Merge branch 'stretch' of https://github.com/bashrc/freedombone

Makefile

@@ -23,6 +23,7 @@ install:
 	mkdir -p ${DESTDIR}/usr/share/${APP}/utils
 	mkdir -p ${DESTDIR}/usr/share/${APP}/avatars
 	mkdir -p ${DESTDIR}/etc/${APP}
+	rm -f ${DESTDIR}/${PREFIX}/bin/${APP}-*
 	cp -r image_build/* ${DESTDIR}/etc/${APP}
 	cp img/backgrounds/${APP}_*.png ${DESTDIR}${PREFIX}/share
 	cp img/avatars/* ${DESTDIR}/usr/share/${APP}/avatars

src/cronic

@@ -12,14 +12,14 @@ ERR=$TMP/cronic.err
 TRACE=$TMP/cronic.trace
 
 set +e
-"$@" >$OUT 2>$TRACE
+"$@" >"$OUT" 2>"$TRACE"
 RESULT=$?
 set -e
 
 PATTERN="^${PS4:0:1}\\+${PS4:1}"
-if grep -aq "$PATTERN" $TRACE
+if grep -aq "$PATTERN" "$TRACE"
 then
-    ! grep -av "$PATTERN" $TRACE > $ERR
+    ! grep -av "$PATTERN" "$TRACE" > "$ERR"
 else
     ERR=$TRACE
 fi
@@ -33,7 +33,7 @@ if [ $RESULT -ne 0 ]
     echo
     echo "STANDARD OUTPUT:"
     cat "$OUT"
-    if [ $TRACE != $ERR ]
+    if [ "$TRACE" != "$ERR" ]
     then
         echo
         echo "TRACE-ERROR OUTPUT:"

src/freedombone

@@ -42,61 +42,61 @@ fi
 
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
-command_options=$1
+command_options="$1"
 
-if [[ $command_options == "menuconfig-full" ]]; then
+if [[ "$command_options" == "menuconfig-full" ]]; then
     MINIMAL_INSTALL="no"
 fi
 
-if [[ $command_options == "menuconfig-onion" ]]; then
+if [[ "$command_options" == "menuconfig-onion" ]]; then
     MINIMAL_INSTALL="yes"
     ONION_ONLY="yes"
 fi
 
-if [[ $command_options == "menuconfig-gnusocial" ]]; then
+if [[ "$command_options" == "menuconfig-gnusocial" ]]; then
     MINIMAL_INSTALL="yes"
     ONION_ONLY="no"
     SOCIALINSTANCE='gnusocial'
 fi
 
-if [[ $command_options == "menuconfig-postactiv" ]]; then
+if [[ "$command_options" == "menuconfig-postactiv" ]]; then
     MINIMAL_INSTALL="yes"
     ONION_ONLY="no"
     SOCIALINSTANCE='postactiv'
 fi
 
-if [ ! $CONFIGURATION_FILE ]; then
-    CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+if [ ! "$CONFIGURATION_FILE" ]; then
+    CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 fi
-if [ ! $COMPLETION_FILE ]; then
-    COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+if [ ! "$COMPLETION_FILE" ]; then
+    COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
 fi
 
 # before the interactive config so that wifi adaptors may be detected
 setup_wifi_atheros
 
-if [[ $command_options == "menuconfig"* ]]; then
+if [[ "$command_options" == "menuconfig"* ]]; then
     if [[ "$2" == "--reset" ]]; then
-        if [ -f $CONFIGURATION_FILE ]; then
-            rm $CONFIGURATION_FILE
+        if [ -f "$CONFIGURATION_FILE" ]; then
+            rm "$CONFIGURATION_FILE"
         fi
-        if [ -f $COMPLETION_FILE ]; then
-            rm $COMPLETION_FILE
+        if [ -f "$COMPLETION_FILE" ]; then
+            rm "$COMPLETION_FILE"
         fi
-        if [ -f /usr/share/${PROJECT_NAME}/installed.txt ]; then
-            rm /usr/share/${PROJECT_NAME}/installed.txt
+        if [ -f "/usr/share/${PROJECT_NAME}/installed.txt" ]; then
+            rm "/usr/share/${PROJECT_NAME}/installed.txt"
         fi
         if [ -f /root/removed ]; then
             rm /root/removed
@@ -104,20 +104,20 @@ if [[ $command_options == "menuconfig"* ]]; then
     fi
 
     # clear the interactive file which indicates configuration success
-    interactive_file=$HOME/.${PROJECT_NAME}-interactive
-    if [ -f $interactive_file ]; then
-        rm $interactive_file
+    interactive_file="$HOME/.${PROJECT_NAME}-interactive"
+    if [ -f "$interactive_file" ]; then
+        rm "$interactive_file"
     fi
 
     interactive_configuration
 
     # check that the interactive file was created
-    if [ ! -f $interactive_file ]; then
+    if [ ! -f "$interactive_file" ]; then
         exit 6393562
     fi
-    rm $interactive_file
+    rm "$interactive_file"
 else
-    while [[ $# > 1 ]]
+    while [ $# -gt 1 ]
     do
         key="$1"
 
@@ -169,12 +169,12 @@ else
             # Static IP address for the system
             --ip)
                 shift
-                LOCAL_NETWORK_STATIC_IP_ADDRESS=$1
+                LOCAL_NETWORK_STATIC_IP_ADDRESS="$1"
                 ;;
             # IP address for the internet router
             --iprouter)
                 shift
-                ROUTER_IP_ADDRESS=$1
+                ROUTER_IP_ADDRESS="$1"
                 ;;
             # ssh port
             --ssh)
@@ -214,61 +214,61 @@ else
             # Mumble server password
             --vpass)
                 shift
-                MUMBLE_SERVER_PASSWORD=$1
+                MUMBLE_SERVER_PASSWORD="$1"
                 ;;
             # Mumble server port
             --vport)
                 shift
-                MUMBLE_PORT=$1
+                MUMBLE_PORT="$1"
                 ;;
             # DNS Nameserver 1
             --ns1)
                 shift
-                NAMESERVER1=$1
+                NAMESERVER1="$1"
                 ;;
             # DNS Nameserver 2
             --ns2)
                 shift
-                NAMESERVER2=$1
+                NAMESERVER2="$1"
                 ;;
             # DNS Nameserver 3
             --ns3)
                 shift
-                NAMESERVER3=$1
+                NAMESERVER3="$1"
                 ;;
             # DNS Nameserver 4
             --ns4)
                 shift
-                NAMESERVER4=$1
+                NAMESERVER4="$1"
                 ;;
             # DNS Nameserver 5
             --ns5)
                 shift
-                NAMESERVER5=$1
+                NAMESERVER5="$1"
                 ;;
             # DNS Nameserver 6
             --ns6)
                 shift
-                NAMESERVER6=$1
+                NAMESERVER6="$1"
                 ;;
             # Debian repository
             --repo)
                 shift
-                DEBIAN_REPO=$1
+                DEBIAN_REPO="$1"
                 ;;
             # clear the config file
             --reset)
-                if [ -f $CONFIGURATION_FILE ]; then
-                    rm $CONFIGURATION_FILE
+                if [ -f "$CONFIGURATION_FILE" ]; then
+                    rm "$CONFIGURATION_FILE"
                 fi
-                if [ -f $COMPLETION_FILE ]; then
-                    rm $COMPLETION_FILE
+                if [ -f "$COMPLETION_FILE" ]; then
+                    rm "$COMPLETION_FILE"
                 fi
                 ;;
             # minimal install
             --minimal)
                 shift
-                MINIMAL_INSTALL=$1
+                MINIMAL_INSTALL="$1"
                 ;;
             *)
                 # unknown option
@@ -293,7 +293,7 @@ function parse_args {
     read_config_param 'DDNS_USERNAME'
     read_config_param 'DDNS_PASSWORD'
 
-    if [ ! -d /home/$MY_USERNAME ]; then
+    if [ ! -d "/home/$MY_USERNAME" ]; then
         echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
         exit 1
     fi
@@ -304,7 +304,7 @@ function parse_args {
             exit 2
         fi
     fi
-    if [ ! $MY_USERNAME ]; then
+    if [ ! "$MY_USERNAME" ]; then
         echo 'No username specified'
         show_help
         exit 3
@@ -312,11 +312,11 @@ function parse_args {
     if [[ $SYSTEM_TYPE != "mesh"* ]]; then
         if [[ "$DDNS_PROVIDER" != 'none' ]]; then
             if [[ $ONION_ONLY == "no" ]]; then
-                if [ ! $DDNS_USERNAME ]; then
+                if [ ! "$DDNS_USERNAME" ]; then
                     echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
                     exit 7823
                 fi
-                if [ ! $DDNS_PASSWORD ]; then
+                if [ ! "$DDNS_PASSWORD" ]; then
                     echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
                     exit 6382
                 fi
@@ -324,7 +324,7 @@ function parse_args {
         fi
     fi
 
-    if [ ! $SYSTEM_TYPE ]; then
+    if [ ! "$SYSTEM_TYPE" ]; then
         SYSTEM_TYPE=$'full'
         write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE"
     fi
@@ -338,8 +338,7 @@ function parse_args {
 
 # run some initial tests
 clear
-${PROJECT_NAME}-tests
-if [ ! "$?" = "0" ]; then
+if ! "${PROJECT_NAME}-tests"; then
     exit 768252
 fi
 
@@ -354,7 +353,7 @@ upgrade_installation_from_previous_versions
 setup_utils
 setup_email
 setup_web
-setup_apps $command_options
+setup_apps "$command_options"
 setup_final
 
 echo ''

src/freedombone-addcert

@@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale"
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # Don't pin certs by default
@@ -85,7 +85,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -145,11 +145,11 @@ do
             ;;
         --dhkey)
             shift
-            DH_KEYLENGTH=${1}
+            DH_KEYLENGTH="${1}"
             ;;
         --pin)
             shift
-            PIN_CERTS=${1}
+            PIN_CERTS="${1}"
             ;;
         *)
             # unknown option
@@ -158,8 +158,8 @@ do
     shift
 done
 
-if [ ! $HOSTNAME ]; then
-    if [ ! $LETSENCRYPT_HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
+    if [ ! "$LETSENCRYPT_HOSTNAME" ]; then
         echo $'No hostname specified'
         exit 5748
     fi
@@ -180,16 +180,16 @@ function remove_cert_letsencrypt {
     CERTFILE=$LETSENCRYPT_HOSTNAME
 
     # disable the site if needed
-    if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then
-        if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then
-            nginx_dissite ${LETSENCRYPT_HOSTNAME}
+    if [ -f "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}" ]; then
+        if grep -q "443" "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}"; then
+            nginx_dissite "${LETSENCRYPT_HOSTNAME}"
         fi
     fi
 
     # remove the cert
-    rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*
-    rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*
-    rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf
+    rm -rf "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*"
+    rm -rf "/etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*"
+    rm "/etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf"
 
     # restart the web server
     systemctl restart nginx
@@ -199,14 +199,14 @@ function add_cert_letsencrypt {
     CERTFILE=$LETSENCRYPT_HOSTNAME
 
     # obtain the email address for the admin user
-    if [ ! $MY_EMAIL_ADDRESS ]; then
-        if [ -f $CONFIGURATION_FILE ]; then
+    if [ ! "$MY_EMAIL_ADDRESS" ]; then
+        if [ -f "$CONFIGURATION_FILE" ]; then
             read_config_param MY_EMAIL_ADDRESS
         fi
     fi
-    if [ ! $MY_EMAIL_ADDRESS ]; then
-        if [ -f $COMPLETION_FILE ]; then
-            if grep -q "Admin user:" $COMPLETION_FILE; then
+    if [ ! "$MY_EMAIL_ADDRESS" ]; then
+        if [ -f "$COMPLETION_FILE" ]; then
+            if grep -q "Admin user:" "$COMPLETION_FILE"; then
                 function_check get_completion_param
                 ADMIN_USER=$(get_completion_param "Admin user")
                 if [ ${#ADMIN_USER} -eq 0 ]; then
@@ -232,8 +232,7 @@ function add_cert_letsencrypt {
     chgrp -R root /etc/letsencrypt
     chmod -R 777 /etc/letsencrypt
 
-    certbot certonly -n --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
-    if [ ! "$?" = "0" ]; then
+    if ! certbot certonly -n --server "$LETSENCRYPT_SERVER" --standalone -d "$LETSENCRYPT_HOSTNAME" --renew-by-default --agree-tos --email "$MY_EMAIL_ADDRESS"; then
         echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
         echo $'Also see https://letsencrypt.status.io to check for any service outages'
         chgrp -R ssl-cert /etc/letsencrypt
@@ -245,42 +244,42 @@ function add_cert_letsencrypt {
     fi
 
     # replace some legacy filenames
-    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
-        mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" ]; then
+        mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
     fi
-    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
-        mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" ]; then
+        mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
     fi
-    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
-    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
+    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
+    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
 
     # link the private key
-    if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
-        if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
-            mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
+    if [ -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
+        if [ ! -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" ]; then
+            mv "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old"
         else
-            rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+            rm -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
         fi
     fi
-    if [ -L /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
-        rm /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+    if [ -L "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
+        rm "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
     fi
-    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+    ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
 
     # link the public key
-    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
-        if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
-            mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
+    if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
+        if [ ! -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" ]; then
+            mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old"
         else
-            rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+            rm -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
         fi
     fi
-    if [ -L /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
-        rm /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    if [ -L "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
+        rm "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
     fi
-    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
 
-    cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
+    cp "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem"
 
     update_default_domain
 
@@ -291,12 +290,11 @@ function add_cert_letsencrypt {
     chmod -R g=rX /etc/letsencrypt
     chown -R root:ssl-cert /etc/letsencrypt
 
-    nginx_ensite ${LETSENCRYPT_HOSTNAME}
+    nginx_ensite "${LETSENCRYPT_HOSTNAME}"
     systemctl start nginx
 
-    if [ $PIN_CERTS ]; then
-        ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
-        if [ ! "$?" = "0" ]; then
+    if [ "$PIN_CERTS" ]; then
+        if ! "${PROJECT_NAME}-pin-cert" "$LETSENCRYPT_HOSTNAME"; then
             echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
             exit 62878
         fi
@@ -304,21 +302,20 @@ function add_cert_letsencrypt {
 }
 
 function add_cert_selfsigned {
-    if [[ $ORGANISATION == "Freedombone-CA" ]]; then
+    if [[ "$ORGANISATION" == "Freedombone-CA" ]]; then
         CERTFILE="ca-$HOSTNAME"
     fi
 
-    openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
+    openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \
             -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-            -newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \
-            -out /etc/ssl/certs/${CERTFILE}.crt
-    chmod 400 /etc/ssl/private/${CERTFILE}.key
-    chmod 640 /etc/ssl/certs/${CERTFILE}.crt
-    cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
+            -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \
+            -out "/etc/ssl/certs/${CERTFILE}.crt"
+    chmod 400 "/etc/ssl/private/${CERTFILE}.key"
+    chmod 640 "/etc/ssl/certs/${CERTFILE}.crt"
+    cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts"
 
-    if [ $PIN_CERTS ]; then
-        ${PROJECT_NAME}-pin-cert $CERTFILE
-        if [ ! "$?" = "0" ]; then
+    if [ "$PIN_CERTS" ]; then
+        if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then
             echo $"Certificate for $CERTFILE could not be pinned"
             exit 62879
         fi
@@ -326,9 +323,9 @@ function add_cert_selfsigned {
 }
 
 function generate_dh_params {
-    if [ ! $NODH ]; then
-        if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
-            ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+    if [ ! "$NODH" ]; then
+        if [ ! -f "/etc/ssl/certs/${CERTFILE}.dhparam" ]; then
+            "${PROJECT_NAME}-dhparam" -h "${CERTFILE}" --fast yes
         fi
     fi
 }
@@ -346,12 +343,12 @@ function make_cert_bundle {
 }
 
 function create_cert {
-    if [ $remove_cert ]; then
+    if [ "$remove_cert" ]; then
         remove_cert_letsencrypt
         return
     fi
 
-    if [ $LETSENCRYPT_HOSTNAME ]; then
+    if [ "$LETSENCRYPT_HOSTNAME" ]; then
         add_cert_letsencrypt
     else
         add_cert_selfsigned

src/freedombone-addemail

@@ -47,54 +47,54 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
     case $key in
-    -h|--help)
-        show_help
-        ;;
-    -u|--user)
-        shift
-        MYUSERNAME="$1"
-        ;;
-    -e|--email)
-        shift
-        EMAILADDRESS="$1"
-        ;;
-    -s|--subject)
-        shift
-        SUBJECT_TEXT="$1"
-        ;;
-    -g|--group)
-        shift
-        GROUP_NAME="$1"
-        ;;
-    -p|--public)
-        shift
-        PUBLIC="$1"
-        ;;
-    *)
-        # unknown option
-        ;;
+        -h|--help)
+            show_help
+            ;;
+        -u|--user)
+            shift
+            MYUSERNAME="$1"
+            ;;
+        -e|--email)
+            shift
+            EMAILADDRESS="$1"
+            ;;
+        -s|--subject)
+            shift
+            SUBJECT_TEXT="$1"
+            ;;
+        -g|--group)
+            shift
+            GROUP_NAME="$1"
+            ;;
+        -p|--public)
+            shift
+            PUBLIC="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
     esac
     shift
 done
 
-if ! [[ $MYUSERNAME && $GROUP_NAME ]]; then
+if ! [[ "$MYUSERNAME" && "$GROUP_NAME" ]]; then
     show_help
 fi
 
-if [ ${#EMAILADDRESS} -lt 2 ]; then
+if [ "${#EMAILADDRESS}" -lt 2 ]; then
     if [ ${#SUBJECT_TEXT} -lt 2 ]; then
-    show_help
+        show_help
     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
-LISTDIR=/home/$MYUSERNAME/Maildir/$GROUP_NAME
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
+LISTDIR="/home/$MYUSERNAME/Maildir/$GROUP_NAME"
 
 proc_rule="  * ^From:.*$EMAILADDRESS"
 proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME"
@@ -104,54 +104,53 @@ if [ ${#SUBJECT_TEXT} -gt 0 ]; then
 fi
 
 if [ ! -d "$LISTDIR" ]; then
-    mkdir -m 700 $LISTDIR
-    mkdir -m 700 $LISTDIR/tmp
-    mkdir -m 700 $LISTDIR/new
-    mkdir -m 700 $LISTDIR/cur
+    mkdir -m 700 "$LISTDIR"
+    mkdir -m 700 "$LISTDIR/tmp"
+    mkdir -m 700 "$LISTDIR/new"
+    mkdir -m 700 "$LISTDIR/cur"
 fi
-chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
-if ! grep -q "$proc_comment" $PM; then
+chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
+if ! grep -q "$proc_comment" "$PM"; then
     if [[ $PUBLIC != "yes" ]]; then
-    # private emails go after the encryption stage
-    echo '' >> $PM
-    echo "$proc_comment" >> $PM
-    echo ":0" >> $PM
-    echo "$proc_rule" >> $PM
-    echo "$LISTDIR/new" >> $PM
-    echo "# End of rule" >> $PM
+        # private emails go after the encryption stage
+        { echo '';
+          echo "$proc_comment";
+          echo ":0";
+          echo "$proc_rule";
+          echo "$LISTDIR/new";
+          echo "# End of rule"; } >> "$PM"
     else
-    # public emails are copied before the encryption stage
-    if ! grep -q '# encrypt' $PM; then
-        echo '' >> $PM
-        echo "$proc_comment" >> $PM
-        echo ":0" >> $PM
-        echo "$proc_rule" >> $PM
-        echo "$LISTDIR/new" >> $PM
-        echo "# End of rule" >> $PM
-    else
-        filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n")
-        sed -i "/# encrypt/i ${filter}" $PM
+        # public emails are copied before the encryption stage
+        if ! grep -q '# encrypt' "$PM"; then
+            { echo '';
+              echo "$proc_comment";
+              echo ":0";
+              echo "$proc_rule";
+              echo "$LISTDIR/new";
+              echo "# End of rule"; } >> "$PM"
+        else
+            sed -i "/# encrypt/i $proc_comment\\n:0\\n${proc_rule}\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
+        fi
     fi
-    fi
-    chown $MYUSERNAME:$MYUSERNAME $PM
+    chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
 fi
 
 if [ ! -f "$MUTTRC" ]; then
-    cp /etc/Muttrc $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    cp /etc/Muttrc "$MUTTRC"
+    chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
 fi
 
 PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
-MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
-if [[ $MUTT_MAILBOXES != *$GROUP_NAME* ]]; then
-    if ! grep -q "=$GROUP_NAME" $MUTTRC; then
-    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
+if [[ "$MUTT_MAILBOXES" != *$GROUP_NAME* ]]; then
+    if ! grep -q "=$GROUP_NAME" "$MUTTRC"; then
+        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" "$MUTTRC"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
     fi
 fi
 

src/freedombone-addlist

@@ -47,124 +47,119 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
     case $key in
-    -h|--help)
-        show_help
-        ;;
-    -u|--user)
-        shift
-        MYUSERNAME="$1"
-        ;;
-    -l|--list)
-        shift
-        MAILINGLIST="$1"
-        ;;
-    -s|--subject)
-        shift
-        SUBJECTTAG="$1"
-        ;;
-    -e|--email)
-        shift
-        LIST_ADDRESS="$1"
-        ;;
-    -p|--public)
-        shift
-        PUBLIC="$1"
-        ;;
-    *)
-        # unknown option
-        ;;
+        -h|--help)
+            show_help
+            ;;
+        -u|--user)
+            shift
+            MYUSERNAME="$1"
+            ;;
+        -l|--list)
+            shift
+            MAILINGLIST="$1"
+            ;;
+        -s|--subject)
+            shift
+            SUBJECTTAG="$1"
+            ;;
+        -e|--email)
+            shift
+            LIST_ADDRESS="$1"
+            ;;
+        -p|--public)
+            shift
+            PUBLIC="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
     esac
     shift
 done
 
-if [ ! $MYUSERNAME ]; then
+if [ ! "$MYUSERNAME" ]; then
     show_help
 fi
 
-if [[ ! $MAILINGLIST && ! $SUBJECTTAG ]]; then
+if [[ ! "$MAILINGLIST" && ! "$SUBJECTTAG" ]]; then
     show_help
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
-LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
+LISTDIR="/home/$MYUSERNAME/Maildir/$MAILINGLIST"
 
-if grep -q "=$MAILINGLIST" $MUTTRC; then
+if grep -q "=$MAILINGLIST" "$MUTTRC"; then
     echo $"Mailing list $MAILINGLIST was already added"
 fi
 
 if [ ! -d "$LISTDIR" ]; then
-    mkdir -m 700 $LISTDIR
-    mkdir -m 700 $LISTDIR/tmp
-    mkdir -m 700 $LISTDIR/new
-    mkdir -m 700 $LISTDIR/cur
+    mkdir -m 700 "$LISTDIR"
+    mkdir -m 700 "$LISTDIR/tmp"
+    mkdir -m 700 "$LISTDIR/new"
+    mkdir -m 700 "$LISTDIR/cur"
 fi
 
-chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
+chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
 
 if [ ${#SUBJECTTAG} -gt 0 ]; then
     # use the subject tag
-    if ! grep -q "Subject:.*()\[$SUBJECTTAG\]" $PM; then
-    if [[ $PUBLIC != "yes" ]]; then
-        # private emails go after the encryption stage
-        filter="
-# Email rule for $MAILINGLIST subject [$SUBJECTTAG]
-:0
-  * ^Subject:.*()\[$SUBJECTTAG\]
-$LISTDIR/new
-# End of rule
-"
-        echo "$filter" >> $PM
-    else
-        # public emails are copied before hte encryption stage
-        if ! grep -q '# encrypt' $PM; then
-        filter="
-# Email rule for $MAILINGLIST subject [$SUBJECTTAG]
-:0
-  * ^Subject:.*()\[$SUBJECTTAG\]
-$LISTDIR/new
-# End of rule
-"
-        echo "$filter" >> $PM
+    if ! grep -q "Subject:.*()\\[$SUBJECTTAG\\]" "$PM"; then
+        if [[ $PUBLIC != "yes" ]]; then
+            # private emails go after the encryption stage
+            { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
+              echo ":0";
+              echo "  * ^Subject:.*()\\[$SUBJECTTAG\\]";
+              echo "$LISTDIR/new";
+              echo "# End of rule";
+              echo ""; } >> "$PM"
         else
-        filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n  * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n")
-        sed -i "/# encrypt/i ${filter}" $PM
+            # public emails are copied before hte encryption stage
+            if ! grep -q '# encrypt' "$PM"; then
+                { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
+                  echo ":0";
+                  echo "  * ^Subject:.*()\\[$SUBJECTTAG\\]";
+                  echo "$LISTDIR/new";
+                  echo "# End of rule";
+                  echo ""; } >> "$PM"
+            else
+                sed -i "/# encrypt/i # Email rule for $MAILINGLIST subject [$SUBJECTTAG]\\n:0\\n  * ^Subject:.*()\\\\[$SUBJECTTAG\\\\]\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
+            fi
         fi
-    fi
-    chown $MYUSERNAME:$MYUSERNAME $PM
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 else
-    exit $(${PROJECT_NAME}-addemail -u $MYUSERNAME -e $LIST_ADDRESS -g $MAILINGLIST --public $PUBLIC)
+    exit "$("${PROJECT_NAME}-addemail" -u "$MYUSERNAME" -e "$LIST_ADDRESS" -g "$MAILINGLIST" --public "$PUBLIC")"
 fi
 
 if [ ! -f "$MUTTRC" ]; then
-    cp /etc/Muttrc $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    cp /etc/Muttrc "$MUTTRC"
+    chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
 fi
 
-PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+PROCMAILLOG="/home/$MYUSERNAME/log"
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
-MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
-if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then
-    if ! grep -q "=$MAILINGLIST" $MUTTRC; then
-    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
+if [[ "$MUTT_MAILBOXES" != *$MAILINGLIST* ]]; then
+    if ! grep -q "=$MAILINGLIST" "$MUTTRC"; then
+        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" "$MUTTRC"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
     fi
 fi
 
-if [ $LIST_ADDRESS ]; then
-    sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" $MUTTRC
-    if ! grep -q "subscribe $LIST_ADDRESS" $MUTTRC; then
-    echo "subscribe $LIST_ADDRESS" >> $MUTTRC
+if [ "$LIST_ADDRESS" ]; then
+    sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" "$MUTTRC"
+    if ! grep -q "subscribe $LIST_ADDRESS" "$MUTTRC"; then
+        echo "subscribe $LIST_ADDRESS" >> "$MUTTRC"
     fi
 fi
 

src/freedombone-addremove

@@ -34,27 +34,27 @@ export TEXTDOMAIN=${PROJECT_NAME}-addremove
 export TEXTDOMAINDIR="/usr/share/locale"
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 # Start including files
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-  source $f
+    source "$f"
 done
 
 # End including files
@@ -67,17 +67,17 @@ function mark_unselected_apps_as_removed {
         return
     fi
 
-    if [ -f $REMOVED_APPS_FILE ]; then
-        rm $REMOVED_APPS_FILE
+    if [ -f "$REMOVED_APPS_FILE" ]; then
+        rm "$REMOVED_APPS_FILE"
     fi
 
     app_index=0
     for app_name in "${APPS_AVAILABLE[@]}"
     do
         if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then
-            echo "_${app_name}_" >> $REMOVED_APPS_FILE
+            echo "_${app_name}_" >> "$REMOVED_APPS_FILE"
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 }
 
@@ -93,7 +93,7 @@ function app_expected_to_be_installed {
             echo "0"
             return
         fi
-        if ! grep -q "IN_DEFAULT_INSTALL=1" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then
+        if ! grep -q "IN_DEFAULT_INSTALL=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
             echo "0"
             return
         fi
@@ -102,7 +102,7 @@ function app_expected_to_be_installed {
 }
 
 function show_apps {
-    select_all_apps=$1
+    select_all_apps="$1"
     applist=""
     n=1
     app_index=0
@@ -117,19 +117,20 @@ function show_apps {
                 applist="$applist $n $a on"
             fi
         fi
-        n=$[n+1]
-        app_index=$[app_index+1]
+        n=$((n+1))
+        app_index=$((app_index+1))
     done
 
     choices=$(dialog --stdout --backtitle $"Freedombone" \
                      --title $"Add/Remove Applications" \
                      --checklist $'Choose:' \
-                     27 40 20 $applist)
+                     27 40 20 "$applist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
         for choice in $choices
         do
-            app_index=$[choice-1]
+            app_index=$((choice-1))
             APPS_CHOSEN[$app_index]="1"
         done
     else
@@ -151,10 +152,10 @@ function remove_apps_selected {
                 else
                     removals="${APPS_AVAILABLE[$app_index]}"
                 fi
-                n=$[n+1]
+                n=$((n+1))
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 
     # if no apps to be removed then don't do anything
@@ -166,7 +167,7 @@ function remove_apps_selected {
     dialog --title $"Remove applications" \
            --backtitle $"Freedombone" \
            --defaultno \
-           --yesno $"\nYou have chosen to remove $n apps.\n\n    $removals\n\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\n\nAre you sure that you wish to continue?" 15 60
+           --yesno $"\\nYou have chosen to remove $n apps.\\n\\n    $removals\\n\\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\\n\\nAre you sure that you wish to continue?" 15 60
     sel=$?
     case $sel in
         1) return;;
@@ -195,10 +196,10 @@ function install_apps_selected {
                 else
                     installs="${APPS_AVAILABLE[$app_index]}"
                 fi
-                n=$[n+1]
+                n=$((n+1))
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 
     # if no apps to be installed then don't do anything
@@ -212,13 +213,13 @@ function install_apps_selected {
             dialog --title $"$installs" \
                    --backtitle $"Freedombone" \
                    --defaultno \
-                   --yesno $"\nThis will install the $installs app\n\nProceed?" 9 40
+                   --yesno $"\\nThis will install the $installs app\\n\\nProceed?" 9 40
         else
-            dialog_height=$((15 + $n))
+            dialog_height=$((15 + "$n"))
             dialog --title $"Add applications" \
                    --backtitle $"Freedombone" \
                    --defaultno \
-                   --yesno $"\nYou have chosen to install $n apps\n\n    $installs\n\nProceed?" $dialog_height 60
+                   --yesno $"\\nYou have chosen to install $n apps\\n\\n    $installs\\n\\nProceed?" $dialog_height 60
         fi
         sel=$?
         case $sel in
@@ -232,14 +233,13 @@ function install_apps_selected {
     # install the apps
     read_configuration
     install_apps interactive
-    if [ ! $APP_INSTALLED_SUCCESS ]; then
+    if [ ! "$APP_INSTALLED_SUCCESS" ]; then
         echo $'One or more apps failed to install'
     fi
 }
 
 if [[ $1 == "test"* ]]; then
-    ${PROJECT_NAME}-tests
-    if [ ! "$?" = "0" ]; then
+    if ! ${PROJECT_NAME}-tests; then
         exit 2
     fi
 fi
@@ -251,8 +251,8 @@ if [[ ${#APPS_AVAILABLE[@]} == 0 ]]; then
     exit 1
 fi
 
-show_apps $1
-mark_unselected_apps_as_removed $1
+show_apps "$1"
+mark_unselected_apps_as_removed "$1"
 
 clear
 

src/freedombone-adduser

@@ -34,18 +34,18 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-adduser
 export TEXTDOMAINDIR="/usr/share/locale"
 
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 ADD_USERNAME=$1
@@ -55,35 +55,35 @@ SSH_PORT=2222
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 DEFAULT_DOMAIN_NAME=
 
-if [ ! $ADD_USERNAME ]; then
+if [ ! "$ADD_USERNAME" ]; then
     echo $'No username was given'
     exit 1
 fi
 
-if [ -d /home/$ADD_USERNAME ]; then
+if [ -d "/home/$ADD_USERNAME" ]; then
     echo $"The user $ADD_USERNAME already exists"
     exit 2
 fi
 
-if [ ! -f $COMPLETION_FILE ]; then
+if [ ! -f "$COMPLETION_FILE" ]; then
     echo $"$COMPLETION_FILE not found"
-    userdel -r $ADD_USERNAME
+    userdel -r "$ADD_USERNAME"
     exit 3
 fi
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
-NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
+NEW_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
 chmod 600 /etc/shadow
 chmod 600 /etc/gshadow
-useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME
-adduser $ADD_USERNAME sasl
-groupadd $ADD_USERNAME
+useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash "$ADD_USERNAME"
+adduser "$ADD_USERNAME" sasl
+groupadd "$ADD_USERNAME"
 chmod 0000 /etc/shadow
 chmod 0000 /etc/gshadow
 
-if [ ! -d /home/$ADD_USERNAME ]; then
+if [ ! -d "/home/$ADD_USERNAME" ]; then
     echo $'Home directory was not created'
     exit 4
 fi
@@ -91,15 +91,15 @@ fi
 if [ "$SSH_PUBLIC_KEY" ]; then
     if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
         if [ -f "$SSH_PUBLIC_KEY" ]; then
-            mkdir /home/$ADD_USERNAME/.ssh
-            cp $SSH_PUBLIC_KEY /home/$ADD_USERNAME/.ssh/authorized_keys
-            chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
+            mkdir "/home/$ADD_USERNAME/.ssh"
+            cp "$SSH_PUBLIC_KEY" "/home/$ADD_USERNAME/.ssh/authorized_keys"
+            chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
             echo $'ssh public key installed'
         else
             if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
-                mkdir /home/$ADD_USERNAME/.ssh
-                echo "$SSH_PUBLIC_KEY" > /home/$ADD_USERNAME/.ssh/authorized_keys
-                chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
+                mkdir "/home/$ADD_USERNAME/.ssh"
+                echo "$SSH_PUBLIC_KEY" > "/home/$ADD_USERNAME/.ssh/authorized_keys"
+                chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
                 echo $'ssh public key installed'
             else
                 echo $'The second parameter does not look like an ssh key'
@@ -109,55 +109,54 @@ if [ "$SSH_PUBLIC_KEY" ]; then
     fi
 fi
 
-if [ -d /home/$ADD_USERNAME/Maildir ]; then
-    if grep -q "set from=" /home/$ADD_USERNAME/.muttrc; then
-        sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" /home/$ADD_USERNAME/.muttrc
+if [ -d "/home/$ADD_USERNAME/Maildir" ]; then
+    if grep -q "set from=" "/home/$ADD_USERNAME/.muttrc"; then
+        sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" "/home/$ADD_USERNAME/.muttrc"
     else
-        echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> /home/$ADD_USERNAME/.muttrc
+        echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> "/home/$ADD_USERNAME/.muttrc"
     fi
 
-    USERN='$USER@'
-    sed -i "s|$USERN|$ADD_USERNAME@|g" /home/$ADD_USERNAME/.procmailrc
+    sed -i "s|\$USER@|$ADD_USERNAME@|g" "/home/$ADD_USERNAME/.procmailrc"
 fi
 
 # generate a gpg key
 echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME"
-mkdir /home/$ADD_USERNAME/.gnupg
-echo "keyserver $GPG_KEYSERVER" >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'keyserver-options auto-key-retrieve' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo '' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo '# default preferences' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'personal-digest-preferences SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'cert-digest-algo SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
+mkdir "/home/$ADD_USERNAME/.gnupg"
+{ echo "keyserver $GPG_KEYSERVER";
+  echo 'keyserver-options auto-key-retrieve';
+  echo '';
+  echo '# default preferences';
+  echo 'personal-digest-preferences SHA256';
+  echo 'cert-digest-algo SHA256';
+  echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf"
 
-chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
-chmod 700 /home/$ADD_USERNAME/.gnupg
-chmod 600 /home/$ADD_USERNAME/.gnupg/*
+chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
+chmod 700 "/home/$ADD_USERNAME/.gnupg"
+chmod 600 "/home/$ADD_USERNAME/.gnupg/*"
 
 # Generate a GPG key
-echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo "Name-Real:  $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf
-chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf
-su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
-chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
-shred -zu /home/$ADD_USERNAME/gpg-genkey.conf
+{ echo 'Key-Type: eddsa';
+  echo 'Key-Curve: Ed25519';
+  echo 'Subkey-Type: eddsa';
+  echo "Name-Real:  $ADD_USERNAME";
+  echo "Name-Email: $ADD_USERNAME@$HOSTNAME";
+  echo 'Expire-Date: 0';
+  echo "Passphrase: $NEW_USER_PASSWORD"; } > "/home/$ADD_USERNAME/gpg-genkey.conf"
+chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
+su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
+chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
+shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf"
 MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
-MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg
-su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
+MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
+su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"
 
-if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
+if [ ! -f "$MY_GPG_PUBLIC_KEY" ]; then
     echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
-    userdel -r $ADD_USERNAME
+    userdel -r "$ADD_USERNAME"
     exit 7
 fi
 
-gpg_agent_setup $ADD_USERNAME
+gpg_agent_setup "$ADD_USERNAME"
 
 # add a monkeysphere subkey
 #echo $'Adding monkeysphere subkey'
@@ -173,82 +172,82 @@ gpg_agent_setup $ADD_USERNAME
 #echo $'Updating monkeysphere users'
 #monkeysphere-authentication update-users
 
-if [ -f /home/$ADD_USERNAME/.muttrc ]; then
+if [ -f "/home/$ADD_USERNAME/.muttrc" ]; then
     # encrypt outgoing mail to the "sent" folder
-    if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then
-        echo '' >> /home/$ADD_USERNAME/.muttrc
-        echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc
-        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then
+        { echo '';
+          echo $'# Encrypt items in the Sent folder';
+          echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$ADD_USERNAME/.muttrc"
     else
-        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
     fi
 
-    if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then
-        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_sign_command" "/home/$ADD_USERNAME/.muttrc"; then
+        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$ADD_USERNAME/.muttrc"
     else
-        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
     fi
 fi
 
-if ! grep -q "Change your GPG password" /home/$ADD_USERNAME/README; then
-    echo '' >> /home/$ADD_USERNAME/README
-    echo '' >> /home/$ADD_USERNAME/README
-    echo $'# Change your GPG password' >> /home/$ADD_USERNAME/README
-    echo $"It's very important to add a password to your GPG key so that" >> /home/$ADD_USERNAME/README
-    echo $"if anyone does get access to your email they still won't be able" >> /home/$ADD_USERNAME/README
-    echo $'to read them without knowning the GPG password.' >> /home/$ADD_USERNAME/README
-    echo $'You can change the it with:' >> /home/$ADD_USERNAME/README
-    echo '' >> /home/$ADD_USERNAME/README
-    echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$ADD_USERNAME/README
-    echo '  passwd' >> /home/$ADD_USERNAME/README
-    echo '  save' >> /home/$ADD_USERNAME/README
-    echo '  quit' >> /home/$ADD_USERNAME/README
+if ! grep -q "Change your GPG password" "/home/$ADD_USERNAME/README"; then
+    { echo '';
+      echo '';
+      echo $'# Change your GPG password';
+      echo $"It's very important to add a password to your GPG key so that";
+      echo $"if anyone does get access to your email they still won't be able";
+      echo $'to read them without knowning the GPG password.';
+      echo $'You can change the it with:';
+      echo '';
+      echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID";
+      echo '  passwd';
+      echo '  save';
+      echo '  quit'; } >> "/home/$ADD_USERNAME/README"
 fi
 
-chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/README
-chown $ADD_USERNAME:$ADD_USERNAME $MY_GPG_PUBLIC_KEY
-chmod 600 /home/$ADD_USERNAME/README
+chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/README"
+chown "$ADD_USERNAME":"$ADD_USERNAME" "$MY_GPG_PUBLIC_KEY"
+chmod 600 "/home/$ADD_USERNAME/README"
 
 echo $'Detecting installed apps...'
 detect_apps
 get_apps_installed_names
 for app_name in "${APPS_INSTALLED_NAMES[@]}"
 do
-    if [[ $(function_exists add_user_${app_name}) == "1" ]]; then
+    if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then
         echo $"Adding user to ${app_name}"
-        app_load_variables ${app_name}
-        retval=$(add_user_${app_name} "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
+        app_load_variables "${app_name}"
+        retval=$("add_user_${app_name}" "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
         if [[ $retval != '0' ]]; then
             echo $"Failed with error code ${retval}"
-            ${PROJECT_NAME}-rmuser $ADD_USERNAME --force
+            "${PROJECT_NAME}-rmuser" "$ADD_USERNAME" --force
             exit 672392
         fi
-        if ! grep -q "${app_name}_${ADD_USERNAME}" $APP_USERS_FILE; then
-            echo "${app_name}_${ADD_USERNAME}" >> $APP_USERS_FILE
+        if ! grep -q "${app_name}_${ADD_USERNAME}" "$APP_USERS_FILE"; then
+            echo "${app_name}_${ADD_USERNAME}" >> "$APP_USERS_FILE"
         fi
     fi
 done
 
 if [ -f /etc/nginx/.htpasswd ]; then
     if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
-        echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME
+        echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd "$ADD_USERNAME"
     fi
 fi
 
 # add user menu on ssh login
-if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then
-    echo 'controluser' >> /home/$ADD_USERNAME/.bashrc
+if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then
+    echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc"
 fi
 
 # fix some gpg strangeness when searching for keys
-printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr
-if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then
-    chmod +x /home/$ADD_USERNAME/.gnupg/crls.d
+printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$ADD_USERNAME/.gnupg/S.dirmngr"
+if [ -d "/home/$ADD_USERNAME/.gnupg/crls.d" ]; then
+    chmod +x "/home/$ADD_USERNAME/.gnupg/crls.d"
 fi
 
-${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD"
+"${PROJECT_NAME}-pass" -u "$ADD_USERNAME" -a login -p "$NEW_USER_PASSWORD"
 
-gpg_agent_enable $ADD_USERNAME
+gpg_agent_enable "$ADD_USERNAME"
 
 clear
 

src/freedombone-app-akaunting

@@ -49,12 +49,12 @@ akaunting_variables=(ONION_ONLY
                      MY_USERNAME)
 
 function akaunting_remove_bad_links {
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 365873658
 
     # copy jquery locally
     jquery_version='1.12.4'
     if [ ! -f jquery-${jquery_version}.js ]; then
-        cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+        cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324
         wget https://code.jquery.com/jquery-${jquery_version}.js
         jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
         if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@@ -74,7 +74,7 @@ function akaunting_remove_bad_links {
     sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css
     sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html
 
-    chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
 }
 
 function logging_on_akaunting {
@@ -88,65 +88,66 @@ function logging_off_akaunting {
 function remove_user_akaunting {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp akaunting
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp akaunting
 }
 
 function add_user_akaunting {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a akaunting -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a akaunting -p "$new_user_password"
 
     echo '0'
 }
 
 function install_interactive_akaunting {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         AKAUNTING_DOMAIN_NAME='akaunting.local'
     else
         AKAUNTING_DETAILS_COMPLETE=
         while [ ! $AKAUNTING_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Akaunting Configuration" \
-                       --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Akaunting Configuration" \
-                       --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            AKAUNTING_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $AKAUNTING_DOMAIN_NAME ]; then
+            AKAUNTING_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$AKAUNTING_DOMAIN_NAME" ]; then
                 if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     AKAUNTING_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $AKAUNTING_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$AKAUNTING_DOMAIN_NAME" ]]; then
                     AKAUNTING_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        AKAUNTING_CODE=$(cat $data | sed -n 2p)
+                        AKAUNTING_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$AKAUNTING_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             AKAUNTING_DOMAIN_NAME=
                         fi
                     fi
@@ -155,6 +156,7 @@ function install_interactive_akaunting {
             if [ $AKAUNTING_DOMAIN_NAME ]; then
                 AKAUNTING_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE"
@@ -169,23 +171,23 @@ function change_password_akaunting {
 
     read_config_param 'AKAUNTING_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a akaunting -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a akaunting -p "$new_user_password"
 }
 
 function akaunting_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        AKAUNTING_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        AKAUNTING_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then
-            AKAUNTING_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
+            AKAUNTING_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then
+    if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" $MY_USERNAME
+    create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_akaunting {
@@ -198,70 +200,69 @@ function upgrade_akaunting {
         return
     fi
 
-    if grep -q "akaunting domain" $COMPLETION_FILE; then
+    if grep -q "akaunting domain" "$COMPLETION_FILE"; then
         AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$AKAUNTING_DOMAIN_NAME/htdocs "akaunting commit" "$AKAUNTING_COMMIT" $AKAUNTING_REPO
+    set_repo_commit "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" "akaunting commit" "$AKAUNTING_COMMIT" "$AKAUNTING_REPO"
 
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 367835
     install_composer
     akaunting_remove_bad_links
 
-    chown -R www-data:www-data /var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_akaunting {
-    akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
-    if [ -d $akaunting_path ]; then
-        suspend_site ${AKAUNTING_DOMAIN_NAME}
+    akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
+    if [ -d "$akaunting_path" ]; then
+        suspend_site "${AKAUNTING_DOMAIN_NAME}"
         function_check backup_database_to_usb
         backup_database_to_usb akaunting
-        backup_directory_to_usb $akaunting_path akaunting
+        backup_directory_to_usb "$akaunting_path" akaunting
         restart_site
     fi
 }
 
 function restore_local_akaunting {
     temp_restore_dir=/root/tempakaunting
-    akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
+    akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
 
-    suspend_site ${AKAUNTING_DOMAIN_NAME}
+    suspend_site "${AKAUNTING_DOMAIN_NAME}"
 
     function_check akaunting_create_database
     akaunting_create_database
 
-    restore_database akaunting ${AKAUNTING_DOMAIN_NAME}
-    chown www-data:www-data $akaunting_dir
+    restore_database akaunting "${AKAUNTING_DOMAIN_NAME}"
+    chown www-data:www-data "$akaunting_dir"
 
     restart_site
 }
 
 function backup_remote_akaunting {
-    akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
-    if [ -d $akaunting_path ]; then
-        suspend_site ${AKAUNTING_DOMAIN_NAME}
+    akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
+    if [ -d "$akaunting_path" ]; then
+        suspend_site "${AKAUNTING_DOMAIN_NAME}"
         function_check backup_database_to_friend
         backup_database_to_friend akaunting
-        backup_directory_to_friend $akaunting_path akaunting
+        backup_directory_to_friend "$akaunting_path" akaunting
         restart_site
     fi
 }
 
 function restore_remote_akaunting {
-    temp_restore_dir=/root/tempakaunting
-    akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
+    akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
 
-    suspend_site ${AKAUNTING_DOMAIN_NAME}
+    suspend_site "${AKAUNTING_DOMAIN_NAME}"
 
     function_check akaunting_create_database
     akaunting_create_database
 
-    restore_database_from_friend akaunting ${AKAUNTING_DOMAIN_NAME}
-    chown www-data:www-data $akaunting_dir
+    restore_database_from_friend akaunting "${AKAUNTING_DOMAIN_NAME}"
+    chown www-data:www-data "$akaunting_dir"
 
     restart_site
 }
@@ -274,28 +275,28 @@ function remove_akaunting {
     read_config_param "AKAUNTING_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $AKAUNTING_DOMAIN_NAME"
-    nginx_dissite $AKAUNTING_DOMAIN_NAME
-    remove_certs $AKAUNTING_DOMAIN_NAME
+    nginx_dissite "$AKAUNTING_DOMAIN_NAME"
+    remove_certs "$AKAUNTING_DOMAIN_NAME"
 
-    if [ -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then
-        rm -rf /var/www/$AKAUNTING_DOMAIN_NAME
+    if [ -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$AKAUNTING_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database akaunting
     function_check remove_onion_service
-    remove_onion_service akaunting ${AKAUNTING_ONION_PORT}
+    remove_onion_service akaunting "${AKAUNTING_ONION_PORT}"
     if grep -q "akaunting" /etc/crontab; then
         sed -i "/akaunting/d" /etc/crontab
     fi
     remove_app akaunting
     remove_completion_param install_akaunting
-    sed -i '/akaunting/d' $COMPLETION_FILE
+    sed -i '/akaunting/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $AKAUNTING_DOMAIN_NAME
+    remove_ddns_domain "$AKAUNTING_DOMAIN_NAME"
 }
 
 function install_akaunting {
@@ -303,7 +304,7 @@ function install_akaunting {
         ONION_ONLY='no'
     fi
 
-    if [ ! $AKAUNTING_DOMAIN_NAME ]; then
+    if [ ! "$AKAUNTING_DOMAIN_NAME" ]; then
         echo $'No domain name was given for akaunting'
         exit 89353
     fi
@@ -317,142 +318,142 @@ function install_akaunting {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then
-        mkdir /var/www/$AKAUNTING_DOMAIN_NAME
+    if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$AKAUNTING_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
         if [ -d /repos/akaunting ]; then
-            mkdir /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-            cp -r -p /repos/akaunting/. /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-            cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/akaunting/. "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
+            cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23458735
             git pull
         else
             function_check git_clone
-            git_clone $AKAUNTING_REPO /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+            git_clone "$AKAUNTING_REPO" "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone akaunting repo'
             exit 2589389
         fi
     fi
 
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-    git checkout $AKAUNTING_COMMIT -b $AKAUNTING_COMMIT
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23468724527
+    git checkout "$AKAUNTING_COMMIT" -b "$AKAUNTING_COMMIT"
     set_completion_param "akaunting commit" "$AKAUNTING_COMMIT"
 
-    chmod g+w /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
 
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 34783524
     install_composer
 
     function_check akaunting_create_database
     akaunting_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $AKAUNTING_DOMAIN_NAME
+    add_ddns_domain "$AKAUNTING_DOMAIN_NAME"
 
     AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT})
 
     akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $AKAUNTING_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $akaunting_nginx_site
-        echo '  listen 443 ssl;' >> $akaunting_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $akaunting_nginx_site
-        echo "  server_name $AKAUNTING_DOMAIN_NAME;" >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
+        nginx_http_redirect "$AKAUNTING_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $AKAUNTING_DOMAIN_NAME;";
+          echo ''; } >> "$akaunting_nginx_site"
         function_check nginx_compress
-        nginx_compress $AKAUNTING_DOMAIN_NAME
-        echo '' >> $akaunting_nginx_site
-        echo '  # Security' >> $akaunting_nginx_site
+        nginx_compress "$AKAUNTING_DOMAIN_NAME"
+        echo '' >> "$akaunting_nginx_site"
+        echo '  # Security' >> "$akaunting_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $AKAUNTING_DOMAIN_NAME
+        nginx_ssl "$AKAUNTING_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME
+        nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  access_log /dev/null;' >> $akaunting_nginx_site
-        echo '  error_log /dev/null;' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  index index.php;' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location ~ \.php {' >> $akaunting_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location / {' >> $akaunting_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  location / {'; } >> "$akaunting_nginx_site"
         function_check nginx_limits
-        nginx_limits $AKAUNTING_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location @akaunting {' >> $akaunting_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $akaunting_nginx_site
-        echo '    deny all;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '}' >> $akaunting_nginx_site
+        nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @akaunting;";
+          echo '  }';
+          echo '';
+          echo '  location @akaunting {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$akaunting_nginx_site"
     else
-        echo -n '' > $akaunting_nginx_site
+        echo -n '' > "$akaunting_nginx_site"
     fi
-    echo 'server {' >> $akaunting_nginx_site
-    echo "    listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;" >> $akaunting_nginx_site
-    echo "    server_name $AKAUNTING_ONION_HOSTNAME;" >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    function_check nginx_compress
-    nginx_compress $AKAUNTING_DOMAIN_NAME
-    echo '' >> $akaunting_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;";
+      echo "    server_name $AKAUNTING_ONION_HOSTNAME;";
+      echo ''; } >> "$akaunting_nginx_site"
+      function_check nginx_compress
+    nginx_compress "$AKAUNTING_DOMAIN_NAME"
+    echo '' >> "$akaunting_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME
-    echo '' >> $akaunting_nginx_site
-    echo '  access_log /dev/null;' >> $akaunting_nginx_site
-    echo '  error_log /dev/null;' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  index index.php;' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location ~ \.php {' >> $akaunting_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location / {' >> $akaunting_nginx_site
+    nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
+    { echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  location / {'; } >> "$akaunting_nginx_site"
     function_check nginx_limits
-    nginx_limits $AKAUNTING_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location @akaunting {' >> $akaunting_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $akaunting_nginx_site
-    echo '    deny all;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '}' >> $akaunting_nginx_site
+    nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @akaunting;";
+      echo '  }';
+      echo '';
+      echo '  location @akaunting {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$akaunting_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $AKAUNTING_DOMAIN_NAME 'yes'
+    create_site_certificate "$AKAUNTING_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $AKAUNTING_DOMAIN_NAME
+    nginx_ensite "$AKAUNTING_DOMAIN_NAME"
 
     akaunting_remove_bad_links
 
@@ -460,7 +461,7 @@ function install_akaunting {
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
 
     set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME"
 

src/freedombone-app-batman

@@ -53,7 +53,7 @@ function install_interactive_batman {
 }
 
 function configure_firewall_for_batman {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $ENABLE_BATMAN != "yes" ]]; then
@@ -62,7 +62,7 @@ function configure_firewall_for_batman {
 
     function_check save_firewall_settings
     save_firewall_settings
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function reconfigure_batman {
@@ -90,8 +90,7 @@ function restore_remote_batman {
 }
 
 function remove_batman {
-    ${PROJECT_NAME}-mesh-install -f batman --remove yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f batman --remove yes; then
         echo $'Failed to remove batman'
         exit 79353
     fi
@@ -100,45 +99,46 @@ function remove_batman {
 }
 
 function mesh_install_batman {
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl
     chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git
     chroot "$rootdir" apt-get -yq install wireless-tools rfkill
 
-    if ! grep -q "batman_adv" $rootdir/etc/modules; then
-        echo 'batman_adv' >> $rootdir/etc/modules
+    if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
+        echo 'batman_adv' >> "$rootdir/etc/modules"
     fi
 
     BATMAN_SCRIPT=$rootdir/var/lib/batman
 
-    if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
-        cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+    if [ -f "/usr/local/bin/${PROJECT_NAME}-mesh-batman" ]; then
+        cp "/usr/local/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
     else
-        cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+        cp "/usr/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
     fi
 
     BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
-    echo '[Unit]' > $BATMAN_DAEMON
-    echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
-    echo 'After=network.target' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Service]' >> $BATMAN_DAEMON
-    echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
-    echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
-    echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
-    echo 'Restart=on-failure' >> $BATMAN_DAEMON
-    echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
-    echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
-    echo 'TimeoutSec=300' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Install]' >> $BATMAN_DAEMON
-    echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+    { echo '[Unit]';
+      echo 'Description=B.A.T.M.A.N. Advanced';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'RemainAfterExit=yes';
+      echo "ExecStart=/var/lib/batman start";
+      echo "ExecStop=/var/lib/batman stop";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '# Allow time for the server to start/stop';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
     chroot "$rootdir" systemctl enable batman
 }
 
 function install_batman {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_batman
         return
     fi
@@ -146,8 +146,7 @@ function install_batman {
         return
     fi
 
-    ${PROJECT_NAME}-mesh-install -f batman
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f batman; then
         echo $'Failed to install batman'
         exit 72524
     fi

src/freedombone-app-bdsmail

@@ -49,29 +49,29 @@ function bdsmail_configure_users {
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
 
             # Add the user to the i2p group
-            usermod -a -G i2psvc $USERNAME
+            usermod -a -G i2psvc "$USERNAME"
 
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 # Create a mutt i2p folder
-                if ! grep -q ' =i2p' /home/$USERNAME/.muttrc; then
-                    MUTT_MAILBOXES=$(grep "mailboxes =" /home/$USERNAME/.muttrc)
-                    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" /home/$USERNAME/.muttrc
+                if ! grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
+                    MUTT_MAILBOXES=$(grep "mailboxes =" "/home/$USERNAME/.muttrc")
+                    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" "/home/$USERNAME/.muttrc"
                 fi
 
                 # Create a mutt folder hook to the i2p config
-                if ! grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then
-                    echo 'folder-hook !i2p/*     source ~/.muttrc' >> /home/$USERNAME/.muttrc
+                if ! grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
+                    echo 'folder-hook !i2p/*     source ~/.muttrc' >> "/home/$USERNAME/.muttrc"
                 fi
-                if ! grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then
-                    echo 'folder-hook i2p/*     source ~/.mutt/bdsmail' >> /home/$USERNAME/.muttrc
+                if ! grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
+                    echo 'folder-hook i2p/*     source ~/.mutt/bdsmail' >> "/home/$USERNAME/.muttrc"
                 fi
             fi
 
             # Create a directory where i2p mail will be stored
-            if [ ! -d /home/$USERNAME/Maildir/i2p/new ]; then
-                mkdir -p /home/$USERNAME/Maildir/i2p/cur
-                mkdir -p /home/$USERNAME/Maildir/i2p/new
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/Maildir/i2p
+            if [ ! -d "/home/$USERNAME/Maildir/i2p/new" ]; then
+                mkdir -p "/home/$USERNAME/Maildir/i2p/cur"
+                mkdir -p "/home/$USERNAME/Maildir/i2p/new"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/Maildir/i2p"
             fi
         fi
     done
@@ -93,18 +93,18 @@ function add_user_bdsmail {
     new_username="$1"
     new_user_password="$2"
 
-    if [ ! -d /home/$new_username/.mutt ]; then
-        mkdir /home/$new_username/.mutt
-        cp /etc/skel/.mutt/bdsmail /home/$new_username/.mutt
+    if [ ! -d "/home/$new_username/.mutt" ]; then
+        mkdir "/home/$new_username/.mutt"
+        cp /etc/skel/.mutt/bdsmail "/home/$new_username/.mutt"
     fi
     read_config_param MY_USERNAME
-    BDSMAIL_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail)
-    sed -i "s|username|$new_username|g" /home/$new_username/.mutt/bdsmail
-    sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$new_username/.mutt/bdsmail
+    BDSMAIL_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail)
+    sed -i "s|username|$new_username|g" "/home/$new_username/.mutt/bdsmail"
+    sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$new_username/.mutt/bdsmail"
     bdsmail_configure_users
-    cd $BDSMAIL_DIR
-    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $new_username /home/$new_username/Maildir/i2p "$BDSMAIL_PASSWORD"
-    chown -R $new_username:$new_username /home/$new_username/.mutt
+    cd $BDSMAIL_DIR || exit 57247684234
+    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$new_username" "/home/$new_username/Maildir/i2p" "$BDSMAIL_PASSWORD"
+    chown -R "$new_username":"$new_username" "/home/$new_username/.mutt"
     echo '0'
 }
 
@@ -117,16 +117,16 @@ function change_password_bdsmail {
     curr_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$new_user_password"
 
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" /home/${USERNAME}/.mutt/bdsmail
-            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail
-            chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail
-            cd $BDSMAIL_DIR
-            $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $curr_username /home/$curr_username/Maildir/i2p "$new_user_password"
+            sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" "/home/${USERNAME}/.mutt/bdsmail"
+            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
+            chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
+            cd $BDSMAIL_DIR || exit 2468246
+            $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$curr_username" "/home/$curr_username/Maildir/i2p" "$new_user_password"
         fi
     done
 }
@@ -136,9 +136,9 @@ function bdsmail_update_domain {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            cp /etc/skel/.mutt/bdsmail /home/${USERNAME}/.mutt/bdsmail
-            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail
-            chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail
+            cp /etc/skel/.mutt/bdsmail "/home/${USERNAME}/.mutt/bdsmail"
+            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
+            chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
         fi
     done
 }
@@ -154,7 +154,7 @@ function bdsmail_wait_for_key_generation {
         sleep 30
         bds_domain=$(bdsmail_domain)
         sleep_ctr=$((sleep_ctr + 1))
-        if [ $sleep_ctr -gt 100 ]; then
+        if [ "$sleep_ctr" -gt 100 ]; then
             break
         fi
     done
@@ -178,9 +178,9 @@ function upgrade_bdsmail {
     fi
 
