Merge branch 'stretch' of https://github.com/bashrc/freedombone

2017-07-12 19:54:54 +01:00 · 2017-07-12 19:54:54 +01:00 · 1547479013
parent a5a89f34c7 5104a16044
commit 1547479013
149 changed files with 6090 additions and 3523 deletions
--- a/6
+++ b/6
@ -27,7 +27,7 @@ install:
 	cp img/backgrounds/${APP}_*.png ${DESTDIR}${PREFIX}/share
 	cp img/avatars/* ${DESTDIR}/usr/share/${APP}/avatars
 	cp src/* ${DESTDIR}${PREFIX}/bin
-	cp src/${APP}-controlpanel ${DESTDIR}${PREFIX}/bin/control
+#	cp src/${APP}-controlpanel ${DESTDIR}${PREFIX}/bin/control
 	cp src/${APP}-mesh-batman ${DESTDIR}${PREFIX}/bin/batman
 	cp src/${APP}-backup-local ${DESTDIR}${PREFIX}/bin/backup
 	cp src/${APP}-backup-local ${DESTDIR}${PREFIX}/bin/backup2friends
@ -46,6 +46,7 @@ install:
 	chown -R root: /usr/share/${APP}
 	chmod -R +r /usr/share/${APP}
 #	bash -c "./translate install"
 	/usr/local/bin/${APP}-prepare-scripts
 uninstall:
 	rm -f ${PREFIX}/share/${APP}_*.png
 	rm -f ${PREFIX}/share/man/man1/backup.1.gz
@ -61,6 +62,9 @@ uninstall:
 	rm -f ${PREFIX}/bin/restorefromfriend
 	rm -f ${PREFIX}/bin/batman
 	rm -rf /etc/${APP}
 	rm -f ${PREFIX}/bin/control
 	rm -f ${PREFIX}/bin/controluser
 	rm -f ${PREFIX}/bin/addremove
 	bash -c "./translate uninstall"
 clean:
 	rm -f \#* \.#* debian/*.substvars debian/*.log src/*~
--- a/doc/EN/app_radicale.org
+++ b/doc/EN/app_radicale.org
@ -1,41 +0,0 @@
 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
 #+KEYWORDS: freedombone, radicale
 #+DESCRIPTION: How to use Radicale
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 #+BEGIN_CENTER
 [[file:images/logo.png]]
 #+END_CENTER
 #+BEGIN_EXPORT html
 <center>
 <h1>Radicale</h1>
 </center>
 #+END_EXPORT
 Radicale is a calendar server which allows your to synchronise your calendar across all your devices. Support for CalDAV within various client systems can be quite patchy/flaky though, so use it with caution.
 * Installation
 Log into your system with:
 #+begin_src bash
 ssh myusername@mydomain -p 2222
 #+end_src
 Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
 Select *Add/Remove Apps* then *radicale*. If you don't already have an SSL/TLS certificate for your main domain then go to the security settings and create a new Let's Encrypt cert for it. That will ensure that your calendar events have some minimal level of protection from passive surveillance.
 * Setting up on Android
 Via F-droid install *DAVdroid*.
 There seems to be a problem with Let's Encrypt certificates with this app, but it's possible to get around it. Open DAVdroid and select the side *menu* followed by *Settings*. Enable *Distrust system certificates* and press *Reset untrusted certificates*.
 Exit from settings and press the *plus button* to add an account. Select *Login with URL and user name*. The URL should be https://yourmaindomainname/radicale/. Remember to include the trailing slash on the URL. If you installed Freedombone from a disk image then enter your username and the password which was shown at the start of installation. If not then the password for Radicale will be within *Passwords* section of the *Administrator control panel*.
 You will be prompted to approve the Let's Encrypt cerificate for your domain name, and once that's done then you should see your account as a large yellow box. Press on that and ensure that *Addresses* and *calendar* are selected.
 Now go to your calendar app and press the plus icon to add an event. You should notice that the calendar account selected is your username on the Freedombone system.
--- a/doc/EN/app_scuttlebot.org
+++ b/doc/EN/app_scuttlebot.org
@ -1,34 +0,0 @@
 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
 #+KEYWORDS: freedombone, scuttlebot
 #+DESCRIPTION: How to use Scuttlebot
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 #+BEGIN_CENTER
 [[file:images/logo.png]]
 #+END_CENTER
 #+BEGIN_EXPORT html
 <center>
 <h1>Scuttlebot</h1>
 </center>
 #+END_EXPORT
 This is a type of /followbot/ for the [[https://www.scuttlebutt.nz][Secure Scuttlebutt]] peer-to-peer messaging system. It's purpose is to follow your friends and keep a log of their messages so that if you are offline for a while when you return you can sync with this system to get all of the missed messages. This avoid the problem common in messaging systems of /everyone needing to be online all of the time/.
 The Secure Scuttlebutt system has message encryption, but no protection of the metadata. It lives only on the clearnet. So this system is more about ensuring that messages get correctly delivered and appear in the right chronological order in unreliable situations where network availability may be intermittent, rather than defending against surveillance adversaries.
 * Installation
 Log into your system with:
 #+begin_src bash
 ssh myusername@mydomain -p 2222
 #+end_src
 Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
 Select *Add/Remove Apps*. If Vim is selected then you might want to unselect and uninstall it first, then select *scuttlebot*.
 Install your favourite Scuttlebutt client onto your laptop, then select *Join Pub*. ssh into your Freedombone system and go to the *Administrator control panel* then select *App settings* followed by *scuttlebot*. You can then create an invite and paste it into your client.
--- a/doc/EN/apps.org
+++ b/doc/EN/apps.org
@ -115,19 +115,10 @@ An alternative federated social networking system compatible with GNU Social. It
 A shell based XMPP client which you can run on the Freedombone server via ssh.
 [[./app_profanity.html][How to use it]]
 * Radicale
 Calendar system compatible with CalDAV and CardDAV. Synch your calendar events easily and securely across all your devices.
 [[./app_radicale.html][How to use it]]
 * Riot Web
 A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.
 [[./app_riot.html][How to use it]]
 * Scuttlebot
 A pub service to help synchronize your messages.
 [[./app_scuttlebot.html][How to use it]]
 * SearX
 A metasearch engine for customised and private web searches.
--- a/doc/EN/beaglebone.org
+++ b/doc/EN/beaglebone.org
@ -41,6 +41,7 @@ On your laptop or desktop prepare a microSD card image as follows. To create an
 sudo apt-get install git
 git clone https://github.com/bashrc/freedombone
 cd freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup debian
 #+end_src
@ -51,6 +52,7 @@ Or on Arch/Parabola:
 sudo pacman -S git
 git clone https://github.com/bashrc/freedombone
 cd freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup parabola
 #+end_src
--- a/doc/EN/debianinstall.org
+++ b/doc/EN/debianinstall.org
@ -18,7 +18,7 @@
 Although the image builder supports a variety of architectures there may still be some which aren't supported. These especially include systems which have a proprietary boot blob, such as the Raspberry Pi boards.
-It's still possible to install the system onto these unsupported devices if you need to. First you'll need to ensure that you have *Debian Jessie* installed and can get ssh access to the system. Then either via ssh, or directly on the target device in the case of an old laptop or netbook:
+It's still possible to install the system onto these unsupported devices if you need to. First you'll need to ensure that you have *Debian Stretch* installed and can get ssh access to the system. Then either via ssh, or directly on the target device in the case of an old laptop or netbook:
 #+BEGIN_SRC bash
 su
@ -26,6 +26,7 @@ apt-get update
 apt-get -qy install build-essential git dialog
 git clone https://github.com/bashrc/freedombone
 cd freedombone
 git checkout stretch
 make install
 freedombone makeconfig
 #+END_SRC
--- a/doc/EN/devguide.org
+++ b/doc/EN/devguide.org
@ -89,6 +89,16 @@ myappname_variables=(ONION_ONLY
                     MYAPPNAME_ONION_PORT
                     MYAPPNAME_DB_PASSWORD)
 function logging_on_myappname {
    echo -n ''
    # Commands to turn on logging go here
 }
 function logging_off_myappname {
    echo -n ''
    # Commands to turn off logging go here
 }
 function change_password_myappname {
    PASSWORD_USERNAME="$1"
    PASSWORD_NEW="$2"
--- a/doc/EN/faq.org
+++ b/doc/EN/faq.org
@ -46,6 +46,7 @@
 | [[Why does my email keep getting rejected as spam by Gmail/etc?]]                             |
 | [[Tor is censored/blocked in my area. What can I do?]]                                        |
 | [[I want to block a particular domain from getting its content into my social network sites]] |
 | [[The mesh system doesn't boot from USB drive]]                                               |
 #+END_CENTER
@ -332,3 +333,8 @@ ssh username@domainname -p 2222
 #+end_src
 Select /Administrator controls/ then /Domain blocking/.
 * The mesh system doesn't boot from USB drive
 If the system doesn't boot and reports an error which includes */dev/mapper/loop0p1* then reboot with *Ctrl-Alt-Del* and when you see the grub menu press *e* and manually change */dev/mapper/loop0p1* to */dev/sdb1*, then press *Ctrl-x*. If that doesn't work then reboot and try */dev/sdc1* instead.
 After the system has booted successfully the problem should resolve itself on subsequent reboots.
--- a/doc/EN/fediverse.org
+++ b/doc/EN/fediverse.org
@ -39,5 +39,5 @@ It may seem like a good idea and it may seem like you're doing a service to the
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
+This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
 #+END_CENTER
--- a/doc/EN/homeserver.org
+++ b/doc/EN/homeserver.org
@ -23,6 +23,7 @@ First install freedombone onto your local system (not the target hardware that y
 sudo apt-get install git
 git clone https://github.com/bashrc/freedombone
 cd freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup debian
 freedombone-image -t i386 --onion yes
@ -34,6 +35,7 @@ Or on Arch/Parabola:
 sudo pacman -S git
 git clone https://github.com/bashrc/freedombone
 cd freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup parabola
 freedombone-image -t i386 --onion yes
@ -148,5 +150,5 @@ man freedombone-image
 #+end_src
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion
+This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
 #+END_CENTER
--- a/doc/EN/index.org
+++ b/doc/EN/index.org
@ -16,9 +16,12 @@
 -- Lucas Nussbaum
 #+end_quote
-#+BEGIN_CENTER
+
-[[file:images/beaglebone_logo.jpg]]
+#+BEGIN_EXPORT html
-#+END_CENTER
+<center>
 <h1><a href="./release3.html">New version 3 (Stretch)</a></h1>
 </center>
 #+END_EXPORT
 So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups. Freedombone enables you to do all of that in a self-hosted way, where you keep control of your data and it resides in your own home.
@ -28,9 +31,7 @@ And here's how [[./beaglebone.html][on a Beaglebone Black]].
 Or you can install [[./debianinstall.html][onto an existing Debian system]].
-Want to make a community mesh network which doesn't depend upon the internet?
+Want to make a community mesh network which doesn't depend upon the internet? The [[./mesh.html][Freedombone Mesh]] is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
 [[./mesh.html][You can do that too]].
 After installation it's possible that you might want some advice on how to run your system and set up apps to work nicely with it.
@ -45,5 +46,5 @@ If you find bugs, or want to add a new app to this system see the [[./devguide.h
 Ready made disk images which can be copied onto USB or microSD drives are [[./downloads][available here]] and also [[http://www.postactiv.com/freedombone/2.00/index.html][mirrored here]].
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
+This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion. This documentation is under the [[https://www.gnu.org/licenses/fdl-1.3.txt][GNU Free Documentation License version 1.3]]
 #+END_CENTER
--- a/doc/EN/installation.org
+++ b/doc/EN/installation.org
@ -35,6 +35,7 @@ Install the freedombone commands onto your laptop/desktop:
 sudo apt-get install git build-essential dialog
 git clone https://github.com/bashrc/freedombone
 cd freedombone
 git checkout stretch
 sudo make install
 #+END_SRC
@ -80,7 +81,7 @@ freedombone-image -t beaglebone -s 8G -m http://ftp.de.debian.org/debian
 Before installing Freedombone you will need a few things.
  * Have some domains, or subdomains, registered with a dynamic DNS service. For the full install you may need two "official" purchased domains or be using a subdomain provider which is supported by Let's Encrypt.
-  * System with a new installation of Debian Jessie or a downloaded/prepared disk image
+  * System with a new installation of Debian Stretch or a downloaded/prepared disk image
  * Ethernet connection between the system and your internet router
  * That it is possible to forward ports from the internet router to the system, typically via firewall settings
  * Have ssh access to the system, typically via fbone@freedombone.local on port 2222
@ -88,7 +89,7 @@ Before installing Freedombone you will need a few things.
 There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
 ** On a Laptop, Netbook or Desktop machine
-If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Jessie onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
+If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Stretch onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
 #+BEGIN_SRC bash
 su
@ -96,6 +97,7 @@ apt-get update
 apt-get -y install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
 cd freedombone
 git checkout stretch
 make install
 freedombone menuconfig
 #+END_SRC
@ -223,6 +225,7 @@ sudo apt-get update
 sudo apt-get install git dialog haveged build-essential
 git clone https://github.com/bashrc/freedombone
 cd freedombone
 git checkout stretch
 sudo make install
 freedombone-client
 #+END_SRC
--- a/doc/EN/mesh.org
+++ b/doc/EN/mesh.org
@ -22,6 +22,8 @@
 | [[What the system can do]] | - | [[Disk Images]] | - | [[Building Disk Images]] | - | [[How to use it]] |
 |------------------------+---+-------------+---+----------------------+---+---------------|
 The Freedombone Mesh is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
 Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small business internal office communications, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies. The down side is that you can't access any internet content. The upside is that you can securely communicate with anyone on the local mesh. No ISPs. No payments or subscriptions beyond the cost of obtaining the hardware. Systems need to be within wifi range of each other for the mesh to be created. It can be an ultra-convenient way to do purely local communications.
 * What the system can do
@ -41,6 +43,20 @@ Mesh networks are useful as a quick way to make a fully decentralised communicat
 This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm.
 * Disk Images
 ** Writing many images quickly
 There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the *dd* command is used for writing to the target drive, but to write to multiple drives you can use a tool such as [[https://wiki.gnome.org/Apps/MultiWriter][GNOME MultiWriter]].
 For example on Arch/Parabola:
 #+begin_src bash
 sudo pacman -S gnome-multi-writer
 #+end_src
 Or on Debian based systems:
 #+begin_src bash
 sudo apt-get install gnome-multi-writer
 #+end_src
 ** Client images
 #+BEGIN_CENTER
@ -51,13 +67,13 @@ This system should be quite scalable. Both qTox and IPFS are based upon distribu
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-2.00_all-i386.img.xz
+wget https://freedombone.net/downloads/v3/freedombone-meshclient-3_all-i386.img.xz
-wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-2.00_all-i386.img.xz.sig
+wget https://freedombone.net/downloads/v3/freedombone-meshclient-3_all-i386.img.xz.sig
-gpg --verify freedombone-meshclient-2.00_all-i386.img.xz.sig
+gpg --verify freedombone-meshclient-3_all-i386.img.xz.sig
-sha256sum freedombone-meshclient-2.00_all-i386.img.xz
+sha256sum freedombone-meshclient-3_all-i386.img.xz
-403cf1cc2bc5272e5921d3ebefc351540928141bc65641b6d16f2262a933cb4e
+74f9eaad479f84d3bf9cb002067074d35a97028145e781c5746c74577f777ee5
-unxz freedombone-meshclient-2.00_all-i386.img.xz
+unxz freedombone-meshclient-3_all-i386.img.xz
-sudo dd bs=1M if=freedombone-meshclient-2.00_all-i386.img of=/dev/sdX conv=fdatasync
+sudo dd bs=1M if=freedombone-meshclient-3_all-i386.img of=/dev/sdX conv=fdatasync
 #+end_src
 To get a number of systems onto the mesh repeat the /dd/ command to create however many bootable USB drives you need.
@ -66,13 +82,13 @@ If you're in an emergency and don't have Atheros wifi dongles then there is also
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-insecure-2.00_all-i386.img.xz
+wget https://freedombone.net/downloads/v3/freedombone-meshclient-insecure-3_all-i386.img.xz
-wget https://freedombone.net/downloads/v2.00/freedombone-meshclient-insecure-2.00_all-i386.img.xz.sig
+wget https://freedombone.net/downloads/v3/freedombone-meshclient-insecure-3_all-i386.img.xz.sig
-gpg --verify freedombone-meshclient-insecure-2.00_all-i386.img.xz.sig
+gpg --verify freedombone-meshclient-insecure-3_all-i386.img.xz.sig
-sha256sum freedombone-meshclient-insecure-2.00_all-i386.img.xz
+sha256sum freedombone-meshclient-insecure-3_all-i386.img.xz
-7cda1a52acad7d18156ea238d7eb550479a5f882ac45c8cf9b9e56077fb26be9
+f1c5df24a4bfca47bd5c41dfd2568925e63a1abf83aecf0250480b4b8edc071d
-unxz freedombone-meshclient-insecure-2.00_all-i386.img.xz
+unxz freedombone-meshclient-insecure-3_all-i386.img.xz
-sudo dd bs=1M if=freedombone-meshclient-insecure-2.00_all-i386.img of=/dev/sdX conv=fdatasync
+sudo dd bs=1M if=freedombone-meshclient-insecure-3_all-i386.img of=/dev/sdX conv=fdatasync
 #+end_src
 ** Router images
@ -86,13 +102,13 @@ The above picture shows a Beaglebone Black with the image copied onto a microSD
 #+begin_src bash
 sudo apt-get install xz-utils wget
-wget https://freedombone.net/downloads/v2.00/freedombone-mesh-2.00_beaglebone-armhf.img.xz
+wget https://freedombone.net/downloads/v3/freedombone-mesh-3_beaglebone-armhf.img.xz
-wget https://freedombone.net/downloads/v2.00/freedombone-mesh-2.00_beaglebone-armhf.img.xz.sig
+wget https://freedombone.net/downloads/v3/freedombone-mesh-3_beaglebone-armhf.img.xz.sig
-gpg --verify freedombone-mesh-2.00_beaglebone-armhf.img.xz.sig
+gpg --verify freedombone-mesh-3_beaglebone-armhf.img.xz.sig
-sha256sum freedombone-mesh-2.00_beaglebone-armhf.img.xz
+sha256sum freedombone-mesh-3_beaglebone-armhf.img.xz
-daf8c82f111ae8714cffc52633156554c23d5feafabbe85cb15925e0373a3ff4
+ab783ea807da1144bd076f7b43e54b5f4376ecf1ea1f86f56ac76c3469325802
-unxz freedombone-mesh-2.00_beaglebone-armhf.img.xz
+unxz freedombone-mesh-3_beaglebone-armhf.img.xz
-sudo dd bs=1M if=freedombone-mesh-2.00_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
+sudo dd bs=1M if=freedombone-mesh-3_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
 #+end_src
 If you have a few Beaglebone Blacks to use as routers then repeat the /dd/ command to create however many microSD cards you need.
@ -102,22 +118,20 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
 * Building Disk Images
 It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
-First you will need to create an image. On a Debian based system (tested on Debian Jessie and Trisquel 7):
+First you will need to create an image. On a Debian based system (tested on Debian Stretch):
 #+begin_src bash
-sudo apt-get -y install build-essential libc6-dev-i386 wget \
+sudo apt-get -y install git wget build-essential
-    gcc-multilib g++-multilib git python-docutils mktorrent \
+wget https://freedombone.net/downloads/v3/freedombone-3.tar.gz
-    vmdebootstrap xz-utils dosfstools btrfs-tools extlinux \
+wget https://freedombone.net/downloads/freedombone-3.tar.gz.sig
-    python-distro-info mbr qemu-user-static binfmt-support \
+gpg --verify freedombone-3.tar.gz.sig
-    u-boot-tools qemu
+sha256sum freedombone-3.tar.gz
-wget https://freedombone.net/downloads/freedombone-mesh-13-09-2016.tar.gz
+b99853322871efd298a9efd78d22323e0e7424a5cdb5097b4cc55ef45a220ebb
-wget https://freedombone.net/downloads/freedombone-mesh-13-09-2016.tar.gz.sig
+tar -xzvf freedombone-3.tar.gz
 gpg --verify freedombone-mesh-13-09-2016.tar.gz.sig
 sha256sum freedombone-mesh-13-09-2016.tar.gz
 3e279f8ed762afb682bec6bd463830087354dd2f24020f3b0de51143585ab0ed
 tar -xzvf freedombone-mesh-13-09-2016.tar.gz
 cd freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup debian
 freedombone-image -t i386 -v meshclient
 #+end_src
@ -166,6 +180,10 @@ When you first boot from the USB drive the system will create some encryption ke
 After a minute or two if you are within wifi range and there is at least one other user on the network then you should see additional icons appear on the desktop, such as /Other Users/ and /Chat/.
 ** Boot trouble
 If the system doesn't boot and reports an error which includes */dev/mapper/loop0p1* then reboot with *Ctrl-Alt-Del* and when you see the grub menu press *e* and manually change */dev/mapper/loop0p1* to */dev/sdb1*, then press *Ctrl-x*. If that doesn't work then reboot and try */dev/sdc1* instead.
 After the system has booted successfully the problem should resolve itself on subsequent reboots.
 ** Set the Date
 On the ordinary internet the date and time of your system would be set automatically via NTP. But this is not the internet and so you will need to manually ensure that your date and time settings are correct. You might need to periodically do this if your clock drifts. It's not essential that the time on your system be highly accurate, but if it drifts too far or goes back to epoch then things could become a little confusing in regard to the order of blog posts.
@ -240,5 +258,5 @@ You can also visit other blogs, edit or delete your previous entry and also chan
 #+BEGIN_CENTER
-This site can also be accessed via a Tor browser at http://2tp3f6vtvhkqpuc6.onion
+This site can also be accessed via a Tor browser at http://pazyv7nkllp76hqr.onion
 #+END_CENTER
--- a/doc/EN/release3.org
+++ b/doc/EN/release3.org
@ -0,0 +1,73 @@
 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
 #+KEYWORDS: freedombone
 #+DESCRIPTION: Version 3
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
 #+BEGIN_CENTER
 [[file:images/release3.jpg]]
 #+END_CENTER
 #+BEGIN_EXPORT html
 <center>
 <h2>Building an internet run by the users, for the users</h2>
 </center>
 #+END_EXPORT
 The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without undesirable intermediaries.
 Freedombone version 3 is based on Debian 9 (Stretch). It was released in July 2017 and includes:
 * Faster initial setup
 * More [[./apps.html][installable apps]], including CryptPad, Koel, NextCloud, PostActiv, Friendica and Matrix/RiotWeb
 * Automated [[https://github.com/hardenedlinux/STIG-4-Debian][security tests]]
 * Improved XMPP configuration for support of the [[https://conversations.im][Conversations]] app features
 * Improved blocking controls for a better federated network experience
 * Uses [[https://en.wikipedia.org/wiki/EdDSA][elliptic curve]] based GPG keys for better performance on low power single board computers
 * Pre-downloaded repos distributed within images for faster and more autonomous app installs
 * Installation
 The simplest way to install is from a pre-made disk image. Images can be [[https://freedombone.net/downloads/v3][downloaded here]]. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere.
 Copy the image to a microSD card or USB thumb drive, replacing sdX with the identifier of the USB thumb drive. Don't include any numbers (so for example use sdc instead of sdc1).
 #+BEGIN_SRC bash
 unxz downloadedimagefile.img.xz
 dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
 #+END_SRC
 And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.
 Plug the microSD or USB drive into the target hardware which you want to use as a server and power on. If you're using an old laptop or netbook as the server then you will need to set the BIOS to boot from USB.
 As the system boots for the first time the login is:
 #+BEGIN_SRC bash
 username: fbone
 password: freedombone
 #+END_SRC
 If you're installing from a microSD card on a single board computer without a screen and keyboard attached then you can ssh into it with:
 #+BEGIN_SRC bash
 ssh fbone@freedombone.local -p 2222
 #+END_SRC
 Using the initial password "freedombone". If you have trouble accessing the server then make sure you have Avahi installed and [[https://en.wikipedia.org/wiki/Multicast_DNS][mDNS]] enabled.
 You will then be shown a new randomly generated password. It's very important that you write this down somewhere or transfer it to a password manager before going further, because you'll need this to log in later.
 More detailed installation instructions are linked from [[./index.html][the main site]].
 * Upgrading from a previous install
 To upgrade from the Debian Jessie version first create a master keydrive. Go to the *Administrator control panel* and select *Backup and restore* then *Backup GPG key to USB (master keydrive)*. Insert a LUKS encrypted USB drive. When that is done Create a full backup by selecting *Backup data to USB drive* and using another LUKS encrypted USB drive.
 Follow the installation infstructions for the new Freedombone version, as described in the previous section. When the new system starts installing it will ask if you want to restore your GPG keys. Select *yes* and plug in your master keydrive.
 When the initial setup is complete go to the *Administrator control panel* and select *Backup and restore* then *Restore data from USB drive* followed by *all*. Insert the backup USB drive which you made previously. This will restore the base system, including any emails.
 You can now go to *Add/Remove apps* on the *Administrator control panel* and add the apps you want. Once they're installed you can recover their content and settings from *Backup and Restore*.
--- a/doc/EN/support.org
+++ b/doc/EN/support.org
@ -18,7 +18,7 @@
 * Contact details
-This site can also be accessed via a Tor browser at *http://2tp3f6vtvhkqpuc6.onion*
+This site can also be accessed via a Tor browser at *http://pazyv7nkllp76hqr.onion*
 *Email:* bob@freedombone.net
--- a/image_build/bbb-4.9.0.tar.gz
+++ b/image_build/bbb-4.9.0.tar.gz
--- a/image_build/debootstrap/scripts/stretch
+++ b/image_build/debootstrap/scripts/stretch
@ -5,207 +5,207 @@ variants - buildd fakechroot minbase scratchbox
 keyring /usr/share/keyrings/debian-archive-keyring.gpg
 if doing_variant fakechroot; then
-	test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started"
+    test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started"
 fi
 case $ARCH in
-	alpha|ia64) LIBC="libc6.1" ;;
+    alpha|ia64) LIBC="libc6.1" ;;
-	kfreebsd-*) LIBC="libc0.1" ;;
+    kfreebsd-*) LIBC="libc0.1" ;;
-	hurd-*)     LIBC="libc0.3" ;;
+    hurd-*)     LIBC="libc0.3" ;;
-	*)          LIBC="libc6" ;;
+    *)          LIBC="libc6" ;;
 esac
 work_out_debs () {
-	required="$(get_debs Priority: required)"
+    required="$(get_debs Priority: required)"
-	if doing_variant - || doing_variant fakechroot; then
+    if doing_variant - || doing_variant fakechroot; then
-		#required="$required $(get_debs Priority: important)"
+        #required="$required $(get_debs Priority: important)"
-		#  ^^ should be getting debconf here somehow maybe
+        #  ^^ should be getting debconf here somehow maybe
-		base="$(get_debs Priority: important)"
+        base="$(get_debs Priority: important)"
-	elif doing_variant buildd || doing_variant scratchbox; then
+    elif doing_variant buildd || doing_variant scratchbox; then
-		base="apt build-essential"
+        base="apt build-essential"
-	elif doing_variant minbase; then
+    elif doing_variant minbase; then
-		base="apt"
+        base="apt"
-	fi
+    fi
-	if doing_variant fakechroot; then
+    if doing_variant fakechroot; then
-		# ldd.fake needs binutils
+        # ldd.fake needs binutils
-		required="$required binutils"
+        required="$required binutils"
-	fi
+    fi
-	case $MIRRORS in
+    case $MIRRORS in
-	    https://*)
+        https://*)
-		base="$base apt-transport-https ca-certificates"
+        base="$base apt-transport-https ca-certificates"
-		;;
+        ;;
-	esac
+    esac
 }
 first_stage_install () {
-	case "$CODENAME" in
+    case "$CODENAME" in
-		etch|etch-m68k|jessie|lenny|squeeze|wheezy) ;;
+        etch|etch-m68k|stretch|jessie|lenny|squeeze|wheezy) ;;
-		*) setup_merged_usr ;;
+        *) setup_merged_usr ;;
-	esac
+    esac
-	extract $required
+    extract $required
-	mkdir -p "$TARGET/var/lib/dpkg"
+    mkdir -p "$TARGET/var/lib/dpkg"
-	: >"$TARGET/var/lib/dpkg/status"
+    : >"$TARGET/var/lib/dpkg/status"
-	: >"$TARGET/var/lib/dpkg/available"
+    : >"$TARGET/var/lib/dpkg/available"
-	setup_etc
+    setup_etc
-	if [ ! -e "$TARGET/etc/fstab" ]; then
+    if [ ! -e "$TARGET/etc/fstab" ]; then
-		echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
+        echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab"
-		chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
+        chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab"
-	fi
+    fi
-	setup_devices
+    setup_devices
 }
 second_stage_install () {
-	setup_dynamic_devices
+    setup_dynamic_devices
-	x_feign_install () {
+    x_feign_install () {
-		local pkg="$1"
+        local pkg="$1"
-		local deb="$(debfor $pkg)"
+        local deb="$(debfor $pkg)"
-		local ver="$(in_target dpkg-deb -f "$deb" Version)"
+        local ver="$(in_target dpkg-deb -f "$deb" Version)"
-		mkdir -p "$TARGET/var/lib/dpkg/info"
+        mkdir -p "$TARGET/var/lib/dpkg/info"
-		echo \
+        echo \
 "Package: $pkg
 Version: $ver
 Maintainer: unknown
 Status: install ok installed" >> "$TARGET/var/lib/dpkg/status"
-		touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
+        touch "$TARGET/var/lib/dpkg/info/${pkg}.list"
-	}
+    }
-	x_feign_install dpkg
+    x_feign_install dpkg
-	x_core_install () {
+    x_core_install () {
-		smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
+        smallyes '' | in_target dpkg --force-depends --install $(debfor "$@")
-	}
+    }
-	p () {
+    p () {
-		baseprog="$(($baseprog + ${1:-1}))"
+        baseprog="$(($baseprog + ${1:-1}))"
-	}
+    }
-	if doing_variant fakechroot; then
+    if doing_variant fakechroot; then
-		setup_proc_fakechroot
+        setup_proc_fakechroot
-	elif doing_variant scratchbox; then
+    elif doing_variant scratchbox; then
-		true
+        true
-	else
+    else
-		setup_proc
+        setup_proc
-		in_target /sbin/ldconfig
+        in_target /sbin/ldconfig
-	fi
+    fi
-	DEBIAN_FRONTEND=noninteractive
+    DEBIAN_FRONTEND=noninteractive
-	DEBCONF_NONINTERACTIVE_SEEN=true
+    DEBCONF_NONINTERACTIVE_SEEN=true
-	export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
+    export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN
-	baseprog=0
+    baseprog=0
-	bases=7
+    bases=7
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #1
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #1
-	info INSTCORE "Installing core packages..."
+    info INSTCORE "Installing core packages..."
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #2
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #2
-	ln -sf mawk "$TARGET/usr/bin/awk"
+    ln -sf mawk "$TARGET/usr/bin/awk"
-	x_core_install base-passwd
+    x_core_install base-passwd
-	x_core_install base-files
+    x_core_install base-files
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #3
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #3
-	x_core_install dpkg
+    x_core_install dpkg
-	if [ ! -e "$TARGET/etc/localtime" ]; then
+    if [ ! -e "$TARGET/etc/localtime" ]; then
-		ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
+        ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime"
-	fi
+    fi
-	if doing_variant fakechroot; then
+    if doing_variant fakechroot; then
-		install_fakechroot_tools
+        install_fakechroot_tools
-	fi
+    fi
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #4
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #4
-	x_core_install $LIBC
+    x_core_install $LIBC
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #5
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #5
-	x_core_install perl-base
+    x_core_install perl-base
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #6
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #6
-	rm "$TARGET/usr/bin/awk"
+    rm "$TARGET/usr/bin/awk"
-	x_core_install mawk
+    x_core_install mawk
-	p; progress $baseprog $bases INSTCORE "Installing core packages" #7
+    p; progress $baseprog $bases INSTCORE "Installing core packages" #7
-	if doing_variant -; then
+    if doing_variant -; then
-		x_core_install debconf
+        x_core_install debconf
-	fi
+    fi
-	baseprog=0
+    baseprog=0
-	bases=$(set -- $required; echo $#)
+    bases=$(set -- $required; echo $#)
-	info UNPACKREQ "Unpacking required packages..."
+    info UNPACKREQ "Unpacking required packages..."
-	exec 7>&1
+    exec 7>&1
-	smallyes '' |
+    smallyes '' |
-		(repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages.  This will be attempted up to five times." "" \
+        (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages.  This will be attempted up to five times." "" \
-		dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) |
+        dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) |
-		dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING
+        dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING
-	info CONFREQ "Configuring required packages..."
+    info CONFREQ "Configuring required packages..."
-	echo \
+    echo \
 "#!/bin/sh
 exit 101" > "$TARGET/usr/sbin/policy-rc.d"
-	chmod 755 "$TARGET/usr/sbin/policy-rc.d"
+    chmod 755 "$TARGET/usr/sbin/policy-rc.d"
-	mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
+    mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL"
-	echo \
+    echo \
 "#!/bin/sh
 echo
 echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon"
-	chmod 755 "$TARGET/sbin/start-stop-daemon"
+    chmod 755 "$TARGET/sbin/start-stop-daemon"
-	setup_dselect_method apt
+    setup_dselect_method apt
-	smallyes '' |
+    smallyes '' |
-		(in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
+        (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \
-		dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) |
+        dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) |
-		dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING
+        dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING
-	baseprog=0
+    baseprog=0
-	bases="$(set -- $base; echo $#)"
+    bases="$(set -- $base; echo $#)"
-	info UNPACKBASE "Unpacking the base system..."
+    info UNPACKBASE "Unpacking the base system..."
-	setup_available $required $base
+    setup_available $required $base
-	done_predeps=
+    done_predeps=
-	while predep=$(get_next_predep); do
+    while predep=$(get_next_predep); do
-		# We have to resolve dependencies of pre-dependencies manually because
+        # We have to resolve dependencies of pre-dependencies manually because
-		# dpkg --predep-package doesn't handle this.
+        # dpkg --predep-package doesn't handle this.
-		predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps")
+        predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps")
-		# XXX: progress is tricky due to how dpkg_progress works
+        # XXX: progress is tricky due to how dpkg_progress works
-		# -- cjwatson 2009-07-29
+        # -- cjwatson 2009-07-29
-		p; smallyes '' |
+        p; smallyes '' |
-		in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep)
+        in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep)
-		base=$(without "$base" "$predep")
+        base=$(without "$base" "$predep")
-		done_predeps="$done_predeps $predep"
+        done_predeps="$done_predeps $predep"
-	done
+    done
-	smallyes '' |
+    smallyes '' |
-		(repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages.  This will be re-attempted up to five times." "" \
+        (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages.  This will be re-attempted up to five times." "" \
-		dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) |
+        dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) |
-		dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING
+        dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING
-	info CONFBASE "Configuring the base system..."
+    info CONFBASE "Configuring the base system..."
-	smallyes '' |
+    smallyes '' |
-		(repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages.  This will be re-attempted up to five times." "" \
+        (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages.  This will be re-attempted up to five times." "" \
-		dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) |
+        dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) |
-		dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING
+        dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING
-	mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
+    mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon"
-	rm -f "$TARGET/usr/sbin/policy-rc.d"
+    rm -f "$TARGET/usr/sbin/policy-rc.d"
-	progress $bases $bases CONFBASE "Configuring base system"
+    progress $bases $bases CONFBASE "Configuring base system"
-	info BASESUCCESS "Base system installed successfully."
+    info BASESUCCESS "Base system installed successfully."
