#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# XMPP functions
#
# License
# =======
#
# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='full full-vim chat'

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1

# Directory where XMPP settings are stored
XMPP_DIRECTORY="/var/lib/prosody"
XMPP_PASSWORD=

XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
XMPP_ECC_CURVE='"secp384r1"'

prosody_latest_version='0.10'
prosody_nightly=382
prosody_nightly_hash='770f1a0466f2361184eebffac9f50c102ad842cd855190db6c7f42f2f09884f5'
prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest/${prosody_filename}.tar.gz"

# From https://hg.prosody.im/prosody-modules
prosody_modules_filename='prosody-modules-20170514.tar.gz'
prosody_modules_hash='ef404c203317cc0de6da7aaec4f21765a57f630adfbf082cf2dd92b881c15f86'

LIBMESODE_REPO="https://github.com/boothj5/libmesode"
LIBMESODE_COMMIT='e3db0e9bfba61b2d82193874343a94a88f910800'

PROFANITY_REPO="https://github.com/boothj5/profanity"
PROFANITY_COMMIT='2fafaec8a7dc9bc01ee894d83214590598b32914'

PROFANITY_OMEMO_PLUGIN_REPO="https://github.com/ReneVolution/profanity-omemo-plugin"
PROFANITY_OMEMO_PLUGIN_COMMIT='3ec8ec173656bed9761b740b086123e07c749548'

xmpp_variables=(ONION_ONLY
                INSTALLED_WITHIN_DOCKER
                XMPP_CIPHERS
                XMPP_ECC_CURVE
                XMPP_ECC_CURVE
                MY_USERNAME
                DEFAULT_DOMAIN_NAME
                XMPP_DOMAIN_CODE)

function xmpp_add_onion_address {
    domain_name="$1"
    onion_address="$2"
    if [ ${#domain_name} -eq 0 ]; then
        return
    fi
    if [ ${#onion_address} -eq 0 ]; then
        return
    fi
    if grep -q "[\"${domain_name}\"]" /etc/prosody/prosody.cfg.lua; then
        sed -i "s|[\"${domain_name}\"].*|[\"${domain_name}\"] = \"${onion_address}\";|g" /etc/prosody/prosody.cfg.lua
    else
        sed -i "/onions_map = {/a  [\"${domain_name}\"] = \"${onion_address}\";" /etc/prosody/prosody.cfg.lua
    fi
    systemctl restart prosody
}

function xmpp_add_onion_address_interactive {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
    dialog --backtitle $"Freedombone Control Panel" \
           --title $"Add an ICANN to Onion domain mapping" \
           --form $"Sepecify an ICANN domain name and its equivalent onion address\n" 9 50 2 \
           $"Domain:" 1 1 "" 1 18 26 25 \
           $"Onion address:" 2 1 "" 2 18 26 25 \
           2> $data
    sel=$?
    case $sel in
        1) return;;
        255) return;;
    esac
    domain_name=$(cat $data | sed -n 1p)
    onion_address=$(cat $data | sed -n 2p)
    if [[ "$onion_address" != *".onion" ]]; then
        return
    fi
    if [[ "$domain_name" != *"."* ]]; then
        return
    fi

    xmpp_add_onion_address "$domain_name" "$onion_address"

    dialog --title $"Add an ICANN to Onion domain mapping" \
           --msgbox $"${domain_name} -> ${onion_address} added" 6 70
}

function xmpp_remove_onion_address {
    domain_name="$1"
    if [ ${#domain_name} -eq 0 ]; then
        return
    fi
    if grep -q "[\"${domain_name}\"]" /etc/prosody/prosody.cfg.lua; then
        sed -i "/[\"${domain_name}\"]/d" /etc/prosody/prosody.cfg.lua
    fi

    if grep -q "= \"${domain_name}\";" /etc/prosody/prosody.cfg.lua; then
        sed -i "/= \"${domain_name}\";/d" /etc/prosody/prosody.cfg.lua
    fi
    systemctl restart prosody
}

function xmpp_remove_onion_address_interactive {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
    dialog --title $"Remove ICANN to Onion domain mapping" \
           --backtitle $"Freedombone Control Panel" \
           --inputbox $'Enter the domain name or onion address to be removed' 8 60 2>$data
    sel=$?
    case $sel in
        0) domain_name=$(<$data)
           if [[ "$domain_name" != *"."* ]]; then
               return
           fi
           xmpp_remove_onion_address "$domain_name"
           dialog --title $"Remove an ICANN to Onion domain mapping" \
                  --msgbox $"${domain_name} removed" 6 70
           ;;
    esac
}