     # update to the next commit
-    set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" $BDSMAIL_REPO
-    cd $BDSMAIL_DIR
-    make GOROOT=/home/go/go${GO_VERSION}
+    set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" "$BDSMAIL_REPO"
+    cd $BDSMAIL_DIR || exit 2457245
+    make GOROOT="/home/go/go${GO_VERSION}"
     chown -R i2psvc:i2psvc $BDSMAIL_DIR
     systemctl restart bdsmail
 
@@ -210,7 +210,7 @@ function restore_local_bdsmail {
     function_check restore_directory_from_usb
     restore_directory_from_usb $temp_restore_dir bdsmail
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$bdsmail_dir ]; then
+        if [ -d $temp_restore_dir$bdsmail_dir ]; then
             cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
         else
             if [ ! -d $bdsmail_dir ]; then
@@ -246,7 +246,7 @@ function restore_remote_bdsmail {
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir bdsmail
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$bdsmail_dir ]; then
+        if [ -d $temp_restore_dir$bdsmail_dir ]; then
             cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
         else
             if [ ! -d $bdsmail_dir ]; then
@@ -272,33 +272,33 @@ function remove_bdsmail {
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # remove the user from the i2p group
-            deluser $USERNAME i2psvc
+            deluser "$USERNAME" i2psvc
 
             # Remove mutt folder hook to the i2p config
-            if [ -f /home/$USERNAME/.muttrc ]; then
-                if grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then
-                    sed -i '/folder-hook !i2p/d' /home/$USERNAME/.muttrc
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
+                if grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
+                    sed -i '/folder-hook !i2p/d' "/home/$USERNAME/.muttrc"
                 fi
-                if grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then
-                    sed -i '/folder-hook i2p/d' /home/$USERNAME/.muttrc
+                if grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
+                    sed -i '/folder-hook i2p/d' "/home/$USERNAME/.muttrc"
                 fi
             fi
 
             # Remove folder
-            if grep -q ' =i2p' /home/$USERNAME/.muttrc; then
-                sed -i 's| =i2p||g' /home/$USERNAME/.muttrc
+            if grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
+                sed -i 's| =i2p||g' "/home/$USERNAME/.muttrc"
             fi
 
             # NOTE: leave Maildir/i2p/cur. We might want to archive that
             # or just be reinstalling the system without losing mail
-            rm -rf /home/$USERNAME/Maildir/i2p/new
+            rm -rf "/home/$USERNAME/Maildir/i2p/new"
         fi
     done
 
     remove_i2p
     remove_app bdsmail
     remove_completion_param install_bdsmail
-    sed -i '/bdsmail/d' $COMPLETION_FILE
+    sed -i '/bdsmail/d' "$COMPLETION_FILE"
     rm -rf /etc/skel/.mutt
     if [ -d $BDSMAIL_DIR ]; then
         rm -rf $BDSMAIL_DIR
@@ -319,10 +319,10 @@ function install_bdsmail {
     if [ -d /repos/bdsmail ]; then
         mkdir $BDSMAIL_DIR
         cp -r -p /repos/bdsmail/. $BDSMAIL_DIR
-        cd $BDSMAIL_DIR
+        cd $BDSMAIL_DIR || exit 24687246
         git pull
     else
-        git_clone $BDSMAIL_REPO $BDSMAIL_DIR
+        git_clone "$BDSMAIL_REPO" "$BDSMAIL_DIR"
     fi
 
     if [ ! -d $BDSMAIL_DIR ]; then
@@ -330,14 +330,14 @@ function install_bdsmail {
         exit 5735735
     fi
 
-    cd $BDSMAIL_DIR
-    git checkout $BDSMAIL_COMMIT -b $BDSMAIL_COMMIT
+    cd $BDSMAIL_DIR || exit 2468246
+    git checkout "$BDSMAIL_COMMIT" -b "$BDSMAIL_COMMIT"
     set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT"
 
     mkdir -p $BDSMAIL_DIR/Maildir/i2p
     chmod -R 700 $BDSMAIL_DIR/Maildir
 
-    make GOROOT=/home/go/go${GO_VERSION}
+    make GOROOT="/home/go/go${GO_VERSION}"
     if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then
         echo $'Unable to make bdsmail'
         exit 87923567842
@@ -347,72 +347,72 @@ function install_bdsmail {
     i2p_enable_sam
 
     # create configuration file
-    $BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
-    echo '[maild]' > $BDSMAIL_DIR/config.ini
-    echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT" >> $BDSMAIL_DIR/config.ini
-    echo 'i2pkeyfile = bdsmail-privkey.dat' >> $BDSMAIL_DIR/config.ini
-    echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT" >> $BDSMAIL_DIR/config.ini
-    echo "bindweb = 127.0.0.1:$I2P_WEB_PORT" >> $BDSMAIL_DIR/config.ini
-    echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT" >> $BDSMAIL_DIR/config.ini
-    echo 'domain = localhost' >> $BDSMAIL_DIR/config.ini
-    echo 'maildir = Maildir/i2p' >> $BDSMAIL_DIR/config.ini
-    echo 'database = localhost.sqlite' >> $BDSMAIL_DIR/config.ini
-    echo 'assets = contrib/assets/web' >> $BDSMAIL_DIR/config.ini
+    #$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
+    { echo '[maild]':
+      echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT";
+      echo 'i2pkeyfile = bdsmail-privkey.dat';
+      echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT";
+      echo "bindweb = 127.0.0.1:$I2P_WEB_PORT";
+      echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT";
+      echo 'domain = localhost';
+      echo 'maildir = Maildir/i2p';
+      echo 'database = localhost.sqlite';
+      echo 'assets = contrib/assets/web'; } > $BDSMAIL_DIR/config.ini
 
-    echo '[Unit]' > /etc/systemd/system/bdsmail.service
-    echo 'Description=bdsmail' >> /etc/systemd/system/bdsmail.service
-    echo 'After=syslog.target' >> /etc/systemd/system/bdsmail.service
-    echo 'After=network.target' >> /etc/systemd/system/bdsmail.service
-    echo '' >> /etc/systemd/system/bdsmail.service
-    echo '[Service]' >> /etc/systemd/system/bdsmail.service
-    echo 'Type=simple' >> /etc/systemd/system/bdsmail.service
-    echo 'User=i2psvc' >> /etc/systemd/system/bdsmail.service
-    echo 'Group=i2psvc' >> /etc/systemd/system/bdsmail.service
-    echo "WorkingDirectory=$BDSMAIL_DIR" >> /etc/systemd/system/bdsmail.service
-    echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini" >> /etc/systemd/system/bdsmail.service
-    echo 'Restart=always' >> /etc/systemd/system/bdsmail.service
-    echo 'Environment="USER=i2psvc"' >> /etc/systemd/system/bdsmail.service
-    echo '' >> /etc/systemd/system/bdsmail.service
-    echo '[Install]' >> /etc/systemd/system/bdsmail.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/bdsmail.service
+    { echo '[Unit]';
+      echo 'Description=bdsmail';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=i2psvc';
+      echo 'Group=i2psvc';
+      echo "WorkingDirectory=$BDSMAIL_DIR";
+      echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini";
+      echo 'Restart=always';
+      echo 'Environment="USER=i2psvc"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/bdsmail.service
 
-    echo '#!/usr/bin/env python2' > $BDSMAIL_DIR/get_address
-    echo 'import base64, hashlib, sys' >> $BDSMAIL_DIR/get_address
-    echo 'with open(sys.argv[1]) as f:' >> $BDSMAIL_DIR/get_address
-    echo "    print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")" >> $BDSMAIL_DIR/get_address
+    { echo '#!/usr/bin/env python2';
+      echo 'import base64, hashlib, sys';
+      echo 'with open(sys.argv[1]) as f:';
+      echo "    print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")"; } > $BDSMAIL_DIR/get_address
     chmod +x $BDSMAIL_DIR/get_address
 
     chown -R i2psvc:i2psvc $BDSMAIL_DIR
     systemctl enable bdsmail
     systemctl start bdsmail
 
-    echo '#!/bin/bash' > /usr/bin/bdsmail_distribute
-    echo "BDSMAIL_DIR=$BDSMAIL_DIR" >> /usr/bin/bdsmail_distribute
-    echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')" >> /usr/bin/bdsmail_distribute
-    echo 'if [ ! -d $MAIL_DIR/postmaster/new ]; then' >> /usr/bin/bdsmail_distribute
-    echo '    exit 0' >> /usr/bin/bdsmail_distribute
-    echo 'fi' >> /usr/bin/bdsmail_distribute
-    echo 'for filename in $MAIL_DIR/postmaster/new/*; do' >> /usr/bin/bdsmail_distribute
-    echo '    to_line=$(cat $filename | grep "To: " | head -n 1)' >> /usr/bin/bdsmail_distribute
-    echo "    to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')" >> /usr/bin/bdsmail_distribute
-    echo '    if [ -d /home/$to_username/Maildir/i2p/new ]; then' >> /usr/bin/bdsmail_distribute
-    echo '        chown $to_username:$to_username $filename' >> /usr/bin/bdsmail_distribute
-    echo '        chmod 600 $filename' >> /usr/bin/bdsmail_distribute
-    echo '        mv $filename /home/$to_username/Maildir/i2p/new' >> /usr/bin/bdsmail_distribute
-    echo '    fi' >> /usr/bin/bdsmail_distribute
-    echo 'done' >> /usr/bin/bdsmail_distribute
+    { echo '#!/bin/bash';
+      echo "BDSMAIL_DIR=$BDSMAIL_DIR";
+      echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')";
+      echo "if [ ! -d \$MAIL_DIR/postmaster/new ]; then";
+      echo '    exit 0';
+      echo 'fi';
+      echo "for filename in \$MAIL_DIR/postmaster/new/*; do";
+      echo "    to_line=\$(cat \$filename | grep \"To: \" | head -n 1)";
+      echo "    to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')";
+      echo "    if [ -d /home/\$to_username/Maildir/i2p/new ]; then";
+      echo "        chown \$to_username:\$to_username \$filename";
+      echo "        chmod 600 \$filename";
+      echo "        mv \$filename /home/\$to_username/Maildir/i2p/new";
+      echo '    fi';
+      echo 'done'; } > /usr/bin/bdsmail_distribute
     chmod +x /usr/bin/bdsmail_distribute
 
     if ! grep -q 'bdsmail_distribute' /etc/crontab; then
         cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null'
     fi
 
-    echo '#!/bin/bash' > /usr/bin/bdsmail_domain
-    echo "cd $BDSMAIL_DIR" >> /usr/bin/bdsmail_domain
-    echo 'if [ ! -f bdsmail-privkey.dat ]; then' >> /usr/bin/bdsmail_domain
-    echo '    exit 1' >> /usr/bin/bdsmail_domain
-    echo 'fi' >> /usr/bin/bdsmail_domain
-    echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'" >> /usr/bin/bdsmail_domain
+    { echo '#!/bin/bash';
+      echo "cd $BDSMAIL_DIR";
+      echo 'if [ ! -f bdsmail-privkey.dat ]; then';
+      echo '    exit 1';
+      echo 'fi';
+      echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'"; } > /usr/bin/bdsmail_domain
     chmod +x /usr/bin/bdsmail_domain
 
     echo ''
@@ -422,7 +422,7 @@ function install_bdsmail {
 
     bdsmail_wait_for_key_generation
 
-    if [ ! $bds_domain ]; then
+    if [ ! "$bds_domain" ]; then
         systemctl stop bdsmail
         systemctl disable bdsmail
         remove_i2p
@@ -430,38 +430,38 @@ function install_bdsmail {
         exit 8934638
     fi
 
-    BDSMAIL_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$BDSMAIL_PASSWORD"
-    cd $BDSMAIL_DIR
+    BDSMAIL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$BDSMAIL_PASSWORD"
+    cd $BDSMAIL_DIR || exit 2346872427
     $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD"
 
     # Create mutt configuration
     if [ ! -d /etc/skel/.mutt ]; then
         mkdir /etc/skel/.mutt
     fi
-    echo 'set mbox_type=Maildir' > /etc/skel/.mutt/bdsmail
-    echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/" >> /etc/skel/.mutt/bdsmail
-    echo 'set use_from=yes' >> /etc/skel/.mutt/bdsmail
-    echo "set from=username@${bds_domain}" >> /etc/skel/.mutt/bdsmail
-    echo "set spoolfile=~/Maildir/i2p" >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_autoencrypt=no' >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_replyencrypt=no' >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_autosign=no' >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_replysign=no' >> /etc/skel/.mutt/bdsmail
+    { echo 'set mbox_type=Maildir';
+      echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/";
+      echo 'set use_from=yes';
+      echo "set from=username@${bds_domain}";
+      echo "set spoolfile=~/Maildir/i2p";
+      echo 'set pgp_autoencrypt=no';
+      echo 'set pgp_replyencrypt=no';
+      echo 'set pgp_autosign=no';
+      echo 'set pgp_replysign=no'; } > /etc/skel/.mutt/bdsmail
 
     # mutt configuration for the admin user
-    if [ ! -d /home/$MY_USERNAME/.mutt ]; then
-        mkdir /home/$MY_USERNAME/.mutt
+    if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then
+        mkdir "/home/$MY_USERNAME/.mutt"
     fi
-    cp /etc/skel/.mutt/bdsmail /home/$MY_USERNAME/.mutt
-    sed -i "s|username|$MY_USERNAME|g" /home/$MY_USERNAME/.mutt/bdsmail
-    sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$MY_USERNAME/.mutt/bdsmail
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
+    cp /etc/skel/.mutt/bdsmail "/home/$MY_USERNAME/.mutt"
+    sed -i "s|username|$MY_USERNAME|g" "/home/$MY_USERNAME/.mutt/bdsmail"
+    sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$MY_USERNAME/.mutt/bdsmail"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt"
 
     bdsmail_configure_users
 
-    cd $BDSMAIL_DIR
-    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $MY_USERNAME /home/$MY_USERNAME/Maildir/i2p "$BDSMAIL_PASSWORD"
+    cd $BDSMAIL_DIR || exit 2457245
+    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$MY_USERNAME" "/home/$MY_USERNAME/Maildir/i2p" "$BDSMAIL_PASSWORD"
 
     APP_INSTALLED=1
 }

src/freedombone-app-cryptpad

@@ -101,7 +101,7 @@ function upgrade_cryptpad {
     function_check set_repo_commit
     set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
 
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 254724
     cryptpad_create_config
     npm upgrade
     npm install
@@ -156,7 +156,7 @@ function restore_local_cryptpad {
 }
 
 function backup_remote_cryptpad {
-    if grep -q "cryptpad domain" $COMPLETION_FILE; then
+    if grep -q "cryptpad domain" "$COMPLETION_FILE"; then
         temp_backup_dir=$CRYPTPAD_DIR/datastore
         if [ -d $temp_backup_dir ]; then
             systemctl stop cryptpad
@@ -226,7 +226,7 @@ function remove_cryptpad {
     remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
     remove_app cryptpad
     remove_completion_param install_cryptpad
-    sed -i '/cryptpad/d' $COMPLETION_FILE
+    sed -i '/cryptpad/d' "$COMPLETION_FILE"
 
     userdel -r cryptpad
 }
@@ -236,123 +236,124 @@ function cryptpad_create_config {
 
     cryptpad_prefix=
     if [[ "$cryptpad_install_type" == "mesh" ]]; then
-        cryptpad_prefix=$rootdir
+        # shellcheck disable=SC2154
+        cryptpad_prefix="$rootdir"
     fi
 
-    echo '/*@flow*/' > $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '/*' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '  globals module' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '*/' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo 'module.exports = {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        httpAddress: '::'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        httpHeaders: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "X-XSS-Protection": "1; mode=block",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "X-Content-Type-Options": "nosniff",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "Access-Control-Allow-Origin": "*"' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        contentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"style-src 'unsafe-inline' 'self' \" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"script-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"font-src 'self' data:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "child-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "frame-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "media-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"connect-src 'self' ws: wss: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"img-src 'self' data: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "frame-ancestors *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        padContentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"style-src 'unsafe-inline' 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"font-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "child-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "frame-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"connect-src 'self' ws: wss:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "img-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        httpPort: ${CRYPTPAD_PORT}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        // This is for allowing the cross-domain iframe to function when developing' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        httpSafePort: ${CRYPTPAD_PORT2}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        websocketPath: '/cryptpad_websocket'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        logToStdout: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        verbose: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        mainPages: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                'index'" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        ],' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        removeDonateButton: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        allowSubscriptions: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+    { echo '/*@flow*/';
+      echo '/*';
+      echo '  globals module';
+      echo '*/';
+      echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
+      echo 'module.exports = {';
+      echo "        httpAddress: '::',";
+      echo '        httpHeaders: {';
+      echo '                "X-XSS-Protection": "1; mode=block",';
+      echo '                "X-Content-Type-Options": "nosniff",';
+      echo '                "Access-Control-Allow-Origin": "*"';
+      echo '        },';
+      echo '';
+      echo '        contentSecurity: [';
+      echo "                \"default-src 'none'\",";
+      echo "                \"style-src 'unsafe-inline' 'self' \" + domain,";
+      echo "                \"script-src 'self'\" + domain,";
+      echo "                \"font-src 'self' data:\" + domain,";
+      echo '';
+      echo '                "child-src blob: *",';
+    echo '                "frame-src blob: *",';
+    echo '                "media-src * blob:",';
+    echo '';
+    echo "                \"connect-src 'self' ws: wss: blob:\" + domain,";
+    echo '';
+    echo "                \"img-src 'self' data: blob:\" + domain,";
+    echo '';
+    echo '                "frame-ancestors *",';
+    echo "        ].join('; '),";
+    echo '';
+    echo '        padContentSecurity: [';
+    echo "                \"default-src 'none'\",";
+    echo "                \"style-src 'unsafe-inline' 'self'\" + domain,";
+    echo "                \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
+    echo "                \"font-src 'self'\" + domain,";
+    echo '';
+    echo '                "child-src *",';
+    echo '                "frame-src *",';
+    echo '';
+    echo "                \"connect-src 'self' ws: wss:\" + domain,";
+    echo '';
+    echo '                "img-src * blob:",';
+    echo "        ].join('; '),";
+    echo '';
+    echo "        httpPort: ${CRYPTPAD_PORT},";
+    echo '';
+    echo '        // This is for allowing the cross-domain iframe to function when developing';
+    echo "        httpSafePort: ${CRYPTPAD_PORT2},";
+    echo '';
+    echo "        websocketPath: '/cryptpad_websocket',";
+    echo '';
+    echo '        logToStdout: false,';
+    echo '';
+    echo '        verbose: false,';
+    echo '';
+    echo '        mainPages: [';
+    echo "                'index'";
+    echo '        ],';
+    echo '';
+    echo '        removeDonateButton: true,';
+    echo '        allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     if [[ "$cryptpad_install_type" == "mesh" ]]; then
-        echo "        myDomain: 'http://P${PEER_ID}.local'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+        echo "        myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     else
         CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
-        echo "        myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+        echo "        myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     fi
-    echo '        defaultStorageLimit: 50 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        customLimits: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        adminEmail: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        storage: './storage/file'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "       filePath: './datastore/'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        pinPath: './pins'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        blobPath: './blob'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        blobStagingPath: './blobstage'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        channelExpirationMs: 30000,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        openFileLimit: 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        rpc: './rpc.js'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        suppressRPCErrors: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        enableUploads: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        //restrictUploads: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        maxUploadSize: 20 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        //logFeedback: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        //logRPC: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '};' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+    { echo '        defaultStorageLimit: 50 * 1024 * 1024,';
+      echo '';
+      echo '        customLimits: {';
+      echo '        },';
+      echo '';
+      echo '        adminEmail: false,';
+      echo '';
+      echo "        storage: './storage/file',";
+      echo '';
+      echo "       filePath: './datastore/',";
+      echo "        pinPath: './pins',";
+      echo "        blobPath: './blob',";
+      echo "        blobStagingPath: './blobstage',";
+      echo '        channelExpirationMs: 30000,';
+      echo '        openFileLimit: 1024,';
+      echo "        rpc: './rpc.js',";
+      echo '        suppressRPCErrors: false,';
+      echo '        enableUploads: true,';
+      echo '        //restrictUploads: false,';
+      echo '        maxUploadSize: 20 * 1024 * 1024,';
+      echo '        //logFeedback: true,';
+      echo '        //logRPC: true,';
+      echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
 
     if [[ "$cryptpad_install_type" != "mesh" ]]; then
-        chown cryptpad:cryptpad $cryptpad_prefix$CRYPTPAD_DIR/config.js
+        chown cryptpad:cryptpad "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     else
         chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
     fi
 }
 
 function mesh_install_cryptpad {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    # shellcheck disable=SC2153
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi
 
-    if [ ! -d $rootdir/var/www/cryptpad ]; then
-        mkdir $rootdir/var/www/cryptpad
+    if [ ! -d "$rootdir/var/www/cryptpad" ]; then
+        mkdir "$rootdir/var/www/cryptpad"
     fi
-    if [ -d $rootdir$CRYPTPAD_DIR ]; then
-        rm -rf $rootdir$CRYPTPAD_DIR
+    if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
+        rm -rf "$rootdir$CRYPTPAD_DIR"
     fi
 
-    git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR
+    git_clone "$CRYPTPAD_REPO" "$rootdir$CRYPTPAD_DIR"
 
-    if [ ! -d $rootdir$CRYPTPAD_DIR ]; then
+    if [ ! -d "$rootdir$CRYPTPAD_DIR" ]; then
         echo $'Unable to clone cryptpad repo'
         exit 783251
     fi
@@ -360,94 +361,94 @@ function mesh_install_cryptpad {
     # an unprivileged user to run as
     chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
 
-    cd $rootdir$CRYPTPAD_DIR
-    git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
+    cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
+    git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
 
     chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
     cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
-    echo 'server {' > $cryptpad_nginx_site
-    echo "  listen 80 default_server;" >> $cryptpad_nginx_site
-    echo "  server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Logs' >> $cryptpad_nginx_site
-    echo '  access_log /dev/null;' >> $cryptpad_nginx_site
-    echo '  error_log /dev/null;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Root' >> $cryptpad_nginx_site
-    echo "  root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  index index.html;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
-    echo '  add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
-    echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
-    echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Host $host;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '    # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
-    echo '    proxy_http_version 1.1;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
+    { echo 'server {';
+      echo "  listen 80 default_server;";
+      echo "  server_name P${PEER_ID}.local;";
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root $CRYPTPAD_DIR;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '';
+      echo "  if (\$uri = /pad/inner.html) {";
+      echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
+      echo '  }';
+      echo '';
+      echo '  location = /cryptpad_websocket {';
+      echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # WebSocket support (nginx 1.4)';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '';
 
-    echo '  location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
-    echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location ^~ /customize/ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
-    echo '    try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location = /api/config {' >> $cryptpad_nginx_site
-    echo '    default_type text/javascript;' >> $cryptpad_nginx_site
-    echo '    rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /blob/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /login/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /about.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /contact.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
-    echo '}' >> $cryptpad_nginx_site
+      echo '  location ^~ /customize.dist/ {';
+      echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root';
+      echo '  }';
+      echo '  location ^~ /customize/ {';
+      echo "    rewrite ^/customize/(.*)\$ \$1 break;";
+      echo "    try_files /customize/\$uri /customize.dist/\$uri;";
+      echo '  }';
+      echo '  location = /api/config {';
+      echo '    default_type text/javascript;';
+      echo '    rewrite ^.*$ /customize/api/config break;';
+      echo '  }';
+      echo '';
+      echo '  location ^~ /blob/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /register/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /login/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /about.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /contact.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /what-is-cryptpad.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
+      echo "    rewrite ^(.*)\$ \$1/ redirect;";
+      echo '  }';
+      echo '';
+      echo "  try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
+      echo '}'; } > "$cryptpad_nginx_site"
 
-    cd $rootdir$CRYPTPAD_DIR
+    cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
 
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_cryptpad
+    cat <<EOF > "$rootdir/usr/bin/install_cryptpad"
 #!/bin/bash
 cd $CRYPTPAD_DIR
 npm install --arch=$NPM_ARCH --build-from-source
@@ -456,37 +457,37 @@ chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 su -c 'bower install' - cryptpad
 cp config.example.js config.js
 EOF
-    chmod +x $rootdir/usr/bin/install_cryptpad
+    chmod +x "$rootdir/usr/bin/install_cryptpad"
     chroot "$rootdir" /usr/bin/install_cryptpad
 
-    if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then
+    if [ ! -f "$rootdir$CRYPTPAD_DIR/config.js" ]; then
         echo $'Cryptpad config file not found'
         exit 628252
     fi
 
-    rm $rootdir/usr/bin/install_cryptpad
+    rm "$rootdir/usr/bin/install_cryptpad"
 
     cryptpad_create_config mesh
 
     chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
     # daemon
-    echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service
-    echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service
+    { echo '[Unit]';
+      echo 'Description=Cryptpad';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=cryptpad';
+      echo 'Group=cryptpad';
+      echo "WorkingDirectory=$CRYPTPAD_DIR";
+      echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
+      echo 'Environment=PATH=/usr/bin:/usr/local/bin';
+      echo 'Environment=NODE_ENV=production';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
     chroot "$rootdir" systemctl enable cryptpad.service
 }
 
@@ -505,7 +506,7 @@ function install_cryptpad_main {
     if [ -d /repos/cryptpad ]; then
         mkdir $CRYPTPAD_DIR
         cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
-        cd $CRYPTPAD_DIR
+        cd $CRYPTPAD_DIR || exit 3468356385
         git pull
     else
         function_check git_clone
@@ -520,7 +521,7 @@ function install_cryptpad_main {
     # an unprivileged user to run as
     useradd -d $CRYPTPAD_DIR/ cryptpad
 
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 34683655
     git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
     set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
 
@@ -529,87 +530,87 @@ function install_cryptpad_main {
     CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
 
     cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
-    echo 'server {' > $cryptpad_nginx_site
-    echo "  listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site
-    echo "  server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Logs' >> $cryptpad_nginx_site
-    echo '  access_log /dev/null;' >> $cryptpad_nginx_site
-    echo '  error_log /dev/null;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Root' >> $cryptpad_nginx_site
-    echo "  root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  index index.html;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  if ($args ~ ver=) {' >> $cryptpad_nginx_site
-    echo '      set $cacheControl max-age=31536000;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  add_header Cache-Control $cacheControl;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
-    echo '  add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
-    echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
-    echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Host $host;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '    # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
-    echo '    proxy_http_version 1.1;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
+      echo "  server_name $CRYPTPAD_ONION_HOSTNAME;";
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root $CRYPTPAD_DIR;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo "  if (\$args ~ ver=) {";
+      echo "      set \$cacheControl max-age=31536000;";
+      echo '  }';
+      echo "  add_header Cache-Control \$cacheControl;";
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '';
+      echo "  if (\$uri = /pad/inner.html) {";
+      echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
+      echo '  }';
+      echo '';
+      echo '  location = /cryptpad_websocket {';
+      echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # WebSocket support (nginx 1.4)';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '';
 
-    echo '  location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
-    echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location ^~ /customize/ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
-    echo '    try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location = /api/config {' >> $cryptpad_nginx_site
-    echo '    default_type text/javascript;' >> $cryptpad_nginx_site
-    echo '    rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /blob/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /login/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /about.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /contact.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
-    echo '}' >> $cryptpad_nginx_site
+      echo '  location ^~ /customize.dist/ {';
+      echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root';
+      echo '  }';
+      echo '  location ^~ /customize/ {';
+      echo "    rewrite ^/customize/(.*)\$ \$1 break;";
+      echo "    try_files /customize/\$uri /customize.dist/\$uri;";
+      echo '  }';
+      echo '  location = /api/config {';
+      echo '    default_type text/javascript;';
+      echo '    rewrite ^.*$ /customize/api/config break;';
+      echo '  }';
+      echo '';
+      echo '  location ^~ /blob/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /register/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /login/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /about.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /contact.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /what-is-cryptpad.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
+      echo "    rewrite ^(.*)\$ \$1/ redirect;";
+      echo '  }';
+      echo '';
+      echo "  try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
+      echo '}'; } > $cryptpad_nginx_site
 
     function_check nginx_ensite
     nginx_ensite cryptpad
@@ -623,7 +624,7 @@ function install_cryptpad {
 
     install_cryptpad_main
 
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 35483548
 
     npm install
     npm install -g bower@1.8.0
@@ -639,22 +640,22 @@ function install_cryptpad {
     chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/cryptpad.service
-    echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service
-    echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service
-    echo 'After=network.target' >> /etc/systemd/system/cryptpad.service
-    echo '' >> /etc/systemd/system/cryptpad.service
-    echo '[Service]' >> /etc/systemd/system/cryptpad.service
-    echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service
-    echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service
-    echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service
-    echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> /etc/systemd/system/cryptpad.service
-    echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/cryptpad.service
-    echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/cryptpad.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service
-    echo '' >> /etc/systemd/system/cryptpad.service
-    echo '[Install]' >> /etc/systemd/system/cryptpad.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service
+    { echo '[Unit]';
+      echo 'Description=Cryptpad';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=cryptpad';
+      echo 'Group=cryptpad';
+      echo "WorkingDirectory=$CRYPTPAD_DIR";
+      echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
+      echo 'Environment=PATH=/usr/bin:/usr/local/bin';
+      echo 'Environment=NODE_ENV=production';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
     systemctl enable cryptpad.service
     systemctl daemon-reload
     systemctl start cryptpad.service
@@ -664,7 +665,7 @@ function install_cryptpad {
     cryptpad_generate_api_config
 
     # install again
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 73537453
     su -c 'bower install' - cryptpad
 
     systemctl restart nginx

src/freedombone-app-dlna

@@ -49,24 +49,27 @@ function logging_off_dlna {
 function configure_interactive_dlna {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Media Menu" \
                --radiolist $"Choose an operation:" 13 70 3 \
                1 $"Attach a drive containing playable media" off \
                2 $"Remove a drive containing playable media" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) attach-music;;
             2) remove-music;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -84,7 +87,7 @@ function upgrade_dlna {
 }
 
 function configure_firewall_for_dlna {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@@ -95,23 +98,23 @@ function configure_firewall_for_dlna {
     firewall_add DLNA 1900 udp
     firewall_add DLNA 8200 tcp
 
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/dlna.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/dlna.service
-    echo '<service-group>' >> /etc/avahi/services/dlna.service
-    echo '  <name replace-wildcards="yes">%h DLNA</name>' >> /etc/avahi/services/dlna.service
-    echo '  <service>' >> /etc/avahi/services/dlna.service
-    echo '    <type>_dlna._tcp</type>' >> /etc/avahi/services/dlna.service
-    echo "    <port>8200</port>" >> /etc/avahi/services/dlna.service
-    echo '  </service>' >> /etc/avahi/services/dlna.service
-    echo '  <service>' >> /etc/avahi/services/dlna.service
-    echo '    <type>_dlna._udp</type>' >> /etc/avahi/services/dlna.service
-    echo "    <port>1900</port>" >> /etc/avahi/services/dlna.service
-    echo '  </service>' >> /etc/avahi/services/dlna.service
-    echo '</service-group>' >> /etc/avahi/services/dlna.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h DLNA</name>';
+      echo '  <service>';
+      echo '    <type>_dlna._tcp</type>';
+      echo "    <port>8200</port>";
+      echo '  </service>';
+      echo '  <service>';
+      echo '    <type>_dlna._udp</type>';
+      echo "    <port>1900</port>";
+      echo '  </service>';
+      echo '</service-group>'; } > /etc/avahi/services/dlna.service
 
     systemctl restart avahi-daemon
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function backup_local_dlna {
@@ -125,7 +128,7 @@ function backup_local_dlna {
 
 function restore_local_dlna {
     if [ -d /var/cache/minidlna ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/dlna ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/dlna" ]; then
             echo $"Restoring DLNA cache"
             temp_restore_dir=/root/tempdlna
             function_check restore_directory_from_usb
@@ -135,6 +138,7 @@ function restore_local_dlna {
             else
                 cp -r $temp_restore_dir/* /var/cache/minidlna/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
@@ -156,7 +160,7 @@ function backup_remote_dlna {
 
 function restore_remote_dlna {
     if [ -d /var/cache/minidlna ]; then
-        if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/dlna" ]; then
             temp_restore_dir=/root/tempdlna
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir dlna
@@ -165,6 +169,7 @@ function restore_remote_dlna {
             else
                 cp -r $temp_restore_dir/* /var/cache/minidlna/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 982
             fi
@@ -201,7 +206,7 @@ function install_dlna_main {
         exit 55
     fi
 
-    if [ ! $USB_MOUNT_DLNA ]; then
+    if [ ! "$USB_MOUNT_DLNA" ]; then
         USB_MOUNT_DLNA=/mnt/dlna
     fi
     if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then
@@ -242,7 +247,7 @@ function install_dlna_main {
     systemctl reload minidlna
 
     sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
-    if ! grep -q "max_user_watches" $COMPLETION_FILE; then
+    if ! grep -q "max_user_watches" "$COMPLETION_FILE"; then
         echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
     fi
     /sbin/sysctl -p -q
@@ -253,43 +258,43 @@ function install_dlna_main {
 }
 
 function script_for_attaching_usb_drive {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
-    echo '#!/bin/bash' > /usr/bin/attach-music
-    echo "source /usr/local/bin/${PROJECT_NAME}-vars" >> /usr/bin/attach-music
-    echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" >> /usr/bin/attach-music
-    echo '' >> /usr/bin/attach-music
-    echo 'for f in $UTILS_FILES' >> /usr/bin/attach-music
-    echo 'do' >> /usr/bin/attach-music
-    echo '    source $f' >> /usr/bin/attach-music
-    echo 'done' >> /usr/bin/attach-music
-    echo '' >> /usr/bin/attach-music
-    echo 'USB_DRIVE=/dev/sda1' >> /usr/bin/attach-music
-    echo 'detect_usb_drive' >> /usr/bin/attach-music
-    echo '' >> /usr/bin/attach-music
-    echo 'remove-music' >> /usr/bin/attach-music
-    echo "if [ ! -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/attach-music
-    echo "    mkdir $USB_MOUNT_DLNA" >> /usr/bin/attach-music
-    echo 'fi' >> /usr/bin/attach-music
-    echo -n 'mount $USB_DRIVE ' >> /usr/bin/attach-music
-    echo "$USB_MOUNT_DLNA" >> /usr/bin/attach-music
-    echo "chown root:root $USB_MOUNT_DLNA" >> /usr/bin/attach-music
-    echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*" >> /usr/bin/attach-music
-    echo 'systemctl restart minidlna' >> /usr/bin/attach-music
-    echo 'minidlnad -R' >> /usr/bin/attach-music
-    echo 'exit 0' >> /usr/bin/attach-music
+    { echo '#!/bin/bash';
+      echo "source /usr/local/bin/${PROJECT_NAME}-vars";
+      echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*";
+      echo '';
+      echo "for f in \$UTILS_FILES";
+      echo 'do';
+      echo "    source \$f";
+      echo 'done';
+      echo '';
+      echo 'USB_DRIVE=/dev/sda1';
+      echo 'detect_usb_drive';
+      echo '';
+      echo 'remove-music';
+      echo "if [ ! -d $USB_MOUNT_DLNA ]; then";
+      echo "    mkdir $USB_MOUNT_DLNA";
+      echo 'fi';
+      echo -n "mount \$USB_DRIVE ";
+      echo "$USB_MOUNT_DLNA";
+      echo "chown root:root $USB_MOUNT_DLNA";
+      echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*";
+      echo 'systemctl restart minidlna';
+      echo 'minidlnad -R';
+      echo 'exit 0'; } > /usr/bin/attach-music
     chmod +x /usr/bin/attach-music
 
-    echo '#!/bin/bash' > /usr/bin/remove-music
-    echo "if [ -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/remove-music
-    echo "  umount $USB_MOUNT_DLNA" >> /usr/bin/remove-music
-    echo "  rm -rf $USB_MOUNT_DLNA" >> /usr/bin/remove-music
-    echo 'fi' >> /usr/bin/remove-music
-    echo 'exit 0' >> /usr/bin/remove-music
+    { echo '#!/bin/bash';
+      echo "if [ -d $USB_MOUNT_DLNA ]; then";
+      echo "  umount $USB_MOUNT_DLNA";
+      echo "  rm -rf $USB_MOUNT_DLNA";
+      echo 'fi';
+      echo 'exit 0'; } > /usr/bin/remove-music
     chmod +x /usr/bin/remove-music
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_dlna {

src/freedombone-app-dokuwiki

@@ -75,18 +75,18 @@ function change_password_dokuwiki {
     new_user_password="$2"
 
     DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
-    if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
+    if grep -q "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
         HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-        existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
+        existing_user=$(grep "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" | hean -n 1)
         if [[ "$existing_user" == *":admin,"* ]]; then
-            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
         else
-            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
         fi
-        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-        ${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password"
+        cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+        chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+        chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+        "${PROJECT_NAME}-pass" -u "$curr_username" -a dokuwiki -p "$new_user_password"
     fi
 }
 
@@ -96,21 +96,21 @@ function add_user_dokuwiki {
 
     DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
     HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    ${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password"
+    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a dokuwiki -p "$new_user_password"
 }
 
 function remove_user_dokuwiki {
     remove_username="$1"
 
     read_config_param "DOKUWIKI_DOMAIN_NAME"
-    if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
-        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        ${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki
+    if grep -q "$remove_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
+        sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+        sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+        "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp dokuwiki
     fi
 }
 
@@ -120,7 +120,7 @@ function reconfigure_dokuwiki {
 
 function upgrade_dokuwiki {
     function_check set_repo_commit
-    set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
+    set_repo_commit "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
 }
 
 function backup_local_dokuwiki {
@@ -129,18 +129,18 @@ function backup_local_dokuwiki {
     function_check backup_directory_to_usb
 
     # backup the data
-    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
+    if [ -d "$source_directory" ]; then
         dest_directory=dokuwikidat
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
     fi
 
     # backup the users
-    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl"
+    if [ -d "$source_directory" ]; then
         dest_directory=dokuwikiacl
-        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        backup_directory_to_usb $source_directory $dest_directory
+        cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        backup_directory_to_usb "$source_directory" "$dest_directory"
     fi
 }
 
@@ -153,11 +153,12 @@ function restore_local_dokuwiki {
     temp_restore_dir=/root/tempdokuwikidat
     function_check restore_directory_from_usb
     restore_directory_from_usb ${temp_restore_dir} dokuwikidat
-    if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data ]; then
-        cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+    if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data" ]; then
+        cp -r "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
     else
-        cp -r ${temp_restore_dir}/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+        cp -r "${temp_restore_dir}/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         function_check restore_directory_from_usb
         set_user_permissions
@@ -172,13 +173,14 @@ function restore_local_dokuwiki {
     temp_restore_dir=/root/tempdokuwikiacl
     function_check restore_directory_from_usb
     restore_directory_from_usb ${temp_restore_dir} dokuwikiacl
-    if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl ]; then
-        cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
+    if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl" ]; then
+        cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
     else
-        cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
+        cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         function_check restore_directory_from_usb
         set_user_permissions
@@ -189,21 +191,21 @@ function restore_local_dokuwiki {
     fi
     rm -rf ${temp_restore_dir}
 
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
-    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
+    chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
     echo $"Restore of Dokuwiki complete"
 }
 
 function backup_remote_dokuwiki {
     DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
-    if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
+    if [ -d "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" ]; then
         echo $"Backing up dokuwiki"
-        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat
-        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl
+        backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" dokuwikidat
+        cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" dokuwikiacl
     fi
 }
 
@@ -212,15 +214,16 @@ function restore_remote_dokuwiki {
     function_check get_completion_param
     function_check restore_directory_from_friend
 
-    if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/dokuwikidat" ]; then
         echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME"
         temp_restore_dir=/root/tempdokuwikidat
         restore_directory_from_friend $temp_restore_dir dokuwikidat
-        if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data ]; then
-            cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
+        if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" ]; then
+            cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
         else
-            cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
+            cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 92634
         fi
@@ -229,15 +232,16 @@ function restore_remote_dokuwiki {
         echo $"Restore of Dokuwiki data complete"
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/dokuwikiacl" ]; then
         echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME"
         temp_restore_dir=/root/tempdokuwikiacl
         restore_directory_from_friend $temp_restore_dir dokuwikiacl
-        if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl ]; then
-            cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
+        if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" ]; then
+            cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
         else
-            cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
+            cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 735287
         fi
@@ -246,11 +250,11 @@ function restore_remote_dokuwiki {
         echo $"Restore of Dokuwiki users complete"
     fi
 
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib
-    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib"
+    chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
 }
 
 function remove_dokuwiki {
@@ -259,13 +263,13 @@ function remove_dokuwiki {
     fi
     function_check remove_onion_service
     remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT}
-    nginx_dissite $DOKUWIKI_DOMAIN_NAME
-    remove_certs $DOKUWIKI_DOMAIN_NAME
-    if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_dissite "$DOKUWIKI_DOMAIN_NAME"
+    remove_certs "$DOKUWIKI_DOMAIN_NAME"
+    if [ -f "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
-        rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME
+    if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$DOKUWIKI_DOMAIN_NAME"
     fi
     if [ -d /var/lib/dokuwiki ]; then
         rm -rf /var/lib/dokuwiki
@@ -278,14 +282,14 @@ function remove_dokuwiki {
     fi
     remove_completion_param "install_dokuwiki"
     remove_completion_param "dokuwiki domain"
-    sed -i '/dokuwiki/d' $COMPLETION_FILE
+    sed -i '/dokuwiki/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $DOKUWIKI_DOMAIN_NAME
+    remove_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
 }
 
 function install_dokuwiki {
-    if [ ! $DOKUWIKI_DOMAIN_NAME ]; then
+    if [ ! "$DOKUWIKI_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -293,25 +297,25 @@ function install_dokuwiki {
     apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
     apt-get -yq install php-memcached memcached
 
-    if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
-        mkdir /var/www/$DOKUWIKI_DOMAIN_NAME
+    if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME"
     fi
 
-    if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then
-        cd /var/www/$DOKUWIKI_DOMAIN_NAME
+    if [ ! -f "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php" ]; then
+        cd "/var/www/$DOKUWIKI_DOMAIN_NAME" || exit 23468246824
 
         if [ -d /repos/dokuwiki ]; then
-            mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-            cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-            cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/dokuwiki/. "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
+            cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 24687462
             git pull
         else
             function_check git_clone
-            git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+            git_clone "$DOKUWIKI_REPO" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
         fi
 
-        cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-        git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT
+        cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 38368832
+        git checkout "$DOKUWIKI_COMMIT" -b "$DOKUWIKI_COMMIT"
         set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT"
 
     fi
@@ -322,40 +326,40 @@ function install_dokuwiki {
         echo $'Removed Apache installation after Dokuwiki install'
     fi
 
-    echo '<?php' > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php
+    { echo '<?php';
+      echo "\$conf['title'] = '${DOKUWIKI_TITLE}';";
+      echo "\$conf['lang'] = 'en';";
+      echo "\$conf['license'] = 'cc-by-sa';";
+      echo "\$conf['useacl'] = 1;";
+      echo "\$conf['superuser'] = '@admin';";
+      echo "\$conf['disableactions'] = 'register';"; } > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
+    ln -s "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php"
 
-    chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+    chmod 600 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
+    chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        DOKUWIKI_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $DOKUWIKI_ADMIN_PASSWORD ]; then
-            DOKUWIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$DOKUWIKI_ADMIN_PASSWORD" ]; then
+            DOKUWIKI_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
     HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
-    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
 
-    if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'ogv     video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
+    if ! grep -q "video/ogg" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
+        echo 'ogv     video/ogg' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
     fi
-    if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'mp4     video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
+    if ! grep -q "video/mp4" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
+        echo 'mp4     video/mp4' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
     fi
-    if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'webm    video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
+    if ! grep -q "video/webm" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
+        echo 'webm    video/webm' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
     fi
 
     DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})
@@ -363,178 +367,178 @@ function install_dokuwiki {
 
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $DOKUWIKI_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    server_name $DOKUWIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_http_redirect "$DOKUWIKI_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
+          echo "    server_name $DOKUWIKI_DOMAIN_NAME;";
+          echo '    access_log /dev/null;';
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $DOKUWIKI_DOMAIN_NAME
+        nginx_ssl "$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security "max-age=0;";';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $DOKUWIKI_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $DOKUWIKI_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '      deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        fastcgi_read_timeout 30;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    #deny access to store';
+          echo '    location ~ /store {';
+          echo '        deny all;';
+          echo '    }';
+          echo '    location ~ /(data|conf|bin|inc)/ {';
+          echo '      deny all;';
+          echo '    }';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     else
-        echo -n '' > /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    server_name $DOKUWIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;";
+      echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
+      echo "    server_name $DOKUWIKI_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.php;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $DOKUWIKI_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+    { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+      echo '    }';
+      echo '';
+      echo '    # statically serve these file types when possible';
+      echo '    # otherwise fall back to front controller';
+      echo '    # allow browser to cache them';
+      echo '    # added .htm for advanced source code editor library';
+      echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+      echo '        expires 30d;';
+      echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+      echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $DOKUWIKI_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+    { echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.php;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_index index.php;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
 
     function_check create_site_certificate
-    create_site_certificate $DOKUWIKI_DOMAIN_NAME 'yes'
+    create_site_certificate "$DOKUWIKI_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
 
-    nginx_ensite $DOKUWIKI_DOMAIN_NAME
+    nginx_ensite "$DOKUWIKI_DOMAIN_NAME"
 
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
     function_check add_ddns_domain
-    add_ddns_domain $DOKUWIKI_DOMAIN_NAME
+    add_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
 
     APP_INSTALLED=1
 }

src/freedombone-app-edith

@@ -50,12 +50,12 @@ edith_variables=(MY_USERNAME
 function remove_bad_links_edith {
     read_config_param EDITH_DOMAIN_NAME
 
-    edith_dir=/var/www/$EDITH_DOMAIN_NAME/htdocs
+    edith_dir="/var/www/$EDITH_DOMAIN_NAME/htdocs"
 
     # copy jquery locally
     jquery_version='1.12.4'
     if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then
-        cd $edith_dir
+        cd $edith_dir || exit 246824628
         wget https://code.jquery.com/jquery-${jquery_version}.js
         if [ -f $edith_dir/jquery-${jquery_version}.js ]; then
             jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
@@ -79,9 +79,9 @@ function change_password_edith {
     new_user_password="$2"
 
     sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd
-    echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd ${curr_username}
+    echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd "${curr_username}"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a ${curr_username} -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a "${curr_username}" -p "$new_user_password"
 }
 
 function logging_on_edith {
@@ -102,21 +102,20 @@ function edith_enable_login {
     dialog --title $"Enable Edith login" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nDo you want to add a login so that random web users can't access your notes?" 10 60
+           --yesno $"\\nDo you want to add a login so that random web users can't access your notes?" 10 60
     sel=$?
     case $sel in
-        0) if grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then
-               sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
+        0) if grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
+               sed -i 's|#auth_basic|auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
                systemctl restart nginx
            fi
-           read_config_param $MY_USERNAME
-           EDITH_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a edith)
+           read_config_param "$MY_USERNAME"
+           EDITH_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith)
            dialog --title $"Enable Edith login" \
                   --msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65
-           EDITH__PASSWORD=
            ;;
-        1) if ! grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then
-               sed -i 's|auth_basic|#auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
+        1) if ! grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
+               sed -i 's|auth_basic|#auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
                systemctl restart nginx
            fi
            dialog --title $"Disable Edith login" \
@@ -127,31 +126,34 @@ function edith_enable_login {
 
 function edith_browse {
     read_config_param EDITH_DOMAIN_NAME
-    cd /var/www/$EDITH_DOMAIN_NAME/htdocs/data
-    editor /var/www/$EDITH_DOMAIN_NAME/htdocs/data
+    cd "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" || exit 24682642
+    editor "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
 }
 
 function configure_interactive_edith {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Edith" \
                --radiolist $"Choose an operation:" 10 50 3 \
                1 $"Enable login" off \
                2 $"Browse notes" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) edith_enable_login;;
             2) edith_browse;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -165,24 +167,24 @@ function upgrade_edith {
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$EDITH_DOMAIN_NAME/htdocs "edith commit" "$EDITH_COMMIT" $EDITH_REPO
+    set_repo_commit "/var/www/$EDITH_DOMAIN_NAME/htdocs" "edith commit" "$EDITH_COMMIT" "$EDITH_REPO"
 
     remove_bad_links_edith
-    chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data
+    chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
 }
 
 function backup_local_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     function_check suspend_site
-    suspend_site ${EDITH_DOMAIN_NAME}
+    suspend_site "${EDITH_DOMAIN_NAME}"
 
-    source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check backup_directory_to_usb
     dest_directory=edith
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
@@ -192,12 +194,12 @@ function restore_local_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     temp_restore_dir=/root/tempedith
-    edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check restore_directory_from_usb
     restore_directory_from_usb $temp_restore_dir edith
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$edith_dir ]; then
+        if [ -d $temp_restore_dir$edith_dir ]; then
             cp -rp $temp_restore_dir$edith_dir $edith_dir/
         else
             if [ ! -d $edith_dir ]; then
@@ -215,13 +217,13 @@ function backup_remote_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     function_check suspend_site
-    suspend_site ${EDITH_DOMAIN_NAME}
+    suspend_site "${EDITH_DOMAIN_NAME}"
 
-    source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check backup_directory_to_friend
     dest_directory=edith
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
@@ -231,12 +233,12 @@ function restore_remote_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     temp_restore_dir=/root/tempedith
-    edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir edith
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$edith_dir ]; then
+        if [ -d $temp_restore_dir$edith_dir ]; then
             cp -rp $temp_restore_dir$edith_dir $edith_dir/
         else
             if [ ! -d $edith_dir ]; then
@@ -253,17 +255,17 @@ function restore_remote_edith {
 function remove_edith {
     nginx_dissite $EDITH_DOMAIN_NAME
 
-    if [ -f /etc/nginx/sites-available/$EDITH_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
     fi
 
-    if [ -d /var/www/$EDITH_DOMAIN_NAME ]; then
-        rm -rf /var/www/$EDITH_DOMAIN_NAME
+    if [ -d "/var/www/$EDITH_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$EDITH_DOMAIN_NAME"
     fi
 
     function_check remove_onion_service
     remove_onion_service edith ${EDITH_ONION_PORT}
-    sed -i '/edith/d' $COMPLETION_FILE
+    sed -i '/edith/d' "$COMPLETION_FILE"
 
     if [ -f /etc/nginx/.edithpasswd ]; then
         rm /etc/nginx/.edithpasswd
@@ -286,26 +288,26 @@ function install_edith {
     function_check install_nodejs
     install_nodejs edith
 
-    if [ ! ${EDITH_PASSWORD} ]; then
-        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-            EDITH_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "${EDITH_PASSWORD}" ]; then
+        if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+            EDITH_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            EDITH_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            EDITH_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
-    if [ -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
-        rm -rf /var/www/$EDITH_DOMAIN_NAME/htdocs
+    if [ -d "/var/www/$EDITH_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$EDITH_DOMAIN_NAME/htdocs"
     fi
 
     if [ -d /repos/edith ]; then
-        mkdir /var/www/$EDITH_DOMAIN_NAME/htdocs
-        cp -r -p /repos/edith/. /var/www/$EDITH_DOMAIN_NAME/htdocs
-        cd /var/www/$EDITH_DOMAIN_NAME/htdocs
+        mkdir "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+        cp -r -p /repos/edith/. "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+        cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 24682462
         git pull
     else
         function_check git_clone
-        git_clone $EDITH_REPO /var/www/$EDITH_DOMAIN_NAME/htdocs
+        git_clone "$EDITH_REPO" "/var/www/$EDITH_DOMAIN_NAME/htdocs"
     fi
 
     if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
@@ -313,102 +315,102 @@ function install_edith {
         exit 537593569
     fi
 
-    cd /var/www/$EDITH_DOMAIN_NAME/htdocs
-    git checkout $EDITH_COMMIT -b $EDITH_COMMIT
+    cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 2648248
+    git checkout "$EDITH_COMMIT" -b "$EDITH_COMMIT"
     set_completion_param "edith commit" "$EDITH_COMMIT"
 
-    if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs/data ]; then
-        mkdir -p /var/www/$EDITH_DOMAIN_NAME/htdocs/data
+    if [ ! -d "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" ]; then
+        mkdir -p "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
     fi
 
     EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT})
 
-    edith_nginx_site=/etc/nginx/sites-available/$EDITH_DOMAIN_NAME
-    if [[ $ONION_ONLY == "no" ]]; then
+    edith_nginx_site="/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
+    if [[ "$ONION_ONLY" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $EDITH_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $edith_nginx_site
-        echo '  listen 443 ssl;' >> $edith_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $edith_nginx_site
-        echo "  server_name $EDITH_DOMAIN_NAME;" >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
+        nginx_http_redirect "$EDITH_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $EDITH_DOMAIN_NAME;";
+          echo ''; } >> "$edith_nginx_site"
         function_check nginx_compress
-        nginx_compress $EDITH_DOMAIN_NAME
-        echo '' >> $edith_nginx_site
-        echo '  # Security' >> $edith_nginx_site
+        nginx_compress "$EDITH_DOMAIN_NAME"
+        echo '' >> "$edith_nginx_site"
+        echo '  # Security' >> "$edith_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $EDITH_DOMAIN_NAME
+        nginx_ssl "$EDITH_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $EDITH_DOMAIN_NAME
+        nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  access_log /dev/null;' >> $edith_nginx_site
-        echo '  error_log /dev/null;' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  index index.php;' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  # PHP' >> $edith_nginx_site
-        echo '  location ~ \.php {' >> $edith_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $edith_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $edith_nginx_site
-        echo '  }' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  # Location' >> $edith_nginx_site
-        echo '  location / {' >> $edith_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$edith_nginx_site"
         function_check nginx_limits
-        nginx_limits $EDITH_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site
-        echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site
-        echo '    auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site
-        echo '  }' >> $edith_nginx_site
-        echo '}' >> $edith_nginx_site
+        nginx_limits "$EDITH_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ /index.php?\$args;";
+          echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";";
+          echo '    auth_basic_user_file /etc/nginx/.edithpasswd;';
+          echo '  }';
+          echo '}'; } >> "$edith_nginx_site"
     else
-        echo -n '' > $edith_nginx_site
+        echo -n '' > "$edith_nginx_site"
     fi
-    echo 'server {' >> $edith_nginx_site
-    echo "    listen 127.0.0.1:$EDITH_ONION_PORT default_server;" >> $edith_nginx_site
-    echo "    server_name $EDITH_ONION_HOSTNAME;" >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$EDITH_ONION_PORT default_server;";
+      echo "    server_name $EDITH_ONION_HOSTNAME;";
+      echo ''; } >> "$edith_nginx_site"
     function_check nginx_compress
-    nginx_compress $EDITH_DOMAIN_NAME
-    echo '' >> $edith_nginx_site
+    nginx_compress "$EDITH_DOMAIN_NAME"
+    echo '' >> "$edith_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $EDITH_DOMAIN_NAME
-    echo '' >> $edith_nginx_site
-    echo '  access_log /dev/null;' >> $edith_nginx_site
-    echo '  error_log /dev/null;' >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo '  index index.php;' >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo '  # PHP' >> $edith_nginx_site
-    echo '  location ~ \.php {' >> $edith_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $edith_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $edith_nginx_site
-    echo '  }' >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo '  # Location' >> $edith_nginx_site
-    echo '  location / {' >> $edith_nginx_site
+    nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
+    { echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$edith_nginx_site"
     function_check nginx_limits
     nginx_limits $EDITH_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site
-    echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site
-    echo '    auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site
-    echo '  }' >> $edith_nginx_site
-    echo '}' >> $edith_nginx_site
+    { echo "    try_files \$uri \$uri/ /index.php?\$args;";
+      echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";";
+      echo '    auth_basic_user_file /etc/nginx/.edithpasswd;';
+      echo '  }';
+      echo '}'; } >> "$edith_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $EDITH_DOMAIN_NAME 'yes'
+    create_site_certificate "$EDITH_DOMAIN_NAME" 'yes'
 
     # create a password for users
     if [ ! -f /etc/nginx/.edithpasswd ]; then
@@ -417,24 +419,23 @@ function install_edith {
     if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then
         sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd
     fi
-    echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd $MY_USERNAME
+    echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd "$MY_USERNAME"
     if [ ! -f /etc/nginx/.edithpasswd ]; then
         echo $'/etc/nginx/.edithpasswd not found'
         exit 6537683563
     fi
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a edith -p "$EDITH_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith -p "$EDITH_PASSWORD"
 
-    cp /var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example /var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess
-    cd /var/www/$EDITH_DOMAIN_NAME/htdocs
+    cp "/var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example" "/var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess"
+    cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 26482468
     npm install -g coffeescript uglify-js
-    cake build
-    if [ ! "$?" = "0" ]; then
+    if ! cake build; then
         echo $'Unable to build Edith'
         exit 7396483635
     fi
     cp config.example.php config.php
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php
     else
         sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php
@@ -445,20 +446,20 @@ function install_edith {
 
     remove_bad_links_edith
 
-    chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data
-    nginx_ensite $EDITH_DAEMON_NAME
+    chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
+    nginx_ensite "$EDITH_DAEMON_NAME"
     systemctl restart nginx
 
     APP_INSTALLED=1
 }
 
 function install_interactive_edith {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         GHOST_DOMAIN_NAME='edith.local'
         write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME"
     else

src/freedombone-app-emacs

@@ -57,13 +57,13 @@ function backup_local_emacs {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
                 function_check backup_directory_to_usb
-                backup_directory_to_usb /home/$USERNAME/.emacs.d emacs/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
             fi
         fi
     done
@@ -71,24 +71,25 @@ function backup_local_emacs {
 
 function restore_local_emacs {
     temp_restore_dir=/root/tempemacs
-    if [ -d $USB_MOUNT/backup/emacs ]; then
+    if [ -d "$USB_MOUNT/backup/emacs" ]; then
         for d in $USB_MOUNT/backup/emacs/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Emacs config for $USERNAME"
                 function_check restore_directory_from_usb
-                restore_directory_from_usb $temp_restore_dir emacs/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
+                restore_directory_from_usb "$temp_restore_dir" "emacs/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.emacs.d ]; then
-                        mkdir /home/$USERNAME/.emacs.d
+                    if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
+                        mkdir "/home/$USERNAME/.emacs.d"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -97,10 +98,10 @@ function restore_local_emacs {
                     backup_unmount_drive
                     exit 664
                 fi
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
                 else
-                    cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs
+                    cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
                 fi
                 rm -rf $temp_restore_dir
             fi
@@ -112,13 +113,13 @@ function backup_remote_emacs {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
                 function_check backup_directory_to_friend
-                backup_directory_to_friend /home/$USERNAME/.emacs.d emacs/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
             fi
         fi
     done
@@ -126,24 +127,25 @@ function backup_remote_emacs {
 
 function restore_remote_emacs {
     temp_restore_dir=/root/tempemacs
-    if [ -d $USB_MOUNT/backup/emacs ]; then
+    if [ -d "$USB_MOUNT/backup/emacs" ]; then
         for d in $USB_MOUNT/backup/emacs/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Emacs config for $USERNAME"
                 function_check restore_directory_from_friend
-                restore_directory_from_friend $temp_restore_dir emacs/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
+                restore_directory_from_friend "$temp_restore_dir" "emacs/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.emacs.d ]; then
-                        mkdir /home/$USERNAME/.emacs.d
+                    if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
+                        mkdir "/home/$USERNAME/.emacs.d"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d/*
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d/*"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -152,10 +154,10 @@ function restore_remote_emacs {
                     backup_unmount_drive
                     exit 664
                 fi
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
                 else
-                    cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs
+                    cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
                 fi
                 rm -rf $temp_restore_dir
             fi
@@ -166,7 +168,7 @@ function restore_remote_emacs {
 function remove_emacs {
     apt-get -yq remove --purge emacs
     update-alternatives --set editor /usr/bin/nano
-    sed -i '/install_emacs/d' $COMPLETION_FILE
+    sed -i '/install_emacs/d' "$COMPLETION_FILE"
 