 }
--- a/img/gnusocial_sprite.png
+++ b/img/gnusocial_sprite.png
--- a/img/postactiv_sprite.png
+++ b/img/postactiv_sprite.png
--- a/img/release3.jpg
+++ b/img/release3.jpg
--- a/man/freedombone-image.1.gz
+++ b/man/freedombone-image.1.gz
--- a/man/freedombone.1.gz
+++ b/man/freedombone.1.gz
--- a/src/freedombone
+++ b/src/freedombone
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -65,6 +65,18 @@ if [[ $command_options == "menuconfig-onion" ]]; then
    ONION_ONLY="yes"
 fi
 if [[ $command_options == "menuconfig-gnusocial" ]]; then
    MINIMAL_INSTALL="yes"
    ONION_ONLY="no"
    SOCIALINSTANCE='gnusocial'
 fi
 if [[ $command_options == "menuconfig-postactiv" ]]; then
    MINIMAL_INSTALL="yes"
    ONION_ONLY="no"
    SOCIALINSTANCE='postactiv'
 fi
 if [ ! $CONFIGURATION_FILE ]; then
    CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 fi
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@ -59,10 +59,6 @@ DH_KEYLENGTH=2048
 INSTALL_DIR=/root/build
 LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
 MY_EMAIL_ADDRESS=
 FRIENDS_MIRRORS_SERVER=
 FRIENDS_MIRRORS_PASSWORD=
 FRIENDS_MIRRORS_SSH_PORT=
 MY_MIRRORS_PASSWORD=
 function show_help {
    echo ''
@ -222,7 +218,8 @@ function add_cert_letsencrypt {
    fi
    if [ ! -f /usr/bin/certbot ]; then
-        apt-get -yq install certbot -t jessie-backports
+        apt-get -yq install certbot
        groupadd ssl-cert
        if [ ! -f /usr/bin/certbot ]; then
            echo $'LetsEncrypt certbot failed to install'
            exit 762830
@ -311,7 +308,7 @@ function add_cert_selfsigned {
    openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
            -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-            -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
+            -newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \
            -out /etc/ssl/certs/${CERTFILE}.crt
    chmod 400 /etc/ssl/private/${CERTFILE}.key
    chmod 640 /etc/ssl/certs/${CERTFILE}.crt
@ -359,7 +356,6 @@ function create_cert {
    fi
 }
 read_repo_servers
 create_cert
 generate_dh_params
 restart_web_server
--- a/src/freedombone-addremove
+++ b/src/freedombone-addremove
@ -38,11 +38,13 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
    PROJECT_INSTALL_DIR=/usr/bin
 fi
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 # Start including files
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
 for f in $UTILS_FILES
 do
@ -55,6 +57,8 @@ do
  source $f
 done
 # End including files
 function mark_unselected_apps_as_removed {
    # Initially mark the apps not chosen on first install as being removed
    # otherwise they may be automatically installed on the next update
--- a/src/freedombone-adduser
+++ b/src/freedombone-adduser
@ -136,25 +136,27 @@ chmod 700 /home/$ADD_USERNAME/.gnupg
 chmod 600 /home/$ADD_USERNAME/.gnupg/*
 # Generate a GPG key
-echo 'Key-Type: 1' > /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Key-Length: 4096' >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Subkey-Type: 1' >> /home/$ADD_USERNAME/gpg-genkey.conf
+echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo 'Subkey-Length: 4096' >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo "Name-Real:  $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf
 echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf
 chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf
-su -c "gpg --batch --gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
+su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
 chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
 shred -zu /home/$ADD_USERNAME/gpg-genkey.conf
 MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
 MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg
-su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
+su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
 if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
    echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
    userdel -r $ADD_USERNAME
    exit 7
 fi
 gpg_agent_setup $ADD_USERNAME
 # add a monkeysphere subkey
 #echo $'Adding monkeysphere subkey'
@ -162,28 +164,28 @@ fi
 #echo $'Adding monkeysphere subkey to ssh-agent'
 #su -c "monkeysphere s" - $ADD_USERNAME
 # add authorized GPG email address
-mkdir /home/$ADD_USERNAME/.monkeysphere
+#mkdir /home/$ADD_USERNAME/.monkeysphere
-chmod 755 /home/$ADD_USERNAME/.monkeysphere
+#chmod 755 /home/$ADD_USERNAME/.monkeysphere
-echo "$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>" > /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
+#echo "$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>" > /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
-chmod 644 /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
+#chmod 644 /home/$ADD_USERNAME/.monkeysphere/authorized_user_ids
-chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.monkeysphere
+#chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.monkeysphere
-echo $'Updating monkeysphere users'
+#echo $'Updating monkeysphere users'
-monkeysphere-authentication update-users
+#monkeysphere-authentication update-users
 if [ -f /home/$ADD_USERNAME/.muttrc ]; then
    # encrypt outgoing mail to the "sent" folder
    if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then
        echo '' >> /home/$ADD_USERNAME/.muttrc
        echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc
-        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
    else
-        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
    fi
    if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then
-        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
    else
-        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
    fi
 fi
@ -227,14 +229,14 @@ do
 done
 if [ -f /etc/nginx/.htpasswd ]; then
-    if ! grep "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
+    if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
        echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME
    fi
 fi
 # add user menu on ssh login
-if ! grep -q 'control' /home/$ADD_USERNAME/.bashrc; then
+if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then
-    echo 'control' >> /home/$ADD_USERNAME/.bashrc
+    echo 'controluser' >> /home/$ADD_USERNAME/.bashrc
 fi
 ${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD"
--- a/src/freedombone-app-batman
+++ b/src/freedombone-app-batman
@ -39,6 +39,14 @@ BATMAN_CELLID='any'
 batman_variables=(MY_USERNAME
                  BATMAN_CELLID)
 function logging_on_batman {
    echo -n ''
 }
 function logging_off_batman {
    echo -n ''
 }
 function install_interactive_batman {
    echo -n ''
    APP_INSTALLED=1
--- a/src/freedombone-app-cryptpad
+++ b/src/freedombone-app-cryptpad
@ -42,6 +42,14 @@ CRYPTPAD_DIR=/etc/cryptpad
 cryptpad_variables=(ONION_ONLY)
 function logging_on_cryptpad {
    echo -n ''
 }
 function logging_off_cryptpad {
    echo -n ''
 }
 function remove_user_cryptpad {
    remove_username="$1"
 }
@ -157,6 +165,7 @@ function remove_cryptpad {
    if [ -f /etc/systemd/system/cryptpad.service ]; then
        rm /etc/systemd/system/cryptpad.service
    fi
    systemctl daemon-reload
    function_check remove_nodejs
    remove_nodejs cryptpad
@ -190,8 +199,16 @@ function install_cryptpad_main {
        rm -rf $CRYPTPAD_DIR
    fi
-    function_check git_clone
+    if [ -d /repos/cryptpad ]; then
-    git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
+        mkdir $CRYPTPAD_DIR
        cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
        cd $CRYPTPAD_DIR
        git pull
    else
        function_check git_clone
        git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
    fi
    if [ ! -d $CRYPTPAD_DIR ]; then
        echo $'Unable to clone cryptpad repo'
        exit 783251
@ -286,6 +303,7 @@ function install_cryptpad {
    npm install
    npm install -g bower@1.8.0
    chown -R cryptpad:cryptpad $CRYPTPAD_DIR
    su -c 'bower install' - cryptpad
    cp config.example.js config.js
    if [ ! -f config.js ]; then
@ -333,6 +351,10 @@ function install_cryptpad {
    fi
    chown -R cryptpad:cryptpad $CRYPTPAD_DIR
    # install again
    cd $CRYPTPAD_DIR
    su -c 'bower install' - cryptpad
    systemctl restart nginx
    APP_INSTALLED=1
--- a/src/freedombone-app-dlna
+++ b/src/freedombone-app-dlna
@ -38,6 +38,14 @@ dlna_variables=(SYSTEM_TYPE
                INSTALLED_WITHIN_DOCKER
                MY_USERNAME)
 function logging_on_dlna {
    echo -n ''
 }
 function logging_off_dlna {
    echo -n ''
 }
 function configure_interactive_dlna {
    while true
    do
--- a/src/freedombone-app-dokuwiki
+++ b/src/freedombone-app-dokuwiki
@ -34,10 +34,13 @@ IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
 DOKUWIKI_DOMAIN_NAME=
 DOKUWIKI_ADMIN_PASSWORD=
 DOKUWIKI_TITLE="${PROJECT_NAME} Dokuwiki"
 DOKUWIKI_CODE=
 DOKUWIKI_ONION_PORT=8089
 DOKUWIKI_ADMIN_PASSWORD=
 DOKUWIKI_TITLE="${PROJECT_NAME} Dokuwiki"
 DOKUWIKI_REPO="https://github.com/splitbrain/dokuwiki"
 DOKUWIKI_COMMIT='be15c01c0b982cf1a75b5af031bf077143c63f39'
 dokuwiki_variables=(ONION_ONLY
                    MY_USERNAME
@ -46,6 +49,14 @@ dokuwiki_variables=(ONION_ONLY
                    DOKUWIKI_CODE
                    DDNS_PROVIDER)
 function logging_on_dokuwiki {
    echo -n ''
 }
 function logging_off_dokuwiki {
    echo -n ''
 }
 function install_interactive_dokuwiki {
    if [[ $ONION_ONLY != "no" ]]; then
        DOKUWIKI_TITLE=$'My Dokuwiki'
@ -63,15 +74,18 @@ function change_password_dokuwiki {
    curr_username="$1"
    new_user_password="$2"
-    if grep "$curr_username:" /var/lib/dokuwiki/acl/users.auth.php; then
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
    if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
        HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-        existing_user=$(cat /var/lib/dokuwiki/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
+        existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
        if [[ "$existing_user" == *":admin,"* ]]; then
-            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/lib/dokuwiki/acl/users.auth.php
+            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
        else
-            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/lib/dokuwiki/acl/users.auth.php
+            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
        fi
-        chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
        ${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password"
    fi
 }
@ -80,17 +94,22 @@ function add_user_dokuwiki {
    new_username="$1"
    new_user_password="$2"
    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
    HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/lib/dokuwiki/acl/users.auth.php
+    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
    ${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password"
 }
 function remove_user_dokuwiki {
    remove_username="$1"
-    if grep "$remove_username:" /var/lib/dokuwiki/acl/users.auth.php; then
+    read_config_param "DOKUWIKI_DOMAIN_NAME"
-        sed -i "/$remove_username:/d" /var/lib/dokuwiki/acl/users.auth.php
+    if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
        ${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki
    fi
 }
@ -100,24 +119,37 @@ function reconfigure_dokuwiki {
 }
 function upgrade_dokuwiki {
-    echo -n ''
+    function_check set_repo_commit
    set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
 }
 function backup_local_dokuwiki {
-    source_directory=/var/lib/dokuwiki
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
    function_check backup_directory_to_usb
    # backup the data
    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
    if [ -d $source_directory ]; then
-        dest_directory=dokuwiki
+        dest_directory=dokuwikidat
-        function_check backup_directory_to_usb
+        backup_directory_to_usb $source_directory $dest_directory
    fi
    # backup the users
    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
    if [ -d $source_directory ]; then
        dest_directory=dokuwikiacl
        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
        backup_directory_to_usb $source_directory $dest_directory
        backup_directory_to_usb /etc/dokuwiki dokuwiki2
    fi
 }
-function restore_local_dokuwiki {
+function restore_local_dokuwiki_legacy {
    if [ -d /var/lib/dokuwiki ]; then
-        echo $"Restoring Dokuwiki installation"
+        echo $"Restoring Legacy Dokuwiki installation"
        function_check get_completion_param
        DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
        temp_restore_dir=/root/tempdokuwiki
        function_check restore_directory_from_usb
        if [ -d ${USB_MOUNT}/backup/dokuwiki ]; then
@ -125,87 +157,133 @@ function restore_local_dokuwiki {
        else
            restore_directory_from_usb ${temp_restore_dir} wiki
        fi
-        cp -r ${temp_restore_dir}/var/lib/dokuwiki/* /var/lib/dokuwiki/
+
        # restore the data
        cp -r ${temp_restore_dir}/var/lib/dokuwiki/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
        if [ ! "$?" = "0" ]; then
            function_check restore_directory_from_usb
            set_user_permissions
            function_check backup_unmount_drive
            backup_unmount_drive
-            exit 868
+            rm -rf ${temp_restore_dir}
            exit 73562
        fi
-        if [ -d ${USB_MOUNT}/backup/wiki2 ]; then
+
-            restore_directory_from_usb ${temp_restore_dir}2 wiki2
+        # restore the users
-        else
+        cp -r ${temp_restore_dir}/var/lib/dokuwiki/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
-            restore_directory_from_usb ${temp_restore_dir}2 dokuwiki2
+        cp -r ${temp_restore_dir}/var/lib/dokuwiki/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf
        fi
        cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/
        if [ ! "$?" = "0" ]; then
-            function_check set_user_permissions
+            function_check restore_directory_from_usb
            set_user_permissions
            function_check backup_unmount_drive
            backup_unmount_drive
-            exit 869
+            rm -rf ${temp_restore_dir}
            exit 23985
        fi
        rm -rf ${temp_restore_dir}
-        rm -rf ${temp_restore_dir}2
+
-        #rm -rf /var/lib/dokuwiki/data/cache/*
+        chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
-        #rm -rf /var/lib/dokuwiki/data/meta/*
+        chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
-        chmod -R 755 /var/lib/dokuwiki/data
+        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-        chown -R www-data:www-data /var/lib/dokuwiki/data
+        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        chown -R www-data:www-data /var/lib/dokuwiki/*
+        chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-        # Ensure that the bundled SSL cert is being used
+        echo $"Restore of Legacy Dokuwiki complete"
        if [ -f /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.bundle.crt ]; then
            sed -i "s|${DOKUWIKI_DOMAIN_NAME}.crt|${DOKUWIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${DOKUWIKI_DOMAIN_NAME}
        fi
        if [ -d /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME} ]; then
            ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${DOKUWIKI_DOMAIN_NAME}.key
            ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.pem
        fi
        echo $"Restore of Dokuwiki complete"
    fi
 }
 function restore_local_dokuwiki {
    if [ -d ${USB_MOUNT}/backup/dokuwiki ]; then
        restore_local_dokuwiki_legacy
        return
    fi
    echo $"Restoring Dokuwiki installation"
    function_check get_completion_param
    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
    # restore the data
    temp_restore_dir=/root/tempdokuwikidat
    function_check restore_directory_from_usb
    restore_directory_from_usb ${temp_restore_dir} dokuwikidat
    cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
    if [ ! "$?" = "0" ]; then
        function_check restore_directory_from_usb
        set_user_permissions
        function_check backup_unmount_drive
        backup_unmount_drive
        rm -rf ${temp_restore_dir}
        exit 683352
    fi
    rm -rf ${temp_restore_dir}
    # restore the users
    temp_restore_dir=/root/tempdokuwikiacl
    function_check restore_directory_from_usb
    restore_directory_from_usb ${temp_restore_dir} dokuwikiacl
    cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
    cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
    if [ ! "$?" = "0" ]; then
        function_check restore_directory_from_usb
        set_user_permissions
        function_check backup_unmount_drive
        backup_unmount_drive
        rm -rf ${temp_restore_dir}
        exit 456495
    fi
    rm -rf ${temp_restore_dir}
    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
    echo $"Restore of Dokuwiki complete"
 }
 function backup_remote_dokuwiki {
-    if [ -d /etc/dokuwiki ]; then
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
    if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
        echo $"Backing up dokuwiki"
-        backup_directory_to_friend /var/lib/dokuwiki dokuwiki
+        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat
-        backup_directory_to_friend /etc/dokuwiki dokuwiki2
+        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl
    fi
 }
 function restore_remote_dokuwiki {
-    if [ -d $SERVER_DIRECTORY/backup/dokuwiki ]; then
+    DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
-        function_check get_completion_param
+    function_check get_completion_param
-        DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
+    function_check restore_directory_from_friend
-        echo $"Restoring Dokuwiki installation $DOKUWIKI_DOMAIN_NAME"
+
-        function_check restore_directory_from_friend
+    if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then
-        restore_directory_from_friend /root/tempdokuwiki dokuwiki
+        echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME"
-        cp -r /root/tempdokuwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/
+        restore_directory_from_friend /root/tempdokuwikidat dokuwikidat
        cp -r /root/tempdokuwikidat/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
        if [ ! "$?" = "0" ]; then
-            exit 868
+            exit 92634
        fi
-        restore_directory_from_friend /root/tempdokuwiki2 dokuwiki2
+        rm -rf /root/tempdokuwikidat
-        cp -r /root/tempdokuwiki2/etc/dokuwiki/* /etc/dokuwiki/
+
-        if [ ! "$?" = "0" ]; then
+        echo $"Restore of Dokuwiki data complete"
            exit 869
        fi
        rm -rf /root/tempdokuwiki
        rm -rf /root/tempdokuwiki2
        #rm -rf /var/lib/dokuwiki/data/cache/*
        #rm -rf /var/lib/dokuwiki/data/meta/*
        chmod -R 755 /var/lib/dokuwiki/data
        chown -R www-data:www-data /var/lib/dokuwiki/data
        chown -R www-data:www-data /var/lib/dokuwiki/*
        # Ensure that the bundled SSL cert is being used
        if [ -f /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.bundle.crt ]; then
            sed -i "s|${DOKUWIKI_DOMAIN_NAME}.crt|${DOKUWIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${DOKUWIKI_DOMAIN_NAME}
        fi
        if [ -d /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME} ]; then
            ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${DOKUWIKI_DOMAIN_NAME}.key
            ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.pem
        fi
        echo $"Restore of Dokuwiki complete"
    fi
    if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then
        echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME"
        restore_directory_from_friend /root/tempdokuwikiacl dokuwikiacl
        cp -r /root/tempdokuwikidat/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
        if [ ! "$?" = "0" ]; then
            exit 735287
        fi
        rm -rf /root/tempdokuwikiacl
        echo $"Restore of Dokuwiki users complete"
    fi
    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data
    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib
    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
 }
 function remove_dokuwiki {
@ -219,7 +297,6 @@ function remove_dokuwiki {
    if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then
        rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
    fi
    apt-get -yq remove --purge dokuwiki
    if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
        rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME
    fi
@ -244,60 +321,53 @@ function install_dokuwiki {
    if [ ! $DOKUWIKI_DOMAIN_NAME ]; then
        return
    fi
-    apt-get -yq install dokuwiki
+
-    apt-get -yq remove --purge apache*
+    apt-get -yq install php-common php-cli php-curl php-gd php-mcrypt git
    apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
    apt-get -yq install php-memcached memcached
    if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
        mkdir /var/www/$DOKUWIKI_DOMAIN_NAME
    fi
    if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then
        cd /var/www/$DOKUWIKI_DOMAIN_NAME
        if [ -d /repos/dokuwiki ]; then
            mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
            cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
            cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
            git pull
        else
            function_check git_clone
            git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
        fi
        cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
        git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT
        set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT"
    fi
    apt-get -yq remove --purge apache2-bin*
    if [ -d /etc/apache2 ]; then
        rm -rf /etc/apache2
        echo $'Removed Apache installation after Dokuwiki install'
    fi
-    if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
+    echo '<?php' > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-        mkdir /var/www/$DOKUWIKI_DOMAIN_NAME
+    echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    fi
+    echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
+    echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-        rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    fi
+    echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
    echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
    ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php
-    ln -s /usr/share/dokuwiki /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-
+    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-    if [ ! -d /var/lib/dokuwiki/custom ]; then
+    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
-        mkdir /var/lib/dokuwiki/custom
+    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
    fi
    cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
    if [ ! -f /etc/dokuwiki/local.php ]; then
        ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
    fi
    chown www-data /var/lib/dokuwiki/custom
    chown www-data /var/lib/dokuwiki/custom/local.php
    chown -R www-data /etc/dokuwiki
    chown -R www-data /usr/share/dokuwiki/lib/
    chmod 600 /var/lib/dokuwiki/custom/local.php
    chmod -R 755 /usr/share/dokuwiki/lib
    sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
    sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
    sed -i "s|Debian Dokuwiki|$DOKUWIKI_TITLE|g" /etc/dokuwiki/local.php
    sed -i "s|Debian DokuWiki|$DOKUWIKI_TITLE|g" /etc/dokuwiki/local.php
    # set the admin user
    sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
    # disallow registration of new users
    if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
        echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
    fi
    if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
        echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
    fi
    if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
        echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
    fi
    if ! grep -q "authtype" /etc/dokuwiki/local.php; then
        echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
    fi
    if [ -f $IMAGE_PASSWORD_FILE ]; then
        DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
@ -307,17 +377,18 @@ function install_dokuwiki {
        fi
    fi
    HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
-    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
+    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/lib/dokuwiki/acl/users.auth.php
+    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
+    if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'ogv     video/ogg' >> /etc/dokuwiki/mime.conf
+        echo 'ogv     video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
    fi
-    if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
+    if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'mp4     video/mp4' >> /etc/dokuwiki/mime.conf
+        echo 'mp4     video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
    fi
-    if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
+    if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'webm    video/webm' >> /etc/dokuwiki/mime.conf
+        echo 'webm    video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
    fi
    DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})
@ -379,10 +450,11 @@ function install_dokuwiki {
        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
@ -457,10 +529,11 @@ function install_dokuwiki {
    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
@ -491,7 +564,7 @@ function install_dokuwiki {
    nginx_ensite $DOKUWIKI_DOMAIN_NAME
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
    systemctl restart nginx
    function_check add_ddns_domain
--- a/src/freedombone-app-emacs
+++ b/src/freedombone-app-emacs
@ -36,6 +36,14 @@ SHOW_ON_ABOUT=0
 emacs_variables=(USB_MOUNT
                 MY_USERNAME)
 function logging_on_emacs {
    echo -n ''
 }
 function logging_off_emacs {
    echo -n ''
 }
 function reconfigure_emacs {
    echo -n ''
 }
@ -133,7 +141,7 @@ function restore_remote_emacs {
 }
 function remove_emacs {
-    apt-get -yq remove --purge emacs24
+    apt-get -yq remove --purge emacs
    update-alternatives --set editor /usr/bin/nano
    sed -i '/install_emacs/d' $COMPLETION_FILE
@ -156,8 +164,8 @@ function remove_emacs {
 }
 function install_emacs {
-    apt-get -yq install emacs24
+    apt-get -yq install emacs
-    update-alternatives --set editor /usr/bin/emacs24
+    update-alternatives --set editor /usr/bin/emacs
    # A minimal emacs configuration
    #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
--- a/src/freedombone-app-etherpad
+++ b/src/freedombone-app-etherpad
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -52,6 +52,14 @@ etherpad_variables=(ONION_ONLY
                    DDNS_PROVIDER
                    MY_USERNAME)
 function logging_on_etherpad {
    echo -n ''
 }
 function logging_off_etherpad {
    echo -n ''
 }
 function etherpad_password_hash {
    echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
 }
@ -62,7 +70,7 @@ function change_password_etherpad {
    read_config_param ETHERPAD_DOMAIN_NAME
-    if grep "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
+    if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
        user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
        if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
@ -302,6 +310,11 @@ function reconfigure_etherpad {
 }
 function upgrade_etherpad {
    CURR_ETHERPAD_COMMIT=$(get_completion_param "etherpad commit")
    if [[ "$CURR_ETHERPAD_COMMIT" == "$ETHERPAD_COMMIT" ]]; then
        return
    fi
    read_config_param "ETHERPAD_DOMAIN_NAME"
    function_check set_repo_commit
@ -355,6 +368,11 @@ function restore_local_etherpad {
        if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
            chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
        fi
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
        MARIADB_PASSWORD=
    fi
 }
@ -400,6 +418,11 @@ function restore_remote_etherpad {
        if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
            chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
        fi
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
        MARIADB_PASSWORD=
    fi
 }
@ -415,6 +438,7 @@ function remove_etherpad {
        systemctl disable etherpad
        rm /etc/systemd/system/etherpad.service
    fi
    systemctl daemon-reload
    nginx_dissite $ETHERPAD_DOMAIN_NAME
    remove_certs $ETHERPAD_DOMAIN_NAME
    if [ -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
@ -431,9 +455,11 @@ function remove_etherpad {
    remove_completion_param install_etherpad
    sed -i '/etherpad/d' $COMPLETION_FILE
    remove_backup_database_local etherpad
    deluser --remove-all-files etherpad
    remove_nodejs etherpad
    groupdel -f etherpad
    userdel -r etherpad
    function_check remove_ddns_domain
    remove_ddns_domain $ETHERPAD_DOMAIN_NAME
 }
@ -444,6 +470,8 @@ function install_etherpad {
        exit 7359
    fi
    check_ram_availability 2000
    if [ -f $IMAGE_PASSWORD_FILE ]; then
        ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
    else
@ -472,8 +500,17 @@ function install_etherpad {
        mkdir /var/www/$ETHERPAD_DOMAIN_NAME
    fi
    if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
+
-        git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+        if [ -d /repos/etherpad ]; then
            mkdir /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
            cp -r -p /repos/etherpad/. /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
            cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
            git pull
        else
            function_check git_clone
            git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
        fi
        if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
            echo $'Unable to clone etherpad repo'
            exit 56382
@ -612,6 +649,7 @@ function install_etherpad {
    set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME"
    systemctl restart mariadb
    systemctl enable etherpad
    systemctl daemon-reload
    systemctl start etherpad
--- a/src/freedombone-app-friendica
+++ b/src/freedombone-app-friendica
@ -50,6 +50,14 @@ friendica_variables=(ONION_ONLY
                     FRIENDICA_REPO
                     FRIENDICA_ADDONS_REPO)
 function logging_on_friendica {
    echo -n ''
 }
 function logging_off_friendica {
    echo -n ''
 }
 function remove_user_friendica {
    remove_username="$1"
    ${PROJECT_NAME}-pass -u $remove_username --rmapp friendica
@ -213,6 +221,11 @@ function reconfigure_friendica {
 }
 function upgrade_friendica {
    CURR_FRIENDICA_COMMIT=$(get_completion_param "friendica commit")
    if [[ "$CURR_FRIENDICA_COMMIT" == "$FRIENDICA_COMMIT" ]]; then
        return
    fi
    FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
    function_check set_repo_commit
@ -247,6 +260,11 @@ function restore_local_friendica {
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
        MARIADB_PASSWORD=
    fi
 }
@ -282,6 +300,11 @@ function restore_remote_friendica {
    if [ -d /root/tempfriendica ]; then
        rm -rf /root/tempfriendica
    fi
    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
    FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
    MARIADB_PASSWORD=
 }
 function remove_friendica {
@ -327,9 +350,9 @@ function install_friendica {
    function_check repair_databases_script
    repair_databases_script
-    apt-get -yq install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
+    apt-get -yq install php-common php-cli php-curl php-gd php-mysql php-mcrypt git
-    apt-get -yq install php5-dev imagemagick php5-imagick
+    apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
-    apt-get -yq install php5-memcached
+    apt-get -yq install php-memcached
    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
        mkdir /var/www/$FRIENDICA_DOMAIN_NAME
@ -340,8 +363,17 @@ function install_friendica {
    if [ ! -f $FRIENDICA_PATH/index.php ]; then
        cd $INSTALL_DIR
-        function_check git_clone
+
-        git_clone $FRIENDICA_REPO friendica
+        if [ -d /repos/friendica ]; then
            mkdir friendica
            cp -r -p /repos/friendica/. friendica
            cd friendica
            git pull
        else
            function_check git_clone
            git_clone $FRIENDICA_REPO friendica
        fi
        git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT
        set_completion_param "friendica commit" "$FRIENDICA_COMMIT"
@ -425,11 +457,12 @@ function install_friendica {
        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
@ -493,11 +526,12 @@ function install_friendica {
        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
@ -588,7 +622,8 @@ function install_friendica {
    chown www-data:www-data $FRIENDICA_PATH/.htconfig.php
    chmod 755 $FRIENDICA_PATH/.htconfig.php
-    systemctl restart php5-fpm
+    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx
    systemctl restart cron
--- a/src/freedombone-app-ghost
+++ b/src/freedombone-app-ghost
@ -9,6 +9,7 @@
 #                    Freedom in the Cloud
 #
 # Ghost blog
 # Only works with nodejs version ^6.9.0
 #
 # License
 # =======
@ -37,8 +38,8 @@ GHOST_DOMAIN_NAME=
 GHOST_CODE=
 GHOST_ONION_PORT=8104
 GHOST_PORT=2368
-GHOST_VERSION='0.11.8'
+GHOST_VERSION='0.11.10'
-GHOST_HASH='244faad0b16eb1b90c8095f1e536db65299a3a2d85a20af76342be3707522b38'
+GHOST_HASH='cccdf02d46112f1671739696f2b1888a90a5c3bdf2fae45e8e81d538a8e0f487'
 GHOST_DOWNLOAD_URL="https://github.com/TryGhost/Ghost/releases/download/${GHOST_VERSION}/Ghost-${GHOST_VERSION}.zip"
 ghost_variables=(GHOST_DOMAIN_NAME
@ -48,6 +49,14 @@ ghost_variables=(GHOST_DOMAIN_NAME
                 DDNS_PROVIDER
                 MY_USERNAME)
 function logging_on_ghost {
    echo -n ''
 }
 function logging_off_ghost {
    echo -n ''
 }
 function ghost_replace_jquery {
    sed -i "s|code.jquery.com/jquery-${previous_jquery_version}.min.js|$GHOST_DOMAIN_NAME/jquery-${jquery_version}.js|g" content/themes/casper/default.hbs
    sed -i "s|code.jquery.com/jquery-${previous_jquery_version}.min.js|$GHOST_DOMAIN_NAME/jquery-${jquery_version}.js|g" core/server/data/migration/fixtures/004/01-move-jquery-with-alert.js
@ -170,7 +179,7 @@ function upgrade_ghost {
    GHOST_PATH=/var/www/$GHOST_DOMAIN_NAME/htdocs
    cd $GHOST_PATH
-    if [ ! -f ghost-${GHOST_VERSION}.zip ]; then
+    if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
        wget ${GHOST_DOWNLOAD_URL}
    fi
    if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
@ -233,6 +242,28 @@ function restore_local_ghost {
        function_check restore_database
        restore_database ghost ${GHOST_DOMAIN_NAME}
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
        sed -i "s|password :.*|password : '${MARIADB_PASSWORD}',|g" $ghost_config
        MARIADB_PASSWORD=
        # install any missing packages
        if [ ! -d /var/www/${GHOST_DOMAIN_NAME}/htdocs/node_modules/intl ]; then
            cd /var/www/${GHOST_DOMAIN_NAME}/htdocs
            npm install passport-http-bearer@1.0.1
            npm install amperize@0.3.4
            npm install bcryptjs@2.4.3
            npm install knex@0.12.9
            npm install bookshelf@0.10.2
            npm install cookie-session@1.2.0
            npm install ghost-gql@0.0.6
            npm install intl@1.2.5
            npm install sanitize-html@1.14.1
            npm install showdown-ghost@0.3.6
            npm install superagent@3.5.2
            npm install mysql@2.1.1
        fi
        systemctl start ghost
        restart_site
    fi
@ -273,6 +304,29 @@ function restore_remote_ghost {
    ghost_create_database
    restore_database_from_friend ghost ${GHOST_DOMAIN_NAME}
    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
    ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
    sed -i "s|password :.*|password : '${MARIADB_PASSWORD}',|g" $ghost_config
    MARIADB_PASSWORD=
    # install any missing packages
    if [ ! -d /var/www/${GHOST_DOMAIN_NAME}/htdocs/node_modules/intl ]; then
        cd /var/www/${GHOST_DOMAIN_NAME}/htdocs
        npm install passport-http-bearer@1.0.1
        npm install amperize@0.3.4
        npm install bcryptjs@2.4.3
        npm install knex@0.12.9
        npm install bookshelf@0.10.2
        npm install cookie-session@1.2.0
        npm install ghost-gql@0.0.6
        npm install intl@1.2.5
        npm install sanitize-html@1.14.1
        npm install showdown-ghost@0.3.6
        npm install superagent@3.5.2
        npm install mysql@2.1.1
    fi
    systemctl start ghost
    restart_site
    chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs/
@ -286,6 +340,7 @@ function remove_ghost {
    systemctl stop ghost
    systemctl disable ghost
    rm /etc/systemd/system/ghost.service
    systemctl daemon-reload
    function_check remove_nodejs
    remove_nodejs ghost
@ -296,7 +351,6 @@ function remove_ghost {
    read_config_param "GHOST_DOMAIN_NAME"
    nginx_dissite $GHOST_DOMAIN_NAME
    remove_certs ${GHOST_DOMAIN_NAME}
    deluser --remove-all-files ghost
    if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then
        rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME
    fi
@ -311,6 +365,9 @@ function remove_ghost {
    sed -i '/Ghost/d' $COMPLETION_FILE
    sed -i '/ghost/d' $COMPLETION_FILE
    groupdel -f ghost
    userdel -r ghost
    function_check remove_ddns_domain
    remove_ddns_domain $GHOST_DOMAIN_NAME
 }
@ -318,6 +375,9 @@ function remove_ghost {
 function ghost_create_config {
    ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
    function_check get_mariadb_password
    get_mariadb_password
    echo "var path = require('path')," > $ghost_config
    echo '    config;' >> $ghost_config
    echo '' >> $ghost_config
@ -393,7 +453,9 @@ function install_ghost {
        mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs
    fi
    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
-    wget ${GHOST_DOWNLOAD_URL}
+    if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
        wget ${GHOST_DOWNLOAD_URL}
    fi
    if [ ! -f Ghost-${GHOST_VERSION}.zip ]; then
        echo $'Unable to download ghost'
        rm -rf /var/www/$GHOST_DOMAIN_NAME
@ -418,6 +480,60 @@ function install_ghost {
    install_nodejs ghost
    sed -i "/sqlite/d" /var/www/${GHOST_DOMAIN_NAME}/htdocs/package.json
    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
    npm install -g jison@0.4.13 --save
    npm install moment-timezone@0.5.13
    npm install express@4.15.3
    npm install lodash@4.17.4
    npm install uuid@3.0.1
    npm install bluebird@3.5.0
    npm install chalk@1.1.3
    npm install intl-messageformat@1.3.0
    npm install validator@7.0.0
    npm install express-hbs@1.0.4
    npm install glob@7.1.2
    npm install unidecode@0.1.8
    npm install csv-parser@1.11.0
    npm install archiver@1.3.0
    npm install fs-extra@3.0.1
    npm install extract-zip-fork@1.5.1
    npm install moment@2.18.1
    npm install nodemailer@4.0.1
    npm install html-to-text@3.3.0
    npm install gscan@1.1.0
    npm install body-parser@1.17.2
    npm install compression@1.6.2
    npm install morgan@1.8.2
    npm install semver@5.3.0
    npm install path-match@1.2.4
    npm install downsize@0.0.8
    npm install rss@1.2.2
    npm install cheerio@1.0.0-rc.1
    npm install passport@0.3.2
    npm install xml@1.0.1
    npm install multer@1.3.0
    npm install oauth2orize@1.8.0
    npm install connect-slashes@1.3.1
    npm install cors@2.8.3
    npm install netjet@1.1.3
    npm install jsonpath@0.2.11
    npm install image-size@0.5.4
    npm install passport-oauth2-client-password@0.1.2
    npm install passport-http-bearer@1.0.1
    npm install amperize@0.3.4
    npm install bcryptjs@2.4.3
    npm install knex@0.12.9
    npm install bookshelf@0.10.2
    npm install cookie-session@1.2.0
    npm install ghost-gql@0.0.6
    npm install intl@1.2.5
    npm install sanitize-html@1.14.1
    npm install showdown-ghost@0.3.6
    npm install superagent@3.5.2
    npm install mysql@2.1.1
    npm install mariasql@0.2.6
    npm install --production
    function_check install_mariadb
@ -432,7 +548,7 @@ function install_ghost {
    ghost_create_config
    adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost
-    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs/
+    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
    echo '[Unit]' > /etc/systemd/system/ghost.service
    echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service
@ -540,6 +656,7 @@ function install_ghost {
    if [[ $ONION_ONLY != 'no' ]]; then
        sed -i "s|url: .*|url: 'http://${GHOST_ONION_HOSTNAME}',|g" /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
        systemctl restart mariadb
        systemctl restart ghost
    fi
@ -549,12 +666,14 @@ function install_ghost {
    nginx_ensite $GHOST_DOMAIN_NAME
    systemctl restart nginx
    systemctl restart mariadb
    ${PROJECT_NAME}-pass -u $MY_USERNAME -a ghost -p "$GHOST_ADMIN_PASSWORD"
    function_check add_ddns_domain
    add_ddns_domain $GHOST_DOMAIN_NAME
    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
    set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
    if ! grep -q "ghost version:" ${COMPLETION_FILE}; then
        echo "ghost version:${GHOST_VERSION}" >> ${COMPLETION_FILE}
--- a/src/freedombone-app-gnusocial
+++ b/src/freedombone-app-gnusocial
@ -37,18 +37,10 @@ GNUSOCIAL_DOMAIN_NAME=
 GNUSOCIAL_CODE=
 GNUSOCIAL_ONION_PORT=8087
 GNUSOCIAL_REPO="https://git.gnu.io/gnu/gnu-social.git"
-GNUSOCIAL_COMMIT='1517deeeb621a0256106d0108855e8827713e2cc'
+GNUSOCIAL_COMMIT='05a9c11c476b384e5ef3f3cc83b66406fcf7a378'
 GNUSOCIAL_ADMIN_PASSWORD=
 GNUSOCIAL_BACKGROUND_IMAGE_URL=
 GNUSOCIAL_MARKDOWN_REPO="https://git.gnu.io/chimo/markdown.git"
 GNUSOCIAL_MARKDOWN_COMMIT='03c53942f94b3376f0946e6e1fe566cc21ccf232'
 # Sharings plugin for gnusocial
 SHARINGS_REPO="http://git.lasindias.club/bashrc/Sharings"
 SHARINGS_COMMIT='d5c6c7f855d9afff9086c09ea706f38c859bc0d4'
 SHARINGS_THEME_REPO="http://git.lasindias.club/manuel/SharingsTheme"
 SHARINGS_THEME_COMMIT='7106c7ef03'
 GNUSOCIAL_TITLE='Pleroma FE'
@ -61,16 +53,18 @@ gnusocial_variables=(ONION_ONLY
                     GNUSOCIAL_WELCOME_MESSAGE
                     GNUSOCIAL_BACKGROUND_IMAGE_URL
                     DDNS_PROVIDER
                     GNUSOCIAL_MARKDOWN_REPO
                     GNUSOCIAL_MARKDOWN_COMMIT
                     SHARINGS_REPO
                     SHARINGS_COMMIT
                     SHARINGS_THEME_REPO
                     SHARINGS_THEME_COMMIT
                     GNUSOCIAL_TITLE
                     GNUSOCIAL_EXPIRE_MONTHS
                     MY_USERNAME)
 function logging_on_gnusocial {
    echo -n ''
 }
 function logging_off_gnusocial {
    echo -n ''
 }
 function gnusocial_fix_endless_reloads {
    # This fixes a bug introduced with commit 5f7032dfee1fd202c14e76a9f8b37af35d584901
    # and which causes OrFox to endlessly reload the page
@ -311,15 +305,14 @@ function configure_interactive_gnusocial {
        trap "rm -f $data" 0 1 2 5 15
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"GNU Social" \
-               --radiolist $"Choose an operation:" 17 70 8 \
+               --radiolist $"Choose an operation:" 16 70 7 \
               1 $"Set a background image" off \
               2 $"Set the title" off \
               3 $"Set post expiry period (currently $GNUSOCIAL_EXPIRE_MONTHS months)" off \
               4 $"Select Qvitter user interface" off \
               5 $"Select Pleroma user interface" off \
               6 $"Select Classic user interface" off \
-               7 $"Select Armadillo user interface" off \
+               7 $"Exit" on 2> $data
               8 $"Exit" on 2> $data
        sel=$?
        case $sel in
            1) return;;
@ -332,13 +325,17 @@ function configure_interactive_gnusocial {
            4) gnusocial_use_qvitter gnusocial;;
            5) gnusocial_use_pleroma gnusocial;;
            6) gnusocial_use_classic gnusocial;;
-            7) gnusocial_use_armadillo gnusocial;;
+            7) break;;
            8) break;;
        esac
    done
 }
 function upgrade_gnusocial {
    CURR_GNUSOCIAL_COMMIT=$(get_completion_param "gnusocial commit")
    if [[ "$CURR_GNUSOCIAL_COMMIT" == "$GNUSOCIAL_COMMIT" ]]; then
        return
    fi
    if grep -q "gnusocial domain" $COMPLETION_FILE; then
        GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
    fi
@ -364,7 +361,9 @@ function upgrade_gnusocial {
    gnusocial_block_domain_script gnusocial $GNUSOCIAL_DOMAIN_NAME
    gnusocial_hourly_script gnusocial $GNUSOCIAL_DOMAIN_NAME
-    upgrade_pleroma "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
+    if [ -d $INSTALL_DIR/pleroma ]; then
        upgrade_pleroma "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
    fi
    install_gnusocial_default_background "gnusocial" "$GNUSOCIAL_DOMAIN_NAME"
    chown -R www-data:www-data /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
 }
@ -376,21 +375,34 @@ function backup_local_gnusocial {
        GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
    fi
-    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
+    # don't backup more data than we need to
-    if [ -d $source_directory ]; then
+    gnusocial-expire
        dest_directory=gnusocial
        function_check suspend_site
        suspend_site ${GNUSOCIAL_DOMAIN_NAME}
-        function_check backup_directory_to_usb
+    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
-        backup_directory_to_usb $source_directory $dest_directory
+    if [ ! -d $source_directory ]; then
-
+        mkdir $source_directory
        function_check backup_database_to_usb
        backup_database_to_usb gnusocial
        function_check restart_site
        restart_site
    fi
    cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
        cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
    fi
    function_check suspend_site
    suspend_site ${GNUSOCIAL_DOMAIN_NAME}
    function_check backup_directory_to_usb
    dest_directory=gnusocialconfig
    backup_directory_to_usb $source_directory $dest_directory
    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
    dest_directory=gnusocialfile
    backup_directory_to_usb $source_directory $dest_directory
    function_check backup_database_to_usb
    backup_database_to_usb gnusocial
    function_check restart_site
    restart_site
 }
 function restore_local_gnusocial {
@ -404,68 +416,116 @@ function restore_local_gnusocial {
        gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
        # stop the daemons
        cd $gnusocial_dir
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        scripts/stopdaemons.sh
        function_check gnusocial_create_database
        gnusocial_create_database
-        restore_database gnusocial ${GNUSOCIAL_DOMAIN_NAME}
+        restore_database gnusocial
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi
-        # start the daemons
+        function_check restore_directory_from_usb
-        cd $gnusocial_dir
+        restore_directory_from_usb $temp_restore_dir gnusocialconfig
-        su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
+        if [ -d $temp_restore_dir ]; then
            cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
            chown www-data:www-data $gnusocial_dir/config.php
            cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
            chown -R www-data:www-data $gnusocial_dir/static
            rm -rf $temp_restore_dir
        fi
        restore_directory_from_usb $temp_restore_dir gnusocialfile
        if [ -d $temp_restore_dir ]; then
            cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
            chown -R www-data:www-data $gnusocial_dir/file
            rm -rf $temp_restore_dir
        fi
        gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
        echo $"Restore of gnusocial complete"
    fi
 }
 function backup_remote_gnusocial {
    GNUSOCIAL_DOMAIN_NAME='gnusocial'
    if grep -q "gnusocial domain" $COMPLETION_FILE; then
        GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
        temp_backup_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
        if [ -d $temp_backup_dir ]; then
            function_check suspend_site
            suspend_site ${GNUSOCIAL_DOMAIN_NAME}
            function_check backup_database_to_friend
            backup_database_to_friend gnusocial
            echo $"Backing up GNU social installation"
            function_check backup_directory_to_friend
            backup_directory_to_friend $temp_backup_dir gnusocial
            function_check restart_site
            restart_site
        else
            echo $"gnusocial domain specified but not found in ${temp_backup_dir}"
        fi
    fi
    # don't backup more data than we need to
    gnusocial-expire
    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
    if [ ! -d $source_directory ]; then
        mkdir $source_directory
    fi
    cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
        cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
    fi
    function_check suspend_site
    suspend_site ${GNUSOCIAL_DOMAIN_NAME}
    function_check backup_directory_to_friend
    dest_directory=gnusocialconfig
    backup_directory_to_friend $source_directory $dest_directory
    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
    dest_directory=gnusocialfile
    backup_directory_to_friend $source_directory $dest_directory
    function_check backup_database_to_friend
    backup_database_to_friend gnusocial
    function_check restart_site
    restart_site
 }
 function restore_remote_gnusocial {
-    if grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if ! grep -q "gnusocial domain" $COMPLETION_FILE; then
        return
    fi
    GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
    if [ $GNUSOCIAL_DOMAIN_NAME ]; then
        echo $"Restoring gnusocial"
-        GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
+        temp_restore_dir=/root/tempgnusocial
-
+        gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
        # stop the daemons
-        cd /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
+        cd $gnusocial_dir
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        scripts/stopdaemons.sh
        function_check gnusocial_create_database
        gnusocial_create_database
        function_check restore_database_from_friend
-        restore_database_from_friend gnusocial ${GNUSOCIAL_DOMAIN_NAME}
+        restore_database_from_friend gnusocial
-        if [ -d /root/tempgnusocial ]; then
+        if [ -d $temp_restore_dir ]; then
-            rm -rf /root/tempgnusocial
+            rm -rf $temp_restore_dir
        fi
-        # start the daemons
+        function_check restore_directory_from_friend
-        cd /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
+        restore_directory_from_friend $temp_restore_dir gnusocialconfig
-        su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
+        if [ -d $temp_restore_dir ]; then
            cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
            chown www-data:www-data $gnusocial_dir/config.php
            cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
            chown -R www-data:www-data $gnusocial_dir/static
            rm -rf $temp_restore_dir
        fi
        restore_directory_from_friend $temp_restore_dir gnusocialfile
        if [ -d $temp_restore_dir ]; then
            cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
            chown -R www-data:www-data $gnusocial_dir/file
            rm -rf $temp_restore_dir
        fi
        gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
        echo $"Restore of gnusocial complete"
    fi
 }
@ -486,8 +546,8 @@ function remove_gnusocial {
        rm /etc/cron.hourly/gnusocial-daemons
    fi
    if [ -f /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
-        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts
+        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        scripts/stopdaemons.sh
    fi
    kill_pid=$(ps aux | grep /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
    kill -9 $kill_pid
@ -537,15 +597,24 @@ function install_gnusocial_main {
    function_check repair_databases_script
    repair_databases_script
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
-    apt-get -yq install php5-memcached php5-intl exiftool
+    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
        mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME
    fi
    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
+
-        git_clone $GNUSOCIAL_REPO /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+        if [ -d /repos/gnusocial ]; then
            mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
            cp -r -p /repos/gnusocial/. /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
            cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
            git pull
        else
            function_check git_clone
            git_clone $GNUSOCIAL_REPO /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
        fi
        if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
            echo $'Unable to clone gnusocial repo'
            exit 87525
@ -580,6 +649,8 @@ function install_gnusocial_main {
    function_check add_ddns_domain
    add_ddns_domain $GNUSOCIAL_DOMAIN_NAME
    GNUSOCIAL_ONION_HOSTNAME=$(add_onion_service gnusocial 80 ${GNUSOCIAL_ONION_PORT})
    gnusocial_nginx_site=/etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
@ -614,7 +685,8 @@ function install_gnusocial_main {
        echo '  # PHP' >> $gnusocial_nginx_site
        echo '  location ~ \.php {' >> $gnusocial_nginx_site
        echo '    include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $gnusocial_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
        echo '    fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
        echo '  }' >> $gnusocial_nginx_site
        echo '' >> $gnusocial_nginx_site
        echo '  # Location' >> $gnusocial_nginx_site
@ -641,7 +713,7 @@ function install_gnusocial_main {
    fi
    echo 'server {' >> $gnusocial_nginx_site
    echo "    listen 127.0.0.1:$GNUSOCIAL_ONION_PORT default_server;" >> $gnusocial_nginx_site
-    echo "    server_name $GNUSOCIAL_DOMAIN_NAME;" >> $gnusocial_nginx_site
+    echo "    server_name $GNUSOCIAL_ONION_HOSTNAME;" >> $gnusocial_nginx_site
    echo '' >> $gnusocial_nginx_site
    function_check nginx_compress
    nginx_compress $GNUSOCIAL_DOMAIN_NAME
@ -662,7 +734,8 @@ function install_gnusocial_main {
    echo '  # PHP' >> $gnusocial_nginx_site
    echo '  location ~ \.php {' >> $gnusocial_nginx_site
    echo '    include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $gnusocial_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
    echo '    fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
    echo '  }' >> $gnusocial_nginx_site
    echo '' >> $gnusocial_nginx_site
    echo '  # Location' >> $gnusocial_nginx_site
@ -710,8 +783,6 @@ function install_gnusocial_main {
        gnusocial_ssl='never'
    fi
    GNUSOCIAL_ONION_HOSTNAME=$(add_onion_service gnusocial 80 ${GNUSOCIAL_ONION_PORT})
    GNUSOCIAL_SERVER=${GNUSOCIAL_DOMAIN_NAME}
    if [[ $ONION_ONLY != 'no' ]]; then
        GNUSOCIAL_SERVER=${GNUSOCIAL_ONION_HOSTNAME}
@ -770,7 +841,8 @@ function install_gnusocial_main {
    # This improves performance
    sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $gnusocial_config_file
-    systemctl restart php5-fpm
+    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx
    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
@ -784,159 +856,6 @@ function install_gnusocial_main {
    install_completed gnusocial_main
 }
 function install_gnusocial_plugin_sharings {
    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins ]; then
        echo $'No local/plugins directory found for the gnusocial'
        exit 72945
    fi
    apt-get -yq install liblocale-msgfmt-perl gettext
    # update to the next commit
    function_check set_repo_commit
    set_repo_commit /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins "gnusocial sharings plugin commit" "$SHARINGS_COMMIT" $SHARINGS_REPO
    if [[ $(app_is_installed gnusocial_plugin_sharings) == "1" ]]; then
        return
    fi
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins
    function_check git_clone
    git_clone $SHARINGS_REPO Sharings
    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings ]; then
        echo $'Unable to clone gnusocial sharings plugin'
        exit 36738
    fi
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings
    git stash
    git checkout master
    git branch -D $SHARINGS_COMMIT
    git checkout $SHARINGS_COMMIT -b $SHARINGS_COMMIT
    # enable the plugin
    if ! grep -q "addPlugin('Sharings');" /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php; then
        echo "addPlugin('Sharings');" >> /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php
    fi
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
    php scripts/checkschema.php
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings
    php scripts/seedsharings.php
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
    php scripts/upgrade.php
    php scripts/checkschema.php
    # Languages
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en/LC_MESSAGES
    msgfmt -o Sharings.mo Sharings.po
    if [ ! -f Sharings.po ]; then
        echo $'English translations for gnusocial sharings plugin were not created'
        exit 84352
    fi
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en_GB/LC_MESSAGES
    msgfmt -o Sharings.mo Sharings.po
    if [ ! -f Sharings.po ]; then
        echo $'English (GB) translations for gnusocial sharings plugin were not created'
        exit 84352
    fi
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/locale/en_US/LC_MESSAGES
    msgfmt -o Sharings.mo Sharings.po
    if [ ! -f Sharings.po ]; then
        echo $'English (US) translations for gnusocial sharings plugin were not created'
        exit 84352
    fi
    # Looks like this update function isn't supported by the current php version
    sed -i 's|ActivityVerb::UPDATE, ||g' /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/Sharings/SharingsPlugin.php
    chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
    set_completion_param gnusocial "sharings plugin commit" "$SHARINGS_COMMIT"
    install_completed gnusocial_plugin_sharings
 }
 function install_gnusocial_plugin_sharings_theme {
    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins ]; then
        echo $'No local/plugins directory found for the gnusocial'
        exit 74458
    fi
    # update to the next commit
    function_check set_repo_commit
    set_repo_commit /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins "gnusocial sharings theme plugin commit" "$SHARINGS_THEME_COMMIT" $SHARINGS_THEME_REPO
    if [[ $(app_is_installed gnusocial_plugin_sharings_theme) == "1" ]]; then
        return
    fi
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins
    function_check git_clone
    git_clone $SHARINGS_THEME_REPO SharingsTheme
    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/SharingsTheme ]; then
        echo $'Unable to clone gnusocial sharings plugin theme'
        exit 639253
    fi
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/local/plugins/SharingsTheme
    git stash
    git checkout master
    git branch -D $SHARINGS_THEME_COMMIT
    git checkout $SHARINGS_THEME_COMMIT -b $SHARINGS_THEME_COMMIT
    # enable the plugin
    if ! grep -q "addPlugin('SharingsTheme');" /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php; then
        echo "addPlugin('SharingsTheme');" >> /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php
    fi
    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
    php scripts/checkschema.php
    chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
    set_completion_param "gnusocial sharings plugin theme commit" "$SHARINGS_THEME_COMMIT"
    install_completed gnusocial_plugin_sharings_theme
 }
 function install_gnusocial_markdown {
    GNUSOCIAL_PATH=/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
    # update to the next commit
    function_check set_repo_commit
    set_repo_commit $GNUSOCIAL_PATH/local/plugins/Markdown "gnusocial Markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT" $GNUSOCIAL_MARKDOWN_REPO
    if [[ $(app_is_installed gnusocial_markdown) == "1" ]]; then
        return
    fi
    if [ -d $GNUSOCIAL_PATH/local/plugins/Markdown ]; then
        rm -rf $GNUSOCIAL_PATH/local/plugins/Markdown
    fi
    if [ ! -d $GNUSOCIAL_PATH/local/plugins ]; then
        mkdir -p $GNUSOCIAL_PATH/local/plugins
    fi
    cd $GNUSOCIAL_PATH/local/plugins
    function_check git_clone
    git_clone $GNUSOCIAL_MARKDOWN_REPO Markdown
    cd $GNUSOCIAL_PATH/local/plugins/Markdown
    git checkout $GNUSOCIAL_MARKDOWN_COMMIT -b $GNUSOCIAL_MARKDOWN_COMMIT
    gnusocial_config_file=$GNUSOCIAL_PATH/config.php
    if ! grep -q "addPlugin('Markdown'" $gnusocial_config_file; then
        echo "" >> $gnusocial_config_file
        echo "// Markdown settings" >> $gnusocial_config_file
        echo "addPlugin('Markdown');" >> $gnusocial_config_file
    fi
    set_completion_param "gnusocial markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT"
    chown -R www-data:www-data $GNUSOCIAL_PATH
    install_completed gnusocial_markdown
 }
 function install_gnusocial {
    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
@ -945,9 +864,9 @@ function install_gnusocial {
    install_gnusocial_main
    expire_gnusocial_posts "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_EXPIRE_MONTHS"
    install_qvitter "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
-    install_gnusocial_markdown
+    install_gnusocial_markdown "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
-    #install_gnusocial_plugin_sharings
+    install_gnusocial_plugin_sharings "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
-    #install_gnusocial_plugin_sharings_theme
+    install_gnusocial_plugin_sharings_theme "$GNUSOCIAL_DOMAIN_NAME" "gnusocial"