function configure_interactive_xmpp {
    while true
    do
        data=$(tempfile 2>/dev/null)
        trap "rm -f $data" 0 1 2 5 15
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"XMPP" \
               --radiolist $"Choose an operation:" 12 70 3 \
               1 $"Add an ICANN to onion domain mapping" off \
               2 $"Remove an ICANN to onion domain mapping" off \
               3 $"Return to administrator control panel" on 2> $data
        sel=$?
        case $sel in
            1) return;;
            255) return;;
        esac
        case $(cat $data) in
            1) xmpp_add_onion_address_interactive;;
            2) xmpp_remove_onion_address_interactive;;
            3) break;;
        esac
    done
}

function remove_user_xmpp {
    remove_username="$1"
    ${PROJECT_NAME}-pass -u $remove_username --rmapp xmpp
    XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
    if [[ $ONION_ONLY != "no" ]]; then
        ${PROJECT_NAME}-rmxmpp -e "${remove_username}@${XMPP_ONION_HOSTNAME}"
    else
        ${PROJECT_NAME}-rmxmpp -e "${remove_username}@${HOSTNAME}"
    fi
}

function add_user_xmpp_client {
    new_username="$1"
    new_user_password="$2"

    if [ -f /usr/local/bin/profanity ]; then
        XMPP_CLIENT_DIR=/home/$new_username/.local/share/profanity
        XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
        if [ ! -d $XMPP_CLIENT_DIR ]; then
            mkdir -p $XMPP_CLIENT_DIR
        fi
        if [ ! -d /home/$new_username/.config/profanity ]; then
            mkdir -p /home/$new_username/.config/profanity
        fi
        MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$new_username" "$new_username@$HOSTNAME")
        echo "[${new_username}@${HOSTNAME}]" > $XMPP_CLIENT_ACCOUNTS
        echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
        echo "jid=${new_username}@${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
        echo "pgp.keyid=$GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
        echo "muc.service=conference.${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
        echo "muc.nick=${new_username}" >> $XMPP_CLIENT_ACCOUNTS
        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS

        echo '[connection]' > /home/$new_username/.config/profanity/profrc
        if [[ $ONION_ONLY != "no" ]]; then
            echo "account=${new_username}@${XMPP_ONION_HOSTNAME}" >> /home/$new_username/.config/profanity/profrc
        else
            echo "account=${new_username}@${HOSTNAME}" >> /home/$new_username/.config/profanity/profrc
        fi
        echo '' >> /home/$new_username/.config/profanity/profrc
        echo '[plugins]' >> /home/$new_username/.config/profanity/profrc
        echo 'load=prof_omemo_plugin.py;' >> /home/$new_username/.config/profanity/profrc
        echo '' >> /home/$new_username/.config/profanity/profrc
        echo '[otr]' >> /home/$new_username/.config/profanity/profrc
        echo 'policy=opportunistic' >> /home/$new_username/.config/profanity/profrc
        echo 'log=off' >> /home/$new_username/.config/profanity/profrc
        echo '' >> /home/$new_username/.config/profanity/profrc
        echo '[pgp]' >> /home/$new_username/.config/profanity/profrc
        echo 'log=off' >> /home/$new_username/.config/profanity/profrc
        echo '' >> /home/$new_username/.config/profanity/profrc
        echo '[ui]' >> /home/$new_username/.config/profanity/profrc
        echo 'enc.warn=true' >> /home/$new_username/.config/profanity/profrc

        chown -R $new_username:$new_username /home/$new_username/.local
        chown -R $new_username:$new_username /home/$new_username/.config
    fi
}

function add_user_xmpp {
    new_username="$1"
    new_user_password="$2"

    XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
    ${PROJECT_NAME}-pass -u $new_username -a xmpp -p "$new_user_password"

    if [[ $ONION_ONLY != "no" ]]; then
        ${PROJECT_NAME}-addxmpp -e "$new_username@$XMPP_ONION_HOSTNAME" -p "$new_user_password"
    else
        ${PROJECT_NAME}-addxmpp -e "$new_username@$HOSTNAME" -p "$new_user_password"
    fi
    if [ ! "$?" = "0" ]; then
        echo '1'
        return
    fi

    add_user_xmpp_client "$new_username" "$new_user_password"
    echo '0'
}

function install_interactive_xmpp {
    echo -n ''
    APP_INSTALLED=1
}

function change_password_xmpp {
    curr_username="$1"
    new_user_password="$2"

    read_config_param DEFAULT_DOMAIN_NAME

    ${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password"

