Merge branch 'stretch' of https://github.com/bashrc/freedombone

2018-05-28 19:18:45 +01:00 · 2018-05-28 19:18:45 +01:00 · 4985cb396e
parent b6467fdea0 b368479d1f
commit 4985cb396e
149 changed files with 3542 additions and 1444 deletions
--- a/2
+++ b/2
@ -20,6 +20,7 @@ install:
 	mkdir -p ${DESTDIR}${PREFIX}/bin
 	mkdir -p ${DESTDIR}/usr/share/${APP}/base
 	mkdir -p ${DESTDIR}/usr/share/${APP}/apps
+	mkdir -p ${DESTDIR}/usr/share/${APP}/android-app
 	mkdir -p ${DESTDIR}/usr/share/${APP}/utils
 	mkdir -p ${DESTDIR}/usr/share/${APP}/avatars
 	mkdir -p ${DESTDIR}/etc/${APP}
@ -46,6 +47,7 @@ install:
 	cp man/*.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	cp man/${APP}-backup-local.1.gz ${DESTDIR}${PREFIX}/share/man/man1/backup.1.gz
 	cp man/${APP}-restore-local.1.gz ${DESTDIR}${PREFIX}/share/man/man1/restore.1.gz
+	cp img/android-app/*.png ${DESTDIR}/usr/share/${APP}/android-app
 	chown -R root: /usr/share/${APP}
 	chmod -R +r /usr/share/${APP}
 #	bash -c "./translate install"
--- a/README.md
+++ b/README.md
@ -4,11 +4,11 @@ So you want to run your own internet services? Email, chat, VoIP, web sites, fil

 You can run Freedombone on an old laptop or a single board computer. See the [list of installation methods](https://freedombone.net/installmethods.html). You can also use it to [set up a mesh network](https://freedombone.net/mesh.html) in your local area.

-Check out the [list of available apps](https://freedombone.net/apps.html) and [Frequently Asked Questions](https://freedombone.net/faq.html) section. Recent developments are also described on [the blog](https://blog.freedombone.net/tag/freedombone).
+Check out the [list of available apps](https://freedombone.net/apps.html) and [Frequently Asked Questions](https://freedombone.net/faq.html) section. Recent developments are also described on [the blog](https://blog.freedombone.net/tag/freedombone). You might also wish to know how to [backup and restore the system](https://freedombone.net/backups.html).

 Disk images which can be cloned straight to USB or microSD drives are [available here](https://freedombone.net/downloads/v31).

-If you find bugs, or want to add a new app to this system see the [Developers Guide](https://freedombone.net/devguide.html) and [Code of Conduct](https://freedombone.net/codeofconduct.html). There is a Matrix chat room available at *#fbone:matrix.freedombone.net*.
+If you find bugs, or want to add a new app to this system see the [Developers Guide](https://freedombone.net/devguide.html) and [Code of Conduct](https://freedombone.net/codeofconduct.html). There is a Matrix chat room available at *#fbone:matrix.freedombone.net* and an XMPP channel at *support@chat.freedombone.net*. The XMPP channel requires membership which you can ask for via [these contact details](https://freedombone.net/support.html).

 If you like this project and want to support continued development then [here's what to do](https://freedombone.net/support.html).

--- a/doc/EN/app_bdsmail.org
+++ b/doc/EN/app_bdsmail.org
@ -1,7 +1,7 @@
 #+TITLE:
 #+AUTHOR: Bob Mottram
 #+EMAIL: bob@freedombone.net
-#+KEYWORDS: freedombone, dlna
+#+KEYWORDS: freedombone, bdsmail
 #+DESCRIPTION: How to use BDS Mail
 #+OPTIONS: ^:nil toc:nil
 #+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
--- a/doc/EN/app_dlna.org
+++ b/doc/EN/app_dlna.org
@ -23,6 +23,4 @@ Select *Administrator controls* then *App Settings* then *dlna*. From there you

 The system will scan the /Music/ directory, which could take a while if there are thousands of files, but you don't need to do anything further other than perhaps to log out by selecting *Exit* a couple of times.

-If you have an Android device then go to F-Droid (if you don't already have it installed then it can be [[https://f-droid.org/][downloaded here]]) and search for *ControlDLNA*. On running the app you should see a red Debian icon which you can press on, then you may need to select "local". After a few seconds the list of albums or tracks should then appear and you can browse and play them.
-
 The DLNA service will only work within your local home network, and isn't remotely accessible from other locations via the internet. That can be both a good and a bad thing. Another consideration is that there are /no access controls/ on DLNA services, so any music or videos on the USB drive will be playable by anyone within your home network.
--- a/doc/EN/app_rocketchat.org
+++ b/doc/EN/app_rocketchat.org
@ -0,0 +1,28 @@
+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone, rocketchat
+#+DESCRIPTION: How to use Rocketchat
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+attr_html: :width 80% :height 10% :align center
+[[file:images/logo.png]]
+
+* Rocketchat
+
+Rocketchat is a chat system which is mainly suited for private chat with a few family and friends. It has some integration capability with other systems, but isn't federated as [[./app_xmpp.html][XMPP]] or [[./app_matrix.html][Matrix]] are. If you need high security then XMPP with Conversations is probably still the best option.
+
+This system is only available for X86 architecture, so won't install on ARM boards but probably will on an old laptop.
+
+* Installation
+
+ssh into the system with:
+
+#+BEGIN_SRC bash
+ssh myusername@mydomain.com -p 2222
+#+END_SRC
+
+Select *Administrator controls* then *Add/Remove Apps* then *rocketchat*. Enter your domain name and freedns code if you're using freedns.
+
+Navigate to your rocketchat domain and register an account. The first registration becomes the administrator. It's a good idea within the Rocketchat administration settings under *Accounts* to select *Registration* and *Manually Approve New Users*, then save. This will prevent millions of random internet users from creating accounts on your server.
--- a/doc/EN/app_smolrss.org
+++ b/doc/EN/app_smolrss.org
@ -0,0 +1,29 @@
+#+TITLE:
+#+AUTHOR: Bob Mottram
+#+EMAIL: bob@freedombone.net
+#+KEYWORDS: freedombone, smolrss, rss
+#+DESCRIPTION: How to use Smol RSS
+#+OPTIONS: ^:nil toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
+
+#+attr_html: :width 80% :height 10% :align center
+[[file:images/logo.png]]
+
+* Smol RSS
+This is an extremely simple RSS reader which is available only from an onion address, so that you have /the right to read/. There is very little code and so not much attack surface, and it will scale to screens of any size. This should be a better reading experience on mobile than with [[./app_ttrss.html][tt-rss]].
+
+A disadvantage is that you can only add or remove feeds via the Freedombone administrator control panel, so this isn't suitable for multi-user environments. But once you have your feeds set up it's trivial to use, and unless you publish the onion address confidentiality should be maintained.
+
+* Installation
+
+ssh into the system with:
+
+#+BEGIN_SRC bash
+ssh myusername@mydomain.com -p 2222
+#+END_SRC
+
+Select *Administrator controls* then *Add/Remove Apps* then *smolrss*.
+
+After installation within *Administrator controls* go to *App settings* then *smolrss*. You can then add some feeds or edit the existing feed list. There are a few default feeds as an example.
+
+Within *Administrator controls* go to *About this system* and select *smolrss*. You will then have the onion address. Navigate to your reader in a Tor compatible browser. You may need to allow the site within NoScript. Then select a feed from the list and begin reading. That's all there is to it.
--- a/doc/EN/app_syncthing.org
+++ b/doc/EN/app_syncthing.org
@ -39,7 +39,7 @@ In another terminal log into Freedombone:
 ssh username@domainname -p 2222
 #+END_SRC

-Then select *File Synchronization*.
+Then select *Run an App* and *syncthing*.

 #+attr_html: :width 80% :align center
 [[file:images/controlpanel/control_panel_file_sync.jpg]]
@ -55,6 +55,9 @@ From the top menu select *Actions* and then *Show ID*, then copy the ID string (

 Now wait for a few minutes. Eventually you will see two messages appear within the browser asking if you want to add two new folders from the Freedombone server. Say yes to both, and specify *~/Sync* as the directory with your username and *~/SyncShared* as the shared directory. You can now copy files into your *~/Sync* directory and they will automatically be synced to the server. Those will be files which only you can access. If you copy files into *~/SyncShared* then they will also be available to any other users on the system.

+* Desktop app
+If you're running Arch/Parabola there is a package called [[https://github.com/syncthing/syncthing-gtk][syncthing-gtk]] which provides a GTK GUI and an icon indicating whether synchronization is happening. This can be more convenient than using the browser interface.
+
 * On Android
 Install Syncthing and Connectbot from F-droid.

--- a/doc/EN/app_xmpp.org
+++ b/doc/EN/app_xmpp.org
@ -71,9 +71,6 @@ Enter your username (username@domainname) and password.

 Click on *Advanced* and make sure that *Encryption required* and *Ignore SSL certificate errors* are checked.  Ignoring the certificate errors will allow you to use the self-signed certificate created earlier.  Then click *Done* and set your Jabber account and Empathy to *On*.

-* Using Tor Messenger
-Tor Messenger is a messaging client which supports XMPP, and its onion routing enables you to protect the metadata of chat interactions to some extent by making it difficult for an adversary to know which server is talking to which. You can download Tor Messenger from [[https://torproject.org][torproject.org]] and the setup is pretty simple.
-
 * Using with Android/Conversations
 Install [[https://f-droid.org/][F-Droid]]

--- a/doc/EN/apps.org
+++ b/doc/EN/apps.org
@ -155,18 +155,26 @@ A shell based XMPP client which you can run on the Freedombone server via ssh.
 A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.

 [[./app_riot.html][How to use it]]
+* Rocketchat
+A non-federated chat server (x86 systems only).
+
+[[./app_rocketchat.html][How to use it]]
 * SearX
 A metasearch engine for customised and private web searches.

 [[./app_searx.html][How to use it]]
-* tt-rss
-Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "/the right to read/" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.
+* Smol RSS
+A very minimal RSS reader.

-[[./app_rss.html][How to use it]]
+[[./app_smolrss.html][How to use it]]
 * Syncthing
 Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed.

 [[./app_syncthing.html][How to use it]]
+* tt-rss
+Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "/the right to read/" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.
+
+[[./app_rss.html][How to use it]]
 * Tahoe-LAFS
 Robust and encrypted storage of files on one or more server.

--- a/doc/EN/armbian.org
+++ b/doc/EN/armbian.org
@ -23,7 +23,7 @@ If you have a single board ARM computer which isn't one of the supported ones th
 Download the Armbian image for your board. It must be version 9 (Stretch), otherwise it won't work. Extract the image from its archive, then copy it to a microSD card:

 #+begin_src bash
-sudo dd bs=32M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=[Armbian .img file] of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src

 Where */dev/sdX* is the path for the microSD drive on your system.
--- a/doc/EN/boards.org
+++ b/doc/EN/boards.org
@ -20,6 +20,7 @@ The following ARM boards are supported by the build system. If your board isn't
 - a20-olinuxino-lime
 - a20-olinuxino-lime2
 - a20-olinuxino-micro
+ - [[http://www.lemaker.org/product-bananapro-index.html][Lemaker Banana Pro]]

 The latest image builds can be [[./downloads/current][found here]].

--- a/doc/EN/devguide.org
+++ b/doc/EN/devguide.org
@ -18,10 +18,11 @@ Suppose you have some internet application which you want to add to the system.

 There's a command which you can use to generate scripts for new apps. Some examples are as follows:

-To create a script for a generic PHP plus MySql/MariaDB web app:
+To create a script for a generic PHP plus MySql/MariaDB web app with a couple of extra packages:

 #+begin_src bash
 freedombone-template --app [name] -e [email] -r [repo url] \
+                     --packages "cowsay libssl-dev" \
                     -c [commit] --php yes -d mariadb > \
                     src/freedombone-app-myappname
 #+end_src
--- a/doc/EN/homeserver.org
+++ b/doc/EN/homeserver.org
@ -70,7 +70,7 @@ You can now copy the image to the USB thumb drive, replacing *sdX* with the iden

 #+begin_src bash
 dd if=/dev/zero of=/dev/sdX bs=32M count=8
-dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src

 And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use as a server, power on and set the BIOS to boot from the USB stick.
--- a/doc/EN/index.org
+++ b/doc/EN/index.org
@ -17,11 +17,11 @@ So you want to run your own internet services? Email, chat, VoIP, web sites, fil

 You can run Freedombone on an old laptop or a single board computer. See the [[./installmethods.html][list of installation methods]]. You can also use it to [[./mesh.html][set up a mesh network]] in your local area.

-Check out the [[./apps.html][list of available apps]] and [[./faq.html][Frequently Asked Questions]] section. Recent developments are also described on [[https://blog.freedombone.net/tag/freedombone][the blog]].
+Check out the [[./apps.html][list of available apps]] and [[./faq.html][Frequently Asked Questions]] section. Recent developments are also described on [[https://blog.freedombone.net/tag/freedombone][the blog]]. You might also wish to know how to [[./backups.html][backup and restore the system]].

 Disk images which can be cloned straight to USB or microSD drives are [[./downloads/v31][available here]].

-If you find bugs, or want to add a new app to this system see the [[./devguide.html][Developers Guide]] and [[./codeofconduct.html][Code of Conduct]]. There is a Matrix chat room available at *#fbone:matrix.freedombone.net*.
+If you find bugs, or want to add a new app to this system see the [[./devguide.html][Developers Guide]] and [[./codeofconduct.html][Code of Conduct]]. There is a Matrix chat room available at *#fbone:matrix.freedombone.net* and an XMPP channel at *support@chat.freedombone.net*. The XMPP channel requires membership which you can ask for via [[./support.html][these contact details]].