    # Currently Pleroma won't install on ARM systems
    # because it uses node-sass which doesn't support ARM
@ -967,6 +886,14 @@ function install_gnusocial {
    systemctl restart nginx
    # Set qvitter to be the default UI. It's probably the most stable.
    # And doesn't forget logins
    gnusocial_use_qvitter gnusocial
    if [ $GNUSOCIAL_BACKGROUND_IMAGE_URL ]; then
        pleroma_set_background_image_from_url "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
    fi
    APP_INSTALLED=1
 }
--- a/src/freedombone-app-gogs
+++ b/src/freedombone-app-gogs
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -51,6 +51,14 @@ gogs_variables=(ONION_ONLY
                DDNS_PROVIDER
                ARCHITECTURE)
 function logging_on_gogs {
    echo -n ''
 }
 function logging_off_gogs {
    echo -n ''
 }
 function change_password_gogs {
    curr_username="$1"
    new_user_password="$2"
@ -102,12 +110,15 @@ function gogs_parameters {
        ARCHITECTURE=$(uname -m)
        if [[ ${ARCHITECTURE} == "arm"* ]]; then
            CURR_ARCH=armv5
            echo $"Using $CURR_ARCH"
        fi
        if [[ ${ARCHITECTURE} == "amd"* || ${ARCHITECTURE} == "x86_64" ]]; then
            CURR_ARCH=amd64
            echo $"Using $CURR_ARCH"
        fi
        if [[ ${ARCHITECTURE} == *"386" || ${ARCHITECTURE} == *"686" ]]; then
            CURR_ARCH=386
            echo $"Using $CURR_ARCH"
        fi
    fi
@ -192,6 +203,7 @@ function upgrade_gogs {
    rm $INSTALL_DIR/gogs_config.ini
    sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" ${COMPLETION_FILE}
    systemctl restart mariadb
    systemctl restart gogs
 }
@ -275,6 +287,12 @@ function restore_local_gogs {
            rm -rf ${temp_restore_dir}ssh
            chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
        fi
        GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
        GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
        MARIADB_PASSWORD=
    fi
 }
@ -345,6 +363,12 @@ function restore_remote_gogs {
            chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
            echo $"Restore of Gogs complete"
        fi
        GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
        GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
        MARIADB_PASSWORD=
    fi
 }
@ -354,6 +378,7 @@ function remove_gogs {
    fi
    systemctl stop gogs
    systemctl disable gogs
    nginx_dissite ${GIT_DOMAIN_NAME}
    remove_certs ${GIT_DOMAIN_NAME}
    if [ -d /var/www/${GIT_DOMAIN_NAME} ]; then
@ -365,12 +390,16 @@ function remove_gogs {
    function_check drop_database
    drop_database gogs
    rm /etc/systemd/system/gogs.service
    systemctl daemon-reload
    rm -rf /home/${GOGS_USERNAME}/*
    remove_onion_service gogs ${GIT_ONION_PORT} 9418
    remove_completion_param "install_gogs"
    sed -i '/gogs /d' $COMPLETION_FILE
    remove_backup_database_local gogs
    groupdel -f gogs
    userdel -r gogs
    function_check remove_ddns_domain
    remove_ddns_domain $GIT_DOMAIN_NAME
 }
@ -382,6 +411,13 @@ function install_gogs {
    adduser --disabled-login --gecos 'Gogs' $GOGS_USERNAME
    if [ ! -d /home/$GOGS_USERNAME ]; then
        echo $"/home/$GOGS_USERNAME directory not created"
        exit 783528
    fi
    groupadd gogs
    gogs_parameters
    if [ ! -d ${INSTALL_DIR} ]; then
@ -575,7 +611,8 @@ function install_gogs {
    GIT_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_gogs/hostname)
-    systemctl restart php5-fpm
+    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx
    set_completion_param "gogs domain" "$GIT_DOMAIN_NAME"
--- a/src/freedombone-app-htmly
+++ b/src/freedombone-app-htmly
@ -50,6 +50,14 @@ htmly_variables=(HTMLY_REPO
                 DDNS_PROVIDER
                 MY_USERNAME)
 function logging_on_htmly {
    echo -n ''
 }
 function logging_off_htmly {
    echo -n ''
 }
 function set_avatar_from_url {
    AVATAR="$1"
@ -192,6 +200,11 @@ function reconfigure_htmly {
 }
 function upgrade_htmly {
    CURR_HTMLY_COMMIT=$(get_completion_param "htmly commit")
    if [[ "$CURR_HTMLY_COMMIT" == "$HTMLY_COMMIT" ]]; then
        return
    fi
    read_config_param "HTMLY_DOMAIN_NAME"
    function_check set_repo_commit
@ -462,11 +475,12 @@ function install_htmly_website {
    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
@ -541,11 +555,12 @@ function install_htmly_website_onion {
    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
@ -574,7 +589,16 @@ function install_htmly_from_repo {
    fi
    cd /var/www/$HTMLY_DOMAIN_NAME
-    git_clone $HTMLY_REPO htdocs
+
    if [ -d /repos/htmly ]; then
        mkdir htdocs
        cp -r -p /repos/htmly/. htdocs
        cd htdocs
        git pull
    else
        git_clone $HTMLY_REPO htdocs
    fi
    cd htdocs
    git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT
    set_completion_param "htmly commit" "$HTMLY_COMMIT"
@ -591,7 +615,7 @@ function install_htmly {
    fi
    # for the avatar changing command
-    apt-get -yq install imagemagick
+    apt-get -yq install imagemagick libfcgi0ldbl
    function_check install_htmly_from_repo
    install_htmly_from_repo
@ -627,7 +651,7 @@ function install_htmly {
    function_check nginx_ensite
    nginx_ensite $HTMLY_DOMAIN_NAME
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
    systemctl restart nginx
    ${PROJECT_NAME}-pass -u $MY_USERNAME -a htmly -p "$HTMLY_ADMIN_PASSWORD"
--- a/src/freedombone-app-hubzilla
+++ b/src/freedombone-app-hubzilla
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -51,6 +51,14 @@ hubzilla_variables=(ONION_ONLY
                    HUBZILLA_REPO
                    HUBZILLA_ADDONS_REPO)
 function logging_on_hubzilla {
    echo -n ''
 }
 function logging_off_hubzilla {
    echo -n ''
 }
 function remove_user_hubzilla {
    remove_username="$1"
    ${PROJECT_NAME}-pass -u $remove_username --rmapp hubzilla
@ -196,6 +204,11 @@ function reconfigure_hubzilla {
 }
 function upgrade_hubzilla {
    CURR_HUBZILLA_COMMIT=$(get_completion_param "hubzilla commit")
    if [[ "$CURR_HUBZILLA_COMMIT" == "$HUBZILLA_COMMIT" ]]; then
        return
    fi
    HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
    function_check set_repo_commit
@ -238,6 +251,11 @@ function restore_local_hubzilla {
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
        MARIADB_PASSWORD=
    fi
 }
@ -273,6 +291,11 @@ function restore_remote_hubzilla {
    if [ -d /root/temphubzilla ]; then
        rm -rf /root/temphubzilla
    fi
    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
    HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
    MARIADB_PASSWORD=
 }
 function remove_hubzilla {
@ -304,7 +327,8 @@ function install_hubzilla {
    fi
    if [[ $ONION_ONLY != "no" ]]; then
-        return
+        echo $"Hubzilla won't work on an onion address"
        exit 529925
    fi
    HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
@ -318,9 +342,9 @@ function install_hubzilla {
    function_check repair_databases_script
    repair_databases_script
-    apt-get -yq install php5-common php5-cli php5-curl php5-gd php5-mysql php5-mcrypt git
+    apt-get -yq install php-common php-cli php-curl php-gd php-mysql php-mcrypt git
-    apt-get -yq install php5-dev imagemagick php5-imagick
+    apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
-    apt-get -yq install php5-memcached
+    apt-get -yq install php-memcached memcached
    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
        mkdir /var/www/$HUBZILLA_DOMAIN_NAME
@ -331,22 +355,39 @@ function install_hubzilla {
    if [ ! -f $HUBZILLA_PATH/index.php ]; then
        cd $INSTALL_DIR
-        function_check git_clone
+
-        git_clone $HUBZILLA_REPO hubzilla
+        if [ -d /repos/hubzilla ]; then
            mkdir hubzilla
            cp -r -p /repos/hubzilla/. hubzilla
            cd hubzilla
            git pull
        else
            function_check git_clone
            git_clone $HUBZILLA_REPO hubzilla
        fi
        git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
        set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT"
        rm -rf $HUBZILLA_PATH
        mv hubzilla $HUBZILLA_PATH
-        git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
+        if [ -d /repos/hubzilla-addons ]; then
            mkdir $HUBZILLA_PATH/addon
            cp -r -p /repos/hubzilla-addons/. $HUBZILLA_PATH/addon
            cd $HUBZILLA_PATH/addon
            git pull
        else
            git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
        fi
        cd $HUBZILLA_PATH/addon
        git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
        set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT"
        # some extra themes
-        git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
+        #git_clone $HUBZILLA_THEMES_REPO $HUBZILLA_PATH/redmatrix-themes1
-        cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
+        #cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
        chown -R www-data:www-data $HUBZILLA_PATH
    fi
@ -420,11 +461,12 @@ function install_hubzilla {
        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
@ -488,11 +530,12 @@ function install_hubzilla {
        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
@ -583,7 +626,8 @@ function install_hubzilla {
    chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
    chmod 755 $HUBZILLA_PATH/.htconfig.php
-    systemctl restart php5-fpm
+    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx
    systemctl restart cron
--- a/src/freedombone-app-ipfs
+++ b/src/freedombone-app-ipfs
@ -48,6 +48,14 @@ ipfs_variables=(IPFS_GO_VERSION
                IPFS_KEY_LENGTH
                IPFS_PORT)
 function logging_on_ipfs {
    echo -n ''
 }
 function logging_off_ipfs {
    echo -n ''
 }
 function install_interactive_ipfs {
    echo -n ''
    APP_INSTALLED=1
@ -58,6 +66,11 @@ function reconfigure_ipfs {
 }
 function upgrade_ipfs_go {
    CURR_IPFS_COMMIT=$(get_completion_param "ipfs commit")
    if [[ "$CURR_IPFS_COMMIT" == "$IPFS_COMMIT" ]]; then
        return
    fi
    if [[ $(app_is_installed ipfs_go) == "0" ]]; then
        return
    fi
@ -155,6 +168,7 @@ function remove_ipfs_go {
    systemctl disable ipfs
    systemctl daemon-reload
    rm /etc/systemd/system/ipfs.service
    systemctl daemon-reload
    rm -rf $GOPATH/src/github.com/ipfs
    firewall_remove $IPFS_PORT tcp
    remove_completion_param install_ipfs
@ -199,8 +213,7 @@ function mesh_install_ipfs_js {
        return
    fi
-    chroot ${rootdir} apt-get -yq install nodejs
+    chroot ${rootdir} apt-get -yq install nodejs curl
    chroot ${rootdir} apt-get -yq install npm curl
    chroot ${rootdir} apt-get -yq install libpam0g-dev fuse
    if [ ! -f ${rootdir}/usr/bin/nodejs ]; then
@ -395,12 +408,15 @@ function mesh_install_ipfs_go {
        ARCHITECTURE=$(uname -m)
        if [[ $ARCHITECTURE == "arm"* ]]; then
            IPFS_ARCH=arm
            echo $"Using $IPFS_ARCH"
        fi
        if [[ $ARCHITECTURE == "amd"* || $ARCHITECTURE == "x86_64" ]]; then
            IPFS_ARCH=amd64
            echo $"Using $IPFS_ARCH"
        fi
        if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then
            IPFS_ARCH=386
            echo $"Using $IPFS_ARCH"
        fi
    fi
@ -451,6 +467,10 @@ function install_ipfs_go {
    if [ ! -d /home/git ]; then
        # add a gogs user account
        adduser --disabled-login --gecos 'Gogs' git
        if [ ! -d /home/git ]; then
            echo $"/home/git directory not created"
            exit 735272
        fi
        # install Go
        if ! grep -q "export GOPATH=" ~/.bashrc; then
@ -510,7 +530,7 @@ function install_ipfs_go {
    fi
    # initialise
-    su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
+    su -c "$IPFS_PATH/ipfs init -b 2048" - $MY_USERNAME
    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
        echo "IPFS could not be initialised for user $MY_USERNAME"
        exit 7358
--- a/src/freedombone-app-irc
+++ b/src/freedombone-app-irc
@ -54,6 +54,14 @@ irc_variables=(MY_USERNAME
               IRC_BUFFER_LENGTH
               ONION_ONLY)
 function logging_on_irc {
    echo -n ''
 }
 function logging_off_irc {
    echo -n ''
 }
 function irc_get_global_password {
    echo $(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}')
 }
@ -544,7 +552,7 @@ function install_irc_server {
    else
        sed -i 's|;SSLConnect.*|SSLConnect = no|g'
        # comment out the second Ports entry
-        if ! grep ";Ports =" /etc/ngircd/ngircd.conf; then
+        if ! grep -q ";Ports =" /etc/ngircd/ngircd.conf; then
            sed -i '0,/Ports =/! s/Ports =/;Ports =/' /etc/ngircd/ngircd.conf
        fi
    fi
@ -613,9 +621,13 @@ function install_irc_bouncer {
        return
    fi
-    apt-get -yq -t jessie-backports install znc
+    apt-get -yq install znc
    adduser --disabled-login --gecos 'znc' znc
    if [ ! -d /home/znc ]; then
        echo $"/home/znc directory not created"
        exit 7354262
    fi
    mkdir -p /home/znc/.znc/configs
    mkdir -p /home/znc/.znc/users
--- a/src/freedombone-app-jitsi
+++ b/src/freedombone-app-jitsi
@ -51,24 +51,32 @@ jitsi_variables=(ONION_ONLY
                 DEFAULT_DOMAIN_NAME
                 MY_USERNAME)
 function logging_on_jitsi {
    echo -n ''
 }
 function logging_off_jitsi {
    echo -n ''
 }
 function jitsi_disable_google_spyware {
    # Presumably they included Google Analytics for benign reasons, but it's
    # an obvious security problem. This should disable it.
    sed -i "s|Google Analytics|Google Spyware deactivated|g" /usr/share/jitsi-meet/analytics.js
    sed -i "s|www.google-analytics.com|${JITSI_DOMAIN_NAME}|g" /usr/share/jitsi-meet/analytics.js
-    if ! grep '//ga(' /usr/share/jitsi-meet/analytics.js; then
+    if ! grep -q '//ga(' /usr/share/jitsi-meet/analytics.js; then
        sed -i 's|ga(|//ga(|g' /usr/share/jitsi-meet/analytics.js
    fi
-    if ! grep '//action +' /usr/share/jitsi-meet/analytics.js; then
+    if ! grep -q '//action +' /usr/share/jitsi-meet/analytics.js; then
        sed -i 's|action +|//action +|g' /usr/share/jitsi-meet/analytics.js
    fi
    sed -i "s|Google Analytics|Google Spyware deactivated|g" /usr/share/jitsi-meet/libs/analytics.js
    sed -i "s|www.google-analytics.com|${JITSI_DOMAIN_NAME}|g" /usr/share/jitsi-meet/libs/analytics.js
-    if ! grep '//ga(' /usr/share/jitsi-meet/libs/analytics.js; then
+    if ! grep -q '//ga(' /usr/share/jitsi-meet/libs/analytics.js; then
        sed -i 's|ga(|//ga(|g' /usr/share/jitsi-meet/libs/analytics.js
    fi
-    if ! grep '//action +' /usr/share/jitsi-meet/libs/analytics.js; then
+    if ! grep -q '//action +' /usr/share/jitsi-meet/libs/analytics.js; then
        sed -i 's|action +|//action +|g' /usr/share/jitsi-meet/libs/analytics.js
    fi
 }
@ -230,7 +238,7 @@ function install_jitsi {
        remove_nodejs jitsi
        exit 638352
    fi
-    if ! grep "jitsi" /etc/apt/sources.list; then
+    if ! grep -q "jitsi" /etc/apt/sources.list; then
        echo "deb http://download.jitsi.org/nightly/deb ${jitsi_deb_repo}/" >> /etc/apt/sources.list
    fi
    wget -qO - https://download.jitsi.org/nightly/deb/${jitsi_deb_repo}/archive.key | apt-key add -
--- a/src/freedombone-app-koel
+++ b/src/freedombone-app-koel
@ -39,7 +39,7 @@ KOEL_CODE=
 KOEL_ONION_PORT=8118
 KOEL_PORT=9002
 KOEL_REPO="https://github.com/phanan/koel"
-KOEL_COMMIT='70464a8977b1058f3bd0a4ec77877fe7894d8d84'
+KOEL_COMMIT='70464a'
 KOEL_ADMIN_PASSWORD=
 koel_variables=(ONION_ONLY
@ -49,6 +49,14 @@ koel_variables=(ONION_ONLY
                MY_EMAIL_ADDRESS
                MY_USERNAME)
 function logging_on_koel {
    echo -n ''
 }
 function logging_off_koel {
    echo -n ''
 }
 function koel_remove_gravatar {
    cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
    sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" node_modules/browser-sync-ui/public/js/app.js.map
@ -323,7 +331,7 @@ function backup_local_koel {
    source_directory=/var/www/${KOEL_DOMAIN_NAME}/htdocs
    if [ -d $source_directory ]; then
-        systemctl stop koal
+        systemctl stop koel
        dest_directory=koel
        function_check suspend_site
@ -338,7 +346,7 @@ function backup_local_koel {
        function_check restart_site
        restart_site
-        systemctl start koal
+        systemctl start koel
    fi
 }
@ -349,7 +357,7 @@ function restore_local_koel {
    KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
    if [ $KOEL_DOMAIN_NAME ]; then
        echo $"Restoring koel"
-        systemctl stop koal
+        systemctl stop koel
        temp_restore_dir=/root/tempkoel
        koel_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
@ -361,7 +369,13 @@ function restore_local_koel {
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi
-        systemctl start koal
+
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
        sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
        MARIADB_PASSWORD=
        systemctl start koel
    fi
 }
@ -370,7 +384,7 @@ function backup_remote_koel {
        KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
        temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
        if [ -d $temp_backup_dir ]; then
-            systemctl stop koal
+            systemctl stop koel
            function_check suspend_site
            suspend_site ${KOEL_DOMAIN_NAME}
@ -386,7 +400,7 @@ function backup_remote_koel {
            function_check restart_site
            restart_site
-            systemctl start koal
+            systemctl start koel
        else
            echo $"koel domain specified but not found in ${temp_backup_dir}"
        fi
@ -397,7 +411,7 @@ function restore_remote_koel {
    if grep -q "koel domain" $COMPLETION_FILE; then
        echo $"Restoring koel"
-        systemctl stop koal
+        systemctl stop koel
        KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
@ -410,7 +424,12 @@ function restore_remote_koel {
            rm -rf /root/tempkoel
        fi
-        systemctl start koal
+        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
        sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
        MARIADB_PASSWORD=
        systemctl start koel
        echo $"Restore of koel complete"
    fi
@ -426,6 +445,7 @@ function remove_koel {
    if [ -f /etc/systemd/system/koel.service ]; then
        rm /etc/systemd/system/koel.service
    fi
    systemctl daemon-reload
    function_check remove_nodejs
    remove_nodejs koel
@ -479,15 +499,25 @@ function install_koel_main {
    function_check repair_databases_script
    repair_databases_script
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl php-zip
-    apt-get -yq install php5-memcached php5-intl exiftool
+    apt-get -yq install php-memcached php-intl exiftool libfcgi0ldbl
    apt-get -yq install ffmpeg
    if [ ! -d /var/www/$KOEL_DOMAIN_NAME ]; then
        mkdir /var/www/$KOEL_DOMAIN_NAME
    fi
    if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
+
-        git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
+        if [ -d /repos/koel ]; then
            mkdir /var/www/$KOEL_DOMAIN_NAME/htdocs
            cp -r -p /repos/koel/. /var/www/$KOEL_DOMAIN_NAME/htdocs
            cd /var/www/$KOEL_DOMAIN_NAME/htdocs
            git pull
        else
            function_check git_clone
            git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
        fi
        if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
            echo $'Unable to clone koel repo'
            exit 365735
@ -554,7 +584,8 @@ function install_koel_main {
        echo '  # PHP' >> $koel_nginx_site
        echo '  location ~ \.php {' >> $koel_nginx_site
        echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
        echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
        echo '  }' >> $koel_nginx_site
        echo '' >> $koel_nginx_site
        echo '  # Location' >> $koel_nginx_site
@ -612,7 +643,8 @@ function install_koel_main {
    echo '  # PHP' >> $koel_nginx_site
    echo '  location ~ \.php {' >> $koel_nginx_site
    echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $koel_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
    echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
    echo '  }' >> $koel_nginx_site
    echo '' >> $koel_nginx_site
    echo '  # Location' >> $koel_nginx_site
@ -661,7 +693,8 @@ function install_koel_main {
        KOEL_SERVER=${KOEL_ONION_HOSTNAME}
    fi
-    systemctl restart php5-fpm
+    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx
    ${PROJECT_NAME}-pass -u $MY_USERNAME -a koel -p "$KOEL_ADMIN_PASSWORD"
@ -691,8 +724,13 @@ function install_koel {
            cat /home/$MY_USERNAME/freedombone/image_build/composer_install | php
        fi
    fi
-    npm install
+    npm install -g yarn
    php composer.phar install
    if [ ! "$?" = "0" ]; then
        echo $'Unable to run composer install'
        exit 7252198
    fi
    npm install
    function_check get_mariadb_password
    get_mariadb_password
@ -708,8 +746,13 @@ function install_koel {
    sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
    sed -i 's/MAIL_HOST=.*/MAIL_HOST=localhost/g' .env
    sed -i 's/MAIL_PORT=.*/MAIL_PORT=25/g' .env
    sed -i 's|FFMPEG_PATH=.*|FFMPEG_PATH=/usr/bin/ffmpeg|g' .env
    php artisan koel:init
    if [ ! "$?" = "0" ]; then
        echo $"Can't install koel:init"
        exit 78362
    fi
    koel_remove_gravatar
    chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
@ -738,6 +781,7 @@ function install_koel {
    fi
    chown -R www-data:www-data /music
    systemctl restart mariadb
    systemctl restart nginx
    APP_INSTALLED=1
--- a/src/freedombone-app-librevault
+++ b/src/freedombone-app-librevault
@ -44,6 +44,14 @@ librevault_variables=(PROTOBUF_REPO
                      LIBREVAULT_REPO
                      LIBREVAULT_PORT)
 function logging_on_librevault {
    echo -n ''
 }
 function logging_off_librevault {
    echo -n ''
 }
 function install_interactive_librevault {
    echo -n ''
    APP_INSTALLED=1
@ -55,6 +63,11 @@ function reconfigure_librevault {
 }
 function upgrade_librevault {
    CURR_LIBREVAULT_COMMIT=$(get_completion_param "librevault commit")
    if [[ "$CURR_LIBREVAULT_COMMIT" == "$LIBREVAULT_COMMIT" ]]; then
        return
    fi
    function_check set_repo_commit
    if [ -d $INSTALL_DIR/protobuf ]; then
@ -71,8 +84,8 @@ function upgrade_librevault {
    fi
    if [ -d $INSTALL_DIR/librevault/build ]; then
-        if ! grep -q "Librevault commit:$LIBREVAULT_COMMIT" $COMPLETION_FILE; then
+        if ! grep -q "librevault commit:$LIBREVAULT_COMMIT" $COMPLETION_FILE; then
-            set_repo_commit $INSTALL_DIR/librevault "Librevault commit" "$LIBREVAULT_COMMIT" $LIBREVAULT_REPO
+            set_repo_commit $INSTALL_DIR/librevault "librevault commit" "$LIBREVAULT_COMMIT" $LIBREVAULT_REPO
            cd $INSTALL_DIR/librevault
            git submodule update --init --recursive
            cd $INSTALL_DIR/librevault/build
@ -108,6 +121,7 @@ function remove_librevault {
    systemctl stop librevault
    systemctl disable librevault
    rm /etc/systemd/system/librevault.service
    systemctl daemon-reload
    remove_completion_param install_librevault
    remove_completion_param configure_firewall_for_librevault
 }
@ -130,15 +144,10 @@ function mesh_install_librevault {
    chroot "$rootdir" apt-get -yq install autoconf automake libtool curl make unzip
    # A workaround which allows c++14 to be installed
    sed -i 's|jessie|stretch|g' $rootdir/etc/apt/sources.list
    sed -i 's|stretch-backports|jessie-backports|g' $rootdir/etc/apt/sources.list
    chroot "$rootdir" apt-get update
    chroot "$rootdir" apt-get -yq install g++ gcc-6 g++-6 libboost-all-dev libssl-dev
    chroot "$rootdir" apt-get -yq install protobuf-compiler libprotobuf-dev
    chroot "$rootdir" apt-get -yq install qtbase5-dev libqt5svg5-dev libqt5websockets5-dev
    chroot "$rootdir" apt-get -yq install libsqlite3-dev qttools5-dev qttools5-dev-tools libnatpmp-dev
    sed -i 's|stretch|jessie|g' $rootdir/etc/apt/sources.list
    chroot "$rootdir" apt-get update
    if [ ! -d $rootdir$INSTALL_DIR ]; then
        mkdir -p $rootdir$INSTALL_DIR
@ -228,16 +237,11 @@ function install_librevault {
    apt-get -yq install autoconf automake libtool curl make unzip
    # A workaround which allows c++14 to be installed
    sed -i 's|jessie|stretch|g' /etc/apt/sources.list
    sed -i 's|stretch-backports|jessie-backports|g' /etc/apt/sources.list
    apt-get update
    apt-get -yq install protobuf-compiler libprotobuf-dev
    apt-get -yq install g++ gcc-6 g++-6 libboost-all-dev libssl-dev
    apt-get -yq install qtbase5-dev libqt5svg5-dev libqt5websockets5-dev
    apt-get -yq install libsqlite3-dev qttools5-dev qttools5-dev-tools libnatpmp-dev
    apt-get -yq install gcc-6 g++-6 libboost-all-dev
    sed -i 's|stretch|jessie|g' /etc/apt/sources.list
    apt-get update
    if [ ! -d $INSTALL_DIR ]; then
        mkdir -p $INSTALL_DIR
@ -254,7 +258,15 @@ function install_librevault {
    set_completion_param "Protobuf commit" "$PROTOBUF_COMMIT"
-    git_clone $LIBREVAULT_REPO $INSTALL_DIR/librevault
+    if [ -d /repos/librevault ]; then
        mkdir $INSTALL_DIR/librevault
        cp -r -p /repos/librevault/. $INSTALL_DIR/librevault
        cd $INSTALL_DIR/librevault
        git pull
    else
        git_clone $LIBREVAULT_REPO $INSTALL_DIR/librevault
    fi
    cd $INSTALL_DIR/librevault
    git checkout $LIBREVAULT_COMMIT -b $LIBREVAULT_COMMIT
    git submodule update --init --recursive
@ -271,7 +283,7 @@ function install_librevault {
    cmake --build .
    make install
-    set_completion_param "Librevault commit" "$LIBREVAULT_COMMIT"
+    set_completion_param "librevault commit" "$LIBREVAULT_COMMIT"
    LIBREVAULT_DAEMON=/etc/systemd/system/librevault-daemon.service
    echo '[Unit]' > $LIBREVAULT_DAEMON
--- a/src/freedombone-app-lychee
+++ b/src/freedombone-app-lychee
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -46,6 +46,13 @@ lychee_variables=(LYCHEE_REPO
                  DDNS_PROVIDER
                  MY_USERNAME)
 function logging_on_lychee {
    echo -n ''
 }
 function logging_off_lychee {
    echo -n ''
 }
 function lychee_create_database {
    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
@ -123,6 +130,11 @@ function reconfigure_lychee {
 }
 function upgrade_lychee {
    CURR_LYCHEE_COMMIT=$(get_completion_param "lychee commit")
    if [[ "$CURR_LYCHEE_COMMIT" == "$LYCHEE_COMMIT" ]]; then
        return
    fi
    read_config_param "LYCHEE_DOMAIN_NAME"
    function_check set_repo_commit
@ -262,11 +274,12 @@ function install_lychee_website {
    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
@ -331,11 +344,12 @@ function install_lychee_website_onion {
    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
@ -364,7 +378,16 @@ function install_lychee_from_repo {
    fi
    cd /var/www/$LYCHEE_DOMAIN_NAME
-    git_clone $LYCHEE_REPO htdocs
+
    if [ -d /repos/lychee ]; then
        mkdir htdocs
        cp -r -p /repos/lychee/. htdocs
        cd htdocs
        git pull
    else
        git_clone $LYCHEE_REPO htdocs
    fi
    cd htdocs
    git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT
    set_completion_param "lychee commit" "$LYCHEE_COMMIT"
@ -381,7 +404,7 @@ function install_lychee {
    fi
    # for the avatar changing command
-    apt-get -yq install imagemagick exif zip php5-mcrypt mcrypt
+    apt-get -yq install imagemagick exif zip php-mcrypt mcrypt libfcgi0ldbl
    function_check install_lychee_from_repo
    install_lychee_from_repo
@ -426,7 +449,8 @@ function install_lychee {
    function_check lychee_create_database
    lychee_create_database
-    systemctl restart php5-fpm
+    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx
    ${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
--- a/src/freedombone-app-mailpile
+++ b/src/freedombone-app-mailpile
@ -47,6 +47,14 @@ mailpile_variables=(MAILPILE_REPO
                    DDNS_PROVIDER
                    MY_USERNAME)
 function logging_on_mailpile {
    echo -n ''
 }
 function logging_off_mailpile {
    echo -n ''
 }
 function remove_user_mailpile {
    remove_username="$1"
    ${PROJECT_NAME}-pass -u $remove_username --rmapp mailpile
@ -83,24 +91,21 @@ function reconfigure_mailpile {
 function upgrade_mailpile {
    read_config_param "MAILPILE_DOMAIN_NAME"
    upgrade_mp=
    CURR_COMMIT=$MAILPILE_COMMIT
    if grep -q "mailpile commit" $COMPLETION_FILE; then
        CURR_COMMIT=$(get_completion_param "mailpile commit")
    fi
-    if [[ "$CURR_COMMIT" != "$MAILPILE_COMMIT" ]]; then
+    if [[ "$CURR_COMMIT" == "$MAILPILE_COMMIT" ]]; then
-        upgrade_mp=1
+        return
    fi
    function_check set_repo_commit
    set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO
-    if [ $upgrade_mp ]; then
+    cd /var/www/$MAILPILE_DOMAIN_NAME/mail
-        cd /var/www/$MAILPILE_DOMAIN_NAME/mail
+    pip install -r requirements.txt
        pip install -r requirements.txt
-        chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
+    chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
    fi
 }
 function backup_local_mailpile {
@ -226,6 +231,7 @@ function remove_mailpile {
    systemctl stop mailpile
    systemctl disable mailpile
    rm /etc/systemd/system/mailpile.service
    systemctl daemon-reload
    read_config_param "MAILPILE_DOMAIN_NAME"
    nginx_dissite $MAILPILE_DOMAIN_NAME
@ -238,7 +244,9 @@ function remove_mailpile {
    fi
    function_check remove_ddns_domain
    remove_ddns_domain $MAILPILE_DOMAIN_NAME
-    deluser --remove-all-files mailpile
+
    groupdel -f mailpile
    userdel -r mailpile
    remove_config_param MAILPILE_DOMAIN_NAME
    remove_config_param MAILPILE_CODE
@ -272,7 +280,16 @@ function install_mailpile {
    if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then
        rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail
    fi
-    git_clone $MAILPILE_REPO mail
+
    if [ -d /repos/mailpile ]; then
        mkdir mail
        cp -r -p /repos/mailpile/. mail
        cd mail
        git pull
    else
        git_clone $MAILPILE_REPO mail
    fi
    cd mail
    git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT
    set_completion_param "mailpile commit" "$MAILPILE_COMMIT"
@ -420,6 +437,9 @@ function install_mailpile {
    chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
    chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
    pip install jinja2==2.9.6
    pip install pgpdump==1.5
    systemctl enable mailpile
    systemctl daemon-reload
    systemctl start mailpile
--- a/src/freedombone-app-matrix
+++ b/src/freedombone-app-matrix
@ -62,6 +62,30 @@ matrix_variables=(ONION_ONLY
                  MATRIX_DOMAIN_NAME
                  MATRIX_CODE)
 function logging_on_matrix {
    if [ -f /var/lib/matrix/homeserver.yaml ]; then
        sed -i 's|log_file:.*|log_file: /etc/matrix/homeserver.log|g' /var/lib/matrix/homeserver.yaml
        if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
            sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
        fi
    fi
 }
 function logging_off_matrix {
    if [ -f /var/lib/matrix/homeserver.yaml ]; then
        sed -i 's|log_file:.*|log_file: /dev/null|g' /var/lib/matrix/homeserver.yaml
        if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
            sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
        fi
        if [ -f /etc/matrix/homeserver.log ]; then
            $REMOVE_FILES_COMMAND /etc/matrix/homeserver.log
        fi
        if [ -f /etc/matrix/homeserver.log.1 ]; then
            $REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.1
        fi
    fi
 }
 function matrix_nginx {
    matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
@ -329,6 +353,12 @@ function upgrade_matrix {
    if [ ! -d /etc/matrix ]; then
       return
    fi
    CURR_MATRIX_COMMIT=$(get_completion_param "matrix commit")
    if [[ "$CURR_MATRIX_COMMIT" == "$MATRIX_COMMIT" ]]; then
        return
    fi
    systemctl stop turn
    systemctl stop matrix
@ -478,13 +508,16 @@ function remove_matrix {
    if [ -f /etc/systemd/system/matrix.service ]; then
        rm /etc/systemd/system/matrix.service
    fi
    systemctl daemon-reload
    apt-get -y remove --purge coturn
    cd /etc/matrix
    pip uninstall .
    rm -rf $MATRIX_DATA_DIR
    rm -rf /etc/matrix
-    deluser matrix
+
-    delgroup matrix
+    groupdel -f matrix
    userdel -r matrix
    remove_onion_service matrix ${MATRIX_ONION_PORT}
    remove_onion_service matrix ${MATRIX_FEDERATION_ONION_PORT}
@ -497,8 +530,17 @@ function remove_matrix {
 function install_home_server {
    if [ ! -d /etc/matrix ]; then
-        function_check git_clone
+
-        git_clone $MATRIX_REPO /etc/matrix
+        if [ -d /repos/matrix ]; then
            mkdir /etc/matrix
            cp -r -p /repos/matrix/. /etc/matrix
            cd /etc/matrix
            git pull
        else
            function_check git_clone
            git_clone $MATRIX_REPO /etc/matrix
        fi
        if [ ! -d /etc/matrix ]; then
            echo $'Unable to clone matrix repo'
            exit 6724683
@ -575,14 +617,19 @@ function install_home_server {
    sleep 5
    if [ ! -f $MATRIX_DATA_DIR/homeserver.db ]; then
-        echo $'No matrix home server database was created'
+        # On low power systems more sleeping may be needed
-        exit 23782
+        sleep 10
        if [ ! -f $MATRIX_DATA_DIR/homeserver.db ]; then
            echo $'No matrix home server database was created'
            exit 23782
        fi
    fi
    chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
    MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
    echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
-    systemctl reload tor
+    systemctl restart tor
    if [ ! ${MATRIX_PASSWORD} ]; then
        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
@ -603,6 +650,12 @@ function install_home_server {
 }
 function install_matrix {
    if [[ $ONION_ONLY != 'no' ]]; then
        return
    fi
    check_ram_availability 1500
    if [ ! -d $INSTALL_DIR ]; then
        mkdir -p $INSTALL_DIR
    fi
@ -637,7 +690,7 @@ function install_matrix {
            libjpeg62-turbo-dev libldap-2.4-2 \
            libldap2-dev libsasl2-dev \
            libsqlite3-dev libssl-dev \
-            libssl1.0.0 libtool libxml2 \
+            libssl1.1 libtool libxml2 \
            libxml2-dev libxslt1-dev libxslt1.1 \
            make python python-dev \
            python-pip python-psycopg2 \
--- a/src/freedombone-app-mediagoblin
+++ b/src/freedombone-app-mediagoblin
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -49,6 +49,14 @@ mediagoblin_variables=(ONION_ONLY
                       DEFAULT_DOMAIN_NAME
                       DDNS_PROVIDER)
 function logging_on_mediagoblin {
    echo -n ''
 }
 function logging_off_mediagoblin {
    echo -n ''
 }
 function mediagoblin_fix_email {
    # This is a crude hack and there may be a better solution
    # The cause of verification problems might be that the mediagoblin user
@ -60,7 +68,7 @@ function mediagoblin_fix_email {
        echo $'Unable to fix email sending'
        exit 792532
    fi
-    if ! grep 'import os' $mgfile; then
+    if ! grep -q 'import os' $mgfile; then
        sed -i '/import sys/a import os' $mgfile
    fi
    sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
@ -235,6 +243,7 @@ function remove_mediagoblin {
    systemctl stop mediagoblin
    systemctl disable mediagoblin
    rm /etc/systemd/system/mediagoblin.service
    systemctl daemon-reload
    function_check remove_onion_service
    remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT}
@ -251,8 +260,9 @@ function remove_mediagoblin {
    sed -i '/mediagoblin/d' $COMPLETION_FILE
    remove_nodejs mediagoblin
-    deluser mediagoblin
+
-    delgroup mediagoblin
+    groupdel -f mediagoblin
    userdel -r mediagoblin
    function_check remove_ddns_domain
    remove_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
@ -279,7 +289,17 @@ function install_mediagoblin {
    chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
    chown -hR mediagoblin:www-data /var/lib/mediagoblin
    chmod -R g+wx /var/lib/mediagoblin
-    su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
+
    if [ -d /repos/mediagoblin ]; then
        mkdir -p $MEDIAGOBLIN_BASE_DIR/mediagoblin
        cp -r -p /repos/mediagoblin/. $MEDIAGOBLIN_BASE_DIR/mediagoblin
        cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
        git pull
        chown -R mediagoblin:mediagoblin $MEDIAGOBLIN_BASE_DIR/mediagoblin
    else
        su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
    fi
    su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && git checkout $MEDIAGOBLIN_COMMIT -b $MEDIAGOBLIN_COMMIT" - mediagoblin
    su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && git submodule sync" - mediagoblin
    su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && git submodule update --force --init --recursive" - mediagoblin
@ -382,6 +402,7 @@ function install_mediagoblin {
        echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
        echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
        echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
        echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
    else
@ -438,6 +459,7 @@ function install_mediagoblin {
    echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
    echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
    echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
    echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
@ -469,7 +491,7 @@ function install_mediagoblin {
    sed -i 's|allow_reporting.*|allow_reporting = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-    if ! grep '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
+    if ! grep -q '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
        echo '[[[skip_transcode]]]' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
        echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
        echo 'container_formats = Matroska, Ogg, ISO MP4/M4A' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
@ -496,7 +518,7 @@ function install_mediagoblin {
    nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
    systemctl restart nginx
    function_check add_ddns_domain
--- a/src/freedombone-app-movim
+++ b/src/freedombone-app-movim
@ -47,6 +47,14 @@ movim_variables=(ONION_ONLY
                 DDNS_PROVIDER
                 MY_USERNAME)
 function logging_on_movim {
    echo -n ''
 }
 function logging_off_movim {
    echo -n ''
 }
 function remove_user_movim {
    remove_username="$1"
@ -152,6 +160,11 @@ function reconfigure_movim {
 }
 function upgrade_movim {
    CURR_MOVIM_COMMIT=$(get_completion_param "movim commit")
    if [[ "$CURR_MOVIM_COMMIT" == "$MOVIM_COMMIT" ]]; then
        return
    fi
    if grep -q "movim domain" $COMPLETION_FILE; then
        MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
    fi
@ -211,6 +224,11 @@ function restore_local_movim {
            rm -rf $temp_restore_dir
        fi
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
        sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
        MARIADB_PASSWORD=
        echo $"Restore of movim complete"
    fi
 }
@ -254,6 +272,12 @@ function restore_remote_movim {
        if [ -d /root/tempmovim ]; then
            rm -rf /root/tempmovim
        fi
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
        sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
        MARIADB_PASSWORD=
        echo $"Restore of movim complete"
    fi
 }
@ -270,6 +294,7 @@ function remove_movim {
    systemctl stop movim
    systemctl disable movim
    rm /etc/systemd/system/movim.service
    systemctl daemon-reload
    read_config_param "MY_USERNAME"
    echo "Removing $MOVIM_DOMAIN_NAME"
@ -319,15 +344,24 @@ function install_movim {
    function_check repair_databases_script
    repair_databases_script
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
-    apt-get -yq install php5-memcached php5-intl exiftool php5-imagick
+    apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl
    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME ]; then
        mkdir /var/www/$MOVIM_DOMAIN_NAME
    fi
    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
+
-        git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
+        if [ -d /repos/movim ]; then
            mkdir /var/www/$MOVIM_DOMAIN_NAME/htdocs
            cp -r -p /repos/movim/. /var/www/$MOVIM_DOMAIN_NAME/htdocs
            cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
            git pull
        else
            function_check git_clone
            git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
        fi
        if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
            echo $'Unable to clone movim repo'
            exit 76285
@ -435,7 +469,8 @@ function install_movim {
        echo '  # PHP' >> $movim_nginx_site
        echo '  location ~ \.php {' >> $movim_nginx_site
        echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $movim_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
        echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
        echo '  }' >> $movim_nginx_site
        echo '' >> $movim_nginx_site
        echo '  # Location' >> $movim_nginx_site
@ -494,7 +529,8 @@ function install_movim {
    echo '  # PHP' >> $movim_nginx_site
    echo '  location ~ \.php {' >> $movim_nginx_site
    echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $movim_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
    echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
    echo '  }' >> $movim_nginx_site
    echo '' >> $movim_nginx_site
    echo '  # Location' >> $movim_nginx_site
@ -549,8 +585,9 @@ function install_movim {
    set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME"
    systemctl restart mariadb
    systemctl start movim
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
    systemctl restart nginx
    APP_INSTALLED=1
 }
--- a/src/freedombone-app-mumble
+++ b/src/freedombone-app-mumble
@ -47,6 +47,22 @@ mumble_variables=(MY_USERNAME
                  ONION_ONLY
                  ADMIN_USERNAME)
 function logging_on_mumble {
    if [ -f /etc/mumble-server.ini ]; then
        sed -i 's|logfile=.*|logfile=/var/log/mumble-server.log|g' /etc/mumble-server.ini
    fi
 }
 function logging_off_mumble {
    if [ -f /etc/mumble-server.ini ]; then
        sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
        if [ -d /var/log/mumble-server ]; then
            $REMOVE_FILES_COMMAND /var/log/mumble-server/*
            rm -rf /var/log/mumble-server
        fi
    fi
 }
 function install_interactive_mumble {
    echo -n ''
    APP_INSTALLED=1
--- a/src/freedombone-app-nextcloud
+++ b/src/freedombone-app-nextcloud
@ -38,11 +38,9 @@ SHOW_ON_ABOUT=1
 NEXTCLOUD_DOMAIN_NAME=
 NEXTCLOUD_CODE=
 NEXTCLOUD_ONION_PORT=8112
 NEXTCLOUD_DOWNLOAD_URL='https://download.nextcloud.com/server/releases/nextcloud-'
 NEXTCLOUD_VERSION='11.0.3'
 NEXTCLOUD_REPO="https://github.com/nextcloud/server"
-# Stable 11 branch
+# Stable 12 branch
-NEXTCLOUD_COMMIT='4fe02f6e3a812551661a3a7a7ceb4e1f3791cbd3'
+NEXTCLOUD_COMMIT='5e22b330963d01feb636b24e7b1027b50b46e3c2'
 NEXTCLOUD_ADMIN_PASSWORD=
 nextcloud_variables=(ONION_ONLY
@ -51,6 +49,14 @@ nextcloud_variables=(ONION_ONLY
                     DDNS_PROVIDER
                     MY_USERNAME)
 function logging_on_nextcloud {
    echo -n ''
 }
 function logging_off_nextcloud {
    echo -n ''
 }
 function remove_user_nextcloud {
    remove_username="$1"
@ -178,6 +184,18 @@ function configure_interactive_nextcloud {
 }
 function upgrade_nextcloud {
    CURR_NEXTCLOUD_COMMIT=$(get_completion_param "nextcloud commit")
    if [[ "$CURR_NEXTCLOUD_COMMIT" == "$NEXTCLOUD_COMMIT" ]]; then
        chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
        chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data
        cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
        sudo -u www-data ./occ maintenance:repair
        sudo -u www-data ./occ files:cleanup
        sudo -u www-data ./occ files:scan --all
        sudo -u www-data ./occ maintenance:mode --off
        return
    fi
    if grep -q "nextcloud domain" $COMPLETION_FILE; then
        NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
    fi
@ -339,7 +357,7 @@ function remove_nextcloud {
    function_check remove_nodejs
    remove_nodejs pleroma-nextcloud
-    sed -i 's|env[PATH]|;env[PATH]|g' /etc/php5/fpm/pool.d/www.conf
+    sed -i 's|env[PATH]|;env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
    read_config_param "NEXTCLOUD_DOMAIN_NAME"
    read_config_param "MY_USERNAME"
@ -367,7 +385,7 @@ function remove_nextcloud {
    function_check remove_ddns_domain
    remove_ddns_domain $NEXTCLOUD_DOMAIN_NAME
    systemctl restart nginx
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
 }
 function install_nextcloud_main {
@ -389,22 +407,32 @@ function install_nextcloud_main {
    function_check repair_databases_script
    repair_databases_script
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
-    apt-get -yq install php5-memcached php5-intl memcached php5-memcached
+    apt-get -yq install php-intl memcached php-memcached libfcgi0ldbl
    apt-get -yq install php-zip
    # Ensure PATH is available to php
-    if [ ! -f /etc/php5/fpm/pool.d/www.conf ]; then
+    if [ ! -f /etc/php/7.0/fpm/pool.d/www.conf ]; then
       echo $'No php www configuration file found'
       exit 628757
    fi
-    sed -i 's|;env[PATH]|env[PATH]|g' /etc/php5/fpm/pool.d/www.conf
+    sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
        mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME
    fi
    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
+
-        git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+        if [ -d /repos/nextcloud ]; then
            mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
            cp -r -p /repos/nextcloud/. /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
            cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
            git pull
        else
            function_check git_clone
            git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
        fi
        if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
            echo $'Unable to clone nextcloud repo'
            exit 87525
@ -463,7 +491,8 @@ function install_nextcloud_main {
        echo '  # PHP' >> $nextcloud_nginx_site
        echo '  location ~ \.php {' >> $nextcloud_nginx_site
        echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $nextcloud_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
        echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
        echo '  }' >> $nextcloud_nginx_site
        echo '' >> $nextcloud_nginx_site
        echo '  # Location' >> $nextcloud_nginx_site
@ -518,7 +547,8 @@ function install_nextcloud_main {
    echo '  # PHP' >> $nextcloud_nginx_site
    echo '  location ~ \.php {' >> $nextcloud_nginx_site
    echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $nextcloud_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
    echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
    echo '  }' >> $nextcloud_nginx_site
    echo '' >> $nextcloud_nginx_site
    echo '  # Location' >> $nextcloud_nginx_site
@ -592,7 +622,7 @@ function install_nextcloud_main {
        NEXTCLOUD_SERVER=${NEXTCLOUD_ONION_HOSTNAME}
    fi
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
    systemctl restart nginx
    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
@ -600,26 +630,43 @@ function install_nextcloud_main {
    ${PROJECT_NAME}-pass -u $MY_USERNAME -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
    cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-    chown -R www-data:www-data config
+    if [ -d config ]; then
-    chown -R www-data:www-data data
+        chown -R www-data:www-data config
    fi
    if [ -d data ]; then
        chown -R www-data:www-data data
    fi
    chmod +x occ
    ./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
    if [ ! -d data ]; then
        echo $'Nextcloud data directory was not found. This probably means that the installation failed.'
