_ddns_domain $JITSI_DOMAIN_NAME
@@ -233,8 +233,7 @@ function install_jitsi {
     jitsi_deb_repo=unstable #binary
     apt-get -yq install wget debconf-utils default-jre
     install_nodejs jitsi
-    npm install -g browserify@13.1.1
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g browserify@13.1.1; then
         remove_nodejs jitsi
         exit 638352
     fi
@@ -272,17 +271,17 @@ function install_jitsi {
 
     echo 'server_names_hash_bucket_size 64;' > $jitsi_nginx_site
     if [[ $ONION_ONLY == "no" ]]; then
-        echo '' >> $jitsi_nginx_site
-        echo 'server {' >> $jitsi_nginx_site
-        echo '    listen 80;' >> $jitsi_nginx_site
-        echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
-        echo '    return 301 https://$host$request_uri;' >> $jitsi_nginx_site
-        echo '}' >> $jitsi_nginx_site
-        echo 'server {' >> $jitsi_nginx_site
-        echo '    listen 443 ssl;' >> $jitsi_nginx_site
-        echo '    #listen [::]:443 ssl;' >> $jitsi_nginx_site
-        echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
+        { echo '';
+          echo 'server {';
+          echo '    listen 80;';
+          echo "    server_name ${JITSI_DOMAIN_NAME};";
+          echo "    return 301 https://\$host\$request_uri;";
+          echo '}';
+          echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    server_name ${JITSI_DOMAIN_NAME};";
+          echo ''; } >> $jitsi_nginx_site
 
         function_check nginx_ssl
         nginx_ssl ${JITSI_DOMAIN_NAME}
@@ -290,80 +289,80 @@ function install_jitsi {
         function_check nginx_disable_sniffing
         nginx_disable_sniffing ${JITSI_DOMAIN_NAME}
 
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
-        echo '    index index.html index.htm;' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    location /config.js {' >> $jitsi_nginx_site
-        echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
-        echo '        rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    location / {' >> $jitsi_nginx_site
-        echo '        ssi on;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    # Backward compatibility' >> $jitsi_nginx_site
-        echo '    location ~ /external_api.* {' >> $jitsi_nginx_site
-        echo '        root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    # Logs' >> $jitsi_nginx_site
-        echo '    access_log /dev/null;' >> $jitsi_nginx_site
-        echo '    error_log /dev/null;' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    # BOSH' >> $jitsi_nginx_site
-        echo '    location /http-bind {' >> $jitsi_nginx_site
-        echo '        proxy_pass      http://localhost:5280/http-bind;' >> $jitsi_nginx_site
-        echo '        proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
-        echo '        proxy_set_header Host $http_host;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '}' >> $jitsi_nginx_site
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    root /usr/share/jitsi-meet;';
+          echo '    index index.html index.htm;';
+          echo '';
+          echo '    location /config.js {';
+          echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
+          echo '    }';
+          echo '';
+          echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {';
+          echo '        rewrite ^/(.*)$ / break;';
+          echo '    }';
+          echo '';
+          echo '    location / {';
+          echo '        ssi on;';
+          echo '    }';
+          echo '';
+          echo '    # Backward compatibility';
+          echo '    location ~ /external_api.* {';
+          echo '        root /usr/share/jitsi-meet/libs;';
+          echo '    }';
+          echo '';
+          echo '    # Logs';
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+          echo '    # BOSH';
+          echo '    location /http-bind {';
+          echo '        proxy_pass      http://localhost:5280/http-bind;';
+          echo "        proxy_set_header X-Forwarded-For \$remote_addr;";
+          echo "        proxy_set_header Host \$http_host;";
+          echo '    }';
+          echo '}'; } >> $jitsi_nginx_site
     fi
-    echo '' >> $jitsi_nginx_site
-    echo 'server {' >> $jitsi_nginx_site
-    echo "    listen 127.0.0.1:$JITSI_ONION_PORT default_server;" >> $jitsi_nginx_site
+    { echo '';
+      echo 'server {';
+      echo "    listen 127.0.0.1:$JITSI_ONION_PORT default_server;"; } >> $jitsi_nginx_site
     if [[ $ONION_ONLY == 'no' ]]; then
         echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
     else
         echo "    server_name ${JITSI_ONION_HOSTNAME};" >> $jitsi_nginx_site
     fi
-    echo '' >> $jitsi_nginx_site
-    echo '    root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
-    echo '    index index.html index.htm;' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    location /config.js {' >> $jitsi_nginx_site
-    echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
-    echo '        rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    location / {' >> $jitsi_nginx_site
-    echo '        ssi off;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    # Backward compatibility' >> $jitsi_nginx_site
-    echo '    location ~ /external_api.* {' >> $jitsi_nginx_site
-    echo '        root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    # Logs' >> $jitsi_nginx_site
-    echo '    access_log /dev/null;' >> $jitsi_nginx_site
-    echo '    error_log /dev/null;' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    # BOSH' >> $jitsi_nginx_site
-    echo '    location /http-bind {' >> $jitsi_nginx_site
-    echo '        proxy_pass      http://localhost:5280/http-bind;' >> $jitsi_nginx_site
-    echo '        proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
-    echo '        proxy_set_header Host $http_host;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '}' >> $jitsi_nginx_site
+    { echo '';
+      echo '    root /usr/share/jitsi-meet;';
+      echo '    index index.html index.htm;';
+      echo '';
+      echo '    location /config.js {';
+      echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
+      echo '    }';
+      echo '';
+      echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {';
+      echo '        rewrite ^/(.*)$ / break;';
+      echo '    }';
+      echo '';
+      echo '    location / {';
+      echo '        ssi off;';
+      echo '    }';
+      echo '';
+      echo '    # Backward compatibility';
+      echo '    location ~ /external_api.* {';
+      echo '        root /usr/share/jitsi-meet/libs;';
+      echo '    }';
+      echo '';
+      echo '    # Logs';
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
+      echo '    # BOSH';
+      echo '    location /http-bind {';
+      echo '        proxy_pass      http://localhost:5280/http-bind;';
+      echo "        proxy_set_header X-Forwarded-For \$remote_addr;";
+      echo "        proxy_set_header Host \$http_host;";
+      echo '    }';
+      echo '}'; } >> $jitsi_nginx_site
 
     sed -i "s|/var/www/${JITSI_DOMAIN_NAME}/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site
 
@@ -376,7 +375,7 @@ function install_jitsi {
         fi
         function_check create_site_certificate
         create_site_certificate ${JITSI_DOMAIN_NAME} 'yes'
-        if [[ $ONION_ONLY == "no" ]]; then
+        if [[ "$ONION_ONLY" == "no" ]]; then
             if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
                 exit 678363
             fi
diff --git a/src/freedombone-app-kanboard b/src/freedombone-app-kanboard
index 100352a6..210f9a01 100755
--- a/src/freedombone-app-kanboard
+++ b/src/freedombone-app-kanboard
@@ -70,19 +70,19 @@ function logging_off_kanboard {
 function remove_user_kanboard {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp kanboard
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp kanboard
 }
 
 function add_user_kanboard {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a kanboard -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a kanboard -p "$new_user_password"
     echo '0'
 }
 
 function install_interactive_kanboard {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -92,42 +92,43 @@ function install_interactive_kanboard {
         KANBOARD_DETAILS_COMPLETE=
         while [ ! $KANBOARD_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"KanBoard Configuration" \
-                       --form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
+                       --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
                        $"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
                        $"Code:" 2 1 "$(grep 'KANBOARD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"KanBoard Configuration" \
-                       --form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
+                       --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
                        $"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            KANBOARD_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $KANBOARD_DOMAIN_NAME ]; then
+            KANBOARD_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$KANBOARD_DOMAIN_NAME" ]; then
                 if [[ $KANBOARD_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     KANBOARD_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$KANBOARD_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $KANBOARD_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$KANBOARD_DOMAIN_NAME" ]]; then
                     KANBOARD_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        KANBOARD_CODE=$(cat $data | sed -n 2p)
+                        KANBOARD_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$KANBOARD_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             KANBOARD_DOMAIN_NAME=
                         fi
                     fi
@@ -136,6 +137,7 @@ function install_interactive_kanboard {
             if [ $KANBOARD_DOMAIN_NAME ]; then
                 KANBOARD_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -151,23 +153,23 @@ function change_password_kanboard {
 
     read_config_param 'KANBOARD_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a kanboard -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a kanboard -p "$new_user_password"
 }
 
 function kanboard_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        KANBOARD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        KANBOARD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $KANBOARD_ADMIN_PASSWORD ]; then
-            KANBOARD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
+            KANBOARD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $KANBOARD_ADMIN_PASSWORD ]; then
+    if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database kanboard "$KANBOARD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database kanboard "$KANBOARD_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_kanboard {
@@ -180,40 +182,40 @@ function upgrade_kanboard {
         return
     fi
 
-    if grep -q "kanboard domain" $COMPLETION_FILE; then
+    if grep -q "kanboard domain" "$COMPLETION_FILE"; then
         KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$KANBOARD_DOMAIN_NAME/htdocs "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO
+    set_repo_commit "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO
 
-    chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_kanboard {
     KANBOARD_DOMAIN_NAME='kanboard'
-    if grep -q "kanboard domain" $COMPLETION_FILE; then
+    if grep -q "kanboard domain" "$COMPLETION_FILE"; then
         KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
     fi
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory
+    cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
 
     function_check suspend_site
-    suspend_site ${KANBOARD_DOMAIN_NAME}
+    suspend_site "${KANBOARD_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=kanboardconfig
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
     dest_directory=kanboardfile
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check backup_database_to_usb
     backup_database_to_usb kanboard
@@ -223,11 +225,11 @@ function backup_local_kanboard {
 }
 
 function restore_local_kanboard {
-    if ! grep -q "kanboard domain" $COMPLETION_FILE; then
+    if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
         return
     fi
     KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
-    if [ $KANBOARD_DOMAIN_NAME ]; then
+    if [ "$KANBOARD_DOMAIN_NAME" ]; then
         echo $"Restoring kanboard"
         temp_restore_dir=/root/tempkanboard
         kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@@ -243,30 +245,30 @@ function restore_local_kanboard {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir kanboardconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/backup ]; then
-                cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
+                cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
             else
-                cp $temp_restore_dir/config.php $kanboard_dir/
+                cp "$temp_restore_dir/config.php" "$kanboard_dir/"
             fi
-            chown www-data:www-data $kanboard_dir/config.php
+            chown www-data:www-data "$kanboard_dir/config.php"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_usb $temp_restore_dir kanboardfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/data ]; then
-                cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
+                cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
             else
-                if [ ! -d $kanboard_dir/data ]; then
-                    mkdir $kanboard_dir/data
+                if [ ! -d "$kanboard_dir/data" ]; then
+                    mkdir "$kanboard_dir/data"
                 fi
-                cp -rp $temp_restore_dir/* $kanboard_dir/data/
+                cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
             fi
-            chown -R www-data:www-data $kanboard_dir/data
+            chown -R www-data:www-data "$kanboard_dir/data"
             rm -rf $temp_restore_dir
         fi
 
