From 869aba1181131707bb80493360edf16983d7c907 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Wed, 18 Apr 2018 15:49:15 +0100
Subject: [PATCH 01/20] Initial pleroma user account

---
 doc/EN/app_pleroma.org      |   2 +-
 website/EN/app_pleroma.html | 180 +++++++++---------------------------
 2 files changed, 46 insertions(+), 136 deletions(-)

diff --git a/doc/EN/app_pleroma.org b/doc/EN/app_pleroma.org
index af6b1e9f..c89173fc 100644
--- a/doc/EN/app_pleroma.org
+++ b/doc/EN/app_pleroma.org
@@ -32,7 +32,7 @@ Using cursor keys, space bar and Enter key select *Administrator controls* and t
 Select *Add/Remove Apps* then *pleroma*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /pleroma.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
 
 * Initial setup
-The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
+The first thing you'll need to do is to obtain your login details. From the *administrator control panel* select *security settings* then *passwords* then *pleroma*. This gives the password you will need to log in, together with the username you gave during installation of the Freedombone system.
 
 Once you have done that then you can disable further registrations from the *Administrator control panel* by going to *App Settings* then *pleroma* then *Disable new account registrations*. This may take a while because the app gets recompiled afterwards.
 
diff --git a/website/EN/app_pleroma.html b/website/EN/app_pleroma.html
index 632408ae..d428bb98 100644
--- a/website/EN/app_pleroma.html
+++ b/website/EN/app_pleroma.html
@@ -3,33 +3,26 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-14 Sat 22:26 -->
-<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta name="viewport" content="width=device-width, initial-scale=1" />
-<title>&lrm;</title>
-<meta name="generator" content="Org mode" />
-<meta name="author" content="Bob Mottram" />
-<meta name="description" content="How to use Pleroma"
+<title></title>
+<!-- 2018-04-18 Wed 15:48 -->
+<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta  name="generator" content="Org-mode" />
+<meta  name="author" content="Bob Mottram" />
+<meta  name="description" content="How to use Pleroma"
  />
-<meta name="keywords" content="freedombone, pleroma" />
+<meta  name="keywords" content="freedombone, pleroma" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center;
-             margin-bottom: .2em; }
-  .subtitle { text-align: center;
-              font-size: medium;
-              font-weight: bold;
-              margin-top:0; }
+  .title  { text-align: center; }
   .todo   { font-family: monospace; color: red; }
-  .done   { font-family: monospace; color: green; }
-  .priority { font-family: monospace; color: orange; }
+  .done   { color: green; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
+  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
@@ -56,111 +49,27 @@
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  /* Languages per Org manual */
-  pre.src-asymptote:before { content: 'Asymptote'; }
-  pre.src-awk:before { content: 'Awk'; }
-  pre.src-C:before { content: 'C'; }
-  /* pre.src-C++ doesn't work in CSS */
-  pre.src-clojure:before { content: 'Clojure'; }
-  pre.src-css:before { content: 'CSS'; }
-  pre.src-D:before { content: 'D'; }
-  pre.src-ditaa:before { content: 'ditaa'; }
-  pre.src-dot:before { content: 'Graphviz'; }
-  pre.src-calc:before { content: 'Emacs Calc'; }
+  pre.src-sh:before    { content: 'sh'; }
+  pre.src-bash:before  { content: 'sh'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-fortran:before { content: 'Fortran'; }
-  pre.src-gnuplot:before { content: 'gnuplot'; }
-  pre.src-haskell:before { content: 'Haskell'; }
-  pre.src-hledger:before { content: 'hledger'; }
-  pre.src-java:before { content: 'Java'; }
-  pre.src-js:before { content: 'Javascript'; }
-  pre.src-latex:before { content: 'LaTeX'; }
-  pre.src-ledger:before { content: 'Ledger'; }
-  pre.src-lisp:before { content: 'Lisp'; }
-  pre.src-lilypond:before { content: 'Lilypond'; }
-  pre.src-lua:before { content: 'Lua'; }
-  pre.src-matlab:before { content: 'MATLAB'; }
-  pre.src-mscgen:before { content: 'Mscgen'; }
-  pre.src-ocaml:before { content: 'Objective Caml'; }
-  pre.src-octave:before { content: 'Octave'; }
-  pre.src-org:before { content: 'Org mode'; }
-  pre.src-oz:before { content: 'OZ'; }
-  pre.src-plantuml:before { content: 'Plantuml'; }
-  pre.src-processing:before { content: 'Processing.js'; }
-  pre.src-python:before { content: 'Python'; }
-  pre.src-R:before { content: 'R'; }
-  pre.src-ruby:before { content: 'Ruby'; }
-  pre.src-sass:before { content: 'Sass'; }
-  pre.src-scheme:before { content: 'Scheme'; }
-  pre.src-screen:before { content: 'Gnu Screen'; }
-  pre.src-sed:before { content: 'Sed'; }
-  pre.src-sh:before { content: 'shell'; }
-  pre.src-sql:before { content: 'SQL'; }
-  pre.src-sqlite:before { content: 'SQLite'; }
-  /* additional languages in org.el's org-babel-load-languages alist */
-  pre.src-forth:before { content: 'Forth'; }
-  pre.src-io:before { content: 'IO'; }
-  pre.src-J:before { content: 'J'; }
-  pre.src-makefile:before { content: 'Makefile'; }
-  pre.src-maxima:before { content: 'Maxima'; }
-  pre.src-perl:before { content: 'Perl'; }
-  pre.src-picolisp:before { content: 'Pico Lisp'; }
-  pre.src-scala:before { content: 'Scala'; }
-  pre.src-shell:before { content: 'Shell Script'; }
-  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
-  /* additional language identifiers per "defun org-babel-execute"
-       in ob-*.el */
-  pre.src-cpp:before  { content: 'C++'; }
-  pre.src-abc:before  { content: 'ABC'; }
-  pre.src-coq:before  { content: 'Coq'; }
-  pre.src-groovy:before  { content: 'Groovy'; }
-  /* additional language identifiers from org-babel-shell-names in
-     ob-shell.el: ob-shell is the only babel language using a lambda to put
-     the execution function name together. */
-  pre.src-bash:before  { content: 'bash'; }
-  pre.src-csh:before  { content: 'csh'; }
-  pre.src-ash:before  { content: 'ash'; }
-  pre.src-dash:before  { content: 'dash'; }
-  pre.src-ksh:before  { content: 'ksh'; }
-  pre.src-mksh:before  { content: 'mksh'; }
-  pre.src-posh:before  { content: 'posh'; }
-  /* Additional Emacs modes also supported by the LaTeX listings package */
-  pre.src-ada:before { content: 'Ada'; }
-  pre.src-asm:before { content: 'Assembler'; }
-  pre.src-caml:before { content: 'Caml'; }
-  pre.src-delphi:before { content: 'Delphi'; }
-  pre.src-html:before { content: 'HTML'; }
-  pre.src-idl:before { content: 'IDL'; }
-  pre.src-mercury:before { content: 'Mercury'; }
-  pre.src-metapost:before { content: 'MetaPost'; }
-  pre.src-modula-2:before { content: 'Modula-2'; }
-  pre.src-pascal:before { content: 'Pascal'; }
-  pre.src-ps:before { content: 'PostScript'; }
-  pre.src-prolog:before { content: 'Prolog'; }
-  pre.src-simula:before { content: 'Simula'; }
-  pre.src-tcl:before { content: 'tcl'; }
-  pre.src-tex:before { content: 'TeX'; }
-  pre.src-plain-tex:before { content: 'Plain TeX'; }
-  pre.src-verilog:before { content: 'Verilog'; }
-  pre.src-vhdl:before { content: 'VHDL'; }
-  pre.src-xml:before { content: 'XML'; }
-  pre.src-nxml:before { content: 'XML'; }
-  /* add a generic configuration mode; LaTeX export needs an additional
-     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
-  pre.src-conf:before { content: 'Configuration File'; }
+  pre.src-R:before     { content: 'R'; }
+  pre.src-perl:before  { content: 'Perl'; }
+  pre.src-java:before  { content: 'Java'; }
+  pre.src-sql:before   { content: 'SQL'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.org-right  { text-align: center;  }
-  th.org-left   { text-align: center;   }
-  th.org-center { text-align: center; }
-  td.org-right  { text-align: right;  }
-  td.org-left   { text-align: left;   }
-  td.org-center { text-align: center; }
+  th.right  { text-align: center;  }
+  th.left   { text-align: center;   }
+  th.center { text-align: center; }
+  td.right  { text-align: right;  }
+  td.left   { text-align: left;   }
+  td.center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara { display: inline; }
+  .footpara:nth-child(2) { display: inline; }
+  .footpara { display: block; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
@@ -180,7 +89,6 @@
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
-  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
@@ -189,7 +97,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2017 Free Software Foundation, Inc.
+Copyright (C) 2012-2013 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -236,6 +144,7 @@ for the JavaScript code in this tag.
 <a name="top" id="top"></a>
 </div>
 <div id="content">
+<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
@@ -262,14 +171,15 @@ Some general advice about life in the fediverse <a href="./fediverse.html">can b
 </p>
 </div>
 