        echo ''
        echo $'Install command was:'
        echo "./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" --database mysql --database-user root --database-pass \"${MARIADB_PASSWORD}\""
        exit 83522
    fi
    chown -R www-data:www-data config
    chown -R www-data:www-data data
    ./occ check
    ./occ status
    ./occ app:list
    ./occ app:enable encryption
    ./occ config:system:set appstoreenabled --value=false
    ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
    chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
    chmod 0644 .htaccess
    chmod 0750 data
    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
    sudo -u www-data ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
    sudo -u www-data ./occ config:system:set trusted_domains 2 --value=$NEXTCLOUD_ONION_HOSTNAME
    sudo -u www-data ./occ files:cleanup
    sudo -u www-data ./occ files:scan --all
    sudo -u www-data ./occ maintenance:repair
    sudo -u www-data ./occ maintenance:mode --off
    systemctl restart mariadb
    # move the data directory
    mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
    sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
--- a/src/freedombone-app-pelican
+++ b/src/freedombone-app-pelican
@ -49,6 +49,13 @@ pelican_variables=(MY_USERNAME
                   PELICAN_DOMAIN_NAME
                   PELICAN_BLOG_CODE)
 function logging_on_pelican {
    echo -n ''
 }
 function logging_off_pelican {
    echo -n ''
 }
 function install_pelican_website {
    if [[ $ONION_ONLY != 'no' ]]; then
@ -525,7 +532,7 @@ function remove_pelican {
    function_check remove_onion_service
    remove_onion_service pelican ${PELICAN_ONION_PORT}
    remove_app pelican
-    systemctl reload tor
+    systemctl restart tor
 }
 function create_pelican_conf {
--- a/src/freedombone-app-pihole
+++ b/src/freedombone-app-pihole
@ -54,6 +54,14 @@ pihole_variables=(ONION_ONLY
                  PIHOLE_DNS1
                  PIHOLE_DNS2)
 function logging_on_pihole {
    echo -n ''
 }
 function logging_off_pihole {
    echo -n ''
 }
 function pihole_copy_files {
    if [ ! -d /etc/.pihole ]; then
        mkdir /etc/.pihole
@ -278,6 +286,11 @@ function reconfigure_pihole {
 }
 function upgrade_pihole {
    CURR_PIHOLE_COMMIT=$(get_completion_param "pihole commit")
    if [[ "$CURR_PIHOLE_COMMIT" == "$PIHOLE_COMMIT" ]]; then
        return
    fi
    function_check set_repo_commit
    set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
@ -351,6 +364,11 @@ function remove_pihole {
 function install_pihole {
    apt-get -yq install dnsmasq curl
    adduser --disabled-login --gecos 'pi-hole' pihole
    if [ ! -d /home/pihole ]; then
        echo $"/home/pihole directory not created"
        exit 538929
    fi
    chmod 600 /etc/shadow
    chmod 600 /etc/gshadow
    usermod -a -G www-data pihole
@ -365,7 +383,16 @@ function install_pihole {
    if [ ! -d $INSTALL_DIR/pihole ]; then
        cd $INSTALL_DIR
-        git_clone $PIHOLE_REPO pihole
+
        if [ -d /repos/pihole ]; then
            mkdir pihole
            cp -r -p /repos/pihole/. pihole
            cd pihole
            git pull
        else
            git_clone $PIHOLE_REPO pihole
        fi
        if [ ! -d $INSTALL_DIR/pihole ]; then
            exit 523925
        fi
--- a/src/freedombone-app-postactiv
+++ b/src/freedombone-app-postactiv
@ -37,7 +37,7 @@ POSTACTIV_DOMAIN_NAME=
 POSTACTIV_CODE=
 POSTACTIV_ONION_PORT=8100
 POSTACTIV_REPO="https://git.postactiv.com/postActiv/postActiv.git"
-POSTACTIV_COMMIT='65fcc4eb440380f2373d428e8dde23fcc73c9f08'
+POSTACTIV_COMMIT='0531c469b44aab6a71230778ab4492eca889bb2c'
 POSTACTIV_ADMIN_PASSWORD=
 POSTACTIV_BACKGROUND_IMAGE_URL=
@ -55,6 +55,14 @@ postactiv_variables=(ONION_ONLY
                     POSTACTIV_EXPIRE_MONTHS
                     POSTACTIV_TITLE)
 function logging_on_postactiv {
    echo -n ''
 }
 function logging_off_postactiv {
    echo -n ''
 }
 function postactiv_customise_logo {
    domain_name=$1
@ -313,15 +321,14 @@ function configure_interactive_postactiv {
        trap "rm -f $data" 0 1 2 5 15
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"PostActiv" \
-               --radiolist $"Choose an operation:" 17 70 8 \
+               --radiolist $"Choose an operation:" 16 70 7 \
               1 $"Set a background image" off \
               2 $"Set the title" off \
               3 $"Set post expiry period (currently $POSTACTIV_EXPIRE_MONTHS months)" off \
               4 $"Select Qvitter user interface" off \
               5 $"Select Pleroma user interface" off \
               6 $"Select Classic user interface" off \
-               7 $"Select Armadillo user interface" off \
+               7 $"Exit" on 2> $data
               8 $"Exit" on 2> $data
        sel=$?
        case $sel in
            1) return;;
@ -334,8 +341,7 @@ function configure_interactive_postactiv {
            4) gnusocial_use_qvitter postactiv;;
            5) gnusocial_use_pleroma postactiv;;
            6) gnusocial_use_classic postactiv;;
-            7) gnusocial_use_armadillo postactiv;;
+            7) break;;
            8) break;;
        esac
    done
 }
@ -375,6 +381,7 @@ function upgrade_postactiv {
    postactiv_customise_logo
    install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
    chown -R www-data:www-data /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
    systemctl restart mariadb
 }
@ -384,21 +391,34 @@ function backup_local_postactiv {
        POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
    fi
-    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
+    # don't backup more data than we need to
-    if [ -d $source_directory ]; then
+    postactiv-expire
        dest_directory=postactiv
        function_check suspend_site
        suspend_site ${POSTACTIV_DOMAIN_NAME}
-        function_check backup_directory_to_usb
+    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
-        backup_directory_to_usb $source_directory $dest_directory
+    if [ ! -d $source_directory ]; then
-
+        mkdir $source_directory
        function_check backup_database_to_usb
        backup_database_to_usb postactiv
        function_check restart_site
        restart_site
    fi
    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
    fi
    function_check suspend_site
    suspend_site ${POSTACTIV_DOMAIN_NAME}
    function_check backup_directory_to_usb
    dest_directory=postactivconfig
    backup_directory_to_usb $source_directory $dest_directory
    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
    dest_directory=postactivfile
    backup_directory_to_usb $source_directory $dest_directory
    function_check backup_database_to_usb
    backup_database_to_usb postactiv
    function_check restart_site
    restart_site
 }
 function restore_local_postactiv {
@ -407,68 +427,122 @@ function restore_local_postactiv {
    fi
    POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
    if [ $POSTACTIV_DOMAIN_NAME ]; then
        echo $"Restoring postactiv"
        temp_restore_dir=/root/temppostactiv
        postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
        # stop the daemons
        cd $postactiv_dir
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        scripts/stopdaemons.sh
        function_check postactiv_create_database
        postactiv_create_database
-        restore_database postactiv ${POSTACTIV_DOMAIN_NAME}
+        restore_database postactiv
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi
-        # start the daemons
+        function_check restore_directory_from_usb
-        cd $postactiv_dir
+        restore_directory_from_usb $temp_restore_dir postactivconfig
-        su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
+        if [ -d $temp_restore_dir ]; then
            cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
            chown www-data:www-data $postactiv_dir/config.php
            cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
            chown -R www-data:www-data $postactiv_dir/static
            rm -rf $temp_restore_dir
        fi
        restore_directory_from_usb $temp_restore_dir postactivfile
        if [ -d $temp_restore_dir ]; then
            cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
            chown -R www-data:www-data $postactiv_dir/file
            rm -rf $temp_restore_dir
        fi
        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
        echo $"Restore of postactiv complete"
    fi
 }
 function backup_remote_postactiv {
    POSTACTIV_DOMAIN_NAME='postactiv'
    if grep -q "postactiv domain" $COMPLETION_FILE; then
        POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
        temp_backup_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
        if [ -d $temp_backup_dir ]; then
            function_check suspend_site
            suspend_site ${POSTACTIV_DOMAIN_NAME}
            function_check backup_database_to_friend
            backup_database_to_friend postactiv
            function_check backup_directory_to_friend
            backup_directory_to_friend $temp_backup_dir postactiv
            function_check restart_site
            restart_site
        else
            echo $"postactiv domain specified but not found in ${temp_backup_dir}"
        fi
    fi
    # don't backup more data than we need to
    postactiv-expire
    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
    if [ ! -d $source_directory ]; then
        mkdir $source_directory
    fi
    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
    fi
    function_check suspend_site
    suspend_site ${POSTACTIV_DOMAIN_NAME}
    function_check backup_directory_to_friend
    dest_directory=postactivconfig
    backup_directory_to_friend $source_directory $dest_directory
    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
    dest_directory=postactivfile
    backup_directory_to_friend $source_directory $dest_directory
    function_check backup_database_to_friend
    backup_database_to_friend postactiv
    function_check restart_site
    restart_site
 }
 function restore_remote_postactiv {
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if ! grep -q "postactiv domain" $COMPLETION_FILE; then
-        POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
+        return
-
+    fi
    POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
    if [ $POSTACTIV_DOMAIN_NAME ]; then
        echo $"Restoring postactiv"
        temp_restore_dir=/root/temppostactiv
        postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
        # stop the daemons
-        cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
+        cd $postactiv_dir
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        scripts/stopdaemons.sh
        function_check postactiv_create_database
        postactiv_create_database
        function_check restore_database_from_friend
-        restore_database_from_friend postactiv ${POSTACTIV_DOMAIN_NAME}
+        restore_database_from_friend postactiv
-        if [ -d /root/temppostactiv ]; then
+        if [ -d $temp_restore_dir ]; then
-            rm -rf /root/temppostactiv
+            rm -rf $temp_restore_dir
        fi
-        # start the daemons
+        function_check restore_directory_from_friend
-        cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
+        restore_directory_from_friend $temp_restore_dir postactivconfig
-        su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
+        if [ -d $temp_restore_dir ]; then
            cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
            chown www-data:www-data $postactiv_dir/config.php
            cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
            chown -R www-data:www-data $postactiv_dir/static
            rm -rf $temp_restore_dir
        fi
        restore_directory_from_friend $temp_restore_dir postactivfile
        if [ -d $temp_restore_dir ]; then
            cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
            chown -R www-data:www-data $postactiv_dir/file
            rm -rf $temp_restore_dir
        fi
        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
        echo $"Restore of postactiv complete"
    fi
 }
@ -488,8 +562,8 @@ function remove_postactiv {
        rm /etc/cron.hourly/postactiv-daemons
    fi
    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts
+        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
+        scripts/stopdaemons.sh
    fi
    kill_pid=$(ps aux | grep /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
    kill -9 $kill_pid
@ -540,15 +614,24 @@ function install_postactiv_main {
    function_check repair_databases_script
    repair_databases_script
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
-    apt-get -yq install php5-memcached php5-intl exiftool
+    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
    if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
        mkdir /var/www/$POSTACTIV_DOMAIN_NAME
    fi
    if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
-        function_check git_clone
+
-        git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+        if [ -d /repos/postactiv ]; then
            mkdir /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
            cp -r -p /repos/postactiv/. /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
            cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
            git pull
        else
            function_check git_clone
            git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
        fi
        if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
            echo $'Unable to clone postactiv repo'
            exit 87525
@ -583,6 +666,8 @@ function install_postactiv_main {
    function_check add_ddns_domain
    add_ddns_domain $POSTACTIV_DOMAIN_NAME
    POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})
    postactiv_nginx_site=/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
@ -617,7 +702,8 @@ function install_postactiv_main {
        echo '  # PHP' >> $postactiv_nginx_site
        echo '  location ~ \.php {' >> $postactiv_nginx_site
        echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $postactiv_nginx_site
+        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
        echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
        echo '  }' >> $postactiv_nginx_site
        echo '' >> $postactiv_nginx_site
        echo '  # Location' >> $postactiv_nginx_site
@ -644,7 +730,7 @@ function install_postactiv_main {
    fi
    echo 'server {' >> $postactiv_nginx_site
    echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;" >> $postactiv_nginx_site
-    echo "    server_name $POSTACTIV_DOMAIN_NAME;" >> $postactiv_nginx_site
+    echo "    server_name $POSTACTIV_ONION_HOSTNAME;" >> $postactiv_nginx_site
    echo '' >> $postactiv_nginx_site
    function_check nginx_disable_sniffing
    nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME
@ -665,7 +751,8 @@ function install_postactiv_main {
    echo '  # PHP' >> $postactiv_nginx_site
    echo '  location ~ \.php {' >> $postactiv_nginx_site
    echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $postactiv_nginx_site
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
    echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
    echo '  }' >> $postactiv_nginx_site
    echo '' >> $postactiv_nginx_site
    echo '  # Location' >> $postactiv_nginx_site
@ -713,8 +800,6 @@ function install_postactiv_main {
        postactiv_ssl='never'
    fi
    POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})
    POSTACTIV_SERVER=${POSTACTIV_DOMAIN_NAME}
    if [[ $ONION_ONLY != 'no' ]]; then
        POSTACTIV_SERVER=${POSTACTIV_ONION_HOSTNAME}
@ -776,7 +861,8 @@ function install_postactiv_main {
        rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php
    fi
-    systemctl restart php5-fpm
+    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx
    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
@ -798,11 +884,9 @@ function install_postactiv {
    install_postactiv_main
    install_qvitter "$POSTACTIV_DOMAIN_NAME" "postactiv"
-
+    install_gnusocial_markdown "$POSTACTIV_DOMAIN_NAME" "postactiv"
-    #function_check install_nodejs
+    install_gnusocial_plugin_sharings "$POSTACTIV_DOMAIN_NAME" "postactiv"
-    #install_nodejs pleroma-postactiv
+    install_gnusocial_plugin_sharings_theme "$POSTACTIV_DOMAIN_NAME" "postactiv"
    install_armadillo_front_end "postactiv" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL"
    # Currently Pleroma won't install on ARM systems
    # because it uses node-sass which doesn't support ARM
@ -825,6 +909,14 @@ function install_postactiv {
    systemctl restart nginx
    # Set qvitter to be the default UI. It's probably the most stable.
    # And doesn't forget logins
    gnusocial_use_qvitter postactiv
    if [ $POSTACTIV_BACKGROUND_IMAGE_URL ]; then
        pleroma_set_background_image_from_url "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
    fi
    APP_INSTALLED=1
 }
--- a/src/freedombone-app-profanity
+++ b/src/freedombone-app-profanity
@ -48,6 +48,14 @@ xmpp_variables=(ONION_ONLY
                DEFAULT_DOMAIN_NAME
                XMPP_DOMAIN_CODE)
 function logging_on_profanity {
    echo -n ''
 }
 function logging_off_profanity {
    echo -n ''
 }
 function remove_user_profanity {
    remove_username="$1"
 }
@ -198,7 +206,15 @@ function install_profanity {
    apt-get -yq install libotr5-dev libgpgme11-dev python-dev libreadline-dev
    # dependency for profanity not available in debian
-    git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
+    if [ -d /repos/libmesode ]; then
        mkdir $INSTALL_DIR/libmesode
        cp -r -p /repos/libmesode/. $INSTALL_DIR/libmesode
        cd $INSTALL_DIR/libmesode
        git pull
    else
        git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
    fi
    cd $INSTALL_DIR/libmesode
    git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT
    ./bootstrap.sh
@ -208,7 +224,15 @@ function install_profanity {
    cp /usr/local/lib/libmesode* /usr/lib
    # build profanity
-    git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
+    if [ -d /repos/profanity ]; then
        mkdir $INSTALL_DIR/profanity
        cp -r -p /repos/profanity/. $INSTALL_DIR/profanity
        cd $INSTALL_DIR/profanity
        git pull
    else
        git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
    fi
    cd $INSTALL_DIR/profanity
    git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT
    ./bootstrap.sh
@ -223,7 +247,16 @@ function install_profanity {
    # install the omemo plugin
    apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev
-    git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
+
    if [ -d /repos/profanity-omemo ]; then
        mkdir $INSTALL_DIR/profanity-omemo-plugin
        cp -r -p /repos/profanity-omemo/. $INSTALL_DIR/profanity-omemo-plugin
        cd $INSTALL_DIR/profanity-omemo-plugin
        git pull
    else
        git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
    fi
    cd $INSTALL_DIR/profanity-omemo-plugin
    git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT
    if [ ! -f $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py ]; then
--- a/src/freedombone-app-radicale
+++ b/src/freedombone-app-radicale
@ -31,7 +31,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-VARIANTS='full full-vim'
+VARIANTS=''
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
@ -50,6 +50,14 @@ radicale_variables=(ONION_ONLY
                    RADICALE_PASSWORD
                    DEFAULT_DOMAIN_NAME)
 function logging_on_radicale {
    echo -n ''
 }
 function logging_off_radicale {
    echo -n ''
 }
 function remove_user_radicale {
    remove_username="$1"
@ -274,6 +282,7 @@ function remove_radicale {
    if [ -f /etc/systemd/system/radicale.service ]; then
        rm /etc/systemd/system/radicale.service
    fi
    systemctl daemon-reload
    if [ -f /etc/nginx/sites-available/radicale ]; then
        rm /etc/nginx/sites-available/radicale
    fi
@ -282,7 +291,9 @@ function remove_radicale {
    fi
    firewall_remove ${RADICALE_PORT} tcp
-    deluser radicale
+
    groupdel -f radicale
    userdel -r radicale
    function_check remove_onion_service
    remove_onion_service radicale ${RADICALE_ONION_PORT}
@ -323,6 +334,7 @@ function install_radicale {
    useradd -c "Radicale system account" -d /var/www/radicale -m -r -g radicale radicale
    usermod -a -G www-data radicale
    groupadd radicale
    # create directories
    if [ ! -d /var/log/radicale ]; then
--- a/src/freedombone-app-riot
+++ b/src/freedombone-app-riot
@ -46,8 +46,17 @@ riot_variables=(MY_USERNAME
                RIOT_DOMAIN_NAME
                MATRIX_DOMAIN_NAME
                SYSTEM_TYPE
                ONION_ONLY
                DDNS_PROVIDER)
 function logging_on_riot {
    echo -n ''
 }
 function logging_off_riot {
    echo -n ''
 }
 function remove_user_riot {
    echo -n ''
 }
@ -206,6 +215,10 @@ function remove_riot {
 }
 function install_riot {
    if [[ $ONION_ONLY != 'no' ]]; then
        return
    fi
    # check that matrix has been installed
    if [ ! $MATRIX_DOMAIN_NAME ]; then
        exit 687292
@ -217,6 +230,9 @@ function install_riot {
        exit 827334
    fi
    function_check get_completion_param
    MATRIX_ONION_DOMAIN_NAME=$(get_completion_param "matrix onion domain")
    apt-get -yq install wget
    if [ ! -d /var/www/$RIOT_DOMAIN_NAME/htdocs ]; then
@ -232,12 +248,21 @@ function install_riot {
    cd /var/www/$RIOT_DOMAIN_NAME/htdocs
    cp config.sample.json config.json
-    sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
+    if [[ $ONION_ONLY == 'no' ]]; then
-    sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
-    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"https://${MATRIX_DOMAIN_NAME}/\",|g" config.json
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
-    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"https://${MATRIX_DOMAIN_NAME}/api\",|g" config.json
+        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"https://${MATRIX_DOMAIN_NAME}/\",|g" config.json
-    sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
+        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"https://${MATRIX_DOMAIN_NAME}/api\",|g" config.json
-    sed -i "/\"servers\":/a \"matrix.freedombone.net\"," config.json
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," config.json
    else
        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/\",|g" config.json
        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/api\",|g" config.json
        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" config.json
        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," config.json
    fi
    RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
--- a/src/freedombone-app-rss
+++ b/src/freedombone-app-rss
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -53,6 +53,24 @@ rss_variables=(RSS_READER_REPO
               USB_MOUNT
               MY_USERNAME)
 function logging_on_rss {
    echo -n ''
 }
 function logging_off_rss {
    echo -n ''
 }
 function remove_user_rss {
    remove_username="$1"
 }
 function add_user_rss {
    new_username="$1"
    new_user_password="$2"
    echo '0'
 }
 function install_interactive_rss {
    echo -n ''
    APP_INSTALLED=1
@ -86,6 +104,11 @@ function reconfigure_rss {
 }
 function upgrade_rss {
    CURR_RSS_READER_COMMIT=$(get_completion_param "rss reader commit")
    if [[ "$CURR_RSS_READER_COMMIT" == "$RSS_READER_COMMIT" ]]; then
        return
    fi
    RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
    if [[ $(app_is_installed rss) == "1" ]]; then
@ -180,6 +203,10 @@ function restore_local_rss {
            rm -rf $temp_restore_dir
        fi
    fi
    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
    sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
    MARIADB_PASSWORD=
 }
 function backup_remote_rss {
@ -238,6 +265,11 @@ function restore_remote_rss {
        if [ -d /root/tempttrss ]; then
            rm -rf /root/tempttrss
        fi
        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
        MARIADB_PASSWORD=
        echo $"Restore of ttrss complete"
    fi
 }
@ -249,7 +281,8 @@ function remove_rss {
    nginx_dissite $RSS_READER_DOMAIN_NAME
    function_check remove_onion_service
-    remove_onion_service rss ${RSS_READER_ONION_PORT} ${RSS_MOBILE_READER_ONION_PORT}
+    remove_onion_service mobilerss ${RSS_MOBILE_READER_ONION_PORT}
    remove_onion_service rss ${RSS_READER_ONION_PORT}
    if [ -f /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME ]; then
        rm /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    fi
@ -261,6 +294,7 @@ function remove_rss {
    remove_completion_param install_rss
    sed -i '/RSS /d' $COMPLETION_FILE
    sed -i '/rss /d' $COMPLETION_FILE
    sed -i '/rss_/d' $COMPLETION_FILE
    remove_backup_database_local ttrss
 }
@ -294,15 +328,27 @@ function install_rss_main {
    function_check remove_onion_service
    remove_onion_service rss ${RSS_READER_ONION_PORT} ${RSS_MOBILE_READER_ONION_PORT}
-    apt-get -yq install php-gettext php5-curl php5-gd php5-mysql git
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git
-    apt-get -yq install curl php-xml-parser php5-mcrypt
+    apt-get -yq install curl php-mcrypt libfcgi0ldbl
    remove_onion_service mobilerss ${RSS_MOBILE_READER_ONION_PORT}
    remove_onion_service rss ${RSS_READER_ONION_PORT}
    if [ ! -d /etc/share ]; then
        mkdir /etc/share
    fi
    cd /etc/share
-    function_check git_clone
+
-    git_clone $RSS_READER_REPO tt-rss
+    if [ -d /repos/rss ]; then
        mkdir tt-rss
        cp -r -p /repos/rss/. tt-rss
        cd tt-rss
        git pull
    else
        function_check git_clone
        git_clone $RSS_READER_REPO tt-rss
    fi
    if [ ! -d $RSS_READER_PATH ]; then
        echo $'Could not clone RSS reader repo'
        exit 52925
@ -323,7 +369,12 @@ function install_rss_main {
    rss_create_database
    RSS_READER_ONION_HOSTNAME=$(add_onion_service rss 80 ${RSS_READER_ONION_PORT})
-    RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service rss_mobile 80 ${RSS_MOBILE_READER_ONION_PORT})
+
    sleep 2
    RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT})
    set_completion_param "rss_mobile onion domain" "$RSS_MOBILE_READER_ONION_HOSTNAME"
    echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@ -337,7 +388,8 @@ function install_rss_main {
    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@ -375,7 +427,8 @@ function install_rss_main {
    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '  set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@ -396,7 +449,7 @@ function install_rss_main {
    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
@ -420,7 +473,7 @@ function install_rss_main {
        # generate a config file
        RSS_FEED_CRYPT_KEY="$(create_password 24)"
        echo '<?php' > $RSS_READER_PATH/config.php
-        echo "  define ('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
+        echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
        echo "  define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
        echo "  define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
        echo "  define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
@ -482,13 +535,14 @@ function install_rss_main {
    configure_php
    nginx_ensite $RSS_READER_DOMAIN_NAME
-    systemctl restart php5-fpm
+    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx
    # daemon to update feeds
    echo '[Unit]' > /etc/systemd/system/ttrss.service
    echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
-    echo 'After=network.target mysql.service' >> /etc/systemd/system/ttrss.service
+    echo 'After=network.target mariadb.service' >> /etc/systemd/system/ttrss.service
    echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
    echo '' >> /etc/systemd/system/ttrss.service
    echo '[Service]' >> /etc/systemd/system/ttrss.service
@ -570,8 +624,17 @@ function install_rss_mobile_reader {
    fi
    cd /etc/share
-    function_check git_clone
+
-    git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
+    if [ -d /repos/rss-mobile ]; then
        mkdir ttrss-mobile
        cp -r -p /repos/rss-mobile/. ttrss-mobile
        cd ttrss-mobile
        git pull
    else
        function_check git_clone
        git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
    fi
    if [ ! -d $RSS_MOBILE_READER_PATH ]; then
        echo $'Could not clone RSS mobile reader repo'
        exit 24816
--- a/src/freedombone-app-scuttlebot
+++ b/src/freedombone-app-scuttlebot
@ -10,6 +10,7 @@
 #
 # scuttlebot pub application
 # https://scuttlebot.io
 # Problem: on occasion uses 100% of the CPU, severely impacting other services
 #
 # License
 # =======
@ -29,7 +30,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-VARIANTS='full full-vim chat'
+VARIANTS=''
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
@ -42,6 +43,14 @@ scuttlebot_variables=(MY_USERNAME
                      DEFAULT_DOMAIN_NAME
                      SYSTEM_TYPE)
 function logging_on_scuttlebot {
    echo -n ''
 }
 function logging_off_scuttlebot {
    echo -n ''
 }
 function scuttlebot_create_invite {
    invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')
@ -166,6 +175,7 @@ function remove_scuttlebot {
    systemctl stop scuttlebot
    systemctl disable scuttlebot
    rm /etc/systemd/system/scuttlebot.service
    systemctl daemon-reload
    userdel -r scuttlebot
--- a/src/freedombone-app-searx
+++ b/src/freedombone-app-searx
@ -35,7 +35,7 @@ SHOW_ON_ABOUT=1
 SHOW_ICANN_ADDRESS_ON_ABOUT=0
 SEARX_REPO="https://github.com/asciimoo/searx"
-SEARX_COMMIT='259735f30901ae884f8234f1f138c28a9e59713a'
+SEARX_COMMIT='80460be8f69cea5f15c9d5ddbb63e4e48fde2dd0'
 SEARX_PATH=/etc
 SEARX_ONION_PORT=8094
 SEARX_ONION_HOSTNAME=
@ -48,6 +48,14 @@ searx_variables=(SEARX_LOGIN_TEXT
                 SEARX_BACKGROUND_IMAGE_URL
                 SYSTEM_TYPE)
 function logging_on_searx {
    echo -n ''
 }
 function logging_off_searx {
    echo -n ''
 }
 function searx_set_default_background {
    if [ -f ~/freedombone/img/backgrounds/searx.jpg ]; then
        cp ~/freedombone/img/backgrounds/searx.jpg /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
@ -737,6 +745,11 @@ function create_searx_config {
 }
 function upgrade_searx {
    CURR_SEARX_COMMIT=$(get_completion_param "searx commit")
    if [[ "$CURR_SEARX_COMMIT" == "$SEARX_COMMIT" ]]; then
        return
    fi
    settings_file=${SEARX_PATH}/searx/searx/settings.yml
    background_image=/etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
@ -789,6 +802,8 @@ function remove_searx {
    systemctl stop searx
    systemctl disable searx
    rm /etc/systemd/system/searx.service
    systemctl daemon-reload
    function_check remove_onion_service
    remove_onion_service searx ${SEARX_ONION_PORT}
    userdel -r searx
@ -811,8 +826,15 @@ function install_searx {
        exit 62429
    fi
-    apt-get -yq install python-pip libyaml-dev python-werkzeug python-babel python-lxml apache2-utils
+    apt-get -yq install python-pip libyaml-dev python-werkzeug python-babel python-lxml
-    apt-get -yq install git build-essential libxslt-dev python-dev python-virtualenv python-pybabel zlib1g-dev uwsgi uwsgi-plugin-python libapache2-mod-uwsgi imagemagick
+    apt-get -yq install git build-essential libxslt-dev python-dev python-virtualenv zlib1g-dev uwsgi uwsgi-plugin-python imagemagick
    apt-get -yq install apache2-utils
    apt-get -yq remove --purge apache2-bin*
    if [ -d /etc/apache2 ]; then
        rm -rf /etc/apache2
        echo $'Removed Apache installation'
    fi
    pip install --upgrade pip
@ -846,14 +868,35 @@ function install_searx {
        exit 63738
    fi
    pip install requests --upgrade
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install requests'
        exit 357282
    fi
    pip install pygments --upgrade
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install pygments'
        exit 357282
    fi
    if [ ! -d $SEARX_PATH ]; then
        mkdir -p $SEARX_PATH
    fi
    # clone the repo
    cd $SEARX_PATH
-    function_check git_clone
+
-    git_clone $SEARX_REPO searx
+    if [ -d /repos/searx ]; then
        mkdir searx
        cp -r -p /repos/searx/. searx
        cd searx
        git pull
    else
        function_check git_clone
        git_clone $SEARX_REPO searx
    fi
    git checkout $SEARX_COMMIT -b $SEARX_COMMIT
    set_completion_param "searx commit" "$SEARX_COMMIT"
@ -915,7 +958,7 @@ function install_searx {
    echo '}' >> /etc/nginx/sites-available/searx
    # replace the secret key
-    if ! grep "searx key" $COMPLETION_FILE; then
+    if ! grep -q "searx key" $COMPLETION_FILE; then
        SEARX_SECRET_KEY="$(create_password 30)"
        set_completion_param "searx key" "${SEARX_SECRET_KEY}"
    fi
@ -930,7 +973,7 @@ function install_searx {
    nginx_ensite searx
    # restart the web server
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
    systemctl restart nginx
    # start the daemon
--- a/src/freedombone-app-sip
+++ b/src/freedombone-app-sip
@ -50,6 +50,14 @@ sip_variables=(ONION_ONLY
               TURN_TLS_PORT
               TURN_NONCE)
 function logging_on_sip {
    echo -n ''
 }
 function logging_off_sip {
    echo -n ''
 }
 function remove_user_sip {
    remove_username="$1"
    ${PROJECT_NAME}-rmsipuser ${remove_username}
@ -146,7 +154,7 @@ function restore_local_sip {
            exit 3679
        fi
        rm -rf $temp_restore_dir
-        service sipwitch restart
+        systemctl restart sipwitch
        echo $"Restore of SIP settings complete"
    fi
 }
@ -212,7 +220,7 @@ function update_sipwitch_daemon {
        return
    fi
-    service sipwitch stop
+    systemctl stop sipwitch
    # remove the original sipwitch daemon if it exists
    if [ -f /etc/init.d/sipwitch ]; then
--- a/src/freedombone-app-syncthing
+++ b/src/freedombone-app-syncthing
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -51,6 +51,14 @@ syncthing_variables=(SYNCTHING_ID
                     SYNCTHING_SHARED_DATA
                     USB_MOUNT)
 function logging_on_syncthing {
    echo -n ''
 }
 function logging_off_syncthing {
    echo -n ''
 }
 function syncthing_create_ids_file {
    if [ ! -f ~/.syncthing-server-id ]; then
        return
@ -458,8 +466,9 @@ function remove_syncthing {
    firewall_remove ${SYNCTHING_PORT}
    systemctl stop syncthing
    systemctl disable syncthing
    apt-get -yq remove --purge syncthing
    rm /etc/systemd/system/syncthing.service
    systemctl daemon-reload
    apt-get -yq remove --purge syncthing
    sed -i "/${PROJECT_NAME}-syncthing/d" /etc/crontab
    remove_completion_param install_syncthing
    remove_completion_param configure_firewall_for_syncthing
@ -475,12 +484,19 @@ function configure_firewall_for_syncthing {
    mark_completed $FUNCNAME
 }
-function install_syncthing {
+function install_syncthing_repo {
-    apt-get -yq install curl
+    if [ -f /etc/apt/sources.list.d/syncthing.list ]; then
        return
    fi
    apt-get -yq install curl
    curl -s https://syncthing.net/release-key.txt | apt-key add -
    echo "deb http://apt.syncthing.net/ syncthing release" | tee /etc/apt/sources.list.d/syncthing.list
    apt-get update
 }
 function install_syncthing {
    install_syncthing_repo
    apt-get -yq install syncthing
    # This probably does need to run as root so that it can access the Sync directories
--- a/src/freedombone-app-tahoelafs
+++ b/src/freedombone-app-tahoelafs
@ -36,16 +36,14 @@ IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
 SHOW_ICANN_ADDRESS_ON_ABOUT=0
 TAHOELAFS_REPO="https://github.com/tahoe-lafs/tahoe-lafs"
 TAHOELAFS_COMMIT='bb782b0331a60de438136a593bba18338d8d866b'
 TAHOELAFS_PORT=50213
 TAHOELAFS_STORAGE_PORT=50214
 TAHOELAFS_ONION_PORT=8096
 TAHOELAFS_STORAGE_ONION_PORT=8097
-TAHOE_COMMAND="cd /home/tahoelafs/tahoelafs && venv/bin/tahoe"
+TAHOE_DIR=/home/tahoelafs
-tahoelafs_storage_file=/home/tahoelafs/client/private/servers.yaml
+TAHOE_COMMAND='/usr/bin/tahoe'
 tahoelafs_storage_file=$TAHOE_DIR/client/private/servers.yaml
 TAHOELAFS_SHARES_NEEDED=3
 TAHOELAFS_SHARES_HAPPY=7
@ -53,12 +51,19 @@ TAHOELAFS_SHARES_TOTAL=10
 tahoelafs_variables=(ONION_ONLY
                     MY_USERNAME
                     TAHOELAFS_REPO
                     TAHOELAFS_PORT
                     TAHOELAFS_SHARES_NEEDED
                     TAHOELAFS_SHARES_HAPPY
                     TAHOELAFS_SHARES_TOTAL)
 function logging_on_tahoelafs {
    echo -n ''
 }
 function logging_off_tahoelafs {
    echo -n ''
 }
 function add_user_tahoelafs {
    if [[ $(app_is_installed tahoelafs) == "0" ]]; then
        echo '0'
@ -68,7 +73,7 @@ function add_user_tahoelafs {
    new_username="$1"
    new_user_password="$2"
    ${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password"
-    if grep "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
+    if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
        sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs
    fi
    echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username}
@ -78,7 +83,7 @@ function add_user_tahoelafs {
 function remove_user_tahoelafs {
    remove_username="$1"
    ${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs
-    if grep "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
+    if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
        sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs
    fi
 }
@ -87,7 +92,7 @@ function change_password_tahoelafs {
    change_username="$1"
    change_password="$2"
    ${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password"
-    if grep "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
+    if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
        sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs
    fi
    echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username}
@ -164,13 +169,13 @@ function edit_tahoelafs_shares {
        TAHOELAFS_SHARES_TOTAL=${tl_total}
    fi
-    sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" /home/tahoelafs/tahoelafs/client/tahoe.cfg
+    sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" $TAHOE_DIR/tahoelafs/client/tahoe.cfg
-    sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" /home/tahoelafs/tahoelafs/client/tahoe.cfg
+    sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" $TAHOE_DIR/tahoelafs/client/tahoe.cfg
-    sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" /home/tahoelafs/tahoelafs/client/tahoe.cfg
+    sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" $TAHOE_DIR/tahoelafs/client/tahoe.cfg
-    sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" /home/tahoelafs/tahoelafs/storage/tahoe.cfg
+    sed -i "s|shares.needed.*|shares.needed = ${TAHOELAFS_SHARES_NEEDED}|g" $TAHOE_DIR/tahoelafs/storage/tahoe.cfg
-    sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" /home/tahoelafs/tahoelafs/storage/tahoe.cfg
+    sed -i "s|shares.happy.*|shares.happy = ${TAHOELAFS_SHARES_HAPPY}|g" $TAHOE_DIR/tahoelafs/storage/tahoe.cfg
-    sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" /home/tahoelafs/tahoelafs/storage/tahoe.cfg
+    sed -i "s|shares.total.*|shares.total = ${TAHOELAFS_SHARES_TOTAL}|g" $TAHOE_DIR/tahoelafs/storage/tahoe.cfg
    systemctl restart tahoelafs-storage
    systemctl restart tahoelafs-client
@ -263,7 +268,7 @@ function tahoelafs_setup_storage_config {
    echo '[connections]' >> $config_file
    echo 'tcp = tor' >> $config_file
-    chown -R tahoelafs:debian-tor /home/tahoelafs
+    chown -R tahoelafs:debian-tor $TAHOE_DIR
 }
 function install_interactive_tahoelafs {
@ -272,22 +277,11 @@ function install_interactive_tahoelafs {
 }
 function upgrade_tahoelafs {
-    if [ ! -d /home/tahoelafs/tahoelafs ]; then
+    echo -n ''
        return
    fi
    systemctl stop tahoelafs
    function_check set_repo_commit
    set_repo_commit /home/tahoelafs/tahoelafs "tahoelafs commit" "$TAHOELAFS_COMMIT" $TAHOELAFS_REPO
    cd /home/tahoelafs/tahoelafs
    git submodule update --init --recursive
    virtualenv venv
    venv/bin/pip install --editable .
    chown -R tahoelafs:debian-tor /home/tahoelafs
    systemctl start tahoelafs
 }
 function backup_local_tahoelafs {
-    source_directory=/home/tahoelafs
+    source_directory=$TAHOE_DIR
    if [ ! -d $source_directory ]; then
        return
    fi
@ -304,21 +298,21 @@ function restore_local_tahoelafs {
    systemctl stop tahoelafs-client
    temp_restore_dir=/root/temptahoelafs
    restore_directory_from_usb $temp_restore_dir tahoelafs
-    mv /home/tahoelafs /home/tahoelafs-old
+    mv $TAHOE_DIR ${TAHOE_DIR}-old
-    cp -r $temp_restore_dir/home/tahoelafs /home/tahoelafs
+    cp -r $temp_restore_dir$TAHOE_DIR $TAHOE_DIR
    if [ ! "$?" = "0" ]; then
-        mv /home/tahoelafs-old /home/tahoelafs
+        mv ${TAHOE_DIR}-old $TAHOE_DIR
        exit 246833
    fi
-    rm -rf /home/tahoelafs-old
+    rm -rf ${TAHOE_DIR}-old
-    chown -R tahoelafs:debian-tor /home/tahoelafs
+    chown -R tahoelafs:debian-tor $TAHOE_DIR
    systemctl start tahoelafs-client
    systemctl start tahoelafs-storage
    echo $"Restore complete"
 }
 function backup_remote_tahoelafs {
-    source_directory=/home/tahoelafs
+    source_directory=$TAHOE_DIR
    if [ ! -d $source_directory ]; then
        return
    fi
@ -337,14 +331,14 @@ function restore_remote_tahoelafs {
    systemctl stop tahoelafs-client
    temp_restore_dir=/root/temptahoelafs
    restore_directory_from_friend $temp_restore_dir tahoelafs
-    mv /home/tahoelafs /home/tahoelafs-old
+    mv $TAHOE_DIR ${TAHOE_DIR}-old
-    cp -r $temp_restore_dir/home/tahoelafs /home/tahoelafs
+    cp -r $temp_restore_dir$TAHOE_DIR $TAHOE_DIR
    if [ ! "$?" = "0" ]; then
-        mv /home/tahoelafs-old /home/tahoelafs
+        mv ${TAHOE_DIR}old $TAHOE_DIR
        exit 623925
    fi
-    rm -rf /home/tahoelafs-old
+    rm -rf ${$TAHOE_DIR}-old
-    chown -R tahoelafs:debian-tor /home/tahoelafs
+    chown -R tahoelafs:debian-tor $TAHOE_DIR
    systemctl start tahoelafs-client
    systemctl start tahoelafs-storage
    echo $"Restore complete"
@ -370,10 +364,15 @@ function remove_tahoelafs {
    systemctl stop tahoelafs-storage
    systemctl disable tahoelafs-storage
    rm /etc/systemd/system/tahoelafs-storage.service
    systemctl daemon-reload
    systemctl stop tahoelafs-client
    systemctl disable tahoelafs-client
    rm /etc/systemd/system/tahoelafs-client.service
    systemctl daemon-reload
    pip uninstall tahoe-lafs[tor]
    apt-get -yq remove tahoe-lafs
    if [ -d /var/lib/tahoelafs ]; then
        rm -rf /var/lib/tahoelafs
@ -383,32 +382,18 @@ function remove_tahoelafs {
    remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT}
    remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} $(get_tahoelafs_nick)
    sed -i '/HidServAuth /d' /etc/tor/torrc
-    deluser tahoelafs
+
-    if [ -d /home/tahoelafs ]; then
+    groupdel -f tahoelafs
-        rm -rf /home/tahoelafs
+    userdel -r tahoelafs
    if [ -d $TAHOE_DIR ]; then
        rm -rf $TAHOE_DIR
    fi
    remove_app tahoelafs
    if [ -f /etc/nginx/.htpasswd-tahoelafs ]; then
        shred -zu /etc/nginx/.htpasswd-tahoelafs
    fi
-    remove_completion_param "tahoelafs commit"
+    onion_update
    systemctl reload tor
 }
 function install_tahoelafs_to_directory {
    tahoe_dir=$1
    git_clone $TAHOELAFS_REPO $tahoe_dir
    cd $tahoe_dir
    git checkout $TAHOELAFS_COMMIT -b $TAHOELAFS_COMMIT
    git submodule update --init --recursive
    virtualenv venv --distribute
    venv/bin/pip uninstall --yes setuptools
    venv/bin/pip install setuptools==11.3
    venv/bin/pip install six==1.10.0 packaging==16.8 attrs==16.3.0 appdirs==1.4.2 pycrypto==2.1.0 cffi==1.9.1
    venv/bin/pip install cryptography==1.7.2 markerlib==0.6.0 distribute==0.7.3
    venv/bin/pip install txtorcon==0.18.0
    venv/bin/pip install --editable .