     # remove emacs as the mutt email editor
     if [ -f /etc/Muttrc ]; then
@@ -176,9 +178,9 @@ function remove_emacs {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        sed -i '/set editor=/d' /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
                     fi
                 fi
             fi
@@ -194,74 +196,74 @@ function install_emacs {
     #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
     #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
     #echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
-    echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
-    echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
-    echo "           '(lambda ()" >> /home/$MY_USERNAME/.emacs
-    echo "              (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
-    echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
-    echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
-    echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
-    echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
-    cp /home/$MY_USERNAME/.emacs /root/.emacs
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
+    { echo $';; ===== Remove trailing whitepace ======================================';
+      echo '';
+      echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+      echo '';
+      echo ';; Goto a line number with CTRL-l';
+      echo -n '(global-set-key "\C-l" ';
+      echo "'goto-line)";
+      echo '';
+      echo $';; ===== Show line numbers ==============================================';
+      echo '';
+      echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))";
+      echo '';
+      echo $';; ===== Enable line wrapping in org-mode ===============================';
+      echo '';
+      echo " (add-hook 'org-mode-hook";
+      echo "           '(lambda ()";
+      echo "              (visual-line-mode 1)))";
+      echo '';
+      echo $';; ===== Enable shift select in org mode ================================';
+      echo '';
+      echo '(setq org-support-shift-select t)';
+      echo '';
+      echo $';; ===== Set standard indent to 4 rather that 4 =========================';
+      echo '';
+      echo '(setq standard-indent 4)';
+      echo '(setq-default tab-width 4)';
+      echo '(setq c-basic-offset 4)';
+      echo '';
+      echo $';; ===== Support Wheel Mouse Scrolling ==================================';
+      echo '';
+      echo '(mouse-wheel-mode t)';
+      echo '';
+      echo $';; ===== Place Backup Files in Specific Directory =======================';
+      echo '';
+      echo '(setq make-backup-files t)';
+      echo '(setq version-control t)';
+      echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+      echo '';
+      echo $';; ===== Make Text mode the default mode for new buffers ================';
+      echo '';
+      echo "(setq default-major-mode 'text-mode)";
+      echo '';
+      echo $';; ===== Line length ====================================================';
+      echo '';
+      echo '(setq-default fill-column 72)';
+      echo '';
+      echo $';; ===== Enable Line and Column Numbering ===============================';
+      echo '';
+      echo '(line-number-mode 1)';
+      echo '(column-number-mode 1)';
+      echo '';
+      echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============';
+      echo '';
+      echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of';
+      echo ';; newlines when the cursor goes over the column limit.';
+      echo '';
+      echo ';; This should actually turn on auto-fill-mode by default in all major';
+      echo ';; modes. The other way to do this is to turn on the fill for specific modes';
+      echo ';; via hooks.';
+      echo '';
+      echo '(setq auto-fill-mode 1)';
+      echo '';
+      echo $';; ===== Enable GPG encryption =========================================';
+      echo '';
+      echo "(require 'epa)";
+      echo '(epa-file-enable)'; } >> "/home/$MY_USERNAME/.emacs"
+    cp "/home/$MY_USERNAME/.emacs" /root/.emacs
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.emacs"
 
     # add a mutt entry to use emacs to compose emails
     if [ -f /etc/Muttrc ]; then
@@ -273,92 +275,92 @@ function install_emacs {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> "/home/$USERNAME/.muttrc"
                     else
-                        sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' /home/$USERNAME/.muttrc
+                        sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' "/home/$USERNAME/.muttrc"
                     fi
                 fi
 
                 # create an Emacs configuration specifically for use with Mutt, which
                 # has word wrap and spell checking on by default
-                if [ ! -f /home/$USERNAME/.emacs-mutt ]; then
-                    echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$USERNAME/.emacs-mutt
-                    echo '(setq org-support-shift-select t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq standard-indent 4)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq-default tab-width 4)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq c-basic-offset 4)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(mouse-wheel-mode t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq make-backup-files t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq version-control t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$USERNAME/.emacs-mutt
-                    echo "(setq default-major-mode 'text-mode)" >> /home/$USERNAME/.emacs-mutt
-                    echo "(dolist (hook '(text-mode-hook))" >> /home/$USERNAME/.emacs-mutt
-                    echo '    (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq-default fill-column 72)' >> /home/$USERNAME/.emacs-mutt
+                if [ ! -f "/home/$USERNAME/.emacs-mutt" ]; then
+                    { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+                    echo '(setq org-support-shift-select t)';
+                    echo '(setq standard-indent 4)';
+                    echo '(setq-default tab-width 4)';
+                    echo '(setq c-basic-offset 4)';
+                    echo '(mouse-wheel-mode t)';
+                    echo '(setq make-backup-files t)';
+                    echo '(setq version-control t)';
+                    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+                    echo "(setq default-major-mode 'text-mode)";
+                    echo "(dolist (hook '(text-mode-hook))";
+                    echo '    (add-hook hook (lambda () (flyspell-mode 1))))';
+                    echo '(setq-default fill-column 72)'; } > "/home/$USERNAME/.emacs-mutt"
                     if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then
-                        echo '(setq ispell-dictionary "american")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "american")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then
-                        echo '(setq ispell-dictionary "british")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "british")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then
-                        echo '(setq ispell-dictionary "french")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "french")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then
-                        echo '(setq ispell-dictionary "italian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "italian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then
-                        echo '(setq ispell-dictionary "czech")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "czech")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then
-                        echo '(setq ispell-dictionary "danish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "danish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then
-                        echo '(setq ispell-dictionary "dutch")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "dutch")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then
-                        echo '(setq ispell-dictionary "russian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "russian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then
-                        echo '(setq ispell-dictionary "spanish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "spanish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then
-                        echo '(setq ispell-dictionary "swedish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "swedish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then
-                        echo '(setq ispell-dictionary "norwegian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "norwegian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then
-                        echo '(setq ispell-dictionary "ngerman")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "ngerman")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then
-                        echo '(setq ispell-dictionary "bulgarian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "bulgarian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then
-                        echo '(setq ispell-dictionary "polish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "polish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then
-                        echo '(setq ispell-dictionary "estonian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "estonian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then
-                        echo '(setq ispell-dictionary "lithuanian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "lithuanian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then
-                        echo '(setq ispell-dictionary "ukranian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "ukranian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then
-                        echo '(setq ispell-dictionary "catalan")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "catalan")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
-                    echo '(setq auto-fill-mode 0)' >> /home/$USERNAME/.emacs-mutt
-                    echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$USERNAME/.emacs-mutt
-                    echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$USERNAME/.emacs-mutt
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.emacs-mutt
+                    { echo '(setq auto-fill-mode 0)';
+                      echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
+                      echo "(setq-default auto-fill-function 'do-auto-fill)"; } >> "/home/$USERNAME/.emacs-mutt"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.emacs-mutt"
 
                     # add the emacs mutt configuration to the user profile skeleton
                     if [ ! -f /etc/skel/.emacs-mutt ]; then
-                        cp /home/$USERNAME/.emacs-mutt /etc/skel/.emacs-mutt
+                        cp "/home/$USERNAME/.emacs-mutt" /etc/skel/.emacs-mutt
                         chown root:root /etc/skel/.emacs-mutt
                     fi
                 fi

src/freedombone-app-etherpad

@@ -41,7 +41,7 @@ ETHERPAD_REPO="https://github.com/ether/etherpad-lite"
 ETHERPAD_COMMIT='454f539561a8d9de51ed107a29d974eb79198bc6'
 ETHERPAD_ADMIN_PASSWORD=
 ETHERPAD_TITLE=$'Freedombone Docs'
-ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
+ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\\n\\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
 
 etherpad_variables=(ONION_ONLY
                     DEFAULT_DOMAIN_NAME
@@ -67,109 +67,109 @@ function change_password_etherpad {
     read_config_param ETHERPAD_DOMAIN_NAME
 
     if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
-        user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
+        user_line=$(grep "\"$change_username\": {" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json")
         if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": true }|g" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
         else
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
         fi
-        ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
+        "${PROJECT_NAME}-pass" -u "$change_username" -a etherpad -p "$2"
         systemctl restart etherpad
     fi
 }
 
 function etherpad_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
-            ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
+            ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
+    if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function create_etherpad_settings {
-    settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
-    echo '{' > $settings_file
-    echo "  \"title\": \"${ETHERPAD_TITLE}\"," >> $settings_file
-    echo '  "favicon": "favicon.ico",' >> $settings_file
+    settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
+    { echo '{';
+      echo "  \"title\": \"${ETHERPAD_TITLE}\",";
+      echo '  "favicon": "favicon.ico",';
 
-    echo '  "ip": "127.0.0.1",' >> $settings_file
-    echo "  \"port\" : ${ETHERPAD_PORT}," >> $settings_file
+      echo '  "ip": "127.0.0.1",';
+      echo "  \"port\" : ${ETHERPAD_PORT},";
 
-    echo '  "showSettingsInAdminPage" : true,' >> $settings_file
-    echo '   "dbType" : "mysql",' >> $settings_file
-    echo '   "dbSettings" : {' >> $settings_file
-    echo '                    "user"    : "root",' >> $settings_file
-    echo '                    "host"    : "localhost",' >> $settings_file
-    echo "                    \"password\": \"${MARIADB_PASSWORD}\"," >> $settings_file
-    echo '                    "database": "etherpad",' >> $settings_file
-    echo '                    "charset" : "utf8mb4"' >> $settings_file
-    echo '                  },' >> $settings_file
+      echo '  "showSettingsInAdminPage" : true,';
+      echo '   "dbType" : "mysql",';
+      echo '   "dbSettings" : {';
+      echo '                    "user"    : "root",';
+      echo '                    "host"    : "localhost",';
+      echo "                    \"password\": \"${MARIADB_PASSWORD}\",";
+      echo '                    "database": "etherpad",';
+      echo '                    "charset" : "utf8mb4"';
+      echo '                  },';
 
-    echo "  \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"," >> $settings_file
+      echo "  \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\",";
 
-    echo '  "padOptions": {' >> $settings_file
-    echo '    "noColors": false,' >> $settings_file
-    echo '    "showControls": true,' >> $settings_file
-    echo '    "showChat": true,' >> $settings_file
-    echo '    "showLineNumbers": false,' >> $settings_file
-    echo '    "useMonospaceFont": false,' >> $settings_file
-    echo '    "userName": false,' >> $settings_file
-    echo '    "userColor": true,' >> $settings_file
-    echo '    "rtl": false,' >> $settings_file
-    echo '    "alwaysShowChat": true,' >> $settings_file
-    echo '    "chatAndUsers": true,' >> $settings_file
-    echo '    "lang": "en-gb"' >> $settings_file
-    echo '  },' >> $settings_file
+      echo '  "padOptions": {';
+      echo '    "noColors": false,';
+      echo '    "showControls": true,';
+      echo '    "showChat": true,';
+      echo '    "showLineNumbers": false,';
+      echo '    "useMonospaceFont": false,';
+      echo '    "userName": false,';
+      echo '    "userColor": true,';
+      echo '    "rtl": false,';
+      echo '    "alwaysShowChat": true,';
+      echo '    "chatAndUsers": true,';
+      echo '    "lang": "en-gb"';
+      echo '  },';
 
-    echo '  "suppressErrorsInPadText" : true,' >> $settings_file
-    echo '  "requireSession" : false,' >> $settings_file
-    echo '  "editOnly" : false,' >> $settings_file
-    echo '  "sessionNoPassword" : false,' >> $settings_file
-    echo '  "minify" : true,' >> $settings_file
-    echo '  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours' >> $settings_file
-    echo '  "abiword" : null,' >> $settings_file
-    echo '  "soffice" : null,' >> $settings_file
-    echo '  "tidyHtml" : null,' >> $settings_file
-    echo '  "allowUnknownFileEnds" : false,' >> $settings_file
-    echo '  "requireAuthentication" : true,' >> $settings_file
-    echo '  "requireAuthorization" : true,' >> $settings_file
-    echo '  "trustProxy" : false,' >> $settings_file
-    echo '  "disableIPlogging" : true,' >> $settings_file
+      echo '  "suppressErrorsInPadText" : true,';
+      echo '  "requireSession" : false,';
+      echo '  "editOnly" : false,';
+      echo '  "sessionNoPassword" : false,';
+      echo '  "minify" : true,';
+      echo '  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours';
+      echo '  "abiword" : null,';
+      echo '  "soffice" : null,';
+      echo '  "tidyHtml" : null,';
+      echo '  "allowUnknownFileEnds" : false,';
+      echo '  "requireAuthentication" : true,';
+      echo '  "requireAuthorization" : true,';
+      echo '  "trustProxy" : false,';
+      echo '  "disableIPlogging" : true,';
 
-    echo '  "users": {' >> $settings_file
-    echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
-    echo '  },' >> $settings_file
+      echo '  "users": {';
+      echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }";
+      echo '  },';
 
-    echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
-    echo '  "loadTest": false,' >> $settings_file
-    echo '  "indentationOnNewLine": false,' >> $settings_file
+      echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],';
+      echo '  "loadTest": false,';
+      echo '  "indentationOnNewLine": false,';
 
-    echo '  "toolbar": {' >> $settings_file
-    echo '    "left": [' >> $settings_file
-    echo '      ["bold", "italic", "underline", "strikethrough"],' >> $settings_file
-    echo '      ["orderedlist", "unorderedlist", "indent", "outdent"],' >> $settings_file
-    echo '      ["undo", "redo"],' >> $settings_file
-    echo '      ["clearauthorship"]' >> $settings_file
-    echo '    ],' >> $settings_file
-    echo '    "right": [' >> $settings_file
-    echo '      ["importexport", "timeslider", "savedrevision"],' >> $settings_file
-    echo '      ["settings", "embed"],' >> $settings_file
-    echo '      ["showusers"]' >> $settings_file
-    echo '    ],' >> $settings_file
-    echo '    "timeslider": [' >> $settings_file
-    echo '      ["timeslider_export", "timeslider_returnToPad"]' >> $settings_file
-    echo '    ]' >> $settings_file
-    echo '  },' >> $settings_file
-    echo '  "loglevel": "INFO"' >> $settings_file
-    echo '}' >> $settings_file
+      echo '  "toolbar": {';
+      echo '    "left": [';
+      echo '      ["bold", "italic", "underline", "strikethrough"],';
+      echo '      ["orderedlist", "unorderedlist", "indent", "outdent"],';
+      echo '      ["undo", "redo"],';
+      echo '      ["clearauthorship"]';
+      echo '    ],';
+      echo '    "right": [';
+      echo '      ["importexport", "timeslider", "savedrevision"],';
+      echo '      ["settings", "embed"],';
+      echo '      ["showusers"]';
+      echo '    ],';
+      echo '    "timeslider": [';
+      echo '      ["timeslider_export", "timeslider_returnToPad"]';
+      echo '    ]';
+      echo '  },';
+      echo '  "loglevel": "INFO"';
+      echo '}'; } > $settings_file
     chmod 600 $settings_file
 }
 
@@ -177,7 +177,7 @@ function remove_user_etherpad {
     remove_username="$1"
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp etherpad
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp etherpad
 
     if grep -q "\"$remove_username\": {" $settings_file; then
         sed -i "/\"$remove_username\": {/d" $settings_file
@@ -191,7 +191,7 @@ function add_user_etherpad {
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 
     if ! grep -q "\"$new_username\": {" $settings_file; then
-        ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
+        "${PROJECT_NAME}-pass" -u "$new_username" -a etherpad -p "$2"
         sed -i "/\"users\": {/a    \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
         if grep -q "\"$new_username\": {" $settings_file; then
             systemctl restart etherpad
@@ -204,11 +204,11 @@ function add_user_etherpad {
 }
 
 function install_interactive_etherpad {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         ETHERPAD_DOMAIN_NAME='etherpad.local'
         write_config_param "ETHERPAD_DOMAIN_NAME" "$ETHERPAD_DOMAIN_NAME"
     else
@@ -220,18 +220,17 @@ function install_interactive_etherpad {
 
 function etherpad_set_title {
     read_config_param "ETHERPAD_TITLE"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Etherpad Title" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>$data
+           --inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_title=$(<$data)
+            temp_title=$(<"$data")
             if [ ${#temp_title} -gt 0 ]; then
                 ETHERPAD_TITLE="$temp_title"
-                settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json
+                settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
 
                 write_config_param "ETHERPAD_TITLE" "$ETHERPAD_TITLE"
                 sed -i "s|\"title\":.*|\"title\": \"${ETHERPAD_TITLE}\"|g" $settings_file
@@ -241,22 +240,22 @@ function etherpad_set_title {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function etherpad_set_welcome_message {
     read_config_param "ETHERPAD_WELCOME_MESSAGE"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Etherpad Welcome Message" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>$data
+           --inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_welcome=$(<$data)
+            temp_welcome=$(<"$data")
             if [ ${#temp_welcome} -gt 0 ]; then
                 ETHERPAD_WELCOME_MESSAGE="$temp_welcome"
-                settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json
+                settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
 
                 write_config_param "ETHERPAD_WELCOME_MESSAGE" "$ETHERPAD_WELCOME_MESSAGE"
                 sed -i "s|\"defaultPadText\" :.*|\"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"|g" $settings_file
@@ -266,29 +265,33 @@ function etherpad_set_welcome_message {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_etherpad {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Etherpad Settings" \
                --radiolist $"Choose an operation:" 12 70 3 \
                1 $"Set Title" off \
                2 $"Set a welcome message" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) etherpad_set_title;;
             2) etherpad_set_welcome_message;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -311,18 +314,18 @@ function upgrade_etherpad {
 
 function backup_local_etherpad {
     ETHERPAD_DOMAIN_NAME='etherpad'
-    if grep -q "etherpad domain" $COMPLETION_FILE; then
+    if grep -q "etherpad domain" "$COMPLETION_FILE"; then
         ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
     fi
 
     source_directory=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    if [ -d "$source_directory" ]; then
         dest_directory=etherpad
         function_check suspend_site
-        suspend_site ${ETHERPAD_DOMAIN_NAME}
+        suspend_site "${ETHERPAD_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb etherpad
@@ -333,50 +336,50 @@ function backup_local_etherpad {
 }
 
 function restore_local_etherpad {
-    if ! grep -q "etherpad domain" $COMPLETION_FILE; then
+    if ! grep -q "etherpad domain" "$COMPLETION_FILE"; then
         return
     fi
     ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
-    if [ $ETHERPAD_DOMAIN_NAME ]; then
+    if [ "$ETHERPAD_DOMAIN_NAME" ]; then
         temp_restore_dir=/root/tempetherpad
-        etherpad_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
+        #etherpad_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
 
         function_check etherpad_create_database
         etherpad_create_database
 
-        restore_database etherpad ${ETHERPAD_DOMAIN_NAME}
+        restore_database etherpad "${ETHERPAD_DOMAIN_NAME}"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-        if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
-            chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+        chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
+        if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
+            chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
         fi
-        if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
-            chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
+        if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
+            chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
-        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
+        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
         MARIADB_PASSWORD=
     fi
 }
 
 function backup_remote_etherpad {
-    if grep -q "etherpad domain" $COMPLETION_FILE; then
+    if grep -q "etherpad domain" "$COMPLETION_FILE"; then
         ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
-        temp_backup_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        temp_backup_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
+        if [ -d "$temp_backup_dir" ]; then
             function_check suspend_site
-            suspend_site ${ETHERPAD_DOMAIN_NAME}
+            suspend_site "${ETHERPAD_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend etherpad
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir etherpad
+            backup_directory_to_friend "$temp_backup_dir" etherpad
 
             function_check restart_site
             restart_site
@@ -387,29 +390,29 @@ function backup_remote_etherpad {
 }
 
 function restore_remote_etherpad {
-    if grep -q "etherpad domain" $COMPLETION_FILE; then
+    if grep -q "etherpad domain" "$COMPLETION_FILE"; then
         ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
 
         function_check etherpad_create_database
         etherpad_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend etherpad ${ETHERPAD_DOMAIN_NAME}
+        restore_database_from_friend etherpad "${ETHERPAD_DOMAIN_NAME}"
         if [ -d /root/tempetherpad ]; then
             rm -rf /root/tempetherpad
         fi
 
-        chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-        if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
-            chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+        chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
+        if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
+            chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
         fi
-        if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
-            chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
+        if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
+            chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
-        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
+        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
         MARIADB_PASSWORD=
     fi
 }
@@ -427,13 +430,13 @@ function remove_etherpad {
         rm /etc/systemd/system/etherpad.service
     fi
     systemctl daemon-reload
-    nginx_dissite $ETHERPAD_DOMAIN_NAME
-    remove_certs $ETHERPAD_DOMAIN_NAME
-    if [ -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$ETHERPAD_DOMAIN_NAME
+    nginx_dissite "$ETHERPAD_DOMAIN_NAME"
+    remove_certs "$ETHERPAD_DOMAIN_NAME"
+    if [ -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$ETHERPAD_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database etherpad
@@ -441,7 +444,7 @@ function remove_etherpad {
     remove_onion_service etherpad ${ETHERPAD_ONION_PORT}
     remove_app etherpad
     remove_completion_param install_etherpad
-    sed -i '/etherpad/d' $COMPLETION_FILE
+    sed -i '/etherpad/d' "$COMPLETION_FILE"
     remove_backup_database_local etherpad
     remove_nodejs etherpad
 
@@ -449,22 +452,22 @@ function remove_etherpad {
     userdel -r etherpad
 
     function_check remove_ddns_domain
-    remove_ddns_domain $ETHERPAD_DOMAIN_NAME
+    remove_ddns_domain "$ETHERPAD_DOMAIN_NAME"
 }
 
 function install_etherpad {
-    if [ ! $ETHERPAD_DOMAIN_NAME ]; then
+    if [ ! "$ETHERPAD_DOMAIN_NAME" ]; then
         echo $'No domain name was given for etherpad'
         exit 7359
     fi
 
     check_ram_availability 2000
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
-            ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
+            ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -484,133 +487,133 @@ function install_etherpad {
     function_check install_nodejs
     install_nodejs etherpad
 
-    if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
-        mkdir /var/www/$ETHERPAD_DOMAIN_NAME
+    if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$ETHERPAD_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/etherpad ]; then
-            mkdir /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/etherpad/. /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-            cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/etherpad/. "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 32468346
             git pull
         else
             function_check git_clone
-            git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+            git_clone "$ETHERPAD_REPO" "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone etherpad repo'
             exit 56382
         fi
     fi
 
-    cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-    git checkout $ETHERPAD_COMMIT -b $ETHERPAD_COMMIT
+    cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 24654824
+    git checkout "$ETHERPAD_COMMIT" -b "$ETHERPAD_COMMIT"
     set_completion_param "etherpad commit" "$ETHERPAD_COMMIT"
 
-    chmod a+w /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-    chown www-data:www-data /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+    chmod a+w "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
+    chown www-data:www-data "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
 
     function_check etherpad_create_database
     etherpad_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $ETHERPAD_DOMAIN_NAME
+    add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
 
     create_etherpad_settings
 
-    adduser --system --home=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/ --group etherpad
-    chown -R etherpad: /var/www/$ETHERPAD_DOMAIN_NAME/htdocs/
+    adduser --system --home="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/" --group etherpad
+    chown -R etherpad: "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/"
 
-    echo '[Unit]' > /etc/systemd/system/etherpad.service
-    echo 'Description=etherpad-lite (real-time collaborative document editing)' >> /etc/systemd/system/etherpad.service
-    echo 'After=syslog.target network.target' >> /etc/systemd/system/etherpad.service
-    echo '' >> /etc/systemd/system/etherpad.service
-    echo '[Service]' >> /etc/systemd/system/etherpad.service
-    echo 'Type=simple' >> /etc/systemd/system/etherpad.service
-    echo 'User=etherpad' >> /etc/systemd/system/etherpad.service
-    echo 'Group=etherpad' >> /etc/systemd/system/etherpad.service
-    echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" >> /etc/systemd/system/etherpad.service
-    echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh" >> /etc/systemd/system/etherpad.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/etherpad.service
-    echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/etherpad.service
-    echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/etherpad.service
-    echo '' >> /etc/systemd/system/etherpad.service
-    echo '[Install]' >> /etc/systemd/system/etherpad.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/etherpad.service
+    { echo '[Unit]';
+      echo 'Description=etherpad-lite (real-time collaborative document editing)';
+      echo 'After=syslog.target network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=etherpad';
+      echo 'Group=etherpad';
+      echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs";
+      echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/etherpad.service
     chmod +x /etc/systemd/system/etherpad.service
 
     etherpad_nginx_site=/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $ETHERPAD_DOMAIN_NAME
-        echo 'server {' >> $etherpad_nginx_site
-        echo '  listen 443 ssl;' >> $etherpad_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $etherpad_nginx_site
-        echo "  server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  # Security' >> $etherpad_nginx_site
+        nginx_http_redirect "$ETHERPAD_DOMAIN_NAME"
+        { echo 'server {';
+        echo '  listen 443 ssl;';
+        echo '  #listen [::]:443 ssl;';
+        echo "  server_name $ETHERPAD_DOMAIN_NAME;";
+        echo '';
+        echo '  # Security'; } >> "$etherpad_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $ETHERPAD_DOMAIN_NAME
+        nginx_ssl "$ETHERPAD_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME
+        nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  # Logs' >> $etherpad_nginx_site
-        echo '  access_log /dev/null;' >> $etherpad_nginx_site
-        echo '  error_log /dev/null;' >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  # Root' >> $etherpad_nginx_site
-        echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  location / {' >> $etherpad_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+        echo '';
+        echo '  # Logs';
+        echo '  access_log /dev/null;';
+        echo '  error_log /dev/null;';
+        echo '';
+        echo '  # Root';
+        echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
+        echo '';
+        echo '  location / {'; } >> "$etherpad_nginx_site"
         function_check nginx_limits
-        nginx_limits $ETHERPAD_DOMAIN_NAME '15m'
-        echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site
-        echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
-        echo '    proxy_buffering   off;' >> $etherpad_nginx_site
-        echo '  }' >> $etherpad_nginx_site
-        echo '}' >> $etherpad_nginx_site
+        nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
+        { echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;";
+          echo "    proxy_set_header  Host \$host;";
+          echo '    proxy_buffering   off;';
+          echo '  }';
+          echo '}'; } >> "$etherpad_nginx_site"
     else
-        echo -n '' > $etherpad_nginx_site
+        echo -n '' > "$etherpad_nginx_site"
     fi
-    echo 'server {' >> $etherpad_nginx_site
-    echo "    listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;" >> $etherpad_nginx_site
-    echo "    server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;";
+      echo "    server_name $ETHERPAD_ONION_HOSTNAME;";
+      echo ''; } >> "$etherpad_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME
-    echo '' >> $etherpad_nginx_site
-    echo '  # Logs' >> $etherpad_nginx_site
-    echo '  access_log /dev/null;' >> $etherpad_nginx_site
-    echo '  error_log /dev/null;' >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
-    echo '  # Root' >> $etherpad_nginx_site
-    echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
-    echo '  location / {' >> $etherpad_nginx_site
+    nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  location / {'; } >> "$etherpad_nginx_site"
     function_check nginx_limits
-    nginx_limits $ETHERPAD_DOMAIN_NAME '15m'
-    echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site
-    echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
-    echo '    proxy_buffering   off;' >> $etherpad_nginx_site
-    echo '  }' >> $etherpad_nginx_site
-    echo '}' >> $etherpad_nginx_site
+    nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
+    { echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;";
+      echo "    proxy_set_header  Host \$host;";
+      echo '    proxy_buffering   off;';
+      echo '  }';
+      echo '}'; } >> "$etherpad_nginx_site"
 
     function_check create_site_certificate
-    create_site_certificate $ETHERPAD_DOMAIN_NAME 'yes'
+    create_site_certificate "$ETHERPAD_DOMAIN_NAME" 'yes'
 
-    if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt ]; then
-        mv /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+    if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" ]; then
+        mv "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
     fi
-    if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
-        chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+    if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
+        chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
     fi
-    if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
-        chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
+    if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
+        chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
     fi
     usermod -a -G ssl-cert etherpad
 
@@ -623,14 +626,14 @@ function install_etherpad {
     backup_database_local etherpad
 
     function_check nginx_ensite
-    nginx_ensite $ETHERPAD_DOMAIN_NAME
+    nginx_ensite "$ETHERPAD_DOMAIN_NAME"
 
     ETHERPAD_ONION_HOSTNAME=$(add_onion_service etherpad 80 ${ETHERPAD_ONION_PORT})
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $ETHERPAD_DOMAIN_NAME
+    add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
 
     set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME"
 

src/freedombone-app-fedwiki

@@ -127,7 +127,7 @@ function add_user_fedwiki {
 }
 
 function install_interactive_fedwiki {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -148,7 +148,7 @@ function change_password_fedwiki {
         echo $'Fedwiki password is too short'
         return
     fi
-    ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
     sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
     sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json
     systemctl daemon-reload
@@ -177,12 +177,12 @@ function upgrade_fedwiki {
 
 function backup_local_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
 
     systemctl stop fedwiki
-    suspend_site ${FEDWIKI_DOMAIN_NAME}
+    suspend_site "${FEDWIKI_DOMAIN_NAME}"
 
     fedwiki_path=$FEDWIKI_DATA
     if [ -d $fedwiki_path ]; then
@@ -195,11 +195,11 @@ function backup_local_fedwiki {
 
 function restore_local_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
-    if [ $FEDWIKI_DOMAIN_NAME ]; then
-        suspend_site ${FEDWIKI_DOMAIN_NAME}
+    if [ "$FEDWIKI_DOMAIN_NAME" ]; then
+        suspend_site "${FEDWIKI_DOMAIN_NAME}"
         systemctl stop fedwiki
 
         temp_restore_dir=/root/tempfedwiki
@@ -215,8 +215,8 @@ function restore_local_fedwiki {
             rm -rf $temp_restore_dir
         fi
 
-        FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
-        ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
+        FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
+        "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
         sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
         write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
         systemctl daemon-reload
@@ -227,12 +227,12 @@ function restore_local_fedwiki {
 
 function backup_remote_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
 
     systemctl stop fedwiki
-    suspend_site ${FEDWIKI_DOMAIN_NAME}
+    suspend_site "${FEDWIKI_DOMAIN_NAME}"
 
     temp_backup_dir=$FEDWIKI_DATA
     if [ -d $temp_backup_dir ]; then
@@ -248,12 +248,12 @@ function backup_remote_fedwiki {
 
 function restore_remote_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
 
     systemctl stop fedwiki
-    suspend_site ${FEDWIKI_DOMAIN_NAME}
+    suspend_site "${FEDWIKI_DOMAIN_NAME}"
 
     temp_restore_dir=/root/tempfedwiki
     function_check restore_directory_from_friend
@@ -268,8 +268,8 @@ function restore_remote_fedwiki {
         rm -rf $temp_restore_dir
     fi
 
-    FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
-    ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
+    FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
+    "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
     sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
     write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
     systemctl daemon-reload
@@ -294,20 +294,20 @@ function remove_fedwiki {
     remove_nodejs fedwiki
 
     read_config_param "FEDWIKI_DOMAIN_NAME"
-    nginx_dissite $FEDWIKI_DOMAIN_NAME
-    remove_certs ${FEDWIKI_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME
+    nginx_dissite "$FEDWIKI_DOMAIN_NAME"
+    remove_certs "${FEDWIKI_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$FEDWIKI_DOMAIN_NAME ]; then
-        rm -rf /var/www/$FEDWIKI_DOMAIN_NAME
+    if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME"
     fi
     remove_config_param FEDWIKI_DOMAIN_NAME
     remove_config_param FEDWIKI_CODE
     function_check remove_onion_service
     remove_onion_service fedwiki ${FEDWIKI_ONION_PORT}
     remove_completion_param "install_fedwiki"
-    sed -i '/fedwiki/d' $COMPLETION_FILE
+    sed -i '/fedwiki/d' "$COMPLETION_FILE"
 
     groupdel -f fedwiki
     userdel -r fedwiki
@@ -317,101 +317,102 @@ function remove_fedwiki {
     fi
 
     function_check remove_ddns_domain
-    remove_ddns_domain $FEDWIKI_DOMAIN_NAME
+    remove_ddns_domain "$FEDWIKI_DOMAIN_NAME"
 }
 
 function fedwiki_setup_web {
-    fedwiki_nginx_file=/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME
+    fedwiki_nginx_file="/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
 
-    if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $fedwiki_nginx_file
-        echo '  listen 80;' >> $fedwiki_nginx_file
-        echo '  listen [::]:80;' >> $fedwiki_nginx_file
-        echo "  server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
-        echo '  rewrite ^ https://$server_name$request_uri? permanent;' >> $fedwiki_nginx_file
-        echo '}' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
-        echo 'server {' >> $fedwiki_nginx_file
-        echo '  listen 443 ssl;' >> $fedwiki_nginx_file
-        echo '  #listen [::]:443 ssl;' >> $fedwiki_nginx_file
-        echo "  server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        { echo 'server {';
+        echo '  listen 80;';
+        echo '  listen [::]:80;';
+        echo "  server_name $FEDWIKI_DOMAIN_NAME;";
+        echo "  rewrite ^ https://\$server_name\$request_uri? permanent;";
+        echo '}';
+        echo '';
+        echo 'server {';
+        echo '  listen 443 ssl;';
+        echo '  #listen [::]:443 ssl;';
+        echo "  server_name $FEDWIKI_DOMAIN_NAME;";
+        echo ''; } > "$fedwiki_nginx_file"
         function_check nginx_ssl
-        nginx_ssl $FEDWIKI_DOMAIN_NAME mobile
+        nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile
 
-        sed -i '/Content-Security-Policy/d' $fedwiki_nginx_file
-        sed -i '/X-XSS-Protection/d' $fedwiki_nginx_file
-        sed -i '/X-Robots-Tag/d' $fedwiki_nginx_file
-        sed -i '/X-Download-Options/d' $fedwiki_nginx_file
-        sed -i '/X-Permitted-Cross-Domain-Policies/d' $fedwiki_nginx_file
+        sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
+        sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
+        sed -i '/X-Robots-Tag/d' "$fedwiki_nginx_file"
+        sed -i '/X-Download-Options/d' "$fedwiki_nginx_file"
+        sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
 
-        echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
-        echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
-        echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
-        echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
-        echo '  location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
-        echo '    alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
-        echo '  }' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
-        echo '  location / {' >> $fedwiki_nginx_file
-        echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
-        echo '    proxy_set_header Host $host;' >> $fedwiki_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
-        echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
-        echo '  }' >> $fedwiki_nginx_file
-        echo '}' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
+        { echo '  add_header X-Robots-Tag none;';
+          echo '  add_header X-Download-Options noopen;';
+          echo '  add_header X-Frame-Options DENY;';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  location /fonts-font-awesome/ {';
+          echo '    alias /usr/share/fonts-font-awesome/;';
+          echo '  }';
+          echo '';
+          echo '  location / {';
+          echo "    proxy_pass http://localhost:${FEDWIKI_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    client_max_body_size 1M;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> "$fedwiki_nginx_file"
     else
-        echo -n '' > $fedwiki_nginx_file
+        echo -n '' > "$fedwiki_nginx_file"
     fi
-    echo 'server {' >> $fedwiki_nginx_file
-    echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file
-    echo "  server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file
-    echo '' >> $fedwiki_nginx_file
-    echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
-    echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
-    echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
-    echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
-    echo '' >> $fedwiki_nginx_file
-    echo '  location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
-    echo '    alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
-    echo '  }' >> $fedwiki_nginx_file
-    echo '' >> $fedwiki_nginx_file
-    echo '  location / {' >> $fedwiki_nginx_file
-    echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
-    echo '    proxy_set_header Host $host;' >> $fedwiki_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
-    echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
-    echo '  }' >> $fedwiki_nginx_file
-    echo '}' >> $fedwiki_nginx_file
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
+      echo "  server_name $FEDWIKI_ONION_HOSTNAME;";
+      echo '';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Frame-Options DENY;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '';
+      echo '  location /fonts-font-awesome/ {';
+      echo '    alias /usr/share/fonts-font-awesome/;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${FEDWIKI_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    client_max_body_size 1M;';
+      echo '  }';
+      echo '}'; } >> "$fedwiki_nginx_file"
 
     function_check create_site_certificate
-    create_site_certificate $FEDWIKI_DOMAIN_NAME 'yes'
+    create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $FEDWIKI_DOMAIN_NAME
+    nginx_ensite "$FEDWIKI_DOMAIN_NAME"
 }
 
 function install_fedwiki {
-    if [[ $VARIANT == "mesh"* ]]; then
+    # shellcheck disable=SC2153
+    if [[ "$VARIANT" == "mesh"* ]]; then
         return
     fi
 
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [ ! $FEDWIKI_DOMAIN_NAME ]; then
+    if [ ! "$FEDWIKI_DOMAIN_NAME" ]; then
         echo $'The fedwiki domain name was not specified'
         exit 893635
     fi
 
-    if [ ! -d /var/www/$FEDWIKI_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$FEDWIKI_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs"
     fi
 
     if [ ! -d $FEDWIKI_DATA ]; then
@@ -429,14 +430,12 @@ function install_fedwiki {
 
     apt-get -yq install fonts-font-awesome
 
-    npm install -g wiki@$FEDWIKI_VERSION
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g wiki@$FEDWIKI_VERSION; then
         echo $'Failed to install fedwiki'
         exit 6293523
     fi
 
-    npm install -g wiki-security-friends@0.1.0
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g wiki-security-friends@0.1.0; then
         echo $'Failed to install wiki-security-friends'
         exit 783533
     fi
@@ -457,44 +456,44 @@ function install_fedwiki {
         FEDWIKI_COOKIE="$(create_password 20)"
     fi
 
-    echo '[Unit]' > /etc/systemd/system/fedwiki.service
-    echo 'Description=Fedwiki federated wiki' >> /etc/systemd/system/fedwiki.service
-    echo 'After=syslog.target' >> /etc/systemd/system/fedwiki.service
-    echo 'After=network.target' >> /etc/systemd/system/fedwiki.service
-    echo '' >> /etc/systemd/system/fedwiki.service
-    echo '[Service]' >> /etc/systemd/system/fedwiki.service
-    echo 'User=fedwiki' >> /etc/systemd/system/fedwiki.service
-    echo 'Group=fedwiki' >> /etc/systemd/system/fedwiki.service
-    echo "WorkingDirectory=/usr/local/lib/node_modules/wiki" >> /etc/systemd/system/fedwiki.service
-    echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'" >> /etc/systemd/system/fedwiki.service
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/fedwiki.service
-    echo 'StandardError=syslog' >> /etc/systemd/system/fedwiki.service
-    echo 'SyslogIdentifier=fedwiki' >> /etc/systemd/system/fedwiki.service
-    echo 'Restart=always' >> /etc/systemd/system/fedwiki.service
-    echo "Environment=NODE_ENV=production" >> /etc/systemd/system/fedwiki.service
-    echo '' >> /etc/systemd/system/fedwiki.service
-    echo '[Install]' >> /etc/systemd/system/fedwiki.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/fedwiki.service
+    { echo '[Unit]';
+      echo 'Description=Fedwiki federated wiki';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=fedwiki';
+      echo 'Group=fedwiki';
+      echo "WorkingDirectory=/usr/local/lib/node_modules/wiki";
+      echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=fedwiki';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/fedwiki.service
 
     if [ ! -d ${FEDWIKI_DATA}/status ]; then
         mkdir -p ${FEDWIKI_DATA}/status
     fi
     fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
-    echo '{' > $fedwiki_auth_file
-    echo "  \"name\": \"${MY_USERNAME}\"," >> $fedwiki_auth_file
-    echo '  "friend": {' >> $fedwiki_auth_file
-    echo "    \"secret\": \"${FEDWIKI_COOKIE}\"" >> $fedwiki_auth_file
-    echo '  }' >> $fedwiki_auth_file
-    echo '}' >> $fedwiki_auth_file
+    { echo '{';
+      echo "  \"name\": \"${MY_USERNAME}\",";
+      echo '  "friend": {';
+      echo "    \"secret\": \"${FEDWIKI_COOKIE}\"";
+      echo '  }';
+      echo '}'; } > $fedwiki_auth_file
 
     chown -R fedwiki:fedwiki $FEDWIKI_DATA
 
     fedwiki_setup_web
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a fedwiki -p "$FEDWIKI_COOKIE"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a fedwiki -p "$FEDWIKI_COOKIE"
 
     function_check add_ddns_domain
-    add_ddns_domain $FEDWIKI_DOMAIN_NAME
+    add_ddns_domain "$FEDWIKI_DOMAIN_NAME"
 
     fedwiki_remove_bad_links
 

src/freedombone-app-friendica

@@ -60,7 +60,7 @@ function logging_off_friendica {
 
 function remove_user_friendica {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp friendica
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp friendica
 }
 
 function add_user_friendica {
@@ -71,27 +71,26 @@ function add_user_friendica {
 
     new_username="$1"
     new_user_password="$2"
-    ${PROJECT_NAME}-pass -u $new_username -a friendica -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a friendica -p "$new_user_password"
     echo '0'
 }
 
 function friendica_renew_cert {
     dialog --title $"Renew SSL certificate" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
+           --yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
     FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
-    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Renew SSL certificate" \
                --msgbox $"Friendica install directory not found" 6 40
         return
     fi
-    ${PROJECT_NAME}-renew-cert -h $FRIENDICA_DOMAIN_NAME -p 'letsencrypt'
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-renew-cert" -h "$FRIENDICA_DOMAIN_NAME" -p 'letsencrypt'; then
         any_key
     else
         dialog --title $"Renew SSL certificate" \
@@ -100,52 +99,54 @@ function friendica_renew_cert {
 }
 
 function friendica_channel_directory_server {
-    if ! grep -q "friendica domain" $COMPLETION_FILE; then
+    if ! grep -q "friendica domain" "$COMPLETION_FILE"; then
         dialog --title $"Friendica channel directory server" \
                --msgbox $"Friendica is not installed on this system" 6 40
         return
     fi
     FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
-    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Friendica channel directory server" \
                --msgbox $"Friendica install directory not found" 6 40
         return
     fi
 
-    CURR_DIR_SERVER=$(cat /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php | grep directory | awk -F "'" '{print $6}')
+    CURR_DIR_SERVER=$(grep directory "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php" | awk -F "'" '{print $6}')
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Friendica channel directory server" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>$data
+           --inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>"$data"
     sel=$?
     case $sel in
         0)
-            friendica_domain_server=$(<$data)
+            friendica_domain_server=$(<"$data")
             if [[ "$friendica_domain_server" != *"."* ]]; then
+                rm -f "$data"
                 return
             fi
             if [[ "$friendica_domain_server" != "http"* ]]; then
                 dialog --title $"Friendica channel directory server" \
                        --msgbox $"Invalid domain - include the https://" 6 40
+                rm -f "$data"
                 return
             fi
-            sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
+            sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
             dialog --title $"Friendica channel directory server" \
                    --msgbox $"Domain channel directory server changed to $friendica_domain_server" 6 40
             ;;
     esac
+    rm -f "$data"
 }
 
 function friendica_close_registrations {
-    sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
+    sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
     dialog --title $"Friendica Account Registrations" \
            --msgbox $"New registrations are now closed" 6 40
 }
 
 function friendica_allow_registrations {
-    sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
+    sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
     dialog --title $"Friendica Account Registrations" \
            --msgbox $"New registrations are permitted" 6 40
 }
@@ -153,8 +154,7 @@ function friendica_allow_registrations {
 function configure_interactive_friendica {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Friendica" \
                --radiolist $"Choose an operation:" 15 70 6 \
@@ -162,19 +162,21 @@ function configure_interactive_friendica {
                2 $"Renew SSL certificate" off \
                3 $"Close new account registrations" off \
                4 $"Allow new account registrations" off \
-               5 $"Back to main menu" on 2> $data
+               5 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
             1) break;;
             255) break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) friendica_channel_directory_server;;
             2) friendica_renew_cert;;
             3) friendica_close_registrations;;
             4) friendica_allow_registrations;;
-            5) break;;
+            5) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -190,7 +192,7 @@ function install_interactive_friendica {
 }
 
 function change_password_friendica {
-    FRIENDICA_USERNAME="$1"
+    #FRIENDICA_USERNAME="$1"
     FRIENDICA_PASSWORD="$2"
     if [ ${#FRIENDICA_PASSWORD} -lt 8 ]; then
         echo $'Friendica password is too short'
@@ -201,14 +203,14 @@ function change_password_friendica {
 }
 
 function friendica_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        FRIENDICA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        FRIENDICA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     fi
-    if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then
-        FRIENDICA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
+        FRIENDICA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a friendica -p "$FRIENDICA_ADMIN_PASSWORD"
-    if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a friendica -p "$FRIENDICA_ADMIN_PASSWORD"
+    if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -229,17 +231,17 @@ function upgrade_friendica {
     FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
 
     function_check set_repo_commit
-    set_repo_commit $FRIENDICA_PATH "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO
-    set_repo_commit $FRIENDICA_PATH/addon "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO
+    set_repo_commit "$FRIENDICA_PATH" "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO
+    set_repo_commit "$FRIENDICA_PATH/addon" "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO
 }
 
 function backup_local_friendica {
-    friendica_path=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs
-    if [ -d $friendica_path ]; then
+    friendica_path="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
+    if [ -d "$friendica_path" ]; then
         function_check backup_database_to_usb
         backup_database_to_usb friendica
 
-        backup_directory_to_usb $friendica_path friendica
+        backup_directory_to_usb "$friendica_path" friendica
     fi
 }
 
@@ -250,31 +252,31 @@ function restore_local_friendica {
     function_check friendica_create_database
     friendica_create_database
 
-    restore_database friendica ${FRIENDICA_DOMAIN_NAME}
-    if [ -d $USB_MOUNT/backup/friendica ]; then
-        if [ ! -d $friendica_dir/store/[data]/smarty3 ]; then
-            mkdir -p $friendica_dir/store/[data]/smarty3
+    restore_database friendica "${FRIENDICA_DOMAIN_NAME}"
+    if [ -d "$USB_MOUNT/backup/friendica" ]; then
+        if [ ! -d "$friendica_dir/store/[data]/smarty3" ]; then
+            mkdir -p "$friendica_dir/store/[data]/smarty3"
         fi
-        chmod 1777 $friendica_dir/store/[data]/smarty3
-        chown -R www-data:www-data $friendica_dir/*
+        chmod 1777 "$friendica_dir/store/[data]/smarty3"
+        chown -R www-data:www-data "$friendica_dir/*"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
-        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
+        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
         MARIADB_PASSWORD=
     fi
 }
 
 function backup_remote_friendica {
-    temp_backup_dir=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs
-    if [ -d $temp_backup_dir ]; then
-        suspend_site ${FRIENDICA_DOMAIN_NAME}
+    temp_backup_dir="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
+    if [ -d "$temp_backup_dir" ]; then
+        suspend_site "${FRIENDICA_DOMAIN_NAME}"
         backup_database_to_friend friendica
         echo "Backing up Friendica installation"
-        backup_directory_to_friend $temp_backup_dir friendica
+        backup_directory_to_friend "$temp_backup_dir" friendica
         restart_site
         echo "Backup of Friendica complete"
     else
@@ -289,21 +291,21 @@ function restore_remote_friendica {
     function_check friendica_create_database
     friendica_create_database
 
-    restore_database_from_friend friendica ${FRIENDICA_DOMAIN_NAME}
-    if [ -d $SERVER_DIRECTORY/backup/friendica ]; then
-        if [ ! -d /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
-            mkdir -p /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
+    restore_database_from_friend friendica "${FRIENDICA_DOMAIN_NAME}"
+    if [ -d "$SERVER_DIRECTORY/backup/friendica" ]; then
+        if [ ! -d "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
+            mkdir -p "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
         fi
-        chmod 1777 /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
-        chown -R www-data:www-data /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*
+        chmod 1777 "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
+        chown -R www-data:www-data "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*"
     fi
     if [ -d /root/tempfriendica ]; then
         rm -rf /root/tempfriendica
     fi
 
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-    FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
-    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+    FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
+    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
     MARIADB_PASSWORD=
 }
 
@@ -311,35 +313,35 @@ function remove_friendica {
     if [ ${#FRIENDICA_DOMAIN_NAME} -eq 0 ]; then
         return
     fi
-    nginx_dissite $FRIENDICA_DOMAIN_NAME
-    remove_certs ${FRIENDICA_DOMAIN_NAME}
-    if [ -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
-        rm -rf /var/www/$FRIENDICA_DOMAIN_NAME
+    nginx_dissite "$FRIENDICA_DOMAIN_NAME"
+    remove_certs "${FRIENDICA_DOMAIN_NAME}"
+    if [ -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$FRIENDICA_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database friendica
     function_check remove_onion_service
     remove_onion_service friendica ${FRIENDICA_ONION_PORT}
-    sed -i '/friendica/d' $COMPLETION_FILE
+    sed -i '/friendica/d' "$COMPLETION_FILE"
     sed -i '/poller.php/d' /etc/crontab
 
     function_check remove_ddns_domain
-    remove_ddns_domain $FRIENDICA_DOMAIN_NAME
+    remove_ddns_domain "$FRIENDICA_DOMAIN_NAME"
 }
 
 function install_friendica {
-    if [ ! $FRIENDICA_DOMAIN_NAME ]; then
+    if [ ! "$FRIENDICA_DOMAIN_NAME" ]; then
         return
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         return
     fi
 
-    FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
+    FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
 
     function_check install_mariadb
     install_mariadb
@@ -354,38 +356,38 @@ function install_friendica {
     apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
     apt-get -yq install php-memcached
 
-    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
-        mkdir /var/www/$FRIENDICA_DOMAIN_NAME
+    if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$FRIENDICA_DOMAIN_NAME"
     fi
-    if [ ! -d $FRIENDICA_PATH ]; then
-        mkdir $FRIENDICA_PATH
+    if [ ! -d "$FRIENDICA_PATH" ]; then
+        mkdir "$FRIENDICA_PATH"
     fi
 
-    if [ ! -f $FRIENDICA_PATH/index.php ]; then
-        cd $INSTALL_DIR
+    if [ ! -f "$FRIENDICA_PATH/index.php" ]; then
+        cd "$INSTALL_DIR" || exit 2346824864
 
         if [ -d /repos/friendica ]; then
             mkdir friendica
             cp -r -p /repos/friendica/. friendica
-            cd friendica
+            cd friendica || exit 24682462
             git pull
         else
             function_check git_clone
-            git_clone $FRIENDICA_REPO friendica
+            git_clone "$FRIENDICA_REPO" friendica
         fi
 
         git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT
         set_completion_param "friendica commit" "$FRIENDICA_COMMIT"
 
-        rm -rf $FRIENDICA_PATH
-        mv friendica $FRIENDICA_PATH
+        rm -rf "$FRIENDICA_PATH"
+        mv friendica "$FRIENDICA_PATH"
 
-        git_clone $FRIENDICA_ADDONS_REPO $FRIENDICA_PATH/addon
-        cd $FRIENDICA_PATH/addon
-        git checkout $FRIENDICA_ADDONS_COMMIT -b $FRIENDICA_ADDONS_COMMIT
+        git_clone "$FRIENDICA_ADDONS_REPO" "$FRIENDICA_PATH/addon"
+        cd "$FRIENDICA_PATH/addon" || exit 34835685
+        git checkout "$FRIENDICA_ADDONS_COMMIT" -b "$FRIENDICA_ADDONS_COMMIT"
         set_completion_param "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT"
 
-        chown -R www-data:www-data $FRIENDICA_PATH
+        chown -R www-data:www-data "$FRIENDICA_PATH"
     fi
 
     FRIENDICA_ONION_HOSTNAME=
@@ -400,158 +402,158 @@ function install_friendica {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $FRIENDICA_DOMAIN_NAME
+    add_ddns_domain "$FRIENDICA_DOMAIN_NAME"
 
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $FRIENDICA_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    server_name $FRIENDICA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_http_redirect "$FRIENDICA_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root $FRIENDICA_PATH;";
+          echo "    server_name $FRIENDICA_DOMAIN_NAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $FRIENDICA_DOMAIN_NAME
+        nginx_ssl "$FRIENDICA_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_read_timeout 30;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
     else
-        echo 'server {' > /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    server_name $FRIENDICA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        { echo 'server {';
+          echo "    listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;";
+          echo "    root $FRIENDICA_PATH;";
+          echo "    server_name $FRIENDICA_ONION_HOSTNAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;';
+          echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } > "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_read_timeout 30;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
     fi
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $FRIENDICA_DOMAIN_NAME 'yes'
+    create_site_certificate "$FRIENDICA_DOMAIN_NAME" 'yes'
 
-    if [ ! -d $FRIENDICA_PATH/view/tpl/smarty3 ]; then
-        mkdir $FRIENDICA_PATH/view/tpl/smarty3
+    if [ ! -d "$FRIENDICA_PATH/view/tpl/smarty3" ]; then
+        mkdir "$FRIENDICA_PATH/view/tpl/smarty3"
     fi
     if [ ! -d "$FRIENDICA_PATH/store" ]; then
         mkdir "$FRIENDICA_PATH/store"
@@ -563,9 +565,9 @@ function install_friendica {
         mkdir "$FRIENDICA_PATH/store/[data]/smarty3"
         chmod 1777 "$FRIENDICA_PATH/store/[data]/smarty3"
     fi
-    chmod 1777 $FRIENDICA_PATH/view/tpl
+    chmod 1777 "$FRIENDICA_PATH/view/tpl"
     chown -R www-data:www-data "$FRIENDICA_PATH/store"
-    chmod 1777 $FRIENDICA_PATH/view/tpl/smarty3
+    chmod 1777 "$FRIENDICA_PATH/view/tpl/smarty3"
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -575,55 +577,55 @@ function install_friendica {
     function_check backup_database_local
     backup_database_local friendica
 
-    chown -R www-data:www-data $FRIENDICA_PATH
+    chown -R www-data:www-data "$FRIENDICA_PATH"
 
     function_check nginx_ensite
-    nginx_ensite $FRIENDICA_DOMAIN_NAME
+    nginx_ensite "$FRIENDICA_DOMAIN_NAME"
 
     # initialize the database
-    if [ ! -f $FRIENDICA_PATH/database.sql ]; then
+    if [ ! -f "$FRIENDICA_PATH/database.sql" ]; then
         echo $'No database schema found for friendica'
         exit 252782
     fi
     function_check initialise_database
-    initialise_database friendica $FRIENDICA_PATH/database.sql
+    initialise_database friendica "$FRIENDICA_PATH/database.sql"
 
     # create the config file
-    echo '<?php' > $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_host = 'localhost';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_user = 'root';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_data = 'friendica';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$default_timezone = 'Europe/London';" >> $FRIENDICA_PATH/.htconfig.php
+    { echo '<?php';
+      echo "\$db_host = 'localhost';";
+      echo "\$db_user = 'root';";
+      echo "\$db_pass = '${MARIADB_PASSWORD}';";
+      echo "\$db_data = 'friendica';";
+      echo "\$default_timezone = 'Europe/London';"; } > "$FRIENDICA_PATH/.htconfig.php"
     if [[ $ONION_ONLY == 'no' ]]; then
-        echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> $FRIENDICA_PATH/.htconfig.php
+        echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
     else
-        echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> $FRIENDICA_PATH/.htconfig.php
+        echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
     fi
-    echo "\$a->config['sitename'] = \"Friendica\";" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['register_policy'] = REGISTER_OPEN;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['register_text'] = '';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['no_regfullname'] = true;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['max_import_size'] = 200000;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['maximagesize'] = 800000;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['php_path'] = '/usr/bin/php';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['theme'] = 'vier';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['huburl'] = '[internal]';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['language'] = 'en';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['rino_encrypt'] = 2;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');" >> $FRIENDICA_PATH/.htconfig.php
-    chown www-data:www-data $FRIENDICA_PATH/.htconfig.php
-    chmod 755 $FRIENDICA_PATH/.htconfig.php
+    { echo "\$a->config['sitename'] = \"Friendica\";";
+      echo "\$a->config['register_policy'] = REGISTER_OPEN;";
+      echo "\$a->config['register_text'] = '';";
+      echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';";
+      echo "\$a->config['system']['no_regfullname'] = true;";
+      echo "\$a->config['max_import_size'] = 200000;";
+      echo "\$a->config['system']['maximagesize'] = 800000;";
+      echo "\$a->config['php_path'] = '/usr/bin/php';";
+      echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';";
+      echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';";
+      echo "\$a->config['system']['theme'] = 'vier';";
+      echo "\$a->config['system']['huburl'] = '[internal]';";
+      echo "\$a->config['system']['language'] = 'en';";
+      echo "\$a->config['system']['rino_encrypt'] = 2;";
+      echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');"; } >> "$FRIENDICA_PATH/.htconfig.php"
+    chown www-data:www-data "$FRIENDICA_PATH/.htconfig.php"
+    chmod 755 "$FRIENDICA_PATH/.htconfig.php"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
     systemctl restart cron
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no
 
     set_completion_param "friendica domain" "${FRIENDICA_DOMAIN_NAME}"
     APP_INSTALLED=1

src/freedombone-app-ghost

@@ -48,14 +48,14 @@ ghost_variables=(GHOST_DOMAIN_NAME
 
 function ghost_bust {
     # kill the started ghost process
-    kill_pid=$(ps aux | grep "ghost run" | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "ghost run" | head -n 1)
+    kill -9 "$kill_pid"
 
-    kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "ghost" | head -n 1)
+    kill -9 "$kill_pid"
 
-    kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "ghost" | head -n 1)
+    kill -9 "$kill_pid"
 }
 
 function logging_on_ghost {
@@ -77,9 +77,9 @@ function ghost_replace_jquery {
     sed -i "s|http://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
     sed -i "s|https://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
 
-    cd /var/www/${GHOST_DOMAIN_NAME}/htdocs/current
-    find ./ -type f -exec sed -i -e 's|https://code.jquery.com|$curr_domain|g' {} \;
-    find ./ -type f -exec sed -i -e 's|http://code.jquery.com|$curr_domain|g' {} \;
+    cd "/var/www/${GHOST_DOMAIN_NAME}/htdocs/current" || exit 3468368
+    find ./ -type f -exec sed -i -e "s|https://code.jquery.com|$curr_domain|g" {} \;
+    find ./ -type f -exec sed -i -e "s|http://code.jquery.com|$curr_domain|g" {} \;
 }
 
 function ghost_rss_button {
@@ -98,14 +98,14 @@ function ghost_remove_offsite_links {
     ghost_rss_button
 
     # remove google font links
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current
-    find ./ -type f -exec sed -i -e 's/fonts.googleapis.com/$curr_domain/g' {} \;
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 246872424
+    find ./ -type f -exec sed -i -e "s/fonts.googleapis.com/$curr_domain/g" {} \;
 
     # copy jquery locally
     previous_jquery_version='1.12.0'
     jquery_version='1.12.4'
     if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then
-        cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+        cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468746824
         wget https://code.jquery.com/jquery-${jquery_version}.js
         jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
         if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@@ -119,27 +119,27 @@ function ghost_remove_offsite_links {
 }
 
 function ghost_replace_proprietary_services {
-    replace_file=$1
+    replace_file="$1"
 