-<div id="outline-container-org0daf1b1" class="outline-2">
-<h2 id="org0daf1b1">Installation</h2>
-<div class="outline-text-2" id="text-org0daf1b1">
+<div id="outline-container-sec-1" class="outline-2">
+<h2 id="sec-1">Installation</h2>
+<div class="outline-text-2" id="text-1">
 <p>
 Log into your system with:
 </p>
 
 <div class="org-src-container">
+
 <pre class="src src-bash">ssh myusername@mydomain -p 2222
 </pre>
 </div>
@@ -284,11 +194,11 @@ Select <b>Add/Remove Apps</b> then <b>pleroma</b>. You will then be asked for a
 </div>
 </div>
 
-<div id="outline-container-org79fb756" class="outline-2">
-<h2 id="org79fb756">Initial setup</h2>
-<div class="outline-text-2" id="text-org79fb756">
+<div id="outline-container-sec-2" class="outline-2">
+<h2 id="sec-2">Initial setup</h2>
+<div class="outline-text-2" id="text-2">
 <p>
-The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
+The first thing you'll need to do is to obtain your login details. From the <b>administrator control panel</b> select <b>security settings</b> then <b>passwords</b> then <b>pleroma</b>. This gives the password you will need to log in, together with the username you gave during installation of the Freedombone system.
 </p>
 
 <p>
@@ -297,9 +207,9 @@ Once you have done that then you can disable further registrations from the <b>A
 </div>
 </div>
 
-<div id="outline-container-org260dfa9" class="outline-2">
-<h2 id="org260dfa9">Mastodon user interface</h2>
-<div class="outline-text-2" id="text-org260dfa9">
+<div id="outline-container-sec-3" class="outline-2">
+<h2 id="sec-3">Mastodon user interface</h2>
+<div class="outline-text-2" id="text-3">
 <p>
 If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to <b>/yourpleromadomainname/web</b> and log in.
 </p>
@@ -312,9 +222,9 @@ If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once y
 </div>
 </div>
 
-<div id="outline-container-org2c42cb3" class="outline-2">
-<h2 id="org2c42cb3">Mobile apps</h2>
-<div class="outline-text-2" id="text-org2c42cb3">
+<div id="outline-container-sec-4" class="outline-2">
+<h2 id="sec-4">Mobile apps</h2>
+<div class="outline-text-2" id="text-4">
 <p>
 It's also possible to use Mastodon apps together with Pleroma, such as Tusky, since it supports the Mastodon API. You may need to install <b>IcecatMobile</b> and set it as your default browser (under <b>Settings/Apps/Menu</b>) in order for the initial oauth registration process to work.
 </p>
@@ -327,9 +237,9 @@ It's also possible to use Mastodon apps together with Pleroma, such as Tusky, si
 </div>
 </div>
 
-<div id="outline-container-org07c16bd" class="outline-2">
-<h2 id="org07c16bd">Blocking controls</h2>
-<div class="outline-text-2" id="text-org07c16bd">
+<div id="outline-container-sec-5" class="outline-2">
+<h2 id="sec-5">Blocking controls</h2>
+<div class="outline-text-2" id="text-5">
 