 If you like this project and want to support continued development then [[./support.html][here's what to do]].

--- a/doc/EN/installation.org
+++ b/doc/EN/installation.org
@ -129,7 +129,7 @@ unxz filename.img.xz
 Then copy it to a microSD card. Depending on your system you may need an adaptor to be able to do that.

 #+BEGIN_SRC bash
-sudo dd bs=32M if=filename.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=filename.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+END_SRC

 Where *sdX* is the microSD drive. You can check which drive is the microSD drive using:
--- a/doc/EN/mesh_images.org
+++ b/doc/EN/mesh_images.org
@ -42,7 +42,7 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.si
 gpg --verify freedombone-meshclient-i386.img.xz.sig
 unxz freedombone-meshclient-i386.img.xz
 sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
-sudo dd bs=32M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src

 To get a number of systems onto the mesh repeat the /dd/ command to create however many bootable USB drives you need.
@ -56,7 +56,7 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.
 gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
 unxz freedombone-meshclient-insecure-i386.img.xz
 sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
-sudo dd bs=32M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src

 ** Router images
@ -75,7 +75,7 @@ gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
 sha256sum freedombone-mesh_beaglebone-armhf.img.xz
 ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2
 unxz freedombone-mesh_beaglebone-armhf.img.xz
-sudo dd bs=32M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src

 If you have a few Beaglebone Blacks to use as routers then repeat the /dd/ command to create however many microSD cards you need.
@ -120,7 +120,7 @@ You can now copy the image to the USB thumb drive, replacing *sdX* with the iden

 #+begin_src bash
 sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
-sudo dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src

 And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use on the mesh, power on and set the BIOS to boot from the USB stick.
--- a/doc/EN/release3.org
+++ b/doc/EN/release3.org
@ -31,7 +31,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden

 #+BEGIN_SRC bash
 unxz downloadedimagefile.img.xz
-dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+END_SRC

 And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.
--- a/doc/EN/release31.org
+++ b/doc/EN/release31.org
@ -39,7 +39,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden

 #+BEGIN_SRC bash
 unxz downloadedimagefile.img.xz
-dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+END_SRC

 And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.
--- a/doc/EN/socialinstance.org
+++ b/doc/EN/socialinstance.org
@ -32,7 +32,7 @@ wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig
 gpg --verify freedombone-pleroma-amd64.img.xz.sig
 unxz freedombone-pleroma-amd64.img.xz
 sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
-sudo dd bs=32M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync,sync,noerror
 #+end_src

 Also note that if the laptop has a removable SSD drive it's possible to copy the image directly to that if you have enough equipment.
--- a/doc/EN/support.org
+++ b/doc/EN/support.org
@ -15,11 +15,29 @@

 This site can also be accessed via a Tor browser at *http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion*

-*Email:* bob@freedombone.net
+*Email/XMPP:* bob@freedombone.net

-*PGP/GPG Fingerprint:* 9ABB82C00ABF39F82680487DCC2536191FA7C33F
+*PGP/GPG Public key:*
+#+BEGIN_SRC bash
+-----BEGIN PGP PUBLIC KEY BLOCK-----

-*XMPP:* bob@freedombone.net with OMEMO or OpenPGP
+mDMEWZBueBYJKwYBBAHaRw8BAQdAKx1t6wL0RTuU6/IBjngMbVJJ3Wg/3UW73/PV
+I47xKTS0IUJvYiBNb3R0cmFtIDxib2JAZnJlZWRvbWJvbmUubmV0PoiQBBMWCAA4
+FiEEmruCwAq/OfgmgEh9zCU2GR+nwz8FAlmQbngCGwMFCwkIBwMFFQoJCAsFFgID
+AQACHgECF4AACgkQzCU2GR+nwz/9sAD/YgsHnVszHNz1zlVc5EgY1ByDupiJpHj0
+XsLYk3AbNRgBALn45RqgD4eWHpmOriH09H5Rc5V9iN4+OiGUn2AzJ6oHuDgEWZBu
+eBIKKwYBBAGXVQEFAQEHQPRBG2ZQJce475S3e0Dxeb0Fz5WdEu2q3GYLo4QG+4Ry
+AwEIB4h4BBgWCAAgFiEEmruCwAq/OfgmgEh9zCU2GR+nwz8FAlmQbngCGwwACgkQ
+zCU2GR+nwz+OswD+JOoyBku9FzuWoVoOevU2HH+bPOMDgY2OLnST9ZSyHkMBAMcK
+fnaZ2Wi050483Sj2RmQRpb99Dod7rVZTDtCqXk0J
+=gv5G
+-----END PGP PUBLIC KEY BLOCK-----
+#+END_SRC
+
+#+attr_html: :width 60% :align center
+[[file:images/pubkey.png]]
+
+*XMPP channel:* support@chat.freedombone.net (Requires membership. Ask via XMPP to *bob@freedombone.net*)

 *Matrix:* #fbone:matrix.freedombone.net

--- a/image_build/prosody-0.10-1nightly468.tar.gz
+++ b/image_build/prosody-0.10-1nightly468.tar.gz
--- a/image_build/prosody-0.10-1nightly478.tar.gz
+++ b/image_build/prosody-0.10-1nightly478.tar.gz
--- a/img/android-app/akaunting.png
+++ b/img/android-app/akaunting.png
--- a/img/android-app/bludit.png
+++ b/img/android-app/bludit.png
--- a/img/android-app/dlna.png
+++ b/img/android-app/dlna.png
--- a/img/android-app/dokuwiki.png
+++ b/img/android-app/dokuwiki.png
--- a/img/android-app/edith.png
+++ b/img/android-app/edith.png
--- a/img/android-app/etherpad.png
+++ b/img/android-app/etherpad.png
--- a/img/android-app/fedwiki.png
+++ b/img/android-app/fedwiki.png
--- a/img/android-app/friendica.png
+++ b/img/android-app/friendica.png
--- a/img/android-app/gnusocial.png
+++ b/img/android-app/gnusocial.png
--- a/img/android-app/gogs.png
+++ b/img/android-app/gogs.png
--- a/img/android-app/htmly.png
+++ b/img/android-app/htmly.png
--- a/img/android-app/hubzilla.png
+++ b/img/android-app/hubzilla.png
--- a/img/android-app/irc.png
+++ b/img/android-app/irc.png
--- a/img/android-app/kanboard.png
+++ b/img/android-app/kanboard.png
--- a/img/android-app/koel.png
+++ b/img/android-app/koel.png
--- a/img/android-app/lychee.png
+++ b/img/android-app/lychee.png
--- a/img/android-app/mailpile.png
+++ b/img/android-app/mailpile.png
--- a/img/android-app/matrix.png
+++ b/img/android-app/matrix.png
--- a/img/android-app/mediagoblin.png
+++ b/img/android-app/mediagoblin.png
--- a/img/android-app/movim.png
+++ b/img/android-app/movim.png
--- a/img/android-app/mumble.png
+++ b/img/android-app/mumble.png
--- a/img/android-app/nextcloud.png
+++ b/img/android-app/nextcloud.png
--- a/img/android-app/peertube.png
+++ b/img/android-app/peertube.png
--- a/img/android-app/pleroma.png
+++ b/img/android-app/pleroma.png
--- a/img/android-app/postactiv.png
+++ b/img/android-app/postactiv.png
--- a/img/android-app/privatebin.png
+++ b/img/android-app/privatebin.png
--- a/img/android-app/rocketchat.png
+++ b/img/android-app/rocketchat.png
--- a/img/android-app/searx.png
+++ b/img/android-app/searx.png
--- a/img/android-app/syncthing.png
+++ b/img/android-app/syncthing.png
--- a/img/android-app/tahoelafs.png
+++ b/img/android-app/tahoelafs.png
--- a/img/android-app/turtl.png
+++ b/img/android-app/turtl.png
--- a/img/android-app/xmpp.png
+++ b/img/android-app/xmpp.png
--- a/img/pubkey.png
+++ b/img/pubkey.png
--- a/man/freedombone-archive-mail.1.gz
+++ b/man/freedombone-archive-mail.1.gz
--- a/man/freedombone-client.1.gz
+++ b/man/freedombone-client.1.gz
--- a/man/freedombone-image.1.gz
+++ b/man/freedombone-image.1.gz
--- a/man/freedombone-template.1.gz
+++ b/man/freedombone-template.1.gz
--- a/man/freedombone.1.gz
+++ b/man/freedombone.1.gz
--- a/src/freedombone-addremove
+++ b/src/freedombone-addremove
@ -267,5 +267,6 @@ if [[ "$1" == "add-all" ]]; then
 else
    install_apps_selected
 fi
+android_update_apps

 exit 0
--- a/src/freedombone-app-akaunting
+++ b/src/freedombone-app-akaunting
@ -40,6 +40,10 @@ AKAUNTING_ADMIN_PASSWORD=

 AKAUNTING_BACKGROUND_IMAGE_URL=

+AKAUNTING_SHORT_DESCRIPTION=$'Personal accounting'
+AKAUNTING_DESCRIPTION=$'Personal or small business accounting'
+AKAUNTING_MOBILE_APP_URL=
+
 akaunting_variables=(ONION_ONLY
                     AKAUNTING_DOMAIN_NAME
                     AKAUNTING_CODE
@ -110,7 +114,7 @@ function install_interactive_akaunting {
        while [ ! $AKAUNTING_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Akaunting Configuration" \
                       --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
@ -142,7 +146,7 @@ function install_interactive_akaunting {
                    AKAUNTING_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                        AKAUNTING_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$AKAUNTING_CODE"
                        if [ ! "$VALID_CODE" ]; then
--- a/src/freedombone-app-batman
+++ b/src/freedombone-app-batman
@ -105,6 +105,12 @@ function mesh_install_batman {
    if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
        echo 'batman_adv' >> "$rootdir/etc/modules"
    fi
+    if ! grep -q "tunnel6" "$rootdir/etc/modules"; then
+        echo 'tunnel6' >> "$rootdir/etc/modules"
+    fi
+    if ! grep -q "ip6_tunnel" "$rootdir/etc/modules"; then
+        echo 'ip6_tunnel' >> "$rootdir/etc/modules"
+    fi

    BATMAN_SCRIPT=$rootdir/var/lib/batman

--- a/src/freedombone-app-bludit
+++ b/src/freedombone-app-bludit
@ -35,6 +35,10 @@ BLUDIT_ONION_PORT=9844
 BLUDIT_REPO="https://github.com/bludit/bludit"
 BLUDIT_COMMIT='0e27e31a84421b3e6bd000a77bc89c2dff3c446a'

+BLUDIT_SHORT_DESCRIPTION=$'Markdown blogging'
+BLUDIT_DESCRIPTION=$'Simple Markdown blogging'
+BLUDIT_MOBILE_APP_URL=
+
 bludit_variables=(ONION_ONLY
                  BLUDIT_DOMAIN_NAME
                  BLUDIT_CODE
--- a/src/freedombone-app-dlna
+++ b/src/freedombone-app-dlna
@ -31,6 +31,10 @@ VARIANTS='full full-vim media'
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0

+DLNA_SHORT_DESCRIPTION=$'Streaming media'
+DLNA_DESCRIPTION=$'Streaming media'
+DLNA_MOBILE_APP_URL=
+
 dlna_variables=(SYSTEM_TYPE
                USB_MOUNT_DLNA
                INSTALLED_WITHIN_DOCKER
--- a/src/freedombone-app-dokuwiki
+++ b/src/freedombone-app-dokuwiki
@ -40,6 +40,10 @@ DOKUWIKI_TITLE="${PROJECT_NAME} Dokuwiki"
 DOKUWIKI_REPO="https://github.com/splitbrain/dokuwiki"
 DOKUWIKI_COMMIT='be15c01c0b982cf1a75b5af031bf077143c63f39'

+DOKUWIKI_SHORT_DESCRIPTION=$'Databaseless wiki'
+DOKUWIKI_DESCRIPTION=$'Databaseless wiki'
+DOKUWIKI_MOBILE_APP_URL=
+
 dokuwiki_variables=(ONION_ONLY
                    MY_USERNAME
                    DOKUWIKI_TITLE
--- a/src/freedombone-app-edith
+++ b/src/freedombone-app-edith
@ -38,6 +38,10 @@ EDITH_CODE=
 EDITH_ONION_PORT=8278
 EDITH_LOGIN_TEXT=$"Edith login"

+EDITH_SHORT_DESCRIPTION=$'Simple notes'
+EDITH_DESCRIPTION=$'Extremely simple note taking'
+EDITH_MOBILE_APP_URL=
+
 edith_variables=(MY_USERNAME
                 MY_EMAIL_ADDRESS
                 ONION_ONLY
--- a/src/freedombone-app-etherpad
+++ b/src/freedombone-app-etherpad
@ -42,6 +42,10 @@ ETHERPAD_ADMIN_PASSWORD=
 ETHERPAD_TITLE=$'Freedombone Docs'
 ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\\n\\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"