-    sed -i 's|Twitter Profile|GNU Social Profile|g' $replace_file
-    sed -i 's|Twitter profile|GNU Social Profile|g' $replace_file
-    sed -i 's|Twitter Username|GNU Social Username|g' $replace_file
-    sed -i 's|twitter.com|quitter.se|g' $replace_file
-    sed -i 's|Facebook Page|Hubzilla Channel|g' $replace_file
-    sed -i 's|Facebook Profile|Hubzilla Channel|g' $replace_file
-    sed -i 's|Facebook profile|Hubzilla Channel|g' $replace_file
-    sed -i 's|www.facebook.com/username|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/test|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' $replace_file
-    sed -i 's|Facebook Username|Hubzilla Channel|g' $replace_file
-    sed -i 's|www.facebook.com|hubzilladomain|g' $replace_file
-    sed -i 's|facebook value|hubzilla value|g' $replace_file
+    sed -i 's|Twitter Profile|GNU Social Profile|g' "$replace_file"
+    sed -i 's|Twitter profile|GNU Social Profile|g' "$replace_file"
+    sed -i 's|Twitter Username|GNU Social Username|g' "$replace_file"
+    sed -i 's|twitter.com|quitter.se|g' "$replace_file"
+    sed -i 's|Facebook Page|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|Facebook Profile|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|Facebook profile|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|www.facebook.com/username|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/test|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|Facebook Username|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|www.facebook.com|hubzilladomain|g' "$replace_file"
+    sed -i 's|facebook value|hubzilla value|g' "$replace_file"
 
-    sed -i '/<section class="share">/,/<\/section>/d' $replace_file
+    sed -i '/<section class="share">/,/<\/section>/d' "$replace_file"
 }
 
 function ghost_replace_services {
@@ -163,7 +163,7 @@ function add_user_ghost {
 }
 
 function install_interactive_ghost {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -178,13 +178,13 @@ function install_interactive_ghost {
 }
 
 function change_password_ghost {
-    GHOST_USERNAME="$1"
+    #GHOST_USERNAME="$1"
     GHOST_PASSWORD="$2"
     if [ ${#GHOST_PASSWORD} -lt 8 ]; then
         echo $'Ghost password is too short'
         return
     fi
-    #${PROJECT_NAME}-pass -u $GHOST_USERNAME -a ghost -p "$GHOST_PASSWORD"
+    #"${PROJECT_NAME}-pass" -u "$GHOST_USERNAME" -a ghost -p "$GHOST_PASSWORD"
 }
 
 function reconfigure_ghost {
@@ -206,7 +206,7 @@ function upgrade_ghost {
     systemctl stop ghost
     ghost_bust
 
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468463
 
     npm i -g ghost-cli
     /usr/local/bin/ghost update &
@@ -220,26 +220,26 @@ function upgrade_ghost {
     chown -R root:root /usr/local/lib
     chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
     systemctl restart ghost
-    sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE}
+    sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
 }
 
 function backup_local_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
-    suspend_site ${GHOST_DOMAIN_NAME}
+    suspend_site "${GHOST_DOMAIN_NAME}"
     systemctl stop ghost
 
     ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
-    if [ -d $ghost_path ]; then
-        backup_directory_to_usb $ghost_path ghostcontent
+    if [ -d "$ghost_path" ]; then
+        backup_directory_to_usb "$ghost_path" ghostcontent
     fi
 
     ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
-    if [ -d $ghost_path ]; then
-        backup_directory_to_usb $ghost_path ghostcurrent
+    if [ -d "$ghost_path" ]; then
+        backup_directory_to_usb "$ghost_path" ghostcurrent
     fi
 
     systemctl start ghost
@@ -248,26 +248,26 @@ function backup_local_ghost {
 
 function restore_local_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
-    if [ $GHOST_DOMAIN_NAME ]; then
-        suspend_site ${GHOST_DOMAIN_NAME}
+    if [ "$GHOST_DOMAIN_NAME" ]; then
+        suspend_site "${GHOST_DOMAIN_NAME}"
         systemctl stop ghost
 
         temp_restore_dir=/root/tempghostcontent
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir ghostcontent
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-                cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+            if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+                cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
             else
-                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-                    mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+                if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+                    mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
                 fi
-                cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+                cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
             fi
-            chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+            chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
             rm -rf $temp_restore_dir
         fi
 
@@ -275,15 +275,15 @@ function restore_local_ghost {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir ghostcurrent
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-                cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+                cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
             else
-                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-                    mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+                if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+                    mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
                 fi
-                cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+                cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
             fi
-            chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
             rm -rf $temp_restore_dir
         fi
 
@@ -294,15 +294,15 @@ function restore_local_ghost {
 
 function backup_remote_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
-    suspend_site ${GHOST_DOMAIN_NAME}
+    suspend_site "${GHOST_DOMAIN_NAME}"
 
     temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
-    if [ -d $temp_backup_dir ]; then
-        backup_directory_to_friend $temp_backup_dir ghostcontent
+    if [ -d "$temp_backup_dir" ]; then
+        backup_directory_to_friend "$temp_backup_dir" ghostcontent
     else
         restart_site
         echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
@@ -310,8 +310,8 @@ function backup_remote_ghost {
     fi
 
     temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
-    if [ -d $temp_backup_dir ]; then
-        backup_directory_to_friend $temp_backup_dir ghostcurrent
+    if [ -d "$temp_backup_dir" ]; then
+        backup_directory_to_friend "$temp_backup_dir" ghostcurrent
     else
         restart_site
         echo $"Ghost domain specified but not found in $temp_backup_dir"
@@ -323,10 +323,10 @@ function backup_remote_ghost {
 
 function restore_remote_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
-    suspend_site ${GHOST_DOMAIN_NAME}
+    suspend_site "${GHOST_DOMAIN_NAME}"
 
     systemctl stop ghost
 
@@ -334,15 +334,15 @@ function restore_remote_ghost {
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir ghostcontent
     if [ -d $temp_restore_dir ]; then
-        if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-            cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+        if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+            cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
         else
-            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-                mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+            if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+                mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
             fi
-            cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+            cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
         fi
-        chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
+        chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
         rm -rf $temp_restore_dir
     fi
 
@@ -350,15 +350,15 @@ function restore_remote_ghost {
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir ghostcurrent
     if [ -d $temp_restore_dir ]; then
-        if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-            cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+        if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+            cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
         else
-            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-                mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+                mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
             fi
-            cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
         fi
-        chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
+        chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
         rm -rf $temp_restore_dir
     fi
 
@@ -382,27 +382,27 @@ function remove_ghost {
     remove_nodejs ghost
 
     read_config_param "GHOST_DOMAIN_NAME"
-    nginx_dissite $GHOST_DOMAIN_NAME
-    remove_certs ${GHOST_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME
+    nginx_dissite "$GHOST_DOMAIN_NAME"
+    remove_certs "${GHOST_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$GHOST_DOMAIN_NAME ]; then
-        rm -rf /var/www/$GHOST_DOMAIN_NAME
+    if [ -d "/var/www/$GHOST_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$GHOST_DOMAIN_NAME"
     fi
     remove_config_param GHOST_DOMAIN_NAME
     remove_config_param GHOST_CODE
     function_check remove_onion_service
     remove_onion_service ghost ${GHOST_ONION_PORT}
     remove_completion_param "install_ghost"
-    sed -i '/Ghost/d' $COMPLETION_FILE
-    sed -i '/ghost/d' $COMPLETION_FILE
+    sed -i '/Ghost/d' "$COMPLETION_FILE"
+    sed -i '/ghost/d' "$COMPLETION_FILE"
 
     groupdel -f ghost
     userdel -r ghost
 
     function_check remove_ddns_domain
-    remove_ddns_domain $GHOST_DOMAIN_NAME
+    remove_ddns_domain "$GHOST_DOMAIN_NAME"
 }
 
 function install_ghost {
@@ -412,7 +412,7 @@ function install_ghost {
         ONION_ONLY='no'
     fi
 
-    if [ ! $GHOST_DOMAIN_NAME ]; then
+    if [ ! "$GHOST_DOMAIN_NAME" ]; then
         echo $'The ghost domain name was not specified'
         exit 5062
     fi
@@ -420,10 +420,10 @@ function install_ghost {
     # for the avatar changing command
     apt-get -yq install unzip wget
 
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs"
     fi
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 26422842
 
     function_check install_nodejs
     install_nodejs ghost
@@ -440,66 +440,66 @@ function install_ghost {
     npm install -g yarn
     yarn install --no-emoji --no-progress
     yarn cache clean
-    adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost
-    rm -rf /var/www/$GHOST_DOMAIN_NAME/htdocs/*
+    adduser --system --home="/var/www/${GHOST_DOMAIN_NAME}/htdocs/" --group ghost
+    rm -rf "/var/www/$GHOST_DOMAIN_NAME/htdocs/*"
     printf 'y' | ghost install ${GHOST_VERSION} --user ghost --db=sqlite3 --port ${GHOST_PORT} --verbose
 
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/versions ]; then
+    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions" ]; then
         echo $'versions directory was not found'
         exit 782523462
     fi
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
+    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
         echo $'content directory was not found'
         exit 68352682
     fi
 
     npm install -g knex-migrator
-    if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js ]; then
+    if [ ! -f "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" ]; then
         echo $'MigratorConfig.js was not found'
         exit 62783538
     fi
-    cp /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js /var/www/$GHOST_DOMAIN_NAME/htdocs
-    chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current
+    cp "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" "/var/www/$GHOST_DOMAIN_NAME/htdocs"
+    chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 783452464
     knex-migrator init
 
     ghost_bust
 
-    echo '{' > /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+    echo '{' > "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
     if [[ "$ONION_ONLY" == 'no' ]]; then
         # NOTE: url must be http, not https
-        echo "  \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+        echo "  \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
     else
-        echo "  \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+        echo "  \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
     fi
-    echo '    "paths": {' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
-    echo "        \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"" >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
-    echo '    }' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
-    echo '}' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+    { echo '    "paths": {';
+      echo "        \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"";
+      echo '    }';
+      echo '}'; } >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
 
-    echo '[Unit]' > /etc/systemd/system/ghost.service
-    echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service
-    echo 'After=syslog.target' >> /etc/systemd/system/ghost.service
-    echo 'After=network.target' >> /etc/systemd/system/ghost.service
-    echo '' >> /etc/systemd/system/ghost.service
-    echo '[Service]' >> /etc/systemd/system/ghost.service
-    echo 'Type=simple' >> /etc/systemd/system/ghost.service
-    echo 'User=ghost' >> /etc/systemd/system/ghost.service
-    echo 'Group=ghost' >> /etc/systemd/system/ghost.service
-    echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs" >> /etc/systemd/system/ghost.service
-    echo "ExecStart=/usr/local/bin/ghost run -D" >> /etc/systemd/system/ghost.service
-    echo "ExecStop=/usr/local/bin/ghost stop" >> /etc/systemd/system/ghost.service
-    echo "ExecRestart=/usr/local/bin/ghost restart" >> /etc/systemd/system/ghost.service
-    echo 'Restart=always' >> /etc/systemd/system/ghost.service
-    echo 'RestartSec=60' >> /etc/systemd/system/ghost.service
-    echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}" >> /etc/systemd/system/ghost.service
-    echo '' >> /etc/systemd/system/ghost.service
-    echo '[Install]' >> /etc/systemd/system/ghost.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ghost.service
+    { echo '[Unit]';
+      echo 'Description=Ghost Blog';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=ghost';
+      echo 'Group=ghost';
+      echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs";
+      echo "ExecStart=/usr/local/bin/ghost run -D";
+      echo "ExecStop=/usr/local/bin/ghost stop";
+      echo "ExecRestart=/usr/local/bin/ghost restart";
+      echo 'Restart=always';
+      echo 'RestartSec=60';
+      echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ghost.service
 
     ghost_remove_offsite_links
 
-    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
+    chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
 
     systemctl enable ghost
     systemctl daemon-reload
@@ -507,94 +507,94 @@ function install_ghost {
 
     if [[ ${ONION_ONLY} == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect ${GHOST_DOMAIN_NAME}
-        echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    root /var/www/${GHOST_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    server_name ${GHOST_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_http_redirect "${GHOST_DOMAIN_NAME}"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root /var/www/${GHOST_DOMAIN_NAME}/htdocs;";
+          echo "    server_name ${GHOST_DOMAIN_NAME};";
+          echo '    access_log /dev/null;';
+          echo "    error_log /dev/null;";
+          echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
         function_check nginx_ssl
-        nginx_ssl ${GHOST_DOMAIN_NAME}
+        nginx_ssl "${GHOST_DOMAIN_NAME}"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
-        echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
+        { echo '    add_header Strict-Transport-Security max-age=0;';
+          echo '';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
         function_check nginx_limits
-        nginx_limits ${GHOST_DOMAIN_NAME} '10G'
-        echo "        proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
+        { echo "        proxy_pass http://localhost:${GHOST_PORT};";
+          echo '    }';
+          echo '';
+          echo '    fastcgi_buffers 64 4K;';
+          echo '';
+          echo '    error_page 403 /core/templates/403.php;';
+          echo '    error_page 404 /core/templates/404.php;';
+          echo '';
+          echo '    location = /robots.txt {';
+          echo '        allow all;';
+          echo '        log_not_found off;';
+          echo '        access_log /dev/null;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     else
-        echo -n '' > /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        echo -n '' > "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    listen 127.0.0.1:${GHOST_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    root /var/www/$GHOST_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    server_name $GHOST_ONION_HOSTNAME;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${GHOST_ONION_PORT} default_server;";
+      echo "    root /var/www/$GHOST_DOMAIN_NAME/htdocs;";
+      echo "    server_name $GHOST_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
+    { echo '    add_header Strict-Transport-Security max-age=0;';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     function_check nginx_limits
-    nginx_limits ${GHOST_DOMAIN_NAME} '10G'
-    echo "        proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
+    { echo "        proxy_pass http://localhost:${GHOST_PORT};";
+      echo '    }';
+      echo '';
+      echo '    fastcgi_buffers 64 4K;';
+      echo '';
+      echo '    error_page 403 /core/templates/403.php;';
+      echo '    error_page 404 /core/templates/404.php;';
+      echo '';
+      echo '    location = /robots.txt {';
+      echo '        allow all;';
+      echo '        log_not_found off;';
+      echo '        access_log /dev/null;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
 
     function_check create_site_certificate
-    create_site_certificate $GHOST_DOMAIN_NAME 'yes'
+    create_site_certificate "$GHOST_DOMAIN_NAME" 'yes'
 
     ghost_replace_services
 
     function_check nginx_ensite
-    nginx_ensite $GHOST_DOMAIN_NAME
+    nginx_ensite "$GHOST_DOMAIN_NAME"
 
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a ghost -p "$GHOST_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a ghost -p "$GHOST_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $GHOST_DOMAIN_NAME
+    add_ddns_domain "$GHOST_DOMAIN_NAME"
 
     chown root:root /usr/local/bin/ghost
     chown -R root:root /usr/local/lib
-    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
+    chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
     set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
-    if ! grep -q "ghost version:" ${COMPLETION_FILE}; then
-        echo "ghost version:${GHOST_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "ghost version:" "${COMPLETION_FILE}"; then
+        echo "ghost version:${GHOST_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
     fi
 
     APP_INSTALLED=1

src/freedombone-app-gogs

@@ -127,14 +127,14 @@ function gogs_parameters {
 }
 
 function gogs_create_database {
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+        GIT_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! ${GIT_ADMIN_PASSWORD} ]; then
-            GIT_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "${GIT_ADMIN_PASSWORD}" ]; then
+            GIT_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $GIT_ADMIN_PASSWORD ]; then
+    if [ ! "$GIT_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -147,7 +147,7 @@ function reconfigure_gogs {
 }
 
 function upgrade_gogs {
-    if ! grep -q 'gogs version:' $COMPLETION_FILE; then
+    if ! grep -q 'gogs version:' "$COMPLETION_FILE"; then
         return
     fi
 
@@ -160,24 +160,24 @@ function upgrade_gogs {
 
     GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
     GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini
-    cp $GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini
+    cp "$GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini"
 
-    if [ -d $INSTALL_DIR/gogs-repositories ]; then
-        rm -rf $INSTALL_DIR/gogs-repositories
+    if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
+        rm -rf "$INSTALL_DIR/gogs-repositories"
     fi
     if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
-        mv /home/${GOGS_USERNAME}/gogs-repositories $INSTALL_DIR
+        mv "/home/${GOGS_USERNAME}/gogs-repositories" "$INSTALL_DIR"
     fi
 
     gogs_parameters
     echo "gogs binary upgrade: ${GOGS_BIN}"
 
-    if [ ! -d ${INSTALL_DIR} ]; then
-        mkdir -p ${INSTALL_DIR}
+    if [ ! -d "${INSTALL_DIR}" ]; then
+        mkdir -p "${INSTALL_DIR}"
     fi
-    cd ${INSTALL_DIR}
-    if [ -d ${INSTALL_DIR}/gogs ]; then
-        rm -rf ${INSTALL_DIR}/gogs
+    cd "${INSTALL_DIR}" || exit 26784427
+    if [ -d "${INSTALL_DIR}/gogs" ]; then
+        rm -rf "${INSTALL_DIR}/gogs"
     fi
     GOGS_FILE=linux_${CURR_ARCH}.tar.gz
     if [ ! -f ${GOGS_FILE} ]; then
@@ -196,13 +196,13 @@ function upgrade_gogs {
             unzip -o ${GOGS_FILE}
         fi
     else
-        tar -xzf ${INSTALL_DIR}/${GOGS_FILE}
+        tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
     fi
-    if [ ! -d ${INSTALL_DIR}/gogs ]; then
+    if [ ! -d "${INSTALL_DIR}/gogs" ]; then
         exit 37823
     fi
-    rm -rf /home/${GOGS_USERNAME}/*
-    cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME}
+    rm -rf "/home/${GOGS_USERNAME:?}/"*
+    cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
     if [ -f ${GOGS_FILE} ]; then
         rm ${GOGS_FILE}
     fi
@@ -211,31 +211,31 @@ function upgrade_gogs {
         mkdir -p ${GOGS_CONFIG_PATH}
     fi
 
-    cp $INSTALL_DIR/gogs_config.ini $GOGS_CONFIG_FILE
+    cp "$INSTALL_DIR/gogs_config.ini" "$GOGS_CONFIG_FILE"
     if [ ! -f $GOGS_CONFIG_FILE ]; then
         echo $'Gogs ini file not upgraded'
         exit 873535
     fi
-    rm $INSTALL_DIR/gogs_config.ini
+    rm "$INSTALL_DIR/gogs_config.ini"
     if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
         rm -rf /home/${GOGS_USERNAME}/gogs-repositories
     fi
-    if [ -d $INSTALL_DIR/gogs-repositories ]; then
-        mv $INSTALL_DIR/gogs-repositories /home/${GOGS_USERNAME}/gogs-repositories
+    if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
+        mv "$INSTALL_DIR/gogs-repositories" "/home/${GOGS_USERNAME}/gogs-repositories"
     fi
-    chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
+    chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
 
-    sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" "${COMPLETION_FILE}"
     systemctl restart mariadb
     systemctl restart gogs
 }
 
 function backup_local_gogs {
-    if ! grep -q "gogs domain" ${COMPLETION_FILE}; then
+    if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
         return
     fi
 
-    if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
+    if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
         return
     fi
 
@@ -245,15 +245,15 @@ function backup_local_gogs {
     backup_database_to_usb gogs
 
     function_check backup_directory_to_usb
-    backup_directory_to_usb /home/${GOGS_USERNAME}/custom gogs
-    backup_directory_to_usb /home/${GOGS_USERNAME}/gogs-repositories gogsrepos
-    backup_directory_to_usb /home/${GOGS_USERNAME}/.ssh gogsssh
+    backup_directory_to_usb "/home/${GOGS_USERNAME}/custom" gogs
+    backup_directory_to_usb "/home/${GOGS_USERNAME}/gogs-repositories" gogsrepos
+    backup_directory_to_usb "/home/${GOGS_USERNAME}/.ssh" gogsssh
 
     echo $"Gogs backup complete"
 }
 
 function restore_local_gogs {
-    if ! grep -q "gogs domain" ${COMPLETION_FILE}; then
+    if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
         return
     fi
 
@@ -261,22 +261,23 @@ function restore_local_gogs {
         function_check gogs_create_database
         gogs_create_database
 
-        GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
-        GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
+        GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
+        GOGS_CONFIG_FILE="${GOGS_CONFIG_PATH}/app.ini"
 
         function_check restore_database
-        restore_database gogs ${GIT_DOMAIN_NAME}
+        restore_database gogs "${GIT_DOMAIN_NAME}"
         temp_restore_dir=/root/tempgogs
-        if [ -d ${USB_MOUNT}/backup/gogs ]; then
+        if [ -d "${USB_MOUNT}/backup/gogs" ]; then
             echo $"Restoring Gogs settings"
             if [ ! -d $GOGS_CONFIG_PATH ]; then
                 mkdir -p $GOGS_CONFIG_PATH
             fi
-            if [ -d /root/tempgogs/home/${GOGS_USERNAME}/custom ]; then
-                cp -r /root/tempgogs/home/${GOGS_USERNAME}/custom/* /home/${GOGS_USERNAME}/custom/
+            if [ -d "/root/tempgogs/home/${GOGS_USERNAME}/custom" ]; then
+                cp -r "/root/tempgogs/home/${GOGS_USERNAME}/custom/*" "/home/${GOGS_USERNAME}/custom/"
             else
-                cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
+                cp -r "/root/tempgogs/*" "/home/${GOGS_USERNAME}/custom/"
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -286,15 +287,16 @@ function restore_local_gogs {
             fi
             echo $"Restoring Gogs repos"
             function_check restore_directory_from_usb
-            restore_directory_from_usb ${temp_restore_dir}repos gogsrepos
-            if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
-                mkdir /home/${GOGS_USERNAME}/gogs-repositories
+            restore_directory_from_usb "${temp_restore_dir}repos" gogsrepos
+            if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
+                mkdir "/home/${GOGS_USERNAME}/gogs-repositories"
             fi
-            if [ -d ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories ]; then
-                cp -r ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/* /home/${GOGS_USERNAME}/gogs-repositories/
+            if [ -d "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories" ]; then
+                cp -r "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
             else
-                cp -r ${temp_restore_dir}repos/* /home/${GOGS_USERNAME}/gogs-repositories/
+                cp -r "${temp_restore_dir}repos/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -313,6 +315,7 @@ function restore_local_gogs {
             else
                 cp -r ${temp_restore_dir}/* /home/${GOGS_USERNAME}/.ssh/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -326,7 +329,7 @@ function restore_local_gogs {
             chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
         MARIADB_PASSWORD=
         systemctl restart gogs
@@ -363,7 +366,7 @@ function backup_remote_gogs {
 }
 
 function restore_remote_gogs {
-    if grep -q "gogs domain" $COMPLETION_FILE; then
+    if grep -q "gogs domain" "$COMPLETION_FILE"; then
         GIT_DOMAIN_NAME=$(get_completion_param "gogs domain")
 
         function_check gogs_create_database
@@ -373,8 +376,8 @@ function restore_remote_gogs {
         GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
 
         function_check restore_database_from_friend
-        restore_database_from_friend gogs ${GIT_DOMAIN_NAME}
-        if [ -d ${SERVER_DIRECTORY}/backup/gogs ]; then
+        restore_database_from_friend gogs "${GIT_DOMAIN_NAME}"
+        if [ -d "${SERVER_DIRECTORY}/backup/gogs" ]; then
             if [ ! -d $GOGS_CONFIG_PATH ]; then
                 mkdir -p $GOGS_CONFIG_PATH
             fi
@@ -383,6 +386,7 @@ function restore_remote_gogs {
             else
                 cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 58852
             fi
@@ -396,6 +400,7 @@ function restore_remote_gogs {
             else
                 cp -r /root/tempgogsrepos/* /home/${GOGS_USERNAME}/gogs-repositories/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 7649
             fi
@@ -409,6 +414,7 @@ function restore_remote_gogs {
             else
                 cp -r /root/tempgogsssh/* /home/${GOGS_USERNAME}/.ssh/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 74239
             fi
@@ -419,7 +425,7 @@ function restore_remote_gogs {
             echo $"Restore of Gogs complete"
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
         MARIADB_PASSWORD=
         systemctl restart gogs
@@ -433,33 +439,33 @@ function remove_gogs {
     systemctl stop gogs
     systemctl disable gogs
 
-    nginx_dissite ${GIT_DOMAIN_NAME}
-    remove_certs ${GIT_DOMAIN_NAME}
-    if [ -d /var/www/${GIT_DOMAIN_NAME} ]; then
-        rm -rf /var/www/${GIT_DOMAIN_NAME}
+    nginx_dissite "${GIT_DOMAIN_NAME}"
+    remove_certs "${GIT_DOMAIN_NAME}"
+    if [ -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
+        rm -rf "/var/www/${GIT_DOMAIN_NAME}"
     fi
-    if [ -f /etc/nginx/sites-available/${GIT_DOMAIN_NAME} ]; then
-        rm /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    if [ -f "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}" ]; then
+        rm "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     fi
     function_check drop_database
     drop_database gogs
     rm /etc/systemd/system/gogs.service
     systemctl daemon-reload
-    rm -rf /home/${GOGS_USERNAME}/*
+    rm -rf "/home/${GOGS_USERNAME:?}/"*
     remove_onion_service gogs ${GIT_ONION_PORT} 9418
     remove_completion_param "install_gogs"
-    sed -i '/gogs /d' $COMPLETION_FILE
+    sed -i '/gogs /d' "$COMPLETION_FILE"
     remove_backup_database_local gogs
 
     groupdel -f gogs
     userdel -r gogs
 
     function_check remove_ddns_domain
-    remove_ddns_domain $GIT_DOMAIN_NAME
+    remove_ddns_domain "$GIT_DOMAIN_NAME"
 }
 
 function install_gogs {
-    if [ ! $GIT_DOMAIN_NAME ]; then
+    if [ ! "$GIT_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -474,14 +480,14 @@ function install_gogs {
 
     gogs_parameters
 
-    if [ ! -d ${INSTALL_DIR} ]; then
-        mkdir -p ${INSTALL_DIR}
+    if [ ! -d "${INSTALL_DIR}" ]; then
+        mkdir -p "${INSTALL_DIR}"
     fi
-    cd ${INSTALL_DIR}
-    if [ -d $INSTALL_DIR/gogs ]; then
-        rm -rf $INSTALL_DIR/gogs
+    cd "${INSTALL_DIR}" || exit 24682467284
+    if [ -d "$INSTALL_DIR/gogs" ]; then
+        rm -rf "$INSTALL_DIR/gogs"
     fi
-    GOGS_FILE=linux_${CURR_ARCH}.tar.gz
+    GOGS_FILE="linux_${CURR_ARCH}.tar.gz"
     if [ ! -f ${GOGS_FILE} ]; then
         wget ${GOGS_BIN}
     fi
@@ -496,13 +502,13 @@ function install_gogs {
             unzip -o ${GOGS_FILE}
         fi
     else
-        tar -xzf ${INSTALL_DIR}/${GOGS_FILE}
+        tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
     fi
-    if [ ! -d ${INSTALL_DIR}/gogs ]; then
+    if [ ! -d "${INSTALL_DIR}/gogs" ]; then
         exit 37823
     fi
-    rm -rf /home/${GOGS_USERNAME}/*
-    cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME}
+    rm -rf "/home/${GOGS_USERNAME:?}/"*
+    cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
     if [ -f ${GOGS_FILE} ]; then
         rm ${GOGS_FILE}
     fi
@@ -512,9 +518,10 @@ function install_gogs {
         exit 345562
     fi
 
-    echo "export GOROOT=/home/go" >> /home/${GOGS_USERNAME}/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> /home/${GOGS_USERNAME}/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> /home/${GOGS_USERNAME}/.bashrc
+    { echo "export GOROOT=/home/go";
+      # shellcheck disable=SC2153
+      echo "export GOPATH=\${GOROOT}/go${GO_VERSION}/bin";
+      echo "export PATH=\$PATH:\$GOPATH"; } >> "/home/${GOGS_USERNAME}/.bashrc"
     chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
 
     function_check install_mariadb
@@ -536,122 +543,122 @@ function install_gogs {
 
     chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
 
-    echo '[Unit]' > /etc/systemd/system/gogs.service
-    echo 'Description=Gogs (Go Git Service)' >> /etc/systemd/system/gogs.service
-    echo 'After=syslog.target' >> /etc/systemd/system/gogs.service
-    echo 'After=network.target' >> /etc/systemd/system/gogs.service
-    echo 'After=mysqld.service' >> /etc/systemd/system/gogs.service
-    echo '' >> /etc/systemd/system/gogs.service
-    echo '[Service]' >> /etc/systemd/system/gogs.service
-    echo '#LimitMEMLOCK=infinity' >> /etc/systemd/system/gogs.service
-    echo '#LimitNOFILE=65535' >> /etc/systemd/system/gogs.service
-    echo 'Type=simple' >> /etc/systemd/system/gogs.service
-    echo 'User=gogs' >> /etc/systemd/system/gogs.service
-    echo 'Group=gogs' >> /etc/systemd/system/gogs.service
-    echo "WorkingDirectory=/home/${GOGS_USERNAME}" >> /etc/systemd/system/gogs.service
-    echo "ExecStart=/home/${GOGS_USERNAME}/gogs web" >> /etc/systemd/system/gogs.service
-    echo 'Restart=always' >> /etc/systemd/system/gogs.service
-    echo 'RestartSec=10' >> /etc/systemd/system/gogs.service
-    echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"" >> /etc/systemd/system/gogs.service
-    echo '' >> /etc/systemd/system/gogs.service
-    echo '[Install]' >> /etc/systemd/system/gogs.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gogs.service
+    { echo '[Unit]';
+      echo 'Description=Gogs (Go Git Service)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=mysqld.service';
+      echo '';
+      echo '[Service]';
+      echo '#LimitMEMLOCK=infinity';
+      echo '#LimitNOFILE=65535';
+      echo 'Type=simple';
+      echo 'User=gogs';
+      echo 'Group=gogs';
+      echo "WorkingDirectory=/home/${GOGS_USERNAME}";
+      echo "ExecStart=/home/${GOGS_USERNAME}/gogs web";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/gogs.service
 
     systemctl enable gogs
     systemctl daemon-reload
     systemctl start gogs
 
-    if [ ! -d /var/www/${GIT_DOMAIN_NAME} ]; then
-        mkdir /var/www/${GIT_DOMAIN_NAME}
+    if [ ! -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
+        mkdir "/var/www/${GIT_DOMAIN_NAME}"
     fi
-    if [ -d /var/www/${GIT_DOMAIN_NAME}/htdocs ]; then
-        rm -rf /var/www/${GIT_DOMAIN_NAME}/htdocs
+    if [ -d "/var/www/${GIT_DOMAIN_NAME}/htdocs" ]; then
+        rm -rf "/var/www/${GIT_DOMAIN_NAME}/htdocs"
     fi
 
-    if [[ ${ONION_ONLY} == "no" ]]; then
+    if [[ "${ONION_ONLY}" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect ${GIT_DOMAIN_NAME}
-        echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    root /var/www/${GIT_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    server_name ${GIT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_http_redirect "${GIT_DOMAIN_NAME}"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root /var/www/${GIT_DOMAIN_NAME}/htdocs;";
+          echo "    server_name ${GIT_DOMAIN_NAME};";
+          echo '    access_log /dev/null;';
+          echo "    error_log /dev/null;";
+          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
         function_check nginx_ssl
-        nginx_ssl ${GIT_DOMAIN_NAME}
+        nginx_ssl "${GIT_DOMAIN_NAME}"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${GIT_DOMAIN_NAME}
-        echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
+        { echo '    add_header Strict-Transport-Security max-age=0;';
+          echo '';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
         function_check nginx_limits
-        nginx_limits ${GIT_DOMAIN_NAME} '10G'
-        echo '        proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_limits "${GIT_DOMAIN_NAME}" '10G'
+        { echo '        proxy_pass http://localhost:3000;';
+          echo '    }';
+          echo '';
+          echo '    fastcgi_buffers 64 4K;';
+          echo '';
+          echo '    error_page 403 /core/templates/403.php;';
+          echo '    error_page 404 /core/templates/404.php;';
+          echo '';
+          echo '    location = /robots.txt {';
+          echo '        allow all;';
+          echo '        log_not_found off;';
+          echo '        access_log /dev/null;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     else
-        echo -n '' > /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        echo -n '' > "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    listen 127.0.0.1:${GIT_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${GIT_ONION_PORT} default_server;";
+      echo "    root /var/www/$GIT_DOMAIN_NAME/htdocs;";
+      echo "    server_name $GIT_DOMAIN_NAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing ${GIT_DOMAIN_NAME}
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
+    { echo '    add_header Strict-Transport-Security max-age=0;';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     function_check nginx_limits
-    nginx_limits ${GIT_DOMAIN_NAME} '10G'
-    echo '        proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    nginx_limits "${GIT_DOMAIN_NAME}" '10G'
+    { echo '        proxy_pass http://localhost:3000;';
+      echo '    }';
+      echo '';
+      echo '    fastcgi_buffers 64 4K;';
+      echo '';
+      echo '    error_page 403 /core/templates/403.php;';
+      echo '    error_page 404 /core/templates/404.php;';
+      echo '';
+      echo '    location = /robots.txt {';
+      echo '        allow all;';
+      echo '        log_not_found off;';
+      echo '        access_log /dev/null;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate ${GIT_DOMAIN_NAME} 'yes'
+    create_site_certificate "${GIT_DOMAIN_NAME}" 'yes'
 
-    nginx_ensite ${GIT_DOMAIN_NAME}
+    nginx_ensite "${GIT_DOMAIN_NAME}"
 
     if [ ! -d /var/lib/tor ]; then
         echo $'No Tor installation found. Gogs onion site cannot be configured.'
         exit 877367
     fi
     if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
-        echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/' >> /etc/tor/torrc
-        echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
-        echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}" >> /etc/tor/torrc
-        echo "HiddenServicePort 9418 127.0.0.1:9418" >> /etc/tor/torrc
+        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
+          echo 'HiddenServiceVersion 3';
+          echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
+          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> /etc/tor/torrc
         echo $'Added onion site for Gogs'
     fi
 
@@ -670,34 +677,34 @@ function install_gogs {
     set_completion_param "gogs onion domain" "$GIT_ONION_HOSTNAME"
 
     function_check add_ddns_domain
-    add_ddns_domain ${GIT_DOMAIN_NAME}
+    add_ddns_domain "${GIT_DOMAIN_NAME}"
 
     # obtain the secret key
-    GOGS_SECRET_KEY="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a gogs -p "*"
+    GOGS_SECRET_KEY="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a gogs -p "*"
 
     # create the configuration
-    GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
+    GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
     if [ ! -d ${GOGS_CONFIG_PATH} ]; then
         mkdir -p ${GOGS_CONFIG_PATH}
     fi
     GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
-    echo "RUN_USER = $GOGS_USERNAME" > ${GOGS_CONFIG_FILE}
-    echo 'RUN_MODE = prod' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[database]' >> ${GOGS_CONFIG_FILE}
-    echo 'DB_TYPE = mysql' >> ${GOGS_CONFIG_FILE}
-    echo 'HOST = 127.0.0.1:3306' >> ${GOGS_CONFIG_FILE}
-    echo 'NAME = gogs' >> ${GOGS_CONFIG_FILE}
-    echo 'USER = root' >> ${GOGS_CONFIG_FILE}
-    echo "PASSWD = $MARIADB_PASSWORD" >> ${GOGS_CONFIG_FILE}
-    echo 'SSL_MODE = disable' >> ${GOGS_CONFIG_FILE}
-    echo 'PATH = data/gogs.db' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[repository]' >> ${GOGS_CONFIG_FILE}
-    echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories" >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[server]' >> ${GOGS_CONFIG_FILE}
+    { echo "RUN_USER = $GOGS_USERNAME";
+      echo 'RUN_MODE = prod';
+      echo '';
+      echo '[database]';
+      echo 'DB_TYPE = mysql';
+      echo 'HOST = 127.0.0.1:3306';
+      echo 'NAME = gogs';
+      echo 'USER = root';
+      echo "PASSWD = $MARIADB_PASSWORD";
+      echo 'SSL_MODE = disable';
+      echo 'PATH = data/gogs.db';
+      echo '';
+      echo '[repository]';
+      echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories";
+      echo '';
+      echo '[server]'; } >> ${GOGS_CONFIG_FILE}
     if [[ ${ONION_ONLY} == 'no' ]]; then
         echo "DOMAIN = ${GIT_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
         echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
@@ -705,51 +712,51 @@ function install_gogs {
         echo "DOMAIN = ${GIT_ONION_HOSTNAME}" >> ${GOGS_CONFIG_FILE}
         echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
     fi
-    echo 'HTTP_PORT = 3000' >> ${GOGS_CONFIG_FILE}
-    echo "SSH_PORT = $SSH_PORT" >> ${GOGS_CONFIG_FILE}
-    echo 'SSH_DOMAIN = %(DOMAIN)s' >> ${GOGS_CONFIG_FILE}
-    echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem" >> ${GOGS_CONFIG_FILE}
-    echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key" >> ${GOGS_CONFIG_FILE}
-    echo 'DISABLE_ROUTER_LOG = true' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[session]' >> ${GOGS_CONFIG_FILE}
-    echo 'PROVIDER = file' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[log]' >> ${GOGS_CONFIG_FILE}
-    echo 'MODE = file' >> ${GOGS_CONFIG_FILE}
-    echo 'LEVEL = Info' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[security]' >> ${GOGS_CONFIG_FILE}
-    echo 'INSTALL_LOCK = true' >> ${GOGS_CONFIG_FILE}
-    echo "SECRET_KEY = $GOGS_SECRET_KEY" >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[service]' >> ${GOGS_CONFIG_FILE}
-    echo 'DISABLE_REGISTRATION = false' >> ${GOGS_CONFIG_FILE}
-    echo 'SHOW_REGISTRATION_BUTTON = true' >> ${GOGS_CONFIG_FILE}
-    echo 'REQUIRE_SIGNIN_VIEW = false' >> ${GOGS_CONFIG_FILE}
-    echo 'ENABLE_CAPTCHA = false' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[other]' >> ${GOGS_CONFIG_FILE}
-    echo 'SHOW_FOOTER_BRANDING = false' >> ${GOGS_CONFIG_FILE}
-    echo 'SHOW_FOOTER_VERSION = false' >> ${GOGS_CONFIG_FILE}
+    { echo 'HTTP_PORT = 3000';
+      echo "SSH_PORT = $SSH_PORT";
+      echo 'SSH_DOMAIN = %(DOMAIN)s';
+      echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem";
+      echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key";
+      echo 'DISABLE_ROUTER_LOG = true';
+      echo '';
+      echo '[session]';
+      echo 'PROVIDER = file';
+      echo '';
+      echo '[log]';
+      echo 'MODE = file';
+      echo 'LEVEL = Info';
+      echo '';
+      echo '[security]';
+      echo 'INSTALL_LOCK = true';
+      echo "SECRET_KEY = $GOGS_SECRET_KEY";
+      echo '';
+      echo '[service]';
+      echo 'DISABLE_REGISTRATION = false';
+      echo 'SHOW_REGISTRATION_BUTTON = true';
+      echo 'REQUIRE_SIGNIN_VIEW = false';
+      echo 'ENABLE_CAPTCHA = false';
+      echo '';
+      echo '[other]';
+      echo 'SHOW_FOOTER_BRANDING = false';
+      echo 'SHOW_FOOTER_VERSION = false'; } >> ${GOGS_CONFIG_FILE}
 
     chmod 750 ${GOGS_CONFIG_FILE}
-    chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
+    chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
 
     systemctl restart gogs
 
-    if ! grep -q "gogs domain:" ${COMPLETION_FILE}; then
-        echo "gogs domain:${GIT_DOMAIN_NAME}" >> ${COMPLETION_FILE}
+    if ! grep -q "gogs domain:" "${COMPLETION_FILE}"; then
+        echo "gogs domain:${GIT_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" ${COMPLETION_FILE}
+        sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
     fi
 
     function_check configure_firewall_for_git
     configure_firewall_for_git
-    if ! grep -q "gogs version:" ${COMPLETION_FILE}; then
-        echo "gogs version:${GOGS_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "gogs version:" "${COMPLETION_FILE}"; then
+        echo "gogs version:${GOGS_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" "${COMPLETION_FILE}"
     fi
     APP_INSTALLED=1
 }

src/freedombone-app-htmly

@@ -69,18 +69,18 @@ function set_avatar_from_url {
     fi
 
     # download the image
-    cd $BASE_DIR/customimages
+    cd "$BASE_DIR/customimages" || exit 2468246
     # convert to png
-    wget $AVATAR -O avatar
-    if [[ $AVATAR == *".gif" ]]; then
+    wget "$AVATAR" -O avatar
+    if [[ "$AVATAR" == *".gif" ]]; then
         mv avatar avatar.gif
         mogrify -format png avatar.gif
     fi
-    if [[ $AVATAR == *".jpg" ]]; then
+    if [[ "$AVATAR" == *".jpg" ]]; then
         mv avatar avatar.jpg
         mogrify -format png avatar.jpg
     fi
-    if [[ $AVATAR == *".jpeg" ]]; then
+    if [[ "$AVATAR" == *".jpeg" ]]; then
         mv avatar avatar.jpeg
         mogrify -format png avatar.jpeg
     fi
@@ -101,10 +101,10 @@ function set_avatar_from_url {
 function remove_user_htmly {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp htmly
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp htmly
 
-    if [ -f /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini ]; then
-        rm /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini
+    if [ -f "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini" ]; then
+        rm "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini"
     fi
 }
 
@@ -117,39 +117,38 @@ function add_user_htmly {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a htmly -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a htmly -p "$new_user_password"
 
     if [ ! -d /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users ]; then
         echo '2'
         return
     fi
-    NEW_USER_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$new_user_password")
+    NEW_USER_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$new_user_password")
     if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then
         echo '3'
         return
     fi
-    echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
+    { echo ';Password';
+      echo "password = $NEW_USER_PASSWORD_HASH";
+      echo 'encryption = password_hash';
+      echo ';Role';
+      echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini"
     echo '0'
 }
 
 function configure_interactive_htmly {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change htmly avatar" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data
+           --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>"$data"
     sel=$?
     case $sel in
         0)
-            IMAGE_URL=$(<$data)
+            IMAGE_URL=$(<"$data")
             if [ ${#IMAGE_URL} -gt 5 ]; then
                 clear
                 AVATAR_SET=
-                set_avatar_from_url $IMAGE_URL
+                set_avatar_from_url "$IMAGE_URL"
                 if [ $AVATAR_SET ]; then
                     dialog --title $"Change htmly avatar" \
                            --msgbox $"Your htmly avatar has been changed" 6 40
@@ -157,10 +156,11 @@ function configure_interactive_htmly {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function install_interactive_htmly {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -186,13 +186,13 @@ function change_password_htmly {
         echo $'Htmly password is too short'
         return
     fi
-    ${PROJECT_NAME}-pass -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD"
-    HTMLY_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_PASSWORD")
+    "${PROJECT_NAME}-pass" -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD"
+    HTMLY_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_PASSWORD")
     if [ ${#HTMLY_PASSWORD_HASH} -lt 8 ]; then
         echo $'Htmly admin password could not be hashed'
         exit 625728
     fi
-    sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini
+    sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini"
 }
 
 function reconfigure_htmly {
@@ -208,23 +208,23 @@ function upgrade_htmly {
     read_config_param "HTMLY_DOMAIN_NAME"
 
     function_check set_repo_commit
-    set_repo_commit /var/www/$HTMLY_DOMAIN_NAME/htdocs "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
+    set_repo_commit "/var/www/$HTMLY_DOMAIN_NAME/htdocs" "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
 }
 
 function backup_local_htmly {
     HTMLY_DOMAIN_NAME='htmly.local'
-    if grep -q "htmly domain" $COMPLETION_FILE; then
+    if grep -q "htmly domain" "$COMPLETION_FILE"; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
     fi
 
-    source_directory=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
         dest_directory=htmly
         function_check suspend_site
-        suspend_site ${HTMLY_DOMAIN_NAME}
+        suspend_site "${HTMLY_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check restart_site
         restart_site
@@ -233,73 +233,74 @@ function backup_local_htmly {
 
 function restore_local_htmly {
     HTMLY_DOMAIN_NAME='htmly.local'
-    if grep -q "htmly domain" $COMPLETION_FILE; then
+    if grep -q "htmly domain" "$COMPLETION_FILE"; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
     fi
-    if [ $HTMLY_DOMAIN_NAME ]; then
+    if [ "$HTMLY_DOMAIN_NAME" ]; then
         temp_restore_dir=/root/temphtmly
-        if [ -d $USB_MOUNT/backup/htmly ]; then
+        if [ -d "$USB_MOUNT/backup/htmly" ]; then
             restore_directory_from_usb $temp_restore_dir htmly
         else
             restore_directory_from_usb $temp_restore_dir blog
         fi
-        if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous
+        if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
             fi
-            mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous
+            mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
         fi
-        if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
+        if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
             temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
-            cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/
+            cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
         else
-            if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-                mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+                mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
-            cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/
+            cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
             set_user_permissions
             backup_unmount_drive
             exit 54675
         fi
         rm -rf ${temp_restore_dir}
-        if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
+        if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
             echo $"No content directory found after restoring htmly"
             set_user_permissions
             backup_unmount_drive
             exit 34578
         fi
-        chown -R www-data:www-data /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+        chown -R www-data:www-data "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
         # Ensure that the bundled SSL cert is being used
-        if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
-            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
+        if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
+            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
         fi
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
-                    mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
+                if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
+                    mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
                 fi
             fi
         done
-        if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
+        if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
         fi
     fi
 }
 
 function backup_remote_htmly {
-    if grep -q "htmly domain" $COMPLETION_FILE; then
+    if grep -q "htmly domain" "$COMPLETION_FILE"; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
         temp_backup_dir=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             echo $"Backing up htmly"
-            backup_directory_to_friend $temp_backup_dir htmly
+            backup_directory_to_friend "$temp_backup_dir" htmly
             echo $"Backup of htmly complete"
         else
             echo $"Htmly domain specified but not found in $temp_backup_dir"
@@ -309,56 +310,57 @@ function backup_remote_htmly {
 }
 
 function restore_remote_htmly {
-    if [ -d $SERVER_DIRECTORY/backup/htmly ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/htmly" ]; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
         echo $"Restoring htmly installation $HTMLY_DOMAIN_NAME"
         temp_restore_dir=/root/temphtmly
         mkdir $temp_restore_dir
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir htmly
-        if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous
+        if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
             fi
-            mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous
+            mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
         fi
 
-        if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
+        if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
             temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
-            cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/
+            cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
         else
-            if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-                mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+                mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
-            cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/
+            cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
             exit 593
         fi
         rm -rf ${temp_restore_dir}
-        if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
+        if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
             echo $"No content directory found after restoring htmly"
             exit 287
         fi
         # Ensure that the bundled SSL cert is being used
-        if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
-            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
+        if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
+            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
         fi
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
-                    mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
+                if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
+                    mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
                 fi
             fi
         done
-        if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
+        if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
         fi
         echo $"Restore of htmly complete"
     fi
@@ -370,258 +372,264 @@ function remove_htmly {
     fi
 
     read_config_param "HTMLY_DOMAIN_NAME"
-    nginx_dissite $HTMLY_DOMAIN_NAME
-    remove_certs ${HTMLY_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_dissite "$HTMLY_DOMAIN_NAME"
+    remove_certs "${HTMLY_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$HTMLY_DOMAIN_NAME ]; then
-        rm -rf /var/www/$HTMLY_DOMAIN_NAME
+    if [ -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$HTMLY_DOMAIN_NAME"
     fi
     remove_config_param HTMLY_DOMAIN_NAME
     remove_config_param HTMLY_CODE
     function_check remove_onion_service
     remove_onion_service htmly ${HTMLY_ONION_PORT}
     remove_completion_param "install_htmly"
-    sed -i '/Htmly/d' $COMPLETION_FILE
-    sed -i '/htmly/d' $COMPLETION_FILE
+    sed -i '/Htmly/d' "$COMPLETION_FILE"
+    sed -i '/htmly/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $HTMLY_DOMAIN_NAME
+    remove_ddns_domain "$HTMLY_DOMAIN_NAME"
 }
 
 function install_htmly_social_networks {
     # set social networks
-    if grep -q "social.hubzilla" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
-        sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-        sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    if grep -q "social.hubzilla" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
+        sed -i "s|;social.hubzilla|social.hubzilla|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+        sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
     fi
-    if grep -q "social.gnusocial" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
-        sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-        sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    if grep -q "social.gnusocial" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
+        sed -i "s|;social.gnusocial|social.gnusocial|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+        sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
     fi
 
     # clear proprietary social network strings
-    sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|social.google.*|social.google = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    sed -i 's|social.facebook.*|social.facebook = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i 's|social.twitter.*|social.twitter = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i 's|social.google.*|social.google = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
 }
 
 function install_htmly_user {
     # create a user password
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        HTMLY_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        HTMLY_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        HTMLY_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        HTMLY_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
 
     # create a user
-    HTMLY_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_ADMIN_PASSWORD")
+    HTMLY_ADMIN_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_ADMIN_PASSWORD")
     if [ ${#HTMLY_ADMIN_PASSWORD_HASH} -lt 8 ]; then
         echo $'Htmly admin password could not be hashed'
         exit 625728
     fi
-    echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo "password = $HTMLY_ADMIN_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+    { echo ';Password';
+      echo "password = $HTMLY_ADMIN_PASSWORD_HASH";
+      echo 'encryption = password_hash';
+      echo ';Role';
+      echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini"
 }
 
 function install_htmly_settings {
-    cp /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|site.url.*|site.url = '/'|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|Your name|$MY_NAME|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    cp "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|site.url.*|site.url = '/'|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i 's|timezone.*|timezone = "Europe/London"|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|Your name|$MY_NAME|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
 }
 
 function install_htmly_website {
     function_check nginx_http_redirect
-    nginx_http_redirect $HTMLY_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_http_redirect "$HTMLY_DOMAIN_NAME"
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;";
+      echo "    server_name $HTMLY_DOMAIN_NAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.php;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_ssl
-    nginx_ssl $HTMLY_DOMAIN_NAME
+    nginx_ssl "$HTMLY_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $HTMLY_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $HTMLY_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_limits "$HTMLY_DOMAIN_NAME"
+    { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+      echo '    }';
+      echo '';
+      echo '    # statically serve these file types when possible';
+      echo '    # otherwise fall back to front controller';
+      echo '    # allow browser to cache them';
+      echo '    # added .htm for advanced source code editor library';
+      echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+      echo '        expires 30d;';
+      echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+      echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {';
+      echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.php;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.php;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
 }
 
 function install_htmly_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;";
+      echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;"; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
+
+    if [[ "$ONION_ONLY" != 'yes' ]]; then
+        echo "    server_name $HTMLY_DOMAIN_NAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
+    else
+        echo "    server_name $HTMLY_ONION_HOSTNAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
+    fi
+
+    { echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.php;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $HTMLY_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $HTMLY_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_limits "$HTMLY_DOMAIN_NAME"
+    { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+      echo '    }';
+      echo '';
+      echo '    # statically serve these file types when possible';
+      echo '    # otherwise fall back to front controller';
+      echo '    # allow browser to cache them';
+      echo '    # added .htm for advanced source code editor library';
+      echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+      echo '        expires 30d;';
+      echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+      echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $HTMLY_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_limits "$HTMLY_DOMAIN_NAME"
+    { echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.php;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.php;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
 }
 
 function install_htmly_from_repo {
-    if [ ! -d /var/www/$HTMLY_DOMAIN_NAME ]; then
-        mkdir /var/www/$HTMLY_DOMAIN_NAME
+    if [ ! -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$HTMLY_DOMAIN_NAME"
     fi
 
-    cd /var/www/$HTMLY_DOMAIN_NAME
+    cd "/var/www/$HTMLY_DOMAIN_NAME" || exit 34684682
 
     if [ -d /repos/htmly ]; then
         mkdir htdocs
         cp -r -p /repos/htmly/. htdocs
-        cd htdocs
+        cd htdocs || exit 3468735
         git pull
     else
         git_clone $HTMLY_REPO htdocs
     fi
 
-    cd htdocs
+    cd htdocs || exit 3479835
     git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT
     set_completion_param "htmly commit" "$HTMLY_COMMIT"
 }
 
 function install_htmly {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [ ! $HTMLY_DOMAIN_NAME ]; then
+    if [ ! "$HTMLY_DOMAIN_NAME" ]; then
         echo $'The htmly domain name was not specified'
         exit 5062
     fi
@@ -636,13 +644,14 @@ function install_htmly {
         function_check install_htmly_website
         install_htmly_website
     else
-        echo -n '' > /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     fi
+    HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
     function_check install_htmly_website_onion
     install_htmly_website_onion
 
     function_check create_site_certificate
-    create_site_certificate $HTMLY_DOMAIN_NAME 'yes'
+    create_site_certificate "$HTMLY_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
@@ -656,20 +665,18 @@ function install_htmly {
     function_check install_htmly_user
     install_htmly_user
 
-    chown -R www-data:www-data /var/www/$HTMLY_DOMAIN_NAME/htdocs
-
-    HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
+    chown -R www-data:www-data "/var/www/$HTMLY_DOMAIN_NAME/htdocs"
 
     function_check nginx_ensite
-    nginx_ensite $HTMLY_DOMAIN_NAME
+    nginx_ensite "$HTMLY_DOMAIN_NAME"
 
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a htmly -p "$HTMLY_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a htmly -p "$HTMLY_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $HTMLY_DOMAIN_NAME
+    add_ddns_domain "$HTMLY_DOMAIN_NAME"
 
     set_completion_param "htmly domain" "$HTMLY_DOMAIN_NAME"
     APP_INSTALLED=1

src/freedombone-app-hubzilla

@@ -60,7 +60,7 @@ function logging_off_hubzilla {
 
 function remove_user_hubzilla {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp hubzilla
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp hubzilla
 }
 
 function add_user_hubzilla {
@@ -71,27 +71,26 @@ function add_user_hubzilla {
 
     new_username="$1"
     new_user_password="$2"
-    ${PROJECT_NAME}-pass -u $new_username -a hubzilla -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a hubzilla -p "$new_user_password"
     echo '0'
 }
 
 function hubzilla_renew_cert {
     dialog --title $"Renew SSL certificate" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
+           --yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
     HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
-    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Renew SSL certificate" \
                --msgbox $"Hubzilla install directory not found" 6 40
         return
     fi
-    ${PROJECT_NAME}-renew-cert -h $HUBZILLA_DOMAIN_NAME -p 'letsencrypt'
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-renew-cert" -h "$HUBZILLA_DOMAIN_NAME" -p 'letsencrypt'; then
         any_key
     else
         dialog --title $"Renew SSL certificate" \
@@ -100,68 +99,71 @@ function hubzilla_renew_cert {
 }
 
 function hubzilla_channel_directory_server {
-    if ! grep -q "hubzilla domain" $COMPLETION_FILE; then
+    if ! grep -q "hubzilla domain" "$COMPLETION_FILE"; then
         dialog --title $"Hubzilla channel directory server" \
                --msgbox $"Hubzilla is not installed on this system" 6 40
         return
     fi
     HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
-    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Hubzilla channel directory server" \
                --msgbox $"Hubzilla install directory not found" 6 40
         return
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Hubzilla channel directory server" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>$data
+           --inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            hubzilla_domain_server=$(<$data)
+            hubzilla_domain_server=$(<"$data")
             if [[ $hubzilla_domain_server != *"."* ]]; then
+                rm -f "$data"
                 return
             fi
             if [[ $hubzilla_domain_server != "https"* ]]; then
                 dialog --title $"Hubzilla channel directory server" \
-                       --msgbox $"\nInvalid domain - include the https://" 7 60
+                       --msgbox $"\\nInvalid domain - include the https://" 7 60
+                rm -f "$data"
                 return
             fi
-            ./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config system directory_server $hubzilla_domain_server
+            "./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config" system directory_server "$hubzilla_domain_server"
             dialog --title $"Hubzilla channel directory server" \
-                   --msgbox $"\nDomain channel directory server changed to\n\n  $hubzilla_domain_server" 10 60
+                   --msgbox $"\\nDomain channel directory server changed to\\n\\n  $hubzilla_domain_server" 10 60
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_hubzilla {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Hubzilla" \
                --radiolist $"Choose an operation:" 13 70 4 \
                1 $"Set channel directory server" off \
                2 $"Renew SSL certificate" off \
-               3 $"Back to main menu" on 2> $data
+               3 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
             1) break;;
             255) break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) hubzilla_channel_directory_server;;
             2) hubzilla_renew_cert;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function install_interactive_hubzilla {
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         return
     fi
 
@@ -172,7 +174,7 @@ function install_interactive_hubzilla {
 }
 
 function change_password_hubzilla {
-    HUBZILLA_USERNAME="$1"
+#    HUBZILLA_USERNAME="$1"
     HUBZILLA_PASSWORD="$2"
     if [ ${#HUBZILLA_PASSWORD} -lt 8 ]; then
         echo $'Hubzilla password is too short'
@@ -183,14 +185,14 @@ function change_password_hubzilla {
 }
 
 function hubzilla_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        HUBZILLA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     fi
-    if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
-        HUBZILLA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
+        HUBZILLA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD"
-    if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD"
+    if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -211,25 +213,25 @@ function upgrade_hubzilla {
     HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
 
     function_check set_repo_commit
-    set_repo_commit $HUBZILLA_PATH "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
-    set_repo_commit $HUBZILLA_PATH/addon "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
-    if [ -d $HUBZILLA_PATH/redmatrix-themes1 ]; then
-        cd $HUBZILLA_PATH/redmatrix-themes1
+    set_repo_commit "$HUBZILLA_PATH" "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
+    set_repo_commit "$HUBZILLA_PATH/addon" "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
+    if [ -d "$HUBZILLA_PATH/redmatrix-themes1" ]; then
+        cd "$HUBZILLA_PATH/redmatrix-themes1" || exit 246782456
         git merge --abort
         git stash
         git pull
-        cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
-        chown -R www-data:www-data $HUBZILLA_PATH
+        cp -r "$HUBZILLA_PATH/redmatrix-themes1/*" "$HUBZILLA_PATH/view/theme/"
+        chown -R www-data:www-data "$HUBZILLA_PATH"
     fi
 }
 
 function backup_local_hubzilla {
     hubzilla_path=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
-    if [ -d $hubzilla_path ]; then
+    if [ -d "$hubzilla_path" ]; then
         function_check backup_database_to_usb
         backup_database_to_usb hubzilla
 
-        backup_directory_to_usb $hubzilla_path hubzilla
+        backup_directory_to_usb "$hubzilla_path" hubzilla
     fi
 }
 
@@ -240,31 +242,31 @@ function restore_local_hubzilla {
     function_check hubzilla_create_database
     hubzilla_create_database
 
-    restore_database hubzilla ${HUBZILLA_DOMAIN_NAME}
-    if [ -d $USB_MOUNT/backup/hubzilla ]; then
-        if [ ! -d $hubzilla_dir/store/[data]/smarty3 ]; then
-            mkdir -p $hubzilla_dir/store/[data]/smarty3
+    restore_database hubzilla "${HUBZILLA_DOMAIN_NAME}"
+    if [ -d "$USB_MOUNT/backup/hubzilla" ]; then
+        if [ ! -d "$hubzilla_dir/store/[data]/smarty3" ]; then
+            mkdir -p "$hubzilla_dir/store/[data]/smarty3"
         fi
-        chmod 1777 $hubzilla_dir/store/[data]/smarty3
-        chown -R www-data:www-data $hubzilla_dir/*
+        chmod 1777 "$hubzilla_dir/store/[data]/smarty3"
+        chown -R www-data:www-data "$hubzilla_dir/*"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
-        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
+        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
         MARIADB_PASSWORD=
     fi
 }
 
 function backup_remote_hubzilla {
-    temp_backup_dir=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
-    if [ -d $temp_backup_dir ]; then
-        suspend_site ${HUBZILLA_DOMAIN_NAME}
+    temp_backup_dir="/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs"
+    if [ -d "$temp_backup_dir" ]; then
+        suspend_site "${HUBZILLA_DOMAIN_NAME}"
         backup_database_to_friend hubzilla
         echo "Backing up Hubzilla installation"
-        backup_directory_to_friend $temp_backup_dir hubzilla
+        backup_directory_to_friend "$temp_backup_dir" hubzilla
         restart_site
         echo "Backup of Hubzilla complete"
     else
@@ -279,21 +281,21 @@ function restore_remote_hubzilla {
     function_check hubzilla_create_database
     hubzilla_create_database
 