    # TODO: this is currently interactive. Really there needs to be a
    # non-interactive password change option for prosodyctl
    clear
    echo ''
    echo $'Currently Prosody requires password changes to be done interactively'
    prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME}

    if [ -f /usr/local/bin/profanity ]; then
        XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
        XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
        if [ -f $XMPP_CLIENT_ACCOUNTS ]; then
            sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS
        fi
    fi
}

function reconfigure_xmpp {
    echo -n ''
}

function update_prosody_modules {
    if [ ! $1 ]; then
        if [ ! -d /var/lib/prosody/prosody-modules ]; then
            return
        fi
    fi
    if [ ! -d /usr/lib/prosody ]; then
        return
    fi

    if [ ! -f $INSTALL_DIR/$prosody_modules_filename ]; then
        # Obtain the modules
        if [ -f ~/freedombone/image_build/$prosody_modules_filename ]; then
            cp ~/freedombone/image_build/$prosody_modules_filename $INSTALL_DIR
        else
            if [ -f /home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename ]; then
                cp /home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename $INSTALL_DIR
            fi
        fi

        if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
            cd $INSTALL_DIR

            # Check the hash
            curr_hash=$(sha256sum $INSTALL_DIR/$prosody_modules_filename | awk -F ' ' '{print $1}')
            if [[ "$curr_hash" != "$prosody_modules_hash" ]]; then
                echo $'Prosody modules hash does not match'
                exit 83562
            else
                # Extract the modules
                if [ -d $INSTALL_DIR/prosody-modules ]; then
                    rm -rf $INSTALL_DIR/prosody-modules
                fi
                tar -xzvf $prosody_modules_filename
                if [ -d $INSTALL_DIR/prosody-modules ]; then
                    systemctl stop prosody
                    if [ ! -d /var/lib/prosody/prosody-modules ]; then
                        mkdir -p /var/lib/prosody/prosody-modules
                    fi
                    cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
                    chown -R prosody:prosody /var/lib/prosody/prosody-modules
                    systemctl start prosody
                else
                    echo $'Prosody modules not extracted'
                    exit 72524
                fi
            fi
        fi
    fi

    # change to using pep rather than profile modules
    if grep '"pep"' /etc/prosody/prosody.cfg.lua; then
        # This strange dance seems to fix occasional breakage of PEP
        # Is there a better solution?
        sed -i 's|"pep"|"profile"|g' /etc/prosody/prosody.cfg.lua
        systemctl restart prosody
        sleep 4
        sed -i 's|"profile"|"pep"|g' /etc/prosody/prosody.cfg.lua
        systemctl restart prosody
    fi
    if ! grep '"vcard"' /etc/prosody/prosody.cfg.lua; then
        systemctl stop prosody
        sed -i '/"pep"/a "vcard";' /etc/prosody/prosody.cfg.lua
        systemctl start prosody
    fi
}

function upgrade_xmpp {
    if [ -d /etc/letsencrypt ]; then
        usermod -a -G ssl-cert prosody
    fi
    function_check update_prosody_modules
    update_prosody_modules

    curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}')
    if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
        if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then
            # ensure that the binaries have not been overwritten
            # by an operating system upgrade
            cd ${INSTALL_DIR}/${prosody_filename}
            make prefix=/usr install
        else
            cd $INSTALL_DIR
            # Try to get the source from the project repo
            if [ -f /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
                cp /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
            else
                if [ -f /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
                    cp /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
                else
                    wget $prosody_nightly_url
                fi
            fi
            if [ ! -f ${INSTALL_DIR}/${prosody_filename}.tar.gz ]; then
                echo $"Failed to download prosody nightly $prosody_nightly_url"
                return
            fi

            hash_value=$(sha256sum ${INSTALL_DIR}/${prosody_filename}.tar.gz | awk -F ' ' '{print $1}')
            if [[ "$hash_value" != "$prosody_nightly_hash" ]]; then
                rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
                echo $'Unexpected hash value for prosody nightly download'
                return
            fi

            tar -xzvf ${INSTALL_DIR}/${prosody_filename}.tar.gz
            cd ${INSTALL_DIR}/${prosody_filename}
            ./configure --ostype=debian --prefix=/usr
            make prefix=/usr
            make prefix=/usr install
            if [ -f /usr/local/bin/prosody ]; then
                echo $'Failed to build prosody nightly to /usr/bin'
                rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
                rm -rf ${INSTALL_DIR}/${prosody_filename}
                return
            fi
            rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
        fi