+ETHERPAD_SHORT_DESCRIPTION=$'Collaborative document editor'
+ETHERPAD_DESCRIPTION=$'Collaborative document editor'
+ETHERPAD_MOBILE_APP_URL=
+
 etherpad_variables=(ONION_ONLY
                    DEFAULT_DOMAIN_NAME
                    ETHERPAD_DOMAIN_NAME
--- a/src/freedombone-app-fedwiki
+++ b/src/freedombone-app-fedwiki
@ -42,6 +42,10 @@ FEDWIKI_PORT=3053
 FEDWIKI_DATA=/var/lib/fedwiki
 FEDWIKI_COOKIE=

+FEDWIKI_SHORT_DESCRIPTION=$'Federated wiki'
+FEDWIKI_DESCRIPTION=$'Federated wiki'
+FEDWIKI_MOBILE_APP_URL=
+
 fedwiki_variables=(FEDWIKI_DOMAIN_NAME
                   FEDWIKI_CODE
                   FEDWIKI_COOKIE
--- a/src/freedombone-app-friendica
+++ b/src/freedombone-app-friendica
@ -40,6 +40,10 @@ FRIENDICA_ADMIN_PASSWORD=
 FRIENDICA_COMMIT='b5a42c5b31fae5315bacd37769eba20ab2345aaa'
 FRIENDICA_ADDONS_COMMIT='7cb9dbdda7f227462895c07be3c968405561d40e'

+FRIENDICA_SHORT_DESCRIPTION=$'Federated social network'
+FRIENDICA_DESCRIPTION=$'Federated social network'
+FRIENDICA_MOBILE_APP_URL=
+
 friendica_variables=(ONION_ONLY
                     FRIENDICA_DOMAIN_NAME
                     FRIENDICA_CODE
--- a/src/freedombone-app-gnusocial
+++ b/src/freedombone-app-gnusocial
@ -46,6 +46,10 @@ GNUSOCIAL_TITLE='Pleroma FE'
 # Number of months after which posts expire
 GNUSOCIAL_EXPIRE_MONTHS=3

+GNUSOCIAL_SHORT_DESCRIPTION=$'Federated microblogging'
+GNUSOCIAL_DESCRIPTION=$'Federated microblogging'
+GNUSOCIAL_MOBILE_APP_URL='https://f-droid.org/packages/org.mariotaku.twidere/'
+
 gnusocial_variables=(ONION_ONLY
                     GNUSOCIAL_DOMAIN_NAME
                     GNUSOCIAL_CODE
@ -112,7 +116,7 @@ function install_interactive_gnusocial {
        while [ ! $GNUSOCIAL_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"GNU Social Configuration" \
                       --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
@ -156,7 +160,7 @@ function install_interactive_gnusocial {
                    GNUSOCIAL_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                        GNUSOCIAL_CODE=$(sed -n 4p < "$data")
                        validate_freedns_code "$GNUSOCIAL_CODE"
                        if [ ! "$VALID_CODE" ]; then
--- a/src/freedombone-app-gogs
+++ b/src/freedombone-app-gogs
@ -34,17 +34,21 @@ SHOW_ON_ABOUT=1
 GOGS_USERNAME='gogs'
 GOGS_VERSION='0.11.29'

-GIT_DOMAIN_NAME=
-GIT_CODE=
+GOGS_DOMAIN_NAME=
+GOGS_CODE=
 GIT_ONION_PORT=8090
 GIT_ADMIN_PASSWORD=
 GOGS_BIN=
+GOGS_PORT=3145
+
+GOGS_SHORT_DESCRIPTION=$'Git repo management'
+GOGS_DESCRIPTION=$'Git repo management'
+GOGS_MOBILE_APP_URL=

 gogs_variables=(ONION_ONLY
                GIT_ADMIN_PASSWORD
-                GIT_DOMAIN_NAME
-                GIT_CODE
-                GIT_ONION_PORT
+                GOGS_DOMAIN_NAME
+                GOGS_CODE
                MY_USERNAME
                DDNS_PROVIDER
                ARCHITECTURE)
@ -64,8 +68,8 @@ function change_password_gogs {

 function install_interactive_gogs {
    if [[ $ONION_ONLY != "no" ]]; then
-        GIT_DOMAIN_NAME='gogs.local'
-        write_config_param "GIT_DOMAIN_NAME" "$GIT_DOMAIN_NAME"
+        GOGS_DOMAIN_NAME='gogs.local'
+        write_config_param "GOGS_DOMAIN_NAME" "$GOGS_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details git
@ -149,6 +153,18 @@ function upgrade_gogs {
        return
    fi

+    GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
+    GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini
+
+    # Change port number if necessary
+    if ! grep -q "HTTP_PORT = ${GOGS_PORT}" "${GOGS_CONFIG_FILE}"; then
+        sed -i "s|HTTP_PORT =.*|HTTP_PORT = ${GOGS_PORT}|g" "${GOGS_CONFIG_FILE}"
+        read_config_param GOGS_DOMAIN_NAME
+        sed -i "s|proxy_pass .*|proxy_pass http://localhost:${GOGS_PORT};|g" "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
+        systemctl restart gogs
+        systemctl restart nginx
+    fi
+
    CURR_GOGS_VERSION=$(get_completion_param "gogs version")
    echo "gogs current version: ${CURR_GOGS_VERSION}"
    echo "gogs app version: ${GOGS_VERSION}"
@ -156,8 +172,6 @@ function upgrade_gogs {
        return
    fi

-    GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
-    GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini
    cp "$GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini"

    if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
@ -257,7 +271,7 @@ function restore_local_gogs {
        return
    fi

-    if [ ${#GIT_DOMAIN_NAME} -gt 2 ]; then
+    if [ ${#GOGS_DOMAIN_NAME} -gt 2 ]; then
        function_check gogs_create_database
        gogs_create_database

@ -265,7 +279,7 @@ function restore_local_gogs {
        GOGS_CONFIG_FILE="${GOGS_CONFIG_PATH}/app.ini"

        function_check restore_database
-        restore_database gogs "${GIT_DOMAIN_NAME}"
+        restore_database gogs "${GOGS_DOMAIN_NAME}"
        temp_restore_dir=/root/tempgogs
        if [ -d "${USB_MOUNT}/backup/gogs" ]; then
            echo $"Restoring Gogs settings"
@ -339,7 +353,7 @@ function restore_local_gogs {
 function backup_remote_gogs {
    if [ -d /home/$GOGS_USERNAME ]; then
        function_check suspend_site
-        suspend_site ${GIT_DOMAIN_NAME}
+        suspend_site ${GOGS_DOMAIN_NAME}

        function_check backup_database_to_friend
        backup_database_to_friend gogs
@ -368,7 +382,7 @@ function backup_remote_gogs {

 function restore_remote_gogs {
    if grep -q "gogs domain" "$COMPLETION_FILE"; then
-        GIT_DOMAIN_NAME=$(get_completion_param "gogs domain")
+        GOGS_DOMAIN_NAME=$(get_completion_param "gogs domain")

        function_check gogs_create_database
        gogs_create_database
@ -377,7 +391,7 @@ function restore_remote_gogs {
        GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini

        function_check restore_database_from_friend
-        restore_database_from_friend gogs "${GIT_DOMAIN_NAME}"
+        restore_database_from_friend gogs "${GOGS_DOMAIN_NAME}"
        if [ -d "${SERVER_DIRECTORY}/backup/gogs" ]; then
            if [ ! -d $GOGS_CONFIG_PATH ]; then
                mkdir -p $GOGS_CONFIG_PATH
@ -434,19 +448,19 @@ function restore_remote_gogs {
 }

 function remove_gogs {
-    if [ ${#GIT_DOMAIN_NAME} -eq 0 ]; then
+    if [ ${#GOGS_DOMAIN_NAME} -eq 0 ]; then
        return
    fi
    systemctl stop gogs
    systemctl disable gogs

-    nginx_dissite "${GIT_DOMAIN_NAME}"
-    remove_certs "${GIT_DOMAIN_NAME}"
-    if [ -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
-        rm -rf "/var/www/${GIT_DOMAIN_NAME}"
+    nginx_dissite "${GOGS_DOMAIN_NAME}"
+    remove_certs "${GOGS_DOMAIN_NAME}"
+    if [ -d "/var/www/${GOGS_DOMAIN_NAME}" ]; then
+        rm -rf "/var/www/${GOGS_DOMAIN_NAME}"
    fi
-    if [ -f "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}" ]; then
-        rm "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}" ]; then
+        rm "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
    fi
    function_check drop_database
    drop_database gogs
@ -462,11 +476,11 @@ function remove_gogs {
    userdel -r gogs

    function_check remove_ddns_domain
-    remove_ddns_domain "$GIT_DOMAIN_NAME"
+    remove_ddns_domain "$GOGS_DOMAIN_NAME"
 }

 function install_gogs {
-    if [ ! "$GIT_DOMAIN_NAME" ]; then
+    if [ ! "$GOGS_DOMAIN_NAME" ]; then
        return
    fi

@ -569,34 +583,34 @@ function install_gogs {
    systemctl daemon-reload
    systemctl start gogs

-    if [ ! -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
-        mkdir "/var/www/${GIT_DOMAIN_NAME}"
+    if [ ! -d "/var/www/${GOGS_DOMAIN_NAME}" ]; then
+        mkdir "/var/www/${GOGS_DOMAIN_NAME}"
    fi
-    if [ -d "/var/www/${GIT_DOMAIN_NAME}/htdocs" ]; then
-        rm -rf "/var/www/${GIT_DOMAIN_NAME}/htdocs"
+    if [ -d "/var/www/${GOGS_DOMAIN_NAME}/htdocs" ]; then
+        rm -rf "/var/www/${GOGS_DOMAIN_NAME}/htdocs"
    fi

    if [[ "${ONION_ONLY}" == "no" ]]; then
        function_check nginx_http_redirect
-        nginx_http_redirect "${GIT_DOMAIN_NAME}"
+        nginx_http_redirect "${GOGS_DOMAIN_NAME}"
        { echo 'server {';
          echo '    listen 443 ssl;';
          echo '    #listen [::]:443 ssl;';
-          echo "    root /var/www/${GIT_DOMAIN_NAME}/htdocs;";
-          echo "    server_name ${GIT_DOMAIN_NAME};";
+          echo "    root /var/www/${GOGS_DOMAIN_NAME}/htdocs;";
+          echo "    server_name ${GOGS_DOMAIN_NAME};";
          echo '    access_log /dev/null;';
          echo "    error_log /dev/null;";
-          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+          echo ''; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
        function_check nginx_ssl
-        nginx_ssl "${GIT_DOMAIN_NAME}"
+        nginx_ssl "${GOGS_DOMAIN_NAME}"
        function_check nginx_security_options
-        nginx_security_options "${GIT_DOMAIN_NAME}"
+        nginx_security_options "${GOGS_DOMAIN_NAME}"
        { echo '    add_header Strict-Transport-Security max-age=0;';
          echo '';
-          echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+          echo '    location / {'; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
        function_check nginx_limits
-        nginx_limits "${GIT_DOMAIN_NAME}" '10G'
-        { echo '        proxy_pass http://localhost:3000;';
+        nginx_limits "${GOGS_DOMAIN_NAME}" '10G'
+        { echo "        proxy_pass http://localhost:${GOGS_PORT};";
          echo '    }';
          echo '';
          echo '    fastcgi_buffers 64 4K;';
@ -610,25 +624,25 @@ function install_gogs {
          echo '        access_log /dev/null;';
          echo '    }';
          echo '}';
-          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+          echo ''; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
    else
-        echo -n '' > "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+        echo -n '' > "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
    fi
    { echo 'server {';
      echo "    listen 127.0.0.1:${GIT_ONION_PORT} default_server;";
-      echo "    root /var/www/$GIT_DOMAIN_NAME/htdocs;";
-      echo "    server_name $GIT_DOMAIN_NAME;";
+      echo "    root /var/www/$GOGS_DOMAIN_NAME/htdocs;";
+      echo "    server_name $GOGS_DOMAIN_NAME;";
      echo '    access_log /dev/null;';
      echo "    error_log /dev/null;";
-      echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+      echo ''; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
    function_check nginx_security_options
-    nginx_security_options "${GIT_DOMAIN_NAME}"
+    nginx_security_options "${GOGS_DOMAIN_NAME}"
    { echo '    add_header Strict-Transport-Security max-age=0;';
      echo '';
-      echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+      echo '    location / {'; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"
    function_check nginx_limits
-    nginx_limits "${GIT_DOMAIN_NAME}" '10G'
-    { echo '        proxy_pass http://localhost:3000;';
+    nginx_limits "${GOGS_DOMAIN_NAME}" '10G'
+    { echo "        proxy_pass http://localhost:${GOGS_PORT};";
      echo '    }';
      echo '';
      echo '    fastcgi_buffers 64 4K;';
@ -641,15 +655,15 @@ function install_gogs {
      echo '        log_not_found off;';
      echo '        access_log /dev/null;';
      echo '    }';
-      echo '}'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
+      echo '}'; } >> "/etc/nginx/sites-available/${GOGS_DOMAIN_NAME}"

    function_check configure_php
    configure_php

    function_check create_site_certificate
-    create_site_certificate "${GIT_DOMAIN_NAME}" 'yes'
+    create_site_certificate "${GOGS_DOMAIN_NAME}" 'yes'

-    nginx_ensite "${GIT_DOMAIN_NAME}"
+    nginx_ensite "${GOGS_DOMAIN_NAME}"

    if [ ! -d /var/lib/tor ]; then
        echo $'No Tor installation found. Gogs onion site cannot be configured.'
@ -674,11 +688,11 @@ function install_gogs {
    systemctl restart php7.0-fpm
    systemctl restart nginx