 <div class="figure">
 <p><img src="images/controlpanel/control_panel_blocking.jpg" alt="control_panel_blocking.jpg" width="80%" align="center" />

From 541bb3d6991cec044a148f619c9244149ad5f66b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Thu, 19 Apr 2018 10:34:11 +0100
Subject: [PATCH 02/20] Remove syslog files when turning off logging

---
 src/freedombone-logging | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/freedombone-logging b/src/freedombone-logging
index 3979f7af..4858f27f 100755
--- a/src/freedombone-logging
+++ b/src/freedombone-logging
@@ -114,6 +114,7 @@ function turn_off_rsys_logging {
     $REMOVE_FILES_COMMAND /var/log/daemon.*
     $REMOVE_FILES_COMMAND /var/log/user.*
     $REMOVE_FILES_COMMAND /var/log/messages*
+    $REMOVE_FILES_COMMAND /var/log/syslog*
 }
 
 function turn_on_rsys_logging {

From b33deeb016e033ec90a4567790fd7aec9d27b008 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Thu, 19 Apr 2018 10:41:26 +0100
Subject: [PATCH 03/20] Turn off kernel logging

---
 src/freedombone-logging | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/freedombone-logging b/src/freedombone-logging
index 4858f27f..617109f5 100755
--- a/src/freedombone-logging
+++ b/src/freedombone-logging
@@ -102,6 +102,7 @@ function turn_off_rsys_logging {
     sed -i 's|daemon.\*.*|daemon.\*              /dev/null|g' /etc/rsyslog.conf
     sed -i 's|mail.\*.*|mail.\*              /dev/null|g' /etc/rsyslog.conf
     sed -i 's|user.\*.*|user.\*              /dev/null|g' /etc/rsyslog.conf
+    sed -i 's|kern.\*.*|kern.\*              /dev/null|g' /etc/rsyslog.conf
     sed -i 's|news.none;mail.none.*|news.none;mail.none /dev/null|g' /etc/rsyslog.conf
     sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      /dev/null|g' /etc/rsyslog.conf
     sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
@@ -115,6 +116,9 @@ function turn_off_rsys_logging {
     $REMOVE_FILES_COMMAND /var/log/user.*
     $REMOVE_FILES_COMMAND /var/log/messages*
     $REMOVE_FILES_COMMAND /var/log/syslog*
+    $REMOVE_FILES_COMMAND /var/log/alternatives*
+    $REMOVE_FILES_COMMAND /var/log/faillog
+    $REMOVE_FILES_COMMAND /var/log/kern.log*
 }
 
 function turn_on_rsys_logging {
@@ -129,6 +133,7 @@ function turn_on_rsys_logging {
     sed -i 's|daemon.\*.*|daemon.\*              -/var/log/daemon.log|g' /etc/rsyslog.conf
     sed -i 's|mail.\*.*|mail.\*              -/var/log/mail.log|g' /etc/rsyslog.conf
     sed -i 's|user.\*.*|user.\*              -/var/log/user.log|g' /etc/rsyslog.conf
+    sed -i 's|kern.\*.*|kern.\*              -/var/log/kern.log|g' /etc/rsyslog.conf
     sed -i 's|news.none;mail.none.*|news.none;mail.none -/var/log/debug|g' /etc/rsyslog.conf
     sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      -/var/log/syslog|g' /etc/rsyslog.conf
     sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf

From be74c3040a459bdd133f78a9a0396de9a2e08732 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Thu, 19 Apr 2018 11:07:11 +0100
Subject: [PATCH 04/20] Turn off postgresql logging

---
 src/freedombone-logging | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/freedombone-logging b/src/freedombone-logging
index 617109f5..4edc7c69 100755
--- a/src/freedombone-logging
+++ b/src/freedombone-logging
@@ -90,6 +90,22 @@ function turn_logging_off {
     done
 }
 
+function turn_off_postgresql_logging {
+    if [ ! -f /etc/postgresql/9.6/main/postgresql.conf ]; then
+        return
+    fi
+    sed -i 's|#log_destination|log_destination|g' /etc/postgresql/9.6/main/postgresql.conf
+    sed -i "s|log_destination.*|log_destination = 'syslog'|g" /etc/postgresql/9.6/main/postgresql.conf
+}
+
+function turn_on_postgresql_logging {
+    if [ ! -f /etc/postgresql/9.6/main/postgresql.conf ]; then
+        return
+    fi
+    sed -i 's|log_destination|#log_destination|g' /etc/postgresql/9.6/main/postgresql.conf
+    sed -i "s|log_destination.*|log_destination = 'stderr'|g" /etc/postgresql/9.6/main/postgresql.conf
+}
+
 function turn_off_rsys_logging {
     if ! grep -q '/var/log/auth.log' /etc/rsyslog.conf; then
         return
@@ -199,6 +215,7 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
         fi
     fi
     turn_on_rsys_logging
+    turn_on_postgresql_logging
 else
     turn_logging_off
 
@@ -256,6 +273,7 @@ else
         fi
     fi
     turn_off_rsys_logging
+    turn_off_postgresql_logging
 fi
 
 if [ -d /etc/exim4 ]; then
@@ -301,5 +319,8 @@ fi
 if [ -d /etc/matrix ]; then
     systemctl restart matrix
 fi
+if [ -d /etc/postgresql ]; then
+    systemctl restart postgresql
+fi
 
 exit 0

From f2654245aa52326febba556201852f408f82ee82 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Thu, 19 Apr 2018 11:28:11 +0100
Subject: [PATCH 05/20] Remove postgresql log files

---
 src/freedombone-logging | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/freedombone-logging b/src/freedombone-logging
index 4edc7c69..b76b4028 100755
--- a/src/freedombone-logging
+++ b/src/freedombone-logging
@@ -96,6 +96,9 @@ function turn_off_postgresql_logging {
     fi
     sed -i 's|#log_destination|log_destination|g' /etc/postgresql/9.6/main/postgresql.conf
     sed -i "s|log_destination.*|log_destination = 'syslog'|g" /etc/postgresql/9.6/main/postgresql.conf
+    if [ -d /var/log/postgresql ]; then
+        $REMOVE_FILES_COMMAND /var/log/postgresql/*
+    fi
 }
 
 function turn_on_postgresql_logging {

From 54f4a246edb871d4f21cb2d8e7a1b228f3276927 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Thu, 19 Apr 2018 11:39:26 +0100
Subject: [PATCH 06/20] Move postgresql logging functions