-    restore_database_from_friend hubzilla ${HUBZILLA_DOMAIN_NAME}
-    if [ -d $SERVER_DIRECTORY/backup/hubzilla ]; then
-        if [ ! -d /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
-            mkdir -p /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
+    restore_database_from_friend hubzilla "${HUBZILLA_DOMAIN_NAME}"
+    if [ -d "$SERVER_DIRECTORY/backup/hubzilla" ]; then
+        if [ ! -d "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
+            mkdir -p "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
         fi
-        chmod 1777 /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
-        chown -R www-data:www-data /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*
+        chmod 1777 "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
+        chown -R www-data:www-data "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*"
     fi
     if [ -d /root/temphubzilla ]; then
         rm -rf /root/temphubzilla
     fi
 
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
     HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
-    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
+    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
     MARIADB_PASSWORD=
 }
 
@@ -301,41 +303,41 @@ function remove_hubzilla {
     if [ ${#HUBZILLA_DOMAIN_NAME} -eq 0 ]; then
         return
     fi
-    nginx_dissite $HUBZILLA_DOMAIN_NAME
-    remove_certs ${HUBZILLA_DOMAIN_NAME}
-    if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
-        rm -rf /var/www/$HUBZILLA_DOMAIN_NAME
+    nginx_dissite "$HUBZILLA_DOMAIN_NAME"
+    remove_certs "${HUBZILLA_DOMAIN_NAME}"
+    if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$HUBZILLA_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database hubzilla
     function_check remove_onion_service
     remove_onion_service hubzilla ${HUBZILLA_ONION_PORT}
-    sed -i '/hubzilla/d' $COMPLETION_FILE
+    sed -i '/hubzilla/d' "$COMPLETION_FILE"
     sed -i '/poller.php/d' /etc/crontab
 
     function_check remove_ddns_domain
-    remove_ddns_domain $HUBZILLA_DOMAIN_NAME
+    remove_ddns_domain "$HUBZILLA_DOMAIN_NAME"
 }
 
 function install_hubzilla {
-    if [ ! $HUBZILLA_DOMAIN_NAME ]; then
+    if [ ! "$HUBZILLA_DOMAIN_NAME" ]; then
         return
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         echo $"Hubzilla won't work on an onion address"
         exit 529925
     fi
 
-    HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
+    HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
 
     function_check install_mariadb
     install_mariadb
 
-    if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
+    if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
         remove_hubzilla
     fi
 
@@ -349,44 +351,44 @@ function install_hubzilla {
     apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
     apt-get -yq install php-memcached memcached
 
-    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
-        mkdir /var/www/$HUBZILLA_DOMAIN_NAME
+    if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$HUBZILLA_DOMAIN_NAME"
     fi
-    if [ ! -d $HUBZILLA_PATH ]; then
-        mkdir -p $HUBZILLA_PATH
+    if [ ! -d "$HUBZILLA_PATH" ]; then
+        mkdir -p "$HUBZILLA_PATH"
     fi
 
-    if [ ! -f $HUBZILLA_PATH/index.php ]; then
+    if [ ! -f "$HUBZILLA_PATH/index.php" ]; then
         if [ -d /repos/hubzilla ]; then
-            mkdir $HUBZILLA_PATH
-            cp -r -p /repos/hubzilla/. $HUBZILLA_PATH
-            cd $HUBZILLA_PATH
+            mkdir "$HUBZILLA_PATH"
+            cp -r -p /repos/hubzilla/. "$HUBZILLA_PATH"
+            cd "$HUBZILLA_PATH" || exit 245672478
             git pull
         else
             function_check git_clone
-            git_clone $HUBZILLA_REPO $HUBZILLA_PATH
+            git_clone "$HUBZILLA_REPO" "$HUBZILLA_PATH"
         fi
 
-        git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
+        git checkout "$HUBZILLA_COMMIT" -b "$HUBZILLA_COMMIT"
         set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT"
 
         if [ -d /repos/hubzilla-addons ]; then
-            mkdir $HUBZILLA_PATH/addon
-            cp -r -p /repos/hubzilla-addons/. $HUBZILLA_PATH/addon
-            cd $HUBZILLA_PATH/addon
+            mkdir "$HUBZILLA_PATH/addon"
+            cp -r -p /repos/hubzilla-addons/. "$HUBZILLA_PATH/addon"
+            cd "$HUBZILLA_PATH/addon" || exit 24682464
             git pull
         else
-            git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
+            git_clone "$HUBZILLA_ADDONS_REPO" "$HUBZILLA_PATH/addon"
         fi
 
-        cd $HUBZILLA_PATH/addon
-        git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
+        cd "$HUBZILLA_PATH/addon" || exit 24982468
+        git checkout "$HUBZILLA_ADDONS_COMMIT" -b "$HUBZILLA_ADDONS_COMMIT"
         set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT"
 
-        chown -R www-data:www-data $HUBZILLA_PATH
+        chown -R www-data:www-data "$HUBZILLA_PATH"
     fi
 
-    if [ ! -f $HUBZILLA_PATH/install/schema_mysql.sql ]; then
+    if [ ! -f "$HUBZILLA_PATH/install/schema_mysql.sql" ]; then
         echo $'No database schema found for hubzilla'
         exit 252782
     fi
@@ -403,156 +405,156 @@ function install_hubzilla {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $HUBZILLA_DOMAIN_NAME
+    add_ddns_domain "$HUBZILLA_DOMAIN_NAME"
 
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $HUBZILLA_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_http_redirect "$HUBZILLA_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root $HUBZILLA_PATH;";
+          echo "    server_name $HUBZILLA_DOMAIN_NAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $HUBZILLA_DOMAIN_NAME
+        nginx_ssl "$HUBZILLA_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
     else
-        echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    server_name $HUBZILLA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        { echo 'server {';
+        echo "    listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;";
+        echo "    root $HUBZILLA_PATH;";
+        echo "    server_name $HUBZILLA_ONION_HOSTNAME;";
+        echo "    error_log /dev/null;";
+        echo '    index index.php;';
+        echo '    charset utf-8;';
+        echo '    access_log /dev/null;';
+        echo '    add_header Strict-Transport-Security max-age=15768000;';
+        echo '';
+        echo '    # rewrite to front controller as default rule';
+        echo '    location / {'; } > "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
     fi
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $HUBZILLA_DOMAIN_NAME 'yes'
+    create_site_certificate "$HUBZILLA_DOMAIN_NAME" 'yes'
 
-    if [ ! -d $HUBZILLA_PATH/view/tpl/smarty3 ]; then
-        mkdir $HUBZILLA_PATH/view/tpl/smarty3
+    if [ ! -d "$HUBZILLA_PATH/view/tpl/smarty3" ]; then
+        mkdir "$HUBZILLA_PATH/view/tpl/smarty3"
     fi
     if [ ! -d "$HUBZILLA_PATH/store" ]; then
         mkdir "$HUBZILLA_PATH/store"
@@ -564,9 +566,9 @@ function install_hubzilla {
         mkdir "$HUBZILLA_PATH/store/[data]/smarty3"
         chmod 1777 "$HUBZILLA_PATH/store/[data]/smarty3"
     fi
-    chmod 1777 $HUBZILLA_PATH/view/tpl
+    chmod 1777 "$HUBZILLA_PATH/view/tpl"
     chown -R www-data:www-data "$HUBZILLA_PATH/store"
-    chmod 1777 $HUBZILLA_PATH/view/tpl/smarty3
+    chmod 1777 "$HUBZILLA_PATH/view/tpl/smarty3"
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -576,50 +578,50 @@ function install_hubzilla {
     function_check backup_database_local
     backup_database_local hubzilla
 
-    chown -R www-data:www-data $HUBZILLA_PATH
+    chown -R www-data:www-data "$HUBZILLA_PATH"
 
     function_check nginx_ensite
-    nginx_ensite $HUBZILLA_DOMAIN_NAME
+    nginx_ensite "$HUBZILLA_DOMAIN_NAME"
 
     function_check initialise_database
-    initialise_database hubzilla $HUBZILLA_PATH/install/schema_mysql.sql
+    initialise_database hubzilla "$HUBZILLA_PATH/install/schema_mysql.sql"
 
     # create the config file
-    echo '<?php' > $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_host = 'localhost';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_port = '0';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_user = 'root';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_data = 'hubzilla';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_type = '0';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$default_timezone = 'Europe/London';" >> $HUBZILLA_PATH/.htconfig.php
-    if [[ $ONION_ONLY == 'no' ]]; then
-        echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> $HUBZILLA_PATH/.htconfig.php
+    { echo '<?php';
+      echo "\$db_host = 'localhost';";
+      echo "\$db_port = '0';";
+      echo "\$db_user = 'root';";
+      echo "\$db_pass = '${MARIADB_PASSWORD}';";
+      echo "\$db_data = 'hubzilla';";
+      echo "\$db_type = '0';";
+      echo "\$default_timezone = 'Europe/London';"; } > "$HUBZILLA_PATH/.htconfig.php"
+    if [[ "$ONION_ONLY" == 'no' ]]; then
+        echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
     else
-        echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> $HUBZILLA_PATH/.htconfig.php
+        echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
     fi
-    echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> "$HUBZILLA_PATH/.htconfig.php"
     HUBZILLA_LOCATION_HASH="$(create_password 30)"
-    echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['register_text'] = '';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['verify_email'] = 1;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['sellpage'] = '';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['max_import_size'] = 200000;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['php_path'] = '/usr/bin/php';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['theme'] = 'redbasic';" >> $HUBZILLA_PATH/.htconfig.php
-    chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
-    chmod 755 $HUBZILLA_PATH/.htconfig.php
+    { echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';";
+      echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;";
+      echo "\$a->config['system']['register_text'] = '';";
+      echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';";
+      echo "\$a->config['system']['verify_email'] = 1;";
+      echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;";
+      echo "\$a->config['system']['sellpage'] = '';";
+      echo "\$a->config['system']['max_import_size'] = 200000;";
+      echo "\$a->config['system']['php_path'] = '/usr/bin/php';";
+      echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;";
+      echo "\$a->config['system']['theme'] = 'redbasic';"; } >> "$HUBZILLA_PATH/.htconfig.php"
+    chown www-data:www-data "$HUBZILLA_PATH/.htconfig.php"
+    chmod 755 "$HUBZILLA_PATH/.htconfig.php"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
     systemctl restart cron
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
 
     set_completion_param "hubzilla domain" "${HUBZILLA_DOMAIN_NAME}"
     APP_INSTALLED=1

src/freedombone-app-icecast

@@ -68,36 +68,36 @@ function icecast_update_daemon {
         rm /etc/init.d/icecast2
     fi
 
-    echo '#!/bin/sh' > /usr/bin/stop_icecast
-    echo 'kill $(pidof ices2)' >> /usr/bin/stop_icecast
-    echo 'systemctl stop icecast2' >> /usr/bin/stop_icecast
+    { echo '#!/bin/sh';
+      echo "kill \$(pidof ices2)";
+      echo 'systemctl stop icecast2'; } > /usr/bin/stop_icecast
     chmod +x /usr/bin/stop_icecast
 
     # Note that the sleep here actually is important
-    echo '#!/bin/bash' > /usr/bin/start_icecast
-    echo 'isrunning=$(ps aux | grep ices2)' >> /usr/bin/start_icecast
-    echo 'if [[ "$isrunning" != *"ices-playlist"* ]]; then' >> /usr/bin/start_icecast
-    echo '    systemctl start icecast2' >> /usr/bin/start_icecast
-    echo '    sleep 3' >> /usr/bin/start_icecast
-    echo '    cd /etc/ices2' >> /usr/bin/start_icecast
-    echo '    ices2 ices-playlist.xml' >> /usr/bin/start_icecast
-    echo 'fi' >> /usr/bin/start_icecast
+    { echo '#!/bin/bash';
+      echo "isrunning=\$(ps aux | grep ices2)";
+      echo "if [[ \"\$isrunning\" != *\"ices-playlist\"* ]]; then";
+      echo '    systemctl start icecast2';
+      echo '    sleep 3';
+      echo '    cd /etc/ices2';
+      echo '    ices2 ices-playlist.xml';
+      echo 'fi'; } > /usr/bin/start_icecast
     chmod +x /usr/bin/start_icecast
 
-    echo '[Unit]' > /etc/systemd/system/icecast2.service
-    echo 'Description=Icecast' >> /etc/systemd/system/icecast2.service
-    echo 'After=network.target' >> /etc/systemd/system/icecast2.service
-    echo 'After=tor.service' >> /etc/systemd/system/icecast2.service
-    echo '' >> /etc/systemd/system/icecast2.service
-    echo '[Service]' >> /etc/systemd/system/icecast2.service
-    echo 'User=icecast2' >> /etc/systemd/system/icecast2.service
-    echo 'Group=icecast' >> /etc/systemd/system/icecast2.service
-    echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml' >> /etc/systemd/system/icecast2.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/icecast2.service
-    echo 'RestartSec=10' >> /etc/systemd/system/icecast2.service
-    echo '' >> /etc/systemd/system/icecast2.service
-    echo '[Install]' >> /etc/systemd/system/icecast2.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/icecast2.service
+    { echo '[Unit]';
+      echo 'Description=Icecast';
+      echo 'After=network.target';
+      echo 'After=tor.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=icecast2';
+      echo 'Group=icecast';
+      echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml';
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/icecast2.service
 
     chown -R icecast2:icecast /etc/ices2
     chown -R icecast2:icecast /etc/icecast2
@@ -121,7 +121,7 @@ function change_password_icecast {
         /etc/icecast2/icecast.xml
     sed -i "s|<password>.*|<password>${new_user_password}</password>|g" /etc/ices2/ices-playlist.xml
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a icecast -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a icecast -p "$new_user_password"
     start_icecast
 }
 
@@ -139,7 +139,7 @@ function reconfigure_icecast {
 
 function icecast_convert_files {
     clear
-    cd ${1}
+    cd "${1}" || exit 2346824648
 
     echo $'Converting any mp3 files to ogg format'
     find . -type f -name '*.mp3' -exec bash -c 'ffmpeg -i "$0" -c:a libvorbis -q:a 4 "${0/%mp3/ogg}"' '{}' \;
@@ -153,20 +153,20 @@ function icecast_convert_files {
 }
 
 function icecast_add_file_to_playlist {
-    files_dir=${1}
-    if [ ! -d $files_dir ]; then
+    files_dir="${1}"
+    if [ ! -d "$files_dir" ]; then
         return
     fi
 
     echo $'Adding ogg files to playlist'
-    find $files_dir -type f -name '*.ogg' -print0 | while read -d $'\0' file; do
+    find "$files_dir" -type f -name '*.ogg' -print0 | while read -r -d $'\0' file; do
         if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
             echo "$file" >> $ICECAST_PLAYLIST_FILE
         fi
     done
 
     echo $'Adding ogv files to playlist'
-    find $files_dir -type f -name '*.ogv' -print0 | while read -d $'\0' file; do
+    find "$files_dir" -type f -name '*.ogv' -print0 | while read -r -d $'\0' file; do
         if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
             echo "$file" >> $ICECAST_PLAYLIST_FILE
         fi
@@ -178,14 +178,14 @@ function icecast_add_file_to_playlist {
 }
 
 function icecast_import_from_directory {
-    data=$(tempfile 2>/dev/null)
-    dialog --title "Choose a directory containing stream files" --dselect /home/$MY_USERNAME/ 30 60 2> $data
-    selected_dir=$(cat $data)
-    rm $data
+    data=$(mktemp 2>/dev/null)
+    dialog --title "Choose a directory containing stream files" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
+    selected_dir=$(cat "$data")
+    rm -f "$data"
     if [[ "$selected_dir" == "$ICECAST_DIR" ]]; then
         return
     fi
-    if [ ! -d $selected_dir ]; then
+    if [ ! -d "$selected_dir" ]; then
         return
     fi
     if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@@ -201,7 +201,7 @@ function icecast_import_from_directory {
     dialog --title $"Import stream files directory into Icecast" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nImport the directory:\n\n  $selected_dir" 12 75
+           --yesno $"\\nImport the directory:\\n\\n  $selected_dir" 12 75
     sel=$?
     case $sel in
         1) return;;
@@ -215,8 +215,8 @@ function icecast_import_from_directory {
     dest_dir=$(basename "$selected_dir")
     mv "$selected_dir" $ICECAST_DIR
 
-    icecast_convert_files $ICECAST_DIR/$dest_dir
-    icecast_add_file_to_playlist $ICECAST_DIR/$dest_dir
+    icecast_convert_files "$ICECAST_DIR/$dest_dir"
+    icecast_add_file_to_playlist "$ICECAST_DIR/$dest_dir"
 
     dialog --title $"Import stream files directory into Icecast" \
            --msgbox $"Import success" 6 40
@@ -226,18 +226,18 @@ function icecast_import_from_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Import stream files from USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
         dialog --title $"Import stream files from USB drive" --msgbox $'No stream files directory found on USB drive' 6 50
-        backup_unmount_drive ${USB_DRIVE}
+        backup_unmount_drive "${USB_DRIVE}"
     fi
-    cp -ru $USB_MOUNT$ICECAST_DIR/* $ICECAST_DIR
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru "$USB_MOUNT$ICECAST_DIR/*" $ICECAST_DIR
+    backup_unmount_drive "${USB_DRIVE}"
     icecast_convert_files $ICECAST_DIR
     dialog --title $"Import stream files from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
 }
@@ -246,40 +246,41 @@ function icecast_export_to_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Export stream files to USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then
-        mkdir -p $USB_MOUNT$ICECAST_DIR
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
+        mkdir -p "$USB_MOUNT$ICECAST_DIR"
     fi
-    cp -ru $ICECAST_DIR/* $USB_MOUNT$ICECAST_DIR
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru "$ICECAST_DIR/*" "$USB_MOUNT$ICECAST_DIR"
+    backup_unmount_drive "${USB_DRIVE}"
     dialog --title $"Export stream files to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
 }
 
 function icecast_format_drive {
     detect_usb_drive
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Format USB drive $USB_DRIVE for stream file storage" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to format drive\n\n    ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
+           --yesno $"\\nPlease confirm that you wish to format drive\\n\\n    ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1)  rm -f "$data"
+            return;;
+        255) rm -f "$data"
+             return;;
     esac
-    rm $data
+    rm -f "$data"
 
     clear
     echo ''
     echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
     echo ''
-    ${PROJECT_NAME}-format $USB_DRIVE
+    "${PROJECT_NAME}-format" "$USB_DRIVE"
     dialog --title $"Format USB drive $USB_DRIVE for stream file storage" --msgbox $'Format complete. You may now export stream files or remove the USB drive' 6 50
 }
 
@@ -290,42 +291,41 @@ function icecast_edit_playlist {
 }
 
 function icecast_change_login {
-    read_config_param $MY_USERNAME
-    ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser)
+    read_config_param "$MY_USERNAME"
+    ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change Icecast stream visitor login" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>$data
+           --inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>"$data"
     sel=$?
     case $sel in
-        0)  ICECAST_USER_PASSWORD=$(<$data)
+        0)  ICECAST_USER_PASSWORD=$(<"$data")
             if [[ "$ICECAST_USER_PASSWORD" != *' '* ]]; then
                 if [ ${#ICECAST_USER_PASSWORD} -gt 8 ]; then
-                    ${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p $ICECAST_USER_PASSWORD
+                    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
                     dialog --title $"Change Icecast stream visitor login" \
                            --msgbox $"Password changed to $ICECAST_USER_PASSWORD" 6 75
                 fi
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function icecast_enable_login {
     dialog --title $"Enable Icecast login" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nDo you want to add a login so that random web users can't access your stream?" 10 60
+           --yesno $"\\nDo you want to add a login so that random web users can't access your stream?" 10 60
     sel=$?
     case $sel in
         0) if grep -q '#auth_basic' /etc/nginx/sites-available/icecast; then
                sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/icecast
                systemctl restart nginx
            fi
-           read_config_param $MY_USERNAME
-           ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser)
+           read_config_param "$MY_USERNAME"
+           ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
            dialog --title $"Enable Icecast login" \
                   --msgbox $"Icecast logins are now enabled with the password $ICECAST_USER_PASSWORD" 6 65
            ICECAST_USER_PASSWORD=
@@ -341,23 +341,24 @@ function icecast_enable_login {
 }
 
 function icecast_set_stream_name {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Change Icecast stream details" \
-           --form "\n" 8 60 4 \
+           --form "\\n" 8 60 4 \
            $"Stream name:" 1 1 "Example stream name" 1 18 40 1000 \
            $"Description:" 2 1 "A short description of your stream" 2 18 40 1000 \
            $"Genre:" 3 1 "Example genre" 3 18 40 1000 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    stream_name=$(cat $data | sed -n 1p)
-    stream_description=$(cat $data | sed -n 2p)
-    stream_genre=$(cat $data | sed -n 3p)
+    stream_name=$(sed -n 1p < "$data")
+    stream_description=$(sed -n 2p < "$data")
+    stream_genre=$(sed -n 3p < "$data")
     if [ ${#stream_name} -gt 2 ]; then
         sed -i "s|<name>.*|<name>${stream_name}</name>|g" /etc/ices2/ices-playlist.xml
     fi
@@ -367,42 +368,41 @@ function icecast_set_stream_name {
     if [ ${#stream_genre} -gt 2 ]; then
         sed -i "s|<genre>.*|<genre>${stream_genre}</genre>|g" /etc/ices2/ices-playlist.xml
     fi
-    rm $data
+    rm -f "$data"
     stop_icecast
     start_icecast
 }
 
 function icecast_set_maximum_streams {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Set the maximum clients" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Maximum number of clients" 8 40 "10" 2>$data
+           --inputbox $"Maximum number of clients" 8 40 "10" 2>"$data"
     sel=$?
     case $sel in
         0)
-            max_clients=$(<$data)
+            max_clients=$(<"$data")
             if [ ${#max_clients} -gt 0 ]; then
                 if [[ "$max_clients" != *' '* ]]; then
-                    if [[ $max_clients =~ '^[0-9]+$' ]] ; then
+                    # shellcheck disable=SC2076
+                    if [[ "$max_clients" =~ '^[0-9]+$' ]] ; then
                         sed -i "s|<clients>.*|<clients>${max_clients}</clients>|g" /etc/icecast2/icecast.xml
                         stop_icecast
                         start_icecast
                         dialog --title $"Set the maximum clients" \
-                               --msgbox $"\nMaximum Icecast clients was set to ${max_clients}" 8 50
+                               --msgbox $"\\nMaximum Icecast clients was set to ${max_clients}" 8 50
                     fi
                 fi
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function configure_interactive_icecast {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Icecast" \
                --radiolist $"Choose an operation:" 19 70 12 \
@@ -417,13 +417,15 @@ function configure_interactive_icecast {
                9 $"Restart stream" off \
                10 $"Set Stream Name/Description/Genre" off \
                11 $"Set maximum number of clients/streams" off \
-               12 $"Exit" on 2> $data
+               12 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) icecast_import_from_directory;;
             2) icecast_import_from_usb;;
             3) icecast_format_drive;;
@@ -440,8 +442,10 @@ function configure_interactive_icecast {
                start_icecast;;
             10) icecast_set_stream_name;;
             11) icecast_set_maximum_streams;;
-            12) break;;
+            12) rm -f "$data"
+                break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -556,7 +560,7 @@ function remove_icecast {
     fi
     function_check remove_onion_service
     remove_onion_service icecast ${ICECAST_ONION_PORT}
-    sed -i '/icecast/d' $COMPLETION_FILE
+    sed -i '/icecast/d' "$COMPLETION_FILE"
 }
 
 function install_icecast {
@@ -572,11 +576,11 @@ function install_icecast {
         exit 7923528
     fi
 
-    if [ ! ${ICECAST_PASSWORD} ]; then
-        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-            ICECAST_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "${ICECAST_PASSWORD}" ]; then
+        if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+            ICECAST_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            ICECAST_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            ICECAST_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -600,22 +604,22 @@ function install_icecast {
     fi
 
     icecast_nginx_site=/etc/nginx/sites-available/icecast
-    echo 'server {' > $icecast_nginx_site
-    echo "    listen 127.0.0.1:$ICECAST_ONION_PORT default_server;" >> $icecast_nginx_site
-    echo "    server_name $ICECAST_ONION_HOSTNAME;" >> $icecast_nginx_site
-    echo '' >> $icecast_nginx_site
-    echo '  # Logs' >> $icecast_nginx_site
-    echo '  access_log /dev/null;' >> $icecast_nginx_site
-    echo '  error_log /dev/null;' >> $icecast_nginx_site
-    echo '' >> $icecast_nginx_site
-    echo '  location / {' >> $icecast_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$ICECAST_ONION_PORT default_server;";
+      echo "    server_name $ICECAST_ONION_HOSTNAME;";
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  location / {'; } > $icecast_nginx_site
     function_check nginx_limits
-    nginx_limits $ICECAST_ONION_HOSTNAME '15m'
-    echo "      proxy_pass http://localhost:$ICECAST_PORT;" >> $icecast_nginx_site
-    echo "      #auth_basic \"${ICECAST_LOGIN_TEXT}\";" >> $icecast_nginx_site
-    echo '      #auth_basic_user_file /etc/nginx/.icepasswd;' >> $icecast_nginx_site
-    echo '  }' >> $icecast_nginx_site
-    echo '}' >> $icecast_nginx_site
+    nginx_limits "$ICECAST_ONION_HOSTNAME" '15m'
+    { echo "      proxy_pass http://localhost:$ICECAST_PORT;";
+      echo "      #auth_basic \"${ICECAST_LOGIN_TEXT}\";";
+      echo '      #auth_basic_user_file /etc/nginx/.icepasswd;';
+      echo '  }';
+      echo '}'; } >> $icecast_nginx_site
 
     if [ ! -d /var/log/ices ]; then
         mkdir -p /var/log/ices
@@ -624,105 +628,105 @@ function install_icecast {
         mkdir -p /etc/ices2
     fi
 
-    echo '<?xml version="1.0"?>' > /etc/ices2/ices-playlist.xml
-    echo '<ices>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- run in background -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <background>1</background>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- where logs, etc go. -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <logpath>/var/log/ices</logpath>' >> /etc/ices2/ices-playlist.xml
-    echo '    <logfile>ices.log</logfile>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- 1=error,2=warn,3=info,4=debug -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <loglevel>1</loglevel>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- set this to 1 to log to the console instead of to the file above -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <consolelog>0</consolelog>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- optional filename to write process id to -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- <pidfile>/home/ices/ices.pid</pidfile> -->' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '    <stream>' >> /etc/ices2/ices-playlist.xml
-    echo '        <!-- metadata used for stream listing (not currently used) -->' >> /etc/ices2/ices-playlist.xml
-    echo '        <metadata>' >> /etc/ices2/ices-playlist.xml
-    echo '            <name>Example stream name</name>' >> /etc/ices2/ices-playlist.xml
-    echo '            <genre>Example genre</genre>' >> /etc/ices2/ices-playlist.xml
-    echo '            <description>A short description of your stream</description>' >> /etc/ices2/ices-playlist.xml
-    echo '        </metadata>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '        <!-- input module' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            The module used here is the playlist module - it has ' >> /etc/ices2/ices-playlist.xml
-    echo '            "submodules" for different types of playlist. There are' >> /etc/ices2/ices-playlist.xml
-    echo '            two currently implemented, "basic", which is a simple' >> /etc/ices2/ices-playlist.xml
-    echo '            file-based playlist, and "script" which invokes a command' >> /etc/ices2/ices-playlist.xml
-    echo '            to returns a filename to start playing. -->' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '        <input>' >> /etc/ices2/ices-playlist.xml
-    echo '            <module>playlist</module>' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="type">basic</param>' >> /etc/ices2/ices-playlist.xml
-    echo "            <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>" >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- random play -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="random">0</param>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- if the playlist get updated that start at the beginning -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="restart-after-reread">0</param>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- if set to 1 , plays once through, then exits. -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="once">0</param>' >> /etc/ices2/ices-playlist.xml
-    echo '        </input>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Stream instance' >> /etc/ices2/ices-playlist.xml
-    echo '            You may have one or more instances here. This allows you to ' >> /etc/ices2/ices-playlist.xml
-    echo '            send the same input data to one or more servers (or to different' >> /etc/ices2/ices-playlist.xml
-    echo '            mountpoints on the same server). Each of them can have different' >> /etc/ices2/ices-playlist.xml
-    echo '            parameters. This is primarily useful for a) relaying to multiple' >> /etc/ices2/ices-playlist.xml
-    echo '            independent servers, and b) encoding/reencoding to multiple' >> /etc/ices2/ices-playlist.xml
-    echo '            bitrates.' >> /etc/ices2/ices-playlist.xml
-    echo '            If one instance fails (for example, the associated server goes' >> /etc/ices2/ices-playlist.xml
-    echo '            down, etc), the others will continue to function correctly.' >> /etc/ices2/ices-playlist.xml
-    echo '            This example defines two instances as two mountpoints on the' >> /etc/ices2/ices-playlist.xml
-    echo '            same server.  -->' >> /etc/ices2/ices-playlist.xml
-    echo '        <instance>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Server details:' >> /etc/ices2/ices-playlist.xml
-    echo '                You define hostname and port for the server here, along with' >> /etc/ices2/ices-playlist.xml
-    echo '                the source password and mountpoint.  -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <hostname>localhost</hostname>' >> /etc/ices2/ices-playlist.xml
-    echo "            <port>$ICECAST_PORT</port>" >> /etc/ices2/ices-playlist.xml
-    echo "            <password>$ICECAST_PASSWORD</password>" >> /etc/ices2/ices-playlist.xml
-    echo '            <mount>/example1.ogg</mount>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Reconnect parameters:' >> /etc/ices2/ices-playlist.xml
-    echo '                When something goes wrong (e.g. the server crashes, or the' >> /etc/ices2/ices-playlist.xml
-    echo '                network drops) and ices disconnects from the server, these' >> /etc/ices2/ices-playlist.xml
-    echo '                control how often it tries to reconnect, and how many times' >> /etc/ices2/ices-playlist.xml
-    echo '                it tries to reconnect. Delay is in seconds.' >> /etc/ices2/ices-playlist.xml
-    echo '                If you set reconnectattempts to -1, it will continue ' >> /etc/ices2/ices-playlist.xml
-    echo '                indefinately. Suggest setting reconnectdelay to a large value' >> /etc/ices2/ices-playlist.xml
-    echo '                if you do this.' >> /etc/ices2/ices-playlist.xml
-    echo '            -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <reconnectdelay>2</reconnectdelay>' >> /etc/ices2/ices-playlist.xml
-    echo '            <reconnectattempts>5</reconnectattempts> ' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- maxqueuelength:' >> /etc/ices2/ices-playlist.xml
-    echo '                This describes how long the internal data queues may be. This' >> /etc/ices2/ices-playlist.xml
-    echo '                basically lets you control how much data gets buffered before' >> /etc/ices2/ices-playlist.xml
-    echo '                ices decides it cant send to the server fast enough, and ' >> /etc/ices2/ices-playlist.xml
-    echo '                either shuts down or flushes the queue (dropping the data)' >> /etc/ices2/ices-playlist.xml
-    echo '                and continues. ' >> /etc/ices2/ices-playlist.xml
-    echo '                For advanced users only.' >> /etc/ices2/ices-playlist.xml
-    echo '            -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <maxqueuelength>80</maxqueuelength>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Live encoding/reencoding:' >> /etc/ices2/ices-playlist.xml
-    echo '                Currrently, the parameters given here for encoding MUST' >> /etc/ices2/ices-playlist.xml
-    echo '                match the input data for channels and sample rate. That ' >> /etc/ices2/ices-playlist.xml
-    echo '                restriction will be relaxed in the future.' >> /etc/ices2/ices-playlist.xml
-    echo '                Remove this section if you dont want your files getting reencoded.' >> /etc/ices2/ices-playlist.xml
-    echo '            -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <encode>  ' >> /etc/ices2/ices-playlist.xml
-    echo '                <nominal-bitrate>64000</nominal-bitrate>' >> /etc/ices2/ices-playlist.xml
-    echo '                <samplerate>22050</samplerate>' >> /etc/ices2/ices-playlist.xml
-    echo '                <channels>1</channels>' >> /etc/ices2/ices-playlist.xml
-    echo '            </encode>' >> /etc/ices2/ices-playlist.xml
-    echo '        </instance>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '        </stream>' >> /etc/ices2/ices-playlist.xml
-    echo '</ices>' >> /etc/ices2/ices-playlist.xml
+    { echo '<?xml version="1.0"?>';
+      echo '<ices>';
+      echo '    <!-- run in background -->';
+      echo '    <background>1</background>';
+      echo '    <!-- where logs, etc go. -->';
+      echo '    <logpath>/var/log/ices</logpath>';
+      echo '    <logfile>ices.log</logfile>';
+      echo '    <!-- 1=error,2=warn,3=info,4=debug -->';
+      echo '    <loglevel>1</loglevel>';
+      echo '    <!-- set this to 1 to log to the console instead of to the file above -->';
+      echo '    <consolelog>0</consolelog>';
+      echo '';
+      echo '    <!-- optional filename to write process id to -->';
+      echo '    <!-- <pidfile>/home/ices/ices.pid</pidfile> -->';
+      echo '';
+      echo '    <stream>';
+      echo '        <!-- metadata used for stream listing (not currently used) -->';
+      echo '        <metadata>';
+      echo '            <name>Example stream name</name>';
+      echo '            <genre>Example genre</genre>';
+      echo '            <description>A short description of your stream</description>';
+      echo '        </metadata>';
+      echo '';
+      echo '        <!-- input module';
+      echo '';
+      echo '            The module used here is the playlist module - it has ';
+      echo '            "submodules" for different types of playlist. There are';
+      echo '            two currently implemented, "basic", which is a simple';
+      echo '            file-based playlist, and "script" which invokes a command';
+      echo '            to returns a filename to start playing. -->';
+      echo '';
+      echo '        <input>';
+      echo '            <module>playlist</module>';
+      echo '            <param name="type">basic</param>';
+      echo "            <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>";
+      echo '            <!-- random play -->';
+      echo '            <param name="random">0</param>';
+      echo '            <!-- if the playlist get updated that start at the beginning -->';
+      echo '            <param name="restart-after-reread">0</param>';
+      echo '            <!-- if set to 1 , plays once through, then exits. -->';
+      echo '            <param name="once">0</param>';
+      echo '        </input>';
+      echo '';
+      echo '            <!-- Stream instance';
+      echo '            You may have one or more instances here. This allows you to ';
+      echo '            send the same input data to one or more servers (or to different';
+      echo '            mountpoints on the same server). Each of them can have different';
+      echo '            parameters. This is primarily useful for a) relaying to multiple';
+      echo '            independent servers, and b) encoding/reencoding to multiple';
+      echo '            bitrates.';
+      echo '            If one instance fails (for example, the associated server goes';
+      echo '            down, etc), the others will continue to function correctly.';
+      echo '            This example defines two instances as two mountpoints on the';
+      echo '            same server.  -->';
+      echo '        <instance>';
+      echo '            <!-- Server details:';
+      echo '                You define hostname and port for the server here, along with';
+      echo '                the source password and mountpoint.  -->';
+      echo '            <hostname>localhost</hostname>';
+      echo "            <port>$ICECAST_PORT</port>";
+      echo "            <password>$ICECAST_PASSWORD</password>";
+      echo '            <mount>/example1.ogg</mount>';
+      echo '            <!-- Reconnect parameters:';
+      echo '                When something goes wrong (e.g. the server crashes, or the';
+      echo '                network drops) and ices disconnects from the server, these';
+      echo '                control how often it tries to reconnect, and how many times';
+      echo '                it tries to reconnect. Delay is in seconds.';
+      echo '                If you set reconnectattempts to -1, it will continue ';
+      echo '                indefinately. Suggest setting reconnectdelay to a large value';
+      echo '                if you do this.';
+      echo '            -->';
+      echo '            <reconnectdelay>2</reconnectdelay>';
+      echo '            <reconnectattempts>5</reconnectattempts> ';
+      echo '';
+      echo '            <!-- maxqueuelength:';
+      echo '                This describes how long the internal data queues may be. This';
+      echo '                basically lets you control how much data gets buffered before';
+      echo '                ices decides it cant send to the server fast enough, and ';
+      echo '                either shuts down or flushes the queue (dropping the data)';
+      echo '                and continues. ';
+      echo '                For advanced users only.';
+      echo '            -->';
+      echo '            <maxqueuelength>80</maxqueuelength>';
+      echo '';
+      echo '            <!-- Live encoding/reencoding:';
+      echo '                Currrently, the parameters given here for encoding MUST';
+      echo '                match the input data for channels and sample rate. That ';
+      echo '                restriction will be relaxed in the future.';
+      echo '                Remove this section if you dont want your files getting reencoded.';
+      echo '            -->';
+      echo '            <encode>  ';
+      echo '                <nominal-bitrate>64000</nominal-bitrate>';
+      echo '                <samplerate>22050</samplerate>';
+      echo '                <channels>1</channels>';
+      echo '            </encode>';
+      echo '        </instance>';
+      echo '';
+      echo '        </stream>';
+      echo '</ices>'; } > /etc/ices2/ices-playlist.xml
 
     sed -i 's|ENABLE=.*|ENABLE=true|g' /etc/default/icecast2
 
@@ -733,18 +737,18 @@ function install_icecast {
 
 
     # create a password for users
-    ICECAST_USER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    ICECAST_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     if grep -q "$MY_USERNAME:" /etc/nginx/.icepasswd; then
         sed -i "/$MY_USERNAME:/d" /etc/nginx/.icepasswd
     fi
-    echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd $MY_USERNAME
+    echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd "$MY_USERNAME"
     if [ ! -f /etc/nginx/.icepasswd ]; then
         echo $'/etc/nginx/.icepasswd not found'
         exit 73528235
     fi
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a icecast -p "$ICECAST_PASSWORD"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p "$ICECAST_USER_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecast -p "$ICECAST_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
 
     groupadd icecast
     useradd -c "Icecast system account" -d /etc/icecast2 -m -r -g icecast icecast2

src/freedombone-app-ipfs

@@ -76,7 +76,7 @@ function upgrade_ipfs_go {
     fi
 
     function_check set_repo_commit
-    set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
+    set_repo_commit "$GOPATH/src/github.com/ipfs/go-ipfs" "ipfs commit" "$IPFS_COMMIT" "$IPFS_REPO"
 }
 
 function upgrade_ipfs_js {
@@ -97,33 +97,34 @@ function upgrade_ipfs {
 }
 
 function backup_local_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
+    if ! grep -q "Admin user" "$COMPLETION_FILE"; then
         return
     fi
     ADMIN_USERNAME=$(get_completion_param "Admin user")
-    source_directory=/home/$ADMIN_USERNAME/.ipfs
-    if [ -d $source_directory ]; then
+    source_directory="/home/$ADMIN_USERNAME/.ipfs"
+    if [ -d "$source_directory" ]; then
         dest_directory=ipfs
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
     fi
 }
 
 function restore_local_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
+    if ! grep -q "Admin user" "$COMPLETION_FILE"; then
         return
     fi
-    if [ -d $USB_MOUNT/backup/ipfs ]; then
+    if [ -d "$USB_MOUNT/backup/ipfs" ]; then
         echo $"Restoring IPFS"
         temp_restore_dir=/root/tempipfs
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir ipfs
         ADMIN_USERNAME=$(get_completion_param "Admin user")
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then
-            cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
+            cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
         else
-            cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs
+            cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             function_check set_user_permissions
@@ -138,28 +139,29 @@ function restore_local_ipfs {
 }
 
 function backup_remote_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
+    if ! grep -q "Admin user" "$COMPLETION_FILE"; then
         return
     fi
     ADMIN_USERNAME=$(get_completion_param "Admin user")
-    if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then
+    if [ -d "/home/$ADMIN_USERNAME/.ipfs" ]; then
         echo $"Backing up IPFS"
-        backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs
+        backup_directory_to_friend "/home/$ADMIN_USERNAME/.ipfs" ipfs
         echo $"Backup of IPFS complete"
     fi
 }
 
 function restore_remote_ipfs {
-    if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/ipfs" ]; then
         echo $"Restoring IPFS"
         temp_restore_dir=/root/tempipfs
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir ipfs
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then
-            cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
+            cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
         else
-            cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs
+            cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check set_user_permissions
             set_user_permissions
@@ -177,11 +179,11 @@ function remove_ipfs_go {
     systemctl daemon-reload
     rm /etc/systemd/system/ipfs.service
     systemctl daemon-reload
-    rm -rf $GOPATH/src/github.com/ipfs
+    rm -rf "$GOPATH/src/github.com/ipfs"
     firewall_remove $IPFS_PORT tcp
     remove_completion_param install_ipfs
     remove_completion_param configure_firewall_for_ipfs
-    sed -i '/ipfs/d' $COMPLETION_FILE
+    sed -i '/ipfs/d' "$COMPLETION_FILE"
 }
 
 function remove_ipfs_js {
@@ -194,9 +196,9 @@ function remove_ipfs_js {
     npm uninstall ronin --global
 
     firewall_remove $IPFS_PORT tcp
-    sed -i '/install_ipfs/d' $COMPLETION_FILE
-    sed -i '/ipfs/d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE
+    sed -i '/install_ipfs/d' "$COMPLETION_FILE"
+    sed -i '/ipfs/d' "$COMPLETION_FILE"
+    sed -i '/configure_firewall_for_ipfs/d' "$COMPLETION_FILE"
 }
 
 function remove_ipfs {
@@ -205,7 +207,7 @@ function remove_ipfs {
 }
 
 function configure_firewall_for_ipfs {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $ONION_ONLY != "no" ]]; then
@@ -213,22 +215,23 @@ function configure_firewall_for_ipfs {
     fi
 
     firewall_add IPFS $IPFS_PORT tcp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function mesh_install_ipfs_js {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
-    chroot ${rootdir} apt-get -yq install libpam0g-dev fuse
+    # shellcheck disable=SC2154
+    chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse
 
-    if [ ! -f ${rootdir}/usr/bin/nodejs ]; then
+    if [ ! -f "${rootdir}/usr/bin/nodejs" ]; then
         echo $'nodejs was not installed'
         exit 63962
     fi
 
-    cat <<EOF > ${rootdir}/root/install-ipfs.sh
+    cat <<EOF > "${rootdir}/root/install-ipfs.sh"
 #!/bin/bash
 PATH="/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/bin"
 NODE_PATH="/usr/lib/node_modules"
@@ -241,57 +244,57 @@ npm install -g ronin@${IPFS_JS_RONIN_VERSION} --save
 npm install -g ipfs@${IPFS_JS_VERSION} --save
 exit 0
 EOF
-    chroot ${rootdir} /bin/chmod +x /root/install-ipfs.sh
-    chroot ${rootdir} /root/install-ipfs.sh
-    rm -f ${rootdir}/root/install-ipfs.sh
+    chroot "${rootdir}" /bin/chmod +x /root/install-ipfs.sh
+    chroot "${rootdir}" /root/install-ipfs.sh
+    rm -f "${rootdir}/root/install-ipfs.sh"
 
     IPFS_PATH=/usr/bin
 
-    if [ ! -f ${rootdir}$IPFS_PATH/jsipfs ]; then
+    if [ ! -f "${rootdir}$IPFS_PATH/jsipfs" ]; then
         exit 637292
     fi
 
     # directories to mount to
-    if [ ! -d ${rootdir}/ipfs ]; then
-        chroot ${rootdir} /bin/mkdir /ipfs
-        chroot ${rootdir} /bin/mkdir /ipns
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipfs
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipns
+    if [ ! -d "${rootdir}/ipfs" ]; then
+        chroot "${rootdir}" /bin/mkdir /ipfs
+        chroot "${rootdir}" /bin/mkdir /ipns
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipns
     fi
 
-    if [ -f ${rootdir}/etc/fuse.conf ]; then
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+    if [ -f "${rootdir}/etc/fuse.conf" ]; then
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
     fi
-    if [ -f ${rootdir}/dev/fuse ]; then
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+    if [ -f "${rootdir}/dev/fuse" ]; then
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
     fi
 
     IPFS_DAEMON_NAME=ipfs
     IPFS_DAEMON_FILE=${rootdir}/etc/systemd/system/${IPFS_DAEMON_NAME}.service
-    echo '[Unit]' > $IPFS_DAEMON_FILE
-    echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE
-    echo 'After=syslog.target' >> $IPFS_DAEMON_FILE
-    echo 'After=network.target' >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Service]' >> $IPFS_DAEMON_FILE
-    echo 'Type=simple' >> $IPFS_DAEMON_FILE
-    echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE
-    echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Install]' >> $IPFS_DAEMON_FILE
-    echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE
+    { echo '[Unit]';
+      echo 'Description=IPFS javascript daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=$MY_USERNAME";
+      echo "Group=$MY_USERNAME";
+      echo "WorkingDirectory=/home/$MY_USERNAME";
+      echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
+      echo 'Restart=on-failure';
+      echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$IPFS_DAEMON_FILE"
 
-    chroot ${rootdir} systemctl enable ${IPFS_DAEMON_NAME}
+    chroot "${rootdir}" systemctl enable ${IPFS_DAEMON_NAME}
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_ipfs_js {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_ipfs_js
         return
     fi
@@ -321,8 +324,8 @@ function install_ipfs_js {
     fi
 
     # initialise
-    su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - $MY_USERNAME
-    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
+    su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - "$MY_USERNAME"
+    if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
         echo "IPFS could not be initialised for user $MY_USERNAME"
         exit 7358
     fi
@@ -331,42 +334,42 @@ function install_ipfs_js {
     if [ ! -d /ipfs ]; then
         mkdir /ipfs
         mkdir /ipns
-        chown $MY_USERNAME:$MY_USERNAME /ipfs
-        chown $MY_USERNAME:$MY_USERNAME /ipns
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipns
     fi
 
     if [ -f /etc/fuse.conf ]; then
-        chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+        chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
     fi
     if [ -f /dev/fuse ]; then
-        chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+        chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
     fi
 
     IPFS_DAEMON_NAME=ipfs
     IPFS_DAEMON_FILE=/etc/systemd/system/${IPFS_DAEMON_NAME}.service
-    echo '[Unit]' > $IPFS_DAEMON_FILE
-    echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE
-    echo 'After=syslog.target' >> $IPFS_DAEMON_FILE
-    echo 'After=network.target' >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Service]' >> $IPFS_DAEMON_FILE
-    echo 'Type=simple' >> $IPFS_DAEMON_FILE
-    echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE
-    echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Install]' >> $IPFS_DAEMON_FILE
-    echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE
+    { echo '[Unit]';
+      echo 'Description=IPFS javascript daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=$MY_USERNAME";
+      echo "Group=$MY_USERNAME";
+      echo "WorkingDirectory=/home/$MY_USERNAME";
+      echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
+      echo 'Restart=on-failure';
+      echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $IPFS_DAEMON_FILE
 
     systemctl enable ${IPFS_DAEMON_NAME}
     systemctl daemon-reload
     systemctl restart ${IPFS_DAEMON_NAME}
 
     if [ -d /etc/avahi ]; then
-        su -c "echo $($IPFS_PATH/jsipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
+        su -c "echo $($IPFS_PATH/jsipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - "$MY_USERNAME"
         if [ ! -f /tmp/ipfsid ]; then
             echo 'No IPFS identity was created'
             exit 37895
@@ -387,17 +390,17 @@ function install_ipfs_js {
 }
 
 function mesh_install_ipfs_go {
-    chroot ${rootdir} apt-get -yq install libpam0g-dev fuse wget
+    chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse wget
 
     mesh_upgrade_golang
 
     IPFS_ARCH=
     IPFS_PATH=/usr/bin
 
-    if [ ! -d $rootdir$INSTALL_DIR/ipfs ]; then
-        mkdir -p $rootdir$INSTALL_DIR/ipfs
+    if [ ! -d "$rootdir$INSTALL_DIR/ipfs" ]; then
+        mkdir -p "$rootdir$INSTALL_DIR/ipfs"
     fi
-    cd $rootdir$INSTALL_DIR/ipfs
+    cd "$rootdir$INSTALL_DIR/ipfs" || exit 23468264
 
     if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then
         IPFS_ARCH=386
@@ -431,42 +434,42 @@ function mesh_install_ipfs_go {
 
     IPFS_FILE=go-ipfs_v${IPFS_GO_VERSION}_linux-${IPFS_ARCH}.tar.gz
     wget https://ipfs.io/ipns/dist.ipfs.io/go-ipfs/v${IPFS_GO_VERSION}/${IPFS_FILE}
-    if [ ! -f $rootdir$INSTALL_DIR/ipfs/${IPFS_FILE} ]; then
+    if [ ! -f "$rootdir$INSTALL_DIR/ipfs/${IPFS_FILE}" ]; then
         echo $'IPFS package could not be downloaded'
         exit 63725
     fi
     tar -xzvf ${IPFS_FILE}
-    if [ ! -f $rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs ]; then
+    if [ ! -f "$rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs" ]; then
         echo $"ipfs was not found in downloaded package"
         exit 638235
     fi
-    chroot "$rootdir" /bin/cp $INSTALL_DIR/ipfs/go-ipfs/ipfs $IPFS_PATH
-    if [ ! -f $rootdir$IPFS_PATH/ipfs ]; then
+    chroot "$rootdir" /bin/cp "$INSTALL_DIR/ipfs/go-ipfs/ipfs" $IPFS_PATH
+    if [ ! -f "$rootdir$IPFS_PATH/ipfs" ]; then
         echo $'IPFS was not installed'
         exit 63722
     fi
 
     IPFS_USER_DAEMON=${rootdir}/home/${MY_USERNAME}/.config/systemd/user/ipfs.service
-    mkdir -p ${rootdir}/home/${MY_USERNAME}/.config/systemd/user
+    mkdir -p "${rootdir}/home/${MY_USERNAME}/.config/systemd/user"
 
-    echo '[Unit]' > $IPFS_USER_DAEMON
-    echo 'Description=IPFS go daemon' >> $IPFS_USER_DAEMON
-    echo 'After=syslog.target' >> $IPFS_USER_DAEMON
-    echo 'After=network.target' >> $IPFS_USER_DAEMON
-    echo '' >> $IPFS_USER_DAEMON
-    echo '[Service]' >> $IPFS_USER_DAEMON
-    echo 'Type=simple' >> $IPFS_USER_DAEMON
-    echo "ExecStart=$IPFS_PATH/ipfs daemon" >> $IPFS_USER_DAEMON
-    echo 'Restart=on-failure' >> $IPFS_USER_DAEMON
-    echo 'RestartSec=60' >> $IPFS_USER_DAEMON
-    echo '' >> $IPFS_USER_DAEMON
-    echo '[Install]' >> $IPFS_USER_DAEMON
-    echo 'WantedBy=default.target' >> $IPFS_USER_DAEMON
-    chroot ${rootdir} /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/${MY_USERNAME}/.config
+    { echo '[Unit]';
+      echo 'Description=IPFS go daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "ExecStart=$IPFS_PATH/ipfs daemon";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=60';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=default.target'; } > "$IPFS_USER_DAEMON"
+    chroot "${rootdir}" /bin/chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/${MY_USERNAME}/.config"
 }
 
 function install_ipfs_go {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_ipfs_go
         return
     fi
@@ -490,61 +493,58 @@ function install_ipfs_go {
         else
             sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
         fi
-        systemctl set-environment GOPATH=$GOPATH
+        systemctl set-environment GOPATH="$GOPATH"
         if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
             echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
         else
             sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
         fi
-        if [ ! -d $GOPATH ]; then
-            mkdir -p $GOPATH
+        if [ ! -d "$GOPATH" ]; then
+            mkdir -p "$GOPATH"
         fi
     fi
 
     IPFS_PATH=$GOPATH/bin
     export PATH="$GOPATH/bin:$PATH:"
     if ! grep -q 'GOPATH/bin' ~/.bashrc; then
-        echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
+        echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> ~/.bashrc
     else
         sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
     fi
 
     # set gopath for the user
-    if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
-        echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
-        echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
+    if ! grep -q "GOPATH=" "/home/$MY_USERNAME/.bashrc"; then
+        echo "export GOPATH=$GOPATH" >> "/home/$MY_USERNAME/.bashrc"
+        echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> "/home/$MY_USERNAME/.bashrc"
     else
-        sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
+        sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" "/home/$MY_USERNAME/.bashrc"
     fi
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.bashrc"
 
-    go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs
-    if [ ! "$?" = "0" ]; then
+    if ! go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs; then
         exit 8242
     fi
 
-    if [ ! -d $GOPATH/src/$IPFS_GO_REPO_BASE ]; then
+    if [ ! -d "$GOPATH/src/$IPFS_GO_REPO_BASE" ]; then
         echo $'go get failed to get ipfs'
         exit 63923
     fi
 
-    cd $GOPATH/src/$IPFS_GO_REPO_BASE
-    git checkout $IPFS_COMMIT -b $IPFS_COMMIT
-    if [ ! "$?" = "0" ]; then
+    cd "$GOPATH/src/$IPFS_GO_REPO_BASE" || exit 346824
+    if ! git checkout $IPFS_COMMIT -b $IPFS_COMMIT; then
         exit 735639
     fi
 
     set_completion_param "ipfs commit" "$IPFS_COMMIT"
 
-    make install
-    if [ ! "$?" = "0" ]; then
+    if ! make install; then
         exit 547242
     fi
 
     # initialise
-    chmod 755 $IPFS_PATH/ipfs
-    su -c "$IPFS_PATH/ipfs init -b 2048" - $MY_USERNAME
-    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
+    chmod 755 "$IPFS_PATH/ipfs"
+    su -c "$IPFS_PATH/ipfs init -b 2048" - "$MY_USERNAME"
+    if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
         echo "IPFS could not be initialised for user $MY_USERNAME"
         exit 7358
     fi
@@ -553,40 +553,40 @@ function install_ipfs_go {
     if [ ! -d /ipfs ]; then
         mkdir /ipfs
         mkdir /ipns
-        chown $MY_USERNAME:$MY_USERNAME /ipfs
-        chown $MY_USERNAME:$MY_USERNAME /ipns
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipns
     fi
 
     if [ -f /etc/fuse.conf ]; then
-        chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+        chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
     fi
     if [ -f /dev/fuse ]; then
-        chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+        chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
     fi
 
-    echo '[Unit]' > /etc/systemd/system/ipfs.service
-    echo 'Description=IPFS go daemon' >> /etc/systemd/system/ipfs.service
-    echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
-    echo 'After=network.target' >> /etc/systemd/system/ipfs.service
-    echo '' >> /etc/systemd/system/ipfs.service
-    echo '[Service]' >> /etc/systemd/system/ipfs.service
-    echo 'Type=simple' >> /etc/systemd/system/ipfs.service
-    echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
-    echo '' >> /etc/systemd/system/ipfs.service
-    echo '[Install]' >> /etc/systemd/system/ipfs.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
+    { echo '[Unit]';
+      echo 'Description=IPFS go daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=$MY_USERNAME";
+      echo "Group=$MY_USERNAME";
+      echo "WorkingDirectory=/home/$MY_USERNAME";
+      echo "ExecStart=$IPFS_PATH/ipfs daemon --mount";
+      echo 'Restart=on-failure';
+      echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ipfs.service
 
     systemctl enable ipfs
     systemctl daemon-reload
     systemctl restart ipfs
 
     if [ -d /etc/avahi ]; then
-        su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
+        su -c "echo $("$IPFS_PATH/ipfs" id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - "$MY_USERNAME"
         if [ ! -f /tmp/ipfsid ]; then
             echo 'No IPFS identity was created'
             exit 37895

src/freedombone-app-irc

@@ -63,7 +63,7 @@ function logging_off_irc {
 }
 
 function irc_get_global_password {
-    echo $(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}')
+    grep "Password =" /etc/ngircd/ngircd.conf | head -n 1 | awk -F '=' '{print $2}'
 }
 
 function start_irc_bouncer {
@@ -93,70 +93,70 @@ function create_irssi_config {
         new_name="$new_username"
     fi
 
-    echo 'servers = (' > /home/${new_username}/.irssi/config
-    echo '  {' >> /home/${new_username}/.irssi/config
-    echo '    address = "chat.freenode.net";' >> /home/${new_username}/.irssi/config
-    echo '    chatnet = "Freenode";' >> /home/${new_username}/.irssi/config
-    echo '    port = "6667";' >> /home/${new_username}/.irssi/config
-    echo '    autoconnect = "no";' >> /home/${new_username}/.irssi/config
-    echo '  },' >> /home/${new_username}/.irssi/config
-    echo '  {' >> /home/${new_username}/.irssi/config
-    echo '    address = "irc.oftc.net";' >> /home/${new_username}/.irssi/config
-    echo '    chatnet = "OFTC";' >> /home/${new_username}/.irssi/config
-    echo '    port = "6667";' >> /home/${new_username}/.irssi/config
-    echo '    autoconnect = "no";' >> /home/${new_username}/.irssi/config
-    echo '  },' >> /home/${new_username}/.irssi/config
-    echo '  {' >> /home/${new_username}/.irssi/config
-    echo "    address = \"127.0.0.1\";" >> /home/${new_username}/.irssi/config
-    echo '    ssl_verify = "no";' >> /home/${new_username}/.irssi/config
+    { echo 'servers = (';
+      echo '  {';
+      echo '    address = "chat.freenode.net";';
+      echo '    chatnet = "Freenode";';
+      echo '    port = "6667";';
+      echo '    autoconnect = "no";';
+      echo '  },';
+      echo '  {';
+      echo '    address = "irc.oftc.net";';
+      echo '    chatnet = "OFTC";';
+      echo '    port = "6667";';
+      echo '    autoconnect = "no";';
+      echo '  },';
+      echo '  {';
+      echo "    address = \"127.0.0.1\";";
+      echo '    ssl_verify = "no";'; } > "/home/${new_username}/.irssi/config"
     if [[ ${ONION_ONLY} == 'no' ]]; then
-        echo '    use_ssl = "yes";' >> /home/${new_username}/.irssi/config
-        echo "    port = \"${IRC_BOUNCER_PORT}\";" >> /home/${new_username}/.irssi/config
+        echo '    use_ssl = "yes";' >> "/home/${new_username}/.irssi/config"
+        echo "    port = \"${IRC_BOUNCER_PORT}\";" >> "/home/${new_username}/.irssi/config"
     else
-        echo '    use_ssl = "no";' >> /home/${new_username}/.irssi/config
-        IRC_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep "irc onion domain" | head -n 1 | awk -F ':' '{print $2}')
-        echo "    port = \"${IRC_ONION_PORT}\";" >> /home/${new_username}/.irssi/config
+        echo '    use_ssl = "no";' >> "/home/${new_username}/.irssi/config"
+        IRC_ONION_HOSTNAME=$(grep "irc onion domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}')
+        echo "    port = \"${IRC_ONION_PORT}\";" >> "/home/${new_username}/.irssi/config"
     fi
-    echo '    chatnet = "Freedombone";' >> /home/${new_username}/.irssi/config
-    echo '    autoconnect = "yes";' >> /home/${new_username}/.irssi/config
-    if [ ${IRC_PASSWORD} ]; then
-        echo "    password = \"${IRC_PASSWORD}\";" >> /home/${new_username}/.irssi/config
+    echo '    chatnet = "Freedombone";' >> "/home/${new_username}/.irssi/config"
+    echo '    autoconnect = "yes";' >> "/home/${new_username}/.irssi/config"
+    if [ "${IRC_PASSWORD}" ]; then
+        echo "    password = \"${IRC_PASSWORD}\";" >> "/home/${new_username}/.irssi/config"
     fi
-    echo '  }' >> /home/${new_username}/.irssi/config
-    echo ');' >> /home/${new_username}/.irssi/config
-    echo '' >> /home/${new_username}/.irssi/config
-    echo 'chatnets = {' >> /home/${new_username}/.irssi/config
-    echo '  Freedombone = {' >> /home/${new_username}/.irssi/config
-    echo '    type = "IRC";' >> /home/${new_username}/.irssi/config
-    echo '    max_kicks = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_msgs = "4";' >> /home/${new_username}/.irssi/config
-    echo '    max_whois = "1";' >> /home/${new_username}/.irssi/config
-    echo '  };' >> /home/${new_username}/.irssi/config
-    echo '  Freenode = {' >> /home/${new_username}/.irssi/config
-    echo '    type = "IRC";' >> /home/${new_username}/.irssi/config
-    echo '    max_kicks = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_msgs = "4";' >> /home/${new_username}/.irssi/config
-    echo '    max_whois = "1";' >> /home/${new_username}/.irssi/config
-    echo '  };' >> /home/${new_username}/.irssi/config
-    echo '  OFTC = {' >> /home/${new_username}/.irssi/config
-    echo '    type = "IRC";' >> /home/${new_username}/.irssi/config
-    echo '    max_kicks = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_msgs = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_whois = "1";' >> /home/${new_username}/.irssi/config
-    echo '  };' >> /home/${new_username}/.irssi/config
-    echo '};' >> /home/${new_username}/.irssi/config
-    echo '' >> /home/${new_username}/.irssi/config
-    echo 'channels = (' >> /home/${new_username}/.irssi/config
-    echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/${new_username}/.irssi/config
-    echo ');' >> /home/${new_username}/.irssi/config
-    echo '' >> /home/${new_username}/.irssi/config
-    echo 'settings = {' >> /home/${new_username}/.irssi/config
-    echo "  core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };" >> /home/${new_username}/.irssi/config
-    echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/${new_username}/.irssi/config
-    echo '};' >> /home/${new_username}/.irssi/config
-    echo 'ignores = ( { level = "CTCPS"; } );' >> /home/${new_username}/.irssi/config
+    { echo '  }';
+      echo ');';
+      echo '';
+      echo 'chatnets = {';
+      echo '  Freedombone = {';
+      echo '    type = "IRC";';
+      echo '    max_kicks = "1";';
+      echo '    max_msgs = "4";';
+      echo '    max_whois = "1";';
+      echo '  };';
+      echo '  Freenode = {';
+      echo '    type = "IRC";';
+      echo '    max_kicks = "1";';
+      echo '    max_msgs = "4";';
+      echo '    max_whois = "1";';
+      echo '  };';
+      echo '  OFTC = {';
+      echo '    type = "IRC";';
+      echo '    max_kicks = "1";';
+      echo '    max_msgs = "1";';
+      echo '    max_whois = "1";';
+      echo '  };';
+      echo '};';
+      echo '';
+      echo 'channels = (';
+      echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },';
+      echo ');';
+      echo '';
+      echo 'settings = {';
+      echo "  core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };";
+      echo '  "fe-text" = { actlist_sort = "refnum"; };';
+      echo '};';
+      echo 'ignores = ( { level = "CTCPS"; } );'; } >> "/home/${new_username}/.irssi/config"
 