-    set_completion_param "gogs domain" "$GIT_DOMAIN_NAME"
+    set_completion_param "gogs domain" "$GOGS_DOMAIN_NAME"
    set_completion_param "gogs onion domain" "$GIT_ONION_HOSTNAME"

    function_check add_ddns_domain
-    add_ddns_domain "${GIT_DOMAIN_NAME}"
+    add_ddns_domain "${GOGS_DOMAIN_NAME}"

    # obtain the secret key
    GOGS_SECRET_KEY="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
@ -707,17 +721,17 @@ function install_gogs {
      echo '';
      echo '[server]'; } >> ${GOGS_CONFIG_FILE}
    if [[ ${ONION_ONLY} == 'no' ]]; then
-        echo "DOMAIN = ${GIT_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
-        echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
+        echo "DOMAIN = ${GOGS_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
+        echo "ROOT_URL = https://$GOGS_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
    else
        echo "DOMAIN = ${GIT_ONION_HOSTNAME}" >> ${GOGS_CONFIG_FILE}
-        echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
+        echo "ROOT_URL = http://$GOGS_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
    fi
-    { echo 'HTTP_PORT = 3000';
+    { echo "HTTP_PORT = ${GOGS_PORT}";
      echo "SSH_PORT = $SSH_PORT";
      echo 'SSH_DOMAIN = %(DOMAIN)s';
-      echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem";
-      echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key";
+      echo "CERT_FILE = /etc/ssl/certs/${GOGS_DOMAIN_NAME}.pem";
+      echo "KEY_FILE = /etc/ssl/private/${GOGS_DOMAIN_NAME}.key";
      echo 'DISABLE_ROUTER_LOG = true';
      echo '';
      echo '[session]';
@ -747,9 +761,9 @@ function install_gogs {
    systemctl restart gogs

    if ! grep -q "gogs domain:" "${COMPLETION_FILE}"; then
-        echo "gogs domain:${GIT_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
+        echo "gogs domain:${GOGS_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
    else
-        sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
+        sed -i "s|gogs domain.*|gogs domain:${GOGS_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
    fi

    function_check configure_firewall_for_git
--- a/src/freedombone-app-htmly
+++ b/src/freedombone-app-htmly
@ -39,6 +39,10 @@ HTMLY_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32'
 HTMLY_TITLE="My Blog"
 HTMLY_SUBTITLE="Another ${PROJECT_NAME} blog"

+HTMLY_SHORT_DESCRIPTION=$'Databaseless blogging'
+HTMLY_DESCRIPTION=$'Databaseless blogging'
+HTMLY_MOBILE_APP_URL=
+
 htmly_variables=(HTMLY_REPO
                 HTMLY_DOMAIN_NAME
                 HTMLY_CODE
--- a/src/freedombone-app-hubzilla
+++ b/src/freedombone-app-hubzilla
@ -41,6 +41,10 @@ HUBZILLA_ADDONS_REPO="https://github.com/redmatrix/hubzilla-addons.git"
 HUBZILLA_ADDONS_COMMIT='be9dcd044b9326c3bd9301d7c4b375a2c2f54663'
 HUBZILLA_ADMIN_PASSWORD=

+HUBZILLA_SHORT_DESCRIPTION=$'Web publishing system'
+HUBZILLA_DESCRIPTION=$'Web publishing system'
+HUBZILLA_MOBILE_APP_URL=
+
 hubzilla_variables=(ONION_ONLY
                    HUBZILLA_DOMAIN_NAME
                    HUBZILLA_CODE
--- a/src/freedombone-app-icecast
+++ b/src/freedombone-app-icecast
@ -44,6 +44,10 @@ ICECAST_DIR=/icestream
 ICECAST_PLAYLIST_FILE=/etc/ices2/playlist.txt
 ICECAST_LOGIN_TEXT=$"Icecast login"

+ICECAST_SHORT_DESCRIPTION=$'Media broadcast'
+ICECAST_DESCRIPTION=$'Media broadcast'
+ICECAST_MOBILE_APP_URL=
+
 icecast_variables=(MY_USERNAME
                   MY_EMAIL_ADDRESS
                   ONION_ONLY
--- a/src/freedombone-app-irc
+++ b/src/freedombone-app-irc
@ -41,6 +41,10 @@ IRC_PASSWORD=
 # Number of entries for the bouncer to buffer
 IRC_BUFFER_LENGTH=300

+IRC_SHORT_DESCRIPTION=$'Classic chat system'
+IRC_DESCRIPTION=$'Classic chat system'
+IRC_MOBILE_APP_URL='https://f-droid.org/packages/org.yaaic'
+
 irc_variables=(MY_USERNAME
               MY_NAME
               IRC_PORT
--- a/src/freedombone-app-jitsi
+++ b/src/freedombone-app-jitsi
@ -33,6 +33,7 @@ VARIANTS=""
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
 NOT_ON_ONION=1
+NOT_ON_ARM=1

 VIDEOBRIDGE_PORT=5347
 JITSI_ONION_PORT=8102
@ -43,6 +44,10 @@ JITSI_DOMAIN_NAME=
 JITSI_CODE=
 JITSI_ONION_HOSTNAME=

+JITSI_SHORT_DESCRIPTION=$'Video conferencing'
+JITSI_DESCRIPTION=$'Video conferencing'
+JITSI_MOBILE_APP_URL=
+
 jitsi_variables=(ONION_ONLY
                 JITSI_DOMAIN_NAME
                 JITSI_ONION_HOSTNAME
--- a/src/freedombone-app-kanboard
+++ b/src/freedombone-app-kanboard
@ -38,6 +38,9 @@ KANBOARD_REPO="https://github.com/kanboard/kanboard"
 KANBOARD_COMMIT='7a6b1bc3da0af442e02b5a2dc430a4ded8e7c4ee'
 KANBOARD_ADMIN_PASSWORD=

+KANBOARD_SHORT_DESCRIPTION=$'Simple kanban'
+KANBOARD_DESCRIPTION=$'Simple kanban'
+KANBOARD_MOBILE_APP_URL=

 kanboard_variables=(ONION_ONLY
                    KANBOARD_DOMAIN_NAME
@ -91,7 +94,7 @@ function install_interactive_kanboard {
        while [ ! $KANBOARD_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ $DDNS_PROVIDER == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"KanBoard Configuration" \
                       --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
@ -123,7 +126,7 @@ function install_interactive_kanboard {
                    KANBOARD_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                        KANBOARD_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$KANBOARD_CODE"
                        if [ ! "$VALID_CODE" ]; then
--- a/src/freedombone-app-koel
+++ b/src/freedombone-app-koel
@ -40,6 +40,10 @@ KOEL_REPO="https://github.com/phanan/koel"
 KOEL_COMMIT='8e9b021aa09f2b1460977bdd52fff14ea2bc1607'
 KOEL_ADMIN_PASSWORD=

+KOEL_SHORT_DESCRIPTION=$'Music player'
+KOEL_DESCRIPTION=$'Music player'
+KOEL_MOBILE_APP_URL=
+
 koel_variables=(ONION_ONLY
                KOEL_DOMAIN_NAME
                KOEL_CODE
@ -90,7 +94,7 @@ function install_interactive_koel {
        while [ ! $KOEL_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Koel Configuration" \
                       --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
@ -122,7 +126,7 @@ function install_interactive_koel {
                    KOEL_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                        KOEL_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$KOEL_CODE"
                        if [ ! "$VALID_CODE" ]; then
--- a/src/freedombone-app-lychee
+++ b/src/freedombone-app-lychee
@ -37,6 +37,10 @@ LYCHEE_ONION_PORT=8105
 LYCHEE_REPO="https://github.com/electerious/Lychee"
 LYCHEE_COMMIT='27f207dcbac8488629ffc3b5a9cac78ae123bee9'

+LYCHEE_SHORT_DESCRIPTION=$'Photo album'
+LYCHEE_DESCRIPTION=$'Photo album'
+LYCHEE_MOBILE_APP_URL=
+
 lychee_variables=(LYCHEE_REPO
                  LYCHEE_DOMAIN_NAME
                  LYCHEE_CODE
--- a/src/freedombone-app-mailpile
+++ b/src/freedombone-app-mailpile
@ -35,9 +35,13 @@ MAILPILE_DOMAIN_NAME=
 MAILPILE_CODE=
 MAILPILE_ONION_PORT=8103
 MAILPILE_REPO="https://github.com/mailpile/Mailpile"
-MAILPILE_COMMIT='f82074d2ab5ccd65d14a6b3c6cd65aeb132831d7'
+MAILPILE_COMMIT='4f28f1bb55b3b9985f22ab6372d539b1087482dd'
 MAILPILE_PORT=33411

+MAILPILE_SHORT_DESCRIPTION=$'Email system'
+MAILPILE_DESCRIPTION=$'Email system'
+MAILPILE_MOBILE_APP_URL=
+
 mailpile_variables=(MAILPILE_REPO
                    MAILPILE_DOMAIN_NAME
                    MAILPILE_CODE
@ -105,6 +109,7 @@ function upgrade_mailpile {
    pip install -r requirements.txt

    chown -R mailpile:mailpile "/var/www/$MAILPILE_DOMAIN_NAME/mail"
+    systemctl restart mailpile
 }

 function backup_local_mailpile {
@ -171,6 +176,7 @@ function install_mailpile {
    fi

    apt-get -yq install python-pip python-lxml python-dev libjpeg-dev
+    apt-get -yq install openssl python-pgpdump python-cryptography libssl-dev

    if [ ! -d /var/www/$MAILPILE_DOMAIN_NAME ]; then
        mkdir /var/www/$MAILPILE_DOMAIN_NAME
--- a/src/freedombone-app-matrix
+++ b/src/freedombone-app-matrix
@ -48,11 +48,15 @@ MATRIX_PORT=8009
 MATRIX_FEDERATION_ONION_PORT=8111
 MATRIX_ONION_PORT=8109
 MATRIX_REPO="https://github.com/matrix-org/synapse"
-MATRIX_COMMIT='ddb00efc1ddec646d02e8def6053003f04d077d7'
+MATRIX_COMMIT='9e8ab0a4f44a3ec9e4b049f5571c14e333e8f0fa'
 REPORT_STATS="no"
 MATRIX_SECRET=
 MATRIX_EXPIRE_MONTHS=1

+MATRIX_SHORT_DESCRIPTION=$'Chat system'
+MATRIX_DESCRIPTION=$'Chat system'
+MATRIX_MOBILE_APP_URL='https://f-droid.org/packages/im.vector.alpha'
+
 matrix_variables=(ONION_ONLY
                  MY_USERNAME
                  MATRIX_SECRET
@ -418,6 +422,11 @@ function upgrade_matrix {
    function_check set_repo_commit
    set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
    cd /etc/matrix || exit 62476724
+    if [ ! -d /etc/matrix/tmp ]; then
+        mkdir /etc/matrix/tmp
+    fi
+    export TMPDIR=/etc/matrix/tmp
+
    pip install --upgrade --process-dependency-links .
    pip install --upgrade --force "pynacl>=1.2.1"

@ -426,7 +435,8 @@ function upgrade_matrix {
    chown -R matrix:matrix /etc/matrix
    chown -R matrix:matrix $MATRIX_DATA_DIR

-    pip install --upgrade --force "pynacl==0.3.0"
+    pip install --upgrade --force "pynacl>=1.2.1"
+    pip install --upgrade --force "canonicaljson>=1.1.3"
    pip install --upgrade --force "phonenumbers>=8.2.0"

    if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
@ -434,6 +444,11 @@ function upgrade_matrix {
    fi
    systemctl start turn
    systemctl start matrix
+
+    export TMPDIR=/tmp
+    if [ -d /etc/matrix/tmp ]; then
+        rm -rf /etc/matrix/tmp/*
+    fi
 }

 function backup_local_matrix {
@ -794,7 +809,8 @@ function install_matrix {
    # wait for nginx to start otherwise user add fails later
    sleep 5

-    pip install --upgrade --force "pynacl==0.3.0"
+    pip install --upgrade --force "pynacl>=1.2.1"
+    pip install --upgrade --force "canonicaljson>=1.1.3"

    if [[ $(add_user_matrix "${MY_USERNAME}" "${MATRIX_PASSWORD}" | tail -n 1) != "0" ]]; then
        echo $'Failed to add matrix admin user';
--- a/src/freedombone-app-mediagoblin
+++ b/src/freedombone-app-mediagoblin
@ -35,11 +35,15 @@ MEDIAGOBLIN_DOMAIN_NAME=
 MEDIAGOBLIN_ADMIN_PASSWORD=
 MEDIAGOBLIN_CODE=
 MEDIAGOBLIN_ONION_PORT=8108
-MEDIAGOBLIN_REPO="http://git.savannah.gnu.org/r/mediagoblin.git"
+MEDIAGOBLIN_REPO="https://git.savannah.gnu.org/git/mediagoblin.git"
 MEDIAGOBLIN_COMMIT='c4d3293dfa4076719e60fe9e052add07426f9a9a'
 MEDIAGOBLIN_BASE_DIR=/var/www/mediagoblin.local/htdocs
 MEDIAGOBLIN_PORT=6543