        # add onion addresses for known servers
        if ! grep -q "onions_map =" /etc/prosody/prosody.cfg.lua; then
            echo '' >> /etc/prosody/prosody.cfg.lua
            xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
        fi

        set_completion_param "prosody_filename" "${prosody_filename}"
    fi

    systemctl restart prosody
}

function backup_local_xmpp {
    source_directory=/var/lib/prosody
    if [ -d $source_directory ]; then
        dest_directory=xmpp
        function_check backup_directory_to_usb
        backup_directory_to_usb $source_directory $dest_directory
    fi
}

function restore_local_xmpp {
    if [ -d /var/lib/prosody ]; then
        echo $"Restoring xmpp settings"
        temp_restore_dir=/root/tempxmpp
        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir xmpp
        cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
        if [ ! "$?" = "0" ]; then
            function_check set_user_permissions
            set_user_permissions
            function_check backup_unmount_drive
            backup_unmount_drive
            exit 725
        fi
        rm -rf $temp_restore_dir
        systemctl restart prosody
        chown -R prosody:prosody /var/lib/prosody/*
        echo $"Restore of xmpp settings complete"
    fi
}

function backup_remote_xmpp {
    if [ -d /var/lib/prosody ]; then
        echo $"Backing up the xmpp settings"
        backup_directory_to_friend /var/lib/prosody xmpp
        echo $"Backup of xmpp settings complete"
    fi
}

function restore_remote_xmpp {
    if [ -d /var/lib/prosody ]; then
        echo $"Restoring xmpp settings"
        temp_restore_dir=/root/tempxmpp
        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir xmpp
        cp -r $temp_restore_dir/var/lib/prosody/* /var/lib/prosody
        if [ ! "$?" = "0" ]; then
            exit 725
        fi
        rm -rf $temp_restore_dir
        systemctl restart prosody
        chown -R prosody:prosody /var/lib/prosody/*
        echo $"Restore of xmpp settings complete"
    fi
}

function configure_firewall_for_xmpp {
    if [ ! -d /etc/prosody ]; then
        return
    fi
    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
        return
    fi
    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
        # docker does its own firewalling
        return
    fi
    if [[ $ONION_ONLY != "no" ]]; then
        return
    fi
    firewall_add XMPP 5222 tcp
    firewall_add XMPP 5223 tcp
    firewall_add XMPP 5269 tcp
    firewall_add XMPP 5280 tcp
    firewall_add XMPP 5281 tcp
    mark_completed $FUNCNAME
}

function remove_xmpp {
    remove_profanity
    remove_movim
    firewall_remove 5222 tcp
    firewall_remove 5223 tcp
    firewall_remove 5269 tcp
    firewall_remove 5280 tcp
    firewall_remove 5281 tcp

    function_check remove_onion_service
    remove_onion_service xmpp 5222 5223 5269

    apt-get -yq remove --purge prosody
    if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
        rm $INSTALL_DIR/$prosody_modules_filename
    fi
    if [ -d $INSTALL_DIR/prosody-modules ]; then
        rm -rf $INSTALL_DIR/prosody-modules
    fi
    if [ -d /etc/prosody ]; then
        rm -rf /etc/prosody
    fi
    if [ -d /var/lib/prosody ]; then
        rm -rf /var/lib/prosody
    fi
    if [ -d /usr/lib/prosody ]; then
        rm -rf /usr/lib/prosody
    fi
    if [ -f /usr/local/bin/prosody ]; then
        rm /usr/local/bin/prosody
    fi
    if [ -f /usr/local/bin/prosodyctl ]; then
        rm /usr/local/bin/prosodyctl
    fi
    groupdel prosody

    remove_completion_param install_xmpp
    sed -i '/xmpp/d' $COMPLETION_FILE
    sed -i '/prosody/d' $COMPLETION_FILE
}

function xmpp_email_headers {
    for d in /home/*/ ; do
        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
        if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
            if [ -f /home/$USERNAME/.muttrc ]; then
                if ! grep -q "Jabber-ID" /home/$USERNAME/.muttrc; then
                    echo "my_hdr Jabber-ID: ${USERNAME}@${HOSTNAME}" >> /home/$USERNAME/.muttrc
                fi
            fi
        fi
    done
}