---
 src/freedombone-logging          | 19 -------------------
 src/freedombone-utils-postgresql | 20 ++++++++++++++++++++
 2 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/src/freedombone-logging b/src/freedombone-logging
index b76b4028..eafe5be0 100755
--- a/src/freedombone-logging
+++ b/src/freedombone-logging
@@ -90,25 +90,6 @@ function turn_logging_off {
     done
 }
 
-function turn_off_postgresql_logging {
-    if [ ! -f /etc/postgresql/9.6/main/postgresql.conf ]; then
-        return
-    fi
-    sed -i 's|#log_destination|log_destination|g' /etc/postgresql/9.6/main/postgresql.conf
-    sed -i "s|log_destination.*|log_destination = 'syslog'|g" /etc/postgresql/9.6/main/postgresql.conf
-    if [ -d /var/log/postgresql ]; then
-        $REMOVE_FILES_COMMAND /var/log/postgresql/*
-    fi
-}
-
-function turn_on_postgresql_logging {
-    if [ ! -f /etc/postgresql/9.6/main/postgresql.conf ]; then
-        return
-    fi
-    sed -i 's|log_destination|#log_destination|g' /etc/postgresql/9.6/main/postgresql.conf
-    sed -i "s|log_destination.*|log_destination = 'stderr'|g" /etc/postgresql/9.6/main/postgresql.conf
-}
-
 function turn_off_rsys_logging {
     if ! grep -q '/var/log/auth.log' /etc/rsyslog.conf; then
         return
diff --git a/src/freedombone-utils-postgresql b/src/freedombone-utils-postgresql
index 2656a240..69c85211 100755
--- a/src/freedombone-utils-postgresql
+++ b/src/freedombone-utils-postgresql
@@ -29,6 +29,26 @@
 # Set this when calling backup and restore commands
 USE_POSTGRESQL=
 POSTGRESQL_PACKAGES='postgresql-9.6 postgresql-contrib-9.6 postgresql-client'
+POSTGRESQL_VERSION=9.6
+
+function turn_off_postgresql_logging {
+    if [ ! -f /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf ]; then
+        return
+    fi
+    sed -i 's|#log_destination|log_destination|g' /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+    sed -i "s|log_destination.*|log_destination = 'syslog'|g" /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+    if [ -d /var/log/postgresql ]; then
+        $REMOVE_FILES_COMMAND /var/log/postgresql/*
+    fi
+}
+
+function turn_on_postgresql_logging {
+    if [ ! -f /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf ]; then
+        return
+    fi
+    sed -i 's|log_destination|#log_destination|g' /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+    sed -i "s|log_destination.*|log_destination = 'stderr'|g" /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+}
 
 function store_original_postgresql_password {
     if [ ! -f /root/.postgresqloriginal ]; then

From 21ecf61c13ea3c168a47adb6a46a0f1a9b137442 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Thu, 19 Apr 2018 11:43:11 +0100
Subject: [PATCH 07/20] extra syslog check

---
 src/freedombone-logging | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-logging b/src/freedombone-logging
index eafe5be0..80d8b5ba 100755
--- a/src/freedombone-logging
+++ b/src/freedombone-logging
@@ -92,7 +92,9 @@ function turn_logging_off {
 
 function turn_off_rsys_logging {
     if ! grep -q '/var/log/auth.log' /etc/rsyslog.conf; then
-        return
+        if ! grep -q '/var/log/kern.log' /etc/rsyslog.conf; then
+            return
+        fi
     fi
     sed -i 's|mail,news.none.*|mail,news.none      /dev/null|g' /etc/rsyslog.conf
     sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /dev/null|g' /etc/rsyslog.conf

From 771d0573aeb92e24affd1db2959dc77726579354 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 19 Apr 2018 22:16:58 +0100
Subject: [PATCH 08/20] Tidying

---
 src/freedombone-controlpanel | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index 19598c8b..e2dd100d 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -362,19 +362,6 @@ function show_tahoelafs {
     echo ''
 }
 
-function show_ip_addresses {
-    echo $'IP/DNS addresses'
-    echo '================'
-    echo ''
-    echo -n "IPv4: $(get_ipv4_address)/$(get_external_ipv4_address)"
-    ipv6_address="$(get_ipv6_address)"
-    if [ ${#ipv6_address} -gt 0 ]; then
-        echo "    IPv6: ${ipv6_address}"
-    fi
-    echo ''
-    echo ''
-}
-
 function show_ssh_public_key {
     echo $'SSH Public Keys'
     echo '==============='
@@ -391,7 +378,6 @@ function show_about {
     #clear
     #echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
     #echo ''
-    #show_ip_addresses
     #show_ssh_public_key
     show_domains
     #show_users

From 98c0b563f95e2b0655250652a56766d876eebb2a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 10:45:53 +0100
Subject: [PATCH 09/20] Migrate hidden service definitions from torrc to their
 own file

This should reduce problems during tor package upgrades
---
 src/freedombone-upgrade     |  1 +
 src/freedombone-utils-onion | 58 ++++++++++++++++++++++++++++---------
 2 files changed, 46 insertions(+), 13 deletions(-)

diff --git a/src/freedombone-upgrade b/src/freedombone-upgrade
index fc97f9d1..ccea64ea 100755
--- a/src/freedombone-upgrade
+++ b/src/freedombone-upgrade
@@ -95,6 +95,7 @@ if [ -d "$PROJECT_DIR" ]; then
         fi
 
         #rebuild_exim_with_socks
+        torrc_migrate
         nodejs_upgrade
         apt-get -yq -t stretch-backports install certbot
         email_install_tls
diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 993348a6..06b68655 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -31,6 +31,30 @@ TOR_MAX_TRAFFIC_PER_MONTH_GB=10
 