-        kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME}
+        kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
 
         echo $"Restore of kanboard complete"
     fi
@@ -274,26 +276,26 @@ function restore_local_kanboard {
 
 function backup_remote_kanboard {
     KANBOARD_DOMAIN_NAME='kanboard'
-    if grep -q "kanboard domain" $COMPLETION_FILE; then
+    if grep -q "kanboard domain" "$COMPLETION_FILE"; then
         KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
     fi
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory
+    cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
 
     function_check suspend_site
-    suspend_site ${KANBOARD_DOMAIN_NAME}
+    suspend_site "${KANBOARD_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=kanboardconfig
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
     dest_directory=kanboardfile
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check backup_database_to_friend
     backup_database_to_friend kanboard
@@ -303,11 +305,11 @@ function backup_remote_kanboard {
 }
 
 function restore_remote_kanboard {
-    if ! grep -q "kanboard domain" $COMPLETION_FILE; then
+    if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
         return
     fi
     KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
-    if [ $KANBOARD_DOMAIN_NAME ]; then
+    if [ "$KANBOARD_DOMAIN_NAME" ]; then
         echo $"Restoring kanboard"
         temp_restore_dir=/root/tempkanboard
         kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@@ -324,30 +326,30 @@ function restore_remote_kanboard {
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir kanboardconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/backup ]; then
-                cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
+                cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
             else
-                cp $temp_restore_dir/config.php $kanboard_dir/
+                cp "$temp_restore_dir/config.php" "$kanboard_dir/"
             fi
-            chown www-data:www-data $kanboard_dir/config.php
+            chown www-data:www-data "$kanboard_dir/config.php"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_friend $temp_restore_dir kanboardfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/data ]; then
-                cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
+                cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
             else
-                if [ ! -d $kanboard_dir/data ]; then
-                    mkdir $kanboard_dir/data
+                if [ ! -d "$kanboard_dir/data" ]; then
+                    mkdir "$kanboard_dir/data"
                 fi
-                cp -rp $temp_restore_dir/* $kanboard_dir/data/
+                cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
             fi
-            chown -R www-data:www-data $kanboard_dir/data
+            chown -R www-data:www-data "$kanboard_dir/data"
             rm -rf $temp_restore_dir
         fi
 
-        kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME}
+        kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
 
         echo $"Restore of kanboard complete"
     fi
@@ -360,14 +362,14 @@ function remove_kanboard {
     read_config_param "KANBOARD_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $KANBOARD_DOMAIN_NAME"
-    nginx_dissite $KANBOARD_DOMAIN_NAME
-    remove_certs $KANBOARD_DOMAIN_NAME
+    nginx_dissite "$KANBOARD_DOMAIN_NAME"
+    remove_certs "$KANBOARD_DOMAIN_NAME"
 
-    if [ -d /var/www/$KANBOARD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$KANBOARD_DOMAIN_NAME
+    if [ -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$KANBOARD_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database kanboard
@@ -375,11 +377,11 @@ function remove_kanboard {
     remove_onion_service kanboard ${KANBOARD_ONION_PORT}
     remove_app kanboard
     remove_completion_param install_kanboard
-    sed -i '/kanboard/d' $COMPLETION_FILE
+    sed -i '/kanboard/d' "$COMPLETION_FILE"
     remove_backup_database_local kanboard
 
     function_check remove_ddns_domain
-    remove_ddns_domain $KANBOARD_DOMAIN_NAME
+    remove_ddns_domain "$KANBOARD_DOMAIN_NAME"
 }
 
 function install_kanboard {
@@ -387,12 +389,12 @@ function install_kanboard {
         ONION_ONLY='no'
     fi
 
-    if [ ! $KANBOARD_DOMAIN_NAME ]; then
+    if [ ! "$KANBOARD_DOMAIN_NAME" ]; then
         echo $'No domain name was given for kanboard'
         exit 73478
     fi
 
-    kanboard_hourly_script kanboard $KANBOARD_DOMAIN_NAME
+    kanboard_hourly_script kanboard "$KANBOARD_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -406,34 +408,34 @@ function install_kanboard {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME ]; then
-        mkdir /var/www/$KANBOARD_DOMAIN_NAME
+    if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$KANBOARD_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/kanboard ]; then
-            mkdir /var/www/$KANBOARD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/kanboard/. /var/www/$KANBOARD_DOMAIN_NAME/htdocs
-            cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/kanboard/. "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 2468274
             git pull
         else
             function_check git_clone
-            git_clone $KANBOARD_REPO /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+            git_clone "$KANBOARD_REPO" "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone kanboard repo'
             exit 89365
         fi
     fi
 
-    cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+    cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 234682642
     git checkout $KANBOARD_COMMIT -b $KANBOARD_COMMIT
     set_completion_param "kanboard commit" "$KANBOARD_COMMIT"
 
-    chmod g+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs/data
-    chown -R www-data:www-data /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs/data"
+    chown -R www-data:www-data "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
 
     function_check kanboard_create_database
     kanboard_create_database
@@ -446,118 +448,118 @@ function install_kanboard {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $KANBOARD_DOMAIN_NAME
+    add_ddns_domain "$KANBOARD_DOMAIN_NAME"
 
     KANBOARD_ONION_HOSTNAME=$(add_onion_service kanboard 80 ${KANBOARD_ONION_PORT})
 
     kanboard_nginx_site=/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $KANBOARD_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $kanboard_nginx_site
-        echo '  listen 443 ssl;' >> $kanboard_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $kanboard_nginx_site
-        echo "  server_name $KANBOARD_DOMAIN_NAME;" >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
+        nginx_http_redirect "$KANBOARD_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $KANBOARD_DOMAIN_NAME;";
+          echo ''; } >> "$kanboard_nginx_site"
         function_check nginx_compress
-        nginx_compress $KANBOARD_DOMAIN_NAME
-        echo '' >> $kanboard_nginx_site
-        echo '  # Security' >> $kanboard_nginx_site
+        nginx_compress "$KANBOARD_DOMAIN_NAME"
+        echo '' >> "$kanboard_nginx_site"
+        echo '  # Security' >> "$kanboard_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $KANBOARD_DOMAIN_NAME
+        nginx_ssl "$KANBOARD_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $KANBOARD_DOMAIN_NAME
+        nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Logs' >> $kanboard_nginx_site
-        echo '  access_log /dev/null;' >> $kanboard_nginx_site
-        echo '  error_log /dev/null;' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Root' >> $kanboard_nginx_site
-        echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Index' >> $kanboard_nginx_site
-        echo '  index index.php;' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # PHP' >> $kanboard_nginx_site
-        echo '  location ~ \.php {' >> $kanboard_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Location' >> $kanboard_nginx_site
-        echo '  location / {' >> $kanboard_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$kanboard_nginx_site"
         function_check nginx_limits
-        nginx_limits $KANBOARD_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Fancy URLs' >> $kanboard_nginx_site
-        echo '  location @kanboard {' >> $kanboard_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $kanboard_nginx_site
-        echo '    deny all;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '}' >> $kanboard_nginx_site
+        nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @kanboard;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @kanboard {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}'; } >> "$kanboard_nginx_site"
     else
-        echo -n '' > $kanboard_nginx_site
+        echo -n '' > "$kanboard_nginx_site"
     fi
-    echo 'server {' >> $kanboard_nginx_site
-    echo "    listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;" >> $kanboard_nginx_site
-    echo "    server_name $KANBOARD_ONION_HOSTNAME;" >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;";
+      echo "    server_name $KANBOARD_ONION_HOSTNAME;";
+      echo ''; } >> "$kanboard_nginx_site"
     function_check nginx_compress
-    nginx_compress $KANBOARD_DOMAIN_NAME
-    echo '' >> $kanboard_nginx_site
+    nginx_compress "$KANBOARD_DOMAIN_NAME"
+    echo '' >> "$kanboard_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $KANBOARD_DOMAIN_NAME
-    echo '' >> $kanboard_nginx_site
-    echo '  # Logs' >> $kanboard_nginx_site
-    echo '  access_log /dev/null;' >> $kanboard_nginx_site
-    echo '  error_log /dev/null;' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Root' >> $kanboard_nginx_site
-    echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Index' >> $kanboard_nginx_site
-    echo '  index index.php;' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # PHP' >> $kanboard_nginx_site
-    echo '  location ~ \.php {' >> $kanboard_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Location' >> $kanboard_nginx_site
-    echo '  location / {' >> $kanboard_nginx_site
+    nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$kanboard_nginx_site"
     function_check nginx_limits
-    nginx_limits $KANBOARD_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Fancy URLs' >> $kanboard_nginx_site
-    echo '  location @kanboard {' >> $kanboard_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $kanboard_nginx_site
-    echo '    deny all;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '}' >> $kanboard_nginx_site
+    nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @kanboard;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @kanboard {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$kanboard_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $KANBOARD_DOMAIN_NAME 'yes'
+    create_site_certificate "$KANBOARD_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -568,36 +570,31 @@ function install_kanboard {
     backup_database_local kanboard
 
     function_check nginx_ensite
-    nginx_ensite $KANBOARD_DOMAIN_NAME
-
-    KANBOARD_SERVER=${KANBOARD_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        KANBOARD_SERVER=${KANBOARD_ONION_HOSTNAME}
-    fi
+    nginx_ensite "$KANBOARD_DOMAIN_NAME"
 
     # Create the configuration
-    kanboard_configfile=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php
-    cp /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php $kanboard_configfile
-    sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" $kanboard_configfile
-    sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" $kanboard_configfile
-    sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" $kanboard_configfile
-    sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" $kanboard_configfile
-    sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" $kanboard_configfile
-    sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" $kanboard_configfile
-    sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" $kanboard_configfile
+    kanboard_configfile="/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php"
+    cp "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php" "$kanboard_configfile"
+    sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" "$kanboard_configfile"
     logging_off_kanboard
 
-    initialise_database kanboard /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql
-    chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
+    initialise_database kanboard "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql"
+    chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
 
-    cd /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
+    cd "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs" || exit 24582468
     install_composer
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a kanboard -p "$KANBOARD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a kanboard -p "$KANBOARD_ADMIN_PASSWORD"
 
     set_completion_param "kanboard domain" "$KANBOARD_DOMAIN_NAME"
 
diff --git a/src/freedombone-app-keyserver b/src/freedombone-app-keyserver
index ca56349e..ecb9998c 100755
--- a/src/freedombone-app-keyserver
+++ b/src/freedombone-app-keyserver
@@ -49,7 +49,7 @@ keyserver_variables=(ONION_ONLY
 function check_keyserver_directory_size {
     dirsize=$(du /var/lib/sks/DB | awk -F ' ' '{print $1}')
     # 500M
-    if [ $dirsize -gt 500000 ]; then
+    if [ "$dirsize" -gt 500000 ]; then
         echo "1"
         return
     fi
@@ -57,7 +57,7 @@ function check_keyserver_directory_size {
 }
 
 function keyserver_watchdog {
-    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+    ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
     keyserver_size_warning=$"The SKS keyserver database is getting large. Check that you aren't being spammed"
     keyserver_disabled_warning=$"The SKS keyserver has been disabled because it is getting too large. This is to prevent flooding attacks from crashing the server. You may need to restore the keyserver from backup."
@@ -67,19 +67,19 @@ function keyserver_watchdog {
 
     # check database size hourly
     keyserver_watchdog_script=/tmp/keyserver-watchdog
-    echo '#!/bin/bash' > $keyserver_watchdog_script
-    echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script
-    echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script
+    { echo '#!/bin/bash';
+      echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')";
+      echo "if [ \$dirsize -gt 450000 ]; then";
 
-    echo "  echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
+      echo "  echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS";
 
-    echo '  if [ $dirsize -gt 500000 ]; then' >> $keyserver_watchdog_script
-    echo "    nginx_dissite $KEYSERVER_DOMAIN_NAME" >> $keyserver_watchdog_script
-    echo '    systemctl stop sks' >> $keyserver_watchdog_script
-    echo '    systemctl disable sks' >> $keyserver_watchdog_script
-    echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
-    echo '  fi' >> $keyserver_watchdog_script
-    echo 'fi' >> $keyserver_watchdog_script
+      echo "  if [ \$dirsize -gt 500000 ]; then";
+      echo "    nginx_dissite $KEYSERVER_DOMAIN_NAME";
+      echo '    systemctl stop sks';
+      echo '    systemctl disable sks';
+      echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS";
+      echo '  fi';
+      echo 'fi'; } > $keyserver_watchdog_script
     chmod +x $keyserver_watchdog_script
 
     if [ ! -f /etc/cron.hourly/keyserver-watchdog ]; then
@@ -134,18 +134,18 @@ function upgrade_keyserver {
         return
     fi
 