function xmpp_modules {
    filename=$1
    echo 'modules_enabled = {' >> $filename
    echo '  "pubsub";' >> $filename
    echo '  "pubsub_hub";' >> $filename
    echo '  "dialback"; -- s2s dialback support' >> $filename
    echo '  "disco"; -- Service discovery' >> $filename
    echo '  "private"; -- Private XML storage (for room bookmarks, etc.)' >> $filename
    echo '  "version"; -- Replies to server version requests' >> $filename
    echo '  "uptime"; -- Report how long server has been running' >> $filename
    echo '  "time"; -- Let others know the time here on this server' >> $filename
    echo '  "ping"; -- Replies to XMPP pings with pongs' >> $filename
    echo '  "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands' >> $filename
    echo '  "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.' >> $filename
    echo '  "bosh"; -- Enable mod_bosh' >> $filename
    echo '  "tls"; -- Enable mod_tls' >> $filename
    echo '  "saslauth"; -- Enable mod_saslauth' >> $filename
    echo '  "onions"; -- Enable chat via onion service' >> $filename
    echo '  "mam"; -- Message archive management' >> $filename
    echo '  "csi"; -- Client state indication' >> $filename
    echo '  "carbons"; -- Message carbons' >> $filename
    echo '  "carbons_adhoc"; -- Message carbons' >> $filename
    echo '  "carbons_copies"; -- Message carbons' >> $filename
    echo '  "smacks"; -- Stream management' >> $filename
    echo '  "smacks_offline"; -- Stream management' >> $filename
    echo '  "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
    echo '  "vcard"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
    echo '  "e2e_policy"; -- To support OMEMO' >> $filename
    echo '  "pep_vcard_avatar"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
    echo '  "blocklist"; -- Privacy lists' >> $filename
    echo '  "privacy_lists"; -- Privacy lists' >> $filename
    echo '  "blocking"; -- Blocking command' >> $filename
    echo '  "roster"; -- Roster versioning' >> $filename
    echo '  "offline_email"; -- If offline send to email' >> $filename
    echo '  "offline"; -- Store offline messages' >> $filename
    echo '  "http";' >> $filename
    echo '  "http_upload";' >> $filename
    echo '  "websocket";' >> $filename
    echo '  "throttle_presence"; -- Reduce battery and bandwidth usage' >> $filename
    echo '  "filter_chatstates"; -- Reduce battery and bandwidth usage' >> $filename
    echo '};' >> $filename
}

function xmpp_onion_addresses {
    filename=$1
    echo 'onions_map = {' >> $filename
    echo '  ["anonymitaet-im-inter.net"] = "rwf5skuv5vqzcdit.onion";' >> $filename
    echo '  ["autistici.org"] = "wi7qkxyrdpu5cmvr.onion";' >> $filename
    echo '  ["jabber.calyxinstitute.org"] = "ijeeynrc6x2uy5ob.onion";' >> $filename
    echo '  ["jabber.ccc.de"] = "okj7xc6j2szr2y75.onion";' >> $filename
    echo '  ["cloak.dk"] = "m2dsl4banuimpm6c.onion";' >> $filename
    echo '  ["jabber.cryptoparty.is"] = "cryjabkbdljzohnp.onion";' >> $filename
    echo '  ["daemons.cf"] = "daemon4jidu2oig6.onion";' >> $filename
    echo '  ["dukgo.com"] = "wlcpmruglhxp6quz.onion";' >> $filename
    echo '  ["evil.im"] = "evilxro6nvjuvxqo.onion";' >> $filename
    echo '  ["xmpp.evil.im"] = "evilxro6nvjuvxqo.onion";' >> $filename
    echo '  ["inventati.org"] = "wi7qkxyrdpu5cmvr.onion";' >> $filename
    echo '  ["jabber.ipredator.se"] = "3iffdebkzzkpgipa.onion";' >> $filename
    echo '  ["jabber-germany.de"] = "dbbrphko5tqcpar3.onion";' >> $filename
    echo '  ["kode.im"] = "ihkw7qy3tok45dun.onion";' >> $filename
    echo '  ["im.koderoot.net"] = "ihkw7qy3tok45dun.onion";' >> $filename
    echo '  ["adb-centralen.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
    echo '  ["joelpurra.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
    echo '  ["nordberg.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
    echo '  ["jabber.lqdn.fr"] = "jabber63t4r2qi57.onion";' >> $filename
    echo '  ["jabber.otr.im"] = "5rgdtlawqkcplz75.onion";' >> $filename
    echo '  ["otromundo.cf"] = "arauemwe2utqqzye.onion";' >> $filename
    echo '  ["patchcord.be"] = "xsydhi3dnbjuatpz.onion";' >> $filename
    echo '  ["riseup.net"] = "4cjw6cwpeaeppfqz.onion";' >> $filename
    echo '  ["xmpp.riseup.net"] = "4cjw6cwpeaeppfqz.onion";' >> $filename
    echo '  ["rows.io"] = "yz6yiv2hxyagvwy6.onion";' >> $filename
    echo '  ["xmpp.rows.io"] = "yz6yiv2hxyagvwy6.onion";' >> $filename
    echo '  ["securejabber.me"] = "giyvshdnojeivkom.onion";' >> $filename
    echo '  ["so36.net"] = "s4fgy24e2b5weqdb.onion";' >> $filename
    echo '  ["jabber.so36.net"] = "s4fgy24e2b5weqdb.onion";' >> $filename
    echo '  ["jabber.systemli.org"] = "x5tno6mwkncu5m3h.onion";' >> $filename
    echo '  ["taolo.ga"] = "l3ybpw4vs6ie5rv2.onion";' >> $filename
    echo '  ["tchncs.de"] = "duvfmyqmdlyvc3mi.onion";' >> $filename
    echo '  ["wtfismyip.com"] = "ofkztxcohimx34la.onion";' >> $filename
    echo '  ["prosody.xmpp.is"] = "y2qmqomqpszzryei.onion";' >> $filename
    echo '  ["xndr.de"] = "trcubpttd6zkc3tf.onion";' >> $filename
    echo '  ["trashserver.net"] = "m4c722bvc2r7brnn.onion";' >> $filename
    echo '};' >> $filename
}