 USE_V2_ONION_ADDRESS=
 HIDDEN_SERVICE_PATH='/var/lib/tor/hidden_service_'
+ONION_SERVICES_FILE=/etc/torrc.d/freedombone
+
+function torrc_migrate {
+    if [ -f $ONION_SERVICES_FILE ]; then
+        return
+    fi
+    systemctl stop tor
+
+    mkdir /etc/torrc.d
+
+    grep "HiddenServiceDir\|HiddenServiceVersion\|HiddenServicePort" /etc/tor/torrc | grep -v "#HiddenServiceDir" >> $ONION_SERVICES_FILE
+
+    if ! grep "HiddenServiceVersion" $ONION_SERVICES_FILE; then
+        return
+    fi
+
+    if grep -q "#%include /etc/torrc.d" /etc/tor/torrc; then
+        sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+    else
+        echo "%include /etc/torrc.d" >> /etc/tor/torrc
+    fi
+
+    systemctl restart tor
+}
 
 function add_email_hostname {
     extra_email_hostname="$1"
@@ -80,17 +104,17 @@ function remove_onion_service {
     nick="$3"
 
     if [ ${#nick} -gt 0 ]; then
-        sed -i "/stealth ${nick}/d" /etc/tor/torrc
+        sed -i "/stealth ${nick}/d" $ONION_SERVICES_FILE
     fi
-    sed -i "/hidden_service_${onion_service_name}/,+1 d" /etc/tor/torrc
-    sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" /etc/tor/torrc
-    sed -i "/127.0.0.1:${onion_service_port_to}/d" /etc/tor/torrc
+    sed -i "/hidden_service_${onion_service_name}/,+1 d" $ONION_SERVICES_FILE
+    sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" $ONION_SERVICES_FILE
+    sed -i "/127.0.0.1:${onion_service_port_to}/d" $ONION_SERVICES_FILE
     if [ "$3" ]; then
-        sed -i "/127.0.0.1:${3}/d" /etc/tor/torrc
+        sed -i "/127.0.0.1:${3}/d" $ONION_SERVICES_FILE
         if [ "$4" ]; then
-            sed -i "/127.0.0.1:${4}/d" /etc/tor/torrc
+            sed -i "/127.0.0.1:${4}/d" $ONION_SERVICES_FILE
             if [ "$5" ]; then
-                sed -i "/127.0.0.1:${5}/d" /etc/tor/torrc
+                sed -i "/127.0.0.1:${5}/d" $ONION_SERVICES_FILE
             fi
         fi
     fi
@@ -123,16 +147,16 @@ function add_onion_service {
         USE_V2_ONION_ADDRESS=
         exit 877367
     fi
-    if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
-        echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> /etc/tor/torrc
+    if ! grep -q "hidden_service_${onion_service_name}" $ONION_SERVICES_FILE; then
+        echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> $ONION_SERVICES_FILE
         if [ ! $USE_V2_ONION_ADDRESS ]; then
-            echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
+            echo 'HiddenServiceVersion 3' >> $ONION_SERVICES_FILE
         else
-            echo 'HiddenServiceVersion 2' >> /etc/tor/torrc
+            echo 'HiddenServiceVersion 2' >> $ONION_SERVICES_FILE
         fi
-        echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
+        echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> $ONION_SERVICES_FILE
         if [ ${#onion_stealth_name} -gt 0 ]; then
-            echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> /etc/tor/torrc
+            echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> $ONION_SERVICES_FILE
         fi
     fi
 
@@ -295,6 +319,14 @@ function install_tor {
     sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
     sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
 
+    if [ ! -d /etc/torrc.d ]; then
+        mkdir /etc/torrc.d
+    fi
+    sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+    if ! grep -q '%include /etc/torrc.d' /etc/tor/torrc; then
+        echo '%include /etc/torrc.d' >> /etc/tor/torrc
+    fi
+
     mark_completed "${FUNCNAME[0]}"
 }
 

From 990edc125ccbf09d2829f793616145b8d3ad651b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 11:08:36 +0100
Subject: [PATCH 10/20] Move tor services to new file

---
 src/freedombone-app-gogs      | 4 ++--
 src/freedombone-app-keyserver | 4 ++--
 src/freedombone-app-xmpp      | 6 +++---
 src/freedombone-base-email    | 4 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/freedombone-app-gogs b/src/freedombone-app-gogs
index b2a5ce1c..d54f0452 100755
--- a/src/freedombone-app-gogs
+++ b/src/freedombone-app-gogs
@@ -655,11 +655,11 @@ function install_gogs {
         echo $'No Tor installation found. Gogs onion site cannot be configured.'
         exit 877367
     fi
-    if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_gogs" $ONION_SERVICES_FILE; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
           echo 'HiddenServiceVersion 3';
           echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
-          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> /etc/tor/torrc
+          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> $ONION_SERVICES_FILE
         echo $'Added onion site for Gogs'
     fi
 
diff --git a/src/freedombone-app-keyserver b/src/freedombone-app-keyserver
index 03614d70..5e65792d 100755
--- a/src/freedombone-app-keyserver
+++ b/src/freedombone-app-keyserver
@@ -656,12 +656,12 @@ function install_keyserver {
 
     chown debian-sks: $sksconf_file
 
-    if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_sks" $ONION_SERVICES_FILE; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/';
           echo 'HiddenServiceVersion 3';
           echo "HiddenServicePort 11370 127.0.0.1:11370";
           echo "HiddenServicePort 11373 127.0.0.1:11371";
-          echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> /etc/tor/torrc
+          echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> $ONION_SERVICES_FILE
         echo $'Added onion site for sks'
     fi
 
diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index decb0f01..f3952b13 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -608,7 +608,7 @@ function remove_xmpp {
 
     function_check remove_onion_service
     remove_onion_service xmpp 5222 5223 5269
-    sed -i '/HiddenServiceVersion 2/d' /etc/tor/torrc
+    sed -i '/HiddenServiceVersion 2/d' $ONION_SERVICES_FILE
 
     apt-mark -q unhold prosody
     apt-get -yq remove --purge prosody
@@ -1079,11 +1079,11 @@ function install_xmpp {
         echo $'No Tor installation found. xmpp onion site cannot be configured.'
         exit 877367
     fi
-    if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_xmpp" $ONION_SERVICES_FILE; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/';
           echo 'HiddenServiceVersion 2';
           echo "HiddenServicePort 5222 127.0.0.1:5222";
-          echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> /etc/tor/torrc
+          echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> $ONION_SERVICES_FILE
         echo $'Added onion site for xmpp chat'
     fi
 