-    if grep -q "keyserver domain" $COMPLETION_FILE; then
+    if grep -q "keyserver domain" "$COMPLETION_FILE"; then
         KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$KEYSERVER_DOMAIN_NAME/htdocs "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
+    set_repo_commit "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
 
     read_config_param MY_USERNAME
-    USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-    if [ ! $GPG_ID ]; then
+    USER_EMAIL_ADDRESS="$MY_USERNAME@$HOSTNAME"
+    GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
+    if [ ! "$GPG_ID" ]; then
         echo $'No GPG ID for admin user'
         exit 846336
     fi
@@ -157,17 +157,17 @@ function upgrade_keyserver {
         echo $'GPG ID not retrieved for admin user due to error'
         exit 74825
     fi
-    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
-    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
-    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
-    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
+    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
+    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
+    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
+    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
 
-    chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs"
 }
 
 function backup_local_keyserver {
     # remove any unused log files
-    cd /var/lib/sks/DB
+    cd /var/lib/sks/DB || exit 2468245
     db_archive -d
 
     source_directory=/etc/sks
@@ -223,6 +223,7 @@ function restore_local_keyserver {
         fi
         cp -r $temp_restore_dir/* /var/lib/sks/DB
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         # restore the old database
         rm -rf /var/lib/sks/DB
@@ -243,12 +244,12 @@ function restore_local_keyserver {
 
     systemctl enable sks
     systemctl start sks
-    nginx_ensite $KEYSERVER_DOMAIN_NAME
+    nginx_ensite "$KEYSERVER_DOMAIN_NAME"
 }
 
 function backup_remote_keyserver {
     # remove any unused log files
-    cd /var/lib/sks/DB
+    cd /var/lib/sks/DB || exit 734624
     db_archive -d
 
     source_directory=/etc/sks
@@ -304,6 +305,7 @@ function restore_remote_keyserver {
         fi
         cp -r $temp_restore_dir/* /var/lib/sks/DB
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         # restore the old database
         rm -rf /var/lib/sks/DB
@@ -322,7 +324,7 @@ function restore_remote_keyserver {
 
     systemctl enable sks
     systemctl start sks
-    nginx_ensite $KEYSERVER_DOMAIN_NAME
+    nginx_ensite "$KEYSERVER_DOMAIN_NAME"
 }
 
 function remove_keyserver {
@@ -333,21 +335,21 @@ function remove_keyserver {
     apt-get -qy remove sks dirmngr
 
     read_config_param "KEYSERVER_DOMAIN_NAME"
-    nginx_dissite $KEYSERVER_DOMAIN_NAME
-    remove_certs ${KEYSERVER_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME
+    nginx_dissite "$KEYSERVER_DOMAIN_NAME"
+    remove_certs "${KEYSERVER_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
-        rm -rf /var/www/$KEYSERVER_DOMAIN_NAME
+    if [ -d "/var/www/$KEYSERVER_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$KEYSERVER_DOMAIN_NAME"
     fi
     function_check remove_ddns_domain
-    remove_ddns_domain $KEYSERVER_DOMAIN_NAME
+    remove_ddns_domain "$KEYSERVER_DOMAIN_NAME"
 
     remove_config_param KEYSERVER_DOMAIN_NAME
     remove_config_param KEYSERVER_CODE
     function_check remove_onion_service
-    remove_onion_service keyserver ${KEYSERVER_ONION_PORT}
+    remove_onion_service keyserver "${KEYSERVER_ONION_PORT}"
     remove_onion_service sks 11370 11371 11372
     remove_completion_param "install_keyserver"
 
@@ -355,15 +357,15 @@ function remove_keyserver {
     firewall_remove 11371 tcp
     firewall_remove 11372 tcp
 
-    sed -i '/keyserver/d' $COMPLETION_FILE
-    sed -i '/sks onion/d' $COMPLETION_FILE
+    sed -i '/keyserver/d' "$COMPLETION_FILE"
+    sed -i '/sks onion/d' "$COMPLETION_FILE"
     if [ -d /var/lib/sks ]; then
         rm -rf /var/lib/sks
     fi
 }
 
 function install_interactive_keyserver {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -388,12 +390,12 @@ function keyserver_create_membership {
         return
     fi
     systemctl stop sks
-    echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with." > /etc/sks/membership
-    echo '#' >> /etc/sks/membership
-    echo $"# Don't add major keyservers here, because it will take an" >> /etc/sks/membership
-    echo $'# Infeasible amount of time to sync and backups will become' >> /etc/sks/membership
-    echo $'# absurdly long and probably break your system. You have been warned.' >> /etc/sks/membership
-    echo '' >> /etc/sks/membership
+    { echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with.";
+      echo '#';
+      echo $"# Don't add major keyservers here, because it will take an";
+      echo $'# Infeasible amount of time to sync and backups will become';
+      echo $'# absurdly long and probably break your system. You have been warned.';
+      echo ''; } > /etc/sks/membership
     chown -Rc debian-sks: /etc/sks/membership
     systemctl start sks
 }
@@ -403,7 +405,7 @@ function keyserver_import_keys {
     dialog --title $"Import public keys database" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\n\nContinue?" 10 60
+           --yesno $"\\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\\n\\nContinue?" 10 60
     sel=$?
     case $sel in
         1) return;;
@@ -412,36 +414,38 @@ function keyserver_import_keys {
     if [ ! -d /var/lib/sks/dump ]; then
         mkdir -p /var/lib/sks/dump
     fi
-    cd /var/lib/sks/dump
+    cd /var/lib/sks/dump || exit 59242684
     echo $'Getting keyserver dump. This may take a few days or longer, so be patient.'
     rm -rf /var/lib/sks/dump/*
     KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/$(date +%F)/"
     wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \
-         -A pgp,txt $KEYSERVER_DUMP_URL
+         -A pgp,txt "$KEYSERVER_DUMP_URL"
 
-    cd /var/lib/sks
+    cd /var/lib/sks || exit 936572424
     echo $'Building the keyserver database from the downloaded dump'
     keyserver_reset_database
 }
 
 function keyserver_sync {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Sync with other keyserver" \
            --form $"\nEnter details for the other server. Please be aware that it's not a good idea to sync with major keyservers which have exceptionally large databases. This is intended to sync with other $PROJECT_NAME systems each having a small database for a particular community." 16 60 3 \
            $"Domain:" 1 1 "" 1 25 32 64 \
            $"Port:" 2 1 "11370" 2 25 6 6 \
            $"Sync Email (optional):" 3 1 "pgp-public-keys@" 3 25 32 64 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    other_keyserver_domain=$(cat $data | sed -n 1p)
-    other_keyserver_port=$(cat $data | sed -n 2p)
-    other_keyserver_email=$(cat $data | sed -n 3p)
+    other_keyserver_domain=$(sed -n 1p < "$data")
+    other_keyserver_port=$(sed -n 2p < "$data")
+    other_keyserver_email=$(sed -n 3p < "$data")
+    rm -f "$data"
     if [[ "$other_keyserver_domain" != *'.'* ]]; then
         return
     fi
@@ -464,7 +468,7 @@ function keyserver_sync {
     # Warn if trying to sync
     if [[ "$other_keyserver_domain" == *"sks-keyservers.net" || "$other_keyserver_domain" == *"gnupg.net" || "$other_keyserver_domain" == *"pgp.com" || "$other_keyserver_domain" == *"pgp.mit.edu" || "$other_keyserver_domain" == *"the.earth.li" || "$other_keyserver_domain" == *"mayfirst.org" || "$other_keyserver_domain" == *"ubuntu.com" ]]; then
         dialog --title $"Sync with other keyserver" \
-               --msgbox $"\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60
+               --msgbox $"\\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60
         return
     fi
 
@@ -508,47 +512,50 @@ function keyserver_edit {
 }
 
 function keyserver_remove_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove a key" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>$data
+           --inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            remove_key_id=$(<$data)
+            remove_key_id=$(<"$data")
             if [ ${#remove_key_id} -gt 8 ]; then
-                sks drop $remove_key_id
+                sks drop "$remove_key_id"
                 dialog --title $"Remove a key" \
                        --msgbox $"The key was removed" 6 40
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_keyserver {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"SKS Keyserver" \
                --radiolist $"Choose an operation:" 12 70 4 \
                1 $"Remove a key" off \
                2 $"Sync with other keyserver" off \
                3 $"Edit sync keyservers" off \
-               4 $"Exit" on 2> $data
+               4 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) keyserver_remove_key;;
             2) keyserver_sync;;
             3) keyserver_edit;;
-            4) break;;
+            4) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -563,7 +570,7 @@ function install_keyserver {
         mkdir /var/www/$KEYSERVER_DOMAIN_NAME
     fi
 
-    cd /var/www/$KEYSERVER_DOMAIN_NAME
+    cd "/var/www/$KEYSERVER_DOMAIN_NAME" || exit 25427642847
     if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
         rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
     fi
@@ -571,7 +578,7 @@ function install_keyserver {
     if [ -d /repos/keyserverweb ]; then
         mkdir htdocs
         cp -r -p /repos/keyserverweb/. htdocs
-        cd htdocs
+        cd htdocs || exit 379584659
         git pull
     else
         git_clone $KEYSERVER_WEB_REPO htdocs
@@ -581,14 +588,14 @@ function install_keyserver {
         exit 6539230
     fi
 
-    cd /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
+    cd "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" || exit 264824528
     git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT
     set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT"
 
 
     USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-    if [ ! $GPG_ID ]; then
+    GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
+    if [ ! "$GPG_ID" ]; then
         echo $'No GPG ID for admin user'
         exit 846336
     fi
@@ -659,11 +666,11 @@ function install_keyserver {
     chown debian-sks: $sksconf_file
 
     if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
-        echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc
-        echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
-        echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc
-        echo "HiddenServicePort 11373 127.0.0.1:11371" >> /etc/tor/torrc
-        echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc
+        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/';
+          echo 'HiddenServiceVersion 3';
+          echo "HiddenServicePort 11370 127.0.0.1:11370";
+          echo "HiddenServicePort 11373 127.0.0.1:11371";
+          echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> /etc/tor/torrc
         echo $'Added onion site for sks'
     fi
 