+MEDIAGOBLIN_SHORT_DESCRIPTION=$'Media storage and broadcast'
+MEDIAGOBLIN_DESCRIPTION=$'Media storage and broadcast'
+MEDIAGOBLIN_MOBILE_APP_URL=
+
 mediagoblin_variables=(ONION_ONLY
                       MY_USERNAME
                       MEDIAGOBLIN_DOMAIN_NAME
--- a/src/freedombone-app-movim
+++ b/src/freedombone-app-movim
@ -39,6 +39,10 @@ MOVIM_COMMIT='6142c2033b7695448516a67690324a3bde048260'
 MOVIM_ADMIN_PASSWORD=
 MOVIM_DAEMON_PORT=8880

+MOVIM_SHORT_DESCRIPTION=$'xmpp based chat system'
+MOVIM_DESCRIPTION=$'xmpp based chat system'
+MOVIM_MOBILE_APP_URL='https://f-droid.org/packages/com.movim.movim'
+
 movim_variables=(ONION_ONLY
                 MOVIM_DOMAIN_NAME
                 MOVIM_CODE
@ -79,7 +83,7 @@ function install_interactive_movim {
        while [ ! $MOVIM_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Movim Configuration" \
                       --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
@ -106,7 +110,7 @@ function install_interactive_movim {
                    MOVIM_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                        MOVIM_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$MOVIM_CODE"
                        if [ ! "$VALID_CODE" ]; then
--- a/src/freedombone-app-mumble
+++ b/src/freedombone-app-mumble
@ -40,6 +40,10 @@ MUMBLE_PORT=64738
 MUMBLE_DATABASE="mumble-server.sqlite"
 MUMBLE_CONFIG_FILE="mumble-server.ini"

+MUMBLE_SHORT_DESCRIPTION=$'Voice chat'
+MUMBLE_DESCRIPTION=$'Voice chat'
+MUMBLE_MOBILE_APP_URL='https://f-droid.org/packages/com.morlunk.mumbleclient'
+
 mumble_variables=(MY_USERNAME
                  DEFAULT_DOMAIN_NAME
                  MUMBLE_PORT
--- a/src/freedombone-app-nextcloud
+++ b/src/freedombone-app-nextcloud
@ -38,8 +38,13 @@ NEXTCLOUD_CODE=
 NEXTCLOUD_ONION_PORT=8112
 NEXTCLOUD_REPO="https://github.com/nextcloud/server"
 # Stable 13 branch
-NEXTCLOUD_COMMIT='b16824db31cd00e26e72216bf995d52389b9c93c'
+NEXTCLOUD_COMMIT='edd5712c6ead5b09fa4f996cfda66fc4e18ba597'
 NEXTCLOUD_ADMIN_PASSWORD=
+NEXTCLOUD_SERVER_SIDE_ENCRYPTION=1
+
+NEXTCLOUD_SHORT_DESCRIPTION=$'File storage and sync'
+NEXTCLOUD_DESCRIPTION=$'File storage and sync'
+NEXTCLOUD_MOBILE_APP_URL='https://f-droid.org/packages/com.nextcloud.client'

 nextcloud_variables=(ONION_ONLY
                     NEXTCLOUD_DOMAIN_NAME
@ -83,6 +88,16 @@ function install_interactive_nextcloud {
        ONION_ONLY='no'
    fi

+    dialog --title $"Enable NextCloud server side encryption" \
+           --backtitle $"Freedombone Configuration" \
+           --yesno $"\\nDo you want to enable server side encryption. On ARM or older x86 systems, especially without HRNG, this may make performance excessively slow?" 10 60
+    sel=$?
+    case $sel in
+        1) NEXTCLOUD_SERVER_SIDE_ENCRYPTION=
+           ;;
+        255) return;;
+    esac
+
    if [[ $ONION_ONLY != "no" ]]; then
        NEXTCLOUD_DOMAIN_NAME='nextcloud.local'
    else
@ -90,7 +105,7 @@ function install_interactive_nextcloud {
        while [ ! $NEXTCLOUD_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"NextCloud Configuration" \
                       --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
@ -119,7 +134,7 @@ function install_interactive_nextcloud {
                    NEXTCLOUD_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                        NEXTCLOUD_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$NEXTCLOUD_CODE"
                        if [ ! "$VALID_CODE" ]; then
@ -668,12 +683,14 @@ function install_nextcloud_main {
    sudo -u www-data ./occ check
    sudo -u www-data ./occ status
    sudo -u www-data ./occ app:list
-    sudo -u www-data ./occ app:enable encryption
-    if ! sudo -u www-data ./occ encryption:enable; then
-        echo $'Encryption not enabled'
-        exit 73527
+    if [ $NEXTCLOUD_SERVER_SIDE_ENCRYPTION ]; then
+        sudo -u www-data ./occ app:enable encryption
+        if ! sudo -u www-data ./occ encryption:enable; then
+            echo $'Encryption not enabled'
+            exit 73527
+        fi
+        sudo -u www-data ./occ encryption:status
    fi
-    sudo -u www-data ./occ encryption:status
    sudo -u www-data ./occ config:system:set appstoreenabled --value=false
    chmod g+w "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
    chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
--- a/src/freedombone-app-peertube
+++ b/src/freedombone-app-peertube
@ -33,6 +33,7 @@ VARIANTS="full full-vim media"

 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1

 PEERTUBE_DOMAIN_NAME=
 PEERTUBE_CODE=
@ -43,6 +44,10 @@ PEERTUBE_PORT=9004
 MESH_PEERTUBE_PORT=8500
 PEERTUBE_DIR=/etc/peertube

+PEERTUBE_SHORT_DESCRIPTION=$'Video broadcast'
+PEERTUBE_DESCRIPTION=$'Video broadcast'
+PEERTUBE_MOBILE_APP_URL=
+
 peertube_variables=(PEERTUBE_DOMAIN_NAME
                    PEERTUBE_CODE
                    PEERTUBE_ADMIN_PASSWORD
--- a/src/freedombone-app-pelican
+++ b/src/freedombone-app-pelican
@ -380,7 +380,7 @@ function install_interactive_pelican {
        while [ ! $PELICAN_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Pelican Blog Configuration" \
                       --form $"\\nPlease enter your blog details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
@ -412,7 +412,7 @@ function install_interactive_pelican {
                    PELICAN_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                        PELICAN_BLOG_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$PELICAN_BLOG_CODE"
                        if [ ! "$VALID_CODE" ]; then
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@ -36,7 +36,7 @@ PLEROMA_CODE=
 PLEROMA_PORT=4000
 PLEROMA_ONION_PORT=8011
 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
-PLEROMA_COMMIT='762f6edc29a7a48e3a663e9bedec58e0036ff363'
+PLEROMA_COMMIT='6b9a6838331210dd514d5ecda52783c183bd1bbf'
 PLEROMA_ADMIN_PASSWORD=
 PLEROMA_DIR=/etc/pleroma
 PLEROMA_SECRET_KEY=""
@ -51,6 +51,10 @@ PLEROMA_EXPIRE_MONTHS=3
 pleroma_expire_posts_script=/usr/bin/pleroma-expire-posts
 blocking_script_file=/usr/bin/pleroma-blocking

+PLEROMA_SHORT_DESCRIPTION=$'Federated microblogging'
+PLEROMA_DESCRIPTION=$'Federated microblogging'
+PLEROMA_MOBILE_APP_URL='https://f-droid.org/packages/com.keylesspalace.tusky'
+
 pleroma_variables=(ONION_ONLY
                   PLEROMA_DOMAIN_NAME
                   PLEROMA_CODE
@ -335,7 +339,7 @@ function install_interactive_pleroma {
        while [ ! $PLEROMA_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Pleroma Configuration" \
                       --form $"\\nPlease enter your Pleroma details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
@ -379,7 +383,7 @@ function install_interactive_pleroma {
                    PLEROMA_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                        PLEROMA_CODE=$(sed -n 4p < "$data")
                        validate_freedns_code "$PLEROMA_CODE"
                        if [ ! "$VALID_CODE" ]; then
--- a/src/freedombone-app-postactiv
+++ b/src/freedombone-app-postactiv
@ -45,6 +45,10 @@ POSTACTIV_TITLE='PostActiv'
 # Number of months after which posts expire
 POSTACTIV_EXPIRE_MONTHS=3

+POSTACTIV_SHORT_DESCRIPTION=$'Federated microblogging'
+POSTACTIV_DESCRIPTION=$'Federated microblogging'
+POSTACTIV_MOBILE_APP_URL='https://f-droid.org/packages/org.mariotaku.twidere/'
+
 postactiv_variables=(ONION_ONLY
                     POSTACTIV_DOMAIN_NAME
                     POSTACTIV_CODE
@ -118,7 +122,7 @@ function install_interactive_postactiv {
        while [ ! $POSTACTIV_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"PostActiv Configuration" \
                       --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
@ -162,7 +166,7 @@ function install_interactive_postactiv {
                    POSTACTIV_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                        POSTACTIV_CODE=$(sed -n 4p < "$data")
                        validate_freedns_code "$POSTACTIV_CODE"
                        if [ ! "$VALID_CODE" ]; then
--- a/src/freedombone-app-privatebin
+++ b/src/freedombone-app-privatebin
@ -38,6 +38,10 @@ PRIVATEBIN_REPO="https://github.com/PrivateBin/PrivateBin"
 PRIVATEBIN_COMMIT='9c132cd839fd5e91da18e4a1e8ebef64fce605fb'
 PRIVATEBIN_ADMIN_PASSWORD=

+PRIVATEBIN_SHORT_DESCRIPTION=$'Zero knowledge pastebin'
+PRIVATEBIN_DESCRIPTION=$'Zero knowledge pastebin'
+PRIVATEBIN_MOBILE_APP_URL=
+
 privatebin_variables=(ONION_ONLY
                      PRIVATEBIN_DOMAIN_NAME
                      PRIVATEBIN_CODE
@ -55,6 +59,7 @@ function secure_privatebin {

    chown -R ${rootuser}:${htgroup} "${pbpath}/"
    chown -R www-data:www-data "${pbdata}"
+    chmod 755 "${pbdata}"
 }

 function logging_on_privatebin {
@ -89,7 +94,7 @@ function install_interactive_privatebin {
        while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"PrivateBin Configuration" \
                       --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
@ -121,7 +126,7 @@ function install_interactive_privatebin {
                    PRIVATEBIN_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                        PRIVATEBIN_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$PRIVATEBIN_CODE"
                        if [ ! "$VALID_CODE" ]; then
@ -153,15 +158,16 @@ function reconfigure_privatebin {
 }

 function upgrade_privatebin {
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
+        PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
+    fi
+    chmod 755 "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
+
    CURR_PRIVATEBIN_COMMIT=$(get_completion_param "privatebin commit")
    if [[ "$CURR_PRIVATEBIN_COMMIT" == "$PRIVATEBIN_COMMIT" ]]; then
        return
    fi

-    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
-        PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    fi
-
    # update to the next commit
    function_check set_repo_commit
    set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO"
@ -436,8 +442,6 @@ function install_privatebin {
    sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
    sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
    sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
-    sed -i 's|1week =|; 1week =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
-    sed -i 's|1month =|; 1month =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
    sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
    sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
    sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
--- a/src/freedombone-app-riot
+++ b/src/freedombone-app-riot
@ -32,9 +32,9 @@ IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
 NOT_ON_ONION=1