 }
 function create_tahoelafs_stealth_node {
@ -496,7 +481,7 @@ function create_tahoelafs_client {
 }
 function get_tahoelafs_furl {
-    furl=$(cat /home/tahoelafs/storage/private/storage.furl)
+    furl=$(cat $TAHOE_DIR/storage/private/storage.furl)
    furl_1=$(echo "${furl}" | awk -F ' ' '{print $1}')
    furl_2=$(echo "${furl}" | awk -F ':' '{print $5}')
    echo "${furl_1}:${furl_2}"
@ -511,7 +496,7 @@ function get_tahoelafs_storage_hostname {
 }
 function get_tahoelafs_public_key {
-    echo "$(cat /home/tahoelafs/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
+    echo "$(cat $TAHOE_DIR/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
 }
 function add_tahoelafs_server {
@ -572,12 +557,12 @@ function create_tahoelafs_daemon {
    echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE
    echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE
    echo "Group=debian-tor" >> $TAHOELAFS_DAEMON_FILE
-    echo "WorkingDirectory=/home/tahoelafs/tahoelafs" >> $TAHOELAFS_DAEMON_FILE
+    echo "WorkingDirectory=${TAHOE_DIR}" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStart=/home/tahoelafs/tahoelafs/venv/bin/tahoe run /home/tahoelafs/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
+    echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStop=/home/tahoelafs/tahoelafs/venv/bin/tahoe stop /home/tahoelafs/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
+    echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
    echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE
    echo 'RestartSec=10' >> $TAHOELAFS_DAEMON_FILE
-    echo "Environment=\"USER=tahoelafs\" \"HOME=/home/tahoelafs\"" >> $TAHOELAFS_DAEMON_FILE
+    echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"" >> $TAHOELAFS_DAEMON_FILE
    echo '' >> $TAHOELAFS_DAEMON_FILE
    echo '[Install]' >> $TAHOELAFS_DAEMON_FILE
    echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE
@ -627,7 +612,7 @@ function create_tahoelafs_web {
    if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
        touch /etc/nginx/.htpasswd-tahoelafs
    fi
-    if grep "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
+    if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
        sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs
    fi
    echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME}
@ -643,30 +628,42 @@ function install_tahoelafs {
    fi
    apt-get -yq install build-essential python-pip python-dev libffi-dev libssl-dev
-    apt-get -yq install libcrypto++-dev python-pycryptopp python-cffi python-virtualenv
+    apt-get -yq install libcrypto++-dev python-pycryptopp python-cffi
    apt-get -yq install python-virtualenv apache2-utils
    if [ -d $TAHOE_DIR ]; then
        groupdel -f tahoelafs
        userdel -r tahoelafs
        rm -rf $TAHOE_DIR
    fi
    # create a user
-    if [ ! -d /home/tahoelafs ]; then
+    adduser --disabled-login --gecos 'tahoe-lafs' tahoelafs
-        # add a gogs user account
+
-        adduser --disabled-login --gecos 'tahoe-lafs' tahoelafs
+    if [ ! -d $TAHOE_DIR ]; then
-        adduser tahoelafs debian-tor
+        echo $"$TAHOE_DIR directory was not created"
        exit 879335
    fi
-    if [ -d /home/tahoelafs/Maildir ]; then
+    adduser tahoelafs debian-tor
-        rm -rf /home/tahoelafs/Maildir
+    groupadd tahoelafs
    fi
-    install_tahoelafs_to_directory /home/tahoelafs/tahoelafs
+    apt-get -yq install tahoe-lafs
    pip install tahoe-lafs[tor]
    if [ -d $TAHOE_DIR/Maildir ]; then
        rm -rf $TAHOE_DIR/Maildir
    fi
    # remove files we don't need
-    rm -rf /home/tahoelafs/.mutt
+    rm -rf $TAHOE_DIR/.mutt
-    rm /home/tahoelafs/.emacs-mutt
+    rm $TAHOE_DIR/.emacs-mutt
-    rm /home/tahoelafs/.muttrc
+    rm $TAHOE_DIR/.muttrc
-    rm /home/tahoelafs/.mutt-alias
+    rm $TAHOE_DIR/.mutt-alias
-    rm /home/tahoelafs/.procmailrc
+    rm $TAHOE_DIR/.procmailrc
    # set permissions
-    chown -R tahoelafs:debian-tor /home/tahoelafs
+    chown -R tahoelafs:debian-tor $TAHOE_DIR
    node_nick=$(get_tahoelafs_nick)
    client_nick=${MY_USERNAME}-client
@ -677,14 +674,14 @@ function install_tahoelafs {
    # create an onion address for client node
    TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})
-    create_tahoelafs_stealth_node /home/tahoelafs/storage /home/tahoelafs/client ${node_nick} ${client_nick}
+    create_tahoelafs_stealth_node $TAHOE_DIR/storage $TAHOE_DIR/client ${node_nick} ${client_nick}
    # start the storage node
-    su -c '/home/tahoelafs/tahoelafs/venv/bin/python2 /home/tahoelafs/tahoelafs/venv/bin/tahoe start /home/tahoelafs/storage' - tahoelafs
+    su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs
    create_tahoelafs_daemon "storage"
    # start the client
-    su -c '/home/tahoelafs/tahoelafs/venv/bin/python2 /home/tahoelafs/tahoelafs/venv/bin/tahoe start /home/tahoelafs/client' - tahoelafs
+    su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/client" - tahoelafs
    add_tahoelafs_server "$(get_tahoelafs_storage_hostname)" "$(get_tahoelafs_public_key)" "${node_nick}" "$(get_tahoelafs_furl)"
    if ! grep -q "HidServAuth $(get_tahoelafs_storage_hostname)" /etc/tor/torrc; then
        echo $'Unable to create tahoelafs server'
@ -696,11 +693,10 @@ function install_tahoelafs {
    fi
    create_tahoelafs_daemon "client"
    set_completion_param "tahoelafs commit" "$TAHOELAFS_COMMIT"
    set_completion_param "tahoelafs onion domain" "$TAHOELAFS_ONION_HOSTNAME"
    create_tahoelafs_web
-    systemctl restart tor
+    onion_update
    APP_INSTALLED=1
 }
--- a/src/freedombone-app-tox
+++ b/src/freedombone-app-tox
@ -35,7 +35,7 @@ SHOW_ON_ABOUT=1
 TOX_PORT=33445
 TOXCORE_REPO="https://github.com/bashrc/toxcore"
-TOXCORE_COMMIT='d3fa9f82bda3a8746917502c525237427ba17d45'
+TOXCORE_COMMIT='532629d486e3361c7d8d95b38293cc7d61dc4ee5'
 TOXID_REPO="https://github.com/bashrc/toxid"
 TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt
 # These are some default nodes, but you can replace them with trusted nodes
@ -60,6 +60,14 @@ tox_variables=(SYSTEM_TYPE
               TOX_PORT
               TOX_NODES)
 function logging_on_tox {
    echo -n ''
 }
 function logging_off_tox {
    echo -n ''
 }
 function remove_user_tox {
    remove_username="$1"
@ -122,12 +130,24 @@ function mesh_tox_qtox {
        mkdir -p ${rootdir}$INSTALL_DIR
    fi
-    chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu52 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng12-0 libqrencode3 libsm6 libsodium13 libsqlite3-0 libssl1.0.0 libstdc++6 libtiff5 libudev1 libvpx1 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp5 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
+    chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
-    chroot "${rootdir}" apt-get -yq install build-essential qt5-qmake qt5-default qttools5-dev-tools libqt5opengl5-dev libqt5svg5-dev libopenal-dev libxss-dev qrencode libqrencode-dev libglib2.0-dev libgdk-pixbuf2.0-dev libgtk2.0-dev libsqlcipher-dev libopus-dev libvpx-dev libavformat-dev libavdevice-dev libswscale-dev libavutil-dev libavcodec-dev libavcodec56 libavcodec57 libavfilter-dev libavfilter6
+    chroot "${rootdir}" apt-get -yq install build-essential qt5-qmake qt5-default qttools5-dev-tools libqt5opengl5-dev libqt5svg5-dev libopenal-dev libxss-dev qrencode libqrencode-dev libglib2.0-dev libgdk-pixbuf2.0-dev libgtk2.0-dev libsqlcipher-dev libopus-dev libvpx-dev libavformat-dev libavdevice-dev libswscale-dev libavutil-dev libavcodec-dev libavcodec57 libavfilter-dev libavfilter6
-    mesh_install_ffmpeg
+    # ffmpeg
    chroot "${rootdir}" apt-get -yq install build-essential
    chroot "${rootdir}" apt-get -yq install ffmpeg libmp3lame-dev libvorbis-dev libtheora-dev
    chroot "${rootdir}" apt-get -yq install libspeex-dev yasm pkg-config libopenjp2-7-dev
    chroot "${rootdir}" apt-get -yq install libx264-dev mjpegtools libmjpegtools-dev libav-tools
    if [ -d /repos/qtox ]; then
        mkdir ${rootdir}$INSTALL_DIR/qtox
        cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox
        cd ${rootdir}$INSTALL_DIR/qtox
        git pull
    else
        git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
    fi
    git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
    if [ ! -d ${rootdir}$INSTALL_DIR/qtox ]; then
        exit 72428
    fi
@ -323,8 +343,17 @@ function tox_avahi {
    # install a command to obtain the Tox ID
    cd $INSTALL_DIR
-    function_check git_clone
+
-    git_clone $TOXID_REPO $INSTALL_DIR/toxid
+    if [ -d /repos/toxid ]; then
        mkdir $INSTALL_DIR/toxid
        cp -r -p /repos/toxid/. $INSTALL_DIR/toxid
        cd $INSTALL_DIR/toxid
        git pull
    else
        function_check git_clone
        git_clone $TOXID_REPO $INSTALL_DIR/toxid
    fi
    if [ ! -d $INSTALL_DIR/toxid ]; then
        exit 63921
    fi
@ -442,13 +471,13 @@ function mesh_tox_node {
    if [ $rootdir ]; then
        chroot ${rootdir} apt-get -yq install build-essential libtool autotools-dev
        chroot ${rootdir} apt-get -yq install automake checkinstall check git yasm
-        chroot ${rootdir} apt-get -yq install libsodium13 libsodium-dev libcap2-bin
+        chroot ${rootdir} apt-get -yq install libsodium18 libsodium-dev libcap2-bin
        chroot ${rootdir} apt-get -yq install libconfig9 libconfig-dev autoconf
        chroot ${rootdir} apt-get -yq install libopus-dev libvpx-dev
    else
        apt-get -yq install build-essential libtool autotools-dev
        apt-get -yq install automake checkinstall check git yasm
-        apt-get -yq install libsodium13 libsodium-dev libcap2-bin
+        apt-get -yq install libsodium18 libsodium-dev libcap2-bin
        apt-get -yq install libconfig9 libconfig-dev autoconf
        apt-get -yq install libopus-dev libvpx-dev
    fi
@ -457,9 +486,16 @@ function mesh_tox_node {
        mkdir -p ${rootdir}${INSTALL_DIR}
    fi
    if [ ! -d ${rootdir}${INSTALL_DIR}/toxcore ]; then
-        git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
+        if [ -d /repos/toxcore ]; then
-        if [ ! "$?" = "0" ]; then
+            mkdir ${rootdir}${INSTALL_DIR}/toxcore
-            exit 429252
+            cp -r -p /repos/toxcore/. ${rootdir}${INSTALL_DIR}/toxcore
            cd ${rootdir}${INSTALL_DIR}/toxcore
            git pull
        else
            git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
            if [ ! "$?" = "0" ]; then
                exit 429252
            fi
        fi
    fi
    cd ${rootdir}$INSTALL_DIR/toxcore
@ -580,7 +616,15 @@ function mesh_tox_avahi {
        mkdir -p ${rootdir}${INSTALL_DIR}
    fi
-    git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
+    if [ -d /repos/toxid ]; then
        mkdir ${rootdir}${INSTALL_DIR}/toxid
        cp -r -p /repos/toxid/. ${rootdir}${INSTALL_DIR}/toxid
        cd ${rootdir}${INSTALL_DIR}/toxid
        git pull
    else
        git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
    fi
    if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then
        echo $'Unable to clone toxid repo'
        exit 768352
@ -647,7 +691,14 @@ function mesh_tox_client {
    TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
    echo '#!/bin/bash' > $TEMP_SCRIPT
    echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
-    echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
+    echo 'if [ -d /repos/toxic ]; then' >> $TEMP_SCRIPT
    echo "    mkdir $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
    echo "    cp -r -p /repos/toxic/. $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
    echo "    cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
    echo '    git pull' >> $TEMP_SCRIPT
    echo 'else' >> $TEMP_SCRIPT
    echo "    git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
    echo 'fi' >> $TEMP_SCRIPT
    echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
    echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
    echo 'make' >> $TEMP_SCRIPT
@ -668,6 +719,7 @@ function mesh_tox_client {
        /root/$TEMP_SCRIPT_NAME
    fi
    if [ ! "$?" = "0" ]; then
        cat -n /root/fbtmp728353.sh
        duration=$SECONDS
        echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
        echo $'Unable to make tox client'
@ -684,12 +736,12 @@ function mesh_tox_client {
 }
 function enable_tox_repo {
-    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
+    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
    cat >> $rootdir/root/gettoxkey.sh <<EOF
 #!/bin/bash
-wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- > /root/tox.key
+wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key
 apt-key add /root/tox.key
 rm /root/tox.key
 EOF
--- a/src/freedombone-app-turtl
+++ b/src/freedombone-app-turtl
@ -59,6 +59,14 @@ turtl_variables=(ONION_ONLY
                 MY_EMAIL_ADDRESS
                 MY_USERNAME)
 function logging_on_turtl {
    echo -n ''
 }
 function logging_off_turtl {
    echo -n ''
 }
 function change_password_turtl {
    change_username="$1"
    new_user_password="$2"
@ -90,7 +98,7 @@ function install_interactive_turtl {
 }
 function turtl_disable_registrations {
-    if grep "$TURTL_SIGNUP_STRING" $turtl_users_file; then
+    if grep -q "$TURTL_SIGNUP_STRING" $turtl_users_file; then
        if [ -f $turtl_users_file ]; then
            cp $turtl_users_file $TURTL_BASE_DIR/.users.lisp
            sed -i '/(route (:post "\/users") (req res)/,/(send-json res user))))/{//!d}' $turtl_users_file
@ -102,7 +110,7 @@ function turtl_disable_registrations {
 }
 function turtl_enable_registrations {
-    if ! grep "$TURTL_SIGNUP_STRING" $turtl_users_file; then
+    if ! grep -q "$TURTL_SIGNUP_STRING" $turtl_users_file; then
        if [ -f $TURTL_BASE_DIR/.users.lisp ]; then
            cp $TURTL_BASE_DIR/.users.lisp $turtl_users_file
            rm $TURTL_BASE_DIR/.users.lisp
@ -186,6 +194,11 @@ function reconfigure_turtl {
 }
 function upgrade_turtl {
    CURR_TURTL_COMMIT=$(get_completion_param "turtl commit")
    if [[ "$CURR_TURTL_COMMIT" == "$TURTL_COMMIT" ]]; then
        return
    fi
    read_config_param "TURTL_DOMAIN_NAME"
    function_check set_repo_commit
@ -351,11 +364,12 @@ function remove_turtl {
    systemctl stop turtl
    systemctl disable turtl
    rm /etc/systemd/system/turtl.service
    systemctl daemon-reload
    remove_rethinkdb
    remove_app turtl
    remove_completion_param install_turtl
    sed -i '/turtl/d' $COMPLETION_FILE
    deluser turtl
    nginx_dissite $TURTL_DOMAIN_NAME
    if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
        rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
@ -368,6 +382,9 @@ function remove_turtl {
    rm -rf /etc/rethinkdb
    rm -rf /var/lib/rethinkdb
    rm -rf $TURTL_BASE_DIR
    groupdel -f turtl
    userdel -r turtl
 }
@ -433,6 +450,11 @@ __ENDCONFIG__
    # start the turtl server
    systemctl restart rethinkdb
    if [ ! -f $TURTL_BASE_DIR/quicklisp/setup.lisp ]; then
        echo $"$TURTL_BASE_DIR/quicklisp/setup.lisp was not found"
        exit 6238234
    fi
    echo '[Unit]' > /etc/systemd/system/turtl.service
    echo 'Description=Note taking service' >> /etc/systemd/system/turtl.service
    echo 'Documentation=http://turtl.it' >> /etc/systemd/system/turtl.service
@ -452,7 +474,7 @@ __ENDCONFIG__
        if [[ "$check_architecture" != *"arm"* ]]; then
            echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
        else
-            echo "ExecStart=$TURTL_BASE_DIR/ccl/larmcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
+            echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
        fi
    fi
    echo '' >> /etc/systemd/system/turtl.service
@ -561,7 +583,16 @@ __ENDCONFIG__
        wget https://beta.quicklisp.org/quicklisp.lisp
    fi
    if [ -d $TURTL_BASE_DIR ]; then
        chown -R turtl:turtl $TURTL_BASE_DIR
    fi
    adduser --disabled-login --home=$TURTL_BASE_DIR --gecos 'turtl' turtl
    if [ ! -d $TURTL_BASE_DIR ]; then
        echo $"$TURTL_BASE_DIR directory not created"
        exit 263493
    fi
    groupadd turtl
    chown -R turtl:turtl $TURTL_BASE_DIR
    if [[ "$check_architecture" != *"arm"* ]]; then
@ -581,7 +612,16 @@ __ENDCONFIG__
    # install turtl API
    cd $TURTL_BASE_DIR/
-    git clone $TURTL_REPO $TURTL_BASE_DIR/api
+
    if [ -d /repos/turtl ]; then
        mkdir $TURTL_BASE_DIR/api
        cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
        cd $TURTL_BASE_DIR/api
        git pull
    else
        git clone $TURTL_REPO $TURTL_BASE_DIR/api
    fi
    cd $TURTL_BASE_DIR/api
    git checkout $TURTL_COMMIT -b $TURTL_COMMIT
    set_completion_param "turtl commit" "$TURTL_COMMIT"
--- a/src/freedombone-app-vim
+++ b/src/freedombone-app-vim
@ -39,6 +39,14 @@ VIM_MUTT_EDITOR='vim \"+set nonumber\" \"+set insertmode\" \"+set spell\" +/^$/
 vim_variables=(MY_USERNAME
               VIM_MUTT_EDITOR)
 function logging_on_vim {
    echo -n ''
 }
 function logging_off_vim {
    echo -n ''
 }
 function reconfigure_vim {
    echo -n ''
 }
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@ -35,6 +35,14 @@ SHOW_ON_ABOUT=0
 vpn_variables=()
 function logging_on_vpn {
    echo -n ''
 }
 function logging_off_vpn {
    echo -n ''
 }
 function install_interactive_vpn {
    echo -n ''
    APP_INSTALLED=1
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@ -50,15 +50,6 @@ prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest
 prosody_modules_filename='prosody-modules-20170514.tar.gz'
 prosody_modules_hash='ef404c203317cc0de6da7aaec4f21765a57f630adfbf082cf2dd92b881c15f86'
 LIBMESODE_REPO="https://github.com/boothj5/libmesode"
 LIBMESODE_COMMIT='e3db0e9bfba61b2d82193874343a94a88f910800'
 PROFANITY_REPO="https://github.com/boothj5/profanity"
 PROFANITY_COMMIT='2fafaec8a7dc9bc01ee894d83214590598b32914'
 PROFANITY_OMEMO_PLUGIN_REPO="https://github.com/ReneVolution/profanity-omemo-plugin"
 PROFANITY_OMEMO_PLUGIN_COMMIT='3ec8ec173656bed9761b740b086123e07c749548'
 xmpp_variables=(ONION_ONLY
                INSTALLED_WITHIN_DOCKER
                XMPP_CIPHERS
@ -68,6 +59,28 @@ xmpp_variables=(ONION_ONLY
                DEFAULT_DOMAIN_NAME
                XMPP_DOMAIN_CODE)
 function logging_on_xmpp {
    if [ -d /etc/prosody ]; then
        if [ ! -d /var/log/prosody ]; then
            mkdir /var/log/prosody
            chown root:adm /var/log/prosody
        fi
        sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
        sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
        sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
    fi
 }
 function logging_off_xmpp {
    if [ -d /etc/prosody ]; then
        sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
        sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
        sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
        $REMOVE_FILES_COMMAND /var/log/prosody/*
        rm -rf /var/log/prosody
    fi
 }
 function xmpp_add_onion_address {
    domain_name="$1"
    onion_address="$2"
@ -343,7 +356,7 @@ function update_prosody_modules {
    fi
    # change to using pep rather than profile modules
-    if grep '"pep"' /etc/prosody/prosody.cfg.lua; then
+    if grep -q '"pep"' /etc/prosody/prosody.cfg.lua; then
        # This strange dance seems to fix occasional breakage of PEP
        # Is there a better solution?
        sed -i 's|"pep"|"profile"|g' /etc/prosody/prosody.cfg.lua
@ -352,7 +365,7 @@ function update_prosody_modules {
        sed -i 's|"profile"|"pep"|g' /etc/prosody/prosody.cfg.lua
        systemctl restart prosody
    fi
-    if ! grep '"vcard"' /etc/prosody/prosody.cfg.lua; then
+    if ! grep -q '"vcard"' /etc/prosody/prosody.cfg.lua; then
        systemctl stop prosody
        sed -i '/"pep"/a "vcard";' /etc/prosody/prosody.cfg.lua
        systemctl start prosody
@ -420,6 +433,9 @@ function upgrade_xmpp {
        set_completion_param "prosody_filename" "${prosody_filename}"
    fi
    cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
    chown -R prosody:prosody /var/lib/prosody/prosody-modules
    systemctl restart prosody
 }
@ -447,7 +463,7 @@ function restore_local_xmpp {
            exit 725
        fi
        rm -rf $temp_restore_dir
-        service prosody restart
+        systemctl restart prosody
        chown -R prosody:prosody /var/lib/prosody/*
        echo $"Restore of xmpp settings complete"
    fi
@ -472,7 +488,7 @@ function restore_remote_xmpp {
            exit 725
        fi
        rm -rf $temp_restore_dir
-        service prosody restart
+        systemctl restart prosody
        chown -R prosody:prosody /var/lib/prosody/*
        echo $"Restore of xmpp settings complete"
    fi
--- a/src/freedombone-app-zeronet
+++ b/src/freedombone-app-zeronet
@ -59,6 +59,14 @@ zeronet_variables=(TRACKER_PORT
                   ZERONET_DEFAULT_FORUM_TAGLINE
                   ZERONET_DEFAULT_MAIL_TAGLINE)
 function logging_on_zeronet {
    echo -n ''
 }
 function logging_off_zeronet {
    echo -n ''
 }
 function install_interactive_zeronet {
    echo -n ''
    APP_INSTALLED=1
@ -432,7 +440,16 @@ function mesh_zeronet {
    chroot "$rootdir" pip install msgpack-python --upgrade
    chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
-    git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
+
    if [ -d /repos/zeronet ]; then
        mkdir $rootdir$MESH_INSTALL_DIR/zeronet
        cp -r -p /repos/zeronet/. $rootdir$MESH_INSTALL_DIR/zeronet
        cd $rootdir$MESH_INSTALL_DIR/zeronet
        git pull
    else
        git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
    fi
    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
        echo 'WARNING: Unable to clone zeronet'
        return
--- a/src/freedombone-backup-local
+++ b/src/freedombone-backup-local
@ -42,6 +42,22 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
    PROJECT_INSTALL_DIR=/usr/bin
 fi
 function please_wait {
        local str width height length
        width=$(tput cols)
        height=$(tput lines)
        str="Standby to backup to USB"
        length=${#str}
        clear
        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
        echo "$str"
        tput cup $((height * 3 / 5)) $(((width / 2)))
        echo -n ''
 }
 please_wait
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 # include utils which allow function_check and drive mount
@ -51,6 +67,8 @@ do
  source $f
 done
 clear
 USB_DRIVE=/dev/sdb1
 USB_MOUNT=/mnt/usb
@ -241,6 +259,22 @@ function prepare_directories {
    fi
 }
 function backup_blocklist {
    if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
        return
    fi
    echo $"Backing up ${PROJECT_NAME} blocklist"
    temp_backup_dir=/root/tempbackupblocklist
    if [ ! -d $temp_backup_dir ]; then
        mkdir -p $temp_backup_dir
    fi
    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
        cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
    fi
    backup_directory_to_usb $temp_backup_dir blocklist
    rm -rf $temp_backup_dir
 }
 function backup_configfiles {
    echo $"Backing up ${PROJECT_NAME} configuration files"
    temp_backup_dir=/root/tempbackupconfig
@ -267,6 +301,7 @@ function backup_configfiles {
        cp -f /etc/nginx/.htpasswd $temp_backup_dir/htpasswd
    fi
    backup_directory_to_usb $temp_backup_dir configfiles
    rm -rf $temp_backup_dir
 }
 function backup_admin_readme {
@ -287,6 +322,7 @@ function backup_mariadb {
        if [ ! -d $temp_backup_dir ]; then
            mkdir $temp_backup_dir
        fi
        keep_database_running
        mysqldump --lock-tables --password="$DATABASE_PASSWORD" mysql user > $temp_backup_dir/mysql.sql
        if [ ! -s $temp_backup_dir/mysql.sql ]; then
            echo $"Unable to backup mysql settings"
@ -316,6 +352,7 @@ prepare_directories
 backup_directories
 backup_apps local
 backup_configfiles
 backup_blocklist
 backup_admin_readme
 backup_mariadb
 backup_extra_directories local
--- a/src/freedombone-backup-remote
+++ b/src/freedombone-backup-remote
@ -92,7 +92,7 @@ function suspend_site {
    fi
    SUSPENDED_SITE="$1"
    nginx_dissite $SUSPENDED_SITE
-    service nginx reload
+    systemctl reload nginx
 }
 function restart_site {
@ -101,10 +101,26 @@ function restart_site {
        return
    fi
    nginx_ensite $SUSPENDED_SITE
-    service nginx reload
+    systemctl reload nginx
    SUSPENDED_SITE=
 }
 function backup_blocklist {
    if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
        return
    fi
    echo $"Backing up ${PROJECT_NAME} blocklist"
    temp_backup_dir=/root/tempbackupblocklist
    if [ ! -d $temp_backup_dir ]; then
        mkdir -p $temp_backup_dir
    fi
    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
        cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
    fi
    backup_directory_to_friend $temp_backup_dir blocklist
    rm -rf $temp_backup_dir
 }
 function backup_configfiles {
    echo $"Backing up ${PROJECT_NAME} configuration files"
    temp_backup_dir=/root/tempbackupconfig
@ -305,6 +321,7 @@ function backup_mariadb {
        if [ ! -d $temp_backup_dir ]; then
            mkdir $temp_backup_dir
        fi
        keep_database_running
        mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql
        if [ ! -s $temp_backup_dir/mysql.sql ]; then
            echo $"Unable to backup MariaDB settings"
@ -385,6 +402,7 @@ fi
 backup_configfiles
 if [[ $TEST_MODE == "no" ]]; then
    backup_blocklist
    backup_users
    backup_letsencrypt
    backup_passwordstore
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -48,9 +48,6 @@ GPG_KEYSERVER="hkp://keys.gnupg.net"
 # whether to encrypt all incoming email with your public key
 GPG_ENCRYPT_STORED_EMAIL="yes"
 # gets set to yes if gpg keys are imported from usb
 GPG_KEYS_IMPORTED="no"
 # optionally you can provide your exported GPG key pair here
 # Note that the private key file will be deleted after use
 # If these are unspecified then a new GPG key will be created
@ -157,10 +154,12 @@ function configure_email_onion {
        return
    fi
-    echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/' >> /etc/tor/torrc
+    if ! grep -q "hidden_service_email" /etc/tor/torrc; then
-    echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
+        echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/' >> /etc/tor/torrc
-    echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
+        echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
-    echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
+        echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
        echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
    fi
    function_check onion_update
    onion_update
@ -168,8 +167,9 @@ function configure_email_onion {
    function_check wait_for_onion_service
    wait_for_onion_service email
-    if [[ $(onion_service_exists email) == "0" ]]; then
+    if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then
        echo $"email onion site hostname not found"
        systemctl restart tor
        exit 782352
    fi
@ -303,15 +303,15 @@ function encrypt_outgoing_email {
    if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
        echo '' >> /home/$MY_USERNAME/.muttrc
        echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
-        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
    else
-        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
    fi
    if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
-        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
    else
-        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to 0x$MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
    fi
    mark_completed $FUNCNAME
@ -365,7 +365,7 @@ function email_client {
    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
        return
    fi
-    apt-get -yq install mutt-patched lynx abook urlview
+    apt-get -yq install lynx abook urlview mutt
    if [ ! -f /etc/Muttrc ]; then
        echo $"ERROR: Mutt does not appear to have installed. $CHECK_MESSAGE"
@ -403,8 +403,6 @@ function email_client {
    echo '# set up the sidebar' >> /etc/Muttrc
    echo 'set sidebar_width=22' >> /etc/Muttrc
    echo 'set sidebar_visible=yes' >> /etc/Muttrc
    echo "set sidebar_delim='|'" >> /etc/Muttrc
    echo 'set sidebar_sort=yes' >> /etc/Muttrc
    echo '' >> /etc/Muttrc
    echo 'set rfc2047_parameters' >> /etc/Muttrc
    echo '' >> /etc/Muttrc
@ -652,8 +650,6 @@ function create_private_mailing_list {
    if [ ! -d /etc/exim4 ]; then
        return
    fi
    # This installation doesn't work, results in ruby errors
    # There is currently no schleuder package for Debian jessie
    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
        return
    fi
@ -715,6 +711,14 @@ function create_private_mailing_list {
 function split_gpg_key_into_fragments {
    # split the gpg key into fragments if social key management is enabled
    if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
        if [ $IMAGE_PASSWORD_FILE ]; then
            if [ -f $IMAGE_PASSWORD_FILE ]; then
                ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" --passwordfile $IMAGE_PASSWORD_FILE
                return
            fi
        fi
        echo 'Splitting GPG key. You may need to enter your passphrase.'
        ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
        if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
@ -1155,7 +1159,7 @@ function spam_filtering {
    echo '#!/bin/bash' > /usr/bin/filterspam
    echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
    echo '    USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
-    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterspam
+    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterspam
    echo '        MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
    echo '        if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
    echo '           exit' >> /usr/bin/filterspam
@ -1177,7 +1181,7 @@ function spam_filtering {
    echo '#!/bin/bash' > /usr/bin/filterham
    echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
    echo '    USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
-    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterham
+    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterham
    echo '        MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
    echo '        if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
    echo '            exit' >> /usr/bin/filterham
@ -1271,8 +1275,6 @@ function configure_imap {
        return
    fi
    dpkg -P dovecot-imapd
    dpkg -P dovecot-core
    apt-get -yq install dovecot-imapd
    if [ ! -d /etc/dovecot ]; then
@ -1280,19 +1282,9 @@ function configure_imap {
        exit 48
    fi
-    if [[ $ONION_ONLY == 'no' ]]; then
+    if [[ "$(cert_exists dovecot)" == "0" ]]; then
-        # obtain a cert for the default domain
+        ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+        check_certificates dovecot
            echo $'Obtaining certificate for the main domain'
            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
        fi
    fi
    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
        if [[ "$(cert_exists dovecot)" == "0" ]]; then
            ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
            check_certificates dovecot
        fi
    fi
    chmod 600 /etc/shadow
@ -1313,18 +1305,11 @@ function configure_imap {
    fi
    sed -i 's|#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
    sed -i 's|ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
+    sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g" /etc/dovecot/conf.d/10-ssl.conf
-        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/dovecot.crt|g" /etc/dovecot/conf.d/10-ssl.conf
-        sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g" /etc/dovecot/conf.d/10-ssl.conf
-    else
+    sed -i "s|ssl_key =.*|ssl_key = </etc/ssl/private/dovecot.key|g" /etc/dovecot/conf.d/10-ssl.conf
-        sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i "s|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = ${DH_KEYLENGTH}|g" /etc/dovecot/conf.d/10-ssl.conf
        sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
    fi
    sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
    sed -i "s|ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then
        sed -i "s|#ssl_dh_parameters_length.*|ssl_dh_parameters_length = ${DH_KEYLENGTH}|g" /etc/dovecot/conf.d/10-ssl.conf
    fi
    sed -i 's/#ssl_prefer_server_ciphers.*/ssl_prefer_server_ciphers = yes/g' /etc/dovecot/conf.d/10-ssl.conf
    sed -i "s|#ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
    sed -i "s|ssl_protocols =.*|ssl_protocols = '$SSL_PROTOCOLS'|g" /etc/dovecot/conf.d/10-ssl.conf
@ -1374,7 +1359,7 @@ function configure_imap {
    fi
    # Separate logging, otherwise syslog is used
-    if ! grep "# logging" /etc/dovecot/dovecot.conf; then
+    if ! grep -q "# logging" /etc/dovecot/dovecot.conf; then
        echo '' >> /etc/dovecot/dovecot.conf
        echo '# logging' >> /etc/dovecot/dovecot.conf
        echo 'log_path = /var/log/dovecot.log' >> /etc/dovecot/dovecot.conf
@ -1437,7 +1422,7 @@ function configure_imap_client_certs {
    echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
    echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
    echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
-    echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
+    echo 'default_bits = 2048' >> /etc/ssl/dovecot-ca.cnf
    echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
    echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
    echo '' >> /etc/ssl/dovecot-ca.cnf
@ -1469,6 +1454,7 @@ function configure_imap_client_certs {
 }
 function create_gpg_subkey {
    # Note: currently not used
    if [ ! -d /etc/exim4 ]; then
        return
    fi
@ -1487,20 +1473,23 @@ function create_gpg_subkey {
    KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g')
    # Generate a GPG subkey
-    # Here a 2048bit length is used to be compatible with yubikey
+    echo 'Key-Type: eddsa' > /home/$MY_USERNAME/gpg-genkey.conf
-    echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
+    echo 'Key-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo "Key-Grip: $KEYGRIP" > /home/$MY_USERNAME/gpg-genkey.conf
+    echo "Key-Grip: $KEYGRIP" >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
+    echo 'Subkey-Type: eddsa' >> /home/$MY_USERNAME/gpg-genkey.conf
    echo 'Subkey-Length: 2048' >> /home/$MY_USERNAME/gpg-genkey.conf
    echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf
    echo "Name-Real:  $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
    echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
    echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf
    echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
    echo "Passphrase: $PROJECT_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
-    su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
+    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
    shred -zu /home/$MY_USERNAME/gpg-genkey.conf
-    MY_GPG_SUBKEY_ID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+
    MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
    mark_completed $FUNCNAME
 }
@ -1538,7 +1527,12 @@ function configure_gpg {
    gpg_dir=/home/$MY_USERNAME/.gnupg
    # if gpg keys directory was previously imported from usb
-    if [[ $GPG_KEYS_IMPORTED == "yes" && -d $gpg_dir ]]; then
+    if [ -d $gpg_dir ]; then
        echo $'GPG directory exists'
    else
        echo $"GPG directory $gpg_dir was not found"
    fi
    if [ -d $gpg_dir ]; then
        echo $'GPG keys were imported'
        sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
        MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
@ -1582,12 +1576,15 @@ function configure_gpg {
            echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
            exit 2483
        fi
        if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
            echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
            exit 5383
        fi
-        su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
+
-        su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
+        gpg_import_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY
        gpg_import_private_key $MY_USERNAME $MY_GPG_PRIVATE_KEY
        KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
        if [[ $KEY_EXISTS == "no" ]]; then
            echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
@ -1602,58 +1599,24 @@ function configure_gpg {
        fi
    else
        # Generate a GPG key
-        echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
+        if [ -f $IMAGE_PASSWORD_FILE ]; then
-        echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+            gpg_create_key $MY_USERNAME $(printf `cat $IMAGE_PASSWORD_FILE`)
-        echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
+        else
-        echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
+            gpg_create_key $MY_USERNAME $PROJECT_NAME
        echo "Name-Real:  $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
        echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
        echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
        echo $'Generating a new GPG key'
        su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
        KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
        if [[ $KEY_EXISTS == "no" ]]; then
            echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
            exit 6362
        fi
        shred -zu /home/$MY_USERNAME/gpg-genkey.conf
        MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
        if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
            echo $'GPG public key ID could not be obtained'
        fi
        MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
-        su -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+        gpg_export_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY_ID $MY_GPG_PUBLIC_KEY
        if grep -q "install_email" $COMPLETION_FILE; then
            if ! grep -q $"Change your GPG password" /home/$MY_USERNAME/README; then
                echo '' >> /home/$MY_USERNAME/README
                echo '' >> /home/$MY_USERNAME/README
                echo $'# Change your GPG password' >> /home/$MY_USERNAME/README
                echo $"It's very important to add a password to your GPG key so that" >> /home/$MY_USERNAME/README
                echo $"if anyone does get access to your email they still won't be able" >> /home/$MY_USERNAME/README
                echo $'to read them without knowning the GPG password.' >> /home/$MY_USERNAME/README
                echo $'You can change the it with:' >> /home/$MY_USERNAME/README
                echo '' >> /home/$MY_USERNAME/README
                echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
                echo '  passwd' >> /home/$MY_USERNAME/README
                echo '  save' >> /home/$MY_USERNAME/README
                echo '  quit' >> /home/$MY_USERNAME/README
            fi
            if ! grep -q $"Publish your GPG public key" /home/$MY_USERNAME/README; then
                echo '' >> /home/$MY_USERNAME/README
                echo '' >> /home/$MY_USERNAME/README
                echo $'# Publish your GPG public key' >> /home/$MY_USERNAME/README
                echo $'So that others can send emails to you securely you should' >> /home/$MY_USERNAME/README
                echo $'publish your GPG public key with the command:' >> /home/$MY_USERNAME/README
                echo '' >> /home/$MY_USERNAME/README
                echo "  gpg --send-keys $MY_GPG_PUBLIC_KEY_ID" >> /home/$MY_USERNAME/README
            fi
            chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
            chmod 600 /home/$MY_USERNAME/README
        fi
    fi
    if [ ! -d /root/.gnupg ]; then
        cp -r /home/$MY_USERNAME/.gnupg /root/
        chmod 700 /root/.gnupg
        chmod 600 /root/.gnupg/*
    fi
    gpg_agent_setup root
    gpg_agent_setup $MY_USERNAME
    mark_completed $FUNCNAME
 }
--- a/src/freedombone-client
+++ b/src/freedombone-client
@ -154,7 +154,7 @@ function configure_ssh_client {
        ssh-keygen -t ed25519 -o -a 100
    fi
    if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
-        ssh-keygen -t rsa -b 4096 -o -a 100
+        ssh-keygen -t rsa -b 2048 -o -a 100
    fi
    ssh_remove_small_moduli
--- a/src/freedombone-config
+++ b/src/freedombone-config
@ -14,7 +14,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -95,12 +95,7 @@ MINIMAL_INSTALL="yes"
 DEFAULT_LANGUAGE='en_GB.UTF-8'
 ONION_ONLY="no"
 SELECTED_USERNAME=
-
+SOCIALINSTANCE=
 # Mirrors settings
 FRIENDS_MIRRORS_SERVER=
 FRIENDS_MIRRORS_SSH_PORT=2222
 FRIENDS_MIRRORS_PASSWORD=
 MY_MIRRORS_PASSWORD=
 VALID_CODE=
@ -109,6 +104,20 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
    PROJECT_INSTALL_DIR=/usr/bin
 fi
 function please_wait {
        local str width height length
        width=$(tput cols)
        height=$(tput lines)
        str=$"Please wait"
        length=${#str}
        clear
        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
        echo "$str"
        tput cup $((height * 3 / 5)) $(((width / 2)))
        echo -n ''
 }
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
@ -130,13 +139,14 @@ function show_help {
    echo $'Creates an inventory of remote backup locations'
    echo ''
    echo ''
-    echo $'  -h --help             Show help'
+    echo $'  -h --help                         Show help'
-    echo $'  -f --filename         Configuration file (usually freedombone.cfg)'
+    echo $'  -f --filename                     Configuration file (usually freedombone.cfg)'
-    echo $'  -m --min              Minimum password length (characters)'
+    echo $'  -m --min                          Minimum password length (characters)'
-    echo $'  -w --www              Freedombone web site'
+    echo $'  -w --www                          Freedombone web site'
-    echo $'  -b --bm               Freedombone support Bitmessage address'
+    echo $'  -b --bm                           Freedombone support Bitmessage address'
-    echo $'  -o --onion [yes|no]   Whether to only create .onion sites'
+    echo $'  -o --onion [yes|no]               Whether to only create .onion sites'
-    echo $'     --minimal [yes|no] For minimalistic "consumer grade" installs'
+    echo $'     --minimal [yes|no]             For minimalistic "consumer grade" installs'
    echo $'     --social [gnusocial|postactiv] Create gnusocial/postactiv instance'
    echo ''
    exit 0
 }
@ -170,9 +180,65 @@ function choose_email_address {
    save_configuration_values
 }
 function choose_social_instance_domain_name {
    DEFAULT_DOMAIN_DETAILS_COMPLETE=
    while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
    do
        data=$(tempfile 2>/dev/null)
        trap "rm -f $data" 0 1 2 5 15
        if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
            dialog --backtitle $"Freedombone Configuration" \
                   --title $"Instance domain" \
                   --form $"\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
                   $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
                   $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
                   2> $data
            sel=$?