@@ -682,141 +689,141 @@ function install_keyserver {
     if [[ $ONION_ONLY == "no" ]]; then
         # NOTE: without http active on port 80 the keyserver doesn't work
         #       from the commandline
-        echo 'server {' > $keyserver_nginx_site
-        echo '  listen 80;' >> $keyserver_nginx_site
-        echo '  listen 0.0.0.0:11371;' >> $keyserver_nginx_site
-        echo '  listen [::]:80;' >> $keyserver_nginx_site
-        echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Logs' >> $keyserver_nginx_site
-        echo '  access_log /dev/null;' >> $keyserver_nginx_site
-        echo '  error_log /dev/null;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Root' >> $keyserver_nginx_site
-        echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
-        echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location / {' >> $keyserver_nginx_site
+        { echo 'server {';
+          echo '  listen 80;';
+          echo '  listen 0.0.0.0:11371;';
+          echo '  listen [::]:80;';
+          echo "  server_name $KEYSERVER_DOMAIN_NAME;";
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  rewrite ^/stats /pks/lookup?op=stats;';
+          echo "  rewrite ^/s/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/search/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo "  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo '';
+          echo '  location / {'; } > $keyserver_nginx_site
         function_check nginx_limits
-        nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
-        echo '  }' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location /pks {' >> $keyserver_nginx_site
-        echo '    proxy_pass         http://127.0.0.1:11373;' >> $keyserver_nginx_site
-        echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
-        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";" >> $keyserver_nginx_site
-        echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
-        echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
-        echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site
-        echo '  }' >> $keyserver_nginx_site
-        echo '}' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo 'server {' >> $keyserver_nginx_site
-        echo '  listen 443 ssl;' >> $keyserver_nginx_site
-        echo '  listen 0.0.0.0:11372 ssl;' >> $keyserver_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $keyserver_nginx_site
-        echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  error_page 404 /404.html;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
-        echo '    deny all;' >> $keyserver_nginx_site
-        echo '    return 404;' >> $keyserver_nginx_site
-        echo '  }' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Security' >> $keyserver_nginx_site
+        nginx_limits "$KEYSERVER_DOMAIN_NAME" '128k'
+        { echo '  }';
+          echo '';
+          echo '  location /pks {';
+          echo '    proxy_pass         http://127.0.0.1:11373;';
+          echo '    proxy_pass_header  Server;';
+          echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";";
+          echo '    proxy_ignore_client_abort on;';
+          echo '    client_max_body_size 8m;';
+          echo '    client_body_buffer_size 128k;';
+          echo '  }';
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  listen 0.0.0.0:11372 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $KEYSERVER_DOMAIN_NAME;";
+          echo '';
+          echo '  error_page 404 /404.html;';
+          echo '';
+          echo '  location ~ (.git|LICENSE|readme.md) {';
+          echo '    deny all;';
+          echo '    return 404;';
+          echo '  }';
+          echo '';
+          echo '  # Security'; } >> $keyserver_nginx_site
         function_check nginx_ssl
         nginx_ssl $KEYSERVER_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Logs' >> $keyserver_nginx_site
-        echo '  access_log /dev/null;' >> $keyserver_nginx_site
-        echo '  error_log /dev/null;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Root' >> $keyserver_nginx_site
-        echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
+          echo '';
 
-        echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
-        echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location / {' >> $keyserver_nginx_site
+          echo '  rewrite ^/stats /pks/lookup?op=stats;';
+          echo "  rewrite ^/s/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/search/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo "  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo '';
+          echo '  location / {'; } >> $keyserver_nginx_site
         function_check nginx_limits
         nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
-        echo '  }' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location /pks {' >> $keyserver_nginx_site
-        echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
-        echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
-        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";" >> $keyserver_nginx_site
-        echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
-        echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
-        echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site
-        echo '  }' >> $keyserver_nginx_site
-        echo '}' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
+        { echo '  }';
+          echo '';
+          echo '  location /pks {';
+          echo "    proxy_pass         http://127.0.0.1:11373;";
+          echo '    proxy_pass_header  Server;';
+          echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";";
+          echo '    proxy_ignore_client_abort on;';
+          echo '    client_max_body_size 8m;';
+          echo '    client_body_buffer_size 128k;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> $keyserver_nginx_site
     else
         echo -n '' > $keyserver_nginx_site
     fi
-    echo 'server {' >> $keyserver_nginx_site
-    echo "  listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
-    echo "  server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  error_page 404 /404.html;' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
-    echo '    deny all;' >> $keyserver_nginx_site
-    echo '    return 404;' >> $keyserver_nginx_site
-    echo '  }' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;";
+      echo "  server_name $KEYSERVER_ONION_HOSTNAME;";
+      echo '';
+      echo '  error_page 404 /404.html;';
+      echo '';
+      echo '  location ~ (.git|LICENSE|readme.md) {';
+      echo '    deny all;';
+      echo '    return 404;';
+      echo '  }';
+      echo ''; } >> $keyserver_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
-    echo '' >> $keyserver_nginx_site
-    echo '  # Logs' >> $keyserver_nginx_site
-    echo '  access_log /dev/null;' >> $keyserver_nginx_site
-    echo '  error_log /dev/null;' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  # Root' >> $keyserver_nginx_site
-    echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/mail;" >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
-    echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  location / {' >> $keyserver_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/mail;";
+      echo '';
+      echo '  rewrite ^/stats /pks/lookup?op=stats;';
+      echo "  rewrite ^/s/(.*) /pks/lookup?search=\$1;";
+      echo "  rewrite ^/search/(.*) /pks/lookup?search=\$1;";
+      echo "  rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
+      echo "  rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
+      echo "  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+      echo "  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+      echo '';
+      echo '  location / {'; } >> $keyserver_nginx_site
     function_check nginx_limits
     nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
-    echo '  }' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  location /pks {' >> $keyserver_nginx_site
-    echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
-    echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
-    echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";" >> $keyserver_nginx_site
-    echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
-    echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
-    echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site
-    echo '  }' >> $keyserver_nginx_site
-    echo '}' >> $keyserver_nginx_site
+    { echo '  }';
+      echo '';
+      echo '  location /pks {';
+      echo "    proxy_pass         http://127.0.0.1:11373;";
+      echo '    proxy_pass_header  Server;';
+      echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";";
+      echo '    proxy_ignore_client_abort on;';
+      echo '    client_max_body_size 8m;';
+      echo '    client_body_buffer_size 128k;';
+      echo '  }';
+      echo '}'; } >> $keyserver_nginx_site
 
     function_check create_site_certificate
     if [ ! -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then
diff --git a/src/freedombone-app-koel b/src/freedombone-app-koel
index f91524d9..d4ea8ff9 100755
--- a/src/freedombone-app-koel
+++ b/src/freedombone-app-koel
@@ -58,7 +58,7 @@ function logging_off_koel {
 }
 
 function koel_remove_gravatar {
-    cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
+    cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 8345374534
     sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" node_modules/browser-sync-ui/public/js/app.js.map
     sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" public/js/app.*.js
     if ! grep -q "//Vue.set(user, 'avatar'" resources/assets/js/stores/user.js; then
@@ -69,19 +69,19 @@ function koel_remove_gravatar {
 function remove_user_koel {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp koel
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp koel
 }
 
 function add_user_koel {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a koel -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a koel -p "$new_user_password"
     echo '0'
 }
 
 function install_interactive_koel {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -91,42 +91,43 @@ function install_interactive_koel {
         KOEL_DETAILS_COMPLETE=
         while [ ! $KOEL_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Koel Configuration" \
-                       --form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
+                       --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
                        $"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'KOEL_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Koel Configuration" \
-                       --form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
+                       --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
                        $"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            KOEL_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $KOEL_DOMAIN_NAME ]; then
-                if [[ $KOEL_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            KOEL_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$KOEL_DOMAIN_NAME" ]; then
+                if [[ "$KOEL_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     KOEL_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$KOEL_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $KOEL_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$KOEL_DOMAIN_NAME" ]]; then
                     KOEL_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        KOEL_CODE=$(cat $data | sed -n 2p)
+                        KOEL_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$KOEL_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             KOEL_DOMAIN_NAME=
                         fi
                     fi
@@ -135,6 +136,7 @@ function install_interactive_koel {
             if [ $KOEL_DOMAIN_NAME ]; then
                 KOEL_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -150,23 +152,23 @@ function change_password_koel {
 
     read_config_param 'KOEL_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a koel -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a koel -p "$new_user_password"
 }
 
 function koel_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        KOEL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        KOEL_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $KOEL_ADMIN_PASSWORD ]; then
-            KOEL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
+            KOEL_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $KOEL_ADMIN_PASSWORD ]; then
+    if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database koel "$KOEL_ADMIN_PASSWORD" $MY_USERNAME
+    create_database koel "$KOEL_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_koel {
@@ -174,14 +176,14 @@ function reconfigure_koel {
 }
 
 function koel_import_from_directory {
-    data=$(tempfile 2>/dev/null)
-    dialog --title "Choose a directory containing music" --dselect /home/$MY_USERNAME/ 30 60 2> $data
-    selected_dir=$(cat $data)
-    rm $data
+    data=$(mktemp 2>/dev/null)
+    dialog --title "Choose a directory containing music" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
+    selected_dir=$(cat "$data")
+    rm -f "$data"
     if [[ "$selected_dir" == '/music' ]]; then
         return
     fi
-    if [ ! -d $selected_dir ]; then
+    if [ ! -d "$selected_dir" ]; then
         return
     fi
     if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@@ -197,7 +199,7 @@ function koel_import_from_directory {
     dialog --title $"Import music directory" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nImport the directory:\n\n  $selected_dir" 12 75
+           --yesno $"\\nImport the directory:\\n\\n  $selected_dir" 12 75
     sel=$?
     case $sel in
         1) return;;
@@ -214,18 +216,18 @@ function koel_import_from_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Import music from USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT/Music ]; then
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT/Music" ]; then
         dialog --title $"Import music from USB drive" --msgbox $'No Music directory found on USB drive' 6 50
-        backup_unmount_drive ${USB_DRIVE}
+        backup_unmount_drive "${USB_DRIVE}"
     fi
-    cp -ru $USB_MOUNT/Music/* /music
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru "$USB_MOUNT/Music/*" /music
+    backup_unmount_drive "${USB_DRIVE}"
     dialog --title $"Import music from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
 }
 
@@ -233,28 +235,26 @@ function koel_export_to_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Export music to USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT/Music ]; then
-        mkdir -p $USB_MOUNT/Music
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT/Music" ]; then
+        mkdir -p "$USB_MOUNT/Music"
     fi
-    cp -ru /music/* $USB_MOUNT/Music
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru /music/* "$USB_MOUNT/Music"
+    backup_unmount_drive "${USB_DRIVE}"
     dialog --title $"Export music to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
 }
 
 function format_music_drive {
     detect_usb_drive
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
     dialog --title $"Format USB drive $USB_DRIVE for music storage" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to format drive\n\n    ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
+           --yesno $"\\nPlease confirm that you wish to format drive\\n\\n    ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
     sel=$?
     case $sel in
         1) return;;
@@ -265,7 +265,7 @@ function format_music_drive {
     echo ''
     echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
     echo ''
-    ${PROJECT_NAME}-format $USB_DRIVE
+    "${PROJECT_NAME}-format" "$USB_DRIVE"
     dialog --title $"Format USB drive $USB_DRIVE for music storage" --msgbox $'Format complete. You may now export music or remove the USB drive' 6 50
 }
 
@@ -273,8 +273,7 @@ function format_music_drive {
 function configure_interactive_koel {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Koel" \
                --radiolist $"Choose an operation:" 12 70 5 \
@@ -282,24 +281,28 @@ function configure_interactive_koel {
                2 $"Import music from USB drive" off \
                3 $"Export music to USB drive" off \
                4 $"Format a USB drive for music storage" off \
-               5 $"Exit" on 2> $data
+               5 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) koel_import_from_directory;;
             2) koel_import_from_usb;;
             3) koel_export_to_usb;;
             4) format_music_drive;;
-            5) break;;
+            5) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function upgrade_koel {
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
     fi
 
@@ -312,12 +315,12 @@ function upgrade_koel {
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$KOEL_DOMAIN_NAME/htdocs "koel commit" "$KOEL_COMMIT" $KOEL_REPO
+    set_repo_commit "/var/www/$KOEL_DOMAIN_NAME/htdocs" "koel commit" "$KOEL_COMMIT" $KOEL_REPO
 
-    cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
+    cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 7345346358
     php artisan koel:init
     koel_remove_gravatar
-    chown -R www-data:www-data *
+    chown -R www-data:www-data "/var/www/${KOEL_DOMAIN_NAME}/htdocs/*"
 
     systemctl start koel
 }
@@ -325,20 +328,20 @@ function upgrade_koel {
 
 function backup_local_koel {
     KOEL_DOMAIN_NAME='koel'
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
     fi
 