diff --git a/src/freedombone-base-email b/src/freedombone-base-email
index 96c6a28d..0a6199ac 100755
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -224,12 +224,12 @@ function email_create_template {
 
 function create_email_onion_address {
     email_hostname='/var/lib/tor/hidden_service_email/hostname'
-    if ! grep -q "hidden_service_email" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_email" $ONION_SERVICES_FILE; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/';
           echo 'HiddenServiceVersion 3';
           echo 'HiddenServicePort 25 127.0.0.1:25';
           echo 'HiddenServicePort 587 127.0.0.1:587';
-          echo 'HiddenServicePort 465 127.0.0.1:465'; } >> /etc/tor/torrc
+          echo 'HiddenServicePort 465 127.0.0.1:465'; } >> $ONION_SERVICES_FILE
 
         function_check onion_update
         onion_update

From 05cb0bc4a0a29953cf9f4da78101912b3444de8a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 11:16:05 +0100
Subject: [PATCH 11/20] Move tor services to new file

---
 src/freedombone-app-matrix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix
index 070fa155..a6e6c12f 100755
--- a/src/freedombone-app-matrix
+++ b/src/freedombone-app-matrix
@@ -702,7 +702,7 @@ function install_home_server {
 
     #MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
     add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}
-    echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
+    echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> $ONION_SERVICES_FILE
     systemctl restart tor
 
     if [ ! "${MATRIX_PASSWORD}" ]; then

From 62b5592b582afc9201e9320180c562bf066fc774 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 11:24:39 +0100
Subject: [PATCH 12/20] Use project name for tor file

---
 src/freedombone-utils-onion | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 06b68655..140fe298 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -31,7 +31,7 @@ TOR_MAX_TRAFFIC_PER_MONTH_GB=10
 
 USE_V2_ONION_ADDRESS=
 HIDDEN_SERVICE_PATH='/var/lib/tor/hidden_service_'
-ONION_SERVICES_FILE=/etc/torrc.d/freedombone
+ONION_SERVICES_FILE=/etc/torrc.d/${PROJECT_NAME}
 
 function torrc_migrate {
     if [ -f $ONION_SERVICES_FILE ]; then

From 5e80ab9df4a68aabee3083b69ffe495f4a454897 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 11:41:20 +0100
Subject: [PATCH 13/20] Move dns settings to separate tor config file

---
 src/freedombone-base-email  | 23 +++--------------------
 src/freedombone-utils-onion |  8 ++++++++
 2 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/src/freedombone-base-email b/src/freedombone-base-email
index 0a6199ac..ab0e5262 100755
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -320,26 +320,9 @@ function configure_email_onion {
       echo "  hosts_avoid_tls = *";
       echo "  socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/050_exim4-config_onion_relay
 
-    if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
-        echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
-    else
-        sed -i 's|#AutomapHostsOnResolve.*|AutomapHostsOnResolve 1|g' /etc/tor/torrc
-        sed -i 's|AutomapHostsOnResolve.*|AutomapHostsOnResolve 1|g' /etc/tor/torrc
-    fi
-
-    if ! grep -q "DNSPort " /etc/tor/torrc; then
-        echo 'DNSPort 5300' >> /etc/tor/torrc
-    else
-        sed -i 's|#DNSPort .*|DNSPort 5300|g' /etc/tor/torrc
-        sed -i 's|DNSPort .*|DNSPort 5300|g' /etc/tor/torrc
-    fi
-
-    if ! grep -q "DNSListenAddress" /etc/tor/torrc; then
-        echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
-    else
-        sed -i 's|#DNSListenAddress.*|DNSListenAddress 127.0.0.1|g' /etc/tor/torrc
-        sed -i 's|DNSListenAddress.*|DNSListenAddress 127.0.0.1|g' /etc/tor/torrc
-    fi
+    { echo 'DNSPort 5300';
+      echo 'DNSListenAddress 127.0.0.1';
+      echo 'AutomapHostsOnResolve 1'; } > /etc/torrc.d/dns
 
     update-exim4.conf.template -r
     update-exim4.conf
diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 140fe298..4fa77265 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -53,6 +53,14 @@ function torrc_migrate {
         echo "%include /etc/torrc.d" >> /etc/tor/torrc
     fi
 
+    { echo 'DNSPort 5300';
+      echo 'DNSListenAddress 127.0.0.1';
+      echo 'AutomapHostsOnResolve 1'; } > /etc/torrc.d/dns
+
+    sed -i '/DNSPort 5300/d' /etc/tor/torrc
+    sed -i '/DNSListenAddress 127.0.0./d' /etc/tor/torrc
+    sed -i '/AutomapHostsOnResolve 1/d' /etc/tor/torrc
+
     systemctl restart tor
 }
 

From 88851408b92fa77c916c4aad5901e1affe435599 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 11:47:23 +0100
Subject: [PATCH 14/20] Remove hidden service definitions from torrc

---
 src/freedombone-utils-onion | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 4fa77265..76928eb5 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -61,6 +61,10 @@ function torrc_migrate {
     sed -i '/DNSListenAddress 127.0.0./d' /etc/tor/torrc
     sed -i '/AutomapHostsOnResolve 1/d' /etc/tor/torrc
 
+    sed -i '/HiddenServiceDir/d' /etc/tor/torrc
+    sed -i '/HiddenServiceVersion/d' /etc/tor/torrc
+    sed -i '/HiddenServicePort/d' /etc/tor/torrc
+
     systemctl restart tor
 }
 

From 831d4487b92264f4051145333743f51e325231ad Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 12:10:55 +0100
Subject: [PATCH 15/20] Double backslash