function xmpp_create_config {
    echo "admins = { \"$MY_USERNAME@$DEFAULT_DOMAIN_NAME\" }" > /etc/prosody/prosody.cfg.lua
    echo 'plugin_paths = { "/var/lib/prosody/prosody-modules" }' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    xmpp_modules /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'allow_registration = false;' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'daemonize = true;' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'pidfile = "/var/run/prosody/prosody.pid";' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'https_ports = { 5281 }' >> /etc/prosody/prosody.cfg.lua
    echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
    echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
        echo "    key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
    else
        echo "    certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
        echo "    key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
    fi
    echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
    echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
    echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
        echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
    else
        echo "    dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
    fi
    echo "}" >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
        echo "    key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
    else
        echo "    certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
        echo "    key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
    fi
    echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
    echo '    depth = "2";' >> /etc/prosody/prosody.cfg.lua
    echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
    echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
        echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
    else
        echo "    dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
    fi
    echo '}' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
    echo 's2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 's2s_secure_auth = false' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'authentication = "internal_hashed"' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'storage = "sql"' >> /etc/prosody/prosody.cfg.lua
    echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'log = {' >> /etc/prosody/prosody.cfg.lua
    echo '    info = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
    echo '    error = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
    echo '    { levels = { "error" }; to = "/dev/null";  };' >> /etc/prosody/prosody.cfg.lua
    echo '}' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    if [[ $ONION_ONLY != 'no' ]]; then
        echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/prosody.cfg.lua
    else
        echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
    fi
    echo '    ssl = {' >> /etc/prosody/prosody.cfg.lua
    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
        echo "        certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
        echo "        key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
    else
        echo "        certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
        echo "        key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
    fi
    echo "        curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
    echo '        depth = "2";' >> /etc/prosody/prosody.cfg.lua
    echo "        ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
    echo '        options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
        echo "        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
    else
        echo "        dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
    fi
    echo '    }' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
    echo 'http_upload_path = "/var/lib/prosody/http_uploads"' >> /etc/prosody/prosody.cfg.lua
    echo 'http_upload_file_size_limit = 307200' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo "Component \"chat.${DEFAULT_DOMAIN_NAME}\" \"muc\"" >> /etc/prosody/prosody.cfg.lua
    echo '    name = "Chatrooms"' >> /etc/prosody/prosody.cfg.lua
    echo '    modules_enabled = {' >> /etc/prosody/prosody.cfg.lua
    echo '        "muc_limits";' >> /etc/prosody/prosody.cfg.lua
    echo '        "muc_log";' >> /etc/prosody/prosody.cfg.lua
    echo '        "mam_muc";' >> /etc/prosody/prosody.cfg.lua
    echo '        "muc_log_http";' >> /etc/prosody/prosody.cfg.lua
    echo '    }' >> /etc/prosody/prosody.cfg.lua
    echo 'storage = { muc_log = "sql"; }' >> /etc/prosody/prosody.cfg.lua
    echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }' >> /etc/prosody/prosody.cfg.lua
    echo 'muc_event_rate = 0.5;' >> /etc/prosody/prosody.cfg.lua
    echo 'muc_burst_factor = 10;' >> /etc/prosody/prosody.cfg.lua
    echo 'muc_log_by_default = false;' >> /etc/prosody/prosody.cfg.lua
    echo 'muc_log_all_rooms = false;' >> /etc/prosody/prosody.cfg.lua
    echo 'max_archive_query_results = 10;' >> /etc/prosody/prosody.cfg.lua
    echo 'max_history_messages = 10;' >> /etc/prosody/prosody.cfg.lua
}