-    source_directory=/var/www/${KOEL_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${KOEL_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
         systemctl stop koel
 
         dest_directory=koel
         function_check suspend_site
-        suspend_site ${KOEL_DOMAIN_NAME}
+        suspend_site "${KOEL_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb koel
@@ -351,27 +354,26 @@ function backup_local_koel {
 }
 
 function restore_local_koel {
-    if ! grep -q "koel domain" $COMPLETION_FILE; then
+    if ! grep -q "koel domain" "$COMPLETION_FILE"; then
         return
     fi
     KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
-    if [ $KOEL_DOMAIN_NAME ]; then
+    if [ "$KOEL_DOMAIN_NAME" ]; then
         echo $"Restoring koel"
         systemctl stop koel
 
         temp_restore_dir=/root/tempkoel
-        koel_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
 
         function_check koel_create_database
         koel_create_database
 
-        restore_database koel ${KOEL_DOMAIN_NAME}
+        restore_database koel "${KOEL_DOMAIN_NAME}"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 274825424
         sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
         MARIADB_PASSWORD=
 
@@ -380,14 +382,14 @@ function restore_local_koel {
 }
 
 function backup_remote_koel {
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
         temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             systemctl stop koel
 
             function_check suspend_site
-            suspend_site ${KOEL_DOMAIN_NAME}
+            suspend_site "${KOEL_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend koel
@@ -395,7 +397,7 @@ function backup_remote_koel {
             echo $"Backing up Koel installation"
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir koel
+            backup_directory_to_friend "$temp_backup_dir" koel
 
             function_check restart_site
             restart_site
@@ -408,7 +410,7 @@ function backup_remote_koel {
 }
 
 function restore_remote_koel {
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         echo $"Restoring koel"
 
         systemctl stop koel
@@ -419,13 +421,13 @@ function restore_remote_koel {
         koel_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend koel ${KOEL_DOMAIN_NAME}
+        restore_database_from_friend koel "${KOEL_DOMAIN_NAME}"
         if [ -d /root/tempkoel ]; then
             rm -rf /root/tempkoel
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 53743682
         sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
         MARIADB_PASSWORD=
 
@@ -453,14 +455,14 @@ function remove_koel {
     read_config_param "KOEL_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $KOEL_DOMAIN_NAME"
-    nginx_dissite $KOEL_DOMAIN_NAME
-    remove_certs $KOEL_DOMAIN_NAME
+    nginx_dissite "$KOEL_DOMAIN_NAME"
+    remove_certs "$KOEL_DOMAIN_NAME"
 
-    if [ -d /var/www/$KOEL_DOMAIN_NAME ]; then
-        rm -rf /var/www/$KOEL_DOMAIN_NAME
+    if [ -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$KOEL_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$KOEL_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$KOEL_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database koel
@@ -468,15 +470,15 @@ function remove_koel {
     remove_onion_service koel ${KOEL_ONION_PORT}
     remove_app koel
     remove_completion_param install_koel
-    sed -i '/koel/d' $COMPLETION_FILE
+    sed -i '/koel/d' "$COMPLETION_FILE"
     remove_backup_database_local koel
 
     function_check remove_ddns_domain
-    remove_ddns_domain $KOEL_DOMAIN_NAME
+    remove_ddns_domain "$KOEL_DOMAIN_NAME"
 }
 
 function install_koel_main {
-    if [ ! $KOEL_DOMAIN_NAME ]; then
+    if [ ! "$KOEL_DOMAIN_NAME" ]; then
         echo $'No domain name was given for koel'
         exit 7359
     fi
@@ -498,177 +500,186 @@ function install_koel_main {
     apt-get -yq install php-memcached php-intl exiftool libfcgi0ldbl
     apt-get -yq install ffmpeg
 
-    if [ ! -d /var/www/$KOEL_DOMAIN_NAME ]; then
-        mkdir /var/www/$KOEL_DOMAIN_NAME
+    if [ ! -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$KOEL_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/koel ]; then
-            mkdir /var/www/$KOEL_DOMAIN_NAME/htdocs
-            cp -r -p /repos/koel/. /var/www/$KOEL_DOMAIN_NAME/htdocs
-            cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$KOEL_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/koel/. "/var/www/$KOEL_DOMAIN_NAME/htdocs"
+            cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 23924295
             git pull
         else
             function_check git_clone
-            git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
+            git_clone "$KOEL_REPO" "/var/www/$KOEL_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone koel repo'
             exit 365735
         fi
     fi
 
-    cd /var/www/$KOEL_DOMAIN_NAME/htdocs
-    git checkout $KOEL_COMMIT -b $KOEL_COMMIT
+    cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 834567242
+    git checkout "$KOEL_COMMIT" -b "$KOEL_COMMIT"
     set_completion_param "koel commit" "$KOEL_COMMIT"
 
-    chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
 
     function_check koel_create_database
     koel_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $KOEL_DOMAIN_NAME
+    add_ddns_domain "$KOEL_DOMAIN_NAME"
+
+    KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
 
     koel_nginx_site=/etc/nginx/sites-available/$KOEL_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $KOEL_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $koel_nginx_site
-        echo '  listen 443 ssl;' >> $koel_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $koel_nginx_site
-        echo "  server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
+        nginx_http_redirect "$KOEL_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $KOEL_DOMAIN_NAME;";
+          echo ''; } >> "$koel_nginx_site"
         function_check nginx_compress
-        nginx_compress $KOEL_DOMAIN_NAME
-        echo '    gzip_comp_level 9;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Security' >> $koel_nginx_site
+        nginx_compress "$KOEL_DOMAIN_NAME"
+        { echo '    gzip_comp_level 9;';
+          echo '';
+          echo '  # Security'; } >> "$koel_nginx_site"
         function_check nginx_ssl mobile
-        nginx_ssl $KOEL_DOMAIN_NAME
+        nginx_ssl "$KOEL_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $KOEL_DOMAIN_NAME
+        nginx_disable_sniffing "$KOEL_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Logs' >> $koel_nginx_site
-        echo '  access_log /dev/null;' >> $koel_nginx_site
-        echo '  error_log /dev/null;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Root' >> $koel_nginx_site
-        echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Index' >> $koel_nginx_site
-        echo '  index index.php;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
-        echo '  if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
-        echo '    return 404;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  location /media/ {' >> $koel_nginx_site
-        echo '    internal;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '    # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
-        echo '    alias       $upstream_http_x_media_root;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # PHP' >> $koel_nginx_site
-        echo '  location ~ \.php {' >> $koel_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Location' >> $koel_nginx_site
-        echo '  location / {' >> $koel_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/';
+          echo "  if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
+          echo '    return 404;';
+          echo '  }';
+          echo '';
+          echo '  location /media/ {';
+          echo '    internal;';
+          echo '';
+          echo '    # A X-Media-Root should be set to media_path settings from upstream';
+          echo "    alias       \$upstream_http_x_media_root;";
+          echo '';
+          echo '  }';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$koel_nginx_site"
         function_check nginx_limits
-        nginx_limits $KOEL_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @koel;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Fancy URLs' >> $koel_nginx_site
-        echo '  location @koel {' >> $koel_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $koel_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $koel_nginx_site
-        echo '    deny all;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '}' >> $koel_nginx_site
+        nginx_limits "$KOEL_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @koel;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @koel {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$koel_nginx_site"
     else
-        echo -n '' > $koel_nginx_site
+        echo -n '' > "$koel_nginx_site"
+    fi
+    if [[ "$ONION_ONLY" == 'no' ]]; then
+        { echo 'server {';
+          echo "    listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
+          echo "    server_name $KOEL_DOMAIN_NAME;";
+          echo ''; } >> "$koel_nginx_site"
+    else
+        { echo 'server {';
+          echo "    listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
+          echo "    server_name $KOEL_ONION_HOSTNAME;";
+          echo ''; } >> "$koel_nginx_site"
     fi
-    echo 'server {' >> $koel_nginx_site
-    echo "    listen 127.0.0.1:$KOEL_ONION_PORT default_server;" >> $koel_nginx_site
-    echo "    server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
     function_check nginx_compress
-    nginx_compress $KOEL_DOMAIN_NAME
-    echo '    gzip_comp_level 9;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Logs' >> $koel_nginx_site
-    echo '  access_log /dev/null;' >> $koel_nginx_site
-    echo '  error_log /dev/null;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Root' >> $koel_nginx_site
-    echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Index' >> $koel_nginx_site
-    echo '  index index.php;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
-    echo '  if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
-    echo '    return 404;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  location /media/ {' >> $koel_nginx_site
-    echo '    internal;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '    # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
-    echo '    alias       $upstream_http_x_media_root;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # PHP' >> $koel_nginx_site
-    echo '  location ~ \.php {' >> $koel_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Location' >> $koel_nginx_site
-    echo '  location / {' >> $koel_nginx_site
+    nginx_compress "$KOEL_DOMAIN_NAME"
+    { echo '    gzip_comp_level 9;';
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/';
+      echo "  if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
+      echo '    return 404;';
+      echo '  }';
+      echo '';
+      echo '  location /media/ {';
+      echo '    internal;';
+      echo '';
+      echo '    # A X-Media-Root should be set to media_path settings from upstream';
+      echo "    alias       \$upstream_http_x_media_root;";
+      echo '';
+      echo '  }';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$koel_nginx_site"
     function_check nginx_limits
-    nginx_limits $KOEL_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @koel;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Fancy URLs' >> $koel_nginx_site
-    echo '  location @koel {' >> $koel_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $koel_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $koel_nginx_site
-    echo '    deny all;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '}' >> $koel_nginx_site
+    nginx_limits "$KOEL_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @koel;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @koel {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '}'; } >> "$koel_nginx_site"
 
-    sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' $koel_nginx_site
-    sed -i 's|DENY;|SAMEORIGIN;|g' $koel_nginx_site
+    sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' "$koel_nginx_site"
+    sed -i 's|DENY;|SAMEORIGIN;|g' "$koel_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $KOEL_DOMAIN_NAME 'yes'
+    create_site_certificate "$KOEL_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -679,20 +690,13 @@ function install_koel_main {
     backup_database_local koel
 
     function_check nginx_ensite
-    nginx_ensite $KOEL_DOMAIN_NAME
-
-    KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
-
-    KOEL_SERVER=${KOEL_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        KOEL_SERVER=${KOEL_ONION_HOSTNAME}
-    fi
+    nginx_ensite "$KOEL_DOMAIN_NAME"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a koel -p "$KOEL_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a koel -p "$KOEL_ADMIN_PASSWORD"
 
     set_completion_param "koel domain" "$KOEL_DOMAIN_NAME"
 
@@ -709,7 +713,7 @@ function install_koel {
 
     install_koel_main
 
-    cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+    cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 2432848
     install_composer
 
     npm install -g yarn
@@ -731,30 +735,29 @@ function install_koel {
     sed -i 's/MAIL_PORT=.*/MAIL_PORT=25/g' .env
     sed -i 's|FFMPEG_PATH=.*|FFMPEG_PATH=/usr/bin/ffmpeg|g' .env
 