-RIOT_VERSION='0.13.3'
+RIOT_VERSION='0.15.3'
 RIOT_FILENAME="riot-v${RIOT_VERSION}"
-RIOT_HASH='bcd6c2f4be018612ac76a71b58749a5edab1e02de7d145a22d9b9aa6e6a89129'
+RIOT_HASH='0aecaa1c0d1e387c1730fea33cdb01b1a296e6146b7aef6a819fa90d9efc026e'
 RIOT_DOWNLOAD_URL="https://github.com/vector-im/riot-web/releases/download/v${RIOT_VERSION}"
 RIOT_ONION_PORT=8115
 RIOT_ONION_HOSTNAME=
@ -76,7 +76,7 @@ function install_interactive_riot {
        while [ ! $RIOT_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Riot Web user interface for Matrix" \
                       --form $"\\nPlease enter your details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
@ -105,7 +105,7 @@ function install_interactive_riot {
                    RIOT_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
-                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+                    if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                        RIOT_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$RIOT_CODE"
                        if [ ! "$VALID_CODE" ]; then
--- a/src/freedombone-app-rocketchat
+++ b/src/freedombone-app-rocketchat
@ -0,0 +1,343 @@
+#!/bin/bash
+#
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS='full full-vim'
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+NOT_ON_ARM=1
+
+ROCKETCHAT_DOMAIN_NAME=
+ROCKETCHAT_CODE=
+ROCKETCHAT_ONION_PORT=9722
+ROCKETCHAT_PORT_INTERNAL=3000
+
+ROCKETCHAT_SHORT_DESCRIPTION=$'Chat system'
+ROCKETCHAT_DESCRIPTION=$'Chat system'
+ROCKETCHAT_MOBILE_APP_URL=
+
+rocketchat_variables=(ONION_ONLY
+                      ROCKETCHAT_DOMAIN_NAME
+                      ROCKETCHAT_CODE
+                      DDNS_PROVIDER
+                      MY_USERNAME)
+
+function logging_on_rocketchat {
+    echo -n ''
+}
+
+function logging_off_rocketchat {
+    echo -n ''
+}
+
+function remove_user_rocketchat {
+    remove_username="$1"
+
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp rocketchat
+}
+
+function add_user_rocketchat {
+    new_username="$1"
+    new_user_password="$2"
+
+    "${PROJECT_NAME}-pass" -u "$new_username" -a rocketchat -p "$new_user_password"
+    echo '0'
+}
+
+function install_interactive_rocketchat {
+    if [ ! "$ONION_ONLY" ]; then
+        ONION_ONLY='no'
+    fi
+
+    if [[ "$ONION_ONLY" != "no" ]]; then
+        ROCKETCHAT_DOMAIN_NAME='rocketchat.local'
+        write_config_param "ROCKETCHAT_DOMAIN_NAME" "$ROCKETCHAT_DOMAIN_NAME"
+    else
+        interactive_site_details "rocketchat" "ROCKETCHAT_DOMAIN_NAME" "ROCKETCHAT_CODE"
+    fi
+    APP_INSTALLED=1
+}
+
+function change_password_rocketchat {
+    curr_username="$1"
+    new_user_password="$2"
+
+    read_config_param 'ROCKETCHAT_DOMAIN_NAME'
+
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a rocketchat -p "$new_user_password"
+}
+
+function reconfigure_rocketchat {
+    # This is used if you need to switch identity. Dump old keys and generate new ones
+    echo -n ''
+}
+
+function upgrade_rocketchat {
+    echo -n ''
+}
+
+function backup_local_rocketchat {
+    ROCKETCHAT_DOMAIN_NAME='rocketchat'
+    if grep -q "rocketchat domain" "$COMPLETION_FILE"; then
+        ROCKETCHAT_DOMAIN_NAME=$(get_completion_param "rocketchat domain")
+    fi
+
+    source_directory=/var/snap/rocketchat-server
+
+    suspend_site "${ROCKETCHAT_DOMAIN_NAME}"
+
+    systemctl stop rocketchat
+
+    dest_directory=rocketchat
+    backup_directory_to_usb "$source_directory" $dest_directory
+
+    restart_site
+    systemctl start rocketchat
+}
+
+function restore_local_rocketchat {
+    if ! grep -q "rocketchat domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    ROCKETCHAT_DOMAIN_NAME=$(get_completion_param "rocketchat domain")
+    if [ ! "$ROCKETCHAT_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${ROCKETCHAT_DOMAIN_NAME}"
+    systemctl stop rocketchat
+
+    temp_restore_dir=/root/temprocketchat
+    rocketchat_dir=/var/snap/rocketchat-server
+
+    restore_directory_from_usb $temp_restore_dir rocketchat
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$rocketchat_dir" ]; then
+            cp -rp "$temp_restore_dir$rocketchat_dir"/* "$rocketchat_dir"/
+        else
+            if [ ! -d "$rocketchat_dir" ]; then
+                mkdir "$rocketchat_dir"
+            fi
+            cp -rp "$temp_restore_dir"/* "$rocketchat_dir"/
+        fi
+        rm -rf $temp_restore_dir
+    fi
+    systemctl start rocketchat
+
+    restart_site
+}
+
+function backup_remote_rocketchat {
+    ROCKETCHAT_DOMAIN_NAME='rocketchat'
+    if grep -q "rocketchat domain" "$COMPLETION_FILE"; then
+        ROCKETCHAT_DOMAIN_NAME=$(get_completion_param "rocketchat domain")
+    fi
+
+    source_directory=/var/snap/rocketchat-server
+
+    suspend_site "${ROCKETCHAT_DOMAIN_NAME}"
+    systemctl stop rocketchat
+
+    dest_directory=rocketchat
+    backup_directory_to_friend "$source_directory" $dest_directory
+
+    systemctl start rocketchat
+
+    restart_site
+}
+
+function restore_remote_rocketchat {
+    if ! grep -q "rocketchat domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    ROCKETCHAT_DOMAIN_NAME=$(get_completion_param "rocketchat domain")
+    if [ ! "$ROCKETCHAT_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${ROCKETCHAT_DOMAIN_NAME}"
+    systemctl stop rocketchat
+
+    temp_restore_dir=/root/temprocketchat
+    rocketchat_dir=/var/snap/rocketchat-server
+
+    restore_directory_from_friend $temp_restore_dir rocketchat
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$rocketchat_dir" ]; then
+            cp -rp "$temp_restore_dir$rocketchat_dir"/* "$rocketchat_dir"/
+        else
+            if [ ! -d "$rocketchat_dir" ]; then
+                mkdir "$rocketchat_dir"
+            fi
+            cp -rp $temp_restore_dir/* "$rocketchat_dir"/
+        fi
+        rm -rf $temp_restore_dir
+    fi
+    systemctl start rocketchat
+
+    restart_site
+}
+
+function remove_rocketchat {
+    nginx_dissite "$ROCKETCHAT_DOMAIN_NAME"
+    remove_certs "$ROCKETCHAT_DOMAIN_NAME"
+
+    remove_nodejs rocketchat
+
+    if [ -d "/var/www/$ROCKETCHAT_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$ROCKETCHAT_DOMAIN_NAME"
+    fi
+    if [ -f "/etc/nginx/sites-available/$ROCKETCHAT_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$ROCKETCHAT_DOMAIN_NAME"
+    fi
+    remove_onion_service rocketchat "${ROCKETCHAT_ONION_PORT}"
+    if grep -q "rocketchat" /etc/crontab; then
+        sed -i "/rocketchat/d" /etc/crontab
+    fi
+    remove_app rocketchat
+    remove_completion_param install_rocketchat
+    sed -i '/rocketchat/d' "$COMPLETION_FILE"
+
+    remove_ddns_domain "$ROCKETCHAT_DOMAIN_NAME"
+
+    remove_snap rocketchat-server
+}
+
+function install_rocketchat {
+    install_snap rocketchat-server
+
+    install_nodejs rocketchat
+    if [ ! "$ROCKETCHAT_DOMAIN_NAME" ]; then
+        echo $'No domain name was given'
+        exit 3568356
+    fi
+
+    if [ -d "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs"
+    fi
+    mkdir -p "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs"
+
+    chmod g+w "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs"
+
+    add_ddns_domain "$ROCKETCHAT_DOMAIN_NAME"
+
+    ROCKETCHAT_ONION_HOSTNAME=$(add_onion_service rocketchat 80 "${ROCKETCHAT_ONION_PORT}")
+
+    rocketchat_nginx_site=/etc/nginx/sites-available/$ROCKETCHAT_DOMAIN_NAME
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        nginx_http_redirect "$ROCKETCHAT_DOMAIN_NAME" "index index.html"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $ROCKETCHAT_DOMAIN_NAME;";
+          echo ''; } >> "$rocketchat_nginx_site"
+        nginx_compress "$ROCKETCHAT_DOMAIN_NAME"
+        echo '' >> "$rocketchat_nginx_site"
+        echo '  # Security' >> "$rocketchat_nginx_site"
+        nginx_ssl "$ROCKETCHAT_DOMAIN_NAME"
+
+        nginx_security_options "$ROCKETCHAT_DOMAIN_NAME"
+
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.html;';
+          echo '  # Location';
+          echo '  location / {'; } >> "$rocketchat_nginx_site"
+        nginx_limits "$ROCKETCHAT_DOMAIN_NAME" '15m'
+        { echo "    proxy_pass http://localhost:$ROCKETCHAT_PORT_INTERNAL;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo "    proxy_set_header Connection \"upgrade\";"
+          echo "    proxy_set_header Host \$http_host;"
+          echo '';
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header X-Forward-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_set_header X-Forward-Proto http;';
+          echo '    proxy_set_header X-Nginx-Proxy true;';
+          echo '';
+          echo '    proxy_redirect off;';
+          echo '  }';
+          echo '}'; } >> "$rocketchat_nginx_site"
+    else
+        echo -n '' > "$rocketchat_nginx_site"
+    fi
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$ROCKETCHAT_ONION_PORT default_server;";
+      echo "    server_name $ROCKETCHAT_ONION_HOSTNAME;";
+      echo ''; } >> "$rocketchat_nginx_site"
+    nginx_compress "$ROCKETCHAT_DOMAIN_NAME"
+    echo '' >> "$rocketchat_nginx_site"
+    nginx_security_options "$ROCKETCHAT_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$ROCKETCHAT_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.html;';
+      echo '  # Location';
+      echo '  location / {'; } >> "$rocketchat_nginx_site"
+    nginx_limits "$ROCKETCHAT_DOMAIN_NAME" '15m'
+    { echo "    proxy_pass http://localhost:$ROCKETCHAT_PORT_INTERNAL;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo "    proxy_set_header Connection \"upgrade\";"
+      echo "    proxy_set_header Host \$http_host;"
+      echo '';
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forward-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_set_header X-Forward-Proto http;';
+      echo '    proxy_set_header X-Nginx-Proxy true;';
+      echo '';
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '}'; } >> "$rocketchat_nginx_site"
+
+    # If content security is enabled then the https site won't load
+    sed -i 's|add_header Content-Security-Policy|#add_header Content-Security-Policy|g' "$rocketchat_nginx_site"
+
+    create_site_certificate "$ROCKETCHAT_DOMAIN_NAME" 'yes'
+
+    nginx_ensite "$ROCKETCHAT_DOMAIN_NAME"
+
+    systemctl restart nginx
+
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a rocketchat -p "$ROCKETCHAT_ADMIN_PASSWORD"
+    set_completion_param "rocketchat domain" "$ROCKETCHAT_DOMAIN_NAME"
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"
--- a/src/freedombone-app-smolrss
+++ b/src/freedombone-app-smolrss
@ -0,0 +1,409 @@
+#!/bin/bash
+#
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS='full full-vim'
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+SHOW_ICANN_ADDRESS_ON_ABOUT=0
+
+SMOLRSS_DOMAIN_NAME=
+SMOLRSS_CODE=
+SMOLRSS_ONION_PORT=8751
+SMOLRSS_REPO="https://github.com/bashrc/smolrss"
+SMOLRSS_COMMIT='d9fca3fd76b95c601553a1264ff500c287211105'
+
+smolrss_variables=(ONION_ONLY
+                   SMOLRSS_DOMAIN_NAME
+                   SMOLRSS_CODE
+                   DDNS_PROVIDER
+                   MY_USERNAME)
+
+function logging_on_smolrss {
+    echo -n ''
+}
+
+function logging_off_smolrss {
+    echo -n ''
+}
+
+function remove_user_smolrss {
+    #remove_username="$1"
+    echo -n ''
+}
+
+function add_user_smolrss {
+    #new_username="$1"
+    #new_user_password="$2"
+
+    echo '0'
+}
+
+function install_interactive_smolrss {
+    echo -n ''
+    APP_INSTALLED=1
+}
+
+function change_password_smolrss {
+    #curr_username="$1"
+    #new_user_password="$2"
+    echo -n ''
+}
+
+function reconfigure_smolrss {
+    # This is used if you need to switch identity. Dump old keys and generate new ones
+    echo -n ''
+}
+
+function smolrss_add_feed {
+    data=$(mktemp 2>/dev/null)
+    dialog --backtitle $"Smol RSS" \
+           --title $"Add an RSS feed" \
+           --form "\\n" 8 60 3 \
+           $"Title:" 1 1 "" 1 12 40 256 \
+           $"Feed URL:" 2 1 "" 2 12 40 10000 \
+           2> "$data"
+    sel=$?
+    case $sel in
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
+    esac
+    title=$(sed -n 1p < "$data")
+    url=$(sed -n 2p < "$data")
+    rm -f "$data"
+
+    if [ ! "$title" ]; then
+        return
+    fi
+
+    if [ ! "$url" ]; then
+        return
+    fi
+
+    if [[ "$url" == *','* ]]; then
+        return
+    fi
+    if [[ "$url" != *'.'* ]]; then
+        return
+    fi
+
+    cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || return
+
+    if grep -q "${title}," feeds.txt; then
+        sed -i "s|${title},.*|${title},${url}|g" feeds.txt
+    else
+        echo "${title},${url}" >> feeds.txt
+    fi
+
+    ./create_feeds feeds.txt > feeds.xml
+    chown www-data:www-data feeds.txt
+
+    dialog --title $"Add an RSS feed" \
+           --msgbox $"${title} has been added" 6 70
+}
+
+function smolrss_remove_feed {
+    data=$(mktemp 2>/dev/null)
+    dialog --title $"Remove an RSS feed" \
+           --backtitle $"Smol RSS" \
+           --inputbox $"Enter the title of the feed to remove" 8 60 2>"$data"
+    sel=$?
+    case $sel in
+        0)
+            title=$(<"$data")
+            if [ "$title" ]; then
+                cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || return
+                if grep -q "${title}," feeds.txt; then
+                    sed -i "/${title},/d" feeds.xml
+                    ./create_feeds feeds.txt > feeds.xml
+                    chown www-data:www-data feeds.txt
+                    dialog --title $"Remove an RSS feed" \
+                           --msgbox $"${title} has been removed" 6 70
+                fi
+            fi
+            ;;
+    esac
+    rm -f "$data"
+}
+
+function configure_interactive_smolrss {
+    W=(1 $"Add an RSS feed"
+       2 $"Remove an RSS feed"
+       3 $'Edit all feeds'
+       4 $'Light theme'
+       5 $'Dark theme')
+
+    read_config_param SMOLRSS_DOMAIN_NAME
+
+    while true
+    do
+
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Smol RSS" --menu $"Choose an operation, or ESC for main menu:" 14 70 5 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+            break
+        fi
+        case $selection in
+            1) smolrss_add_feed
+               ;;
+            2) smolrss_remove_feed
+               ;;
+            3) editor "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs/feeds.txt"
+               cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || break
+               ./create_feeds feeds.txt > feeds.xml
+               chown www-data:www-data feeds.txt
+               ;;
+            4) cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || break
+               cp style.light.css style.css
+               chown www-data:www-data style.css
+               dialog --title $"Smol RSS theme" \
+                      --msgbox $"Switched theme to light" 6 50
+               ;;
+            5) cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || break
+               cp style.dark.css style.css
+               chown www-data:www-data style.css
+               dialog --title $"Smol RSS theme" \
+                      --msgbox $"Switched theme to dark" 6 50
+               ;;
+        esac
+    done
+}
+
+function upgrade_smolrss {
+    CURR_SMOLRSS_COMMIT=$(get_completion_param "smolrss commit")
+    if [[ "$CURR_SMOLRSS_COMMIT" == "$SMOLRSS_COMMIT" ]]; then
+        return
+    fi
+
+    if grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    fi
+
+    # update to the next commit
+    set_repo_commit "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" "smolrss commit" "$SMOLRSS_COMMIT" "$SMOLRSS_REPO"
+
+    cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || return
+    ./create_feeds feeds.txt > feeds.xml
+
+    chown -R www-data:www-data "/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs"
+}
+
+function backup_local_smolrss {
+    SMOLRSS_DOMAIN_NAME='smolrss'
+    if grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    fi
+
+    source_directory=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs
+
+    suspend_site "${SMOLRSS_DOMAIN_NAME}"
+
+    dest_directory=smolrss
+    backup_directory_to_usb "$source_directory" $dest_directory
+
+    restart_site
+}
+
+function restore_local_smolrss {
+    if ! grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    if [ ! "$SMOLRSS_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${SMOLRSS_DOMAIN_NAME}"
+    temp_restore_dir=/root/tempsmolrss
+    smolrss_dir=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs
+
+    restore_directory_from_usb $temp_restore_dir smolrss
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$smolrss_dir" ]; then
+            cp -rp "$temp_restore_dir$smolrss_dir"/* "$smolrss_dir"/
+        else
+            if [ ! -d "$smolrss_dir" ]; then
+                mkdir "$smolrss_dir"
+            fi
+            cp -rp "$temp_restore_dir"/* "$smolrss_dir"/
+        fi
+        chown -R www-data:www-data "$smolrss_dir"
+        rm -rf $temp_restore_dir
+    fi
+    restart_site
+}
+
+function backup_remote_smolrss {
+    SMOLRSS_DOMAIN_NAME='smolrss'
+    if grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    fi
+
+    source_directory=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs
+
+    suspend_site "${SMOLRSS_DOMAIN_NAME}"
+
+    dest_directory=smolrss
+    backup_directory_to_friend "$source_directory" $dest_directory
+
+    restart_site
+}
+
+function restore_remote_smolrss {
+    if ! grep -q "smolrss domain" "$COMPLETION_FILE"; then
+        return
+    fi
+    SMOLRSS_DOMAIN_NAME=$(get_completion_param "smolrss domain")
+    if [ ! "$SMOLRSS_DOMAIN_NAME" ]; then
+        return
+    fi
+    suspend_site "${SMOLRSS_DOMAIN_NAME}"
+    temp_restore_dir=/root/tempsmolrss
+    smolrss_dir=/var/www/${SMOLRSS_DOMAIN_NAME}/htdocs
+
+    restore_directory_from_friend $temp_restore_dir smolrss
+    if [ -d $temp_restore_dir ]; then
+        if [ -d "$temp_restore_dir$smolrss_dir" ]; then
+            cp -rp "$temp_restore_dir$smolrss_dir"/* "$smolrss_dir"/
+        else
+            if [ ! -d "$smolrss_dir" ]; then
+                mkdir "$smolrss_dir"
+            fi
+            cp -rp $temp_restore_dir/* "$smolrss_dir"/
+        fi
+        chown -R www-data:www-data "$smolrss_dir"
+        rm -rf $temp_restore_dir
+    fi
+    restart_site
+}
+
+function remove_smolrss {
+    nginx_dissite "$SMOLRSS_DOMAIN_NAME"
+    remove_certs "$SMOLRSS_DOMAIN_NAME"
+
+
+    if [ -d "/var/www/$SMOLRSS_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$SMOLRSS_DOMAIN_NAME"
+    fi
+    if [ -f "/etc/nginx/sites-available/$SMOLRSS_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$SMOLRSS_DOMAIN_NAME"
+    fi
+    remove_onion_service smolrss "${SMOLRSS_ONION_PORT}"
+    if grep -q "smolrss" /etc/crontab; then
+        sed -i "/smolrss/d" /etc/crontab
+    fi
+    remove_app smolrss
+    remove_completion_param install_smolrss
+    sed -i '/smolrss/d' "$COMPLETION_FILE"
+
+    remove_ddns_domain "$SMOLRSS_DOMAIN_NAME"
+}
+
+function install_smolrss {
+    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
+    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
+
+    SMOLRSS_DOMAIN_NAME='smolrss.local'
+
+    if [ -d "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+    fi
+    if [ -d /repos/smolrss ]; then
+        mkdir "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+        cp -r -p /repos/smolrss/. "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+        cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || exit 324687356
+        git pull
+    else
+        git_clone "$SMOLRSS_REPO" "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+    fi
+
+    if [ ! -d "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" ]; then
+        echo $'Unable to clone smolrss repo'
+        exit 87525
+    fi
+
+    cd "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs" || exit 36587356
+    git checkout "$SMOLRSS_COMMIT" -b "$SMOLRSS_COMMIT"
+    set_completion_param "smolrss commit" "$SMOLRSS_COMMIT"
+
+    cp feeds.example.txt feeds.txt
+    ./create_feeds feeds.txt > feeds.xml
+
+    chmod g+w "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$SMOLRSS_DOMAIN_NAME/htdocs"
+
+    add_ddns_domain "$SMOLRSS_DOMAIN_NAME"
+
+    SMOLRSS_ONION_HOSTNAME=$(add_onion_service smolrss 80 "${SMOLRSS_ONION_PORT}")
+
+    smolrss_nginx_site=/etc/nginx/sites-available/$SMOLRSS_DOMAIN_NAME
+    echo -n '' > "$smolrss_nginx_site"
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$SMOLRSS_ONION_PORT default_server;";
+      echo "    server_name $SMOLRSS_ONION_HOSTNAME;";
+      echo ''; } >> "$smolrss_nginx_site"
+    nginx_compress "$SMOLRSS_DOMAIN_NAME"
+    echo '' >> "$smolrss_nginx_site"
+    nginx_security_options "$SMOLRSS_DOMAIN_NAME"
+    { echo '';
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
+      echo "    root /var/www/$SMOLRSS_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '    fastcgi_param HTTPS off;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$smolrss_nginx_site"
+    nginx_limits "$SMOLRSS_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ index.php?\$args;";
+      echo '  }';
+      echo '}'; } >> "$smolrss_nginx_site"
+
+    configure_php
+
+    nginx_ensite "$SMOLRSS_DOMAIN_NAME"
+
+    systemctl restart php7.0-fpm
+
+    systemctl restart nginx
+
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a smolrss -p "$SMOLRSS_ADMIN_PASSWORD"
+    set_completion_param "smolrss domain" "$SMOLRSS_DOMAIN_NAME"
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"
--- a/src/freedombone-app-syncthing
+++ b/src/freedombone-app-syncthing
@ -40,6 +40,10 @@ SYNCTHING_PORT=22000
 SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared
 SYNCTHING_USER_IDS_FILE='.syncthingids'