            case $sel in
                1) exit 1;;
                255) exit 1;;
            esac
            DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
            DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
            if [ $DEFAULT_DOMAIN_NAME ]; then
                validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                if [ ! $VALID_CODE ]; then
                    DEFAULT_DOMAIN_NAME=
                fi
            fi
        else
            dialog --backtitle $"Freedombone Configuration" \
                   --inputbox $"Enter your instance domain name:" 10 45 \
                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
            sel=$?
            case $sel in
                0) DEFAULT_DOMAIN_NAME=$(cat $data);;
                1) exit 1;;
                255) exit 1;;
            esac
        fi
        if [ $DEFAULT_DOMAIN_NAME ]; then
            TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
            validate_domain_name
            if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
                DEFAULT_DOMAIN_NAME=
                dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
            else
                DEFAULT_DOMAIN_DETAILS_COMPLETE="yes"
            fi
        fi
    done
    save_configuration_values
 }
 function choose_default_domain_name {
    if [ $SOCIALINSTANCE ]; then
        choose_social_instance_domain_name
        return
    fi
    if [[ $ONION_ONLY != "no" ]]; then
-        DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
+        DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
    else
        DEFAULT_DOMAIN_DETAILS_COMPLETE=
        while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
@ -608,6 +674,9 @@ function choose_username {
                           if [ ${#possible_username} -gt 1 ]; then
                               if [[ $possible_username != $GENERIC_IMAGE_USERNAME ]]; then
                                   MY_USERNAME=$(cat $data)
                                   please_wait
                                   echo ''
                                   echo $'Creating user account'
                                   chmod 600 /etc/shadow
                                   chmod 600 /etc/gshadow
                                   useradd -m -s /bin/bash $MY_USERNAME
@ -665,6 +734,8 @@ function choose_username {
        exit 6437
    fi
    save_configuration_values
    please_wait
    echo ''
 }
 function choose_full_name {
@ -691,6 +762,8 @@ function choose_full_name {
        esac
    done
    save_configuration_values
    please_wait
    echo ''
 }
 function choose_system_variant {
@ -761,6 +834,12 @@ do
            shift
            FREEDOMBONE_WEBSITE="$1"
            ;;
        --social)
            shift
            if [[ "$1" == 'gnusocial' || "$1" == 'postactiv' ]]; then
                SOCIALINSTANCE="$1"
            fi
            ;;
        --minimal)
            shift
            MINIMAL_INSTALL="$1"
@ -776,48 +855,6 @@ do
    shift
 done
 function set_main_repo {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
    dialog --backtitle $"Freedombone Control Panel" \
           --title $"Main Repository (Mirrors)" \
           --form $"If you don't know what this means then just select Ok.\n\nIf you don't wish to use the default repositories they can be obtained from mirrored repos on another ${PROJECT_NAME} system.\n\nThe repositories are for applications which are not yet packaged for Debian." 18 65 4 \
           $"URL:" 1 1 "$FRIENDS_MIRRORS_SERVER" 1 18 40 18 \
           $"SSH Port:" 2 1 "$FRIENDS_MIRRORS_SSH_PORT" 2 18 10 10000 \
           $"Password:" 3 1 "$FRIENDS_MIRRORS_PASSWORD" 3 18 40 10000 \
           2> $data
    sel=$?
    case $sel in
        1) return;;
        255) return;;
    esac
    new_mirrors_url=$(cat $data | sed -n 1p)
    new_mirrors_ssh_port=$(cat $data | sed -n 2p)
    new_mirrors_password=$(cat $data | sed -n 3p)
    if [ ${#new_mirrors_url} -lt 2 ]; then
        return
    fi
    if [ ${#new_mirrors_ssh_port} -lt 1 ]; then
        return
    fi
    if [ ${#new_mirrors_password} -lt 10 ]; then
        dialog --title $"Main Repository" \
               --msgbox $'Mirrors password was too short. Should be at least 10 characters.' 6 40
        return
    fi
    if [[ $new_mirrors_url == *"."* ]]; then
        FRIENDS_MIRRORS_SERVER=$new_mirrors_url
        FRIENDS_MIRRORS_SSH_PORT=$new_mirrors_ssh_port
        FRIENDS_MIRRORS_PASSWORD=$new_mirrors_password
        dialog --title $"Main Repository" \
               --msgbox $"Main repository set to $FRIENDS_MIRRORS_SERVER" 6 60
    fi
    save_configuration_values
 }
 function interactive_select_language {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
@ -968,12 +1005,18 @@ function interactive_select_language {
    esac
    save_configuration_values
    please_wait
    echo ''
    echo 'Setting locale'
    locale-gen "${DEFAULT_LANGUAGE}"
    update-locale LANG=${DEFAULT_LANGUAGE}
    update-locale LANGUAGE=${DEFAULT_LANGUAGE}
    update-locale LC_MESSAGES=${DEFAULT_LANGUAGE}
    update-locale LC_ALL=${DEFAULT_LANGUAGE}
    update-locale LC_CTYPE=${DEFAULT_LANGUAGE}
    please_wait
    echo ''
 }
 function select_user {
@ -981,7 +1024,7 @@ function select_user {
    users_array=($(ls /home))
-    delete=(mirrors git)
+    delete=(git)
    for del in ${delete[@]}
    do
        users_array=(${users_array[@]/$del})
@ -1019,16 +1062,19 @@ function interactive_config {
    interactive_select_language
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [ $SOCIALINSTANCE ]; then
-        INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
    else
-        INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+        if [[ $ONION_ONLY == "no" ]]; then
            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
        else
            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
        fi
    fi
    dialog --title $"Freedombone" --msgbox "$INITIAL_MESSAGE" 15 50
    #choose_system_variant
    set_main_repo
    choose_username
    choose_full_name
    choose_social_key_management
@ -1040,6 +1086,24 @@ function interactive_config {
    choose_email_address
    interactive_key_recovery
    if [[ "$SOCIALINSTANCE" == 'gnusocial' ]]; then
        GNUSOCIAL_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
        GNUSOCIAL_CODE=$DEFAULT_DOMAIN_CODE
        write_config_param "GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_DOMAIN_NAME"
        write_config_param "GNUSOCIAL_CODE" "$GNUSOCIAL_CODE"
        write_config_param "SOCIALINSTANCE" "$SOCIALINSTANCE"
        install_gnusocial
    fi
    if [[ "$SOCIALINSTANCE" == 'postactiv' ]]; then
        POSTACTIV_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
        POSTACTIV_CODE=$DEFAULT_DOMAIN_CODE
        write_config_param "POSTACTIV_DOMAIN_NAME" "$POSTACTIV_DOMAIN_NAME"
        write_config_param "POSTACTIV_CODE" "$POSTACTIV_CODE"
        write_config_param "SOCIALINSTANCE" "$SOCIALINSTANCE"
        install_postactiv
    fi
    # delete the temporary configuration file
    if [ -f temp.cfg ]; then
        shred -zu temp.cfg
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@ -33,6 +33,33 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-controlpanel
 export TEXTDOMAINDIR="/usr/share/locale"
 if [[ $USER != 'root' ]]; then
    # show the user version of the control panel
    #${PROJECT_NAME}-controlpanel-user
    controluser
    exit 0
 fi
 function please_wait {
        local str width height length
        width=$(tput cols)
        height=$(tput lines)
        str=$"Please wait"
        length=${#str}
        clear
        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
        echo "$str"
        tput cup $((height * 3 / 5)) $(((width / 2)))
        echo -n ''
 }
 please_wait
 # Start including files
 source /usr/local/bin/${PROJECT_NAME}-vars
 UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
 for f in $UTILS_FILES
 do
@ -45,6 +72,8 @@ do
    source $f
 done
 # End including files
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 SELECTED_USERNAME=
 SIP_CONFIGURATION_FILE=/etc/sipwitch.conf
@ -94,16 +123,11 @@ read_config_param SMTP_PROXY_USERNAME
 read_config_param SMTP_PROXY_PASSWORD
 read_config_param USB_DRIVE
 read_config_param MY_USERNAME
 read_config_param ONION_ONLY
 if [[ $USB_DRIVE == *"dev"* ]]; then
    USB_DRIVE=$(echo ${USB_DRIVE} | awk -F '/' '{print $3}' | sed 's|1||g' | sed 's|2||g')
 fi
 # Mirrors settings
 FRIENDS_MIRRORS_SERVER=
 FRIENDS_MIRRORS_SSH_PORT=2222
 FRIENDS_MIRRORS_PASSWORD=
 MY_MIRRORS_PASSWORD=
 function any_key {
    echo ' '
    read -n1 -r -p $"Press any key to continue..." key
@ -123,7 +147,7 @@ function passwords_select_user {
    users_array=($(ls /home))
-    delete=(mirrors git)
+    delete=(git)
    for del in ${delete[@]}
    do
        users_array=(${users_array[@]/$del})
@ -165,6 +189,9 @@ function passwords_show_apps {
            name+=("$a")
        fi
    done
    i=$((i+1))
    W+=($i "mariadb")
    name+=("mariadb")
    selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
@ -215,6 +242,13 @@ function view_or_change_passwords {
        fi
    fi
    if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
        CURR_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        dialog --title $"MariaDB database password" \
               --msgbox "\n            ${CURR_PASSWORD}" 7 40
        return
    fi
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
    dialog --title "$titlestr" \
@ -250,54 +284,6 @@ function check_for_updates {
    any_key
 }
 function set_main_repo {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
    dialog --backtitle $"Freedombone Control Panel" \
           --title $"Main Repository (Mirrors)" \
           --form $"If you do not wish to use the default repositories they can be obtained from mirrors on another ${PROJECT_NAME} server." 14 60 3 \
           $"URL:" 1 1 "$FRIENDS_MIRRORS_SERVER" 1 14 40 15 \
           $"SSH Port:" 2 1 "$FRIENDS_MIRRORS_SSH_PORT" 2 14 40 10000 \
           $"Password:" 3 1 "$FRIENDS_MIRRORS_PASSWORD" 3 14 40 10000 \
           2> $data
    sel=$?
    case $sel in
        1) return;;
        255) return;;
    esac
    new_mirrors_url=$(cat $data | sed -n 1p)
    new_mirrors_ssh_port=$(cat $data | sed -n 2p)
    new_mirrors_password=$(cat $data | sed -n 3p)
    if [ ${#new_mirrors_url} -lt 2 ]; then
        return
    fi
    if [ ${#new_mirrors_ssh_port} -lt 1 ]; then
        return
    fi
    if [ ${#new_mirrors_password} -lt 10 ]; then
        dialog --title $"Main Repository" \
               --msgbox $'Mirrors password was too short. Should be at least 10 characters.' 6 40
        return
    fi
    if [[ $new_mirrors_url == *"."* ]]; then
        FRIENDS_MIRRORS_SERVER=$new_mirrors_url
        FRIENDS_MIRRORS_SSH_PORT=$new_mirrors_ssh_port
        FRIENDS_MIRRORS_PASSWORD=$new_mirrors_password
        write_config_param "FRIENDS_MIRRORS_SERVER" "$FRIENDS_MIRRORS_SERVER"
        write_config_param "FRIENDS_MIRRORS_SSH_PORT" "$FRIENDS_MIRRORS_SSH_PORT"
        write_config_param "FRIENDS_MIRRORS_PASSWORD" "$FRIENDS_MIRRORS_PASSWORD"
        # re-read the repos
        read_repo_servers
        dialog --title $"Main Repository" \
               --msgbox $"Main repository set to $FRIENDS_MIRRORS_SERVER" 6 60
    fi
 }
 function add_user {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
@ -390,6 +376,11 @@ function show_domains {
            if grep -q "SHOW_ICANN_ADDRESS_ON_ABOUT=0" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then
                icann_address='-'
            fi
            if [[ $ONION_ONLY != 'no' ]]; then
                if [[ ${icann_address} != ${LOCAL_NAME}.local ]]; then
                    icann_address='-'
                fi
            fi
            onion_address=$(get_app_onion_address "$app_name")
            if [ ${#onion_address} -eq 0 ]; then
                onion_address="-"
@ -469,20 +460,6 @@ function show_users {
    echo ''
 }
 function show_mirrors_password {
    if [ ! /home/mirrors ]; then
        return
    fi
    read_config_param "MY_MIRRORS_PASSWORD"
    echo 'Local Mirrors'
    echo '============='
    echo ''
    echo -n "URL:      "
    echo "$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')    SSH Port: $SSH_PORT"
    echo "Password: $MY_MIRRORS_PASSWORD"
    echo ''
 }
 function show_tahoelafs {
    if [ ! -f /home/tahoelafs/storage/private/storage.furl ]; then
        return
@ -561,19 +538,17 @@ function show_tahoelafs_introducer {
 }
 function show_about {
    clear
    echo ''
    echo $'  Detecting installed apps...'
    detect_apps
    get_apps_installed_names
    clear
    echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
    echo ''
    show_ip_addresses
    show_tor_bridges
    show_ssh_public_key
    show_domains
    show_tahoelafs
    show_mirrors_password
    show_users
    any_key
 }
@ -583,7 +558,7 @@ function select_user {
    users_array=($(ls /home))
-    delete=(mirrors git)
+    delete=(git)
    for del in ${delete[@]}
    do
        users_array=(${users_array[@]/$del})
@ -1018,7 +993,8 @@ function create_keydrive_master {
    dialog --title $"USB Master Keydrive" \
           --msgbox $"Plug in a LUKS encrypted USB drive" 6 40
    clear
-    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME --master 'yes'
+    detect_usb_drive
    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME --master 'yes' -d $USB_DRIVE
    any_key
 }
@ -1030,7 +1006,8 @@ function create_keydrive_fragment {
    dialog --title $"USB Fragment Keydrive" \
           --msgbox $"Plug in a LUKS encrypted USB drive" 6 40
    clear
-    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME
+    detect_usb_drive
    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME -d $USB_DRIVE
    any_key
 }
@ -1064,6 +1041,7 @@ function restore_data_from_storage {
    fi
    utils_installed=(configfiles
                     blocklist
                     mariadb
                     letsencrypt
                     passwords
@ -1137,6 +1115,7 @@ function restore_data_from_storage {
            $restore_command
            retcode="$?"
            if [[ "$retcode" != "0" ]]; then
                any_key
                if [[ "$1" == "local" ]]; then
                    dialog --title $"Restore all apps from USB" \
                           --msgbox $"Restore failed with code $retcode" 6 60
@ -1161,6 +1140,7 @@ function restore_data_from_storage {
        $restore_command "${app_name}"
        retcode="$?"
        if [[ "$retcode" != "0" ]]; then
            any_key
            dialog --title $"Restore apps from USB" \
                   --msgbox $"Restore of ${app_name} failed with code $retcode" 6 60
            return
@ -1346,7 +1326,7 @@ function shut_down_system {
        1) return;;
        255) return;;
    esac
-    shutdown now
+    systemctl poweroff
 }
 function restart_system {
@ -1359,7 +1339,7 @@ function restart_system {
        1) return;;
        255) return;;
    esac
-    reboot
+    systemctl reboot -i
 }
 function change_system_name {
@ -1404,7 +1384,7 @@ function set_dynamic_IP {
        echo $'Changing to a dynamic IP address.'
        echo ''
        echo $"System is rebooting. You may need to close this terminal and log in from a new one."
-        reboot
+        systemctl reboot -i
    fi
 }
@ -1416,9 +1396,9 @@ function set_static_IP {
    NEW_STATIC_IP=
    NEW_STATIC_GATEWAY=
-    if grep -q 'iface eth0 inet static' /etc/network/interfaces; then
+    if [ -f /etc/network/interfaces.d/static ]; then
-        STATIC_IP=$(cat /etc/network/interfaces | grep "address " | head -n 1 | awk -F ' ' '{print $2}')
+        STATIC_IP=$(cat /etc/network/interfaces.d/static | grep "address " | head -n 1 | awk -F ' ' '{print $2}')
-        STATIC_GATEWAY=$(cat /etc/network/interfaces | grep "gateway " | head -n 1 | awk -F ' ' '{print $2}')
+        STATIC_GATEWAY=$(cat /etc/network/interfaces.d/static | grep "gateway " | head -n 1 | awk -F ' ' '{print $2}')
    fi
    # get the IP for the box
@ -1456,12 +1436,15 @@ Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_
    esac
    if [[ "$NEW_STATIC_GATEWAY" == *"."* && "$NEW_STATIC_IP" == *"."* ]]; then
-        ip_addresses_have_changed=
+        ip_addresses_have_changed=1
-        if ! grep -q "address ${NEW_STATIC_IP}" /etc/network/interfaces; then
+        if [ -f /etc/network/interfaces.d/static ]; then
-            ip_addresses_have_changed=1
+            ip_addresses_have_changed=
-        fi
+            if ! grep -q "address ${NEW_STATIC_IP}" /etc/network/interfaces.d/static; then
-        if ! grep -q "gateway ${NEW_STATIC_GATEWAY}" /etc/network/interfaces; then
+                ip_addresses_have_changed=1
-            ip_addresses_have_changed=1
+            fi
            if ! grep -q "gateway ${NEW_STATIC_GATEWAY}" /etc/network/interfaces.d/static; then
                ip_addresses_have_changed=1
            fi
        fi
        if [ $ip_addresses_have_changed ]; then
            write_config_param "NETWORK_IS_STATIC" "1"
@ -1483,44 +1466,19 @@ Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_
                esac
            fi
            echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces
            echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
            echo 'source /etc/network/interfaces.d/*' >> /etc/network/interfaces
            if [ ! $static_wifi_address ]; then
                # wired network
                remove_wifi_startup_script
-                echo '# This file describes the network interfaces available on your system' > /etc/network/interfaces
+
-                echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
+                echo 'auto eth0' > /etc/network/interfaces.d/static
-                echo '' >> /etc/network/interfaces
+                echo 'iface eth0 inet static' >> /etc/network/interfaces.d/static
-                echo '# The loopback network interface' >> /etc/network/interfaces
+                echo "    address ${NEW_STATIC_IP}" >> /etc/network/interfaces.d/static
-                echo 'auto lo' >> /etc/network/interfaces
+                echo '    netmask 255.255.255.0' >> /etc/network/interfaces.d/static
-                echo 'iface lo inet loopback' >> /etc/network/interfaces
+                echo "    gateway ${NEW_STATIC_GATEWAY}" >> /etc/network/interfaces.d/static
                echo '' >> /etc/network/interfaces
                echo '# The primary network interface' >> /etc/network/interfaces
                echo 'auto eth0' >> /etc/network/interfaces
                echo 'iface eth0 inet static' >> /etc/network/interfaces
                echo "    address ${NEW_STATIC_IP}" >> /etc/network/interfaces
                echo '    netmask 255.255.255.0' >> /etc/network/interfaces
                echo "    gateway ${NEW_STATIC_GATEWAY}" >> /etc/network/interfaces
                echo "    dns-nameservers 213.73.91.35 85.214.20.141" >> /etc/network/interfaces
                echo '# Example to keep MAC address between reboots' >> /etc/network/interfaces
                echo '#hwaddress ether DE:AD:BE:EF:CA:FE' >> /etc/network/interfaces
                echo '' >> /etc/network/interfaces
                echo '# The secondary network interface' >> /etc/network/interfaces
                echo '#auto eth1' >> /etc/network/interfaces
                echo '#iface eth1 inet dhcp' >> /etc/network/interfaces
                echo '' >> /etc/network/interfaces
                echo '# WiFi Example' >> /etc/network/interfaces
                echo "#auto $WIFI_INTERFACE" >> /etc/network/interfaces
                echo "#iface $WIFI_INTERFACE inet dhcp" >> /etc/network/interfaces
                echo '#    wpa-ssid "essid"' >> /etc/network/interfaces
                echo '#    wpa-psk  "password"' >> /etc/network/interfaces
                echo '' >> /etc/network/interfaces
                echo '# Ethernet/RNDIS gadget (g_ether)' >> /etc/network/interfaces
                echo '# ... or on host side, usbnet and random hwaddr' >> /etc/network/interfaces
                echo '# Note on some boards, usb0 is automaticly setup with an init script' >> /etc/network/interfaces
                echo '#iface usb0 inet static' >> /etc/network/interfaces
                echo '#    address 192.168.7.2' >> /etc/network/interfaces
                echo '#    netmask 255.255.255.0' >> /etc/network/interfaces
                echo '#    network 192.168.7.0' >> /etc/network/interfaces
                echo '#    gateway 192.168.7.1' >> /etc/network/interfaces
            else
                # wifi network
                wifi_settings
@ -1540,7 +1498,7 @@ Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_
                   --yesno $"\nFor the change to take effect your system will now need to reboot. Do this now?" 8 60
            sel=$?
            case $sel in
-                0) reboot;;
+                0) systemctl reboot -i;;
            esac
        fi
    fi
@ -1645,6 +1603,10 @@ function hotspot_settings {
        WIFI_PASSPHRASE=$TEMP_WIFI_PASSPHRASE
        ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT $WIFI_EXTRA
        if [ ! "$?" = "0" ]; then
            echo $"Can't enable wifi hotspot"
            any_key
        fi
    else
        WIFI_HOTSPOT=$TEMP_WIFI_HOTSPOT
        WIFI_SSID=$TEMP_WIFI_SSID
@ -1762,14 +1724,14 @@ function email_smtp_proxy {
    # change muttrc
    if [ $SMTP_PROXY_ENABLE != $'no' ]; then
-        if ! grep "set smtp_url" $MUTTRC_FILE; then
+        if ! grep -q "set smtp_url" $MUTTRC_FILE; then
            echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> $MUTTRC_FILE
        else
            sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" $MUTTRC_FILE
        fi
        sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE
    else
-        if grep "set smtp_url" $MUTTRC_FILE; then
+        if grep -q "set smtp_url" $MUTTRC_FILE; then
            sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE
        fi
    fi
@ -1883,6 +1845,29 @@ function domain_blocking_add {
    esac
 }
 function ip_blocking_add {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
    dialog --title $"Block an IP address" \
           --backtitle $"Freedombone Control Panel" \
           --inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data
    sel=$?
    case $sel in
        0)
            blocked_ip=$(<$data)
            if [ ${#blocked_ip} -gt 2 ]; then
                if [[ "${blocked_ip}" == *'.'* ]]; then
                    firewall_block_ip $blocked_ip
                    if [[ "${blocked_ip}" != *'@'* ]]; then
                        dialog --title $"Block an IP address" \
                               --msgbox $"The IP address $blocked_ip has been blocked" 6 40
                    fi
                fi
            fi
            ;;
    esac
 }
 function domain_blocking_remove {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
@ -1909,6 +1894,29 @@ function domain_blocking_remove {
    esac
 }
 function ip_blocking_remove {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
    dialog --title $"Unblock an IP address" \
           --backtitle $"Freedombone Control Panel" \
           --inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data
    sel=$?
    case $sel in
        0)
            unblocked_ip=$(<$data)
            if [ ${#unblocked_ip} -gt 2 ]; then
                if [[ "${unblocked_ip}" == *'.'* ]]; then
                    firewall_unblock_ip $unblocked_ip
                    if [[ "${unblocked_ip}" != *'@'* ]]; then
                        dialog --title $"Unblock an IP address" \
                               --msgbox $"The IP address $unblocked_ip has been unblocked" 6 40
                    fi
                fi
            fi
            ;;
    esac
 }
 function domain_blocking_show {
    if [ -f $FIREWALL_DOMAINS ]; then
        clear
@ -1930,11 +1938,13 @@ function domain_blocking {
        trap "rm -f $data" 0 1 2 5 15
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"Domain or User Blocking" \
-               --radiolist $"Choose an operation:" 12 60 4 \
+               --radiolist $"Choose an operation:" 14 60 6 \
               1 $"Block a domain or user" off \
               2 $"Unblock a domain or user" off \
-               3 $"Show blocked domains and users" off \
+               3 $"Block an IP address" off \
-               4 $"Back to main menu" on 2> $data
+               4 $"Unblock an IP address" off \
               5 $"Show blocked domains and users" off \
               6 $"Back to main menu" on 2> $data
        sel=$?
        case $sel in
            1) break;;
@ -1943,8 +1953,10 @@ function domain_blocking {
        case $(cat $data) in
            1) domain_blocking_add;;
            2) domain_blocking_remove;;
-            3) domain_blocking_show;;
+            3) ip_blocking_add;;
-            4) break;;
+            4) ip_blocking_remove;;
            5) domain_blocking_show;;
            6) break;;
        esac
    done
 }
@ -2007,7 +2019,7 @@ function menu_wifi {
        if [ -f /etc/hostapd/hostapd.conf ]; then
            status_str=$'Hotspot ON'
        else
-            if grep -q "# wifi enabled" /etc/network/interfaces; then
+            if [ -f /etc/network/interfaces.d/wifi ]; then
                status_str=$'Wifi ON'
            fi
        fi
@ -2083,7 +2095,7 @@ function menu_top_level {
        trap "rm -f $data" 0 1 2 5 15
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"Control Panel" \
-               --radiolist $"Choose an operation:" 29 70 21 \
+               --radiolist $"Choose an operation:" 28 70 20 \
               1 $"About this system" off \
               2 $"Passwords" off \
               3 $"Backup and Restore" off \
@ -2097,19 +2109,19 @@ function menu_top_level {
               11 $"Email Menu" off \
               12 $"Domain or User Blocking" off \
               13 $"Security Settings" off \
-               14 $"Set the main repository (repo mirrors)" off \
+               14 $"Change the name of this system" off \
-               15 $"Change the name of this system" off \
+               15 $"Set a static local IP address" off \
-               16 $"Set a static local IP address" off \
+               16 $"Wifi menu" off \
-               17 $"Wifi menu" off \
+               17 $"Check for updates" off \
-               18 $"Check for updates" off \
+               18 $"Power off the system" off \
-               19 $"Power off the system" off \
+               19 $"Restart the system" off \
-               20 $"Restart the system" off \
+               20 $"Exit" on 2> $data
               21 $"Exit" on 2> $data
        sel=$?
        case $sel in
            1) exit 1;;
            255) exit 1;;
        esac
        please_wait
        case $(cat $data) in
            1) show_about;;
            2) view_or_change_passwords;;
@ -2117,7 +2129,7 @@ function menu_top_level {
            4) show_firewall;;
            5) reset_tripwire;;
            6) menu_app_settings;;
-            7) ${PROJECT_NAME}-addremove
+            7) /usr/local/bin/addremove
               if [ ! "$?" = "0" ]; then
                   any_key
               fi
@ -2128,31 +2140,23 @@ function menu_top_level {
            11) menu_email;;
            12) domain_blocking;;
            13) security_settings;;
-            14) set_main_repo;;
+            14) change_system_name;;
-            15) change_system_name;;
+            15) set_static_IP;;
-            16) set_static_IP;;
+            16) menu_wifi;;
-            17) menu_wifi;;
+            17) check_for_updates;;
-            18) check_for_updates;;
+            18) shut_down_system;;
-            19) shut_down_system;;
+            19) restart_system;;
-            20) restart_system;;
+            20) break;;
            21) break;;
        esac
    done
 }
 if [[ $USER != 'root' ]]; then
    # show the user version of the control panel
    ${PROJECT_NAME}-controlpanel-user
    exit 0
 fi
 if [ ! -f $COMPLETION_FILE ]; then
    echo $'This command should only be run on an installed Freedombone system'
    exit 1
 fi
 ADMIN_USER=$(get_completion_param "Admin user")
 read_repo_servers
 menu_top_level
 clear
 cat /etc/motd
--- a/src/freedombone-controlpanel-user
+++ b/src/freedombone-controlpanel-user
@ -34,8 +34,10 @@ export TEXTDOMAIN=${PROJECT_NAME}-controlpanel-user
 export TEXTDOMAINDIR="/usr/share/locale"
 MY_EMAIL_ADDRESS=$USER@$HOSTNAME
-GPG_ID=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "pub" | head -n 1 | awk -F '/' '{print $2}' | awk -F ' ' '{print $1}')
+GPG_ID=$(gpg --list-keys $MY_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
-GPG_BACKUP_ID=$(gpg --fingerprint "(backup key)" | grep -i "pub" | head -n 1 | awk -F '/' '{print $2}' | awk -F ' ' '{print $1}')
+GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
 # Start including files
 UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
 for f in $UTILS_FILES
@ -49,6 +51,8 @@ do
  source $f
 done
 # End including files
 function any_key {
    echo ' '
    read -n1 -r -p $"Press any key to continue..." key
@ -398,8 +402,8 @@ function block_unblock_subject {
 }
 function show_gpg_key {
-    GPG_FINGERPRINT=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "key fingerprint" | head -n 1 | awk -F '= ' '{print $2}')
+    GPG_FINGERPRINT=$(gpg --fingerprint $MY_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
-    GPG_DATE=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "pub" | head -n 1 | awk -F '/' '{print $2}' | awk -F ' ' '{print $2}')
+    GPG_DATE=$(gpg --fingerprint $MY_EMAIL_ADDRESS | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
    dialog --title $"My PGP/GPG Key" \
           --backtitle $"Freedombone User Control Panel" \
           --msgbox $"Email Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE" 12 70
@ -619,7 +623,7 @@ function smtp_proxy {
        fi
        sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE
    else
-        if grep "set smtp_url" $MUTTRC_FILE; then
+        if grep -q "set smtp_url" $MUTTRC_FILE; then
            sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE
        fi
    fi
@ -750,7 +754,7 @@ function menu_admin {
        clear
        exit 0
    fi
-    sudo ${PROJECT_NAME}-controlpanel
+    sudo /usr/local/bin/control
 }
 function sign_keys {
--- a/src/freedombone-freedns
+++ b/src/freedombone-freedns
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -33,8 +33,13 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-freedns
 export TEXTDOMAINDIR="/usr/share/locale"
 VERBOSE=
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
-FREEDNS_WGET='wget -q --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
+FREEDNS_WGET='wget --read-timeout=0.0 --waitretry=5 --tries=4 https://freedns.afraid.org/dynamic/update.php?'
 if [[ "$1" == "--verbose" || "$1" == "-v" ]]; then
    VERBOSE=1
 fi
 if [ ! -f $CONFIGURATION_FILE ]; then
    exit 0
@ -47,15 +52,14 @@ function item_in_array {
 }
 detected_codes=()
-codelines=($(grep "_CODE=" $CONFIGURATION_FILE | uniq))
+codelines=$(grep "_CODE=" $CONFIGURATION_FILE | uniq)
-for line in "${codelines[@]}"
+while read -r line; do
 do
    code=$(echo "$line" | awk -F '=' '{print $2}')
    item_in_array "$code" "${detected_codes[@]}"
    if [[ $? != 0 ]]; then
        detected_codes+=("$code")
    fi
-done
+done <<< "$codelines"
 if [ ! -d $HOME/.freedns-update ]; then
    mkdir $HOME/.freedns-update
@ -63,7 +67,19 @@ fi
 cd $HOME/.freedns-update
 for code in "${detected_codes[@]}"
 do
-    $FREEDNS_WGET${code}
+    if [ $VERBOSE ]; then
        echo $"command: $FREEDNS_WGET${code}="
        $FREEDNS_WGET${code}=
    else
        if [ -f /tmp/freedns ]; then
            rm /tmp/freedns
        fi
        $FREEDNS_WGET${code}= >> /tmp/freedns 2>&1
    fi
 done
 if [ -f /tmp/freedns ]; then
    rm /tmp/freedns
 fi
 exit 0
--- a/src/freedombone-image
+++ b/src/freedombone-image
@ -93,7 +93,7 @@ NAMESERVER6='4.4.4.4'
 # An optional freedombone configuration file
 CONFIG_FILENAME=
-DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
+DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
 # Minimum number of characters in a password
 MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
@ -138,6 +138,9 @@ INSECURE='no'
 # a new identity at every shutdown/boot
 AMNESIC='no'
 # Is this a dedicated gnusocial or postactiv instance?
 SOCIALINSTANCE=
 # Versions used for Arch/Parabola setup
 MBR_VERSION='1.1.11'
@ -400,6 +403,10 @@ do
            shift
            PROJECT_REPO="$1"
            ;;
        --social|--instance)
            shift
            SOCIALINSTANCE="$1"
            ;;
        -m|--mirror)
            shift
            MIRROR="$1"
@ -443,6 +450,10 @@ do
            image_setup "$1"
            exit 0
            ;;
        --local|--localname)
            shift
            LOCAL_NAME="$1"
            ;;
        *)
            # unknown option
            ;;
@ -546,6 +557,10 @@ if [[ $AMNESIC != 'no' ]]; then
    IMAGE_NAME="${IMAGE_NAME}-amnesic"
 fi
 if [[ "$SOCIALINSTANCE" == "gnusocial" || "$SOCIALINSTANCE" == "postactiv" ]]; then
    IMAGE_NAME="${IMAGE_NAME}-${SOCIALINSTANCE}"
 fi
 cd $TEMPBUILD_DIR
 make $IMAGE_TYPE \
     MYUSERNAME="$USERNAME" \
@ -580,7 +595,9 @@ make $IMAGE_TYPE \
     VARIANT="$VARIANT" \
     MINIMUM_PASSWORD_LENGTH="$MINIMUM_PASSWORD_LENGTH" \
     INSECURE="$INSECURE" \
-     AMNESIC="$AMNESIC"
+     AMNESIC="$AMNESIC" \
     SOCIALINSTANCE="$SOCIALINSTANCE" \
     LOCAL_NAME="$LOCAL_NAME"
 if [ ! "$?" = "0" ]; then
    echo $'Build failed'
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@ -30,6 +30,7 @@ set -e
 set -x
 PROJECT_NAME='freedombone'
 LOCAL_NAME=${PROJECT_NAME}
 INSTALL_DIR=/root/build
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
@ -106,6 +107,9 @@ MESH_INSTALL_DIR=/var/lib
 # a new identity at every shutdown/boot
 AMNESIC='no'
 # Whether this is a dedicated gnusocial or postactiv instance
 SOCIALINSTANCE=
 # defines the initial keyboard layout
 KEYBOARD_MAP='gb'
@ -174,17 +178,21 @@ EOF
 }
 configure_networking() {
    chroot "$rootdir" apt-get -yq install resolvconf
    if [[ "$MACHINE" == "beaglebonewifi" ]]; then
        # Allow networking over USB in order to configure the
        # wifi login settings
-        echo 'auto lo' > $rootdir/etc/network/interfaces
+
-        echo 'iface lo inet loopback' >> $rootdir/etc/network/interfaces
+        echo '# This file describes the network interfaces available on your system' > $rootdir/etc/network/interfaces
-        echo '' >> $rootdir/etc/network/interfaces
+        echo '# and how to activate them. For more information, see interfaces(5).' >> $rootdir/etc/network/interfaces
-        echo 'iface usb0 inet static' >> $rootdir/etc/network/interfaces
+        echo 'source /etc/network/interfaces.d/*' >> $rootdir/etc/network/interfaces
-        echo '    address 192.168.7.2' >> $rootdir/etc/network/interfaces
+
-        echo '    netmask 255.255.255.252' >> $rootdir/etc/network/interfaces
+        echo 'iface usb0 inet static' >> $rootdir/etc/network/interfaces.d/usb
-        echo '    network 192.168.7.0' >> $rootdir/etc/network/interfaces
+        echo '    address 192.168.7.2' >> $rootdir/etc/network/interfaces.d/usb
-        echo '    gateway 192.168.7.1' >> $rootdir/etc/network/interfaces
+        echo '    netmask 255.255.255.252' >> $rootdir/etc/network/interfaces.d/usb
        echo '    network 192.168.7.0' >> $rootdir/etc/network/interfaces.d/usb
        echo '    gateway 192.168.7.1' >> $rootdir/etc/network/interfaces.d/usb
        return
    fi
@ -193,41 +201,15 @@ configure_networking() {
    fi
    if [[ $GENERIC_IMAGE == "no" ]]; then
-        echo "# This file describes the network interfaces available on your system
+        echo '# This file describes the network interfaces available on your system' > $rootdir/etc/network/interfaces
-# and how to activate them. For more information, see interfaces(5).
+        echo '# and how to activate them. For more information, see interfaces(5).' >> $rootdir/etc/network/interfaces
        echo 'source /etc/network/interfaces.d/*' >> $rootdir/etc/network/interfaces
-# The loopback network interface
+        echo "auto eth0
 auto lo
 iface lo inet loopback
 # The primary network interface
 auto eth0
 iface eth0 inet static
    address $BOX_IP_ADDRESS
    netmask 255.255.255.0
-    gateway $ROUTER_IP_ADDRESS
+    gateway $ROUTER_IP_ADDRESS" > $rootdir/etc/network/interfaces.d/static
    dns-nameservers $NAMESERVER1 $NAMESERVER2
        # Example to keep MAC address between reboots
        #hwaddress ether B5:A2:BE:3F:1A:FE
        # The secondary network interface
        #auto eth1
        #iface eth1 inet dhcp
        # WiFi Example
        #auto wlan0
        #iface wlan0 inet dhcp
        #    wpa-ssid \"essid\"
        #    wpa-psk  \"password\"
        # Ethernet/RNDIS gadget (g_ether)
        # ... or on host side, usbnet and random hwaddr
        # Note on some boards, usb0 is automaticly setup with an init script
        #iface usb0 inet static
        #    address 192.168.7.2
        #    netmask 255.255.255.0
        #    network 192.168.7.0
        #    gateway 192.168.7.1" > $rootdir/etc/network/interfaces
        hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )
        a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
@ -235,12 +217,20 @@ iface eth0 inet static
        c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
        d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
        e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
-        sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \
+        echo "hwaddress ether de:$a:$b:$c:$d:$e" > $rootdir/etc/network/interfaces.d/macaddress
            $rootdir/etc/network/interfaces
    fi
-    sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf
+    # configure DNS
-    sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf
+    resolvconf=$rootdir/etc/resolvconf/resolv.conf.d/head
    echo 'domain localdomain' > $resolvconf
    echo 'search localdomain' >> $resolvconf
    echo "nameserver $NAMESERVER1" >> $resolvconf
    echo "nameserver $NAMESERVER2" >> $resolvconf
    echo "nameserver $NAMESERVER3" >> $resolvconf
    echo "nameserver $NAMESERVER4" >> $resolvconf
    echo "nameserver $NAMESERVER5" >> $resolvconf
    echo "nameserver $NAMESERVER6" >> $resolvconf
    chroot "$rootdir" resolvconf -u
    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
        # change the motd to show further install instructions
@ -274,11 +264,12 @@ following commands, then enter your details.