-    php artisan koel:init
-    if [ ! "$?" = "0" ]; then
+    if ! php artisan koel:init; then
         echo $"Can't install koel:init"
         exit 78362
     fi
     koel_remove_gravatar
-    chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/koel.service
-    echo 'Description=Koel (music player)' >> /etc/systemd/system/koel.service
-    echo 'After=syslog.target' >> /etc/systemd/system/koel.service
-    echo 'After=network.target' >> /etc/systemd/system/koel.service
-    echo '' >> /etc/systemd/system/koel.service
-    echo '[Service]' >> /etc/systemd/system/koel.service
-    echo 'Type=simple' >> /etc/systemd/system/koel.service
-    echo 'User=www-data' >> /etc/systemd/system/koel.service
-    echo 'Group=www-data' >> /etc/systemd/system/koel.service
-    echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs" >> /etc/systemd/system/koel.service
-    echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT" >> /etc/systemd/system/koel.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/koel.service
-    echo '' >> /etc/systemd/system/koel.service
-    echo '[Install]' >> /etc/systemd/system/koel.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/koel.service
+    { echo '[Unit]';
+      echo 'Description=Koel (music player)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo 'Group=www-data';
+      echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs";
+      echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT";
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/koel.service
     systemctl enable koel.service
     systemctl daemon-reload
     systemctl start koel.service
diff --git a/src/freedombone-app-lychee b/src/freedombone-app-lychee
index ff3d8c36..18cf05e3 100755
--- a/src/freedombone-app-lychee
+++ b/src/freedombone-app-lychee
@@ -55,14 +55,14 @@ function logging_off_lychee {
 }
 
 function lychee_create_database {
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        LYCHEE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+        LYCHEE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! ${LYCHEE_ADMIN_PASSWORD} ]; then
-            LYCHEE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "${LYCHEE_ADMIN_PASSWORD}" ]; then
+            LYCHEE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $LYCHEE_ADMIN_PASSWORD ]; then
+    if [ ! "$LYCHEE_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -73,7 +73,7 @@ function lychee_create_database {
 function remove_user_lychee {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp lychee
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp lychee
 }
 
 function add_user_lychee {
@@ -85,13 +85,13 @@ function add_user_lychee {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a lychee -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a lychee -p "$new_user_password"
 
     echo '0'
 }
 
 function install_interactive_lychee {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -110,12 +110,12 @@ function configure_interactive_lychee {
     get_mariadb_password
 
     dialog --title $"Lychee Configuration" \
-           --msgbox $"\nYou can initially install the system with:\n\n  Username: root\n  Password: $MARIADB_PASSWORD" 10 70
+           --msgbox $"\\nYou can initially install the system with:\\n\\n  Username: root\\n  Password: $MARIADB_PASSWORD" 10 70
 }
 
 
 function change_password_lychee {
-    LYCHEE_USERNAME="$1"
+#    LYCHEE_USERNAME="$1"
     LYCHEE_PASSWORD="$2"
     if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then
         echo $'Lychee password is too short'
@@ -143,56 +143,56 @@ function upgrade_lychee {
 
 function backup_local_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
-    lychee_path=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
-    if [ -d $lychee_path ]; then
+    lychee_path="/var/www/${LYCHEE_DOMAIN_NAME}/htdocs"
+    if [ -d "$lychee_path" ]; then
         function_check backup_database_to_usb
         backup_database_to_usb lychee
 
-        backup_directory_to_usb $lychee_path lychee
+        backup_directory_to_usb "$lychee_path" lychee
         restart_site
     fi
 }
 
 function restore_local_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
-    if [ $LYCHEE_DOMAIN_NAME ]; then
-        suspend_site ${LYCHEE_DOMAIN_NAME}
+    if [ "$LYCHEE_DOMAIN_NAME" ]; then
+        suspend_site "${LYCHEE_DOMAIN_NAME}"
 
         function_check lychee_create_database
         lychee_create_database
 
         function_check restore_database
-        restore_database lychee ${LYCHEE_DOMAIN_NAME}
+        restore_database lychee "${LYCHEE_DOMAIN_NAME}"
 
-        if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+        if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
             MARIADB_PASSWORD=
         fi
 
         restart_site
-        chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
+        chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
     fi
 }
 
 function backup_remote_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
     temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
-    if [ -d $temp_backup_dir ]; then
-        suspend_site ${LYCHEE_DOMAIN_NAME}
+    if [ -d "$temp_backup_dir" ]; then
+        suspend_site "${LYCHEE_DOMAIN_NAME}"
         backup_database_to_friend lychee
-        backup_directory_to_friend $temp_backup_dir lychee
+        backup_directory_to_friend "$temp_backup_dir" lychee
         restart_site
     else
         echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}"
@@ -202,27 +202,27 @@ function backup_remote_lychee {
 
 function restore_remote_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
-    suspend_site ${LYCHEE_DOMAIN_NAME}
+    suspend_site "${LYCHEE_DOMAIN_NAME}"
 
     function_check restore_database_from_friend
 
     function_check lychee_create_database
     lychee_create_database
 
-    restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
+    restore_database_from_friend lychee "${LYCHEE_DOMAIN_NAME}"
 
-    if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+    if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
         MARIADB_PASSWORD=
     fi
 
     restart_site
-    chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
+    chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
 }
 
 function remove_lychee {
@@ -231,181 +231,181 @@ function remove_lychee {
     fi
 
     read_config_param "LYCHEE_DOMAIN_NAME"
-    nginx_dissite $LYCHEE_DOMAIN_NAME
-    remove_certs ${LYCHEE_DOMAIN_NAME}
+    nginx_dissite "$LYCHEE_DOMAIN_NAME"
+    remove_certs "${LYCHEE_DOMAIN_NAME}"
 
     drop_database lychee
     remove_backup_database_local lychee
 
-    if [ -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$LYCHEE_DOMAIN_NAME
+    if [ -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$LYCHEE_DOMAIN_NAME"
     fi
     remove_config_param LYCHEE_DOMAIN_NAME
     remove_config_param LYCHEE_CODE
     function_check remove_onion_service
-    remove_onion_service lychee ${LYCHEE_ONION_PORT}
+    remove_onion_service lychee "${LYCHEE_ONION_PORT}"
     remove_completion_param "install_lychee"
-    sed -i '/Lychee/d' $COMPLETION_FILE
-    sed -i '/lychee/d' $COMPLETION_FILE
+    sed -i '/Lychee/d' "$COMPLETION_FILE"
+    sed -i '/lychee/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $LYCHEE_DOMAIN_NAME
+    remove_ddns_domain "$LYCHEE_DOMAIN_NAME"
 }
 
 function install_lychee_website {
     function_check nginx_http_redirect
-    nginx_http_redirect $LYCHEE_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    server_name $LYCHEE_DOMAIN_NAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_http_redirect "$LYCHEE_DOMAIN_NAME"
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
+      echo "    server_name $LYCHEE_DOMAIN_NAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_ssl
-    nginx_ssl $LYCHEE_DOMAIN_NAME
+    nginx_ssl "$LYCHEE_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_limits "$LYCHEE_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {';
+      echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.html;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.html;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
 }
 
 function install_lychee_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    server_name $LYCHEE_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;";
+      echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
+      echo "    server_name $LYCHEE_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_limits "$LYCHEE_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $LYCHEE_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_limits "$LYCHEE_DOMAIN_NAME"
+    { echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.html;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.html;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
 }
 
 function install_lychee_from_repo {
-    if [ ! -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
-        mkdir /var/www/$LYCHEE_DOMAIN_NAME
+    if [ ! -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$LYCHEE_DOMAIN_NAME"
     fi
 
-    cd /var/www/$LYCHEE_DOMAIN_NAME
+    cd "/var/www/$LYCHEE_DOMAIN_NAME" || exit 682468246
 
     if [ -d /repos/lychee ]; then
         mkdir htdocs
         cp -r -p /repos/lychee/. htdocs
-        cd htdocs
+        cd htdocs || exit 963756345
         git pull
     else
-        git_clone $LYCHEE_REPO htdocs
+        git_clone "$LYCHEE_REPO" htdocs
     fi
 
-    cd htdocs
-    git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT
+    cd htdocs || exit 1437534858
+    git checkout "$LYCHEE_COMMIT" -b "$LYCHEE_COMMIT"
     set_completion_param "lychee commit" "$LYCHEE_COMMIT"
 }
 
@@ -414,7 +414,7 @@ function install_lychee {
         ONION_ONLY='no'
     fi
 
-    if [ ! $LYCHEE_DOMAIN_NAME ]; then
+    if [ ! "$LYCHEE_DOMAIN_NAME" ]; then
         echo $'The lychee domain name was not specified'
         exit 543672
     fi
@@ -429,7 +429,7 @@ function install_lychee {
         function_check install_lychee_website
         install_lychee_website
     else
-        echo -n '' > /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     fi
 
     LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT})
@@ -438,23 +438,23 @@ function install_lychee {
     install_lychee_website_onion
 
     function_check create_site_certificate
-    create_site_certificate $LYCHEE_DOMAIN_NAME 'yes'
+    create_site_certificate "$LYCHEE_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
 
-    chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/
-    chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/
-    chown -R www-data:www-data /var/www/$LYCHEE_DOMAIN_NAME/htdocs
+    chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/"
+    chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/"
+    chown -R www-data:www-data "/var/www/$LYCHEE_DOMAIN_NAME/htdocs"
 
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore"
 
     function_check nginx_ensite
-    nginx_ensite $LYCHEE_DOMAIN_NAME
+    nginx_ensite "$LYCHEE_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -469,10 +469,10 @@ function install_lychee {
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $LYCHEE_DOMAIN_NAME
+    add_ddns_domain "$LYCHEE_DOMAIN_NAME"
 
     set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME"
     APP_INSTALLED=1
diff --git a/src/freedombone-app-mailpile b/src/freedombone-app-mailpile
index 5c598398..5becd87c 100755
--- a/src/freedombone-app-mailpile
+++ b/src/freedombone-app-mailpile
@@ -58,15 +58,15 @@ function logging_off_mailpile {
 
 function remove_user_mailpile {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp mailpile
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp mailpile
 }
 
 function add_user_mailpile {
-    ${PROJECT_NAME}-pass -u $1 -a mailpile -p "$2"
+    "${PROJECT_NAME}-pass" -u "$1" -a mailpile -p "$2"
 }
 
 function install_interactive_mailpile {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -93,7 +93,7 @@ function upgrade_mailpile {
     read_config_param "MAILPILE_DOMAIN_NAME"
 
     CURR_COMMIT=$MAILPILE_COMMIT
-    if grep -q "mailpile commit" $COMPLETION_FILE; then
+    if grep -q "mailpile commit" "$COMPLETION_FILE"; then
         CURR_COMMIT=$(get_completion_param "mailpile commit")
     fi
     if [[ "$CURR_COMMIT" == "$MAILPILE_COMMIT" ]]; then
@@ -103,10 +103,10 @@ function upgrade_mailpile {
     function_check set_repo_commit
     set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO
 
-    cd /var/www/$MAILPILE_DOMAIN_NAME/mail
+    cd "/var/www/$MAILPILE_DOMAIN_NAME/mail" || exit 2346836535
     pip install -r requirements.txt
 
-    chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
+    chown -R mailpile:mailpile "/var/www/$MAILPILE_DOMAIN_NAME/mail"
 }
 
 function backup_local_mailpile {
@@ -136,16 +136,16 @@ function remove_mailpile {
     systemctl daemon-reload
 
     read_config_param "MAILPILE_DOMAIN_NAME"
-    nginx_dissite $MAILPILE_DOMAIN_NAME
-    remove_certs ${MAILPILE_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
+    nginx_dissite "$MAILPILE_DOMAIN_NAME"
+    remove_certs "${MAILPILE_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$MAILPILE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$MAILPILE_DOMAIN_NAME
+    if [ -d "/var/www/$MAILPILE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$MAILPILE_DOMAIN_NAME"
     fi
     function_check remove_ddns_domain
-    remove_ddns_domain $MAILPILE_DOMAIN_NAME
+    remove_ddns_domain "$MAILPILE_DOMAIN_NAME"
 
     groupdel -f mailpile
     userdel -r mailpile
@@ -158,8 +158,8 @@ function remove_mailpile {
 
     enable_email_encryption_at_rest
 
-    sed -i '/Mailpile/d' $COMPLETION_FILE
-    sed -i '/mailpile/d' $COMPLETION_FILE
+    sed -i '/Mailpile/d' "$COMPLETION_FILE"
+    sed -i '/mailpile/d' "$COMPLETION_FILE"
 }
 
 function install_mailpile {
@@ -178,7 +178,7 @@ function install_mailpile {
         mkdir /var/www/$MAILPILE_DOMAIN_NAME
     fi
 
-    cd /var/www/$MAILPILE_DOMAIN_NAME
+    cd "/var/www/$MAILPILE_DOMAIN_NAME" || exit 264826484
     if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then
         rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail
     fi
@@ -186,13 +186,13 @@ function install_mailpile {
     if [ -d /repos/mailpile ]; then
         mkdir mail
         cp -r -p /repos/mailpile/. mail
-        cd mail
+        cd mail || exit 245728482
         git pull
     else
         git_clone $MAILPILE_REPO mail
     fi
 