---
 src/freedombone-utils-onion | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 76928eb5..8a002885 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -41,7 +41,7 @@ function torrc_migrate {
 
     mkdir /etc/torrc.d
 
-    grep "HiddenServiceDir\|HiddenServiceVersion\|HiddenServicePort" /etc/tor/torrc | grep -v "#HiddenServiceDir" >> $ONION_SERVICES_FILE
+    grep "HiddenServiceDir\\|HiddenServiceVersion\\|HiddenServicePort" /etc/tor/torrc | grep -v "#HiddenServiceDir" >> $ONION_SERVICES_FILE
 
     if ! grep "HiddenServiceVersion" $ONION_SERVICES_FILE; then
         return

From 48afc21624cadd018e1e5c181d0c91536a38c3a3 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 12:38:59 +0100
Subject: [PATCH 16/20] Tidying

---
 src/freedombone-utils-onion | 31 -------------------------------
 src/freedombone-utils-setup |  3 ---
 2 files changed, 34 deletions(-)

diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 8a002885..a68220f0 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -342,37 +342,6 @@ function install_tor {
     mark_completed "${FUNCNAME[0]}"
 }
 
-function resolve_dns_via_tor {
-    if [[ $SYSTEM_TYPE == "mesh"* ]]; then
-        return
-    fi
-    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
-        return
-    fi
-    if [ ! -f /etc/tor/torrc ]; then
-        echo $'tor was not installed'
-        exit 52952
-    fi
-
-    # resolve DNS via tor
-    if ! grep -q 'DNSPort 53' /etc/tor/torrc; then
-        { echo 'DNSPort 53';
-          echo 'AutomapHostsOnResolve 1';
-          echo 'AutomapHostsSuffixes .exit,.onion'; } >> /etc/tor/torrc
-        onion_update
-    fi
-
-    # don't change resolv.conf
-    sed -i 's|, domain-name-servers||g' /etc/dhcp/dhclient.conf
-
-    # point resolv.conf to tor
-    resolvconf=/etc/resolvconf/resolv.conf.d/head
-    echo 'nameserver 127.0.0.1:53' > $resolvconf
-    resolvconf -u
-
-    mark_completed "${FUNCNAME[0]}"
-}
-
 # see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
 # Local Redirection and Anonymizing Middlebox
 function route_outgoing_traffic_through_tor {
diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup
index fd208d61..af83ae27 100755
--- a/src/freedombone-utils-setup
+++ b/src/freedombone-utils-setup
@@ -903,9 +903,6 @@ function setup_utils {
     function_check install_tor
     install_tor
 
-    #function_check resolve_dns_via_tor
-    #resolve_dns_via_tor
-
     function_check install_command_line_browser
     install_command_line_browser
 

From f3033b4d5c95e829b650efa2f4019c0f2c8909c7 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 12:51:17 +0100
Subject: [PATCH 17/20] Move tor bridge definitions to their own file

---
 src/freedombone-utils-onion | 85 +++++++++++--------------------------
 1 file changed, 25 insertions(+), 60 deletions(-)

diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index a68220f0..80d886d7 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -478,24 +478,14 @@ function tor_add_bridge {
 
     apt-get -yq install obfs4proxy
 
-    if grep -q "ClientTransportPlugin" /etc/tor/torrc; then
-        sed -i 's|#ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
-        sed -i 's|# ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
-        sed -i 's|ClientTransportPlugin.*|ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed|g' /etc/tor/torrc
+    if [ ! -f /etc/torrc.d/bridges ]; then
+        { echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed';
+          echo 'UseBridges 1';
+          echo "Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}"; } > /etc/torrc.d/bridges
     else
-        echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed' >> /etc/tor/torrc
-    fi
-    if grep -q "UseBridges" /etc/tor/torrc; then
-        sed -i 's|#UseBridges|UseBridges|g' /etc/tor/torrc
-        sed -i 's|# UseBridges|UseBridges|g' /etc/tor/torrc
-        sed -i 's|UseBridges.*|UseBridges 1|g' /etc/tor/torrc
-    else
-        echo 'UseBridges 1' >> /etc/tor/torrc
-    fi
-
-    bridge_str="Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}"
-    if ! grep -q "${bridge_str}" /etc/tor/torrc; then
-        sed -i "/UseBridges/a ${bridge_str}" >> /etc/tor/torrc
+        if ! grep -q "Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}" /etc/torrc.d/bridges; then
+            echo "Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}" >> /etc/torrc.d/bridges
+        fi
     fi
 
     systemctl restart tor
@@ -508,24 +498,19 @@ function tor_remove_bridge {
     if [[ "$bridge_ip_address" == *"."* ]]; then
         bridge_str="Bridge $bridge_type ${bridge_ip_address}"
     else
-        if grep -q " ${bridge_ip_address}" /etc/tor/torrc; then
+        if grep -q " ${bridge_ip_address}" /etc/torrc.d/bridges; then
             bridge_str=" ${bridge_ip_address}"
         else
             return
         fi
     fi
-    if grep -q "${bridge_str}" /etc/tor/torrc; then
-        sed -i "/${bridge_str}/d" /etc/tor/torrc
+    if grep -q "${bridge_str}" /etc/torrc.d/bridges; then
+        sed -i "/${bridge_str}/d" /etc/torrc.d/bridges
     fi
 
-    # If there are no bridges remaining then remove UseBridges
-    if ! grep -q "Bridge " /etc/tor/torrc; then
-        if ! grep -q "#UseBridges" /etc/tor/torrc; then
-            sed -i 's|UseBridges|#UseBridges|g' /etc/tor/torrc
-        fi
-        if ! grep -q "#ClientTransportPlugin" /etc/tor/torrc; then
-            sed -i 's|ClientTransportPlugin|#ClientTransportPlugin|g' /etc/tor/torrc
-        fi
+    # If there are no bridges remaining then remove the file
+    if ! grep -q "Bridge " /etc/torrc.d/bridges; then
+        rm /etc/torrc.d/bridges
     fi
 
     systemctl restart tor
@@ -534,6 +519,8 @@ function tor_remove_bridge {
 function tor_create_bridge_relay {
     read_config_param 'TOR_BRIDGE_PORT'
     read_config_param 'TOR_BRIDGE_NICKNAME'
+    read_config_param 'MY_EMAIL_ADDRESS'
+
     if [ ! "$TOR_BRIDGE_PORT" ]; then
         return
     fi
@@ -546,47 +533,25 @@ function tor_create_bridge_relay {
 
     apt-get -yq install obfs4proxy
 
-    sed -i 's|#BridgeRelay.*|BridgeRelay 1|g' /etc/tor/torrc
-    sed -i 's|BridgeRelay.*|BridgeRelay 1|g' /etc/tor/torrc
-    sed -i 's|#ServerTransportPlugin.*|ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy|g' /etc/tor/torrc
-    sed -i 's|ServerTransportPlugin.*|ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy|g' /etc/tor/torrc
+    { echo 'BridgeRelay 1';
+      echo 'ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy';
+      echo "ExtORPort $TOR_BRIDGE_PORT";
+      echo "ContactInfo $MY_EMAIL_ADDRESS";
+      echo "Nickname $TOR_BRIDGE_NICKNAME"; } > /etc/torrc.d/bridgerelay
 