-    chown -R ${new_username}:${new_username} /home/${new_username}/.irssi
+    chown -R "${new_username}":"${new_username}" "/home/${new_username}/.irssi"
 }
 
 function remove_user_irc_bouncer {
@@ -172,14 +172,14 @@ function remove_user_irc_bouncer {
 function remove_user_irc {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp irc
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp irc
 
-    remove_user_irc_bouncer ${remove_username}
-    if [ -d /home/${remove_username}/.irssi ]; then
-        rm -rf /home/${remove_username}/.irssi
+    remove_user_irc_bouncer "${remove_username}"
+    if [ -d "/home/${remove_username}/.irssi" ]; then
+        rm -rf "/home/${remove_username}/.irssi"
     fi
-    if [ -d /home/${remove_username}/irclogs ]; then
-        rm -rf /home/${remove_username}/irclogs
+    if [ -d "/home/${remove_username}/irclogs" ]; then
+        rm -rf "/home/${remove_username}/irclogs"
     fi
 }
 
@@ -192,9 +192,9 @@ function irc_set_global_password_base {
     for d in /home/*/ ; do
         IRC_USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$IRC_USERNAME") == "1" ]]; then
-            if [ -f /home/${IRC_USERNAME}/.irssi/config ]; then
-                sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" /home/${IRC_USERNAME}/.irssi/config
-                chown -R ${IRC_USERNAME}:${IRC_USERNAME} /home/${IRC_USERNAME}/.irssi
+            if [ -f "/home/${IRC_USERNAME}/.irssi/config" ]; then
+                sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" "/home/${IRC_USERNAME}/.irssi/config"
+                chown -R "${IRC_USERNAME}":"${IRC_USERNAME}" "/home/${IRC_USERNAME}/.irssi"
             fi
         fi
     done
@@ -217,11 +217,11 @@ function irc_set_global_password_base {
     sed -i "s|Server     = 127.0.0.1.*|Server     = 127.0.0.1 ${IRC_PORT} ${NEW_IRC_PASSWORD}|g" /home/znc/.znc/configs/znc.conf
 
     # Update the password
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a irc -p "$NEW_IRC_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a irc -p "$NEW_IRC_PASSWORD"
 
     # matrix bridge to irc
-    if [ -f $INSTALL_DIR/matrix_irc_bridge/config.yaml ]; then
-        sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" $INSTALL_DIR/matrix_irc_bridge/config.yaml
+    if [ -f "$INSTALL_DIR/matrix_irc_bridge/config.yaml" ]; then
+        sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" "$INSTALL_DIR/matrix_irc_bridge/config.yaml"
         systemctl restart matrix_irc_bridge
     fi
 
@@ -244,7 +244,7 @@ function add_user_irc_bouncer {
     new_user_password=$(irc_get_global_password)
     IRC_PASSWORD="$new_user_password"
     is_admin='true'
-    if [ ! $3 ]; then
+    if [ ! "$3" ]; then
         is_admin='false'
     fi
 
@@ -255,7 +255,7 @@ function add_user_irc_bouncer {
     read_config_param IRC_PORT
     read_config_param DEFAULT_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $new_username -a irc -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a irc -p "$new_user_password"
 
     stop_irc_bouncer
 
@@ -269,73 +269,73 @@ function add_user_irc_bouncer {
         return
     fi
 
-    echo "<User ${new_username}>" >> /home/znc/.znc/configs/znc.conf
-    echo "    Admin      = ${is_admin}" >> /home/znc/.znc/configs/znc.conf
-    echo "    AltNick = ${new_username}_" >> /home/znc/.znc/configs/znc.conf
-    echo '    AppendTimestamp = false' >> /home/znc/.znc/configs/znc.conf
-    echo '    AutoClearChanBuffer = true' >> /home/znc/.znc/configs/znc.conf
-    echo '    AutoClearQueryBuffer = true' >> /home/znc/.znc/configs/znc.conf
-    echo "    Buffer = ${IRC_BUFFER_LENGTH}" >> /home/znc/.znc/configs/znc.conf
-    echo '    DenyLoadMod = false' >> /home/znc/.znc/configs/znc.conf
-    echo '    DenySetBindHost = false' >> /home/znc/.znc/configs/znc.conf
-    echo "    Ident = ${new_username}" >> /home/znc/.znc/configs/znc.conf
-    echo '    JoinTries = 10' >> /home/znc/.znc/configs/znc.conf
-    echo '    LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '    LoadModule = controlpanel' >> /home/znc/.znc/configs/znc.conf
-    echo '    MaxJoins = 10' >> /home/znc/.znc/configs/znc.conf
-    echo '    MaxNetworks = 10' >> /home/znc/.znc/configs/znc.conf
-    echo '    MaxQueryBuffers = 50' >> /home/znc/.znc/configs/znc.conf
-    echo '    MultiClients = true' >> /home/znc/.znc/configs/znc.conf
-    echo "    Nick = ${new_username}" >> /home/znc/.znc/configs/znc.conf
-    echo '    PrependTimestamp = true' >> /home/znc/.znc/configs/znc.conf
-    echo '    QuitMsg = Bye' >> /home/znc/.znc/configs/znc.conf
-    echo "    RealName = ${new_username}" >> /home/znc/.znc/configs/znc.conf
-    echo '    StatusPrefix = *' >> /home/znc/.znc/configs/znc.conf
-    echo '    TimestampFormat = [%H:%M:%S]' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo "    <Network ${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo "        Server     = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}" >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo "        <Chan #${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf
-    echo '        </Chan>' >> /home/znc/.znc/configs/znc.conf
-    echo '    </Network>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '    <Network oftc>' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf
-    echo '        IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf
-    echo '        Server = irc.oftc.net 6697' >> /home/znc/.znc/configs/znc.conf
-    echo '    </Network>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '    <Network freenode>' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf
-    echo '        IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf
-    echo '        Server = irc.freenode.net 6697' >> /home/znc/.znc/configs/znc.conf
-    echo '    </Network>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '    <Pass password>' >> /home/znc/.znc/configs/znc.conf
-    echo "        Hash = ${new_user_hash}" >> /home/znc/.znc/configs/znc.conf
-    echo '        Method = sha256' >> /home/znc/.znc/configs/znc.conf
-    echo "        Salt = ${ZNC_SALT}" >> /home/znc/.znc/configs/znc.conf
-    echo '    </Pass>' >> /home/znc/.znc/configs/znc.conf
-    echo '</User>' >> /home/znc/.znc/configs/znc.conf
+    { echo "<User ${new_username}>";
+      echo "    Admin      = ${is_admin}";
+      echo "    AltNick = ${new_username}_";
+      echo '    AppendTimestamp = false';
+      echo '    AutoClearChanBuffer = true';
+      echo '    AutoClearQueryBuffer = true';
+      echo "    Buffer = ${IRC_BUFFER_LENGTH}";
+      echo '    DenyLoadMod = false';
+      echo '    DenySetBindHost = false';
+      echo "    Ident = ${new_username}";
+      echo '    JoinTries = 10';
+      echo '    LoadModule = chansaver';
+      echo '    LoadModule = controlpanel';
+      echo '    MaxJoins = 10';
+      echo '    MaxNetworks = 10';
+      echo '    MaxQueryBuffers = 50';
+      echo '    MultiClients = true';
+      echo "    Nick = ${new_username}";
+      echo '    PrependTimestamp = true';
+      echo '    QuitMsg = Bye';
+      echo "    RealName = ${new_username}";
+      echo '    StatusPrefix = *';
+      echo '    TimestampFormat = [%H:%M:%S]';
+      echo '';
+      echo "    <Network ${PROJECT_NAME}>";
+      echo '        LoadModule = chansaver';
+      echo '        LoadModule = simple_away';
+      echo '';
+      echo "        Server     = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}";
+      echo '';
+      echo "        <Chan #${PROJECT_NAME}>";
+      echo '        </Chan>';
+      echo '    </Network>';
+      echo '';
+      echo '    <Network oftc>';
+      echo '        LoadModule = chansaver';
+      echo '        LoadModule = simple_away';
+      echo '        FloodBurst = 4';
+      echo '        FloodRate = 1.00';
+      echo '        IRCConnectEnabled = true';
+      echo '        Server = irc.oftc.net 6697';
+      echo '    </Network>';
+      echo '';
+      echo '    <Network freenode>';
+      echo '        LoadModule = chansaver';
+      echo '        LoadModule = simple_away';
+      echo '        FloodBurst = 4';
+      echo '        FloodRate = 1.00';
+      echo '        IRCConnectEnabled = true';
+      echo '        Server = irc.freenode.net 6697';
+      echo '    </Network>';
+      echo '';
+      echo '    <Pass password>';
+      echo "        Hash = ${new_user_hash}";
+      echo '        Method = sha256';
+      echo "        Salt = ${ZNC_SALT}";
+      echo '    </Pass>';
+      echo '</User>'; } >> /home/znc/.znc/configs/znc.conf
 
-    mkdir -p /home/znc/.znc/users/${new_username}/moddata
-    mkdir -p /home/znc/.znc/users/${new_username}/networks
-    mkdir /home/znc/.znc/users/${new_username}/moddata/chanserver
-    mkdir /home/znc/.znc/users/${new_username}/moddata/controlpanel
-    mkdir /home/znc/.znc/users/${new_username}/moddata/perform
-    mkdir /home/znc/.znc/users/${new_username}/moddata/webadmin
-    mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver
-    mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away
+    mkdir -p "/home/znc/.znc/users/${new_username}/moddata"
+    mkdir -p "/home/znc/.znc/users/${new_username}/networks"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/chanserver"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/controlpanel"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/perform"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/webadmin"
+    mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver"
+    mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away"
 
     mkdir -p /home/znc/.znc/moddata/webadmin
 
@@ -353,8 +353,8 @@ function add_user_irc {
         IRC_PASSWORD=
     fi
 
-    if [ ! -d /home/${new_username}/.irssi ]; then
-        mkdir /home/${new_username}/.irssi
+    if [ ! -d "/home/${new_username}/.irssi" ]; then
+        mkdir "/home/${new_username}/.irssi"
     fi
 
     create_irssi_config "${new_username}"
@@ -374,19 +374,21 @@ function irc_show_password {
 
 function irc_set_global_password {
     EXISTING_IRC_PASSWORD=$(irc_get_global_password)
+    data=$(mktemp 2>/dev/null)
     dialog --title $"IRC Password" \
            --clear \
            --backtitle $"Freedombone Control Panel" \
-           --passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> $data
+           --passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> "$data"
     sel=$?
     case $sel in
         0)
-            NEW_IRC_PASSWORD=$(<$data)
+            NEW_IRC_PASSWORD=$(<"$data")
             irc_set_global_password_base "$NEW_IRC_PASSWORD"
             dialog --title $"IRC Password" \
                    --msgbox $"The IRC password was changed" 6 40
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_irc {
@@ -398,24 +400,26 @@ function configure_interactive_irc {
 
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"IRC Menu" \
                --radiolist $"Choose an operation:" 14 70 4 \
                1 $"Set a password for all IRC users" off \
                2 $"Show current IRC login password" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) irc_set_global_password;;
             2) irc_show_password;;
             3) break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -466,7 +470,7 @@ function remove_irc {
     remove_onion_service irc ${IRC_ONION_PORT}
     remove_completion_param install_irc
     remove_completion_param configure_firewall_for_irc
-    sed -i '/IRC /d' ${COMPLETION_FILE}
+    sed -i '/IRC /d' "${COMPLETION_FILE}"
     sed -i '/znc 2> /d' /etc/crontab
     stop_irc_bouncer
     if [ -d /home/znc ]; then
@@ -481,7 +485,7 @@ function configure_firewall_for_irc {
     if [ ! -d /etc/ngircd ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ ${INSTALLED_WITHIN_DOCKER} == "yes" ]]; then
@@ -496,7 +500,7 @@ function configure_firewall_for_irc {
     save_firewall_settings
 
     firewall_add IRC ${IRC_BOUNCER_PORT} tcp
-    echo 'configure_firewall_for_irc' >> ${COMPLETION_FILE}
+    echo 'configure_firewall_for_irc' >> "${COMPLETION_FILE}"
 }
 
 function install_irc_server {
@@ -511,29 +515,29 @@ function install_irc_server {
     fi
 
     # obtain a cert for the default domain
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+    if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
         echo $'Obtaining certificate for the main domain'
-        create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
+        create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
     fi
 
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "0" ]]; then
-        ${PROJECT_NAME}-addcert -h ngircd --dhkey ${DH_KEYLENGTH}
+    if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}")" == "0" ]]; then
+        "${PROJECT_NAME}-addcert" -h ngircd --dhkey "${DH_KEYLENGTH}"
         function_check check_certificates
         check_certificates ngircd
     fi
 
     DEFAULTDOMAIN=${DEFAULT_DOMAIN_NAME}
 
-    IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    IRC_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
 
     set_password_for_all_users irc "$IRC_PASSWORD"
 
 
-    echo '**************************************************' > /etc/ngircd/motd
-    echo $'*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd
-    echo '*                                                *' >> /etc/ngircd/motd
-    echo $'*               Freedom in the Cloud             *' >> /etc/ngircd/motd
-    echo '**************************************************' >> /etc/ngircd/motd
+    { echo '**************************************************';
+      echo $'*           F R E E D O M B O N E   I R C        *';
+      echo '*                                                *';
+      echo $'*               Freedom in the Cloud             *';
+      echo '**************************************************'; } > /etc/ngircd/motd
     sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
     sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
     sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
@@ -541,7 +545,7 @@ function install_irc_server {
     sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
     sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/g" /etc/ngircd/ngircd.conf
     if [[ $ONION_ONLY == 'no' ]]; then
-        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
             sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf
         else
             sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf
@@ -562,10 +566,10 @@ function install_irc_server {
     sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
     sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
     IRC_SALT="$(create_password 30)"
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+        IRC_OPERATOR_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        IRC_OPERATOR_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
     sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
     sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
@@ -574,7 +578,7 @@ function install_irc_server {
     sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
     sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
     sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
-    if [ ${IRC_PASSWORD} ]; then
+    if [ "${IRC_PASSWORD}" ]; then
         sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
     fi
     # upgrade a cypher
@@ -585,7 +589,8 @@ function install_irc_server {
     touch /var/run/ngircd/ngircd.pid
     chown -R irc:irc /var/run/ngircd
 
-    IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_BOUNCER_PORT} ${IRC_ONION_PORT})
+    # shellcheck disable=SC2034
+    IRC_ONION_HOSTNAME=$(add_onion_service irc "${IRC_BOUNCER_PORT}" "${IRC_ONION_PORT}")
 
     if [ ! -d /var/run/ircd ]; then
         mkdir /var/run/ircd
@@ -608,8 +613,8 @@ function install_irc_client {
     fi
     apt-get -yq install irssi
 
-    if [ ! -d /home/${MY_USERNAME}/.irssi ]; then
-        mkdir /home/${MY_USERNAME}/.irssi
+    if [ ! -d "/home/${MY_USERNAME}/.irssi" ]; then
+        mkdir "/home/${MY_USERNAME}/.irssi"
     fi
 
     create_irssi_config "${MY_USERNAME}" "$MY_NAME"
@@ -632,41 +637,41 @@ function install_irc_bouncer {
     mkdir -p /home/znc/.znc/configs
     mkdir -p /home/znc/.znc/users
 
-    echo 'AnonIPLimit = 10' > /home/znc/.znc/configs/znc.conf
-    echo 'ConnectDelay = 5' >> /home/znc/.znc/configs/znc.conf
-    echo 'HideVersion = false' >> /home/znc/.znc/configs/znc.conf
-    echo 'MaxBufferSize = 500' >> /home/znc/.znc/configs/znc.conf
-    echo 'ProtectWebSessions = true' >> /home/znc/.znc/configs/znc.conf
-    echo 'SSLCertFile = /home/znc/.znc/znc.pem' >> /home/znc/.znc/configs/znc.conf
-    echo 'ServerThrottle = 30' >> /home/znc/.znc/configs/znc.conf
-    echo 'Version = 1.6.2' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '<Listener listener0>' >> /home/znc/.znc/configs/znc.conf
-    echo '  AllowIRC = true' >> /home/znc/.znc/configs/znc.conf
-    echo '  AllowWeb = false' >> /home/znc/.znc/configs/znc.conf
-    echo '  IPv4 = true' >> /home/znc/.znc/configs/znc.conf
-    echo '  IPv6 = true' >> /home/znc/.znc/configs/znc.conf
-    echo '  Port = 6697' >> /home/znc/.znc/configs/znc.conf
-    if [[ ${ONION_ONLY} == 'no' ]]; then
+    { echo 'AnonIPLimit = 10';
+      echo 'ConnectDelay = 5';
+      echo 'HideVersion = false';
+      echo 'MaxBufferSize = 500';
+      echo 'ProtectWebSessions = true';
+      echo 'SSLCertFile = /home/znc/.znc/znc.pem';
+      echo 'ServerThrottle = 30';
+      echo 'Version = 1.6.2';
+      echo '';
+      echo '<Listener listener0>';
+      echo '  AllowIRC = true';
+      echo '  AllowWeb = false';
+      echo '  IPv4 = true';
+      echo '  IPv6 = true';
+      echo '  Port = 6697'; } > /home/znc/.znc/configs/znc.conf
+    if [[ "${ONION_ONLY}" == 'no' ]]; then
         echo '  SSL = true' >> /home/znc/.znc/configs/znc.conf
     else
         echo '  SSL = false' >> /home/znc/.znc/configs/znc.conf
     fi
-    echo '  URIPrefix = /' >> /home/znc/.znc/configs/znc.conf
-    echo '</Listener>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
+    { echo '  URIPrefix = /';
+      echo '</Listener>';
+      echo ''; } >> /home/znc/.znc/configs/znc.conf
 
     if [ $IRC_PORT -ne $IRC_ONION_PORT ]; then
-        echo '<Listener listener1>' >> /home/znc/.znc/configs/znc.conf
-        echo '  AllowIRC = true' >> /home/znc/.znc/configs/znc.conf
-        echo '  AllowWeb = false' >> /home/znc/.znc/configs/znc.conf
-        echo '  IPv4 = true' >> /home/znc/.znc/configs/znc.conf
-        echo '  IPv6 = true' >> /home/znc/.znc/configs/znc.conf
-        echo "  Port = ${IRC_ONION_PORT}" >> /home/znc/.znc/configs/znc.conf
-        echo '  SSL = false' >> /home/znc/.znc/configs/znc.conf
-        echo '  URIPrefix = /' >> /home/znc/.znc/configs/znc.conf
-        echo '</Listener>' >> /home/znc/.znc/configs/znc.conf
-        echo '' >> /home/znc/.znc/configs/znc.conf
+        { echo '<Listener listener1>';
+          echo '  AllowIRC = true';
+          echo '  AllowWeb = false';
+          echo '  IPv4 = true';
+          echo '  IPv6 = true';
+          echo "  Port = ${IRC_ONION_PORT}";
+          echo '  SSL = false';
+          echo '  URIPrefix = /';
+          echo '</Listener>';
+          echo ''; } >> /home/znc/.znc/configs/znc.conf
     fi
 
     chown -R znc:znc /home/znc/.znc

src/freedombone-app-jitsi

@@ -105,7 +105,7 @@ function add_user_jitsi {
 }
 
 function install_interactive_jitsi {
-    if [ ! ${ONION_ONLY} ]; then
+    if [ ! "${ONION_ONLY}" ]; then
         ONION_ONLY='no'
     fi
 
@@ -202,7 +202,7 @@ function remove_jitsi {
 
     remove_app jitsi
     remove_completion_param install_jitsi
-    sed -i '/jitsi/d' ${COMPLETION_FILE}
+    sed -i '/jitsi/d' "${COMPLETION_FILE}"
 
     function_check remove_ddns_domain
     remove_ddns_domain $JITSI_DOMAIN_NAME
@@ -233,8 +233,7 @@ function install_jitsi {
     jitsi_deb_repo=unstable #binary
     apt-get -yq install wget debconf-utils default-jre
     install_nodejs jitsi
-    npm install -g browserify@13.1.1
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g browserify@13.1.1; then
         remove_nodejs jitsi
         exit 638352
     fi
@@ -272,17 +271,17 @@ function install_jitsi {
 
     echo 'server_names_hash_bucket_size 64;' > $jitsi_nginx_site
     if [[ $ONION_ONLY == "no" ]]; then
-        echo '' >> $jitsi_nginx_site
-        echo 'server {' >> $jitsi_nginx_site
-        echo '    listen 80;' >> $jitsi_nginx_site
-        echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
-        echo '    return 301 https://$host$request_uri;' >> $jitsi_nginx_site
-        echo '}' >> $jitsi_nginx_site
-        echo 'server {' >> $jitsi_nginx_site
-        echo '    listen 443 ssl;' >> $jitsi_nginx_site
-        echo '    #listen [::]:443 ssl;' >> $jitsi_nginx_site
-        echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
+        { echo '';
+          echo 'server {';
+          echo '    listen 80;';
+          echo "    server_name ${JITSI_DOMAIN_NAME};";
+          echo "    return 301 https://\$host\$request_uri;";
+          echo '}';
+          echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    server_name ${JITSI_DOMAIN_NAME};";
+          echo ''; } >> $jitsi_nginx_site
 
         function_check nginx_ssl
         nginx_ssl ${JITSI_DOMAIN_NAME}
@@ -290,80 +289,80 @@ function install_jitsi {
         function_check nginx_disable_sniffing
         nginx_disable_sniffing ${JITSI_DOMAIN_NAME}
 
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
-        echo '    index index.html index.htm;' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    location /config.js {' >> $jitsi_nginx_site
-        echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
-        echo '        rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    location / {' >> $jitsi_nginx_site
-        echo '        ssi on;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    # Backward compatibility' >> $jitsi_nginx_site
-        echo '    location ~ /external_api.* {' >> $jitsi_nginx_site
-        echo '        root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    # Logs' >> $jitsi_nginx_site
-        echo '    access_log /dev/null;' >> $jitsi_nginx_site
-        echo '    error_log /dev/null;' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    # BOSH' >> $jitsi_nginx_site
-        echo '    location /http-bind {' >> $jitsi_nginx_site
-        echo '        proxy_pass      http://localhost:5280/http-bind;' >> $jitsi_nginx_site
-        echo '        proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
-        echo '        proxy_set_header Host $http_host;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '}' >> $jitsi_nginx_site
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    root /usr/share/jitsi-meet;';
+          echo '    index index.html index.htm;';
+          echo '';
+          echo '    location /config.js {';
+          echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
+          echo '    }';
+          echo '';
+          echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {';
+          echo '        rewrite ^/(.*)$ / break;';
+          echo '    }';
+          echo '';
+          echo '    location / {';
+          echo '        ssi on;';
+          echo '    }';
+          echo '';
+          echo '    # Backward compatibility';
+          echo '    location ~ /external_api.* {';
+          echo '        root /usr/share/jitsi-meet/libs;';
+          echo '    }';
+          echo '';
+          echo '    # Logs';
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+          echo '    # BOSH';
+          echo '    location /http-bind {';
+          echo '        proxy_pass      http://localhost:5280/http-bind;';
+          echo "        proxy_set_header X-Forwarded-For \$remote_addr;";
+          echo "        proxy_set_header Host \$http_host;";
+          echo '    }';
+          echo '}'; } >> $jitsi_nginx_site
     fi
-    echo '' >> $jitsi_nginx_site
-    echo 'server {' >> $jitsi_nginx_site
-    echo "    listen 127.0.0.1:$JITSI_ONION_PORT default_server;" >> $jitsi_nginx_site
+    { echo '';
+      echo 'server {';
+      echo "    listen 127.0.0.1:$JITSI_ONION_PORT default_server;"; } >> $jitsi_nginx_site
     if [[ $ONION_ONLY == 'no' ]]; then
         echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
     else
         echo "    server_name ${JITSI_ONION_HOSTNAME};" >> $jitsi_nginx_site
     fi
-    echo '' >> $jitsi_nginx_site
-    echo '    root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
-    echo '    index index.html index.htm;' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    location /config.js {' >> $jitsi_nginx_site
-    echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
-    echo '        rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    location / {' >> $jitsi_nginx_site
-    echo '        ssi off;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    # Backward compatibility' >> $jitsi_nginx_site
-    echo '    location ~ /external_api.* {' >> $jitsi_nginx_site
-    echo '        root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    # Logs' >> $jitsi_nginx_site
-    echo '    access_log /dev/null;' >> $jitsi_nginx_site
-    echo '    error_log /dev/null;' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    # BOSH' >> $jitsi_nginx_site
-    echo '    location /http-bind {' >> $jitsi_nginx_site
-    echo '        proxy_pass      http://localhost:5280/http-bind;' >> $jitsi_nginx_site
-    echo '        proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
-    echo '        proxy_set_header Host $http_host;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '}' >> $jitsi_nginx_site
+    { echo '';
+      echo '    root /usr/share/jitsi-meet;';
+      echo '    index index.html index.htm;';
+      echo '';
+      echo '    location /config.js {';
+      echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
+      echo '    }';
+      echo '';
+      echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {';
+      echo '        rewrite ^/(.*)$ / break;';
+      echo '    }';
+      echo '';
+      echo '    location / {';
+      echo '        ssi off;';
+      echo '    }';
+      echo '';
+      echo '    # Backward compatibility';
+      echo '    location ~ /external_api.* {';
+      echo '        root /usr/share/jitsi-meet/libs;';
+      echo '    }';
+      echo '';
+      echo '    # Logs';
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
+      echo '    # BOSH';
+      echo '    location /http-bind {';
+      echo '        proxy_pass      http://localhost:5280/http-bind;';
+      echo "        proxy_set_header X-Forwarded-For \$remote_addr;";
+      echo "        proxy_set_header Host \$http_host;";
+      echo '    }';
+      echo '}'; } >> $jitsi_nginx_site
 
     sed -i "s|/var/www/${JITSI_DOMAIN_NAME}/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site
 
@@ -376,7 +375,7 @@ function install_jitsi {
         fi
         function_check create_site_certificate
         create_site_certificate ${JITSI_DOMAIN_NAME} 'yes'
-        if [[ $ONION_ONLY == "no" ]]; then
+        if [[ "$ONION_ONLY" == "no" ]]; then
             if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
                 exit 678363
             fi

src/freedombone-app-kanboard

@@ -70,19 +70,19 @@ function logging_off_kanboard {
 function remove_user_kanboard {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp kanboard
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp kanboard
 }
 
 function add_user_kanboard {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a kanboard -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a kanboard -p "$new_user_password"
     echo '0'
 }
 
 function install_interactive_kanboard {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -92,42 +92,43 @@ function install_interactive_kanboard {
         KANBOARD_DETAILS_COMPLETE=
         while [ ! $KANBOARD_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"KanBoard Configuration" \
-                       --form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
+                       --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
                        $"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
                        $"Code:" 2 1 "$(grep 'KANBOARD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"KanBoard Configuration" \
-                       --form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
+                       --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
                        $"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            KANBOARD_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $KANBOARD_DOMAIN_NAME ]; then
+            KANBOARD_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$KANBOARD_DOMAIN_NAME" ]; then
                 if [[ $KANBOARD_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     KANBOARD_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$KANBOARD_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $KANBOARD_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$KANBOARD_DOMAIN_NAME" ]]; then
                     KANBOARD_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        KANBOARD_CODE=$(cat $data | sed -n 2p)
+                        KANBOARD_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$KANBOARD_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             KANBOARD_DOMAIN_NAME=
                         fi
                     fi
@@ -136,6 +137,7 @@ function install_interactive_kanboard {
             if [ $KANBOARD_DOMAIN_NAME ]; then
                 KANBOARD_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -151,23 +153,23 @@ function change_password_kanboard {
 
     read_config_param 'KANBOARD_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a kanboard -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a kanboard -p "$new_user_password"
 }
 
 function kanboard_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        KANBOARD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        KANBOARD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $KANBOARD_ADMIN_PASSWORD ]; then
-            KANBOARD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
+            KANBOARD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $KANBOARD_ADMIN_PASSWORD ]; then
+    if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database kanboard "$KANBOARD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database kanboard "$KANBOARD_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_kanboard {
@@ -180,40 +182,40 @@ function upgrade_kanboard {
         return
     fi
 
-    if grep -q "kanboard domain" $COMPLETION_FILE; then
+    if grep -q "kanboard domain" "$COMPLETION_FILE"; then
         KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$KANBOARD_DOMAIN_NAME/htdocs "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO
+    set_repo_commit "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO
 
-    chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_kanboard {
     KANBOARD_DOMAIN_NAME='kanboard'
-    if grep -q "kanboard domain" $COMPLETION_FILE; then
+    if grep -q "kanboard domain" "$COMPLETION_FILE"; then
         KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
     fi
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory
+    cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
 
     function_check suspend_site
-    suspend_site ${KANBOARD_DOMAIN_NAME}
+    suspend_site "${KANBOARD_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=kanboardconfig
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
     dest_directory=kanboardfile
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check backup_database_to_usb
     backup_database_to_usb kanboard
@@ -223,11 +225,11 @@ function backup_local_kanboard {
 }
 
 function restore_local_kanboard {
-    if ! grep -q "kanboard domain" $COMPLETION_FILE; then
+    if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
         return
     fi
     KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
-    if [ $KANBOARD_DOMAIN_NAME ]; then
+    if [ "$KANBOARD_DOMAIN_NAME" ]; then
         echo $"Restoring kanboard"
         temp_restore_dir=/root/tempkanboard
         kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@@ -243,30 +245,30 @@ function restore_local_kanboard {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir kanboardconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/backup ]; then
-                cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
+                cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
             else
-                cp $temp_restore_dir/config.php $kanboard_dir/
+                cp "$temp_restore_dir/config.php" "$kanboard_dir/"
             fi
-            chown www-data:www-data $kanboard_dir/config.php
+            chown www-data:www-data "$kanboard_dir/config.php"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_usb $temp_restore_dir kanboardfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/data ]; then
-                cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
+                cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
             else
-                if [ ! -d $kanboard_dir/data ]; then
-                    mkdir $kanboard_dir/data
+                if [ ! -d "$kanboard_dir/data" ]; then
+                    mkdir "$kanboard_dir/data"
                 fi
-                cp -rp $temp_restore_dir/* $kanboard_dir/data/
+                cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
             fi
-            chown -R www-data:www-data $kanboard_dir/data
+            chown -R www-data:www-data "$kanboard_dir/data"
             rm -rf $temp_restore_dir
         fi
 
-        kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME}
+        kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
 
         echo $"Restore of kanboard complete"
     fi
@@ -274,26 +276,26 @@ function restore_local_kanboard {
 
 function backup_remote_kanboard {
     KANBOARD_DOMAIN_NAME='kanboard'
-    if grep -q "kanboard domain" $COMPLETION_FILE; then
+    if grep -q "kanboard domain" "$COMPLETION_FILE"; then
         KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
     fi
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory
+    cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
 
     function_check suspend_site
-    suspend_site ${KANBOARD_DOMAIN_NAME}
+    suspend_site "${KANBOARD_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=kanboardconfig
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
     dest_directory=kanboardfile
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check backup_database_to_friend
     backup_database_to_friend kanboard
@@ -303,11 +305,11 @@ function backup_remote_kanboard {
 }
 
 function restore_remote_kanboard {
-    if ! grep -q "kanboard domain" $COMPLETION_FILE; then
+    if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
         return
     fi
     KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
-    if [ $KANBOARD_DOMAIN_NAME ]; then
+    if [ "$KANBOARD_DOMAIN_NAME" ]; then
         echo $"Restoring kanboard"
         temp_restore_dir=/root/tempkanboard
         kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@@ -324,30 +326,30 @@ function restore_remote_kanboard {
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir kanboardconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/backup ]; then
-                cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
+                cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
             else
-                cp $temp_restore_dir/config.php $kanboard_dir/
+                cp "$temp_restore_dir/config.php" "$kanboard_dir/"
             fi
-            chown www-data:www-data $kanboard_dir/config.php
+            chown www-data:www-data "$kanboard_dir/config.php"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_friend $temp_restore_dir kanboardfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/data ]; then
-                cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
+                cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
             else
-                if [ ! -d $kanboard_dir/data ]; then
-                    mkdir $kanboard_dir/data
+                if [ ! -d "$kanboard_dir/data" ]; then
+                    mkdir "$kanboard_dir/data"
                 fi
-                cp -rp $temp_restore_dir/* $kanboard_dir/data/
+                cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
             fi
-            chown -R www-data:www-data $kanboard_dir/data
+            chown -R www-data:www-data "$kanboard_dir/data"
             rm -rf $temp_restore_dir
         fi
 
-        kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME}
+        kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
 
         echo $"Restore of kanboard complete"
     fi
@@ -360,14 +362,14 @@ function remove_kanboard {
     read_config_param "KANBOARD_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $KANBOARD_DOMAIN_NAME"
-    nginx_dissite $KANBOARD_DOMAIN_NAME
-    remove_certs $KANBOARD_DOMAIN_NAME
+    nginx_dissite "$KANBOARD_DOMAIN_NAME"
+    remove_certs "$KANBOARD_DOMAIN_NAME"
 
-    if [ -d /var/www/$KANBOARD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$KANBOARD_DOMAIN_NAME
+    if [ -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$KANBOARD_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database kanboard
@@ -375,11 +377,11 @@ function remove_kanboard {
     remove_onion_service kanboard ${KANBOARD_ONION_PORT}
     remove_app kanboard
     remove_completion_param install_kanboard
-    sed -i '/kanboard/d' $COMPLETION_FILE
+    sed -i '/kanboard/d' "$COMPLETION_FILE"
     remove_backup_database_local kanboard
 
     function_check remove_ddns_domain
-    remove_ddns_domain $KANBOARD_DOMAIN_NAME
+    remove_ddns_domain "$KANBOARD_DOMAIN_NAME"
 }
 
 function install_kanboard {
@@ -387,12 +389,12 @@ function install_kanboard {
         ONION_ONLY='no'
     fi
 
-    if [ ! $KANBOARD_DOMAIN_NAME ]; then
+    if [ ! "$KANBOARD_DOMAIN_NAME" ]; then
         echo $'No domain name was given for kanboard'
         exit 73478
     fi
 
-    kanboard_hourly_script kanboard $KANBOARD_DOMAIN_NAME
+    kanboard_hourly_script kanboard "$KANBOARD_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -406,34 +408,34 @@ function install_kanboard {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME ]; then
-        mkdir /var/www/$KANBOARD_DOMAIN_NAME
+    if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$KANBOARD_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/kanboard ]; then
-            mkdir /var/www/$KANBOARD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/kanboard/. /var/www/$KANBOARD_DOMAIN_NAME/htdocs
-            cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/kanboard/. "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 2468274
             git pull
         else
             function_check git_clone
-            git_clone $KANBOARD_REPO /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+            git_clone "$KANBOARD_REPO" "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone kanboard repo'
             exit 89365
         fi
     fi
 
-    cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+    cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 234682642
     git checkout $KANBOARD_COMMIT -b $KANBOARD_COMMIT
     set_completion_param "kanboard commit" "$KANBOARD_COMMIT"
 
-    chmod g+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs/data
-    chown -R www-data:www-data /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs/data"
+    chown -R www-data:www-data "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
 
     function_check kanboard_create_database
     kanboard_create_database
@@ -446,118 +448,118 @@ function install_kanboard {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $KANBOARD_DOMAIN_NAME
+    add_ddns_domain "$KANBOARD_DOMAIN_NAME"
 
     KANBOARD_ONION_HOSTNAME=$(add_onion_service kanboard 80 ${KANBOARD_ONION_PORT})
 
     kanboard_nginx_site=/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $KANBOARD_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $kanboard_nginx_site
-        echo '  listen 443 ssl;' >> $kanboard_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $kanboard_nginx_site
-        echo "  server_name $KANBOARD_DOMAIN_NAME;" >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
+        nginx_http_redirect "$KANBOARD_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $KANBOARD_DOMAIN_NAME;";
+          echo ''; } >> "$kanboard_nginx_site"
         function_check nginx_compress
-        nginx_compress $KANBOARD_DOMAIN_NAME
-        echo '' >> $kanboard_nginx_site
-        echo '  # Security' >> $kanboard_nginx_site
+        nginx_compress "$KANBOARD_DOMAIN_NAME"
+        echo '' >> "$kanboard_nginx_site"
+        echo '  # Security' >> "$kanboard_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $KANBOARD_DOMAIN_NAME
+        nginx_ssl "$KANBOARD_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $KANBOARD_DOMAIN_NAME
+        nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Logs' >> $kanboard_nginx_site
-        echo '  access_log /dev/null;' >> $kanboard_nginx_site
-        echo '  error_log /dev/null;' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Root' >> $kanboard_nginx_site
-        echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Index' >> $kanboard_nginx_site
-        echo '  index index.php;' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # PHP' >> $kanboard_nginx_site
-        echo '  location ~ \.php {' >> $kanboard_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Location' >> $kanboard_nginx_site
-        echo '  location / {' >> $kanboard_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$kanboard_nginx_site"
         function_check nginx_limits
-        nginx_limits $KANBOARD_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Fancy URLs' >> $kanboard_nginx_site
-        echo '  location @kanboard {' >> $kanboard_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $kanboard_nginx_site
-        echo '    deny all;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '}' >> $kanboard_nginx_site
+        nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @kanboard;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @kanboard {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}'; } >> "$kanboard_nginx_site"
     else
-        echo -n '' > $kanboard_nginx_site
+        echo -n '' > "$kanboard_nginx_site"
     fi
-    echo 'server {' >> $kanboard_nginx_site
-    echo "    listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;" >> $kanboard_nginx_site
-    echo "    server_name $KANBOARD_ONION_HOSTNAME;" >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;";
+      echo "    server_name $KANBOARD_ONION_HOSTNAME;";
+      echo ''; } >> "$kanboard_nginx_site"
     function_check nginx_compress
-    nginx_compress $KANBOARD_DOMAIN_NAME
-    echo '' >> $kanboard_nginx_site
+    nginx_compress "$KANBOARD_DOMAIN_NAME"
+    echo '' >> "$kanboard_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $KANBOARD_DOMAIN_NAME
-    echo '' >> $kanboard_nginx_site
-    echo '  # Logs' >> $kanboard_nginx_site
-    echo '  access_log /dev/null;' >> $kanboard_nginx_site
-    echo '  error_log /dev/null;' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Root' >> $kanboard_nginx_site
-    echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Index' >> $kanboard_nginx_site
-    echo '  index index.php;' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # PHP' >> $kanboard_nginx_site
-    echo '  location ~ \.php {' >> $kanboard_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Location' >> $kanboard_nginx_site
-    echo '  location / {' >> $kanboard_nginx_site
+    nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$kanboard_nginx_site"
     function_check nginx_limits
-    nginx_limits $KANBOARD_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Fancy URLs' >> $kanboard_nginx_site
-    echo '  location @kanboard {' >> $kanboard_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $kanboard_nginx_site
-    echo '    deny all;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '}' >> $kanboard_nginx_site
+    nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @kanboard;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @kanboard {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$kanboard_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $KANBOARD_DOMAIN_NAME 'yes'
+    create_site_certificate "$KANBOARD_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -568,36 +570,31 @@ function install_kanboard {
     backup_database_local kanboard
 
     function_check nginx_ensite
-    nginx_ensite $KANBOARD_DOMAIN_NAME
-
-    KANBOARD_SERVER=${KANBOARD_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        KANBOARD_SERVER=${KANBOARD_ONION_HOSTNAME}
-    fi
+    nginx_ensite "$KANBOARD_DOMAIN_NAME"
 
     # Create the configuration
-    kanboard_configfile=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php
-    cp /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php $kanboard_configfile
-    sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" $kanboard_configfile
-    sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" $kanboard_configfile
-    sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" $kanboard_configfile
-    sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" $kanboard_configfile
-    sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" $kanboard_configfile
-    sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" $kanboard_configfile
-    sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" $kanboard_configfile
+    kanboard_configfile="/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php"
+    cp "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php" "$kanboard_configfile"
+    sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" "$kanboard_configfile"
     logging_off_kanboard
 
-    initialise_database kanboard /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql
-    chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
+    initialise_database kanboard "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql"
+    chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
 
-    cd /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
+    cd "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs" || exit 24582468
     install_composer
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a kanboard -p "$KANBOARD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a kanboard -p "$KANBOARD_ADMIN_PASSWORD"
 
     set_completion_param "kanboard domain" "$KANBOARD_DOMAIN_NAME"
 

src/freedombone-app-keyserver

@@ -49,7 +49,7 @@ keyserver_variables=(ONION_ONLY
 function check_keyserver_directory_size {
     dirsize=$(du /var/lib/sks/DB | awk -F ' ' '{print $1}')
     # 500M
-    if [ $dirsize -gt 500000 ]; then
+    if [ "$dirsize" -gt 500000 ]; then
         echo "1"
         return
     fi
@@ -57,7 +57,7 @@ function check_keyserver_directory_size {
 }
 
 function keyserver_watchdog {
-    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+    ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
     keyserver_size_warning=$"The SKS keyserver database is getting large. Check that you aren't being spammed"
     keyserver_disabled_warning=$"The SKS keyserver has been disabled because it is getting too large. This is to prevent flooding attacks from crashing the server. You may need to restore the keyserver from backup."
@@ -67,19 +67,19 @@ function keyserver_watchdog {
 
     # check database size hourly
     keyserver_watchdog_script=/tmp/keyserver-watchdog
-    echo '#!/bin/bash' > $keyserver_watchdog_script
-    echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script
-    echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script
+    { echo '#!/bin/bash';
+      echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')";
+      echo "if [ \$dirsize -gt 450000 ]; then";
 
-    echo "  echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
+      echo "  echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS";
 
-    echo '  if [ $dirsize -gt 500000 ]; then' >> $keyserver_watchdog_script
-    echo "    nginx_dissite $KEYSERVER_DOMAIN_NAME" >> $keyserver_watchdog_script
-    echo '    systemctl stop sks' >> $keyserver_watchdog_script
-    echo '    systemctl disable sks' >> $keyserver_watchdog_script
-    echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
-    echo '  fi' >> $keyserver_watchdog_script
-    echo 'fi' >> $keyserver_watchdog_script
+      echo "  if [ \$dirsize -gt 500000 ]; then";
+      echo "    nginx_dissite $KEYSERVER_DOMAIN_NAME";
+      echo '    systemctl stop sks';
+      echo '    systemctl disable sks';
+      echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS";
+      echo '  fi';
+      echo 'fi'; } > $keyserver_watchdog_script
     chmod +x $keyserver_watchdog_script
 
     if [ ! -f /etc/cron.hourly/keyserver-watchdog ]; then
@@ -102,7 +102,7 @@ function configure_firewall_for_keyserver {
     firewall_add keyserver 11370 tcp
     firewall_add keyserver 11371 tcp
     firewall_add keyserver 11372 tcp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function keyserver_reset_database {
@@ -134,18 +134,18 @@ function upgrade_keyserver {
         return
     fi
 
-    if grep -q "keyserver domain" $COMPLETION_FILE; then
+    if grep -q "keyserver domain" "$COMPLETION_FILE"; then
         KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$KEYSERVER_DOMAIN_NAME/htdocs "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
+    set_repo_commit "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
 
     read_config_param MY_USERNAME
-    USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-    if [ ! $GPG_ID ]; then
+    USER_EMAIL_ADDRESS="$MY_USERNAME@$HOSTNAME"
+    GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
+    if [ ! "$GPG_ID" ]; then
         echo $'No GPG ID for admin user'
         exit 846336
     fi
@@ -157,17 +157,17 @@ function upgrade_keyserver {
         echo $'GPG ID not retrieved for admin user due to error'
         exit 74825
     fi
-    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
-    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
-    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
-    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
+    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
+    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
+    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
+    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
 
-    chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs"
 }
 
 function backup_local_keyserver {
     # remove any unused log files
-    cd /var/lib/sks/DB
+    cd /var/lib/sks/DB || exit 2468245
     db_archive -d
 
     source_directory=/etc/sks
@@ -223,6 +223,7 @@ function restore_local_keyserver {
         fi
         cp -r $temp_restore_dir/* /var/lib/sks/DB
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         # restore the old database
         rm -rf /var/lib/sks/DB
@@ -243,12 +244,12 @@ function restore_local_keyserver {
 
     systemctl enable sks
     systemctl start sks
-    nginx_ensite $KEYSERVER_DOMAIN_NAME
+    nginx_ensite "$KEYSERVER_DOMAIN_NAME"
 }
 
 function backup_remote_keyserver {
     # remove any unused log files
-    cd /var/lib/sks/DB
+    cd /var/lib/sks/DB || exit 734624
     db_archive -d
 
     source_directory=/etc/sks
@@ -304,6 +305,7 @@ function restore_remote_keyserver {
         fi
         cp -r $temp_restore_dir/* /var/lib/sks/DB
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         # restore the old database
         rm -rf /var/lib/sks/DB
@@ -322,7 +324,7 @@ function restore_remote_keyserver {
 
     systemctl enable sks
     systemctl start sks
-    nginx_ensite $KEYSERVER_DOMAIN_NAME
+    nginx_ensite "$KEYSERVER_DOMAIN_NAME"
 }
 
 function remove_keyserver {
@@ -333,21 +335,21 @@ function remove_keyserver {
     apt-get -qy remove sks dirmngr
 
     read_config_param "KEYSERVER_DOMAIN_NAME"
-    nginx_dissite $KEYSERVER_DOMAIN_NAME
-    remove_certs ${KEYSERVER_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME
+    nginx_dissite "$KEYSERVER_DOMAIN_NAME"
+    remove_certs "${KEYSERVER_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
-        rm -rf /var/www/$KEYSERVER_DOMAIN_NAME
+    if [ -d "/var/www/$KEYSERVER_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$KEYSERVER_DOMAIN_NAME"
     fi
     function_check remove_ddns_domain
-    remove_ddns_domain $KEYSERVER_DOMAIN_NAME
+    remove_ddns_domain "$KEYSERVER_DOMAIN_NAME"
 
     remove_config_param KEYSERVER_DOMAIN_NAME
     remove_config_param KEYSERVER_CODE
     function_check remove_onion_service
-    remove_onion_service keyserver ${KEYSERVER_ONION_PORT}
+    remove_onion_service keyserver "${KEYSERVER_ONION_PORT}"
     remove_onion_service sks 11370 11371 11372
     remove_completion_param "install_keyserver"
 
@@ -355,15 +357,15 @@ function remove_keyserver {
     firewall_remove 11371 tcp
     firewall_remove 11372 tcp
 
-    sed -i '/keyserver/d' $COMPLETION_FILE
-    sed -i '/sks onion/d' $COMPLETION_FILE
+    sed -i '/keyserver/d' "$COMPLETION_FILE"
+    sed -i '/sks onion/d' "$COMPLETION_FILE"
     if [ -d /var/lib/sks ]; then
         rm -rf /var/lib/sks
     fi
 }
 
 function install_interactive_keyserver {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -388,12 +390,12 @@ function keyserver_create_membership {
         return
     fi
     systemctl stop sks
-    echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with." > /etc/sks/membership
-    echo '#' >> /etc/sks/membership
-    echo $"# Don't add major keyservers here, because it will take an" >> /etc/sks/membership
-    echo $'# Infeasible amount of time to sync and backups will become' >> /etc/sks/membership
-    echo $'# absurdly long and probably break your system. You have been warned.' >> /etc/sks/membership
-    echo '' >> /etc/sks/membership
+    { echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with.";
+      echo '#';
+      echo $"# Don't add major keyservers here, because it will take an";
+      echo $'# Infeasible amount of time to sync and backups will become';
+      echo $'# absurdly long and probably break your system. You have been warned.';
+      echo ''; } > /etc/sks/membership
     chown -Rc debian-sks: /etc/sks/membership
     systemctl start sks
 }
@@ -403,7 +405,7 @@ function keyserver_import_keys {
     dialog --title $"Import public keys database" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\n\nContinue?" 10 60
+           --yesno $"\\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\\n\\nContinue?" 10 60
     sel=$?
     case $sel in
         1) return;;
@@ -412,36 +414,38 @@ function keyserver_import_keys {
     if [ ! -d /var/lib/sks/dump ]; then
         mkdir -p /var/lib/sks/dump
     fi
-    cd /var/lib/sks/dump
+    cd /var/lib/sks/dump || exit 59242684
     echo $'Getting keyserver dump. This may take a few days or longer, so be patient.'
     rm -rf /var/lib/sks/dump/*
     KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/$(date +%F)/"
     wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \
-         -A pgp,txt $KEYSERVER_DUMP_URL
+         -A pgp,txt "$KEYSERVER_DUMP_URL"
 
-    cd /var/lib/sks
+    cd /var/lib/sks || exit 936572424
     echo $'Building the keyserver database from the downloaded dump'
     keyserver_reset_database
 }
 
 function keyserver_sync {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Sync with other keyserver" \
            --form $"\nEnter details for the other server. Please be aware that it's not a good idea to sync with major keyservers which have exceptionally large databases. This is intended to sync with other $PROJECT_NAME systems each having a small database for a particular community." 16 60 3 \
            $"Domain:" 1 1 "" 1 25 32 64 \
            $"Port:" 2 1 "11370" 2 25 6 6 \
            $"Sync Email (optional):" 3 1 "pgp-public-keys@" 3 25 32 64 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    other_keyserver_domain=$(cat $data | sed -n 1p)
-    other_keyserver_port=$(cat $data | sed -n 2p)
-    other_keyserver_email=$(cat $data | sed -n 3p)
+    other_keyserver_domain=$(sed -n 1p < "$data")
+    other_keyserver_port=$(sed -n 2p < "$data")
+    other_keyserver_email=$(sed -n 3p < "$data")
+    rm -f "$data"
     if [[ "$other_keyserver_domain" != *'.'* ]]; then
         return
     fi
@@ -464,7 +468,7 @@ function keyserver_sync {
     # Warn if trying to sync
     if [[ "$other_keyserver_domain" == *"sks-keyservers.net" || "$other_keyserver_domain" == *"gnupg.net" || "$other_keyserver_domain" == *"pgp.com" || "$other_keyserver_domain" == *"pgp.mit.edu" || "$other_keyserver_domain" == *"the.earth.li" || "$other_keyserver_domain" == *"mayfirst.org" || "$other_keyserver_domain" == *"ubuntu.com" ]]; then
         dialog --title $"Sync with other keyserver" \
-               --msgbox $"\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60
+               --msgbox $"\\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60
         return
     fi
 
@@ -508,47 +512,50 @@ function keyserver_edit {
 }
 
 function keyserver_remove_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove a key" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>$data
+           --inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            remove_key_id=$(<$data)
+            remove_key_id=$(<"$data")
             if [ ${#remove_key_id} -gt 8 ]; then
-                sks drop $remove_key_id
+                sks drop "$remove_key_id"
                 dialog --title $"Remove a key" \
                        --msgbox $"The key was removed" 6 40
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_keyserver {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"SKS Keyserver" \
                --radiolist $"Choose an operation:" 12 70 4 \
                1 $"Remove a key" off \
                2 $"Sync with other keyserver" off \
                3 $"Edit sync keyservers" off \
-               4 $"Exit" on 2> $data
+               4 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) keyserver_remove_key;;
             2) keyserver_sync;;
             3) keyserver_edit;;
-            4) break;;
+            4) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -563,7 +570,7 @@ function install_keyserver {
         mkdir /var/www/$KEYSERVER_DOMAIN_NAME
     fi
 
-    cd /var/www/$KEYSERVER_DOMAIN_NAME
+    cd "/var/www/$KEYSERVER_DOMAIN_NAME" || exit 25427642847
     if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
         rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
     fi
@@ -571,7 +578,7 @@ function install_keyserver {
     if [ -d /repos/keyserverweb ]; then
         mkdir htdocs
         cp -r -p /repos/keyserverweb/. htdocs
-        cd htdocs
+        cd htdocs || exit 379584659
         git pull
     else
         git_clone $KEYSERVER_WEB_REPO htdocs
@@ -581,14 +588,14 @@ function install_keyserver {
         exit 6539230
     fi
 
-    cd /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
+    cd "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" || exit 264824528
     git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT
     set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT"
 
 
     USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-    if [ ! $GPG_ID ]; then
+    GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
+    if [ ! "$GPG_ID" ]; then
         echo $'No GPG ID for admin user'
         exit 846336
     fi
@@ -659,11 +666,11 @@ function install_keyserver {
     chown debian-sks: $sksconf_file
 
     if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
-        echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc
-        echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
-        echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc
-        echo "HiddenServicePort 11373 127.0.0.1:11371" >> /etc/tor/torrc
-        echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc
+        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/';
+          echo 'HiddenServiceVersion 3';
+          echo "HiddenServicePort 11370 127.0.0.1:11370";
+          echo "HiddenServicePort 11373 127.0.0.1:11371";
+          echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> /etc/tor/torrc
         echo $'Added onion site for sks'
     fi
 
@@ -682,141 +689,141 @@ function install_keyserver {
     if [[ $ONION_ONLY == "no" ]]; then
         # NOTE: without http active on port 80 the keyserver doesn't work
         #       from the commandline
-        echo 'server {' > $keyserver_nginx_site
-        echo '  listen 80;' >> $keyserver_nginx_site
-        echo '  listen 0.0.0.0:11371;' >> $keyserver_nginx_site
-        echo '  listen [::]:80;' >> $keyserver_nginx_site
-        echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Logs' >> $keyserver_nginx_site
-        echo '  access_log /dev/null;' >> $keyserver_nginx_site
-        echo '  error_log /dev/null;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Root' >> $keyserver_nginx_site
-        echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
-        echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location / {' >> $keyserver_nginx_site
+        { echo 'server {';
+          echo '  listen 80;';
+          echo '  listen 0.0.0.0:11371;';
+          echo '  listen [::]:80;';
+          echo "  server_name $KEYSERVER_DOMAIN_NAME;";
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  rewrite ^/stats /pks/lookup?op=stats;';
+          echo "  rewrite ^/s/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/search/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo "  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo '';
+          echo '  location / {'; } > $keyserver_nginx_site
         function_check nginx_limits
-        nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
-        echo '  }' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location /pks {' >> $keyserver_nginx_site
-        echo '    proxy_pass         http://127.0.0.1:11373;' >> $keyserver_nginx_site
-        echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
-        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";" >> $keyserver_nginx_site
-        echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
-        echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
-        echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site
-        echo '  }' >> $keyserver_nginx_site
-        echo '}' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo 'server {' >> $keyserver_nginx_site
-        echo '  listen 443 ssl;' >> $keyserver_nginx_site
-        echo '  listen 0.0.0.0:11372 ssl;' >> $keyserver_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $keyserver_nginx_site
-        echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  error_page 404 /404.html;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
-        echo '    deny all;' >> $keyserver_nginx_site
-        echo '    return 404;' >> $keyserver_nginx_site
-        echo '  }' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Security' >> $keyserver_nginx_site
+        nginx_limits "$KEYSERVER_DOMAIN_NAME" '128k'
+        { echo '  }';
+          echo '';
+          echo '  location /pks {';
+          echo '    proxy_pass         http://127.0.0.1:11373;';
+          echo '    proxy_pass_header  Server;';
+          echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";";
+          echo '    proxy_ignore_client_abort on;';
+          echo '    client_max_body_size 8m;';
+          echo '    client_body_buffer_size 128k;';
+          echo '  }';
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  listen 0.0.0.0:11372 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $KEYSERVER_DOMAIN_NAME;";
+          echo '';
+          echo '  error_page 404 /404.html;';
+          echo '';
+          echo '  location ~ (.git|LICENSE|readme.md) {';
+          echo '    deny all;';
+          echo '    return 404;';
+          echo '  }';
+          echo '';
+          echo '  # Security'; } >> $keyserver_nginx_site
         function_check nginx_ssl
         nginx_ssl $KEYSERVER_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Logs' >> $keyserver_nginx_site
-        echo '  access_log /dev/null;' >> $keyserver_nginx_site
-        echo '  error_log /dev/null;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Root' >> $keyserver_nginx_site
-        echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
+          echo '';
 