-    cd mail
+    cd mail || exit 246872468
     git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT
     set_completion_param "mailpile commit" "$MAILPILE_COMMIT"
 
@@ -206,8 +206,8 @@ function install_mailpile {
     adduser mailpile debian-tor
     adduser mailpile www-data
     adduser mailpile mail
-    adduser mailpile $MY_USERNAME
-    if [[ $ONION_ONLY == 'no' ]]; then
+    adduser mailpile "$MY_USERNAME"
+    if [[ "$ONION_ONLY" == 'no' ]]; then
         chgrp -R ssl-cert /etc/letsencrypt
         chmod -R g=rX /etc/letsencrypt
         usermod -a -G ssl-cert mailpile
@@ -219,89 +219,89 @@ function install_mailpile {
 
     MAILPILE_ONION_HOSTNAME=$(add_onion_service mailpile 80 ${MAILPILE_ONION_PORT})
 
-    echo '[Unit]' > /etc/systemd/system/mailpile.service
-    echo 'Description=Mailpile Email Client' >> /etc/systemd/system/mailpile.service
-    echo 'After=syslog.target network.target nginx.target' >> /etc/systemd/system/mailpile.service
-    echo '' >> /etc/systemd/system/mailpile.service
-    echo '[Service]' >> /etc/systemd/system/mailpile.service
-    echo 'User=mailpile' >> /etc/systemd/system/mailpile.service
-    echo 'Group=mailpile' >> /etc/systemd/system/mailpile.service
-    echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail" >> /etc/systemd/system/mailpile.service
-    echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait" >> /etc/systemd/system/mailpile.service
-    echo 'Restart=always' >> /etc/systemd/system/mailpile.service
-    echo 'RestartSec=10' >> /etc/systemd/system/mailpile.service
-    echo '' >> /etc/systemd/system/mailpile.service
-    echo '[Install]' >> /etc/systemd/system/mailpile.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mailpile.service
+    { echo '[Unit]';
+      echo 'Description=Mailpile Email Client';
+      echo 'After=syslog.target network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=mailpile';
+      echo 'Group=mailpile';
+      echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail";
+      echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mailpile.service
     chmod +x /etc/systemd/system/mailpile.service
 
     mailpile_nginx_site=/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         nginx_http_redirect $MAILPILE_DOMAIN_NAME
-        echo 'server {' >> $mailpile_nginx_site
-        echo '  listen 443 ssl;' >> $mailpile_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $mailpile_nginx_site
-        echo "  server_name $MAILPILE_DOMAIN_NAME;" >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  # Security' >> $mailpile_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $MAILPILE_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> $mailpile_nginx_site
         function_check nginx_ssl
         nginx_ssl $MAILPILE_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  # Logs' >> $mailpile_nginx_site
-        echo '  access_log /dev/null;' >> $mailpile_nginx_site
-        echo '  error_log /dev/null;' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  # Root' >> $mailpile_nginx_site
-        echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  location / {' >> $mailpile_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
+          echo '';
+          echo '  location / {'; } >> $mailpile_nginx_site
         function_check nginx_limits
         nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-        echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
-        echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
-        echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
-        echo '    proxy_redirect off;' >> $mailpile_nginx_site
-        echo '  }' >> $mailpile_nginx_site
-        echo '}' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
+        { echo "    rewrite /(.*) /\$1 break;";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "    proxy_set_header Host \$http_host;";
+          echo '    proxy_set_header X-NginX-Proxy true;';
+          echo "    proxy_pass http://localhost:${MAILPILE_PORT};";
+          echo '    proxy_redirect off;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> $mailpile_nginx_site
     else
         echo -n '' > $mailpile_nginx_site
     fi
-    echo 'server {' >> $mailpile_nginx_site
-    echo "    listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;" >> $mailpile_nginx_site
-    echo "    server_name $MAILPILE_ONION_HOSTNAME;" >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;";
+      echo "    server_name $MAILPILE_ONION_HOSTNAME;";
+      echo ''; } >> $mailpile_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
-    echo '' >> $mailpile_nginx_site
-    echo '  # Logs' >> $mailpile_nginx_site
-    echo '  access_log /dev/null;' >> $mailpile_nginx_site
-    echo '  error_log /dev/null;' >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
-    echo '  # Root' >> $mailpile_nginx_site
-    echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
-    echo '  location / {' >> $mailpile_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
+      echo '';
+      echo '  location / {'; } >> $mailpile_nginx_site
     function_check nginx_limits
     nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-    echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
-    echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
-    echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
-    echo '    proxy_redirect off;' >> $mailpile_nginx_site
-    echo '  }' >> $mailpile_nginx_site
-    echo '}' >> $mailpile_nginx_site
+    { echo "    rewrite /(.*) /\$1 break;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$http_host;";
+      echo '    proxy_set_header X-NginX-Proxy true;';
+      echo "    proxy_pass http://localhost:${MAILPILE_PORT};";
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '}'; } >> $mailpile_nginx_site
 
     function_check create_site_certificate
     if [ ! -f /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem ]; then
@@ -322,7 +322,7 @@ function install_mailpile {
     function_check nginx_ensite
     nginx_ensite $MAILPILE_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a mailpile -p "*"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mailpile -p "*"
 
     function_check add_ddns_domain
     add_ddns_domain $MAILPILE_DOMAIN_NAME
@@ -336,7 +336,7 @@ function install_mailpile {
     if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg ]; then
         mv /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg_orig
     fi
-    cp -r /home/$MY_USERNAME/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/
+    cp -r "/home/$MY_USERNAME/.gnupg" "/var/www/$MAILPILE_DOMAIN_NAME/mail/"
     chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
     chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
 
@@ -348,8 +348,8 @@ function install_mailpile {
     sed -i 's|ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf
 
     # set ssl certs, just in case we want to use them later
-    if [[ $ONION_ONLY == "no" ]]; then
-        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
             sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
             sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
             sed -i "s|#ssl_key =.*|ssl_key = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/dovecot/conf.d/10-ssl.conf
diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix
index 157bbd51..f53d39db 100755
--- a/src/freedombone-app-matrix
+++ b/src/freedombone-app-matrix
@@ -71,21 +71,21 @@ function matrix_expire_old_posts {
     read_config_param MATRIX_PORT
 
     matrix_remove_posts=/usr/bin/matrix-remove
-    echo '#!/bin/bash' > $matrix_remove_posts
-    echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_posts
-    echo 'ROOM=$1' >> $matrix_remove_posts
-    echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_posts
-    echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'" >> $matrix_remove_posts
-    echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")" >> $matrix_remove_posts
-    echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_posts
-    echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")" >> $matrix_remove_posts
-    echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts
+    { echo '#!/bin/bash';
+      echo "cd $MATRIX_DATA_DIR";
+      echo "ROOM=\$1";
+      echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
+      echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'";
+      echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")";
+      echo 'BUSY="pragma busy_timeout=20000"';
+      echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")";
+      echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')";
 
-    echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_posts
-    echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts
+      echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
+      echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
 
-    echo 'set -x' >> $matrix_remove_posts
-    echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN" >> $matrix_remove_posts
+      echo 'set -x';
+      echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN"; } > $matrix_remove_posts
 
     chmod +x $matrix_remove_posts
 }
@@ -127,109 +127,109 @@ function logging_off_matrix {
 function matrix_nginx {
     matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $matrix_nginx_site
-        echo "  listen 0.0.0.0:443;" >> $matrix_nginx_site
-        echo "  server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Security' >> $matrix_nginx_site
+        { echo 'server {';
+          echo "  listen 0.0.0.0:443;";
+          echo "  server_name ${MATRIX_DOMAIN_NAME};";
+          echo '';
+          echo '  # Security'; } > $matrix_nginx_site
         function_check nginx_ssl
         nginx_ssl ${MATRIX_DOMAIN_NAME}
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Logs' >> $matrix_nginx_site
-        echo '  access_log /dev/null;' >> $matrix_nginx_site
-        echo '  error_log /dev/null;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Index' >> $matrix_nginx_site
-        echo '  index index.html;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  location /_matrix {' >> $matrix_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  root /var/lib/matrix/media_store;';
+          echo '';
+          echo '  # Index';
+          echo '  index index.html;';
+          echo '';
+          echo '  location /_matrix {'; } >> $matrix_nginx_site
         function_check nginx_limits
         nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-        echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-        echo '  }' >> $matrix_nginx_site
-        echo '}' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo 'server {' >> $matrix_nginx_site
-        echo "  listen 0.0.0.0:${MATRIX_HTTP_PORT};" >> $matrix_nginx_site
-        echo "  server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Security' >> $matrix_nginx_site
+        { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+          echo '  }';
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo "  listen 0.0.0.0:${MATRIX_HTTP_PORT};";
+          echo "  server_name ${MATRIX_DOMAIN_NAME};";
+          echo '';
+          echo '  # Security'; } >> $matrix_nginx_site
         function_check nginx_ssl
         nginx_ssl ${MATRIX_DOMAIN_NAME}
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Logs' >> $matrix_nginx_site
-        echo '  access_log /dev/null;' >> $matrix_nginx_site
-        echo '  error_log /dev/null;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Index' >> $matrix_nginx_site
-        echo '  index index.html;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Location' >> $matrix_nginx_site
-        echo '  location /_matrix {' >> $matrix_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  root /var/lib/matrix/media_store;';
+          echo '';
+          echo '  # Index';
+          echo '  index index.html;';
+          echo '';
+          echo '  # Location';
+          echo '  location /_matrix {'; } >> $matrix_nginx_site
         function_check nginx_limits
         nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-        echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-        echo '  }' >> $matrix_nginx_site
-        echo '}' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
+        { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+          echo '  }';
+          echo '}';
+          echo ''; } >> $matrix_nginx_site
     else
         echo -n '' > $matrix_nginx_site
     fi
-    echo 'server {' >> $matrix_nginx_site
-    echo "    listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;" >> $matrix_nginx_site
-    echo "    server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;";
+      echo "    server_name $MATRIX_DOMAIN_NAME;";
+      echo ''; } >> $matrix_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $MATRIX_DOMAIN_NAME
-    echo '' >> $matrix_nginx_site
-    echo '  # Logs' >> $matrix_nginx_site
-    echo '  access_log /dev/null;' >> $matrix_nginx_site
-    echo '  error_log /dev/null;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  # Location' >> $matrix_nginx_site
-    echo '  location /_matrix {' >> $matrix_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /var/lib/matrix/media_store;';
+      echo '';
+      echo '  # Location';
+      echo '  location /_matrix {'; } >> $matrix_nginx_site
     function_check nginx_limits
     nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-    echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-    echo '  }' >> $matrix_nginx_site
-    echo '}' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo 'server {' >> $matrix_nginx_site
-    echo "    listen 127.0.0.1:$MATRIX_ONION_PORT default_server;" >> $matrix_nginx_site
-    echo "    server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
+    { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+      echo '  }';
+      echo '}';
+      echo '';
+      echo 'server {';
+      echo "    listen 127.0.0.1:$MATRIX_ONION_PORT default_server;";
+      echo "    server_name $MATRIX_DOMAIN_NAME;";
+      echo ''; } >> $matrix_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $MATRIX_DOMAIN_NAME
-    echo '' >> $matrix_nginx_site
-    echo '  # Logs' >> $matrix_nginx_site
-    echo '  access_log /dev/null;' >> $matrix_nginx_site
-    echo '  error_log /dev/null;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  # Location' >> $matrix_nginx_site
-    echo '  location /_matrix {' >> $matrix_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /var/lib/matrix/media_store;';
+      echo '';
+      echo '  # Location';
+      echo '  location /_matrix {'; } >> $matrix_nginx_site
     function_check nginx_limits
     nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-    echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-    echo '  }' >> $matrix_nginx_site
-    echo '}' >> $matrix_nginx_site
+    { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+      echo '  }';
+      echo '}'; } >> $matrix_nginx_site
 
     if [ ! -d /var/www/$MATRIX_DOMAIN_NAME ]; then
         mkdir -p /var/www/$MATRIX_DOMAIN_NAME/htdocs
@@ -242,7 +242,7 @@ function matrix_nginx {
 function matrix_generate_homeserver_file {
     local filepath="${1}"
 