-    if ! grep -q 'ExtORPort ' /etc/tor/torrc; then
-        echo "ExtORPort $TOR_BRIDGE_PORT" >> /etc/tor/torrc
-    else
-        sed -i "s|#ExtORPort .*|ExtORPort $TOR_BRIDGE_PORT|g" /etc/tor/torrc
-        sed -i "s|ExtORPort .*|ExtORPort $TOR_BRIDGE_PORT|g" /etc/tor/torrc
-    fi
-
-    read_config_param 'MY_EMAIL_ADDRESS'
-
-    sed -i "s|#ContactInfo.*|ContactInfo $MY_EMAIL_ADDRESS|g" /etc/tor/torrc
-    if [ "$TOR_BRIDGE_NICKNAME" ]; then
-        sed -i "s|#Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
-        sed -i "s|Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
-    fi
     firewall_add tor_bridge "$TOR_BRIDGE_PORT" tcp
+
     systemctl restart tor
 }
 
 function tor_remove_bridge_relay {
-    if ! grep -q '#BridgeRelay ' /etc/tor/torrc; then
-        sed -i 's|BridgeRelay |#BridgeRelay |g' /etc/tor/torrc
-    fi
-    if ! grep -q '#ServerTransportPlugin ' /etc/tor/torrc; then
-        sed -i 's|ServerTransportPlugin |#ServerTransportPlugin |g' /etc/tor/torrc
-    fi
-    if ! grep -q '#ExtORPort ' /etc/tor/torrc; then
-        sed -i 's|ExtORPort |#ExtORPort |g' /etc/tor/torrc
-    fi
-    if ! grep -q '#ContactInfo ' /etc/tor/torrc; then
-        sed -i "s|ContactInfo |#ContactInfo |g" /etc/tor/torrc
-    fi
-    if ! grep -q '#Nickname ' /etc/tor/torrc; then
-        sed -i "s|Nickname |#Nickname |g" /etc/tor/torrc
+    if [ -f /etc/torrc.d/bridgerelay ]; then
+        rm /etc/torrc.d/bridgerelay
     fi
+
     read_config_param 'TOR_BRIDGE_PORT'
     firewall_remove "$TOR_BRIDGE_PORT" tcp
+
     systemctl restart tor
 }
 

From dce5921d5d7f734ad17142a78f5ee45edcb72788 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 13:02:44 +0100
Subject: [PATCH 18/20] Move tor logging control to its own file

---
 src/freedombone-logging     |  6 ++----
 src/freedombone-utils-onion | 11 +++--------
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/src/freedombone-logging b/src/freedombone-logging
index 80d8b5ba..3e87fe28 100755
--- a/src/freedombone-logging
+++ b/src/freedombone-logging
@@ -158,8 +158,7 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
             touch /var/log/tor/notices.log
             chown debian-tor:adm /var/log/tor/notices.log
         fi
-        sed -i 's|#Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
-        sed -i 's|Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
+        echo 'Log notice file /var/log/tor/notices.log' > /etc/torrc.d/logging
     fi
     if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
         sed -i 's|error_log =.*|error_log = /var/log/php-fpm.log|g' /etc/php/7.0/fpm/php-fpm.conf
@@ -206,8 +205,7 @@ else
     turn_logging_off
 
     if [ -d /etc/tor ]; then
-        sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-        sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
+        echo 'Log notice file /dev/null' > /etc/torrc.d/logging
         rm /var/log/tor/*
     fi
     if [ -d /var/log/radicale ]; then
diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 80d886d7..c75851be 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -323,14 +323,6 @@ function install_tor {
     # For torify
     apt-get -yq install torsocks
 
-    # turn off logging
-    sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-    sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-
-    # Restrict traffic
-    sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
-    sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
-
     if [ ! -d /etc/torrc.d ]; then
         mkdir /etc/torrc.d
     fi
@@ -339,6 +331,9 @@ function install_tor {
         echo '%include /etc/torrc.d' >> /etc/tor/torrc
     fi
 
+    echo 'Log notice file /dev/null' > /etc/torrc.d/logging
+    echo "AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes" > /etc/torrc.d/maxtraffic
+
     mark_completed "${FUNCNAME[0]}"
 }
 

From 5b5050a7080f5dbd43342a43a7337710cc79ec5c Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 13:05:00 +0100
Subject: [PATCH 19/20] Ensure that the tor config files remain active even if
 the original torrc was overwritten

---
 src/freedombone-utils-onion | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index c75851be..6bdb4cff 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -35,6 +35,10 @@ ONION_SERVICES_FILE=/etc/torrc.d/${PROJECT_NAME}
 
 function torrc_migrate {
     if [ -f $ONION_SERVICES_FILE ]; then
+        if grep -q "#%include /etc/torrc.d" /etc/tor/torrc; then
+            sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+            systemctl restart tor
+        fi
         return
     fi
     systemctl stop tor

From f56f58e4220c0488f1992889e86dc7255a6d6eac Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 13:16:58 +0100
Subject: [PATCH 20/20] Restart tor on migration failure

---
 src/freedombone-utils-onion | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 6bdb4cff..9882a1d9 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -48,6 +48,7 @@ function torrc_migrate {
     grep "HiddenServiceDir\\|HiddenServiceVersion\\|HiddenServicePort" /etc/tor/torrc | grep -v "#HiddenServiceDir" >> $ONION_SERVICES_FILE
 
     if ! grep "HiddenServiceVersion" $ONION_SERVICES_FILE; then
+        systemctl restart tor
         return
     fi