 }
 configure_ssh() {
-    if [[ $VARIANT == "mesh" || $VARIANT == "meshclient" || $VARIANT == "meshusb" ]]; then
+    if [[ $VARIANT == "mesh"* ]]; then
        return
    fi
    sed -i "s/Port .*/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
    sed -i "s/#Port ${SSH_PORT}/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
    if [[ "$SSH_PUBKEY" != "no" ]]; then
        if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
@ -287,6 +278,7 @@ configure_ssh() {
        echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
        chroot $rootdir /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
        sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
        sed -i 's|#PasswordAuthentication no|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
        echo $"Using ssh public key:"
        echo $SSH_PUBKEY
        echo $'Password ssh authentication turned off'
@ -307,7 +299,7 @@ create_generic_image() {
    fi
    # Don't install any configuration. This will be a base system
-    if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    if [[ $VARIANT != "mesh"* ]]; then
        CONFIG_FILENAME=
    else
        touch $rootdir/root/.initial_mesh_setup
@ -387,56 +379,67 @@ EOF
    echo "    cd /root/${PROJECT_NAME}" >> $rootdir/root/.bashrc
    echo "    git stash" >> $rootdir/root/.bashrc
    echo "    git pull" >> $rootdir/root/.bashrc
-    echo "    git checkout jessie" >> $rootdir/root/.bashrc
+    echo "    git checkout stretch" >> $rootdir/root/.bashrc
    echo "    make install" >> $rootdir/root/.bashrc
-    if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
+    if [[ $VARIANT != "mesh"* && $VARIANT != "usb" ]]; then
-        if [[ $ONION_ONLY == "no" ]]; then
+        if [[ "$SOCIALINSTANCE" == "gnusocial" ]]; then
-            if [[ $MINIMAL_INSTALL == "no" ]]; then
+            echo "    ${PROJECT_NAME} menuconfig-gnusocial" >> $rootdir/root/.bashrc
                echo "    ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc
            else
                echo "    ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc
            fi
        else
-            echo "    ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc
+            if [[ "$SOCIALINSTANCE" == "postactiv" ]]; then
                echo "    ${PROJECT_NAME} menuconfig-postactiv" >> $rootdir/root/.bashrc
            else
                if [[ $ONION_ONLY == "no" ]]; then
                    if [[ $MINIMAL_INSTALL == "no" ]]; then
                        echo "    ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc
                    else
                        echo "    ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc
                    fi
                else
                    echo "    ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc
                fi
            fi
        fi
    else
        echo "    echo ''" >> $rootdir/root/.bashrc
    fi
    echo '    if [ "$?" = "0" ]; then' >> $rootdir/root/.bashrc
    echo "        if [ -f ~/${PROJECT_NAME}-completed.txt ]; then" >> $rootdir/root/.bashrc
    echo "            # Check that the initial setup really did complete" >> $rootdir/root/.bashrc
    echo "            if grep -q 'tripwire' ~/${PROJECT_NAME}-completed.txt; then" >> $rootdir/root/.bashrc
    # Remove the initial setup files
-    echo '            rm /root/.initial_setup' >> $rootdir/root/.bashrc
+    echo '                rm /root/.initial_setup' >> $rootdir/root/.bashrc
-    echo '            rm /home/fbone/.initial_setup' >> $rootdir/root/.bashrc
+    echo '                rm /home/fbone/.initial_setup' >> $rootdir/root/.bashrc
-    echo "            touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
+    echo "                touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-    echo '            shred -zu ~/login.txt' >> $rootdir/root/.bashrc
+    echo '                shred -zu ~/login.txt' >> $rootdir/root/.bashrc
-    if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
+    if [[ $VARIANT != "mesh"* && $VARIANT != "usb" ]]; then
-        echo '            SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc
+        echo '                SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc
-        echo '            if [ ${#SSH_ONION_HOSTNAME} -lt 2 ]; then' >> $rootdir/root/.bashrc
+        echo '                if [ ${#SSH_ONION_HOSTNAME} -lt 2 ]; then' >> $rootdir/root/.bashrc
-        echo '                exit 62392' >> $rootdir/root/.bashrc
+        echo '                    exit 62392' >> $rootdir/root/.bashrc
-        echo '            fi' >> $rootdir/root/.bashrc
+        echo '                fi' >> $rootdir/root/.bashrc
    fi
-    echo "            if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then" >> $rootdir/root/.bashrc
+    echo "                if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then" >> $rootdir/root/.bashrc
-    echo "                echo '[Unit]' > /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo '[Unit]' > /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'Description=WifiStartup (Start wifi networking)' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'Description=WifiStartup (Start wifi networking)' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'After=syslog.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'After=syslog.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'After=network.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'After=network.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'After=remote-fs.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'After=remote-fs.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo '[Service]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo '[Service]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'Type=simple' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'Type=simple' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'User=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'User=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'Group=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'Group=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo '[Install]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo '[Install]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
+    echo "                    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                systemctl enable wifistart" >> $rootdir/root/.bashrc
+    echo "                    systemctl enable wifistart" >> $rootdir/root/.bashrc
-    echo "                systemctl daemon-reload" >> $rootdir/root/.bashrc
+    echo "                    systemctl daemon-reload" >> $rootdir/root/.bashrc
    echo '                fi' >> $rootdir/root/.bashrc
    echo '                systemctl reboot -i' >> $rootdir/root/.bashrc
    echo '            fi' >> $rootdir/root/.bashrc
    echo '            reboot' >> $rootdir/root/.bashrc
    echo '        fi' >> $rootdir/root/.bashrc
    echo '    else' >> $rootdir/root/.bashrc
    echo '        key=' >> $rootdir/root/.bashrc
@ -526,15 +529,15 @@ BATMAN_CELLID='02:BA:00:00:03:01'
 WIFI_SSID='mesh'
 # To avoid confusions these are obtained from the main project file
-TOXID_REPO=
+#TOXID_REPO=
-TOX_PORT=
+#TOX_PORT=
-TOXCORE_REPO=
+#TOXCORE_REPO=
-TOXIC_REPO=
+#TOXIC_REPO=
-TOXCORE_COMMIT=
+#TOXCORE_COMMIT=
-TOXIC_COMMIT=
+#TOXIC_COMMIT=
 # These are some default nodes, but you can replace them with trusted nodes
 # as you prefer. See https://wiki.tox.im/Nodes
-TOX_NODES=
+#TOX_NODES=
 #TOX_NODES=(
 #  '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
 #  '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
@ -559,7 +562,7 @@ INSTALL_DIR=$HOME/build
 INSTALLING_MESH=
 initialise_mesh() {
-    if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    if [[ $VARIANT != "mesh"* ]]; then
        return
    fi
    if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then
@ -581,11 +584,13 @@ initialise_mesh() {
        # install proprietary wifi drivers
        # see https://wiki.debian.org/iwlwifi
-        chroot "$rootdir" apt-get -yq install firmware-iwlwifi firmware-b43-installer firmware-brcm80211
+        chroot "$rootdir" apt-get -yq install firmware-iwlwifi firmware-b43-installer firmware-brcm80211 firmware-realtek
    fi
    INSTALLING_MESH=1
    chroot "$rootdir" apt-get -yq install apt-transport-https
    configure_firewall
    install_avahi
    install_batman
@ -767,13 +772,13 @@ function configure_user_interface {
    chroot "$rootdir" apt-get -yq install libtheora-bin libvorbis-dev v4l-utils
    # a sane editor
-    chroot "$rootdir" apt-get -yq install emacs24
+    chroot "$rootdir" apt-get -yq install emacs
    # for wifi monitoring
    chroot "$rootdir" apt-get -yq install horst
    # for sound level control
-    chroot "$rootdir" apt-get -yq install alsa-utils
+    chroot "$rootdir" apt-get -yq install alsa-utils pavucontrol
    # to play various media types
    chroot "$rootdir" apt-get -yq install vlc
@ -941,7 +946,7 @@ EOF
    if [[ $VARIANT == "usb" ]]; then
        # tor
-        chroot "$rootdir" apt-get -y install tor
+        chroot "$rootdir" apt-get -yq install tor
        # xmpp client
        chroot "$rootdir" echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list
@ -970,7 +975,16 @@ function image_install_inadyn {
        mkdir -p $rootdir/root/build
    fi
    chroot "$rootdir" apt-get -yq install build-essential curl libgnutls28-dev automake1.11 libconfuse-dev
-    git clone $INADYN_REPO $rootdir/root/build/inadyn
+
    if [ -d /repos/inadyn ]; then
        mkdir $rootdir/root/build/inadyn
        cp -r -p /repos/inadyn/. $rootdir/root/build/inadyn
        cd $rootdir/root/build/inadyn
        git pull
    else
        git clone $INADYN_REPO $rootdir/root/build/inadyn
    fi
    if [ ! -d $rootdir/root/build/inadyn ]; then
        echo 'Failed to clone inadyn'
        exit 728252
@ -1020,14 +1034,18 @@ function image_setup_utils {
    if [ $INSTALLING_MESH ]; then
        return
    fi
-    chroot "$rootdir" apt-get -yq install nfs-kernel-server
+    chroot "$rootdir" apt-get -yq install apt-transport-https
    chroot "$rootdir" apt-get -yq remove --purge apache2-bin*
    chroot "$rootdir" apt-get -yq dist-upgrade
    chroot "$rootdir" apt-get -yq install ca-certificates
    chroot "$rootdir" apt-get -yq install apt-utils
    if [[ $ARCHITECTURE == 'amd64' ]]; then
-        chroot "$rootdir" apt-get -yq install linux-image-amd64 -t jessie-backports
+        chroot "$rootdir" apt-get -yq install linux-image-amd64
    fi
    if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'i386' ]]; then
-        chroot "$rootdir" apt-get -yq install grub2
+        chroot "$rootdir" apt-get -yq install grub2 lvm2 initramfs-tools
    fi
    chroot "$rootdir" apt-get -yq install locales locales-all debconf
@ -1047,11 +1065,6 @@ function image_setup_utils {
    rm $rootdir/root/sysctl.conf
    # all the packages
    chroot "$rootdir" apt-get -yq install apt-transport-https
    chroot "$rootdir" apt-get -yq remove --purge apache*
    chroot "$rootdir" apt-get -yq dist-upgrade
    chroot "$rootdir" apt-get -yq install ca-certificates
    chroot "$rootdir" apt-get -yq install apt-utils
    chroot "$rootdir" apt-get -yq install cryptsetup libgfshare-bin obnam sshpass wget avahi-daemon
    chroot "$rootdir" apt-get -yq install avahi-utils avahi-discover connect-proxy openssh-server
    chroot "$rootdir" apt-get -yq install sudo git dialog build-essential avahi-daemon avahi-utils
@ -1065,8 +1078,11 @@ function image_setup_utils {
    # Tor and ssh over tor
    chroot "$rootdir" apt-get -yq install tor connect-proxy
    chroot "$rootdir" connect-proxy
    sed -i 's|#Log notice file.*|Log notice file /dev/null|g' $rootdir/etc/tor/torrc
    sed -i 's|Log notice file.*|Log notice file /dev/null|g' $rootdir/etc/tor/torrc
    sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_DAY_GB GBytes|g" $rootdir/etc/tor/torrc
    sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_DAY_GB GBytes|g" $rootdir/etc/tor/torrc
    if ! grep -q 'Host *.onion' $rootdir/root/.ssh/config; then
        if [ ! -d $rootdir/root/.ssh ]; then
            mkdir $rootdir/root/.ssh
@ -1130,14 +1146,14 @@ function image_setup_utils {
    chroot "$rootdir" cd /root/build/tomb && make install
    echo "tomb commit:$TOMB_COMMIT" >> $rootdir/root/freedombone-completed.txt
-    if ! grep '* hard maxsyslogins' $rootdir/etc/security/limits.conf; then
+    if ! grep -q '* hard maxsyslogins' $rootdir/etc/security/limits.conf; then
        echo '* hard maxsyslogins 10' >> $rootdir/etc/security/limits.conf
    else
        sed -i 's|hard maxsyslogins.*|hard maxsyslogins 10|g' $rootdir/etc/security/limits.conf
    fi
    # Max logins for each user
-    if ! grep '* hard maxlogins' $rootdir/etc/security/limits.conf; then
+    if ! grep -q '* hard maxlogins' $rootdir/etc/security/limits.conf; then
        echo '* hard maxlogins 2' >> $rootdir/etc/security/limits.conf
    else
        sed -i 's|hard maxlogins.*|hard maxlogins 2|g' $rootdir/etc/security/limits.conf
@ -1147,9 +1163,7 @@ function image_setup_utils {
    chroot "$rootdir" apt-get -yq remove postfix
    chroot "$rootdir" apt-get -yq install exim4 exim4-daemon-heavy sasl2-bin swaks libnet-ssleay-perl procmail
    chroot "$rootdir" apt-get -yq install spamassassin
-    #chroot "$rootdir" apt-get -yq install dovecot-core dovecot-imapd
+    chroot "$rootdir" apt-get -yq install dovecot-imapd
    # TODO generate certs for exim and dovecot if needed on first boot
    #backup
    chroot "$rootdir" apt-get -yq install obnam gnupg
@ -1166,7 +1180,7 @@ function image_setup_utils {
    echo "gpgit commit:$GPGIT_COMMIT" >> $rootdir/root/freedombone-completed.txt
    # email client
-    chroot "$rootdir" apt-get -yq install mutt-patched lynx abook urlview
+    chroot "$rootdir" apt-get -yq install lynx abook urlview mutt
    git clone $CLEANUP_MAILDIR_REPO $rootdir/root/build/cleanup-maildir
    cd $rootdir/root/build/cleanup-maildir
@ -1176,7 +1190,7 @@ function image_setup_utils {
    # web server
    chroot "$rootdir" apt-get -yq remove --purge apache2
-    chroot "$rootdir" apt-get -yq install nginx php5-fpm
+    chroot "$rootdir" apt-get -yq install nginx php-fpm
    git clone $NGINX_ENSITE_REPO $rootdir/root/build/nginx_ensite
    cd $rootdir/root/build/nginx_ensite
    git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
@ -1190,24 +1204,79 @@ function image_setup_utils {
    fi
    chroot "$rootdir" apt-get -yq install tripwire
-    # mirroring
+    # filesystem optimisations
-    # cmake
+    #sed -i 's|btrfs subvol=@|btrfs defaults,subvol=@,compress=lzo,ssd|g' $rootdir/etc/fstab
 }
 function image_install_nodejs {
-    if [ $INSTALLING_MESH ]; then
+    mesh_install_nodejs
    #echo 'install_nodejs' >> ${rootdir}/root/${PROJECT_NAME}-completed.txt
 }
 function image_preinstall_repos {
    if [[ $VARIANT == "mesh"* ]]; then
        return
    fi
-    chroot "$rootdir" apt-get -yq install nodejs
+    if [ ! -d $rootdir/repos ]; then
-    chroot "$rootdir" apt-get -yq install npm curl
+        mkdir $rootdir/repos
    if [ ! -f $rootdir/usr/bin/nodejs ]; then
        echo $'nodejs was not installed'
        exit 63962
    fi
 }
    git clone $CMAKE_REPO $rootdir/repos/cmake
    git clone $INADYN_REPO $rootdir/repos/inadyn
    git clone $TOMB_REPO $rootdir/repos/tomb
    if [[ $SOCIALINSTANCE == "gnusocial" ]]; then
        git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
        git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
        git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
        git clone $PLEROMA_REPO $rootdir/repos/pleroma
        return
    fi
    if [[ $SOCIALINSTANCE == "postactiv" ]]; then
        git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
        git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
        git clone $PLEROMA_REPO $rootdir/repos/pleroma
        git clone $POSTACTIV_REPO $rootdir/repos/postactiv
        return
    fi
    git clone $CRYPTPAD_REPO $rootdir/repos/cryptpad
    git clone $DOKUWIKI_REPO $rootdir/repos/dokuwiki
    git clone $ETHERPAD_REPO $rootdir/repos/etherpad
    git clone $FRIENDICA_REPO $rootdir/repos/friendica
    git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
    git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
    git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
    git clone $PLEROMA_REPO $rootdir/repos/pleroma
    git clone $POSTACTIV_REPO $rootdir/repos/postactiv
    git clone $SHARINGS_REPO $rootdir/repos/sharings
    git clone $HTMLY_REPO $rootdir/repos/htmly
    git clone $HUBZILLA_REPO $rootdir/repos/hubzilla
    git clone $HUBZILLA_ADDONS_REPO $rootdir/repos/hubzilla-addons
    git clone $KOEL_REPO $rootdir/repos/koel
    #git clone $LIBREVAULT_REPO $rootdir/repos/librevault
    git clone $LYCHEE_REPO $rootdir/repos/lychee
    git clone $MAILPILE_REPO $rootdir/repos/mailpile
    git clone $MATRIX_REPO $rootdir/repos/matrix
    git clone $MEDIAGOBLIN_REPO $rootdir/repos/mediagoblin
    #git clone $MOVIM_REPO $rootdir/repos/movim
    git clone $NEXTCLOUD_REPO $rootdir/repos/nextcloud
    git clone $PIHOLE_REPO $rootdir/repos/pihole
    git clone $PROFANITY_REPO $rootdir/repos/profanity
    git clone $LIBMESODE_REPO $rootdir/repos/libmesode
    git clone $PROFANITY_OMEMO_PLUGIN_REPO $rootdir/repos/profanity-omemo
    git clone $RSS_READER_REPO $rootdir/repos/rss
    git clone $RSS_MOBILE_READER_REPO $rootdir/repos/rss-mobile
    git clone $SEARX_REPO $rootdir/repos/searx
    git clone $TOXCORE_REPO $rootdir/repos/toxcore
    git clone $TOXID_REPO $rootdir/repos/toxid
    git clone $TOXIC_REPO $rootdir/repos/toxic
    git clone $TURTL_REPO $rootdir/repos/turtl
    #git clone $ZERONET_REPO $rootdir/repos/zeronet
    #git clone $QTOX_REPO $rootdir/repos/qtox
 }
 ##############################################################################
@ -1248,7 +1317,7 @@ if [ ! $DEBIAN_REPO ]; then
    DEBIAN_REPO='ftp.de.debian.org'
 fi
 if [ ! $DEBIAN_VERSION ]; then
-    DEBIAN_VERSION='jessie'
+    DEBIAN_VERSION='stretch'
 fi
 set_apt_sources $BUILD_MIRROR
@ -1277,7 +1346,7 @@ if [ -n "$CUSTOM_SETUP" ]; then
    chroot "$rootdir" gdebi -n /tmp/"$(basename $CUSTOM_SETUP)"
 fi
-if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "mesh" ]]; then
+if [[ $VARIANT != "mesh"* ]]; then
    chroot "$rootdir" apt-get install -y openssh-server
 fi
 chroot "$rootdir" apt-get install -y sudo git dialog build-essential
@ -1287,17 +1356,50 @@ chroot "$rootdir" apt-get install -y libnss-mdns libnss-myhostname libnss-gw-nam
 chroot "$rootdir" apt-get install -y locales locales-all debconf wireless-tools wpasupplicant usbutils
 if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'i386' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' ]]; then
    chroot "$rootdir" apt-get install -y cryptsetup zsh pinentry-curses iotop bc
-    chroot "$rootdir" apt-get install -y grub2 hostapd
+    chroot "$rootdir" apt-get install -y grub2 hostapd lvm2 initramfs-tools
 fi
-sed -i "s|#host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
+sed -i "s|#host-name=.*|host-name=${LOCAL_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
-sed -i "s|host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
+sed -i "s|host-name=.*|host-name=${LOCAL_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
 sed -i "s|use-ipv4=.*|use-ipv4=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
 sed -i "s|use-ipv6=.*|use-ipv6=no|g" $rootdir/etc/avahi/avahi-daemon.conf
 sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
 sed -i "s|hosts:.*|hosts:          files mdns4_minimal dns mdns4 mdns|g" $rootdir/etc/nsswitch.conf
 # Add an ssh avahi service
 echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
 echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
 echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
 echo '  <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
 echo '  <service>' >> $rootdir/etc/avahi/services/ssh.service
 echo '    <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
 echo "    <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
 echo '  </service>' >> $rootdir/etc/avahi/services/ssh.service
 echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
 # Ensure that the avahi daemon keeps running
 WATCHDOG_SCRIPT_NAME="keepon"
 echo '#!/bin/bash' > $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo 'LOGFILE=/var/log/keepon.log' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo 'CURRENT_DATE=$(date)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo "# keep avahi-daemon daemon running" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo "RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo 'if [ ! $RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo "  systemctl start avahi-daemon" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo "  echo \"avahi-daemon daemon restarted\" >> \$LOGFILE" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo "# End of avahi-daemon" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
 echo "*/1            * *   *   *   root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> $rootdir/etc/crontab
 chroot "$rootdir" /bin/bash -x <<EOF
 git clone $PROJECT_REPO /root/$PROJECT_NAME
 cd /root/$PROJECT_NAME
-git checkout jessie
+git checkout stretch
 make install
 cp image_build/bbb-4.9.0.tar.gz /boot/bbb.tar.gz
 EOF
 chroot "$rootdir" ${PROJECT_NAME}-image-hardware-setup 2>&1 | \
@ -1308,7 +1410,11 @@ rm $rootdir/usr/sbin/policy-rc.d
 # Set up HRNG for systems known to have one
 # Otherwise install haveged
 if [[ "$MACHINE" != "beaglebone"* ]]; then
-    chroot $rootdir apt-get -yq install haveged
+    # With some VMs, the hardware cycles counter is emulated and deterministic,
    # and thus predictible, so havege should not be used
    if [[ "$MACHINE" != "qemu"* ]]; then
        chroot $rootdir apt-get -yq install haveged
    fi
 else
    chroot $rootdir apt-get -yq install rng-tools
    sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools
@ -1356,6 +1462,7 @@ configure_user_interface
 image_setup_utils
 image_install_inadyn
 image_install_nodejs
 image_preinstall_repos
 # remove downloaded packages
 chroot $rootdir apt-get -y autoremove
--- a/src/freedombone-image-hardware-setup
+++ b/src/freedombone-image-hardware-setup
@ -56,14 +56,9 @@ beaglebone_setup_boot() {
    initRd=initrd.img-$version
    vmlinuz=vmlinuz-$version
-    bbb_loadaddr='0x80200000'
+    bbb_loadaddr='0x82000000'
-    bbb_initrd_addr='0x81000000'
+    bbb_initrd_addr='0x88080000'
-    bbb_fdtaddr='0x80F80000'
+    bbb_fdtaddr='0x88000000'
    if [[ "$bbb_version" == "wireless" ]]; then
        bbb_loadaddr='0x82000000'
        bbb_initrd_addr='0x88080000'
        bbb_fdtaddr='0x88000000'
    fi
    # uEnv.txt for Beaglebone
    # based on https://github.com/beagleboard/image-builder/blob/master/target/boot/beagleboard.org.txt
@ -89,7 +84,7 @@ loadinitrd=load mmc \${mmcdev}:\${mmcpart} \${initrd_addr} \${initrd_file}; sete
 loadfdt=load mmc \${mmcdev}:\${mmcpart} \${fdtaddr} /dtbs/\${fdtfile}
 loadfiles=run loadkernel; run loadinitrd; run loadfdt
-mmcargs=setenv bootargs console=tty0 console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags}
+mmcargs=setenv bootargs init=/lib/systemd/systemd console=tty0 console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags} ifnames=0 slub_debug=FZP slab_nomerge page_poison=1
 uenvcmd=run loadfiles; run mmcargs; bootz \${loadaddr} \${initrd_addr}:\${initrd_size} \${fdtaddr}
 EOF
@ -123,15 +118,29 @@ beaglebone_repack_kernel() {
    echo "info: repacking beaglebone kernel and initrd"
-    if [ ! $bbb_version ]; then
+    bbb_dtb='am335x-boneblack'
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack.dtb | head -1 | cut -d/ -f4)
+    if [ $bbb_version ]; then
-    else
+        bbb_dtb="am335x-boneblack-${bbb_version}"
        kernelVersion=$(ls /usr/lib/*/am335x-boneblack-${1}.dtb | head -1 | cut -d/ -f4)
    fi
    kernelVersion=$(ls /usr/lib/*/${bbb_dtb}.dtb | head -1 | cut -d/ -f4)
    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
    initRd=initrd.img-$version
    vmlinuz=vmlinuz-$version
    # optionally use a separately compiled kernel
    bbb_dtb_file=/usr/lib/$kernelVersion/${bbb_dtb}.dtb
    #if [ -f /boot/bbb.tar.gz ]; then
    #    cd /boot
    #    tar -xzvf /boot/bbb.tar.gz
    #    if [ -f /boot/bbb/dtbs/${bbb_dtb}.dtb ]; then
    #        if [ -f /boot/bbb/zImage ]; then
    #            bbb_dtb_file=/boot/bbb/dtbs/${bbb_dtb}.dtb
    #            vmlinuz=/boot/bbb/zImage
    #        fi
    #    fi
    #fi
    mkdir /tmp/initrd-repack
    (cd /tmp/initrd-repack ; \
@ -142,27 +151,15 @@ beaglebone_repack_kernel() {
    rm -rf /tmp/initrd-repack
-    if [ ! $bbb_version ]; then
+    (cd /boot ; \
-        (cd /boot ; \
+     cp ${bbb_dtb_file} dtb ; \
-         cp /usr/lib/$kernelVersion/am335x-boneblack.dtb dtb ; \
+     cat $vmlinuz dtb >> temp-kernel ; \
-         cat $vmlinuz dtb >> temp-kernel ; \
+     mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
-         mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
+             -C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
-                 -C none -a 0x80200000 -e 0x80200000 -d temp-kernel uImage ; \
+     rm -f temp-kernel ; \
-         rm -f temp-kernel ; \
+     mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
-         mkimage -A arm -O linux -T ramdisk -C gzip -a 0x81000000 -e 0x81000000 \
+             -n "Debian ramdisk ${version}" \
-                 -n "Debian ramdisk ${version}" \
+             -d $initRd uInitrd )
                 -d $initRd uInitrd )
    else
        (cd /boot ; \
         cp /usr/lib/$kernelVersion/am335x-boneblack-${bbb_version}.dtb dtb ; \
         cat $vmlinuz dtb >> temp-kernel ; \
         mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
                 -C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
         rm -f temp-kernel ; \
         mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
                 -n "Debian ramdisk ${version}" \
                 -d $initRd uInitrd )
    fi
 }
 a20_setup_boot() {
@ -206,7 +203,7 @@ setenv loadinitrd load mmc \${mmcdev}:\${mmcpart} \${initrd_addr} \${initrd_file
 setenv loadfdt load mmc \${mmcdev}:\${mmcpart} \${fdtaddr} /dtbs/\${fdtfile}
 setenv loadfiles run loadkernel\\; run loadinitrd\\; run loadfdt
-setenv mmcargs setenv bootargs console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags}
+setenv mmcargs setenv bootargs init=/lib/systemd/systemd console=\${console} root=\${mmcroot} rootfstype=\${mmcrootfstype} rootflags=\${mmcrootflags} ifnames=0 slub_debug=FZP slab_nomerge page_poison=1
 run loadfiles; run mmcargs; bootz \${loadaddr} \${initrd_addr}:\${initrd_size} \${fdtaddr}
 EOF
--- a/src/freedombone-image-make
+++ b/src/freedombone-image-make
@ -77,6 +77,8 @@ export VARIANT
 export MINIMUM_PASSWORD_LENGTH
 export INSECURE
 export AMNESIC
 export SOCIALINSTANCE
 export LOCAL_NAME
 # Locate vmdebootstrap program fetched in Makefile
 basedir=`pwd`
@ -90,7 +92,7 @@ fi
 # Packages to install in all Freedombone environments
 base_pkgs="apt base-files ifupdown initramfs-tools \
-logrotate module-init-tools netbase rsyslog udev debian-archive-keyring"
+logrotate kmod netbase rsyslog udev debian-archive-keyring"
 # Packages needed on the beaglebone
 beaglebone_pkgs="linux-image-armmp u-boot-tools u-boot"
@ -241,6 +243,8 @@ sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" $TEMP_CUSTOMISE3
 sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" $TEMP_CUSTOMISE3
 sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" $TEMP_CUSTOMISE3
 sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" $TEMP_CUSTOMISE3
 sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" $TEMP_CUSTOMISE3
 sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" $TEMP_CUSTOMISE3
 sed -i 's|#!/bin/bash||g' $TEMP_CUSTOMISE3
 cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4
--- a/src/freedombone-image-makefile
+++ b/src/freedombone-image-makefile
@ -31,7 +31,7 @@ MIRROR ?= http://httpredir.debian.org/debian
 BUILD_MIRROR ?= http://httpredir.debian.org/debian
 IMAGE_SIZE ?= 8G
 IMAGE_NAME ?= 'full'
-SUITE ?= jessie
+SUITE ?= stretch
 # include source packages in image?
 SOURCE ?= false
--- a/src/freedombone-image-mesh
+++ b/src/freedombone-image-mesh
@ -42,8 +42,6 @@ INSTALL_LOG=/var/log/${PROJECT_NAME}.log
 DEFAULT_USERNAME=fbone
 GO_VERSION=1.7
 TOX_NODES=
 #TOX_NODES=(
 #  '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US'
@ -74,6 +72,14 @@ IPFS_PORT=4001
 CURRENT_BLOG_INDEX=/home/$MY_USERNAME/.blog-index
 # Debian stretch has a problem where the formerly predictable wlan0 and eth0
 # device names get assigned random names. This is a hacky workaround.
 # Also adding net.ifnames=0 to kernel options on bootloader may work.
 function enable_predictable_device_names {
    ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules
    update-initramfs -u
 }
 function create_avahi_mesh_service {
    service_name=$1
    service_type=$2
@ -112,7 +118,7 @@ function create_ram_disk {
 function make_root_read_only {
    if [ ! -d /home/$MY_USERNAME/Desktop ]; then
-        if ! grep 'ro,subvol=@' /etc/fstab; then
+        if ! grep -q 'ro,subvol=@' /etc/fstab; then
            sed -i 's|subvol=@|ro,subvol=@|g' /etc/fstab
            echo $'Root filesystem set to read only' >> $INSTALL_LOG
        fi
@ -591,6 +597,7 @@ if [ -f $MESH_INSTALL_SETUP ]; then
    #tomb slam all
    tmp_ram_disk 100
    enable_predictable_device_names
    enable_batman_daemon
    #create_ram_disk 1
    #setup_amnesic_data
@ -625,7 +632,10 @@ if [ -f $MESH_INSTALL_SETUP ]; then
            rm /usr/share/images/desktop-base/desktop-background
            ln -s /usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png /usr/share/images/desktop-base/desktop-background
        fi
-        reboot
+        if [ -f /etc/default/grub ]; then
            update-grub
        fi
        systemctl reboot -i
    fi
 fi
--- a/src/freedombone-keydrive
+++ b/src/freedombone-keydrive
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -50,37 +50,41 @@ function show_help {
 while [[ $# > 1 ]]
 do
-key="$1"
+    key="$1"
-case $key in
+    case $key in
-    -h|--help)
+        -h|--help)
-    show_help
+            show_help
-    ;;
+            ;;
-    -u|--user)
+        -u|--user)
            shift
            MY_USERNAME="$1"
            ;;
        -d|--dev)
            shift
            if [[ "${1}" != '/dev/'* ]]; then
                USB_DRIVE=/dev/${1}1
            else
                USB_DRIVE=${1}
            fi
            ;;
        -m|--master)
            shift
            MASTER_DRIVE="$1"
            ;;
        -n|--fragments)
            shift
            KEY_FRAGMENTS=$1
            ;;
        -f|--format)
            shift
            FORMAT="yes"
            ;;
        *)
            # unknown option
            ;;
    esac
    shift
    MY_USERNAME="$1"
    ;;
    -d|--dev)
    shift
    USB_DRIVE=/dev/${1}1
    ;;
    -m|--master)
    shift
    MASTER_DRIVE="$1"
    ;;
    -n|--fragments)
    shift
    KEY_FRAGMENTS=$1
    ;;
    -f|--format)
    shift
    FORMAT="yes"
    ;;
    *)
    # unknown option
    ;;
 esac
 shift
 done
 if [ ! $MY_USERNAME ]; then
@ -94,68 +98,118 @@ if [ ! -d /home/$MY_USERNAME ]; then
 fi
 if [ ! -b $USB_DRIVE ]; then
-  echo $'Please attach a USB drive'
+    echo $'Please attach a USB drive'
-  exit 65743
+    exit 65743
 fi
 umount -f $USB_MOUNT
 if [ ! -d $USB_MOUNT ]; then
-  mkdir $USB_MOUNT
+    mkdir $USB_MOUNT
 fi
 if [ -f /dev/mapper/encrypted_usb ]; then
-  rm -rf /dev/mapper/encrypted_usb
+    rm -rf /dev/mapper/encrypted_usb
 fi
 cryptsetup luksClose encrypted_usb
 # optionally format the drive
 if [[ $FORMAT == "yes" ]]; then
-  ${PROJECT_NAME}-format ${USB_DRIVE::-1}
+    ${PROJECT_NAME}-format ${USB_DRIVE::-1}
-  if [ ! "$?" = "0" ]; then
+    if [ ! "$?" = "0" ]; then
-      exit 36823
+        exit 36823
-  fi
+    fi
 fi
 cryptsetup luksOpen $USB_DRIVE encrypted_usb
 if [ "$?" = "0" ]; then
-  USB_DRIVE=/dev/mapper/encrypted_usb
+    USB_DRIVE=/dev/mapper/encrypted_usb
 fi
 mount $USB_DRIVE $USB_MOUNT
 if [ ! "$?" = "0" ]; then
-  echo $"There was a problem mounting the USB drive to $USB_MOUNT"
+    echo $"There was a problem mounting the USB drive to $USB_MOUNT"
-  rm -rf $USB_MOUNT
+    rm -rf $USB_MOUNT
-  exit 78543
+    exit 78543
 fi
 # optionally create a master drive which contains the full GPG keyring
 if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; then
-  if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+    if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
-      echo $"No .gnupg directory was found for $MY_USERNAME"
+        echo $"No .gnupg directory was found for $MY_USERNAME"
-      umount -f $USB_MOUNT
+        umount -f $USB_MOUNT
-      rm -rf $USB_MOUNT
+        rm -rf $USB_MOUNT
-      exit 73025
+        exit 73025
-  fi
+    fi
-  cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
+
-  if [ -d /etc/letsencrypt ]; then
+    # export the gpg key and backup key as text
-      cp -rf /etc/letsencrypt $USB_MOUNT
+    # so that it may be imported at the beginning of new installs
-      echo $"LetsEncrypt keys copied to $USB_DRIVE"
+    GPG_TTY=$(tty)
-  fi
+    export GPG_TTY
-  if [ -d $USB_MOUNT/.gnupg ]; then
+
-      echo $"GPG Keyring copied to $USB_DRIVE. You may now remove the drive."
+    USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-  else
+    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-      echo $"Unable to copy gpg keyring to $USB_DRIVE"
+    GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-  fi
+
-  umount -f $USB_MOUNT
+    gpgerrstr=$'error'
-  rm -rf $USB_MOUNT
+    gpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_ID)
-  exit 0
+    if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
        echo $'Problem exporting public gpg key'
        echo "$gpgkey"
        exit 735282
    fi
    echo ''
    echo $'Enter your gpg private key passphrase:'
    gpgprivkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_ID)
    if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
        echo $'Problem exporting private gpg key'
        echo "$gpgprivkey"
        gpgprivkey=
        exit 629362
    fi
    # Dummy password to get around not being able to create a key without passphrase
    BACKUP_DUMMY_PASSWORD='backup'
    backupgpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_BACKUP_ID)
    if [[ "$backupgpgkey" == *"$gpgerrstr"* ]]; then
        echo $'Problem exporting public gpg backup key'
        echo "$backupgpgkey"
        exit 735282
    fi
    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_BACKUP_ID)
    if [[ "$backupgpgprivkey" == *"$gpgerrstr"* ]]; then
        echo $'Problem exporting private gpg backup key'
        echo "$backupgpgprivkey"
        backupgpgprivkey=
        exit 629362
    fi
    echo "$gpgkey" > $USB_MOUNT/.mastergpgkey
    echo "$gpgprivkey" >> $USB_MOUNT/.mastergpgkey
    echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
    echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
    cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
    if [ -d /etc/letsencrypt ]; then
        cp -rf /etc/letsencrypt $USB_MOUNT
        echo $"LetsEncrypt keys copied to $USB_DRIVE"
    fi
    if [ -d $USB_MOUNT/.gnupg ]; then
        echo $"GPG Keyring copied to $USB_DRIVE. You may now remove the drive."
    else
        echo $"Unable to copy gpg keyring to $USB_DRIVE"
    fi
    umount -f $USB_MOUNT
    rm -rf $USB_MOUNT
    exit 0
 fi
 # Don't use the USB drive if it already contains a full keyring
 if [ -d $USB_MOUNT/.gnupg ]; then
-  echo $'A full GPG keyring already exists on the USB drive.'
+    echo $'A full GPG keyring already exists on the USB drive.'
-  echo $'Either reformat the USB drive or use a different drive.'
+    echo $'Either reformat the USB drive or use a different drive.'
-  umount -f $USB_MOUNT
+    umount -f $USB_MOUNT
-  rm -rf $USB_MOUNT
+    rm -rf $USB_MOUNT
-  exit 3392
+    exit 3392
 fi
 # Append the username as a subdirectory.
@ -167,14 +221,14 @@ FRAGMENTS_DIR=$FRAGMENTS_DIR/$MY_USERNAME
 # make a directory to contain the fragments
 if [ ! -d $FRAGMENTS_DIR ]; then
-  mkdir -p $FRAGMENTS_DIR
+    mkdir -p $FRAGMENTS_DIR
-  echo $"Made directory $FRAGMENTS_DIR"
+    echo $"Made directory $FRAGMENTS_DIR"
 fi
 if [ ! -d $FRAGMENTS_DIR ]; then
-  echo $"There was a problem making the directory $FRAGMENTS_DIR"
+    echo $"There was a problem making the directory $FRAGMENTS_DIR"
-  umount -f $USB_MOUNT
+    umount -f $USB_MOUNT
-  rm -rf $USB_MOUNT
+    rm -rf $USB_MOUNT
-  exit 6843
+    exit 6843
 fi
 cd $FRAGMENTS_DIR
--- a/src/freedombone-logging
+++ b/src/freedombone-logging
@ -35,6 +35,53 @@ export TEXTDOMAINDIR="/usr/share/locale"
 WEBSERVER_LOG_LEVEL='warn'
 # Shredding could be used here, but especially on microSD
 # or SSD it's debatable how useful shredding really is.
 # Also the shred command can be very slow on Beaglebone Black
 REMOVE_FILES_COMMAND='rm -rf'
 APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
 for f in $APP_FILES
 do
    source $f
 done
 APPS_AVAILABLE=()
 function logging_get_app_names {
    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
    for filename in $FILES
    do
        app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
        if grep -q "logging_on_" ${filename}; then
            if grep -q "logging_off_" ${filename}; then
                APPS_AVAILABLE+=("${app_name}")
            fi
        fi
    done
 }
 function turn_logging_on {
    logging_get_app_names
    for a in "${APPS_AVAILABLE[@]}"
    do
        echo $"Turning on logging for ${a}"
        logging_on_${a}
    done
 }
 function turn_logging_off {
    logging_get_app_names
    for a in "${APPS_AVAILABLE[@]}"
    do
        echo $"Turning off logging for ${a}"
        logging_off_${a}
    done
 }
 function turn_off_rsys_logging {
    sed -i 's|mail,news.none.*|mail,news.none      /dev/null|g' /etc/rsyslog.conf
    sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /dev/null|g' /etc/rsyslog.conf
@ -48,14 +95,14 @@ function turn_off_rsys_logging {
    sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      /dev/null|g' /etc/rsyslog.conf
    sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
    sed -i 's|cron.\*.*|cron.\*             /dev/null|g' /etc/rsyslog.conf
-    shred -zu /var/log/wtmp*
+    $REMOVE_FILES_COMMAND /var/log/wtmp*
-    shred -zu /var/log/debug*
+    $REMOVE_FILES_COMMAND /var/log/debug*
-    shred -zu /var/log/cron.*
+    $REMOVE_FILES_COMMAND /var/log/cron.*
-    shred -zu /var/log/auth.*
+    $REMOVE_FILES_COMMAND /var/log/auth.*
-    shred -zu /var/log/mail.*
+    $REMOVE_FILES_COMMAND /var/log/mail.*
-    shred -zu /var/log/daemon.*
+    $REMOVE_FILES_COMMAND /var/log/daemon.*
-    shred -zu /var/log/user.*
+    $REMOVE_FILES_COMMAND /var/log/user.*
-    shred -zu /var/log/messages*
+    $REMOVE_FILES_COMMAND /var/log/messages*
 }
 function turn_on_rsys_logging {
@ -78,29 +125,26 @@ if [ ! "$1" ]; then
 fi
 if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
-    if [ -f /var/lib/matrix/homeserver.yaml ]; then
+    turn_logging_on
-        sed -i 's|log_file:.*|log_file: /etc/matrix/homeserver.log|g' /var/lib/matrix/homeserver.yaml
+
        if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
            sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
        fi
    fi
    if [ -f /etc/fail2ban/fail2ban.conf ]; then
        sed -i 's|loglevel.*|loglevel = 3|g' /etc/fail2ban/fail2ban.conf
        sed -i 's|logtarget.*|logtarget = /var/log/fail2ban.log|g' /etc/fail2ban/fail2ban.conf
    fi
    if [ -d /etc/tor ]; then
-        if [ ! -f /var/log/tor.log ]; then
+        if [ ! -d /var/log/tor ]; then
-            touch /var/log/tor.log
+            mkdir /var/log/tor
-            chown debian-tor:debian-tor /var/log/tor.log
+            chown -R debian-tor:adm /var/log/tor
        fi
-        sed -i 's|#Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
+        if [ ! -f /var/log/tor/notices.log ]; then
-        sed -i 's|Log notice file.*|Log notice file /var/log/tor.log|g' /etc/tor/torrc
+            touch /var/log/tor/notices.log
            chown debian-tor:adm /var/log/tor/notices.log
        fi
        sed -i 's|#Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
        sed -i 's|Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
    fi
-    if [ -f /etc/mumble-server.ini ]; then
+    if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
-        sed -i 's|logfile=.*|logfile=/var/log/mumble-server.log|g' /etc/mumble-server.ini
+        sed -i 's|error_log =.*|error_log = /var/log/php-fpm.log|g' /etc/php/7.0/fpm/php-fpm.conf
    fi
    if [ -f /etc/php5/fpm/php-fpm.conf ]; then
        sed -i 's|error_log =.*|error_log = /var/log/php5-fpm.log|g' /etc/php5/fpm/php-fpm.conf
    fi
    if [ -d /etc/nginx ]; then
        if [ ! -d /var/log/nginx ]; then
@ -117,15 +161,6 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
    if [ -f /etc/init.d/spamassassin ]; then
        sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
    fi
    if [ -d /etc/prosody ]; then
        if [ ! -d /var/log/prosody ]; then
            mkdir /var/log/prosody
            chown root:adm /var/log/prosody
        fi
        sed -i 's|info = "/dev/null";|info = "/var/log/prosody/prosody.log";|g' /etc/prosody/prosody.cfg.lua
        sed -i 's|error = "/dev/null";|error = "/var/log/prosody/prosody.err";|g' /etc/prosody/prosody.cfg.lua
        sed -i 's|levels = { "error" }; to = "/dev/null";|levels = { "error" }; to = "syslog";|g' /etc/prosody/prosody.cfg.lua
    fi
    if [ -d /etc/exim4 ]; then
        if [ ! -d /var/log/exim4 ]; then
            mkdir /var/log/exim4
@ -149,40 +184,19 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
    fi
    turn_on_rsys_logging
 else
-    if [ -f /var/lib/matrix/homeserver.yaml ]; then
+    turn_logging_off
-        sed -i 's|log_file:.*|log_file: /dev/null|g' /var/lib/matrix/homeserver.yaml
+
        if ! grep -q "#log_config:" /var/lib/matrix/homeserver.yaml; then
            sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
        fi
        if [ -f /etc/matrix/homeserver.log ]; then
            shred -zu /etc/matrix/homeserver.log
        fi
        if [ -f /etc/matrix/homeserver.log.1 ]; then
            shred -zu /etc/matrix/homeserver.log.1
        fi
    fi
    if [ -d /etc/tor ]; then
        sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
        sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
        if [ -d /var/log/tor ]; then
            shred -zu /var/log/tor/*
            rm -rf /var/log/tor
        fi
    fi
    if [ -f /etc/mumble-server.ini ]; then
        sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
        if [ -d /var/log/mumble-server ]; then
            shred -zu /var/log/mumble-server/*
            rm -rf /var/log/mumble-server
        fi
    fi
    if [ -d /var/log/radicale ]; then
-        shred -zu /var/log/radicale/*
+        $REMOVE_FILES_COMMAND /var/log/radicale/*
        rm -rf /var/log/radicale
    fi
-    if [ -f /etc/php5/fpm/php-fpm.conf ]; then
+    if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
-        sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php5/fpm/php-fpm.conf
+        sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php/7.0/fpm/php-fpm.conf
-        shred -zu /var/log/php5-fpm.*
+        $REMOVE_FILES_COMMAND /var/log/php-fpm.*
    fi
    if [ -d /etc/nginx ]; then
        for filename in /etc/nginx/sites-available/* ; do
@ -192,40 +206,33 @@ else
        done
        sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
        sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
-        shred -zu /var/log/nginx/*
+        $REMOVE_FILES_COMMAND /var/log/nginx/*
    fi
    if [ -f /etc/init.d/spamassassin ]; then
        sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
    fi
    if [ -d /etc/prosody ]; then
        sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
        sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
        sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
        shred -zu /var/log/prosody/*
        rm -rf /var/log/prosody
    fi
    if [ -d /etc/exim4 ]; then
        sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
        sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/exim4.conf.template
        sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
-        shred -zu /var/log/exim4/*
+        $REMOVE_FILES_COMMAND /var/log/exim4/*
    fi
    if [ -f /etc/dovecot/dovecot.conf ]; then
        sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf
        sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
        sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
-        shred -zu /var/log/mail.*
+        $REMOVE_FILES_COMMAND /var/log/mail.*
-        shred -zu /var/log/dovecot*
+        $REMOVE_FILES_COMMAND /var/log/dovecot*
    fi
    if [ -d /etc/mysql ]; then
        if [ -d /var/log/mysql ]; then
-            shred -zu /var/log/mysql/*
+            $REMOVE_FILES_COMMAND /var/log/mysql/*
        fi
        if [ -f /var/log/mysql.err ]; then
-            shred -zu /var/log/mysql.err
+            $REMOVE_FILES_COMMAND /var/log/mysql.err
        fi
        if [ -f /var/log/mysql.log ]; then
-            shred -zu /var/log/mysql.log
+            $REMOVE_FILES_COMMAND /var/log/mysql.log
        fi
        if [ -f /etc/mysql/my.cnf ]; then
            sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
@ -234,11 +241,26 @@ else
    if [ -f /etc/fail2ban/fail2ban.conf ]; then
        sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf
        sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf
-        shred -zu /var/log/fail2ban.*
+        $REMOVE_FILES_COMMAND /var/log/fail2ban.*
    fi
    turn_off_rsys_logging
 fi
 if [ -d /etc/exim4 ]; then
    update-exim4.conf.template -r
    update-exim4.conf
    dpkg-reconfigure --frontend noninteractive exim4-config
 fi
 if [[ "$2" == "--reboot"* || "$2" == "--restart"* ]]; then
    # if we are rebooting anyway then there is no need to
    # restart the daemons
    exit 0
 fi
 if [ -d /etc/exim4 ]; then
    systemctl restart exim4
 fi
 systemctl restart syslog
 if [ -d /etc/tor ]; then
    if [[ "$2" != "--onion" ]]; then
@ -246,7 +268,7 @@ if [ -d /etc/tor ]; then
    fi
 fi
 if [ -d /etc/nginx ]; then
-    systemctl restart php5-fpm
+    systemctl restart php7.0-fpm
    systemctl restart nginx
 fi
 if [ -f /etc/init.d/spamassassin ]; then
@ -255,12 +277,6 @@ fi
 if [ -d /etc/prosody ]; then
    systemctl restart prosody
 fi
 if [ -d /etc/exim4 ]; then
    update-exim4.conf.template -r
    update-exim4.conf
    dpkg-reconfigure --frontend noninteractive exim4-config
    systemctl restart exim4
 fi
 if [ -d /etc/dovecot ]; then
    systemctl restart dovecot
 fi
--- a/src/freedombone-mesh
+++ b/src/freedombone-mesh
@ -42,7 +42,7 @@ DHTNODES=/usr/share/toxic/DHTnodes
 PEERS_FILE=/tmp/meshpeers.txt
 TOX_PORT=33445
-TOXCORE_REPO='git://github.com/irungentoo/toxcore.git'
+TOXCORE_REPO='https://github.com/irungentoo/toxcore'
 TOXCORE_COMMIT=
 # obtain tox values from main install
 if grep -q "TOX_PORT=" $CONFIG_FILE; then
@ -71,7 +71,7 @@ function install_toxcore {
    sudo apt-get -yq install build-essential libtool autotools-dev
    sudo apt-get -yq install automake checkinstall check git yasm
-    sudo apt-get -yq install libsodium13 libsodium-dev libcap2-bin
+    sudo apt-get -yq install libsodium18 libsodium-dev libcap2-bin
    sudo apt-get -yq install libconfig9 libconfig-dev
    if [ ! -d ~/develop ]; then
@ -121,28 +121,21 @@ function install_toxcore {
    sudo cp /tmp/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
    rm /tmp/tox-bootstrapd.conf
-    if [ -f /bin/systemctl ]; then
+    if [ ! -f ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
-        if [ ! -f ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service ]; then
+        echo $"File not found ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
-            echo $"File not found ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service"
+        exit 7359
            exit 7359
        fi
        sudo cp ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/
        sudo systemctl daemon-reload
        sudo systemctl enable tox-bootstrapd.service
        sudo systemctl start tox-bootstrapd.service
        if [ ! "$?" = "0" ]; then
            sudo systemctl status tox-bootstrapd.service
            exit 5846
        fi
        sudo systemctl restart tox-bootstrapd.service
    else
        sudo cp ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.sh /etc/init.d/tox-bootstrapd
        sudo chmod 755 /etc/init.d/tox-bootstrapd
        sudo update-rc.d tox-bootstrapd defaults
        sudo service tox-bootstrapd start
    fi
    sudo cp ~/develop/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/
    sudo systemctl daemon-reload
    sudo systemctl enable tox-bootstrapd.service
    sudo systemctl start tox-bootstrapd.service
    if [ ! "$?" = "0" ]; then
        sudo systemctl status tox-bootstrapd.service
        exit 5846
    fi
    sudo systemctl restart tox-bootstrapd.service
    TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
    if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@ -55,6 +55,7 @@ fi
 CELLID='any'
 CHANNEL=2
 HOTSPOT_CHANNEL=6
 if [ -f $COMPLETION_FILE ]; then
    if grep -q "Wifi channel:" $COMPLETION_FILE; then
        CHANNEL=$(cat $COMPLETION_FILE | grep "Wifi channel:" | awk -F ':' '{print $2}')
@ -251,7 +252,7 @@ function start {
                ifconfig $IFACE_SECONDARY mtu 1500
                ifconfig $IFACE_SECONDARY hw ether $(assign_peer_address)
                iwconfig $IFACE_SECONDARY enc open
-                iwconfig $IFACE_SECONDARY mode managed essid $HOTSPOT_NAME channel ${CHANNEL}
+                iwconfig $IFACE_SECONDARY mode managed essid $HOTSPOT_NAME channel ${HOTSPOT_CHANNEL}
                iwconfig $IFACE_SECONDARY ap $CELLID
                brctl addbr $BRIDGE_HOTSPOT
@ -268,7 +269,7 @@ function start {
                echo "country_code=UK" >> /etc/hostapd/hostapd.conf
                echo "ssid=$HOTSPOT_NAME" >> /etc/hostapd/hostapd.conf
                echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
-                echo "channel=${CHANNEL}" >> /etc/hostapd/hostapd.conf
+                echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
                echo 'wpa=2' >> /etc/hostapd/hostapd.conf
                echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
                echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
--- a/src/freedombone-mesh-install
+++ b/src/freedombone-mesh-install
@ -47,7 +47,6 @@ WIFI_SSID='mesh'
 rootdir=''
 FN=
 CHROOT_PREFIX=''
 FRIENDS_MIRRORS_SERVER=
 # To avoid confusions these are obtained from the main project file
 TOXID_REPO=
@ -233,8 +232,8 @@ function mesh_firewall {
 }
 function enable_tox_repo {
-    sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > /etc/apt/sources.list.d/tox.list"
+    sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > /etc/apt/sources.list.d/tox.list"
-    wget http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key
+    wget http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key
    sudo sh -c "apt-key add - < Release.key"
    sudo apt-get update
    echo "Tox Repository Installed."