-    cd /etc/matrix
+    cd /etc/matrix || exit 468246824
     python -m synapse.app.homeserver \
            --config-path "${filepath}" \
            --generate-config \
@@ -251,10 +251,10 @@ function matrix_generate_homeserver_file {
 }
 
 function matrix_configure_homeserver_yaml {
-    local turnkey="${1}"
-    local filepath="${2}"
+    turnkey="${1}"
+    filepath="${2}"
 
-    local ymltemp="$(mktemp)"
+    ymltemp="$(mktemp)"
 
     awk -v TURNURIES="turn_uris: [\"turn:${MATRIX_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=tcp\"]" \
         -v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
@@ -272,7 +272,7 @@ function matrix_configure_homeserver_yaml {
         print;
         }' "${filepath}" > "${ymltemp}"
 
-    mv ${ymltemp} "${filepath}"
+    mv "${ymltemp}" "${filepath}"
 
     if [[ $ONION_ONLY == "no" ]]; then
         sed -i "s|tls_certificate_path:.*|tls_certificate_path: \"/etc/ssl/certs/${MATRIX_DOMAIN_NAME}.pem\"|g" "${filepath}"
@@ -307,9 +307,10 @@ function matrix_diff {
     REPORT_STATS="${REPORT_STATS:-no_or_yes}"
     export MATRIX_DOMAIN_NAME REPORT_STATS
 
-    matrix_generate_synapse_file $INSTALL_DIR/homeserver.synapse.yaml
-    diff -${DIFFPARAMS} $INSTALL_DIR/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml
-    rm $INSTALL_DIR/homeserver.synapse.yaml
+    matrix_generate_synapse_file "$INSTALL_DIR/homeserver.synapse.yaml"
+    # shellcheck disable=SC2086
+    diff -${DIFFPARAMS} "$INSTALL_DIR/homeserver.synapse.yaml" "${MATRIX_DATA_DIR}/homeserver.yaml"
+    rm "$INSTALL_DIR/homeserver.synapse.yaml"
 }
 
 function matrix_generate {
@@ -334,15 +335,15 @@ function create_matrix_user_removal_script {
     read_config_param MATRIX_DOMAIN_NAME
 
     matrix_remove_user=/usr/bin/matrix-remove-user
-    echo '#!/bin/bash' > $matrix_remove_user
-    echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_user
-    echo 'remove_username=$1' >> $matrix_remove_user
-    echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_user
-    echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_user
-    echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_user
-    echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_user
-    echo 'set -x' >> $matrix_remove_user
-    echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'" >> $matrix_remove_user
+    { echo '#!/bin/bash';
+      echo "cd $MATRIX_DATA_DIR";
+      echo "remove_username=\$1";
+      echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
+      echo 'BUSY="pragma busy_timeout=20000"';
+      echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
+      echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
+      echo 'set -x';
+      echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'"; } > $matrix_remove_user
 
     chmod +x $matrix_remove_user
 }
@@ -351,7 +352,7 @@ function remove_user_matrix {
     remove_username="$1"
 
     create_matrix_user_removal_script
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp matrix
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp matrix
     $matrix_remove_user "$remove_username"
 }
 
@@ -362,7 +363,7 @@ function add_user_matrix {
     read_config_param MY_USERNAME
     read_config_param MATRIX_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $new_username -a matrix -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a matrix -p "$new_user_password"
 
     if [[ "$new_username" != "$MY_USERNAME" ]]; then
         echo 'no' | register_new_matrix_user -c ${MATRIX_DATA_DIR}/homeserver.yaml -u "${new_username}" -p "${new_user_password}" http://localhost:${MATRIX_PORT}
@@ -373,7 +374,7 @@ function add_user_matrix {
 }
 
 function install_interactive_matrix {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -393,7 +394,7 @@ function install_interactive_matrix {
 }
 
 function change_password_matrix {
-    curr_username="$1"
+    #curr_username="$1"
     new_user_password="$2"
 
     #${PROJECT_NAME}-pass -u "$curr_username" -a matrix -p "$new_user_password"
@@ -418,7 +419,7 @@ function upgrade_matrix {
 
     function_check set_repo_commit
     set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
-    cd /etc/matrix
+    cd /etc/matrix || exit 62476724
     pip install --upgrade --process-dependency-links .
 
     sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
@@ -467,6 +468,7 @@ function restore_local_matrix {
         else
             cp -r $temp_restore_dir/* /etc/matrix/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -482,6 +484,7 @@ function restore_local_matrix {
         else
             cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -490,7 +493,7 @@ function restore_local_matrix {
         rm -rf $temp_restore_dir
         chown -R matrix:matrix $MATRIX_DATA_DIR
 
-        if [[ $ONION_ONLY == "no" ]]; then
+        if [[ "$ONION_ONLY" == "no" ]]; then
             if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
                 chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
             fi
@@ -532,6 +535,7 @@ function restore_remote_matrix {
         else
             cp -r $temp_restore_dir/* /etc/matrix/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 38935
         fi
@@ -545,6 +549,7 @@ function restore_remote_matrix {
         else
             cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 60923
         fi
@@ -581,7 +586,7 @@ function remove_matrix {
     fi
     systemctl daemon-reload
     apt-get -y remove --purge coturn
-    cd /etc/matrix
+    cd /etc/matrix || exit 26472462
     pip uninstall .
     rm -rf $MATRIX_DATA_DIR
     rm -rf /etc/matrix
@@ -596,7 +601,7 @@ function remove_matrix {
     systemctl restart nginx
 
     remove_completion_param install_matrix
-    sed -i '/matrix/d' $COMPLETION_FILE
+    sed -i '/matrix/d' "$COMPLETION_FILE"
 
     rm /etc/avahi/services/matrix.service
     systemctl restart avahi-daemon
@@ -608,7 +613,7 @@ function install_home_server {
         if [ -d /repos/matrix ]; then
             mkdir /etc/matrix
             cp -r -p /repos/matrix/. /etc/matrix
-            cd /etc/matrix
+            cd /etc/matrix || exit 2324962946
             git pull
         else
             function_check git_clone
@@ -621,18 +626,17 @@ function install_home_server {
         fi
     fi
 
-    cd /etc/matrix
+    cd /etc/matrix || exit 7385452724
     git checkout $MATRIX_COMMIT -b $MATRIX_COMMIT
     set_completion_param "matrix commit" "$MATRIX_COMMIT"
-    if [ ! -d $INSTALL_DIR/matrix ]; then
-        mkdir -p $INSTALL_DIR/matrix
+    if [ ! -d "$INSTALL_DIR/matrix" ]; then
+        mkdir -p "$INSTALL_DIR/matrix"
     fi
     rm -rf /usr/local/lib/python2.7/dist-packages/ldap*
-    if [ -d $INSTALL_DIR/matrix ]; then
-        rm -rf $INSTALL_DIR/matrix/*
+    if [ -d "$INSTALL_DIR/matrix" ]; then
+        rm -rf "$INSTALL_DIR/matrix/*"
     fi
-    pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/matrix
-    if [ ! "$?" = "0" ]; then
+    if ! pip install --upgrade --process-dependency-links . -b "$INSTALL_DIR/matrix"; then
         echo $'Failed to install matrix home server'
         exit 782542
     fi
@@ -653,11 +657,6 @@ function install_home_server {
     function_check matrix_generate
     matrix_generate
 
-    if [[ -z ${MATRIX_DATA_DIR}/homeserver.yaml ]]; then
-        echo $'homeserver.yaml is zero size'
-        exit 783724
-    fi
-
     # Disable the web client
     sed -i 's|web_client:.*|web_client: False|g' $MATRIX_DATA_DIR/homeserver.yaml
     sed -i 's|, webclient||g' $MATRIX_DATA_DIR/homeserver.yaml
@@ -669,20 +668,20 @@ function install_home_server {
 
     sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
 
-    echo '[Unit]' > /etc/systemd/system/matrix.service
-    echo 'Description=Synapse Matrix homeserver' >> /etc/systemd/system/matrix.service
-    echo 'After=network.target nginx.target' >> /etc/systemd/system/matrix.service
-    echo '' >> /etc/systemd/system/matrix.service
-    echo '[Service]' >> /etc/systemd/system/matrix.service
-    echo 'Type=simple' >> /etc/systemd/system/matrix.service
-    echo 'User=matrix' >> /etc/systemd/system/matrix.service
-    echo "WorkingDirectory=/etc/matrix" >> /etc/systemd/system/matrix.service
-    echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml" >> /etc/systemd/system/matrix.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/matrix.service
-    echo 'RestartSec=10' >> /etc/systemd/system/matrix.service
-    echo '' >> /etc/systemd/system/matrix.service
-    echo '[Install]' >> /etc/systemd/system/matrix.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/matrix.service
+    { echo '[Unit]';
+      echo 'Description=Synapse Matrix homeserver';
+      echo 'After=network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=matrix';
+      echo "WorkingDirectory=/etc/matrix";
+      echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/matrix.service
     systemctl enable matrix
     systemctl daemon-reload
     systemctl start matrix
@@ -701,18 +700,19 @@ function install_home_server {
     fi
     chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
 
-    cd $MATRIX_DATA_DIR
+    cd "$MATRIX_DATA_DIR" || exit 365856835
     sqlite3 homeserver.db "PRAGMA auto_vacuum = FULL;"
 
-    MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
+    #MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
+    add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}
     echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
     systemctl restart tor
 
-    if [ ! ${MATRIX_PASSWORD} ]; then
-        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-            MATRIX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "${MATRIX_PASSWORD}" ]; then
+        if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+            MATRIX_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            MATRIX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            MATRIX_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -733,8 +733,8 @@ function install_matrix {
 
     check_ram_availability 1500
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     if [[ ${ONION_ONLY} == 'no' ]]; then
@@ -806,19 +806,19 @@ function install_matrix {
     set_completion_param "matrix domain" "$MATRIX_DOMAIN_NAME"
 
     # Add avahi services
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/matrix.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/matrix.service
-    echo '<service-group>' >> /etc/avahi/services/matrix.service
-    echo '  <name replace-wildcards="yes">%h MATRIX</name>' >> /etc/avahi/services/matrix.service
-    echo '  <service>' >> /etc/avahi/services/matrix.service
-    echo '    <type>_matrix._tcp</type>' >> /etc/avahi/services/matrix.service
-    echo "    <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service
-    echo '  </service>' >> /etc/avahi/services/matrix.service
-    echo '  <service>' >> /etc/avahi/services/matrix.service
-    echo '    <type>_matrix._udp</type>' >> /etc/avahi/services/matrix.service
-    echo "    <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service
-    echo '  </service>' >> /etc/avahi/services/matrix.service
-    echo '</service-group>' >> /etc/avahi/services/matrix.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h MATRIX</name>';
+      echo '  <service>';
+      echo '    <type>_matrix._tcp</type>';
+      echo "    <port>$MATRIX_HTTP_PORT</port>";
+      echo '  </service>';
+      echo '  <service>';
+      echo '    <type>_matrix._udp</type>';
+      echo "    <port>$MATRIX_HTTP_PORT</port>";
+      echo '  </service>';
+      echo '</service-group>'; } > /etc/avahi/services/matrix.service
 
     systemctl restart avahi-daemon