-        echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
-        echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location / {' >> $keyserver_nginx_site
+          echo '  rewrite ^/stats /pks/lookup?op=stats;';
+          echo "  rewrite ^/s/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/search/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo "  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo '';
+          echo '  location / {'; } >> $keyserver_nginx_site
         function_check nginx_limits
         nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
-        echo '  }' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location /pks {' >> $keyserver_nginx_site
-        echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
-        echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
-        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";" >> $keyserver_nginx_site
-        echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
-        echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
-        echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site
-        echo '  }' >> $keyserver_nginx_site
-        echo '}' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
+        { echo '  }';
+          echo '';
+          echo '  location /pks {';
+          echo "    proxy_pass         http://127.0.0.1:11373;";
+          echo '    proxy_pass_header  Server;';
+          echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";";
+          echo '    proxy_ignore_client_abort on;';
+          echo '    client_max_body_size 8m;';
+          echo '    client_body_buffer_size 128k;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> $keyserver_nginx_site
     else
         echo -n '' > $keyserver_nginx_site
     fi
-    echo 'server {' >> $keyserver_nginx_site
-    echo "  listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
-    echo "  server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  error_page 404 /404.html;' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
-    echo '    deny all;' >> $keyserver_nginx_site
-    echo '    return 404;' >> $keyserver_nginx_site
-    echo '  }' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;";
+      echo "  server_name $KEYSERVER_ONION_HOSTNAME;";
+      echo '';
+      echo '  error_page 404 /404.html;';
+      echo '';
+      echo '  location ~ (.git|LICENSE|readme.md) {';
+      echo '    deny all;';
+      echo '    return 404;';
+      echo '  }';
+      echo ''; } >> $keyserver_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
-    echo '' >> $keyserver_nginx_site
-    echo '  # Logs' >> $keyserver_nginx_site
-    echo '  access_log /dev/null;' >> $keyserver_nginx_site
-    echo '  error_log /dev/null;' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  # Root' >> $keyserver_nginx_site
-    echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/mail;" >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
-    echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  location / {' >> $keyserver_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/mail;";
+      echo '';
+      echo '  rewrite ^/stats /pks/lookup?op=stats;';
+      echo "  rewrite ^/s/(.*) /pks/lookup?search=\$1;";
+      echo "  rewrite ^/search/(.*) /pks/lookup?search=\$1;";
+      echo "  rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
+      echo "  rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
+      echo "  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+      echo "  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+      echo '';
+      echo '  location / {'; } >> $keyserver_nginx_site
     function_check nginx_limits
     nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
-    echo '  }' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  location /pks {' >> $keyserver_nginx_site
-    echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
-    echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
-    echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";" >> $keyserver_nginx_site
-    echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
-    echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
-    echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site
-    echo '  }' >> $keyserver_nginx_site
-    echo '}' >> $keyserver_nginx_site
+    { echo '  }';
+      echo '';
+      echo '  location /pks {';
+      echo "    proxy_pass         http://127.0.0.1:11373;";
+      echo '    proxy_pass_header  Server;';
+      echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";";
+      echo '    proxy_ignore_client_abort on;';
+      echo '    client_max_body_size 8m;';
+      echo '    client_body_buffer_size 128k;';
+      echo '  }';
+      echo '}'; } >> $keyserver_nginx_site
 
     function_check create_site_certificate
     if [ ! -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then

src/freedombone-app-koel

@@ -58,7 +58,7 @@ function logging_off_koel {
 }
 
 function koel_remove_gravatar {
-    cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
+    cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 8345374534
     sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" node_modules/browser-sync-ui/public/js/app.js.map
     sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" public/js/app.*.js
     if ! grep -q "//Vue.set(user, 'avatar'" resources/assets/js/stores/user.js; then
@@ -69,19 +69,19 @@ function koel_remove_gravatar {
 function remove_user_koel {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp koel
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp koel
 }
 
 function add_user_koel {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a koel -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a koel -p "$new_user_password"
     echo '0'
 }
 
 function install_interactive_koel {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -91,42 +91,43 @@ function install_interactive_koel {
         KOEL_DETAILS_COMPLETE=
         while [ ! $KOEL_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Koel Configuration" \
-                       --form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
+                       --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
                        $"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'KOEL_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Koel Configuration" \
-                       --form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
+                       --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
                        $"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            KOEL_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $KOEL_DOMAIN_NAME ]; then
-                if [[ $KOEL_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            KOEL_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$KOEL_DOMAIN_NAME" ]; then
+                if [[ "$KOEL_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     KOEL_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$KOEL_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $KOEL_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$KOEL_DOMAIN_NAME" ]]; then
                     KOEL_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        KOEL_CODE=$(cat $data | sed -n 2p)
+                        KOEL_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$KOEL_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             KOEL_DOMAIN_NAME=
                         fi
                     fi
@@ -135,6 +136,7 @@ function install_interactive_koel {
             if [ $KOEL_DOMAIN_NAME ]; then
                 KOEL_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -150,23 +152,23 @@ function change_password_koel {
 
     read_config_param 'KOEL_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a koel -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a koel -p "$new_user_password"
 }
 
 function koel_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        KOEL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        KOEL_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $KOEL_ADMIN_PASSWORD ]; then
-            KOEL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
+            KOEL_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $KOEL_ADMIN_PASSWORD ]; then
+    if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database koel "$KOEL_ADMIN_PASSWORD" $MY_USERNAME
+    create_database koel "$KOEL_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_koel {
@@ -174,14 +176,14 @@ function reconfigure_koel {
 }
 
 function koel_import_from_directory {
-    data=$(tempfile 2>/dev/null)
-    dialog --title "Choose a directory containing music" --dselect /home/$MY_USERNAME/ 30 60 2> $data
-    selected_dir=$(cat $data)
-    rm $data
+    data=$(mktemp 2>/dev/null)
+    dialog --title "Choose a directory containing music" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
+    selected_dir=$(cat "$data")
+    rm -f "$data"
     if [[ "$selected_dir" == '/music' ]]; then
         return
     fi
-    if [ ! -d $selected_dir ]; then
+    if [ ! -d "$selected_dir" ]; then
         return
     fi
     if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@@ -197,7 +199,7 @@ function koel_import_from_directory {
     dialog --title $"Import music directory" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nImport the directory:\n\n  $selected_dir" 12 75
+           --yesno $"\\nImport the directory:\\n\\n  $selected_dir" 12 75
     sel=$?
     case $sel in
         1) return;;
@@ -214,18 +216,18 @@ function koel_import_from_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Import music from USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT/Music ]; then
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT/Music" ]; then
         dialog --title $"Import music from USB drive" --msgbox $'No Music directory found on USB drive' 6 50
-        backup_unmount_drive ${USB_DRIVE}
+        backup_unmount_drive "${USB_DRIVE}"
     fi
-    cp -ru $USB_MOUNT/Music/* /music
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru "$USB_MOUNT/Music/*" /music
+    backup_unmount_drive "${USB_DRIVE}"
     dialog --title $"Import music from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
 }
 
@@ -233,28 +235,26 @@ function koel_export_to_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Export music to USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT/Music ]; then
-        mkdir -p $USB_MOUNT/Music
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT/Music" ]; then
+        mkdir -p "$USB_MOUNT/Music"
     fi
-    cp -ru /music/* $USB_MOUNT/Music
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru /music/* "$USB_MOUNT/Music"
+    backup_unmount_drive "${USB_DRIVE}"
     dialog --title $"Export music to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
 }
 
 function format_music_drive {
     detect_usb_drive
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
     dialog --title $"Format USB drive $USB_DRIVE for music storage" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to format drive\n\n    ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
+           --yesno $"\\nPlease confirm that you wish to format drive\\n\\n    ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
     sel=$?
     case $sel in
         1) return;;
@@ -265,7 +265,7 @@ function format_music_drive {
     echo ''
     echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
     echo ''
-    ${PROJECT_NAME}-format $USB_DRIVE
+    "${PROJECT_NAME}-format" "$USB_DRIVE"
     dialog --title $"Format USB drive $USB_DRIVE for music storage" --msgbox $'Format complete. You may now export music or remove the USB drive' 6 50
 }
 
@@ -273,8 +273,7 @@ function format_music_drive {
 function configure_interactive_koel {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Koel" \
                --radiolist $"Choose an operation:" 12 70 5 \
@@ -282,24 +281,28 @@ function configure_interactive_koel {
                2 $"Import music from USB drive" off \
                3 $"Export music to USB drive" off \
                4 $"Format a USB drive for music storage" off \
-               5 $"Exit" on 2> $data
+               5 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) koel_import_from_directory;;
             2) koel_import_from_usb;;
             3) koel_export_to_usb;;
             4) format_music_drive;;
-            5) break;;
+            5) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function upgrade_koel {
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
     fi
 
@@ -312,12 +315,12 @@ function upgrade_koel {
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$KOEL_DOMAIN_NAME/htdocs "koel commit" "$KOEL_COMMIT" $KOEL_REPO
+    set_repo_commit "/var/www/$KOEL_DOMAIN_NAME/htdocs" "koel commit" "$KOEL_COMMIT" $KOEL_REPO
 
-    cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
+    cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 7345346358
     php artisan koel:init
     koel_remove_gravatar
-    chown -R www-data:www-data *
+    chown -R www-data:www-data "/var/www/${KOEL_DOMAIN_NAME}/htdocs/*"
 
     systemctl start koel
 }
@@ -325,20 +328,20 @@ function upgrade_koel {
 
 function backup_local_koel {
     KOEL_DOMAIN_NAME='koel'
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
     fi
 
-    source_directory=/var/www/${KOEL_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${KOEL_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
         systemctl stop koel
 
         dest_directory=koel
         function_check suspend_site
-        suspend_site ${KOEL_DOMAIN_NAME}
+        suspend_site "${KOEL_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb koel
@@ -351,27 +354,26 @@ function backup_local_koel {
 }
 
 function restore_local_koel {
-    if ! grep -q "koel domain" $COMPLETION_FILE; then
+    if ! grep -q "koel domain" "$COMPLETION_FILE"; then
         return
     fi
     KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
-    if [ $KOEL_DOMAIN_NAME ]; then
+    if [ "$KOEL_DOMAIN_NAME" ]; then
         echo $"Restoring koel"
         systemctl stop koel
 
         temp_restore_dir=/root/tempkoel
-        koel_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
 
         function_check koel_create_database
         koel_create_database
 
-        restore_database koel ${KOEL_DOMAIN_NAME}
+        restore_database koel "${KOEL_DOMAIN_NAME}"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 274825424
         sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
         MARIADB_PASSWORD=
 
@@ -380,14 +382,14 @@ function restore_local_koel {
 }
 
 function backup_remote_koel {
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
         temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             systemctl stop koel
 
             function_check suspend_site
-            suspend_site ${KOEL_DOMAIN_NAME}
+            suspend_site "${KOEL_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend koel
@@ -395,7 +397,7 @@ function backup_remote_koel {
             echo $"Backing up Koel installation"
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir koel
+            backup_directory_to_friend "$temp_backup_dir" koel
 
             function_check restart_site
             restart_site
@@ -408,7 +410,7 @@ function backup_remote_koel {
 }
 
 function restore_remote_koel {
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         echo $"Restoring koel"
 
         systemctl stop koel
@@ -419,13 +421,13 @@ function restore_remote_koel {
         koel_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend koel ${KOEL_DOMAIN_NAME}
+        restore_database_from_friend koel "${KOEL_DOMAIN_NAME}"
         if [ -d /root/tempkoel ]; then
             rm -rf /root/tempkoel
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 53743682
         sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
         MARIADB_PASSWORD=
 
@@ -453,14 +455,14 @@ function remove_koel {
     read_config_param "KOEL_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $KOEL_DOMAIN_NAME"
-    nginx_dissite $KOEL_DOMAIN_NAME
-    remove_certs $KOEL_DOMAIN_NAME
+    nginx_dissite "$KOEL_DOMAIN_NAME"
+    remove_certs "$KOEL_DOMAIN_NAME"
 
-    if [ -d /var/www/$KOEL_DOMAIN_NAME ]; then
-        rm -rf /var/www/$KOEL_DOMAIN_NAME
+    if [ -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$KOEL_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$KOEL_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$KOEL_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database koel
@@ -468,15 +470,15 @@ function remove_koel {
     remove_onion_service koel ${KOEL_ONION_PORT}
     remove_app koel
     remove_completion_param install_koel
-    sed -i '/koel/d' $COMPLETION_FILE
+    sed -i '/koel/d' "$COMPLETION_FILE"
     remove_backup_database_local koel
 
     function_check remove_ddns_domain
-    remove_ddns_domain $KOEL_DOMAIN_NAME
+    remove_ddns_domain "$KOEL_DOMAIN_NAME"
 }
 
 function install_koel_main {
-    if [ ! $KOEL_DOMAIN_NAME ]; then
+    if [ ! "$KOEL_DOMAIN_NAME" ]; then
         echo $'No domain name was given for koel'
         exit 7359
     fi
@@ -498,177 +500,186 @@ function install_koel_main {
     apt-get -yq install php-memcached php-intl exiftool libfcgi0ldbl
     apt-get -yq install ffmpeg
 
-    if [ ! -d /var/www/$KOEL_DOMAIN_NAME ]; then
-        mkdir /var/www/$KOEL_DOMAIN_NAME
+    if [ ! -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$KOEL_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/koel ]; then
-            mkdir /var/www/$KOEL_DOMAIN_NAME/htdocs
-            cp -r -p /repos/koel/. /var/www/$KOEL_DOMAIN_NAME/htdocs
-            cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$KOEL_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/koel/. "/var/www/$KOEL_DOMAIN_NAME/htdocs"
+            cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 23924295
             git pull
         else
             function_check git_clone
-            git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
+            git_clone "$KOEL_REPO" "/var/www/$KOEL_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone koel repo'
             exit 365735
         fi
     fi
 
-    cd /var/www/$KOEL_DOMAIN_NAME/htdocs
-    git checkout $KOEL_COMMIT -b $KOEL_COMMIT
+    cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 834567242
+    git checkout "$KOEL_COMMIT" -b "$KOEL_COMMIT"
     set_completion_param "koel commit" "$KOEL_COMMIT"
 
-    chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
 
     function_check koel_create_database
     koel_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $KOEL_DOMAIN_NAME
+    add_ddns_domain "$KOEL_DOMAIN_NAME"
+
+    KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
 
     koel_nginx_site=/etc/nginx/sites-available/$KOEL_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $KOEL_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $koel_nginx_site
-        echo '  listen 443 ssl;' >> $koel_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $koel_nginx_site
-        echo "  server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
+        nginx_http_redirect "$KOEL_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $KOEL_DOMAIN_NAME;";
+          echo ''; } >> "$koel_nginx_site"
         function_check nginx_compress
-        nginx_compress $KOEL_DOMAIN_NAME
-        echo '    gzip_comp_level 9;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Security' >> $koel_nginx_site
+        nginx_compress "$KOEL_DOMAIN_NAME"
+        { echo '    gzip_comp_level 9;';
+          echo '';
+          echo '  # Security'; } >> "$koel_nginx_site"
         function_check nginx_ssl mobile
-        nginx_ssl $KOEL_DOMAIN_NAME
+        nginx_ssl "$KOEL_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $KOEL_DOMAIN_NAME
+        nginx_disable_sniffing "$KOEL_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Logs' >> $koel_nginx_site
-        echo '  access_log /dev/null;' >> $koel_nginx_site
-        echo '  error_log /dev/null;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Root' >> $koel_nginx_site
-        echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Index' >> $koel_nginx_site
-        echo '  index index.php;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
-        echo '  if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
-        echo '    return 404;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  location /media/ {' >> $koel_nginx_site
-        echo '    internal;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '    # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
-        echo '    alias       $upstream_http_x_media_root;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # PHP' >> $koel_nginx_site
-        echo '  location ~ \.php {' >> $koel_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Location' >> $koel_nginx_site
-        echo '  location / {' >> $koel_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/';
+          echo "  if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
+          echo '    return 404;';
+          echo '  }';
+          echo '';
+          echo '  location /media/ {';
+          echo '    internal;';
+          echo '';
+          echo '    # A X-Media-Root should be set to media_path settings from upstream';
+          echo "    alias       \$upstream_http_x_media_root;";
+          echo '';
+          echo '  }';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$koel_nginx_site"
         function_check nginx_limits
-        nginx_limits $KOEL_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @koel;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Fancy URLs' >> $koel_nginx_site
-        echo '  location @koel {' >> $koel_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $koel_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $koel_nginx_site
-        echo '    deny all;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '}' >> $koel_nginx_site
+        nginx_limits "$KOEL_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @koel;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @koel {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$koel_nginx_site"
     else
-        echo -n '' > $koel_nginx_site
+        echo -n '' > "$koel_nginx_site"
+    fi
+    if [[ "$ONION_ONLY" == 'no' ]]; then
+        { echo 'server {';
+          echo "    listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
+          echo "    server_name $KOEL_DOMAIN_NAME;";
+          echo ''; } >> "$koel_nginx_site"
+    else
+        { echo 'server {';
+          echo "    listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
+          echo "    server_name $KOEL_ONION_HOSTNAME;";
+          echo ''; } >> "$koel_nginx_site"
     fi
-    echo 'server {' >> $koel_nginx_site
-    echo "    listen 127.0.0.1:$KOEL_ONION_PORT default_server;" >> $koel_nginx_site
-    echo "    server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
     function_check nginx_compress
-    nginx_compress $KOEL_DOMAIN_NAME
-    echo '    gzip_comp_level 9;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Logs' >> $koel_nginx_site
-    echo '  access_log /dev/null;' >> $koel_nginx_site
-    echo '  error_log /dev/null;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Root' >> $koel_nginx_site
-    echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Index' >> $koel_nginx_site
-    echo '  index index.php;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
-    echo '  if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
-    echo '    return 404;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  location /media/ {' >> $koel_nginx_site
-    echo '    internal;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '    # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
-    echo '    alias       $upstream_http_x_media_root;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # PHP' >> $koel_nginx_site
-    echo '  location ~ \.php {' >> $koel_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Location' >> $koel_nginx_site
-    echo '  location / {' >> $koel_nginx_site
+    nginx_compress "$KOEL_DOMAIN_NAME"
+    { echo '    gzip_comp_level 9;';
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/';
+      echo "  if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
+      echo '    return 404;';
+      echo '  }';
+      echo '';
+      echo '  location /media/ {';
+      echo '    internal;';
+      echo '';
+      echo '    # A X-Media-Root should be set to media_path settings from upstream';
+      echo "    alias       \$upstream_http_x_media_root;";
+      echo '';
+      echo '  }';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$koel_nginx_site"
     function_check nginx_limits
-    nginx_limits $KOEL_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @koel;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Fancy URLs' >> $koel_nginx_site
-    echo '  location @koel {' >> $koel_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $koel_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $koel_nginx_site
-    echo '    deny all;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '}' >> $koel_nginx_site
+    nginx_limits "$KOEL_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @koel;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @koel {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '}'; } >> "$koel_nginx_site"
 
-    sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' $koel_nginx_site
-    sed -i 's|DENY;|SAMEORIGIN;|g' $koel_nginx_site
+    sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' "$koel_nginx_site"
+    sed -i 's|DENY;|SAMEORIGIN;|g' "$koel_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $KOEL_DOMAIN_NAME 'yes'
+    create_site_certificate "$KOEL_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -679,20 +690,13 @@ function install_koel_main {
     backup_database_local koel
 
     function_check nginx_ensite
-    nginx_ensite $KOEL_DOMAIN_NAME
-
-    KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
-
-    KOEL_SERVER=${KOEL_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        KOEL_SERVER=${KOEL_ONION_HOSTNAME}
-    fi
+    nginx_ensite "$KOEL_DOMAIN_NAME"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a koel -p "$KOEL_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a koel -p "$KOEL_ADMIN_PASSWORD"
 
     set_completion_param "koel domain" "$KOEL_DOMAIN_NAME"
 
@@ -709,7 +713,7 @@ function install_koel {
 
     install_koel_main
 
-    cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+    cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 2432848
     install_composer
 
     npm install -g yarn
@@ -731,30 +735,29 @@ function install_koel {
     sed -i 's/MAIL_PORT=.*/MAIL_PORT=25/g' .env
     sed -i 's|FFMPEG_PATH=.*|FFMPEG_PATH=/usr/bin/ffmpeg|g' .env
 
-    php artisan koel:init
-    if [ ! "$?" = "0" ]; then
+    if ! php artisan koel:init; then
         echo $"Can't install koel:init"
         exit 78362
     fi
     koel_remove_gravatar
-    chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/koel.service
-    echo 'Description=Koel (music player)' >> /etc/systemd/system/koel.service
-    echo 'After=syslog.target' >> /etc/systemd/system/koel.service
-    echo 'After=network.target' >> /etc/systemd/system/koel.service
-    echo '' >> /etc/systemd/system/koel.service
-    echo '[Service]' >> /etc/systemd/system/koel.service
-    echo 'Type=simple' >> /etc/systemd/system/koel.service
-    echo 'User=www-data' >> /etc/systemd/system/koel.service
-    echo 'Group=www-data' >> /etc/systemd/system/koel.service
-    echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs" >> /etc/systemd/system/koel.service
-    echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT" >> /etc/systemd/system/koel.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/koel.service
-    echo '' >> /etc/systemd/system/koel.service
-    echo '[Install]' >> /etc/systemd/system/koel.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/koel.service
+    { echo '[Unit]';
+      echo 'Description=Koel (music player)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo 'Group=www-data';
+      echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs";
+      echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT";
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/koel.service
     systemctl enable koel.service
     systemctl daemon-reload
     systemctl start koel.service

src/freedombone-app-lychee

@@ -55,14 +55,14 @@ function logging_off_lychee {
 }
 
 function lychee_create_database {
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        LYCHEE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+        LYCHEE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! ${LYCHEE_ADMIN_PASSWORD} ]; then
-            LYCHEE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "${LYCHEE_ADMIN_PASSWORD}" ]; then
+            LYCHEE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $LYCHEE_ADMIN_PASSWORD ]; then
+    if [ ! "$LYCHEE_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -73,7 +73,7 @@ function lychee_create_database {
 function remove_user_lychee {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp lychee
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp lychee
 }
 
 function add_user_lychee {
@@ -85,13 +85,13 @@ function add_user_lychee {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a lychee -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a lychee -p "$new_user_password"
 
     echo '0'
 }
 
 function install_interactive_lychee {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -110,12 +110,12 @@ function configure_interactive_lychee {
     get_mariadb_password
 
     dialog --title $"Lychee Configuration" \
-           --msgbox $"\nYou can initially install the system with:\n\n  Username: root\n  Password: $MARIADB_PASSWORD" 10 70
+           --msgbox $"\\nYou can initially install the system with:\\n\\n  Username: root\\n  Password: $MARIADB_PASSWORD" 10 70
 }
 
 
 function change_password_lychee {
-    LYCHEE_USERNAME="$1"
+#    LYCHEE_USERNAME="$1"
     LYCHEE_PASSWORD="$2"
     if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then
         echo $'Lychee password is too short'
@@ -143,56 +143,56 @@ function upgrade_lychee {
 
 function backup_local_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
-    lychee_path=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
-    if [ -d $lychee_path ]; then
+    lychee_path="/var/www/${LYCHEE_DOMAIN_NAME}/htdocs"
+    if [ -d "$lychee_path" ]; then
         function_check backup_database_to_usb
         backup_database_to_usb lychee
 
-        backup_directory_to_usb $lychee_path lychee
+        backup_directory_to_usb "$lychee_path" lychee
         restart_site
     fi
 }
 
 function restore_local_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
-    if [ $LYCHEE_DOMAIN_NAME ]; then
-        suspend_site ${LYCHEE_DOMAIN_NAME}
+    if [ "$LYCHEE_DOMAIN_NAME" ]; then
+        suspend_site "${LYCHEE_DOMAIN_NAME}"
 
         function_check lychee_create_database
         lychee_create_database
 
         function_check restore_database
-        restore_database lychee ${LYCHEE_DOMAIN_NAME}
+        restore_database lychee "${LYCHEE_DOMAIN_NAME}"
 
-        if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+        if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
             MARIADB_PASSWORD=
         fi
 
         restart_site
-        chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
+        chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
     fi
 }
 
 function backup_remote_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
     temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
-    if [ -d $temp_backup_dir ]; then
-        suspend_site ${LYCHEE_DOMAIN_NAME}
+    if [ -d "$temp_backup_dir" ]; then
+        suspend_site "${LYCHEE_DOMAIN_NAME}"
         backup_database_to_friend lychee
-        backup_directory_to_friend $temp_backup_dir lychee
+        backup_directory_to_friend "$temp_backup_dir" lychee
         restart_site
     else
         echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}"
@@ -202,27 +202,27 @@ function backup_remote_lychee {
 
 function restore_remote_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
-    suspend_site ${LYCHEE_DOMAIN_NAME}
+    suspend_site "${LYCHEE_DOMAIN_NAME}"
 
     function_check restore_database_from_friend
 
     function_check lychee_create_database
     lychee_create_database
 
-    restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
+    restore_database_from_friend lychee "${LYCHEE_DOMAIN_NAME}"
 
-    if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+    if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
         MARIADB_PASSWORD=
     fi
 
     restart_site
-    chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
+    chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
 }
 
 function remove_lychee {
@@ -231,181 +231,181 @@ function remove_lychee {
     fi
 
     read_config_param "LYCHEE_DOMAIN_NAME"
-    nginx_dissite $LYCHEE_DOMAIN_NAME
-    remove_certs ${LYCHEE_DOMAIN_NAME}
+    nginx_dissite "$LYCHEE_DOMAIN_NAME"
+    remove_certs "${LYCHEE_DOMAIN_NAME}"
 
     drop_database lychee
     remove_backup_database_local lychee
 
-    if [ -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$LYCHEE_DOMAIN_NAME
+    if [ -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$LYCHEE_DOMAIN_NAME"
     fi
     remove_config_param LYCHEE_DOMAIN_NAME
     remove_config_param LYCHEE_CODE
     function_check remove_onion_service
-    remove_onion_service lychee ${LYCHEE_ONION_PORT}
+    remove_onion_service lychee "${LYCHEE_ONION_PORT}"
     remove_completion_param "install_lychee"
-    sed -i '/Lychee/d' $COMPLETION_FILE
-    sed -i '/lychee/d' $COMPLETION_FILE
+    sed -i '/Lychee/d' "$COMPLETION_FILE"
+    sed -i '/lychee/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $LYCHEE_DOMAIN_NAME
+    remove_ddns_domain "$LYCHEE_DOMAIN_NAME"
 }
 
 function install_lychee_website {
     function_check nginx_http_redirect
-    nginx_http_redirect $LYCHEE_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    server_name $LYCHEE_DOMAIN_NAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_http_redirect "$LYCHEE_DOMAIN_NAME"
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
+      echo "    server_name $LYCHEE_DOMAIN_NAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_ssl
-    nginx_ssl $LYCHEE_DOMAIN_NAME
+    nginx_ssl "$LYCHEE_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_limits "$LYCHEE_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {';
+      echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.html;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.html;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
 }
 
 function install_lychee_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    server_name $LYCHEE_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;";
+      echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
+      echo "    server_name $LYCHEE_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_limits "$LYCHEE_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $LYCHEE_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_limits "$LYCHEE_DOMAIN_NAME"
+    { echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.html;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.html;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
 }
 
 function install_lychee_from_repo {
-    if [ ! -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
-        mkdir /var/www/$LYCHEE_DOMAIN_NAME
+    if [ ! -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$LYCHEE_DOMAIN_NAME"
     fi
 
-    cd /var/www/$LYCHEE_DOMAIN_NAME
+    cd "/var/www/$LYCHEE_DOMAIN_NAME" || exit 682468246
 
     if [ -d /repos/lychee ]; then
         mkdir htdocs
         cp -r -p /repos/lychee/. htdocs
-        cd htdocs
+        cd htdocs || exit 963756345
         git pull
     else
-        git_clone $LYCHEE_REPO htdocs
+        git_clone "$LYCHEE_REPO" htdocs
     fi
 
-    cd htdocs
-    git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT
+    cd htdocs || exit 1437534858
+    git checkout "$LYCHEE_COMMIT" -b "$LYCHEE_COMMIT"
     set_completion_param "lychee commit" "$LYCHEE_COMMIT"
 }
 
@@ -414,7 +414,7 @@ function install_lychee {
         ONION_ONLY='no'
     fi
 
-    if [ ! $LYCHEE_DOMAIN_NAME ]; then
+    if [ ! "$LYCHEE_DOMAIN_NAME" ]; then
         echo $'The lychee domain name was not specified'
         exit 543672
     fi
@@ -429,7 +429,7 @@ function install_lychee {
         function_check install_lychee_website
         install_lychee_website
     else
-        echo -n '' > /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     fi
 
     LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT})
@@ -438,23 +438,23 @@ function install_lychee {
     install_lychee_website_onion
 
     function_check create_site_certificate
-    create_site_certificate $LYCHEE_DOMAIN_NAME 'yes'
+    create_site_certificate "$LYCHEE_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
 
-    chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/
-    chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/
-    chown -R www-data:www-data /var/www/$LYCHEE_DOMAIN_NAME/htdocs
+    chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/"
+    chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/"
+    chown -R www-data:www-data "/var/www/$LYCHEE_DOMAIN_NAME/htdocs"
 
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore"
 
     function_check nginx_ensite
-    nginx_ensite $LYCHEE_DOMAIN_NAME
+    nginx_ensite "$LYCHEE_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -469,10 +469,10 @@ function install_lychee {
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $LYCHEE_DOMAIN_NAME
+    add_ddns_domain "$LYCHEE_DOMAIN_NAME"
 
     set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME"
     APP_INSTALLED=1

src/freedombone-app-mailpile

@@ -58,15 +58,15 @@ function logging_off_mailpile {
 
 function remove_user_mailpile {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp mailpile
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp mailpile
 }
 
 function add_user_mailpile {
-    ${PROJECT_NAME}-pass -u $1 -a mailpile -p "$2"
+    "${PROJECT_NAME}-pass" -u "$1" -a mailpile -p "$2"
 }
 
 function install_interactive_mailpile {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -93,7 +93,7 @@ function upgrade_mailpile {
     read_config_param "MAILPILE_DOMAIN_NAME"
 
     CURR_COMMIT=$MAILPILE_COMMIT
-    if grep -q "mailpile commit" $COMPLETION_FILE; then
+    if grep -q "mailpile commit" "$COMPLETION_FILE"; then
         CURR_COMMIT=$(get_completion_param "mailpile commit")
     fi
     if [[ "$CURR_COMMIT" == "$MAILPILE_COMMIT" ]]; then
@@ -103,10 +103,10 @@ function upgrade_mailpile {
     function_check set_repo_commit
     set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO
 
-    cd /var/www/$MAILPILE_DOMAIN_NAME/mail
+    cd "/var/www/$MAILPILE_DOMAIN_NAME/mail" || exit 2346836535
     pip install -r requirements.txt
 
-    chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
+    chown -R mailpile:mailpile "/var/www/$MAILPILE_DOMAIN_NAME/mail"
 }
 
 function backup_local_mailpile {
@@ -136,16 +136,16 @@ function remove_mailpile {
     systemctl daemon-reload
 
     read_config_param "MAILPILE_DOMAIN_NAME"
-    nginx_dissite $MAILPILE_DOMAIN_NAME
-    remove_certs ${MAILPILE_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
+    nginx_dissite "$MAILPILE_DOMAIN_NAME"
+    remove_certs "${MAILPILE_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$MAILPILE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$MAILPILE_DOMAIN_NAME
+    if [ -d "/var/www/$MAILPILE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$MAILPILE_DOMAIN_NAME"
     fi
     function_check remove_ddns_domain
-    remove_ddns_domain $MAILPILE_DOMAIN_NAME
+    remove_ddns_domain "$MAILPILE_DOMAIN_NAME"
 
     groupdel -f mailpile
     userdel -r mailpile
@@ -158,8 +158,8 @@ function remove_mailpile {
 
     enable_email_encryption_at_rest
 
-    sed -i '/Mailpile/d' $COMPLETION_FILE
-    sed -i '/mailpile/d' $COMPLETION_FILE
+    sed -i '/Mailpile/d' "$COMPLETION_FILE"
+    sed -i '/mailpile/d' "$COMPLETION_FILE"
 }
 
 function install_mailpile {
@@ -178,7 +178,7 @@ function install_mailpile {
         mkdir /var/www/$MAILPILE_DOMAIN_NAME
     fi
 
-    cd /var/www/$MAILPILE_DOMAIN_NAME
+    cd "/var/www/$MAILPILE_DOMAIN_NAME" || exit 264826484
     if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then
         rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail
     fi
@@ -186,13 +186,13 @@ function install_mailpile {
     if [ -d /repos/mailpile ]; then
         mkdir mail
         cp -r -p /repos/mailpile/. mail
-        cd mail
+        cd mail || exit 245728482
         git pull
     else
         git_clone $MAILPILE_REPO mail
     fi
 
-    cd mail
+    cd mail || exit 246872468
     git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT
     set_completion_param "mailpile commit" "$MAILPILE_COMMIT"
 
@@ -206,8 +206,8 @@ function install_mailpile {
     adduser mailpile debian-tor
     adduser mailpile www-data
     adduser mailpile mail
-    adduser mailpile $MY_USERNAME
-    if [[ $ONION_ONLY == 'no' ]]; then
+    adduser mailpile "$MY_USERNAME"
+    if [[ "$ONION_ONLY" == 'no' ]]; then
         chgrp -R ssl-cert /etc/letsencrypt
         chmod -R g=rX /etc/letsencrypt
         usermod -a -G ssl-cert mailpile
@@ -219,89 +219,89 @@ function install_mailpile {
 
     MAILPILE_ONION_HOSTNAME=$(add_onion_service mailpile 80 ${MAILPILE_ONION_PORT})
 
-    echo '[Unit]' > /etc/systemd/system/mailpile.service
-    echo 'Description=Mailpile Email Client' >> /etc/systemd/system/mailpile.service
-    echo 'After=syslog.target network.target nginx.target' >> /etc/systemd/system/mailpile.service
-    echo '' >> /etc/systemd/system/mailpile.service
-    echo '[Service]' >> /etc/systemd/system/mailpile.service
-    echo 'User=mailpile' >> /etc/systemd/system/mailpile.service
-    echo 'Group=mailpile' >> /etc/systemd/system/mailpile.service
-    echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail" >> /etc/systemd/system/mailpile.service
-    echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait" >> /etc/systemd/system/mailpile.service
-    echo 'Restart=always' >> /etc/systemd/system/mailpile.service
-    echo 'RestartSec=10' >> /etc/systemd/system/mailpile.service
-    echo '' >> /etc/systemd/system/mailpile.service
-    echo '[Install]' >> /etc/systemd/system/mailpile.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mailpile.service
+    { echo '[Unit]';
+      echo 'Description=Mailpile Email Client';
+      echo 'After=syslog.target network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=mailpile';
+      echo 'Group=mailpile';
+      echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail";
+      echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mailpile.service
     chmod +x /etc/systemd/system/mailpile.service
 
     mailpile_nginx_site=/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         nginx_http_redirect $MAILPILE_DOMAIN_NAME
-        echo 'server {' >> $mailpile_nginx_site
-        echo '  listen 443 ssl;' >> $mailpile_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $mailpile_nginx_site
-        echo "  server_name $MAILPILE_DOMAIN_NAME;" >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  # Security' >> $mailpile_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $MAILPILE_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> $mailpile_nginx_site
         function_check nginx_ssl
         nginx_ssl $MAILPILE_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  # Logs' >> $mailpile_nginx_site
-        echo '  access_log /dev/null;' >> $mailpile_nginx_site
-        echo '  error_log /dev/null;' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  # Root' >> $mailpile_nginx_site
-        echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  location / {' >> $mailpile_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
+          echo '';
+          echo '  location / {'; } >> $mailpile_nginx_site
         function_check nginx_limits
         nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-        echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
-        echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
-        echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
-        echo '    proxy_redirect off;' >> $mailpile_nginx_site
-        echo '  }' >> $mailpile_nginx_site
-        echo '}' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
+        { echo "    rewrite /(.*) /\$1 break;";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "    proxy_set_header Host \$http_host;";
+          echo '    proxy_set_header X-NginX-Proxy true;';
+          echo "    proxy_pass http://localhost:${MAILPILE_PORT};";
+          echo '    proxy_redirect off;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> $mailpile_nginx_site
     else
         echo -n '' > $mailpile_nginx_site
     fi
-    echo 'server {' >> $mailpile_nginx_site
-    echo "    listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;" >> $mailpile_nginx_site
-    echo "    server_name $MAILPILE_ONION_HOSTNAME;" >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;";
+      echo "    server_name $MAILPILE_ONION_HOSTNAME;";
+      echo ''; } >> $mailpile_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
-    echo '' >> $mailpile_nginx_site
-    echo '  # Logs' >> $mailpile_nginx_site
-    echo '  access_log /dev/null;' >> $mailpile_nginx_site
-    echo '  error_log /dev/null;' >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
-    echo '  # Root' >> $mailpile_nginx_site
-    echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
-    echo '  location / {' >> $mailpile_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
+      echo '';
+      echo '  location / {'; } >> $mailpile_nginx_site
     function_check nginx_limits
     nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-    echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
-    echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
-    echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
-    echo '    proxy_redirect off;' >> $mailpile_nginx_site
-    echo '  }' >> $mailpile_nginx_site
-    echo '}' >> $mailpile_nginx_site
+    { echo "    rewrite /(.*) /\$1 break;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$http_host;";
+      echo '    proxy_set_header X-NginX-Proxy true;';
+      echo "    proxy_pass http://localhost:${MAILPILE_PORT};";
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '}'; } >> $mailpile_nginx_site
 
     function_check create_site_certificate
     if [ ! -f /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem ]; then
@@ -322,7 +322,7 @@ function install_mailpile {
     function_check nginx_ensite
     nginx_ensite $MAILPILE_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a mailpile -p "*"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mailpile -p "*"
 
     function_check add_ddns_domain
     add_ddns_domain $MAILPILE_DOMAIN_NAME
@@ -336,7 +336,7 @@ function install_mailpile {
     if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg ]; then
         mv /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg_orig
     fi
-    cp -r /home/$MY_USERNAME/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/
+    cp -r "/home/$MY_USERNAME/.gnupg" "/var/www/$MAILPILE_DOMAIN_NAME/mail/"
     chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
     chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
 
@@ -348,8 +348,8 @@ function install_mailpile {
     sed -i 's|ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf
 
     # set ssl certs, just in case we want to use them later
-    if [[ $ONION_ONLY == "no" ]]; then
-        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
             sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
             sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
             sed -i "s|#ssl_key =.*|ssl_key = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/dovecot/conf.d/10-ssl.conf

src/freedombone-app-matrix

@@ -71,21 +71,21 @@ function matrix_expire_old_posts {
     read_config_param MATRIX_PORT
 
     matrix_remove_posts=/usr/bin/matrix-remove
-    echo '#!/bin/bash' > $matrix_remove_posts
-    echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_posts
-    echo 'ROOM=$1' >> $matrix_remove_posts
-    echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_posts
-    echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'" >> $matrix_remove_posts
-    echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")" >> $matrix_remove_posts
-    echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_posts
-    echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")" >> $matrix_remove_posts
-    echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts
+    { echo '#!/bin/bash';
+      echo "cd $MATRIX_DATA_DIR";
+      echo "ROOM=\$1";
+      echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
+      echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'";
+      echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")";
+      echo 'BUSY="pragma busy_timeout=20000"';
+      echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")";
+      echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')";
 
-    echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_posts
-    echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts
+      echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
+      echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
 
-    echo 'set -x' >> $matrix_remove_posts
-    echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN" >> $matrix_remove_posts
+      echo 'set -x';
+      echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN"; } > $matrix_remove_posts
 
     chmod +x $matrix_remove_posts
 }
@@ -127,109 +127,109 @@ function logging_off_matrix {
 function matrix_nginx {
     matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $matrix_nginx_site
-        echo "  listen 0.0.0.0:443;" >> $matrix_nginx_site
-        echo "  server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Security' >> $matrix_nginx_site
+        { echo 'server {';
+          echo "  listen 0.0.0.0:443;";
+          echo "  server_name ${MATRIX_DOMAIN_NAME};";
+          echo '';
+          echo '  # Security'; } > $matrix_nginx_site
         function_check nginx_ssl
         nginx_ssl ${MATRIX_DOMAIN_NAME}
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Logs' >> $matrix_nginx_site
-        echo '  access_log /dev/null;' >> $matrix_nginx_site
-        echo '  error_log /dev/null;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Index' >> $matrix_nginx_site
-        echo '  index index.html;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  location /_matrix {' >> $matrix_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  root /var/lib/matrix/media_store;';
+          echo '';
+          echo '  # Index';
+          echo '  index index.html;';
+          echo '';
+          echo '  location /_matrix {'; } >> $matrix_nginx_site
         function_check nginx_limits
         nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-        echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-        echo '  }' >> $matrix_nginx_site
-        echo '}' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo 'server {' >> $matrix_nginx_site
-        echo "  listen 0.0.0.0:${MATRIX_HTTP_PORT};" >> $matrix_nginx_site
-        echo "  server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Security' >> $matrix_nginx_site
+        { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+          echo '  }';
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo "  listen 0.0.0.0:${MATRIX_HTTP_PORT};";
+          echo "  server_name ${MATRIX_DOMAIN_NAME};";
+          echo '';
+          echo '  # Security'; } >> $matrix_nginx_site
         function_check nginx_ssl
         nginx_ssl ${MATRIX_DOMAIN_NAME}
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Logs' >> $matrix_nginx_site
-        echo '  access_log /dev/null;' >> $matrix_nginx_site
-        echo '  error_log /dev/null;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Index' >> $matrix_nginx_site
-        echo '  index index.html;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Location' >> $matrix_nginx_site
-        echo '  location /_matrix {' >> $matrix_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  root /var/lib/matrix/media_store;';
+          echo '';
+          echo '  # Index';
+          echo '  index index.html;';
+          echo '';
+          echo '  # Location';
+          echo '  location /_matrix {'; } >> $matrix_nginx_site
         function_check nginx_limits
         nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-        echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-        echo '  }' >> $matrix_nginx_site
-        echo '}' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
+        { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+          echo '  }';
+          echo '}';
+          echo ''; } >> $matrix_nginx_site
     else
         echo -n '' > $matrix_nginx_site
     fi
-    echo 'server {' >> $matrix_nginx_site
-    echo "    listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;" >> $matrix_nginx_site
-    echo "    server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;";
+      echo "    server_name $MATRIX_DOMAIN_NAME;";
+      echo ''; } >> $matrix_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $MATRIX_DOMAIN_NAME
-    echo '' >> $matrix_nginx_site
-    echo '  # Logs' >> $matrix_nginx_site
-    echo '  access_log /dev/null;' >> $matrix_nginx_site
-    echo '  error_log /dev/null;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  # Location' >> $matrix_nginx_site
-    echo '  location /_matrix {' >> $matrix_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /var/lib/matrix/media_store;';
+      echo '';
+      echo '  # Location';
+      echo '  location /_matrix {'; } >> $matrix_nginx_site
     function_check nginx_limits
     nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-    echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-    echo '  }' >> $matrix_nginx_site
-    echo '}' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo 'server {' >> $matrix_nginx_site
-    echo "    listen 127.0.0.1:$MATRIX_ONION_PORT default_server;" >> $matrix_nginx_site
-    echo "    server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
+    { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+      echo '  }';
+      echo '}';
+      echo '';
+      echo 'server {';
+      echo "    listen 127.0.0.1:$MATRIX_ONION_PORT default_server;";
+      echo "    server_name $MATRIX_DOMAIN_NAME;";
+      echo ''; } >> $matrix_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $MATRIX_DOMAIN_NAME
-    echo '' >> $matrix_nginx_site
-    echo '  # Logs' >> $matrix_nginx_site
-    echo '  access_log /dev/null;' >> $matrix_nginx_site
-    echo '  error_log /dev/null;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  # Location' >> $matrix_nginx_site
-    echo '  location /_matrix {' >> $matrix_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /var/lib/matrix/media_store;';
+      echo '';
+      echo '  # Location';
+      echo '  location /_matrix {'; } >> $matrix_nginx_site
     function_check nginx_limits
     nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-    echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-    echo '  }' >> $matrix_nginx_site
-    echo '}' >> $matrix_nginx_site
+    { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+      echo '  }';
+      echo '}'; } >> $matrix_nginx_site
 
     if [ ! -d /var/www/$MATRIX_DOMAIN_NAME ]; then
         mkdir -p /var/www/$MATRIX_DOMAIN_NAME/htdocs
@@ -242,7 +242,7 @@ function matrix_nginx {
 function matrix_generate_homeserver_file {
     local filepath="${1}"
 
-    cd /etc/matrix
+    cd /etc/matrix || exit 468246824
     python -m synapse.app.homeserver \
            --config-path "${filepath}" \
            --generate-config \
@@ -251,10 +251,10 @@ function matrix_generate_homeserver_file {
 }
 
 function matrix_configure_homeserver_yaml {
-    local turnkey="${1}"
-    local filepath="${2}"
+    turnkey="${1}"
+    filepath="${2}"
 
-    local ymltemp="$(mktemp)"
+    ymltemp="$(mktemp)"
 
     awk -v TURNURIES="turn_uris: [\"turn:${MATRIX_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=tcp\"]" \
         -v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
@@ -272,7 +272,7 @@ function matrix_configure_homeserver_yaml {
         print;
         }' "${filepath}" > "${ymltemp}"
 
-    mv ${ymltemp} "${filepath}"
+    mv "${ymltemp}" "${filepath}"
 
     if [[ $ONION_ONLY == "no" ]]; then
         sed -i "s|tls_certificate_path:.*|tls_certificate_path: \"/etc/ssl/certs/${MATRIX_DOMAIN_NAME}.pem\"|g" "${filepath}"
@@ -307,9 +307,10 @@ function matrix_diff {
     REPORT_STATS="${REPORT_STATS:-no_or_yes}"
     export MATRIX_DOMAIN_NAME REPORT_STATS
 
-    matrix_generate_synapse_file $INSTALL_DIR/homeserver.synapse.yaml
-    diff -${DIFFPARAMS} $INSTALL_DIR/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml
-    rm $INSTALL_DIR/homeserver.synapse.yaml
+    matrix_generate_synapse_file "$INSTALL_DIR/homeserver.synapse.yaml"
+    # shellcheck disable=SC2086
+    diff -${DIFFPARAMS} "$INSTALL_DIR/homeserver.synapse.yaml" "${MATRIX_DATA_DIR}/homeserver.yaml"
+    rm "$INSTALL_DIR/homeserver.synapse.yaml"
 }
 
 function matrix_generate {
@@ -334,15 +335,15 @@ function create_matrix_user_removal_script {
     read_config_param MATRIX_DOMAIN_NAME
 
     matrix_remove_user=/usr/bin/matrix-remove-user
-    echo '#!/bin/bash' > $matrix_remove_user
-    echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_user
-    echo 'remove_username=$1' >> $matrix_remove_user
-    echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_user
-    echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_user
-    echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_user
-    echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_user
-    echo 'set -x' >> $matrix_remove_user
-    echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'" >> $matrix_remove_user
+    { echo '#!/bin/bash';
+      echo "cd $MATRIX_DATA_DIR";
+      echo "remove_username=\$1";
+      echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
+      echo 'BUSY="pragma busy_timeout=20000"';
+      echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
+      echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
+      echo 'set -x';
+      echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'"; } > $matrix_remove_user
 
     chmod +x $matrix_remove_user
 }
@@ -351,7 +352,7 @@ function remove_user_matrix {
     remove_username="$1"
 
     create_matrix_user_removal_script
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp matrix
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp matrix
     $matrix_remove_user "$remove_username"
 }
 
@@ -362,7 +363,7 @@ function add_user_matrix {
     read_config_param MY_USERNAME
     read_config_param MATRIX_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $new_username -a matrix -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a matrix -p "$new_user_password"
 
     if [[ "$new_username" != "$MY_USERNAME" ]]; then
         echo 'no' | register_new_matrix_user -c ${MATRIX_DATA_DIR}/homeserver.yaml -u "${new_username}" -p "${new_user_password}" http://localhost:${MATRIX_PORT}
@@ -373,7 +374,7 @@ function add_user_matrix {
 }
 
 function install_interactive_matrix {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -393,7 +394,7 @@ function install_interactive_matrix {
 }
 
 function change_password_matrix {
-    curr_username="$1"
+    #curr_username="$1"
     new_user_password="$2"
 
     #${PROJECT_NAME}-pass -u "$curr_username" -a matrix -p "$new_user_password"
@@ -418,7 +419,7 @@ function upgrade_matrix {
 
     function_check set_repo_commit
     set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
-    cd /etc/matrix
+    cd /etc/matrix || exit 62476724
     pip install --upgrade --process-dependency-links .
 
     sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
@@ -467,6 +468,7 @@ function restore_local_matrix {
         else
             cp -r $temp_restore_dir/* /etc/matrix/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -482,6 +484,7 @@ function restore_local_matrix {
         else
             cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -490,7 +493,7 @@ function restore_local_matrix {
         rm -rf $temp_restore_dir
         chown -R matrix:matrix $MATRIX_DATA_DIR
 
-        if [[ $ONION_ONLY == "no" ]]; then
+        if [[ "$ONION_ONLY" == "no" ]]; then
             if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
                 chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
             fi
@@ -532,6 +535,7 @@ function restore_remote_matrix {
         else
             cp -r $temp_restore_dir/* /etc/matrix/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 38935
         fi
@@ -545,6 +549,7 @@ function restore_remote_matrix {
         else
             cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 60923
         fi
@@ -581,7 +586,7 @@ function remove_matrix {
     fi
     systemctl daemon-reload
     apt-get -y remove --purge coturn
-    cd /etc/matrix
+    cd /etc/matrix || exit 26472462
     pip uninstall .
     rm -rf $MATRIX_DATA_DIR
     rm -rf /etc/matrix
@@ -596,7 +601,7 @@ function remove_matrix {
     systemctl restart nginx
 
     remove_completion_param install_matrix
-    sed -i '/matrix/d' $COMPLETION_FILE
+    sed -i '/matrix/d' "$COMPLETION_FILE"
 
     rm /etc/avahi/services/matrix.service
     systemctl restart avahi-daemon
@@ -608,7 +613,7 @@ function install_home_server {
         if [ -d /repos/matrix ]; then
             mkdir /etc/matrix
             cp -r -p /repos/matrix/. /etc/matrix
-            cd /etc/matrix
+            cd /etc/matrix || exit 2324962946
             git pull
         else
             function_check git_clone
@@ -621,18 +626,17 @@ function install_home_server {
         fi
     fi
 
-    cd /etc/matrix
+    cd /etc/matrix || exit 7385452724
     git checkout $MATRIX_COMMIT -b $MATRIX_COMMIT
     set_completion_param "matrix commit" "$MATRIX_COMMIT"
-    if [ ! -d $INSTALL_DIR/matrix ]; then
-        mkdir -p $INSTALL_DIR/matrix
+    if [ ! -d "$INSTALL_DIR/matrix" ]; then
+        mkdir -p "$INSTALL_DIR/matrix"
     fi
     rm -rf /usr/local/lib/python2.7/dist-packages/ldap*
-    if [ -d $INSTALL_DIR/matrix ]; then
-        rm -rf $INSTALL_DIR/matrix/*
+    if [ -d "$INSTALL_DIR/matrix" ]; then
+        rm -rf "$INSTALL_DIR/matrix/*"
     fi
-    pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/matrix
-    if [ ! "$?" = "0" ]; then
+    if ! pip install --upgrade --process-dependency-links . -b "$INSTALL_DIR/matrix"; then
         echo $'Failed to install matrix home server'
         exit 782542
     fi
@@ -653,11 +657,6 @@ function install_home_server {
     function_check matrix_generate
     matrix_generate
 
-    if [[ -z ${MATRIX_DATA_DIR}/homeserver.yaml ]]; then
-        echo $'homeserver.yaml is zero size'
-        exit 783724
-    fi
-
     # Disable the web client
     sed -i 's|web_client:.*|web_client: False|g' $MATRIX_DATA_DIR/homeserver.yaml
     sed -i 's|, webclient||g' $MATRIX_DATA_DIR/homeserver.yaml
@@ -669,20 +668,20 @@ function install_home_server {
 
     sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
 
-    echo '[Unit]' > /etc/systemd/system/matrix.service
-    echo 'Description=Synapse Matrix homeserver' >> /etc/systemd/system/matrix.service
-    echo 'After=network.target nginx.target' >> /etc/systemd/system/matrix.service
-    echo '' >> /etc/systemd/system/matrix.service
-    echo '[Service]' >> /etc/systemd/system/matrix.service
-    echo 'Type=simple' >> /etc/systemd/system/matrix.service
-    echo 'User=matrix' >> /etc/systemd/system/matrix.service
-    echo "WorkingDirectory=/etc/matrix" >> /etc/systemd/system/matrix.service
-    echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml" >> /etc/systemd/system/matrix.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/matrix.service
-    echo 'RestartSec=10' >> /etc/systemd/system/matrix.service
-    echo '' >> /etc/systemd/system/matrix.service
-    echo '[Install]' >> /etc/systemd/system/matrix.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/matrix.service
+    { echo '[Unit]';
+      echo 'Description=Synapse Matrix homeserver';
+      echo 'After=network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=matrix';
+      echo "WorkingDirectory=/etc/matrix";
+      echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/matrix.service
     systemctl enable matrix
     systemctl daemon-reload
     systemctl start matrix
@@ -701,18 +700,19 @@ function install_home_server {
     fi
     chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
 
-    cd $MATRIX_DATA_DIR
+    cd "$MATRIX_DATA_DIR" || exit 365856835
     sqlite3 homeserver.db "PRAGMA auto_vacuum = FULL;"
 
-    MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
+    #MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
+    add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}
     echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
     systemctl restart tor
 
-    if [ ! ${MATRIX_PASSWORD} ]; then
-        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-            MATRIX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "${MATRIX_PASSWORD}" ]; then
+        if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+            MATRIX_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            MATRIX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            MATRIX_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -733,8 +733,8 @@ function install_matrix {
 
     check_ram_availability 1500
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     if [[ ${ONION_ONLY} == 'no' ]]; then
@@ -806,19 +806,19 @@ function install_matrix {
     set_completion_param "matrix domain" "$MATRIX_DOMAIN_NAME"
 
     # Add avahi services
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/matrix.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/matrix.service
-    echo '<service-group>' >> /etc/avahi/services/matrix.service
-    echo '  <name replace-wildcards="yes">%h MATRIX</name>' >> /etc/avahi/services/matrix.service
-    echo '  <service>' >> /etc/avahi/services/matrix.service
-    echo '    <type>_matrix._tcp</type>' >> /etc/avahi/services/matrix.service
-    echo "    <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service
-    echo '  </service>' >> /etc/avahi/services/matrix.service
-    echo '  <service>' >> /etc/avahi/services/matrix.service
-    echo '    <type>_matrix._udp</type>' >> /etc/avahi/services/matrix.service
-    echo "    <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service
-    echo '  </service>' >> /etc/avahi/services/matrix.service
-    echo '</service-group>' >> /etc/avahi/services/matrix.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h MATRIX</name>';
+      echo '  <service>';
+      echo '    <type>_matrix._tcp</type>';
+      echo "    <port>$MATRIX_HTTP_PORT</port>";
+      echo '  </service>';
+      echo '  <service>';
+      echo '    <type>_matrix._udp</type>';
+      echo "    <port>$MATRIX_HTTP_PORT</port>";
+      echo '  </service>';
+      echo '</service-group>'; } > /etc/avahi/services/matrix.service
 
     systemctl restart avahi-daemon
 

src/freedombone-app-mediagoblin

@@ -71,7 +71,7 @@ function mediagoblin_fix_email {
     if ! grep -q 'import os' $mgfile; then
         sed -i '/import sys/a import os' $mgfile
     fi
-    sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
+    sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \\| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
 }
 
 function install_interactive_mediagoblin {
@@ -92,7 +92,7 @@ function configure_interactive_mediagoblin {
     dialog --title $"Mediagoblin" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nAllow registration of new users?" 10 60
+           --yesno $"\\nAllow registration of new users?" 10 60
     sel=$?
     case $sel in
         0)
@@ -139,7 +139,7 @@ function reconfigure_mediagoblin {
 }
 
 function upgrade_mediagoblin {
-    CURR_MEDIAGOBLIN_COMMIT=$(cat $COMPLETION_FILE | grep "mediagoblin commit" | awk -F ':' '{print $2}')
+    CURR_MEDIAGOBLIN_COMMIT=$(grep "mediagoblin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_MEDIAGOBLIN_COMMIT" != "$MEDIAGOBLIN_COMMIT" ]]; then
         MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
         su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && git stash && git pull" - mediagoblin
@@ -182,6 +182,7 @@ function restore_local_mediagoblin {
         else
             cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check restore_directory_from_usb
             set_user_permissions
@@ -195,6 +196,7 @@ function restore_local_mediagoblin {
         else
             cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check set_user_permissions
             set_user_permissions
@@ -214,24 +216,25 @@ function backup_remote_mediagoblin {
     MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
     if [ -d /etc/mediagoblin ]; then
         echo $"Backing up mediagoblin"
-        backup_directory_to_friend $MEDIAGOBLIN_BASE_DIR mediagoblin
+        backup_directory_to_friend "$MEDIAGOBLIN_BASE_DIR" mediagoblin
         backup_directory_to_friend /var/lib/mediagoblin mediagoblindata
     fi
 }
 
 function restore_remote_mediagoblin {
     MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
-    if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/mediagoblin" ]; then
         temp_restore_dir=/root/tempmediagoblin
         function_check get_completion_param
         MEDIAGOBLIN_DOMAIN_NAME=$(get_completion_param "mediagoblin domain")
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir mediagoblin
-        if [ -d ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR ]; then
-            cp -r ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/* $MEDIAGOBLIN_BASE_DIR/
+        if [ -d "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR" ]; then
+            cp -r "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/*" "$MEDIAGOBLIN_BASE_DIR/"
         else
-            cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/
+            cp -r "${temp_restore_dir}/*" "$MEDIAGOBLIN_BASE_DIR/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 264824
         fi
@@ -241,12 +244,13 @@ function restore_remote_mediagoblin {
         else
             cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 268492
         fi
         rm -rf ${temp_restore_dir}
         rm -rf ${temp_restore_dir}2
-        chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
+        chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
         chown -hR mediagoblin:www-data /var/lib/mediagoblin
         chmod -R g+wx /var/lib/mediagoblin
     fi
@@ -264,17 +268,17 @@ function remove_mediagoblin {
 
     function_check remove_onion_service
     remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT}
-    nginx_dissite $MEDIAGOBLIN_DOMAIN_NAME
-    remove_certs $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_dissite "$MEDIAGOBLIN_DOMAIN_NAME"
+    remove_certs "$MEDIAGOBLIN_DOMAIN_NAME"
     if [ -d /var/lib/mediagoblin ]; then
         rm -rf /var/lib/mediagoblin
     fi
-    if [ -d $MEDIAGOBLIN_BASE_DIR ]; then
-        rm -rf $MEDIAGOBLIN_BASE_DIR
+    if [ -d "$MEDIAGOBLIN_BASE_DIR" ]; then
+        rm -rf "$MEDIAGOBLIN_BASE_DIR"
     fi
     remove_completion_param "install_mediagoblin"
     remove_completion_param "mediagoblin domain"
-    sed -i '/mediagoblin/d' $COMPLETION_FILE
+    sed -i '/mediagoblin/d' "$COMPLETION_FILE"
 
     remove_nodejs mediagoblin
 
@@ -282,11 +286,11 @@ function remove_mediagoblin {
     userdel -r mediagoblin
 
     function_check remove_ddns_domain
-    remove_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+    remove_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"
 }
 
 function install_mediagoblin {
-    if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
+    if [ ! "$MEDIAGOBLIN_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -304,17 +308,17 @@ function install_mediagoblin {
     useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
     usermod --append -G mediagoblin mediagoblin
     mkdir -p /var/lib/mediagoblin
-    mkdir -p $MEDIAGOBLIN_BASE_DIR
-    chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
+    mkdir -p "$MEDIAGOBLIN_BASE_DIR"
+    chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
     chown -hR mediagoblin:www-data /var/lib/mediagoblin
     chmod -R g+wx /var/lib/mediagoblin
 
     if [ -d /repos/mediagoblin ]; then
-        mkdir -p $MEDIAGOBLIN_BASE_DIR/mediagoblin
-        cp -r -p /repos/mediagoblin/. $MEDIAGOBLIN_BASE_DIR/mediagoblin
-        cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        mkdir -p "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
+        cp -r -p /repos/mediagoblin/. "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
+        cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 347593563
         git pull
-        chown -R mediagoblin:mediagoblin $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        chown -R mediagoblin:mediagoblin "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
     else
         su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
     fi
@@ -340,7 +344,7 @@ function install_mediagoblin {
             gstreamer1.0-plugins-ugly \
             gstreamer1.0-libav \
             python-gst-1.0 python3-gst-1.0
-    cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
+    cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 76345672472
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.video]]' | tee -a mediagoblin_local.ini" - mediagoblin
 