function install_xmpp_nightly {
    if [ ! -d $INSTALL_DIR ]; then
        mkdir -p $INSTALL_DIR
    fi

    cd $INSTALL_DIR

    # Try to get the source from the project repo
    if [ -f /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
        cp /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
    else
        if [ -f /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
            cp /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
        else
            wget $prosody_nightly_url
        fi
    fi

    if [ ! -f ${INSTALL_DIR}/${prosody_filename}.tar.gz ]; then
        echo $"Failed to download prosody nightly $prosody_nightly_url"
        exit 78352
    fi

    hash_value=$(sha256sum ${INSTALL_DIR}/${prosody_filename}.tar.gz | awk -F ' ' '{print $1}')
    if [[ "$hash_value" != "$prosody_nightly_hash" ]]; then
        rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
        echo $'Unexpected hash value for prosody nightly download'
        exit 68224283
    fi

    tar -xzvf ${INSTALL_DIR}/${prosody_filename}.tar.gz
    cd ${INSTALL_DIR}/${prosody_filename}
    ./configure --ostype=debian --prefix=/usr
    make prefix=/usr
    make prefix=/usr install
    if [ -f /usr/local/bin/prosody ]; then
        echo $'Failed to build prosody nightly to /usr/bin'
        rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
        rm -rf ${INSTALL_DIR}/${prosody_filename}
        exit 628732
    fi
    rm ${INSTALL_DIR}/${prosody_filename}.tar.gz

    set_completion_param "prosody_filename" "${prosody_filename}"
}

function install_xmpp {
    if [ ! -d $INSTALL_DIR ]; then
        mkdir -p $INSTALL_DIR
    fi

    # remove any existing install attempt
    if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
        rm $INSTALL_DIR/$prosody_modules_filename
    fi
    if [ -d $INSTALL_DIR/prosody-modules ]; then
        rm -rf $INSTALL_DIR/prosody-modules
    fi

    update_prosody_modules

    # obtain a cert for the default domain
    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
        create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
        if [[ $ONION_ONLY == 'no' ]]; then
            if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
                echo $'LetsEncrypt cert could not be obtained for xmpp'
                exit 72342
            fi
        fi
    fi

    apt-get -yq install lua-sec lua-bitop lua5.1 liblua5.1-dev
    apt-get -yq install libidn11-dev libssl-dev lua-dbi-sqlite3
    apt-get -yq install mercurial
    apt-get -yq install prosody

    if [ ! -f /usr/bin/hg ]; then
        echo $"Couldn't install mercurial"
        exit 52825
    fi

    if [ ! -d /etc/prosody ]; then
        echo $"ERROR: prosody does not appear to have installed. $CHECK_MESSAGE"
        exit 52367
    fi

    groupadd prosody

    if [ ! -d /var/lib/prosody/http_uploads ]; then
        mkdir -p /var/lib/prosody/http_uploads
    fi
    if [ ! -d /etc/prosody/conf.d ]; then
        mkdir -p /etc/prosody/conf.d
    fi

    chmod -R 700 /etc/prosody/conf.d
    chown -R prosody /var/lib/prosody
    chown -R prosody /etc/prosody/conf.d

    # install modules
    update_prosody_modules initial
    if [ ! -d /var/lib/prosody/prosody-modules ]; then
        echo $'No prosody modules available'
        exit 82634
    fi