+SYNCTHING_SHORT_DESCRIPTION=$'File synchronization'
+SYNCTHING_DESCRIPTION=$'File synchronization'
+SYNCTHING_MOBILE_APP_URL='https://f-droid.org/packages/com.nutomic.syncthingandroid'
+
 syncthing_variables=(SYNCTHING_ID
                     SYNCTHING_CONFIG_PATH
                     SYNCTHING_CONFIG_FILE
@ -213,33 +217,26 @@ function run_client_syncthing {
    SYNCTHING_CONFIG_FILE=~/.syncthingids
    SYNCTHING_ID=$(cat ~/.syncthing-server-id)

+    W=(1 $"Show device ID for ${PROJECT_NAME}"
+       2 $"Add an ID for another machine or device"
+       3 $"Remove an ID for another machine or device"
+       4 $"Manually edit device IDs")
+
    while true
    do
-        data=$(mktemp 2>/dev/null)
-        dialog --backtitle $"Freedombone User Control Panel" \
-               --title $"File Synchronization" \
-               --radiolist $"Choose an operation:" 12 70 6 \
-               1 $"Show device ID for ${PROJECT_NAME}" off \
-               2 $"Add an ID for another machine or device" off \
-               3 $"Remove an ID for another machine or device" off \
-               4 $"Manually edit device IDs" off \
-               5 $"Back to main menu" on 2> "$data"
-        sel=$?
-        case $sel in
-            1) rm -f "$data"
-               break;;
-            255) rm -f "$data"
-                 break;;
-        esac
-        case $(cat "$data") in
+        # shellcheck disable=SC2068
+        selection=$(dialog --backtitle $"Freedombone User Control Panel" --title $"File Synchronization" --menu $"Choose an operation, or ESC for main menu:" 12 70 6 "${W[@]}" 3>&2 2>&1 1>&3)
+
+        if [ ! "$selection" ]; then
+           break
+        fi
+
+        case $selection in
            1) syncthing_show_id;;
            2) syncthing_add_id;;
            3) syncthing_remove_id;;
            4) syncthing_manual_edit;;
-            5) rm -f "$data"
-               break;;
        esac
-        rm -f "$data"
    done
 }

--- a/src/freedombone-app-turtl
+++ b/src/freedombone-app-turtl
@ -48,6 +48,10 @@ TURTL_BASE_DIR=/etc/turtl
 TURTL_SIGNUP_STRING='Signup a new user'
 turtl_users_file=$TURTL_BASE_DIR/api/controllers/users.lisp

+TURTL_SHORT_DESCRIPTION=$'Note taking'
+TURTL_DESCRIPTION=$'Note taking'
+TURTL_MOBILE_APP_URL=
+
 turtl_variables=(ONION_ONLY
                 DEFAULT_DOMAIN_NAME
                 TURTL_DOMAIN_NAME
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@ -43,8 +43,8 @@ XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+
 XMPP_ECC_CURVE='"secp384r1"'

 prosody_latest_version='0.10'
-prosody_nightly=468
-prosody_nightly_hash='c72aaab1182a86090188284f443d2f819889ca242d4e955258ef60f4c7c9a1ba'
+prosody_nightly=478
+prosody_nightly_hash='884e773920dbcd0a748d05391235df3ff2b82285357b13cb347c99564512593e'
 prosody_filename=prosody-${prosody_latest_version}-1nightly${prosody_nightly}
 prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest/${prosody_filename}.tar.gz"

@ -53,6 +53,10 @@ prosody_modules_filename='prosody-modules-20180322.tar.gz'
 prosody_modules_hash='982d0dfcef98e9cb9cee4cc3801b8ce9a503a32e44c32b99df6fe94545b90072'
 xmpp_encryption_warning=$"For security reasons, OMEMO or PGP encryption is required for conversations on this server."

+XMPP_SHORT_DESCRIPTION=$'Chat system'
+XMPP_DESCRIPTION=$'Chat system'
+XMPP_MOBILE_APP_URL='https://f-droid.org/packages/eu.siacs.conversations'
+
 xmpp_variables=(ONION_ONLY
                INSTALLED_WITHIN_DOCKER
                XMPP_CIPHERS
@ -644,7 +648,6 @@ function remove_xmpp {

    function_check remove_onion_service
    remove_onion_service xmpp 5222 5223 5269
-    sed -i '/HiddenServiceVersion 2/d' "$ONION_SERVICES_FILE"

    apt-mark -q unhold prosody
    apt-get -yq remove --purge prosody
@ -1133,7 +1136,7 @@ function install_xmpp {
    fi
    if ! grep -q "hidden_service_xmpp" "$ONION_SERVICES_FILE"; then
        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/';
-          echo 'HiddenServiceVersion 2';
+          echo 'HiddenServiceVersion 3';
          echo "HiddenServicePort 5222 127.0.0.1:5222";
          echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> "$ONION_SERVICES_FILE"
        echo $'Added onion site for xmpp chat'
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@ -1663,6 +1663,20 @@ function refresh_gpg_keys {
    fi
 }