@ -273,10 +272,6 @@ do
        shift
        WIFI_INTERFACE="$1"
        ;;
    -m|--mirror)
        shift
        FRIENDS_MIRRORS_SERVER="$1"
        ;;
    --remove)
        shift
        REMOVE="$1"
--- a/src/freedombone-mirrors
+++ b/src/freedombone-mirrors
@ -1,288 +0,0 @@
 #!/bin/bash
 #
 # .---.                  .              .
 # |                      |              |
 # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
 # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
 # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
 #
 #                    Freedom in the Cloud
 #
 # Mirror git repos which the project depends on
 #
 # License
 # =======
 #
 # Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-mirrors
 export TEXTDOMAINDIR="/usr/share/locale"
 # Minimum number of characters in a password
 MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
 CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 # used to mirror a single application
 SYNC_SINGLE_APP=
 # if this is blank then just use the default repos
 FRIENDS_MIRRORS_SERVER=
 UTILS_REPOS=
 INSTALLED_APPS_REPOS=
 MY_MIRRORS_PASSWORD=
 FRIENDS_MIRRORS_PASSWORD=
 NEW_MIRRORS='no'
 FRIENDS_MIRRORS_SSH_PORT=2222
 MAIN_COMMAND=/usr/local/bin/${PROJECT_NAME}
 if [ ! -f $MAIN_COMMAND ]; then
    MAIN_COMMAND=/usr/bin/${PROJECT_NAME}
 fi
 # local repos for utils
 UTILS_REPOS=($(cat ${MAIN_COMMAND} /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* | grep "_REPO=\"" | grep -v "(cat " | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
 UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
 for f in $UTILS_FILES
 do
    source $f
 done
 # obtain the mirrors password if it exists
 read_config_param MY_MIRRORS_PASSWORD
 read_config_param FRIENDS_MIRRORS_SERVER
 read_config_param FRIENDS_MIRRORS_PASSWORD
 read_config_param FRIENDS_MIRRORS_SSH_PORT
 function show_help {
    echo ''
    echo $"${PROJECT_NAME}-mirrors --sync [domain/url] -p [password]"
    echo ''
    echo $'Creates or syncs with a set of git repositories'
    echo ''
    echo $'     --help                   Show help'
    echo $'  -n|--new [yes|no]           Start a new mirrors'
    echo $"  -p|--password [password]    Friend's mirrors user password"
    echo $"  -m|--mypassword [password]  Local mirrors user password"
    echo $"     --port [number]          Friend's server ssh port number"
    echo $"  -s|--sync [domain]          Friend's server domain to sync with"
    echo ''
    exit 0
 }
 function create_mirrors_user {
    if [ -d /home/mirrors ]; then
        return
    fi
    create_password=1
    if [ ${#MY_MIRRORS_PASSWORD} -ge ${MINIMUM_PASSWORD_LENGTH} ]; then
        create_password=
    fi
    if [ $create_password ]; then
        MY_MIRRORS_PASSWORD=$(openssl rand -base64 64 | tr -dc A-Za-z0-9 | head -c 18)
    fi
    chmod 600 /etc/shadow
    chmod 600 /etc/gshadow
    useradd -m -p "$MY_MIRRORS_PASSWORD" -s /bin/bash mirrors
    chmod 0000 /etc/shadow
    chmod 0000 /etc/gshadow
    # remove any existing user files
    rm -rf /home/mirrors/*
    # store the mirrors password
    write_config_param "MY_MIRRORS_PASSWORD" "${MY_MIRRORS_PASSWORD}"
 }
 function enable_mirrors_via_onion {
    if ! grep -q 'Host *.onion' /home/mirrors/.ssh/config; then
        if [ ! -d /home/mirrors/.ssh ]; then
            mkdir /home/mirrors/.ssh
        fi
        echo 'Host *.onion' >> /home/mirrors/.ssh/config
        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/mirrors/.ssh/config
        chown mirrors:mirrors /home/mirrors/.ssh
        chown mirrors:mirrors /home/mirrors/.ssh/config
    fi
 }
 function update_installed_single_repo {
    # only deal with a single app
    filename=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${SYNC_SINGLE_APP}
    if [ ! -f $filename ]; then
        echo $"The app $SYNC_SINGLE_APP was not found"
        exit 36822
    fi
    APP_REPOS=($(cat ${MAIN_COMMAND} $filename | grep "_REPO=\"" | grep -v "(cat " | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
    for line in "${APP_REPOS[@]}"
    do
        INSTALLED_APPS_REPOS+=("${line}")
    done
 }
 function update_installed_apps_repos {
    INSTALLED_APPS_REPOS=()
    function_check app_is_installed
    if [ $SYNC_SINGLE_APP ]; then
        update_installed_single_repo
        return
    fi
    # all apps currently installed
    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
    # for all the app scripts
    for filename in $FILES
    do
        app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
        if [[ "$(app_is_installed ${app_name})" == "1" ]]; then
            APP_REPOS=($(cat ${MAIN_COMMAND} $filename | grep "_REPO=\"" | grep -v "(cat " | uniq -u | sed 's|${PROJECT_NAME}|'"${PROJECT_NAME}"'|g'))
            for line in "${APP_REPOS[@]}"
            do
                INSTALLED_APPS_REPOS+=("${line}")
            done
        fi
    done
 }
 function update_repos_from_friend_base {
    syncrepos=${1}
    new_repos=()
    for line in $syncrepos
    do
        repo_name=$(echo "$line" | awk -F '=' '{print $1}')
        mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
        friends_repo_url="ssh://mirrors@${FRIENDS_MIRRORS_SERVER}:${FRIENDS_MIRRORS_SSH_PORT}/home/mirrors/${mirrors_name}"
        new_line="${repo_name}=\"${friends_repo_url}\""
        new_repos+=($new_line)
    done
 }
 function update_repos_from_friend {
    if [ ! $FRIENDS_MIRRORS_SERVER ]; then
       return
    fi
    if [ ${#FRIENDS_MIRRORS_SERVER} -lt 2 ]; then
        return
    fi
    update_repos_from_friend_base "${UTILS_REPOS[@]}"
    UTILS_REPOS=("${new_repos[@]}")
    update_repos_from_friend_base "${INSTALLED_APPS_REPOS[@]}"
    INSTALLED_APPS_REPOS=("${new_repos[@]}")
 }
 function sync_mirrors_base {
    syncrepos=${1}
    for line in $syncrepos
    do
        repo_name=$(echo "$line" | awk -F '=' '{print $1}')
        repo_url=$(echo "$line" | awk -F '=' '{print $2}'  | awk -F '"' '{print $2}')
        mirrors_name=$(echo "$repo_name" | sed "s|_REPO||g" | awk '{print tolower($0)}')
        if [[ ${mirrors_name} != 'debian' ]]; then
            if [[ $NEW_MIRRORS == 'yes' ]]; then
                if [ -d /home/mirrors/${mirrors_name} ]; then
                    rm -rf /home/mirrors/${mirrors_name}
                fi
            fi
            if [ ! -d /home/mirrors/${mirrors_name} ]; then
                if [[ ${repo_url} != 'ssh:'* ]]; then
                    git clone --mirror ${repo_url} /home/mirrors/${mirrors_name}
                else
                    sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git clone --mirror ${repo_url} /home/mirrors/${mirrors_name}
                fi
                if [ ! -d /home/mirrors/${mirrors_name} ]; then
                    echo $"WARNING: failed to mirror repo ${repo_url}"
                fi
            else
                cd /home/mirrors/${mirrors_name}
                git remote set-url origin ${repo_url}
                if [[ ${repo_url} != 'ssh:'* ]]; then
                    git fetch -p origin
                else
                    sshpass -p "$FRIENDS_MIRRORS_PASSWORD" git fetch -p origin
                fi
            fi
        fi
    done
    chown -R mirrors:mirrors /home/mirrors
 }
 function sync_mirrors_repos {
    if [ ! $SYNC_SINGLE_APP ]; then
        sync_mirrors_base "${UTILS_REPOS[@]}"
    fi
    sync_mirrors_base "${INSTALLED_APPS_REPOS[@]}"
 }
 while [[ $# > 1 ]]
 do
 key="$1"
 case $key in
    --help)
    show_help
    ;;
    -s|--sync)
    shift
    # use repos on another server
    FRIENDS_MIRRORS_SERVER="$1"
    ;;
    -m|--mypass|--mypassword)
    shift
    MY_MIRRORS_PASSWORD="$1"
    write_config_param "MY_MIRRORS_PASSWORD" "${MY_MIRRORS_PASSWORD}"
    ;;
    -p|--pass|--password)
    shift
    FRIENDS_MIRRORS_PASSWORD="$1"
    write_config_param "FRIENDS_MIRRORS_PASSWORD" "${FRIENDS_MIRRORS_PASSWORD}"
    ;;
    -n|--new)
    shift
    NEW_MIRRORS="$1"
    ;;
    --port)
    shift
    FRIENDS_MIRRORS_SSH_PORT=${1}
    ;;
    -a|--app)
    shift
    SYNC_SINGLE_APP="${1}"
    ;;
    *)
    # unknown option
    ;;
 esac
 shift
 done
 create_mirrors_user
 enable_mirrors_via_onion
 update_installed_apps_repos
 update_repos_from_friend
 sync_mirrors_repos
 exit 0
--- a/src/freedombone-pass
+++ b/src/freedombone-pass
@ -22,7 +22,7 @@
 # License
 # =======
 #
-# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -57,9 +57,7 @@ MASTER_PASSWORD=''
 NO_PASSWORD_STORE_FILE=~/.nostore
 function get_backup_key_id {
-    MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | \
+    MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
                           grep 'pub ' | awk -F ' ' '{print $2}' | \
                           awk -F '/' '{print $2}')
    if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
        echo $"Error: gpg backup key was not found"
        return 58213
@ -121,6 +119,11 @@ function run_tests {
        exit 78352
    fi
    ${PROJECT_NAME}-pass -u root -a tests -p "$pass"
    if [ ! "$?" = "0" ]; then
        echo $'Unable to encrypt password'
        exit 72725
    fi
    echo $'Password encrypted'
    returned_pass=$(${PROJECT_NAME}-pass -u root -a tests)
    if [[ "$pass" != "$returned_pass" ]]; then
        echo "pass     :${pass}:"
@ -128,6 +131,7 @@ function run_tests {
        echo "returned :${returned_pass}:"
        exit 73825
    fi
    echo $'Password decrypted'
    ${PROJECT_NAME}-pass -u root --rmapp tests
    echo "Tests passed"
 }
@ -303,7 +307,7 @@ if [ ${#CURR_PASSWORD} -eq 0 ]; then
        echo ""
        exit 4
    else
-        pass=$(gpg -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
+        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
        remove_padding "${pass}"
    fi
 else
@ -318,7 +322,7 @@ else
        mkdir -p ~/.passwords/$CURR_USERNAME
    fi
    # padding helps to ensure than nothing can be learned from the length of the cyphertext
-    pad_string "${CURR_PASSWORD}" | gpg -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
+    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
    if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
        MASTER_PASSWORD=
        exit 5
--- a/src/freedombone-prepare-scripts
+++ b/src/freedombone-prepare-scripts
@ -0,0 +1,49 @@
 #!/bin/bash
 #
 # .---.                  .              .
 # |                      |              |
 # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
 # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
 # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
 #
 #                    Freedom in the Cloud
 #
 # Prepares control scripts
 #
 # License
 # =======
 #
 # Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 PROJECT_NAME='freedombone'
 cat /usr/local/bin/${PROJECT_NAME}-vars /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* > /tmp/includescripts
 cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel > /usr/local/bin/control
 cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel-user > /usr/local/bin/controluser
 cat /tmp/includescripts /usr/local/bin/freedombone-addremove > /usr/local/bin/addremove
 sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/control
 sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/controluser
 sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/addremove
 chmod +x /usr/local/bin/control
 chmod +x /usr/local/bin/controluser
 chmod +x /usr/local/bin/addremove
 rm /tmp/includescripts
 exit 0
--- a/src/freedombone-recoverkey
+++ b/src/freedombone-recoverkey
@ -42,20 +42,13 @@ do
    source $f
 done
 read_config_param USB_DRIVE
 FRIENDS_SERVERS_LIST=
 MY_USERNAME=
 if [ $USB_DRIVE ]; then
    GPG_USB_DRIVE=$USB_DRIVE
 else
    GPG_USB_DRIVE='/dev/sdb1'
 fi
 function show_help {
    echo ''
-    echo $"${PROJECT_NAME}-recoverkey -u [username] -d [drive]"
+    echo $"${PROJECT_NAME}-recoverkey -u [username]"
-    echo $'                       -l [friends servers list filename]'
+    echo $'                           -l [friends servers list filename]'
    echo ''
    exit 0
 }
@ -78,10 +71,6 @@ do
            shift
            FRIENDS_SERVERS_LIST="$1"
            ;;
        -d|--drive)
            shift
            GPG_USB_DRIVE=/dev/${1}1
            ;;
        *)
            # unknown option
            ;;
@ -174,7 +163,7 @@ fi
 echo $'Key fragments recombined'
 # import the gpg key
-su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
+gpg --homedir=/home/$MY_USERNAME/.gnupg --allow-secret-key-import --import $KEYS_FILE
 if [ ! "$?" = "0" ]; then
    echo $'Unable to import gpg key'
    shred -zu $KEYS_FILE
--- a/src/freedombone-renew-cert
+++ b/src/freedombone-renew-cert
@ -135,7 +135,7 @@ function renew_startssl {
        sed -i "s|$HOSTNAME.crt|$HOSTNAME.bundle.crt|g" /etc/nginx/sites-available/$HOSTNAME
        echo $'Certificate installed'
-        service nginx restart
+        systemctl restart nginx
        return
    fi
--- a/src/freedombone-restore-local
+++ b/src/freedombone-restore-local
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -44,6 +44,25 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
    PROJECT_INSTALL_DIR=/usr/bin
 fi
 # MariaDB password
 DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
 function please_wait {
        local str width height length
        width=$(tput cols)
        height=$(tput lines)
        str="Standby to restore from USB"
        length=${#str}
        clear
        tput cup $((height / 2)) $(((width / 2) - (length / 2)))
        echo "$str"
        tput cup $((height * 3 / 5)) $(((width / 2)))
        echo -n ''
 }
 please_wait
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 # include utils which allow function_check, go and drive mount
@ -53,6 +72,8 @@ do
    source $f
 done
 clear
 USB_DRIVE=/dev/sdb1
 USB_MOUNT=/mnt/usb
@ -65,9 +86,6 @@ if [ -f $COMPLETION_FILE ]; then
    ADMIN_USERNAME=$(get_completion_param "Admin user")
 fi
 # MariaDB password
 DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
 function check_backup_exists {
    if [ ! -d $USB_MOUNT/backup ]; then
        echo $"No backup directory found on the USB drive."
@ -90,6 +108,29 @@ function check_admin_user {
 function copy_gpg_keys {
    echo $"Copying GPG keys from admin user to root"
    cp -r /home/$ADMIN_USERNAME/.gnupg /root
    gpg_set_permissions root
 }
 function restore_blocklist {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'blocklist' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/blocklist ]; then
        echo $"Restoring blocklist"
        temp_restore_dir=/root/tempblocklist
        restore_directory_from_usb $temp_restore_dir blocklist
        if [ -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg ]; then
            cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
        fi
        rm -rf $temp_restore_dir
        firewall_refresh_blocklist
    fi
 }
 function restore_configfiles {
@ -100,9 +141,9 @@ function restore_configfiles {
    fi
    # this restores *.cfg and COMPLETION_FILE
-    if [ -d $USB_MOUNT/backup/config ]; then
+    if [ -d $USB_MOUNT/backup/configfiles ]; then
        echo $"Restoring configuration files"
-        temp_restore_dir=/root/tempconfig
+        temp_restore_dir=/root/tempconfigfiles
        restore_directory_from_usb $temp_restore_dir configfiles
        if [ -f $temp_restore_dir/root/.nostore ]; then
@ -115,34 +156,34 @@ function restore_configfiles {
            fi
        fi
-        if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
+        #if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
-            cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
+        #    cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
-        fi
+        #fi
-        if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
+        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
-            cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
+        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
-            if [ ! "$?" = "0" ]; then
+        #    if [ ! "$?" = "0" ]; then
-                set_user_permissions
+        #        set_user_permissions
-                backup_unmount_drive
+        #        backup_unmount_drive
-                rm -rf $temp_restore_dir
+        #        rm -rf $temp_restore_dir
-                exit 5294
+        #        exit 5294
-            fi
+        #    fi
-        fi
+        #fi
-        if [ -f $CONFIGURATION_FILE ]; then
+        #if [ -f $CONFIGURATION_FILE ]; then
-            # install according to the config file
+        #    # install according to the config file
-            freedombone -c $CONFIGURATION_FILE
+        #    freedombone -c $CONFIGURATION_FILE
-        fi
+        #fi
-        if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
+        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
-            cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
+        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
-            if [ ! "$?" = "0" ]; then
+        #    if [ ! "$?" = "0" ]; then
-                set_user_permissions
+        #        set_user_permissions
-                backup_unmount_drive
+        #        backup_unmount_drive
-                rm -rf $temp_restore_dir
+        #        rm -rf $temp_restore_dir
-                exit 6382
+        #        exit 6382
-            fi
+        #    fi
-        fi
+        #fi
        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
@ -187,15 +228,20 @@ function restore_mariadb {
    if [ -d $USB_MOUNT/backup/mariadb ]; then
        echo $"Restoring mysql settings"
        keep_database_running
        temp_restore_dir=/root/tempmariadb
        restore_directory_from_usb $temp_restore_dir mariadb
-        echo $'Obtaining MariaDB password'
+
-        db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        store_original_mariadb_password
        echo $'Obtaining original MariaDB password'
        db_pass=$(cat /root/.mariadboriginal)
        if [ ${#db_pass} -gt 0 ]; then
            echo $"Restore the MariaDB user table"
-            mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
+            mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
            if [ ! "$?" = "0" ]; then
                echo $"Try again using the password obtained from backup"
                db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
                mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
            fi
            if [ ! "$?" = "0" ]; then
@ -205,10 +251,11 @@ function restore_mariadb {
                exit 962
            fi
            echo $"Restarting database"
-            service mysql restart
+            systemctl restart mariadb
-            echo $"Change the MariaDB password to the backup version"
+            echo $"Ensure MariaDB handles authentication"
-            DATABASE_PASSWORD="$db_pass"
+            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-            ${PROJECT_NAME}-pass -u root -a mariadb -p "$DATABASE_PASSWORD"
+            mariadb_fix_authentication
            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
        fi
        rm -rf $temp_restore_dir
    fi
@ -235,6 +282,7 @@ function restore_passwordstore {
        fi
    fi
    if [ -d $USB_MOUNT/backup/passwordstore ]; then
        store_original_mariadb_password
        echo $"Restoring password store"
        restore_directory_from_usb / passwordstore
    fi
@ -270,9 +318,13 @@ function restore_mutt_settings {
                restore_directory_from_usb $temp_restore_dir mutt/$USERNAME
                if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc ]; then
                    cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
                    sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
                    sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
                fi
                if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc ]; then
                    cp -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
                    sed -i '/set sidebar_delim/d' /etc/Muttrc
                    sed -i '/set sidebar_sort/d' /etc/Muttrc
                fi
                if [ ! "$?" = "0" ]; then
                    rm -rf $temp_restore_dir
@ -287,11 +339,10 @@ function restore_mutt_settings {
 }
 function restore_gpg {
-    if [[ $RESTORE_APP != 'all' ]]; then
+    if [[ $RESTORE_APP != 'gpg' ]]; then
-        if [[ $RESTORE_APP != 'gpg' ]]; then
+        return
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/gnupg ]; then
        for d in $USB_MOUNT/backup/gnupg/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
@ -310,6 +361,7 @@ function restore_gpg {
                    exit 276
                fi
                rm -rf $temp_restore_dir
                gpg_set_permissions $USERNAME
                if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
                    cp -r /home/$USERNAME/.gnupg /root
                    if [ ! "$?" = "0" ]; then
@ -317,6 +369,7 @@ function restore_gpg {
                        backup_unmount_drive
                        exit 283
                    fi
                    gpg_set_permissions root
                fi
            fi
        done
@ -585,6 +638,7 @@ function restore_certs {
            exit 276
        fi
        rm -rf /root/tempssl
        update-ca-certificates
        # restore ownership
        if [ -f /etc/ssl/private/xmpp.key ]; then
@ -710,6 +764,7 @@ backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
 check_backup_exists
 check_admin_user
 copy_gpg_keys
 restore_blocklist
 restore_configfiles
 same_admin_user
 restore_passwordstore
--- a/src/freedombone-restore-remote
+++ b/src/freedombone-restore-remote
@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@ -99,6 +99,30 @@ DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
 function copy_gpg_keys {
    echo $"Copying GPG keys from admin user to root"
    cp -r /home/$ADMIN_USERNAME/.gnupg /root
    gpg_set_permissions root
 }
 function restore_blocklist {
    if [[ $RESTORE_APP != 'all' ]]; then
        if [[ $RESTORE_APP != 'blocklist' ]]; then
            return
        fi
    fi
    if [ -d $USB_MOUNT/backup/blocklist ]; then
        echo $"Restoring blocklist"
        temp_restore_dir=/root/tempblocklist
        restore_directory_from_friend $temp_restore_dir blocklist
        restore_directory_from_usb $temp_restore_dir blocklist
        if [ -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg ]; then
            cp -f $temp_restore_dir/root/tempbackupblocklist/${PROJECT_NAME}-firewall-domains.cfg /root/${PROJECT_NAME}-firewall-domains.cfg
        fi
        rm -rf $temp_restore_dir
        firewall_refresh_blocklist
    fi
 }
 function restore_configfiles {
@ -107,9 +131,9 @@ function restore_configfiles {
            return
        fi
    fi
-    if [ -d $SERVER_DIRECTORY/backup/config ]; then
+    if [ -d $SERVER_DIRECTORY/backup/configfiles ]; then
        echo $"Restoring configuration files"
-        temp_restore_dir=/root/tempconfig
+        temp_restore_dir=/root/tempconfigfiles
        restore_directory_from_friend $temp_restore_dir configfiles
        if [ -f $temp_restore_dir/root/.nostore ]; then
@ -122,32 +146,32 @@ function restore_configfiles {
            fi
        fi
-        if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
+        #if [ -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE ]; then
-            cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
+        #    cp -f $temp_restore_dir$NODEJS_INSTALLED_APPS_FILE $NODEJS_INSTALLED_APPS_FILE
-        fi
+        #fi
-        if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
+        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}.cfg ]; then
-            cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
+        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}.cfg $CONFIGURATION_FILE
-            if [ ! "$?" = "0" ]; then
+        #    if [ ! "$?" = "0" ]; then
-                unmount_drive
+        #        unmount_drive
-                rm -rf $temp_restore_dir
+        #        rm -rf $temp_restore_dir
-                exit 5372
+        #        exit 5372
-            fi
+        #    fi
-        fi
+        #fi
-        if [ -f $CONFIGURATION_FILE ]; then
+        #if [ -f $CONFIGURATION_FILE ]; then
-            # install according to the config file
+        #    # install according to the config file
-            freedombone -c $CONFIGURATION_FILE
+        #    freedombone -c $CONFIGURATION_FILE
-        fi
+        #fi
-        if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
+        #if [ -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt ]; then
-            cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
+        #    cp -f $temp_restore_dir/root/${PROJECT_NAME}-completed.txt $COMPLETION_FILE
-            if [ ! "$?" = "0" ]; then
+        #    if [ ! "$?" = "0" ]; then
-                unmount_drive
+        #        unmount_drive
-                rm -rf $temp_restore_dir
+        #        rm -rf $temp_restore_dir
-                exit 7252
+        #        exit 7252
-            fi
+        #    fi
-        fi
+        #fi
        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
@ -184,13 +208,16 @@ function restore_mariadb {
        temp_restore_dir=/root/tempmariadb
        restore_directory_from_friend $temp_restore_dir mariadb
        store_original_mariadb_password
        echo $'Obtaining MariaDB password'
-        db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        db_pass=$(cat /root/.mariadboriginal)
        if [ ${#db_pass} -gt 0 ]; then
            echo $"Restore the MariaDB user table"
-            mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
+            mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
            if [ ! "$?" = "0" ]; then
                echo $"Try again using the password obtained from backup"
                db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
                mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}${temp_restore_dir}/mysql.sql)
            fi
            if [ ! "$?" = "0" ]; then
@ -198,10 +225,10 @@ function restore_mariadb {
                exit 962
            fi
            echo $"Restarting database"
-            service mysql restart
+            systemctl restart mariadb
-            echo $"Change the MariaDB password to the backup version"
+            echo $"Ensure MariaDB handles authentication"
-            DATABASE_PASSWORD="$db_pass"
+            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-            ${PROJECT_NAME}-pass -u root -a mariadb -p "$DATABASE_PASSWORD"
+            mariadb_fix_authentication
        fi
        rm -rf ${temp_restore_dir}
    fi
@ -226,6 +253,7 @@ function restore_passwordstore {
        fi
    fi
    if [ -d $SERVER_DIRECTORY/backup/passwordstore ]; then
        store_original_mariadb_password
        echo $"Restoring password store"
        restore_directory_from_friend / passwordstore
    fi
@ -261,9 +289,13 @@ function restore_mutt_settings {
                restore_directory_from_friend ${temp_restore_dir} mutt/$USERNAME
                if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc ]; then
                    cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
                    sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
                    sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
                fi
                if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc ]; then
                    cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
                    sed -i '/set sidebar_delim/d' /etc/Muttrc
                    sed -i '/set sidebar_sort/d' /etc/Muttrc
                fi
                if [ ! "$?" = "0" ]; then
                    rm -rf ${temp_restore_dir}
@ -276,11 +308,10 @@ function restore_mutt_settings {
 }
 function restore_gpg {
-    if [[ $RESTORE_APP != 'all' ]]; then
+    if [[ $RESTORE_APP != 'gpg' ]]; then
-        if [[ $RESTORE_APP != 'gpg' ]]; then
+        return
            return
        fi
    fi
    for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
        USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
        if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
@ -302,6 +333,7 @@ function restore_gpg {
                    if [ ! "$?" = "0" ]; then
                        exit 283
                    fi
                    gpg_set_permissions root
                fi
            fi
        fi
@ -538,6 +570,7 @@ function restore_certs {
            exit 276
        fi
        rm -rf /root/tempssl
        update-ca-certificates
        # restore ownership
        if [ -f /etc/ssl/private/xmpp.key ]; then
@ -646,6 +679,7 @@ function restore_email {
 ${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
 copy_gpg_keys
 restore_blocklist
 restore_configfiles
 restore_passwordstore
 restore_mariadb
--- a/src/freedombone-rmuser
+++ b/src/freedombone-rmuser
@ -106,7 +106,7 @@ else
 fi
 if [ -f /etc/nginx/.htpasswd ]; then
-    if grep "${REMOVE_USERNAME}:" /etc/nginx/.htpasswd; then
+    if grep -q "${REMOVE_USERNAME}:" /etc/nginx/.htpasswd; then
        htpasswd -D /etc/nginx/.htpasswd $REMOVE_USERNAME
    fi
 fi
--- a/src/freedombone-sec
+++ b/src/freedombone-sec
@ -566,7 +566,7 @@ function create_letsencrypt {
    if [ ! -d /var/www/${new_domain} ]; then
        domain_found=
        if [ -f /etc/nginx/sites-available/radicale ]; then
-            if grep "${new_domain}" /etc/nginx/sites-available/radicale; then
+            if grep -q "${new_domain}" /etc/nginx/sites-available/radicale; then
                domain_found=1
            fi
        fi
@ -664,7 +664,7 @@ function enable_monkeysphere {
        MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
        if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
-            echo $'monkeysphere unable to get GPG key ID for user $MY_USERNAME'
+            echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME"
            exit 52825
        fi
@ -856,12 +856,12 @@ function remove_tor_bridge {
            if [ ${#response} -gt 2 ]; then
                if [[ "${response}" != *" "* ]]; then
                    if [[ "${response}" == *"."* ]]; then
-                        if grep "Bridge ${response}" /etc/tor/torrc; then
+                        if grep -q "Bridge ${response}" /etc/tor/torrc; then
                            tor_remove_bridge "${response}"
                            bridge_removed=1
                        fi
                    else
-                        if grep " $response" /etc/tor/torrc; then
+                        if grep -q " $response" /etc/tor/torrc; then
                            tor_remove_bridge "${response}"
                            bridge_removed=1
                        fi
--- a/src/freedombone-splitkey
+++ b/src/freedombone-splitkey
@ -39,10 +39,14 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-splitkey
 export TEXTDOMAINDIR="/usr/share/locale"
 # Dummy password to get around not being able to create a key without passphrase
 BACKUP_DUMMY_PASSWORD='backup'
 KEY_FRAGMENTS=3
 MY_USERNAME=
 MY_EMAIL_ADDRESS=
 MY_NAME=
 PASSWORD_FILE=
 function show_help {
    echo ''
@ -75,6 +79,10 @@ case $key in
    shift
    MY_NAME=$1
    ;;
    --passwordfile)
    shift
    PASSWORD_FILE=$1
    ;;
    *)
    # unknown option
    ;;
@ -95,6 +103,13 @@ if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
    exit 5393
 fi
 if [ $PASSWORD_FILE ]; then
    if [ ! -f $PASSWORD_FILE ]; then
        echo $'Password file not found'
        exit 62952
    fi
 fi
 FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
 if [ -d $FRAGMENTS_DIR ]; then
    exit 0
@ -104,31 +119,37 @@ fi
 if [ ! $MY_EMAIL_ADDRESS ]; then
    MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
 fi
-KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - \
+
-           $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//')
 if [ ${#KEYID} -lt 4 ]; then
    echo $"gpg key for $MY_EMAIL_ADDRESS was not found"
-    return 3682
+    exit 3682
 fi
-MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" | \
+MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
                          grep 'pub ' | awk -F ' ' '{print $2}' | \
                          awk -F '/' '{print $2}')
 if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
    echo $"gpg backup key for '$MY_NAME' was not found"
-    return 58213
+    exit 58213
 fi
 # create the key file
 mkdir -p $FRAGMENTS_DIR
 chown $MY_USERNAME:$MY_USERNAME $FRAGMENTS_DIR
 KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
 gpg --output $FRAGMENTS_DIR/pubkey.txt --armor --export $KEYID
 if [ ! "$?" = "0" ]; then
    echo $"Unable to extract public key for $KEYID"
    exit 7835
 fi
-gpg --output $FRAGMENTS_DIR/privkey.txt \
+if [ ! $PASSWORD_FILE ]; then
-    --armor --export-secret-key $KEYID
+    gpg --output $FRAGMENTS_DIR/privkey.txt \
        --armor --export-secret-key $KEYID
 else
    echo "$(printf `cat $PASSWORD_FILE`)" | \
        gpg --batch --passphrase-fd 0 \
        --output $FRAGMENTS_DIR/privkey.txt \
        --armor --export-secret-key $KEYID
 fi
 if [ ! "$?" = "0" ]; then
    echo $"Unable to extract private key for $KEYID"
    exit 7823
@ -136,16 +157,24 @@ fi
 gpg --output $FRAGMENTS_DIR/backup_pubkey.txt \
    --armor --export $MY_BACKUP_KEY_ID
 if [ ! "$?" = "0" ]; then
    shred -zu $FRAGMENTS_DIR/privkey.txt
    echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
    exit 62928
 fi
-gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+echo "$BACKUP_DUMMY_PASSWORD" | \
-    --armor --export-secret-key $MY_BACKUP_KEY_ID
+    gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
        --batch --passphrase-fd 0 \
        --armor --export-secret-key $MY_BACKUP_KEY_ID
 if [ ! "$?" = "0" ]; then
    shred -zu $FRAGMENTS_DIR/privkey.txt
    echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
    exit 13783
 fi
 # Ensure there aren't any permissions problems when running cat
 chmod +r $FRAGMENTS_DIR/privkey.txt
 chmod +r $FRAGMENTS_DIR/backup_privkey.txt
 cat $FRAGMENTS_DIR/pubkey.txt \
    $FRAGMENTS_DIR/privkey.txt \
    $FRAGMENTS_DIR/backup_pubkey.txt \
--- a/src/freedombone-syncthing
+++ b/src/freedombone-syncthing
@ -264,6 +264,14 @@ function user_devices_changed {
        return
    fi
    for d in /home/*/ ; do
        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
        if [ ! -f /home/$USERNAME/.syncthing-server-id ]; then
            CHANGED=1
            return
        fi
    done
    for d in /home/*/ ; do
        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
        if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
@ -294,10 +302,25 @@ function user_devices_changed {
    done
 }
 function syncthing_set_permissions {
    for d in /home/*/ ; do
        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
        if [ -d /home/$USERNAME/Sync ]; then
            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/Sync
        fi
        if [ -d /home/$USERNAME/SyncShared ]; then
            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/SyncShared
        fi
    done
 }
 user_devices_changed
 if [ $CHANGED ]; then
    create_syncthing_config
    syncthing_set_permissions
    systemctl restart syncthing
 else
    syncthing_set_permissions
 fi
 exit 0
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@ -762,6 +762,126 @@ function test_stig {
    output "V-38616" $? ${SETLANG}
    ################
    ##A FIPS 140-2 approved cryptographic algorithm must be used for SSH communications.
    bash $STIG_TESTS_DIR/check-ssh.sh ciphers >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86845r2_rule" $? ${SETLANG}
    ################
    ##The Standard Notice must be displayed immediately prior to, or as part of, remote access logon prompts.
    bash $STIG_TESTS_DIR/check-ssh.sh banner >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86849r2_rule" $? ${SETLANG}
    ################
    ##All networked systems must use SSH for confidentiality and integrity of transmitted and received information as well as information during preparation for transmission.
    bash $STIG_TESTS_DIR/check-ssh.sh sshd_status >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86859r2_rule" $? ${SETLANG}
    ################
    ##All network connections associated with SSH traffic must terminate at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
    bash $STIG_TESTS_DIR/check-ssh.sh ClientAliveInterval >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86861r2_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must not allow authentication using RSA rhosts authentication.
    bash $STIG_TESTS_DIR/check-ssh.sh RhostsRSAAuthentication >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86863r2_rule" $? ${SETLANG}
    ################
    ##All network connections associated with SSH traffic must terminate after a period of inactivity.
    bash $STIG_TESTS_DIR/check-ssh.sh ClientAliveCountMax >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86865r2_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must not allow authentication using rhosts authentication.
    bash $STIG_TESTS_DIR/check-ssh.sh IgnoreRhosts >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86867r2_rule" $? ${SETLANG}
    ################
    ##The system must display the date and time of the last successful account logon upon an SSH logon.
    bash $STIG_TESTS_DIR/check-ssh.sh PrintLastLog >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86869r2_rule" $? ${SETLANG}
    ################
    ##The system must not permit direct logons to the root account using remote access via SSH.
    bash $STIG_TESTS_DIR/check-ssh.sh permitroot >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86871r2_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must not allow authentication using known hosts authentication.
    bash $STIG_TESTS_DIR/check-ssh.sh IgnoreUserKnownHosts >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86873r2_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must be configured to only use the SSHv2 protocol.
    bash $STIG_TESTS_DIR/check-ssh.sh Protocol >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86875r2_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
    bash $STIG_TESTS_DIR/check-ssh.sh macs >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86877r2_rule" $? ${SETLANG}
    ################
    ##The SSH public host key files must have mode 0644 or less permissive.
    bash $STIG_TESTS_DIR/check-ssh.sh pubkeypermissive >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86879r1_rule" $? ${SETLANG}
    ################
    ##The SSH private host key files must have mode 0600 or less permissive.
    bash $STIG_TESTS_DIR/check-ssh.sh hostkeypermissive >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86881r1_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.
    bash $STIG_TESTS_DIR/check-ssh.sh GSSAPIAuthentication >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86883r2_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must not permit Kerberos authentication unless needed.
    bash $STIG_TESTS_DIR/check-ssh.sh KerberosAuthentication >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86885r2_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must perform strict mode checking of home directory configuration files.
    bash $STIG_TESTS_DIR/check-ssh.sh StrictModes >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86887r2_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must use privilege separation.
    bash $STIG_TESTS_DIR/check-ssh.sh UsePrivilegeSeparation >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86889r2_rule" $? ${SETLANG}
    ################
    ##The SSH daemon must not allow compression or must only allow compression after successful authentication.
    bash $STIG_TESTS_DIR/check-ssh.sh Compression >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86891r2_rule" $? ${SETLANG}
    ################
    ##Dont allow remote X connections.
    bash $STIG_TESTS_DIR/check-ssh.sh X11Forwarding >/dev/null 2>&1 &
    stig_spinner $!
    output "SV-86927r2_rule" $? ${SETLANG}
    ################
    ##RHEL-06-000247
    ##The system clock must be synchronized continuously, or at least daily.
@ -844,26 +964,6 @@ function test_stig {
    output "V-38641" $? ${SETLANG}
    ################
    ##RHEL-06-000269
    ##Remote file systems must be mounted with the nodev option.
    if [ "$(mount | grep nfs | wc -l)" -gt 0 ];then
        bash $STIG_TESTS_DIR/check-nfs.sh nodev >/dev/null 2>&1 &
        stig_spinner $!
        output "V-38652" $? ${SETLANG}
    fi
    ################
    ##RHEL-06-000270
    ##Remote file systems must be mounted with the nosuid option.
    if [ "$(mount | grep nfs | wc -l)" -gt 0 ];then
        bash $STIG_TESTS_DIR/check-nfs.sh nosuid >/dev/null 2>&1 &
        stig_spinner $!
        output "V-38654" $? ${SETLANG}
    fi
    ################
    ##RHEL-06-000271
    ##The noexec option must be added to removable media partitions.
    if [ "$(grep -Hv ^0$ /sys/block/*/removable | sed s/removable:.*$/device\\/uevent/ | xargs grep -H ^DRIVER=sd | sed s/device.uevent.*$/size/ | xargs grep -Hv ^0$ | cut -d / -f 4 | wc -l)" -gt 0 ];then
@ -946,15 +1046,6 @@ function test_stig {
    output "V-38675" $? ${SETLANG}
    ################
    ##RHEL-06-000309
    ##The NFS server must not have the insecure file locking option enabled.
    bash $STIG_TESTS_DIR/check-nfs-insecure.sh > /dev/null 2>&1 &
    stig_spinner $!
    output "V-38677" $? ${SETLANG}
    ################
    ##RHEL-06-000319
    ##The system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements.
@ -1010,16 +1101,6 @@ function test_stig {
    output "V-38645" $? ${SETLANG}
    ################
    ##RHEL-06-000346
    ##The system default umask for daemons must be 027 or 022.
    ##For more detial :http://unix.stackexchange.com/questions/36220/how-to-set-umask-for-a-system-user
    sed -e '/^#/d' -e '/^[ \t][ \t]*#/d' -e 's/#.*$//' -e '/^$/d' /etc/init.d/rc | grep -i "umask.*027\|umask.*022" >/dev/null 2>&1 &
    stig_spinner $!
    output "V-38646" $? ${SETLANG}
    ################
    ##RHEL-06-000347
    ##There must be no .netrc files on the system.
@ -1056,15 +1137,6 @@ function test_stig {
    output "V-38462" $? ${SETLANG}
    ################
    ##RHEL-06-000515
    ##The NFS server must not have the all_squash option enabled.
    bash $STIG_TESTS_DIR/check-nfs-all-squash.sh > /dev/null 2>&1 &
    stig_spinner $!
    output "V-38460" $? ${SETLANG}
    ################
    ##RHEL-06-000523
    ##The systems local IPv6 firewall must implement a deny-all, allow-by-exception policy for inbound packets.
@ -1149,6 +1221,7 @@ fi
 test_app_functions
 test_unique_onion_ports
 remove_management_engine_interface
 freedombone-pass --test yes
 fix_stig
 test_stig
--- a/src/freedombone-upgrade
+++ b/src/freedombone-upgrade
@ -37,10 +37,6 @@ CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}"
 FRIENDS_MIRRORS_SERVER=
 FRIENDS_MIRRORS_SSH_PORT=2222
 FRIENDS_MIRRORS_PASSWORD=
 MY_MIRRORS_PASSWORD=
 CURRENT_BRANCH=master
 # clear temporary files
@ -64,16 +60,13 @@ if [ $DEVELOPMENT_BRANCH ]; then
    fi
 fi
-if grep "cat /root/dbpass" /usr/bin/backupdatabases; then
+if grep -q "cat /root/dbpass" /usr/bin/backupdatabases; then
    # update to using the password manager
    sed -i "s|cat /root/dbpass|freedombone-pass -u root -a mariadb|g" /usr/bin/backupdatabases
 fi
 update-ca-certificates
 read_repo_servers
 ${PROJECT_NAME}-mirrors
 if [ ! -d $PROJECT_DIR ]; then
    git_clone $PROJECT_REPO $PROJECT_DIR
 fi
@ -87,7 +80,7 @@ if [ -d $PROJECT_DIR ]; then
        else
            git_pull $PROJECT_REPO origin/$DEVELOPMENT_BRANCH
        fi
-        git checkout jessie
+        git checkout stretch
        make install
        if [ -d /usr/share/${PROJECT_NAME} ]; then
            chown -R root:root /usr/share/${PROJECT_NAME}
@ -101,6 +94,7 @@ if [ -d $PROJECT_DIR ]; then
        fi
        lockdown_permissions
        defrag_filesystem
    fi
 fi
--- a/Show More
+++ b/Show More