    # create a certificate
    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
        if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
            ${PROJECT_NAME}-addcert -h xmpp --dhkey ${DH_KEYLENGTH}
            check_certificates xmpp
            if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
                echo $'Failed to create xmpp certificate'
                exit 72352
            fi
            if [ ! -f /etc/ssl/private/xmpp.key ]; then
                echo $'Failed to create xmpp private certificate'
                exit 36829
            fi
            chmod g=rX /etc/ssl/private/xmpp.key
            chmod g=rX /etc/ssl/certs/xmpp.*
        fi
    fi

    groupadd default
    chmod 600 /etc/shadow
    chmod 600 /etc/gshadow
    usermod -g default prosody
    chmod 0000 /etc/shadow
    chmod 0000 /etc/gshadow

    chown root:default /etc/ssl/private/xmpp.*
    chown root:default /etc/ssl/certs/xmpp.*
    chown root:default /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.*
    chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*

    cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua

    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
        sed -i "s|key =.*|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
        sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
    else
        sed -i "s|key =.*|key = \"/etc/ssl/private/xmpp.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
        sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/xmpp.crt\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
    fi
    if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then
            sed -i "/certificate =/a\        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
        else
            sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
        fi
    fi
    if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
        sed -i '/certificate =/a\        options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
    fi
    if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
        sed -i "/certificate =/a\        ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
    fi
    if ! grep -q 'depth = "2";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
        sed -i '/certificate =/a\        depth = "2";' /etc/prosody/conf.avail/xmpp.cfg.lua
    fi
    if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
        sed -i "/certificate =/a\        curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
    fi

    sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
    sed -i 's/enabled = false -- Remove this line to enable this host//g' /etc/prosody/conf.avail/xmpp.cfg.lua

    if ! grep -q "modules_enabled" /etc/prosody/conf.avail/xmpp.cfg.lua; then
        echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
        xmpp_modules /etc/prosody/conf.avail/xmpp.cfg.lua
    fi
    echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
    if ! grep -q "c2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
        echo 'c2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
    else
        sed -i 's|c2s_require_encryption.*|c2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
    fi
    if ! grep -q "s2s_require_encryption" /etc/prosody/conf.avail/xmpp.cfg.lua; then
        echo 's2s_require_encryption = true' >> /etc/prosody/conf.avail/xmpp.cfg.lua
    else
        sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
    fi
    if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
        echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
    else
        sed -i 's|allow_unencrypted_plain_auth.*|allow_unencrypted_plain_auth = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
    fi
    ln -sf /etc/prosody/conf.avail/xmpp.cfg.lua /etc/prosody/conf.d/xmpp.cfg.lua

    if [ ! -d /var/lib/tor ]; then
        echo $'No Tor installation found. xmpp onion site cannot be configured.'
        exit 877367
    fi
    if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
        echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
        echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
        echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
        echo $'Added onion site for xmpp chat'
    fi

    onion_update
    wait_for_onion_service 'xmpp'

    if [ ! -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
        echo $'xmpp onion site hostname not found'
        exit 65349
    fi
    XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
    if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
        echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
        echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
        echo '    modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
    fi
    set_completion_param "xmpp onion domain" "${XMPP_ONION_HOSTNAME}"

    if [ -f $IMAGE_PASSWORD_FILE ]; then
        XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
    else
        if [ ${#XMPP_PASSWORD} -lt 8 ]; then
            XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
        fi
    fi

    function_check configure_firewall_for_xmpp
    configure_firewall_for_xmpp
    xmpp_email_headers

    update_default_domain

    xmpp_create_config

    # TODO comment this out after debian supports prosody 0.10 or later
    install_xmpp_nightly

    chown -R prosody /etc/prosody
    chown -R prosody /var/lib/prosody
    chown -R prosody /usr/lib/prosody
    chmod -R 700 /etc/prosody/conf.d
    usermod -a -G www-data prosody

    if [ -d /etc/letsencrypt ]; then
        usermod -a -G ssl-cert prosody
    fi
    systemctl restart prosody

    if [[ $ONION_ONLY != 'no' ]]; then
        prosodyctl register $MY_USERNAME $XMPP_ONION_HOSTNAME "$XMPP_PASSWORD"
    else
        prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME "$XMPP_PASSWORD"
    fi
    if [ ! "$?" = "0" ]; then
        echo ''
        echo ''
        systemctl status prosody -l
        echo ''
        echo ''
        which prosody
        which prosodyctl
        echo ''
        echo ''
        cat /etc/prosody/prosody.cfg.lua
        echo ''
        echo ''
        cat /etc/prosody/conf.avail/xmpp.cfg.lua
        echo ''
        echo ''
        #remove_xmpp
        echo $'Unable to register prosody user'
        exit 347682
    fi

    ${PROJECT_NAME}-pass -u $MY_USERNAME -a xmpp -p "$XMPP_PASSWORD"

    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0