+function prevent_mail_process_overrun {
+    # This prevents any large buildup of exim processes, perhaps due to
+    # Tor unavailability, from disabling the server
+    { echo '#!/bin/bash';
+      echo "exim_ctr=\$(pgrep \"exim4\" | wc -l)";
+      echo "if [ \"\$exim_ctr\" -gt 5 ]; then";
+      echo '    systemctl stop exim4';
+      echo '    exim -bp | exiqgrep -i | xargs exim -Mrm 2> /dev/null';
+      echo '    systemctl start exim4';
+      echo 'fi'; } > /usr/bin/exim_check
+    chmod +x /usr/bin/exim_check
+    cron_add_mins 5 '/usr/bin/exim_check'
+}
+
 function install_email {
    if [[ $SYSTEM_TYPE == "mesh"* ]]; then
        return
@ -1675,8 +1689,39 @@ function install_email {
    check_email_address_exists
    install_email_basic
    configure_email_onion
+    prevent_mail_process_overrun

    mark_completed "${FUNCNAME[0]}"
 }

+function remove_ip_addresses_from_email_logs {
+    { echo '#!/bin/bash';
+      echo '';
+      echo 'if grep -q "= /dev/null" /etc/php/7.0/fpm/php-fpm.conf; then';
+      echo '    if [ -f /var/log/exim4/mainlog ]; then';
+      echo '        rm /var/log/exim4/mainlog';
+      echo '    fi';
+      echo '    if [ -f /var/log/exim4/rejectlog ]; then';
+      echo '        rm /var/log/exim4/rejectlog';
+      echo '    fi';
+      echo 'else';
+      echo '    if [ -f /var/log/exim4/mainlog ]; then';
+      echo "        if grep -q '\\[' /var/log/exim4/mainlog; then";
+      echo "            tail -n 50 /var/log/exim4/mainlog | sed 's/\\[[^][]*\\]//g' > /tmp/.exim4_mainlog";
+      echo '            chown Debian-exim:adm /tmp/.exim4_mainlog';
+      echo '            mv /tmp/.exim4_mainlog /var/log/exim4/mainlog';
+      echo '        fi';
+      echo '    fi';
+      echo '    if [ -f /var/log/exim4/rejectlog ]; then';
+      echo "        if grep -q '\\[' /var/log/exim4/rejectlog; then";
+      echo "            tail -n 50 /var/log/exim4/rejectlog | sed 's/\\[[^][]*\\]//g' > /tmp/.exim4_rejectlog";
+      echo '            chown Debian-exim:adm /tmp/.exim4_rejectlog';
+      echo '            mv /tmp/.exim4_rejectlog /var/log/exim4/rejectlog';
+      echo '        fi';
+      echo '    fi';
+      echo 'fi'; } > /usr/bin/exim_log_tidy
+    chmod +x /usr/bin/exim_log_tidy
+    cron_add_mins 1 '/usr/bin/exim_log_tidy'
+}
+
 # NOTE: deliberately no exit 0
--- a/src/freedombone-client
+++ b/src/freedombone-client
@ -6,6 +6,14 @@
 #
 #                              Freedom in the Cloud
 #
+# This is an optional command for setting up a client machine
+# to then be able to log into a server. It installs a few packages
+# for things like IRC and twiddles crypto settings.
+#
+# It may not be necessary to run this on client machines, and
+# is provided for some extra convenience on a Debian or Arch
+# based system.
+#
 # License
 # =======
 #
@ -34,7 +42,6 @@ CURR_GROUP=$USER
 if [ -f /usr/bin/pacman ]; then
    CURR_GROUP='users'
 fi
-ENABLE_MONKEYSPHERE=

 # setup for a specific app
 SETUP_CLIENT_APP_NAME=
@ -177,20 +184,12 @@ function configure_ssh_client {
            { echo "# ${PROJECT_NAME} settings start";
              echo 'Host *.onion';
              echo '  ServerAliveInterval 60';
-              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
-
-            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
-                echo "  ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; $proxycmd'" >> ~/.ssh/config
-            else
-                echo "  ProxyCommand $proxycmd" >> ~/.ssh/config
-            fi
-            { echo 'Host *';
+              echo '  ServerAliveCountMax 3';
+              echo "  ProxyCommand $proxycmd";
+              echo 'Host *';
              echo '  ServerAliveInterval 60';
-              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
-            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
-                echo '  ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config
-            fi
-            echo "# ${PROJECT_NAME} settings end" >> ~/.ssh/config
+              echo '  ServerAliveCountMax 3';
+              echo "# ${PROJECT_NAME} settings end"; } >> ~/.ssh/config
        fi
    fi

@ -205,16 +204,9 @@ function configure_ssh_client {
    echo $'and set it to "no".'
 }

-function configure_monkeysphere {
-    if [ -f /usr/bin/pacman ]; then
-        return
-    fi
-    sudo apt-get -yq install monkeysphere
-}
-
 function show_help {
    echo ''
-    echo $"${PROJECT_NAME}-client --monkeysphere [yes|no]"
+    echo $"${PROJECT_NAME}-client"
    echo ''
    exit 0
 }
@ -322,10 +314,6 @@ do
            verify_ssh_server_key
            exit 0
            ;;
-        --monkeysphere|--ms|--monkey)
-            shift
-            ENABLE_MONKEYSPHERE=${1}
-            ;;
        *)
            # unknown option
            ;;
@ -339,7 +327,6 @@ setup_client_app
 refresh_gpg_keys
 configure_ssh_client
 global_rate_limit
-configure_monkeysphere
 remove_known_hosts_entries
 echo $'Configuration complete'
 exit 0
--- a/src/freedombone-config
+++ b/src/freedombone-config
@ -38,7 +38,7 @@ export TEXTDOMAIN=${PROJECT_NAME}-config
 export TEXTDOMAINDIR="/usr/share/locale"

 # Web site
-FREEDOMBONE_WEBSITE="https://freedombone.net or http://4fvfozz6g3zmvf76.onion"
+FREEDOMBONE_WEBSITE="https://freedombone.net or http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion"

 # Minimum number of characters in a password
 MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
@ -74,8 +74,8 @@ GNUSOCIAL_DOMAIN_NAME=
 GNUSOCIAL_CODE=
 GNUSOCIAL_WELCOME_MESSAGE=$"<h1>Welcome to \$GNUSOCIAL_DOMAIN_NAME  a federated social network</h1><p>Another $PROJECT_NAME site</p>"
 GNUSOCIAL_BACKGROUND_IMAGE_URL=
-GIT_DOMAIN_NAME=
-GIT_CODE=
+GOGS_DOMAIN_NAME=
+GOGS_CODE=
 USB_DRIVE=/dev/sdb1
 HWRNG_TYPE=
 ENABLE_SOCIAL_KEY_MANAGEMENT=
@ -184,7 +184,7 @@ function choose_social_instance_domain_name {
    while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
    do
        data=$(mktemp 2>/dev/null)
-        if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+        if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
            dialog --backtitle $"Freedombone Configuration" \
                   --title $"Instance domain" \
                   --form $"\\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
@ -247,9 +247,9 @@ function choose_default_domain_name {
        while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
        do
            data=$(mktemp 2>/dev/null)
-            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
+            if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
                dialog --backtitle $"Freedombone Configuration" \
-                       --title $"Your main domain name" \
+                       --title $"Your main domain name on FreeDNS" \
                       --form $"\nWhich domain name should your email/XMPP/IRC/Mumble be associated with?" 13 55 5 \
                       $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
                       $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
@ -320,172 +320,6 @@ function choose_default_domain_name {
    save_configuration_values
 }

-function dynamic_dns_setup {
-    W=(1 freedns.afraid.org
-       2 dyn.com
-       3 zoneedit.com
-       4 no-ip.com
-       5 easydns.com
-       6 tzo.com
-       7 3322.org
-       8 dnsomatic.com
-       9 dns.he.net
-       10 tunnelbroker.net
-       11 dynsip.org
-       12 sitelutions.com
-       13 dnsexit.com
-       14 changeip.com
-       15 zerigo.com
-       16 dhis.org
-       17 nsupdate.info
-       18 duckdns.org
-       19 loopia.com
-       20 namecheap.com
-       21 domains.google.com
-       22 ovh.com
-       23 dtdns.com
-       24 giradns.com
-       25 duiadns.net
-       26 ddnss.de
-       27 dynv6.com
-       28 ipv4.dynv6.com
-       29 default@spdyn.de
-       30 strato.com
-       31 freemyip.com
-       32 cloudxns.net)
-
-    # shellcheck disable=SC2068
-    selection=$(dialog --backtitle $"Freedombone Configuration" --title $"Dynamic DNS" --menu $"Choose Dynamic DNS provider, or ESC for none:" 24 60 32 "${W[@]}" 3>&2 2>&1 1>&3)
-
-    if [ ! "$selection" ]; then
-        if [ -f /etc/systemd/system/inadyn.service ]; then
-            systemctl stop inadyn
-            systemctl disable inadyn
-        fi
-        return
-    fi
-
-    case $selection in
-        1) DDNS_PROVIDER="default@freedns.afraid.org";;
-        2) DDNS_PROVIDER="default@www.dyn.com";;
-        3) DDNS_PROVIDER="default@www.zoneedit.com";;
-        4) DDNS_PROVIDER="default@www.no-ip.com";;
-        5) DDNS_PROVIDER="default@www.easydns.com";;
-        6) DDNS_PROVIDER="default@www.tzo.com";;
-        7) DDNS_PROVIDER="default@www.3322.org";;
-        8) DDNS_PROVIDER="default@www.dnsomatic.com";;
-        9) DDNS_PROVIDER="default@dns.he.net";;
-        10) DDNS_PROVIDER="default@www.tunnelbroker.net";;
-        11) DDNS_PROVIDER="default@www.dynsip.org";;
-        12) DDNS_PROVIDER="default@www.sitelutions.com";;
-        13) DDNS_PROVIDER="default@www.dnsexit.com";;
-        14) DDNS_PROVIDER="default@www.changeip.com";;
-        15) DDNS_PROVIDER="default@www.zerigo.com";;
-        16) DDNS_PROVIDER="default@www.dhis.org";;
-        17) DDNS_PROVIDER="default@nsupdate.info";;
-        18) DDNS_PROVIDER="default@duckdns.org";;
-        19) DDNS_PROVIDER="default@www.loopia.com";;
-        20) DDNS_PROVIDER="default@www.namecheap.com";;
-        21) DDNS_PROVIDER="default@domains.google.com";;
-        22) DDNS_PROVIDER="default@www.ovh.com";;
-        23) DDNS_PROVIDER="default@www.dtdns.com";;
-        24) DDNS_PROVIDER="default@giradns.com";;
-        25) DDNS_PROVIDER="default@www.duiadns.net";;
-        26) DDNS_PROVIDER="default@ddnss.de";;
-        27) DDNS_PROVIDER="default@dynv6.com";;
-        28) DDNS_PROVIDER="default@ipv4.dynv6.com";;
-        29) DDNS_PROVIDER="default@spdyn.de";;
-        30) DDNS_PROVIDER="default@www.strato.com";;
-        31) DDNS_PROVIDER="default@freemyip.com";;
-        32) DDNS_PROVIDER="default@www.cloudxns.net";;
-        33) DDNS_PROVIDER="none";;
-    esac
-    save_configuration_values
-
-    valid_ddns_username=
-    valid_ddns_password=
-    if [[ "$DDNS_PROVIDER" == "none" ]]; then
-        if [ -f /etc/systemd/system/inadyn.service ]; then
-            systemctl stop inadyn
-            systemctl disable inadyn
-        fi
-    else
-        while [ ! $valid_ddns_username ]
-        do
-            data=$(mktemp 2>/dev/null)
-            dialog --backtitle $"Freedombone Configuration" \
-                   --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
-            sel=$?
-            case $sel in
-                0)  possible_username=$(cat "$data")
-                    if [ "$possible_username" ]; then
-                        if [ ${#possible_username} -gt 1 ]; then
-                            valid_ddns_username=$(cat "$data")
-                            # shellcheck disable=SC2034
-                            DDNS_USERNAME="$valid_ddns_username"
-                            rm -f "$data"
-                            break;
-                        fi
-                    fi
-                    ;;
-                1) rm -f "$data"
-                   exit 1;;
-                255) rm -f "$data"
-                     exit 1;;
-            esac
-            rm -f "$data"
-        done
-        save_configuration_values
-
-        while [ ! $valid_ddns_password ]
-        do
-            data=$(mktemp 2>/dev/null)
-            dialog --backtitle $"Freedombone Configuration" \
-                   --clear \
-                   --insecure \
-                   --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
-            sel=$?
-            case $sel in
-                0)  possible_password=$(cat "$data")
-                    if [ "$possible_password" ]; then
-                        if [ ${#possible_password} -gt 1 ]; then
-                            valid_ddns_password=$(cat "$data")
-                            DDNS_PASSWORD=$valid_ddns_password
-                            break;
-                        fi
-                    fi
-                    ;;
-                1) rm -f "$data"
-                   exit 1;;
-                255) rm -f "$data"
-                     exit 1;;
-            esac
-            rm -f "$data"
-            if [ ${#DDNS_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
-                dialog --title $"Password quality check" --msgbox $"The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters. You may need to change your password on the dynamic DNS provider's web site." 10 40
-                DDNS_PASSWORD=""
-            fi
-        done
-        save_configuration_values
-    fi
-}
-
-function choose_dynamic_dns {
-    DDNS_PROVIDER="none"
-
-    if [[ "$SYSTEM_TYPE" != "mesh"* && "$ONION_ONLY" == "no" ]]; then
-        dialog --title $"Dynamic DNS" \
-               --backtitle $"Freedombone Configuration" \
-               --yesno $"\\nConfigure a dynamic DNS service?\\n\\nIf it is already handled by your internet router then select 'no'." 10 50
-        sel=$?
-        case $sel in
-            0) dynamic_dns_setup;;
-            255) exit 1;;
-        esac
-    fi
-    save_configuration_values
-}
-
 function choose_debian_repo {
    if [[ "$MINIMAL_INSTALL" == "no" ]]; then

@ -1113,7 +947,12 @@ function interactive_config {
    choose_rng
    choose_debian_repo
    "${PROJECT_NAME}-wifi" --networksinteractive "$WIFI_NETWORKS_FILE"
-    choose_dynamic_dns
+
+    "${PROJECT_NAME}-ddns"
+    read_config_param DDNS_PROVIDER
+    read_config_param DDNS_USERNAME
+    read_config_param DDNS_PASSWORD
+
    choose_default_domain_name
    choose_email_address
    interactive_key_recovery
--- a/Show More
+++ b/Show More