     # Audio plugin
@@ -349,14 +353,14 @@ function install_mediagoblin {
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.audio]]' | tee -a mediagoblin_local.ini" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && bin/pip install scikits.audiolab" - mediagoblin
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MEDIAGOBLIN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MEDIAGOBLIN_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $MEDIAGOBLIN_ADMIN_PASSWORD ]; then
-            MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MEDIAGOBLIN_ADMIN_PASSWORD" ]; then
+            MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD"
 
     MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
     set_completion_param "mediagoblin domain" "${MEDIAGOBLIN_DOMAIN_NAME}"
@@ -365,157 +369,157 @@ function install_mediagoblin {
 
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    default_type  application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        nginx_http_redirect "$MEDIAGOBLIN_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo '    include /etc/nginx/mime.types;';
+          echo '';
+          echo '    autoindex off;';
+          echo '    default_type  application/octet-stream;';
+          echo '    sendfile on;';
+          echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
+        nginx_ssl "$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+        nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "    server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
+        { echo '';
+          echo '    client_header_timeout 10m;';
+          echo '    client_body_timeout 10m;';
+          echo '    send_timeout 10m;';
+          echo '';
+          echo '    fastcgi_read_timeout 600;';
+          echo '    fastcgi_send_timeout 600;';
+          echo '';
+          echo '    gzip on;';
+          echo '    gzip_min_length 1024;';
+          echo '    gzip_buffers 4 32k;';
+          echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
+          echo '';
+          echo "    server_name $MEDIAGOBLIN_DOMAIN_NAME;";
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
 
-        echo '    location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+          echo '    location /mgoblin_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
+          echo '    }';
+          echo '';
+          echo '    location /mgoblin_media/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
+          echo '    }';
+          echo '';
+          echo '    location /theme_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
+          echo '    }';
+          echo '';
+          echo '    location /plugin_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
+          echo '    }';
+          echo '';
+          echo '    location / {';
+          echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
+          echo '        include /etc/nginx/fastcgi_params;';
+          echo "        fastcgi_param PATH_INFO \$fastcgi_script_name;";
+          echo '        fastcgi_param SCRIPT_NAME "";';
+          echo '        fastcgi_read_timeout 30;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
     else
-        echo -n '' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    default_type  application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;";
+      echo '    include /etc/nginx/mime.types;';
+      echo '';
+      echo '    autoindex off;';
+      echo '    default_type  application/octet-stream;';
+      echo '    sendfile on;';
+      echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
+    { echo '';
+      echo '    client_header_timeout 10m;';
+      echo '    client_body_timeout 10m;';
+      echo '    send_timeout 10m;';
+      echo '';
+      echo '    fastcgi_read_timeout 600;';
+      echo '    fastcgi_send_timeout 600;';
+      echo '';
+      echo '    gzip on;';
+      echo '    gzip_min_length 1024;';
+      echo '    gzip_buffers 4 32k;';
+      echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
+      echo '';
+      echo "    server_name $MEDIAGOBLIN_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
 
-    echo '    location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+      echo '    location /mgoblin_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
+      echo '    }';
+      echo '';
+      echo '    location /mgoblin_media/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
+      echo '    }';
+      echo '';
+      echo '    location /theme_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
+      echo '    }';
+      echo '';
+      echo '    location /plugin_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
+      echo '    }';
+      echo '';
+      echo '    location / {';
+      echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
+      echo '        include /etc/nginx/fastcgi_params;';
+      echo "        fastcgi_param PATH_INFO \$fastcgi_script_name;";
+      echo '        fastcgi_param SCRIPT_NAME "";';
+      echo '        fastcgi_read_timeout 30;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
 
-    echo '[Unit]' > /etc/systemd/system/mediagoblin.service
-    echo 'Description=Media service' >> /etc/systemd/system/mediagoblin.service
-    echo 'Requires=network.target' >> /etc/systemd/system/mediagoblin.service
-    echo 'After=network.target' >> /etc/systemd/system/mediagoblin.service
-    echo '' >> /etc/systemd/system/mediagoblin.service
-    echo '[Service]' >> /etc/systemd/system/mediagoblin.service
-    echo 'Type=simple' >> /etc/systemd/system/mediagoblin.service
-    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin.service
-    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin.service
-    echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/" >> /etc/systemd/system/mediagoblin.service
-    echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT" >> /etc/systemd/system/mediagoblin.service
-    echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true" >> /etc/systemd/system/mediagoblin.service
-    echo 'Restart=always' >> /etc/systemd/system/mediagoblin.service
-    echo 'RestartSec=10' >> /etc/systemd/system/mediagoblin.service
-    echo '' >> /etc/systemd/system/mediagoblin.service
-    echo '[Install]' >> /etc/systemd/system/mediagoblin.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin.service
+    { echo '[Unit]';
+      echo 'Description=Media service';
+      echo 'Requires=network.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=mediagoblin';
+      echo 'Group=mediagoblin';
+      echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/";
+      echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT";
+      echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mediagoblin.service
     chmod +x /etc/systemd/system/mediagoblin.service
 
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg dbupdate" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg adduser --username $MY_USERNAME --password $MY_USERNAME $MEDIAGOBLIN_ADMIN_PASSWORD" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg makeadmin $MY_USERNAME" - mediagoblin
 
-    sed -i 's|email_debug_mode.*|email_debug_mode = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-    sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    sed -i 's|email_debug_mode.*|email_debug_mode = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
+    sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
 
-    sed -i 's|allow_reporting.*|allow_reporting = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    sed -i 's|allow_reporting.*|allow_reporting = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
 
-    if ! grep -q '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
-        echo '[[[skip_transcode]]]' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'container_formats = Matroska, Ogg, ISO MP4/M4A' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'audio_codecs = Vorbis, MPEG-4 AAC' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'dimensions_match = false' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    if ! grep -q '[[[skip_transcode]]]' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"; then
+        { echo '[[[skip_transcode]]]';
+          echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex';
+          echo 'container_formats = Matroska, Ogg, ISO MP4/M4A';
+          echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video';
+          echo 'audio_codecs = Vorbis, MPEG-4 AAC';
+          echo 'dimensions_match = false'; } >> "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
     fi
 
     systemctl enable mediagoblin
@@ -529,18 +533,18 @@ function install_mediagoblin {
     fi
 
     function_check create_site_certificate
-    create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME 'yes'
+    create_site_certificate "$MEDIAGOBLIN_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
 
-    nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_ensite "$MEDIAGOBLIN_DOMAIN_NAME"
 
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
     function_check add_ddns_domain
-    add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+    add_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"
 
     chown -hR mediagoblin:www-data /var/lib/mediagoblin
     chmod -R g+wx /var/lib/mediagoblin

src/freedombone-app-movim

@@ -58,19 +58,19 @@ function logging_off_movim {
 function remove_user_movim {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp movim
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp movim
 }
 
 function add_user_movim {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a movim -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a movim -p "$new_user_password"
     echo '0'
 }
 
 function install_interactive_movim {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -80,39 +80,38 @@ function install_interactive_movim {
         MOVIM_DETAILS_COMPLETE=
         while [ ! $MOVIM_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Movim Configuration" \
-                       --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
+                       --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
                        $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'MOVIM_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Movim Configuration" \
-                       --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
+                       --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
                        $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
                 1) exit 1;;
                 255) exit 1;;
             esac
-            MOVIM_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $MOVIM_DOMAIN_NAME ]; then
+            MOVIM_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$MOVIM_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$MOVIM_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $MOVIM_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$MOVIM_DOMAIN_NAME" ]]; then
                     MOVIM_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        MOVIM_CODE=$(cat $data | sed -n 2p)
+                        MOVIM_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$MOVIM_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             MOVIM_DOMAIN_NAME=
                         fi
                     fi
@@ -121,6 +120,7 @@ function install_interactive_movim {
             if [ $MOVIM_DOMAIN_NAME ]; then
                 MOVIM_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -136,23 +136,23 @@ function change_password_movim {
 
     read_config_param 'MOVIM_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a movim -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a movim -p "$new_user_password"
 }
 
 function movim_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MOVIM_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MOVIM_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $MOVIM_ADMIN_PASSWORD ]; then
-            MOVIM_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
+            MOVIM_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $MOVIM_ADMIN_PASSWORD ]; then
+    if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database movim "$MOVIM_ADMIN_PASSWORD" $MY_USERNAME
+    create_database movim "$MOVIM_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_movim {
@@ -165,35 +165,35 @@ function upgrade_movim {
         return
     fi
 
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$MOVIM_DOMAIN_NAME/htdocs "movim commit" "$MOVIM_COMMIT" $MOVIM_REPO
+    set_repo_commit "/var/www/$MOVIM_DOMAIN_NAME/htdocs" "movim commit" "$MOVIM_COMMIT" "$MOVIM_REPO"
 
-    cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+    cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 6734824522
     php composer.phar install
     php mud.php db --set
-    chown -R www-data:www-data /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_movim {
     MOVIM_DOMAIN_NAME='movim'
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
     fi
 
-    source_directory=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
         dest_directory=movim
         function_check suspend_site
-        suspend_site ${MOVIM_DOMAIN_NAME}
+        suspend_site "${MOVIM_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb movim
@@ -204,28 +204,28 @@ function backup_local_movim {
 }
 
 function restore_local_movim {
-    if ! grep -q "movim domain" $COMPLETION_FILE; then
+    if ! grep -q "movim domain" "$COMPLETION_FILE"; then
         return
     fi
     MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
-    if [ $MOVIM_DOMAIN_NAME ]; then
+    if [ "$MOVIM_DOMAIN_NAME" ]; then
         echo $"Restoring movim"
         temp_restore_dir=/root/tempmovim
         movim_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd $movim_dir
+        cd "$movim_dir" || exit 7856724252
         su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
 
         function_check movim_create_database
         movim_create_database
 
-        restore_database movim ${MOVIM_DOMAIN_NAME}
+        restore_database movim "${MOVIM_DOMAIN_NAME}"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 2468724682
         sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
         MARIADB_PASSWORD=
 
@@ -234,18 +234,18 @@ function restore_local_movim {
 }
 
 function backup_remote_movim {
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
         temp_backup_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             function_check suspend_site
-            suspend_site ${MOVIM_DOMAIN_NAME}
+            suspend_site "${MOVIM_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend movim
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir movim
+            backup_directory_to_friend "$temp_backup_dir" movim
 
             function_check restart_site
             restart_site
@@ -256,25 +256,25 @@ function backup_remote_movim {
 }
 
 function restore_remote_movim {
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         echo $"Restoring movim"
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
 
         # stop the daemons
-        cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+        cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 524792846827
         su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
 
         function_check movim_create_database
         movim_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend movim ${MOVIM_DOMAIN_NAME}
+        restore_database_from_friend movim "${MOVIM_DOMAIN_NAME}"
         if [ -d /root/tempmovim ]; then
             rm -rf /root/tempmovim
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 4242462487
         sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
         MARIADB_PASSWORD=
 
@@ -298,14 +298,14 @@ function remove_movim {
 
     read_config_param "MY_USERNAME"
     echo "Removing $MOVIM_DOMAIN_NAME"
-    nginx_dissite $MOVIM_DOMAIN_NAME
-    remove_certs $MOVIM_DOMAIN_NAME
+    nginx_dissite "$MOVIM_DOMAIN_NAME"
+    remove_certs "$MOVIM_DOMAIN_NAME"
 
-    if [ -d /var/www/$MOVIM_DOMAIN_NAME ]; then
-        rm -rf /var/www/$MOVIM_DOMAIN_NAME
+    if [ -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$MOVIM_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database movim
@@ -316,15 +316,15 @@ function remove_movim {
     fi
     remove_app movim
     remove_completion_param install_movim
-    sed -i '/movim/d' $COMPLETION_FILE
+    sed -i '/movim/d' "$COMPLETION_FILE"
     remove_backup_database_local movim
 
     function_check remove_ddns_domain
-    remove_ddns_domain $MOVIM_DOMAIN_NAME
+    remove_ddns_domain "$MOVIM_DOMAIN_NAME"
 }
 
 function install_movim {
-    if [ ! $MOVIM_DOMAIN_NAME ]; then
+    if [ ! "$MOVIM_DOMAIN_NAME" ]; then
         echo $'No domain name was given for movim'
         exit 72572
     fi
@@ -333,7 +333,7 @@ function install_movim {
         return
     fi
 
-    movim_hourly_script movim $MOVIM_DOMAIN_NAME
+    movim_hourly_script movim "$MOVIM_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -347,221 +347,221 @@ function install_movim {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl
 
-    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME ]; then
-        mkdir /var/www/$MOVIM_DOMAIN_NAME
+    if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$MOVIM_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/movim ]; then
-            mkdir /var/www/$MOVIM_DOMAIN_NAME/htdocs
-            cp -r -p /repos/movim/. /var/www/$MOVIM_DOMAIN_NAME/htdocs
-            cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/movim/. "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+            cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 3768568325
             git pull
         else
             function_check git_clone
-            git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            git_clone "$MOVIM_REPO" "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone movim repo'
             exit 76285
         fi
     fi
 
-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 7345247242
     git checkout $MOVIM_COMMIT -b $MOVIM_COMMIT
     set_completion_param "movim commit" "$MOVIM_COMMIT"
 
     # default login
-    if [ ! -f /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php ]; then
+    if [ ! -f "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php" ]; then
         echo $'Unable to find Config.php'
         exit 72352
     fi
-    sed -i "s|'admin'|'${MY_USERNAME}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php
-    sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php
+    sed -i "s|'admin'|'${MY_USERNAME}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"
+    sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"
 
     # Fix typo
     sed -i 's|weksocket|websocket|g' app/widgets/AdminTest/admintest.js
 
-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 784368245224
     install_composer
 
-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 6428764224
     cp db.example.inc.php db.inc.php
     sed -i "s|'username'.*|'username'    => 'root',|g" db.inc.php
     sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
     sed -i "s|'database'.*|'database'    => 'movim'|g" db.inc.php
     php mud.php db --set
 
-    chmod u+rwx /var/www/$MOVIM_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    chmod u+rwx "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
 
     function_check movim_create_database
     movim_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $MOVIM_DOMAIN_NAME
+    add_ddns_domain "$MOVIM_DOMAIN_NAME"
 
     MOVIM_ONION_HOSTNAME=$(add_onion_service movim 80 ${MOVIM_ONION_PORT})
 
-    echo '[Unit]' > /etc/systemd/system/movim.service
-    echo 'Description=Movim daemon' >> /etc/systemd/system/movim.service
-    echo 'After=network.target nginx.target' >> /etc/systemd/system/movim.service
-    echo '' >> /etc/systemd/system/movim.service
-    echo '[Service]' >> /etc/systemd/system/movim.service
-    echo 'Type=simple' >> /etc/systemd/system/movim.service
-    echo 'User=www-data' >> /etc/systemd/system/movim.service
-    echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs" >> /etc/systemd/system/movim.service
+    { echo '[Unit]';
+      echo 'Description=Movim daemon';
+      echo 'After=network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs"; } > /etc/systemd/system/movim.service
     if [[ $ONION_ONLY == 'no' ]]; then
         echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=https://$MOVIM_DOMAIN_NAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
     else
         echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=http://$MOVIM_ONION_HOSTNAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
     fi
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/movim.service
-    echo 'SyslogIdentifier=movim' >> /etc/systemd/system/movim.service
-    echo 'PIDFile=/run/movim.pid' >> /etc/systemd/system/movim.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/movim.service
-    echo 'RestartSec=10' >> /etc/systemd/system/movim.service
-    echo '' >> /etc/systemd/system/movim.service
-    echo '[Install]' >> /etc/systemd/system/movim.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/movim.service
+    { echo 'StandardOutput=syslog';
+      echo 'SyslogIdentifier=movim';
+      echo 'PIDFile=/run/movim.pid';
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/movim.service
     systemctl enable movim
     systemctl daemon-reload
 
     movim_nginx_site=/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $MOVIM_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $movim_nginx_site
-        echo '  listen 443 ssl;' >> $movim_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $movim_nginx_site
-        echo "  server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
+        nginx_http_redirect "$MOVIM_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $MOVIM_DOMAIN_NAME;";
+          echo ''; } >> "$movim_nginx_site"
         function_check nginx_compress
-        nginx_compress $MOVIM_DOMAIN_NAME
-        echo '' >> $movim_nginx_site
-        echo '  # Security' >> $movim_nginx_site
+        nginx_compress "$MOVIM_DOMAIN_NAME"
+        echo '' >> "$movim_nginx_site"
+        echo '  # Security' >> "$movim_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $MOVIM_DOMAIN_NAME
+        nginx_ssl "$MOVIM_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $MOVIM_DOMAIN_NAME
+        nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Logs' >> $movim_nginx_site
-        echo '  access_log /dev/null;' >> $movim_nginx_site
-        echo '  error_log /dev/null;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Root' >> $movim_nginx_site
-        echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Index' >> $movim_nginx_site
-        echo '  index index.php;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # PHP' >> $movim_nginx_site
-        echo '  location ~ \.php {' >> $movim_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Location' >> $movim_nginx_site
-        echo '  location / {' >> $movim_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$movim_nginx_site"
         function_check nginx_limits
-        nginx_limits $MOVIM_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @movim;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  location /ws/ {' >> $movim_nginx_site
-        echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site
-        echo '    proxy_http_version 1.1;' >> $movim_nginx_site
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site
-        echo '    proxy_set_header Connection "Upgrade";' >> $movim_nginx_site
-        echo '    proxy_set_header Host $host;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site
-        echo '    proxy_redirect off;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Fancy URLs' >> $movim_nginx_site
-        echo '  location @movim {' >> $movim_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $movim_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $movim_nginx_site
-        echo '    deny all;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '}' >> $movim_nginx_site
+        nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @movim;";
+          echo '  }';
+          echo '';
+          echo '  location /ws/ {';
+          echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection "Upgrade";';
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_set_header X-Forwarded-Proto https;';
+          echo '    proxy_redirect off;';
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @movim {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$movim_nginx_site"
     else
-        echo -n '' > $movim_nginx_site
+        echo -n '' > "$movim_nginx_site"
     fi
-    echo 'server {' >> $movim_nginx_site
-    echo "    listen 127.0.0.1:$MOVIM_ONION_PORT default_server;" >> $movim_nginx_site
-    echo "    server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MOVIM_ONION_PORT default_server;";
+      echo "    server_name $MOVIM_DOMAIN_NAME;";
+      echo ''; } >> "$movim_nginx_site"
     function_check nginx_compress
-    nginx_compress $MOVIM_DOMAIN_NAME
-    echo '' >> $movim_nginx_site
+    nginx_compress "$MOVIM_DOMAIN_NAME"
+    echo '' >> "$movim_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MOVIM_DOMAIN_NAME
-    echo '' >> $movim_nginx_site
-    echo '  # Logs' >> $movim_nginx_site
-    echo '  access_log /dev/null;' >> $movim_nginx_site
-    echo '  error_log /dev/null;' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Root' >> $movim_nginx_site
-    echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Index' >> $movim_nginx_site
-    echo '  index index.php;' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # PHP' >> $movim_nginx_site
-    echo '  location ~ \.php {' >> $movim_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Location' >> $movim_nginx_site
-    echo '  location / {' >> $movim_nginx_site
+    nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$movim_nginx_site"
     function_check nginx_limits
-    nginx_limits $MOVIM_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @movim;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  location /ws/ {' >> $movim_nginx_site
-    echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site
-    echo '    proxy_http_version 1.1;' >> $movim_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site
-    echo '    proxy_set_header Connection "Upgrade";' >> $movim_nginx_site
-    echo '    proxy_set_header Host $host;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site
-    echo '    proxy_redirect off;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Fancy URLs' >> $movim_nginx_site
-    echo '  location @movim {' >> $movim_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $movim_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $movim_nginx_site
-    echo '    deny all;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '}' >> $movim_nginx_site
+    nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @movim;";
+      echo '  }';
+      echo '';
+      echo '  location /ws/ {';
+      echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection "Upgrade";';
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_set_header X-Forwarded-Proto https;';
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @movim {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '}'; } >> "$movim_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $MOVIM_DOMAIN_NAME 'yes'
+    create_site_certificate "$MOVIM_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -572,9 +572,9 @@ function install_movim {
     backup_database_local movim
 
     function_check nginx_ensite
-    nginx_ensite $MOVIM_DOMAIN_NAME
+    nginx_ensite "$MOVIM_DOMAIN_NAME"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a movim -p "$MOVIM_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a movim -p "$MOVIM_ADMIN_PASSWORD"
 
     set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME"
 

src/freedombone-app-mumble

@@ -86,7 +86,7 @@ function upgrade_mumble {
         usermod -a -G ssl-cert mumble-server
     fi
 
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
         if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
             sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
             sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
@@ -117,17 +117,18 @@ function backup_local_mumble {
 }
 
 function restore_local_mumble {
-    if [ -d $USB_MOUNT/backup/mumble ]; then
+    if [ -d "$USB_MOUNT/backup/mumble" ]; then
         echo $"Restoring mumble settings"
         temp_restore_dir=/root/tempmumble
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir voip
         restore_directory_from_usb $temp_restore_dir mumble
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
         else
             cp -f $temp_restore_dir/mumble-server.ini /etc/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             function_check set_user_permissions
@@ -136,11 +137,12 @@ function restore_local_mumble {
             backup_unmount_drive
             exit 3679
         fi
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
         else
             cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             function_check set_user_permissions
@@ -171,29 +173,27 @@ function backup_remote_mumble {
 }
 
 function restore_remote_mumble {
-    if [ -d $SERVER_DIRECTORY/backup/mumble ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/mumble" ]; then
         echo $"Restoring Mumble settings"
         temp_restore_dir=/root/tempmumble
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir mumble
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
         else
             cp -f $temp_restore_dir/mumble-server.ini /etc/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 7823
         fi
-        if [ ! "$?" = "0" ]; then
-            rm -rf $temp_restore_dir
-            exit 7823
-        fi
-        if [ $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
         else
             cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 276
@@ -221,51 +221,51 @@ function remove_mumble {
     fi
     function_check remove_onion_service
     remove_onion_service mumble ${MUMBLE_PORT}
-    sed -i '/mumble/d' $COMPLETION_FILE
+    sed -i '/mumble/d' "$COMPLETION_FILE"
 }
 
 function configure_firewall_for_mumble {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $ONION_ONLY != "no" ]]; then
         return
     fi
     firewall_add Mumble ${MUMBLE_PORT}
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_mumble {
     apt-get -yq install mumble-server
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MUMBLE_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MUMBLE_SERVER_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $MUMBLE_SERVER_PASSWORD ]; then
-            MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-            if [ ${#MUMBLE_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
-                MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MUMBLE_SERVER_PASSWORD" ]; then
+            MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+            if [ ${#MUMBLE_SERVER_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
+                MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
             fi
         fi
     fi
 
     if [[ ${ONION_ONLY} == 'no' ]]; then
-        if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
-            mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
+        if [ ! -d "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs" ]; then
+            mkdir "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs"
         fi
-        if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-                rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
+        if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
+                rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt"
             fi
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
-                rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" ]; then
+                rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"
             fi
             echo $'Obtaining certificate for the main domain'
             function_check create_site_certificate
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
-            chmod 755 /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
+            create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
+            chmod 755 "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"
 
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
                 echo $'Incorrect certificate generated'
                 exit 78352
             fi
@@ -276,9 +276,9 @@ function install_mumble {
 
 
     # Make an ssl cert for the server
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
         if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
-            ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
+            "${PROJECT_NAME}-addcert" -h mumble --dhkey "$DH_KEYLENGTH"
             function_check check_certificates
             check_certificates mumble
         fi
@@ -318,7 +318,7 @@ function install_mumble {
         echo 'allowping=False' >> /etc/mumble-server.ini
     fi
     sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
         sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
         sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
     else
@@ -335,7 +335,8 @@ function install_mumble {
     sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
     sed -i "s|port=.*|port=${MUMBLE_PORT}|g" /etc/mumble-server.ini
 
-    MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT})
+    #MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT})
+    add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT}
 
     # turn off logs by default
     sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini

src/freedombone-app-nextcloud

@@ -60,14 +60,14 @@ function logging_off_nextcloud {
 function remove_user_nextcloud {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp nextcloud
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp nextcloud
 }
 
 function add_user_nextcloud {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a nextcloud -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a nextcloud -p "$new_user_password"
     echo '0'
 }
 
@@ -76,12 +76,12 @@ function change_password_nextcloud {
 
     export OC_PASS="$2"
     su -s /bin/sh www-data -c "php occ user:resetpassword --password-from-env $curr_username"
-    ${PROJECT_NAME}-pass -u $curr_username -a nextcloud -p "$OC_PASS"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$OC_PASS"
     export OC_PASS=""
 }
 
 function install_interactive_nextcloud {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -91,42 +91,40 @@ function install_interactive_nextcloud {
         NEXTCLOUD_DETAILS_COMPLETE=
         while [ ! $NEXTCLOUD_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"NextCloud Configuration" \
-                       --form $"\nPlease enter your NextCloud details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
+                       --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
                        $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
                        $"Code:" 2 1 "$(grep 'NEXTCLOUD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"NextCloud Configuration" \
-                       --form $"\nPlease enter your NextCloud details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
+                       --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
                        $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            NEXTCLOUD_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ ${#img_url} -gt 1 ]; then
-                NEXTCLOUD_BACKGROUND_IMAGE_URL=$img_url
-            fi
-            if [ $NEXTCLOUD_DOMAIN_NAME ]; then
+            NEXTCLOUD_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$NEXTCLOUD_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $NEXTCLOUD_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$NEXTCLOUD_DOMAIN_NAME" ]]; then
                     NEXTCLOUD_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        NEXTCLOUD_CODE=$(cat $data | sed -n 2p)
+                        NEXTCLOUD_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$NEXTCLOUD_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             NEXTCLOUD_DOMAIN_NAME=
                         fi
                     fi
@@ -135,11 +133,12 @@ function install_interactive_nextcloud {
             if [ $NEXTCLOUD_DOMAIN_NAME ]; then
                 NEXTCLOUD_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # remove any invalid characters
         if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then
-            new_title=$(echo "$NEXTCLOUD_TITLE" | sed "s|'||g")
+            new_title=${"$NEXTCLOUD_TITLE"//\'//}
             NEXTCLOUD_TITLE="$new_title"
         fi
 
@@ -156,23 +155,23 @@ function change_password_nextcloud {
 
     read_config_param ${NEXTCLOUD_DOMAIN_NAME}
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a nextcloud -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$new_user_password"
 }
 
 function nextcloud_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        NEXTCLOUD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        NEXTCLOUD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then
-            NEXTCLOUD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
+            NEXTCLOUD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then
+    if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_nextcloud {
@@ -186,7 +185,7 @@ function configure_interactive_nextcloud {
 function upgrade_nextcloud_base {
     chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
     chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data
-    cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 232547985
     sudo -u www-data ./occ maintenance:repair
     sudo -u www-data ./occ files:cleanup
     sudo -u www-data ./occ files:scan --all
@@ -200,13 +199,13 @@ function upgrade_nextcloud {
         return
     fi
 
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs "nextcloud commit" "$NEXTCLOUD_COMMIT" $NEXTCLOUD_REPO
+    set_repo_commit "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" "nextcloud commit" "$NEXTCLOUD_COMMIT" "$NEXTCLOUD_REPO"
 
     upgrade_nextcloud_base
     sudo -u www-data ./occ upgrade
@@ -215,22 +214,22 @@ function upgrade_nextcloud {
 
 function backup_local_nextcloud {
     NEXTCLOUD_DOMAIN_NAME='nextcloud'
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
     fi
 
     source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-    if [ -d $source_directory ]; then
+    if [ -d "$source_directory" ]; then
         function_check suspend_site
-        suspend_site ${NEXTCLOUD_DOMAIN_NAME}
+        suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
 
         dest_directory=nextcloudfiles
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
         dest_directory=nextcloudconfig
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb nextcloud
@@ -241,26 +240,26 @@ function backup_local_nextcloud {
 }
 
 function restore_local_nextcloud {
-    if ! grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if ! grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         return
     fi
     NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
-    if [ $NEXTCLOUD_DOMAIN_NAME ]; then
+    if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
 
         temp_restore_dir=/root/tempnextcloud
         function_check nextcloud_create_database
         nextcloud_create_database
-        restore_database nextcloud ${NEXTCLOUD_DOMAIN_NAME}
+        restore_database nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
 
         temp_restore_dir=/root/tempnextcloudfiles
         restore_directory_from_usb $temp_restore_dir nextcloudfiles
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         fi
-
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -271,12 +270,13 @@ function restore_local_nextcloud {
         temp_restore_dir=/root/tempnextcloudconfig
         restore_directory_from_usb $temp_restore_dir nextcloudconfig
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -284,9 +284,9 @@ function restore_local_nextcloud {
         fi
         rm -rf ${temp_restore_dir}
 
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        cd $nextcloud_dir
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+        cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 14893545875
         sudo -u www-data ./occ maintenance:repair
         sudo -u www-data ./occ files:cleanup
         sudo -u www-data ./occ files:scan --all
@@ -294,21 +294,21 @@ function restore_local_nextcloud {
 }
 
 function backup_remote_nextcloud {
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
         temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             function_check suspend_site
-            suspend_site ${NEXTCLOUD_DOMAIN_NAME}
+            suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend nextcloud
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir nextclouddata
+            backup_directory_to_friend "$temp_backup_dir" nextclouddata
 
             temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
-            backup_directory_to_friend $temp_backup_dir nextcloudconfig
+            backup_directory_to_friend "$temp_backup_dir" nextcloudconfig
 
             function_check restart_site
             restart_site
@@ -319,7 +319,7 @@ function backup_remote_nextcloud {
 }
 
 function restore_remote_nextcloud {
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         echo $"Restoring nextcloud"
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
 
@@ -327,7 +327,7 @@ function restore_remote_nextcloud {
         nextcloud_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend nextcloud ${NEXTCLOUD_DOMAIN_NAME}
+        restore_database_from_friend nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
         if [ -d /root/tempnextcloud ]; then
             rm -rf /root/tempnextcloud
         fi
@@ -335,12 +335,12 @@ function restore_remote_nextcloud {
         temp_restore_dir=/root/tempnextcloudfiles
         restore_directory_from_friend $temp_restore_dir nextcloudfiles
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         fi
-
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 768254
         fi
@@ -349,20 +349,21 @@ function restore_remote_nextcloud {
         temp_restore_dir=/root/tempnextcloudconfig
         restore_directory_from_friend $temp_restore_dir nextcloudconfig
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 573427
         fi
         rm -rf ${temp_restore_dir}
 
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+        cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2642846824
         sudo -u www-data ./occ maintenance:repair
         sudo -u www-data ./occ files:cleanup
         sudo -u www-data ./occ files:scan --all
@@ -381,13 +382,13 @@ function remove_nextcloud {
     read_config_param "NEXTCLOUD_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $NEXTCLOUD_DOMAIN_NAME"
-    nginx_dissite $NEXTCLOUD_DOMAIN_NAME
-    remove_certs $NEXTCLOUD_DOMAIN_NAME
-    if [ -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$NEXTCLOUD_DOMAIN_NAME
+    nginx_dissite "$NEXTCLOUD_DOMAIN_NAME"
+    remove_certs "$NEXTCLOUD_DOMAIN_NAME"
+    if [ -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$NEXTCLOUD_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database nextcloud
@@ -395,17 +396,17 @@ function remove_nextcloud {
     remove_onion_service nextcloud ${NEXTCLOUD_ONION_PORT}
     remove_app nextcloud
     remove_completion_param install_nextcloud
-    sed -i '/nextcloud/d' $COMPLETION_FILE
+    sed -i '/nextcloud/d' "$COMPLETION_FILE"
     remove_backup_database_local nextcloud
 
     function_check remove_ddns_domain
-    remove_ddns_domain $NEXTCLOUD_DOMAIN_NAME
+    remove_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
     systemctl restart nginx
     systemctl restart php7.0-fpm
 }
 
 function install_nextcloud_main {
-    if [ ! $NEXTCLOUD_DOMAIN_NAME ]; then
+    if [ ! "$NEXTCLOUD_DOMAIN_NAME" ]; then
         echo $'No domain name was given for nextcloud'
         exit 7359
     fi
@@ -434,34 +435,34 @@ function install_nextcloud_main {
     fi
     sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
 
-    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
-        mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME
+    if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/nextcloud ]; then
-            mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/nextcloud/. /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-            cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/nextcloud/. "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 2783539793
             git pull
         else
             function_check git_clone
-            git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            git_clone "$NEXTCLOUD_REPO" "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone nextcloud repo'
             exit 87525
         fi
     fi
 
-    cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 3468346834
     git submodule update --init
     git checkout $NEXTCLOUD_COMMIT -b $NEXTCLOUD_COMMIT
     set_completion_param "nextcloud commit" "$NEXTCLOUD_COMMIT"
 
-    chmod g+w /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
 
     function_check nextcloud_create_database
     nextcloud_create_database
@@ -474,154 +475,154 @@ function install_nextcloud_main {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $NEXTCLOUD_DOMAIN_NAME
+    add_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
 
     nextcloud_nginx_site=/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $NEXTCLOUD_DOMAIN_NAME
-        echo 'server {' >> $nextcloud_nginx_site
-        echo '  listen 443 ssl;' >> $nextcloud_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $nextcloud_nginx_site
-        echo "  server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Security' >> $nextcloud_nginx_site
+        nginx_http_redirect "$NEXTCLOUD_DOMAIN_NAME"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $NEXTCLOUD_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> "$nextcloud_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $NEXTCLOUD_DOMAIN_NAME mobile
+        nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME
+        nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Logs' >> $nextcloud_nginx_site
-        echo '  access_log /dev/null;' >> $nextcloud_nginx_site
-        echo '  error_log /dev/null;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Root' >> $nextcloud_nginx_site
-        echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Index' >> $nextcloud_nginx_site
-        echo '  index index.php;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
 
-        # By default nextcloud advertises highly specific version information
-        # on status.php, which can obviously be used by adversaries.
-        # Blocking status.php prevents this information leak
-        echo '  location = /status.php {' >> $nextcloud_nginx_site
-        echo '    return 404;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
+          # By default nextcloud advertises highly specific version information
+          # on status.php, which can obviously be used by adversaries.
+          # Blocking status.php prevents this information leak
+          echo '  location = /status.php {';
+          echo '    return 404;';
+          echo '  }';
+          echo '';
 
-        echo '  # PHP' >> $nextcloud_nginx_site
-        echo '  location ~ \.php {' >> $nextcloud_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Location' >> $nextcloud_nginx_site
-        echo '  location / {' >> $nextcloud_nginx_site
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$nextcloud_nginx_site"
         function_check nginx_limits
-        nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Fancy URLs' >> $nextcloud_nginx_site
-        echo '  location @nextcloud {' >> $nextcloud_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $nextcloud_nginx_site
-        echo '    deny all;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  location = /.well-known/carddav {' >> $nextcloud_nginx_site
-        echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '  location = /.well-known/caldav {' >> $nextcloud_nginx_site
-        echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
-        echo '}' >> $nextcloud_nginx_site
+        nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @nextcloud;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @nextcloud {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '  location = /.well-known/carddav {';
+          echo "    return 301 \$scheme://\$host/remote.php/dav;";
+          echo '  }';
+          echo '  location = /.well-known/caldav {';
+          echo "    return 301 \$scheme://\$host/remote.php/dav;";
+          echo '  }';
+          echo '';
+          echo '  location /.well-known/acme-challenge { }';
+          echo '}'; } >> "$nextcloud_nginx_site"
     else
-        echo -n '' > $nextcloud_nginx_site
+        echo -n '' > "$nextcloud_nginx_site"
     fi
-    echo 'server {' >> $nextcloud_nginx_site
-    echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;" >> $nextcloud_nginx_site
-    echo "    server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;";
+      echo "    server_name $NEXTCLOUD_DOMAIN_NAME;";
+      echo ''; } >> "$nextcloud_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Logs' >> $nextcloud_nginx_site
-    echo '  access_log /dev/null;' >> $nextcloud_nginx_site
-    echo '  error_log /dev/null;' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Root' >> $nextcloud_nginx_site
-    echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Index' >> $nextcloud_nginx_site
-    echo '  index index.php;' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+    nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
 
-    # By default nextcloud advertises highly specific version information
-    # on status.php, which can obviously be used by adversaries.
-    # Blocking status.php prevents this information leak
-    echo '  location = /status.php {' >> $nextcloud_nginx_site
-    echo '    return 404;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+      # By default nextcloud advertises highly specific version information
+      # on status.php, which can obviously be used by adversaries.
+      # Blocking status.php prevents this information leak
+      echo '  location = /status.php {';
+      echo '    return 404;';
+      echo '  }';
+      echo '';
 
-    echo '  # PHP' >> $nextcloud_nginx_site
-    echo '  location ~ \.php {' >> $nextcloud_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Location' >> $nextcloud_nginx_site
-    echo '  location / {' >> $nextcloud_nginx_site
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$nextcloud_nginx_site"
     function_check nginx_limits
-    nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Fancy URLs' >> $nextcloud_nginx_site
-    echo '  location @nextcloud {' >> $nextcloud_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $nextcloud_nginx_site
-    echo '    deny all;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  location = /.well-known/carddav {' >> $nextcloud_nginx_site
-    echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '  location = /.well-known/caldav {' >> $nextcloud_nginx_site
-    echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
-    echo '}' >> $nextcloud_nginx_site
+    nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @nextcloud;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @nextcloud {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  location = /.well-known/carddav {';
+      echo "    return 301 \$scheme://\$host/remote.php/dav;";
+      echo '  }';
+      echo '  location = /.well-known/caldav {';
+      echo "    return 301 \$scheme://\$host/remote.php/dav;";
+      echo '  }';
+      echo '';
+      echo '  location /.well-known/acme-challenge { }';
+      echo '}'; } >> "$nextcloud_nginx_site"
 
-    sed -i 's| DENY;| SAMEORIGIN;|g' $nextcloud_nginx_site
+    sed -i 's| DENY;| SAMEORIGIN;|g' "$nextcloud_nginx_site"
 
     # NextCloud doesn't like content-security-policy at all
-    sed -i '/Content-Security-Policy/d' $nextcloud_nginx_site
+    sed -i '/Content-Security-Policy/d' "$nextcloud_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $NEXTCLOUD_DOMAIN_NAME 'yes'
+    create_site_certificate "$NEXTCLOUD_DOMAIN_NAME" 'yes'
 
-    if [[ $ONION_ONLY == "no" ]]; then
-        if [ ! -f /etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem ]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        if [ ! -f "/etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem" ]; then
             echo $'Certificate not generated for nextcloud'
             exit 725762
         fi
@@ -636,31 +637,18 @@ function install_nextcloud_main {
     backup_database_local nextcloud
 
     function_check nginx_ensite
-    nginx_ensite $NEXTCLOUD_DOMAIN_NAME
-
-    # NOTE: For the typical case always enable SSL and only
-    # disable it if in onion only mode. This is due to complexities
-    # with the way URLs are generated by nextcloud
-    nextcloud_ssl='always'
-    if [[ $ONION_ONLY != 'no' ]]; then
-        nextcloud_ssl='never'
-    fi
+    nginx_ensite "$NEXTCLOUD_DOMAIN_NAME"
 
     NEXTCLOUD_ONION_HOSTNAME=$(add_onion_service nextcloud 80 ${NEXTCLOUD_ONION_PORT})
 
-    NEXTCLOUD_SERVER=${NEXTCLOUD_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        NEXTCLOUD_SERVER=${NEXTCLOUD_ONION_HOSTNAME}
-    fi
-
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
 
-    cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+    cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2467245247
     if [ -d config ]; then
         chown -R www-data:www-data config
     fi
@@ -669,7 +657,7 @@ function install_nextcloud_main {
     fi
 
     chmod +x occ
-    ./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
+    ./occ maintenance:install --database-name nextcloud --admin-user "${MY_USERNAME}" --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
     if [ ! -d data ]; then
         echo $'Nextcloud data directory was not found. This probably means that the installation failed.'
         echo ''
@@ -683,20 +671,19 @@ function install_nextcloud_main {
     sudo -u www-data ./occ status
     sudo -u www-data ./occ app:list
     sudo -u www-data ./occ app:enable encryption
-    sudo -u www-data ./occ encryption:enable
-    if [ ! "$?" = "0" ]; then
+    if ! sudo -u www-data ./occ encryption:enable; then
         echo $'Encryption not enabled'
         exit 73527
     fi
     sudo -u www-data ./occ encryption:status
     sudo -u www-data ./occ config:system:set appstoreenabled --value=false
-    chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
-    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+    chmod g+w "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
+    chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
     chmod 0644 .htaccess
     chmod 0750 data
-    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-    sudo -u www-data ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
-    sudo -u www-data ./occ config:system:set trusted_domains 2 --value=$NEXTCLOUD_ONION_HOSTNAME
+    chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+    sudo -u www-data ./occ config:system:set trusted_domains 1 --value="$NEXTCLOUD_DOMAIN_NAME"
+    sudo -u www-data ./occ config:system:set trusted_domains 2 --value="$NEXTCLOUD_ONION_HOSTNAME"
     sudo -u www-data ./occ files:cleanup
     sudo -u www-data ./occ files:scan --all
     sudo -u www-data ./occ maintenance:repair
@@ -705,8 +692,8 @@ function install_nextcloud_main {
     systemctl restart mariadb
 
     # move the data directory
-    mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
-    sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
+    mv "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
+    sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
 
     set_completion_param "nextcloud domain" "$NEXTCLOUD_DOMAIN_NAME"
 
@@ -714,7 +701,7 @@ function install_nextcloud_main {
 }
 
 function install_nextcloud {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 

src/freedombone-app-peertube

@@ -55,14 +55,14 @@ peertube_variables=(PEERTUBE_DOMAIN_NAME
                     MY_EMAIL_ADDRESS)
 
 function peertube_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        PEERTUBE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        PEERTUBE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then
-            PEERTUBE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
+            PEERTUBE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then
+    if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -82,7 +82,8 @@ function logging_off_peertube {
 }
 
 function remove_user_peertube {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_peertube {
@@ -91,14 +92,14 @@ function add_user_peertube {
         return
     fi
 
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
 
     echo '0'
 }
 
 function install_interactive_peertube {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -113,15 +114,14 @@ function install_interactive_peertube {
 }
 
 function peertube_set_admin_email {
-    read_config_param $MY_EMAIL_ADDRESS
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    read_config_param "$MY_EMAIL_ADDRESS"
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Set PeerTube administrator email address" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>$data
+           --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>"$data"
     sel=$?
     case $sel in
-        0)  peertube_email=$(<$data)
+        0)  peertube_email=$(<"$data")
             if [[ "$peertube_email" != *' '* && "$peertube_email" != *','* && "$peertube_email" != *';'* && "$peertube_email" == *'@'* && "$peertube_email" == *'.'* ]]; then
                 if [ ${#peertube_email} -gt 8 ]; then
                     sed -i "s|email:.*|email: '${peertube_email}'|g" $PEERTUBE_DIR/config/production.yaml
@@ -132,13 +132,13 @@ function peertube_set_admin_email {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function peertube_disable_signups {
     dialog --title $"Disable PeerTube signups" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nDo you wish to disable further PeerTube signups?" 8 75
+           --yesno $"\\nDo you wish to disable further PeerTube signups?" 8 75
     sel=$?
     case $sel in
         0) sed -i "0,/enabled:.*/s//enabled: false/" $PEERTUBE_DIR/config/production.yaml;;
@@ -152,35 +152,36 @@ function peertube_disable_signups {
 function configure_interactive_peertube {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"PeerTube" \
                --radiolist $"Choose an operation:" 10 70 4 \
                1 $"Set administrator email address" off \
                2 $"Disable or enable signups" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
             1) break;;
             255) break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) peertube_set_admin_email;;
             2) peertube_disable_signups;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function change_password_peertube {
-    PEERTUBE_USERNAME="$1"
+#    PEERTUBE_USERNAME="$1"
     PEERTUBE_PASSWORD="$2"
     if [ ${#PEERTUBE_PASSWORD} -lt 8 ]; then
         echo $'Peertube password is too short'
         return
     fi
-    #${PROJECT_NAME}-pass -u $PEERTUBE_USERNAME -a peertube -p "$PEERTUBE_PASSWORD"
+    #"${PROJECT_NAME}-pass" -u "$PEERTUBE_USERNAME" -a peertube -p "$PEERTUBE_PASSWORD"
 }
 
 function reconfigure_peertube {
@@ -195,7 +196,7 @@ function upgrade_peertube {
 
     read_config_param PEERTUBE_DOMAIN_NAME
     systemctl stop peertube
-    cd $PEERTUBE_DIR
+    cd "$PEERTUBE_DIR" || exit 7824552627
 
     function_check set_repo_commit
     set_repo_commit $PEERTUBE_DIR "peertube commit" "$PEERTUBE_COMMIT" $PEERTUBE_REPO
@@ -207,7 +208,7 @@ function upgrade_peertube {
 
 function backup_local_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
 
@@ -219,7 +220,7 @@ function backup_local_peertube {
 
     peertube_path=$PEERTUBE_DIR/videos
     if [ -d $peertube_path ]; then
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
         systemctl stop peertube
         backup_directory_to_usb $peertube_path peertubevideos
         systemctl start peertube
@@ -229,11 +230,11 @@ function backup_local_peertube {
 
 function restore_local_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
-    if [ $PEERTUBE_DOMAIN_NAME ]; then
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+    if [ "$PEERTUBE_DOMAIN_NAME" ]; then
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
         systemctl stop peertube
 
         USE_POSTGRESQL=1
@@ -259,7 +260,7 @@ function restore_local_peertube {
 
 function backup_remote_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
 
@@ -272,7 +273,7 @@ function backup_remote_peertube {
     temp_backup_dir=$PEERTUBE_DIR/videos
     if [ -d $temp_backup_dir ]; then
         systemctl stop peertube
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
         backup_directory_to_friend $temp_backup_dir peertubevideos
         restart_site
         systemctl start peertube
@@ -284,13 +285,14 @@ function backup_remote_peertube {
 
 function restore_remote_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
-    suspend_site ${PEERTUBE_DOMAIN_NAME}
+    suspend_site "${PEERTUBE_DOMAIN_NAME}"
 
     systemctl stop peertube
 
+    # shellcheck disable=SC2034
     USE_POSTGRESQL=1
     function_check restore_database_from_friend
     restore_database_from_friend peertube
@@ -326,20 +328,20 @@ function remove_peertube {
     remove_nodejs peertube
 
     read_config_param "PEERTUBE_DOMAIN_NAME"
-    nginx_dissite $PEERTUBE_DOMAIN_NAME
-    remove_certs ${PEERTUBE_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME
+    nginx_dissite "$PEERTUBE_DOMAIN_NAME"
+    remove_certs "${PEERTUBE_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$PEERTUBE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$PEERTUBE_DOMAIN_NAME
+    if [ -d "/var/www/$PEERTUBE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PEERTUBE_DOMAIN_NAME"
     fi
     remove_config_param PEERTUBE_DOMAIN_NAME
     remove_config_param PEERTUBE_CODE
     function_check remove_onion_service
     remove_onion_service peertube ${PEERTUBE_ONION_PORT}
     remove_completion_param "install_peertube"
-    sed -i '/peertube/d' $COMPLETION_FILE
+    sed -i '/peertube/d' "$COMPLETION_FILE"
 
     function_check drop_database_postgresql
     drop_database_postgresql peertube peertube
@@ -352,188 +354,189 @@ function remove_peertube {
     fi
 
     function_check remove_ddns_domain
-    remove_ddns_domain $PEERTUBE_DOMAIN_NAME
+    remove_ddns_domain "$PEERTUBE_DOMAIN_NAME"
 }
 
 function peertube_setup_web {
     peertube_nginx_file=/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME
 
     if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $peertube_nginx_file
-        echo '  listen 80;' >> $peertube_nginx_file
-        echo '  listen [::]:80;' >> $peertube_nginx_file
-        echo "  server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file
-        echo '  rewrite ^ https://$server_name$request_uri? permanent;' >> $peertube_nginx_file
-        echo '}' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo 'server {' >> $peertube_nginx_file
-        echo '  listen 443 ssl http2;' >> $peertube_nginx_file
-        echo '  #listen [::]:443 ssl http2;' >> $peertube_nginx_file
-        echo "  server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
+        { echo 'server {';
+          echo '  listen 80;';
+          echo '  listen [::]:80;';
+          echo "  server_name $PEERTUBE_DOMAIN_NAME;";
+          echo "  rewrite ^ https://\$server_name\$request_uri? permanent;";
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl http2;';
+          echo '  #listen [::]:443 ssl http2;';
+          echo "  server_name $PEERTUBE_DOMAIN_NAME;";
+          echo ''; } > "$peertube_nginx_file"
         function_check nginx_ssl
-        nginx_ssl $PEERTUBE_DOMAIN_NAME mobile
+        nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $PEERTUBE_DOMAIN_NAME
+        nginx_disable_sniffing "$PEERTUBE_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  location / {' >> $peertube_nginx_file
-        echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-        echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '    # For the video upload' >> $peertube_nginx_file
-        echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  location /static/webseed {' >> $peertube_nginx_file
-        echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-        echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-        echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-        echo '      return 204;' >> $peertube_nginx_file
-        echo '    }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-        echo '    }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  # Websocket tracker' >> $peertube_nginx_file
-        echo '  location /tracker/socket {' >> $peertube_nginx_file
-        echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-        echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-        echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-        echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-        echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-        echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-        echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '}' >> $peertube_nginx_file
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  location / {';
+          echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '';
+          echo '    # For the video upload';
+          echo '    client_max_body_size 2G;';
+          echo '  }';
+          echo '';
+          echo '  location /static/webseed {';
+          echo "    if (\$request_method = 'OPTIONS') {";
+          echo "      add_header 'Access-Control-Allow-Origin' '*';";
+          echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+          echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+          echo "      add_header 'Access-Control-Max-Age' 1728000;";
+          echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+          echo "      add_header 'Content-Length' 0;";
+          echo '      return 204;';
+          echo '    }';
+          echo '';
+          echo "    if (\$request_method = 'GET') {";
+          echo "      add_header 'Access-Control-Allow-Origin' '*';";
+          echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+          echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+          echo '    }';
+          echo '';
+          echo "    alias $PEERTUBE_DIR/videos;";
+          echo '  }';
+          echo '';
+          echo '  # Websocket tracker';
+          echo '  location /tracker/socket {';
+          echo '    # Peers send a message to the tracker every 15 minutes';
+          echo '    # Dont close the websocket before this time';
+          echo '    proxy_read_timeout 1200s;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection "upgrade";';
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+          echo '  }';
+          echo '}'; } >> "$peertube_nginx_file"
     else
-        echo -n '' > $peertube_nginx_file
+        echo -n '' > "$peertube_nginx_file"
     fi
-    echo 'server {' >> $peertube_nginx_file
-    echo "  listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;" >> $peertube_nginx_file
-    echo "  server_name $PEERTUBE_ONION_HOSTNAME;" >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location / {' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '    # For the video upload' >> $peertube_nginx_file
-    echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location /static/webseed {' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-    echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-    echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-    echo '      return 204;' >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  # Websocket tracker' >> $peertube_nginx_file
-    echo '  location /tracker/socket {' >> $peertube_nginx_file
-    echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-    echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-    echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-    echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-    echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '}' >> $peertube_nginx_file
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;";
+      echo "  server_name $PEERTUBE_ONION_HOSTNAME;";
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # For the video upload';
+      echo '    client_max_body_size 2G;';
+      echo '  }';
+      echo '';
+      echo '  location /static/webseed {';
+      echo "    if (\$request_method = 'OPTIONS') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo "      add_header 'Access-Control-Max-Age' 1728000;";
+      echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+      echo "      add_header 'Content-Length' 0;";
+      echo '      return 204;';
+      echo '    }';
+      echo '';
+      echo "    if (\$request_method = 'GET') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo '    }';
+      echo '';
+      echo "    alias $PEERTUBE_DIR/videos;";
+      echo '  }';
+      echo '';
+      echo '  # Websocket tracker';
+      echo '  location /tracker/socket {';
+      echo '    # Peers send a message to the tracker every 15 minutes';
+      echo '    # Dont close the websocket before this time';
+      echo '    proxy_read_timeout 1200s;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection "upgrade";';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo '  }';
+      echo '}'; } >> "$peertube_nginx_file"
 
     # CSP currently causes an error
-    sed -i '/Content-Security-Policy/d' $peertube_nginx_file
+    sed -i '/Content-Security-Policy/d' "$peertube_nginx_file"
 
     function_check create_site_certificate
-    create_site_certificate $PEERTUBE_DOMAIN_NAME 'yes'
+    create_site_certificate "$PEERTUBE_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $PEERTUBE_DOMAIN_NAME
+    nginx_ensite "$PEERTUBE_DOMAIN_NAME"
 }
 
 function mesh_peertube_setup_web {
+    # shellcheck disable=SC2154
     peertube_nginx_file=$rootdir/etc/nginx/sites-available/peertube
 
-    echo 'server {' >> $peertube_nginx_file
-    echo "  listen $MESH_PEERTUBE_PORT http2;" >> $peertube_nginx_file
-    echo '  listen [::]:$MESH_PEERTUBE_PORT http2;' >> $peertube_nginx_file
-    echo '  server_name $HOSTNAME;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location / {' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '    # For the video upload' >> $peertube_nginx_file
-    echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location /static/webseed {' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-    echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-    echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-    echo '      return 204;' >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  # Websocket tracker' >> $peertube_nginx_file
-    echo '  location /tracker/socket {' >> $peertube_nginx_file
-    echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-    echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-    echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-    echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-    echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '}' >> $peertube_nginx_file
+    { echo 'server {';
+      echo "  listen $MESH_PEERTUBE_PORT http2;";
+      echo "  listen [::]:\$MESH_PEERTUBE_PORT http2;";
+      echo "  server_name \$HOSTNAME;";
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # For the video upload';
+      echo '    client_max_body_size 2G;';
+      echo '  }';
+      echo '';
+      echo '  location /static/webseed {';
+      echo "    if (\$request_method = 'OPTIONS') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo "      add_header 'Access-Control-Max-Age' 1728000;";
+      echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+      echo "      add_header 'Content-Length' 0;";
+      echo '      return 204;';
+      echo '    }';
+      echo '';
+      echo "    if (\$request_method = 'GET') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo '    }';
+      echo '';
+      echo "    alias $PEERTUBE_DIR/videos;";
+      echo '  }';
+      echo '';
+      echo '  # Websocket tracker';
+      echo '  location /tracker/socket {';
+      echo '    # Peers send a message to the tracker every 15 minutes';
+      echo '    # Dont close the websocket before this time';
+      echo '    proxy_read_timeout 1200s;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo "    proxy_set_header Connection \"upgrade\";";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo '  }';
+      echo '}'; } > "$peertube_nginx_file"
 }
 
 function peertube_create_config {
@@ -541,84 +544,85 @@ function peertube_create_config {
 
     peertube_config_file=$peertube_prefix$PEERTUBE_DIR/config/production.yaml
 
-    echo 'listen:' > $peertube_config_file
-    echo "  port: $PEERTUBE_PORT" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo '# Correspond to your reverse proxy "listen" configuration' >> $peertube_config_file
-    echo 'webserver:' >> $peertube_config_file
-    if [ ! $peertube_prefix ]; then
-        if [[ $ONION_ONLY == 'no' ]]; then
-            echo '  https: true' >> $peertube_config_file
-            echo "  hostname: '$PEERTUBE_DOMAIN_NAME'" >> $peertube_config_file
-            echo '  port: 443' >> $peertube_config_file
+    { echo 'listen:';
+      echo "  port: $PEERTUBE_PORT";
+      echo '';
+      echo '# Correspond to your reverse proxy "listen" configuration';
+      echo 'webserver:'; } > "$peertube_config_file"
+    if [ ! "$peertube_prefix" ]; then
+        if [[ "$ONION_ONLY" == 'no' ]]; then
+            { echo '  https: true';
+              echo "  hostname: '$PEERTUBE_DOMAIN_NAME'";
+              echo '  port: 443'; } >> "$peertube_config_file"
         else
-            echo '  https: false' >> $peertube_config_file
-            echo "  hostname: '$PEERTUBE_ONION_HOSTNAME'" >> $peertube_config_file
-            echo '  port: 80' >> $peertube_config_file
+            { echo '  https: false';
+              echo "  hostname: '$PEERTUBE_ONION_HOSTNAME'";
+              echo '  port: 80'; } >> "$peertube_config_file"
         fi
     else
-        echo '  https: false' >> $peertube_config_file
-        echo "  hostname: ''" >> $peertube_config_file
-        echo "  port: $MESH_PEERTUBE_PORT" >> $peertube_config_file
+        { echo '  https: false';
+          echo "  hostname: ''";
+          echo "  port: $MESH_PEERTUBE_PORT"; } >> "$peertube_config_file"
     fi
-    echo '' >> $peertube_config_file
-    echo '# Your database name will be "peertube"+database.suffix' >> $peertube_config_file
-    echo 'database:' >> $peertube_config_file
-    echo "  hostname: 'localhost'" >> $peertube_config_file
-    echo '  port: 5432' >> $peertube_config_file
-    echo "  suffix: ''" >> $peertube_config_file
-    echo "  username: 'peertube'" >> $peertube_config_file
-    if [ ! $peertube_prefix ]; then
-        echo "  password: '$PEERTUBE_ADMIN_PASSWORD'" >> $peertube_config_file
+    { echo '';
+      echo '# Your database name will be "peertube"+database.suffix';
+      echo 'database:';
+      echo "  hostname: 'localhost'";
+      echo '  port: 5432';
+      echo "  suffix: ''";
+      echo "  username: 'peertube'"; } >> "$peertube_config_file"
+    if [ ! "$peertube_prefix" ]; then
+        echo "  password: '$PEERTUBE_ADMIN_PASSWORD'" >> "$peertube_config_file"
     else
-        echo "  password: ''" >> $peertube_config_file
+        echo "  password: ''" >> "$peertube_config_file"
     fi
-    echo '' >> $peertube_config_file
-    echo '# From the project root directory' >> $peertube_config_file
-    echo 'storage:' >> $peertube_config_file
-    echo "  certs: 'certs/'" >> $peertube_config_file
-    echo "  videos: 'videos/'" >> $peertube_config_file
-    echo "  logs: 'logs/'" >> $peertube_config_file
-    echo "  previews: 'previews/'" >> $peertube_config_file
-    echo "  thumbnails: 'thumbnails/'" >> $peertube_config_file
-    echo "  torrents: 'torrents/'" >> $peertube_config_file
-    echo "  cache: 'cache/'" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'cache:' >> $peertube_config_file
-    echo '  previews:' >> $peertube_config_file
-    echo '    size: 10 # Max number of previews you want to cache' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'admin:' >> $peertube_config_file
-    # This is deliberately a dummy email address
-    echo "  email: 'testuser@testdomain.net'" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'signup:' >> $peertube_config_file
-    echo '  enabled: true' >> $peertube_config_file
-    echo '  limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'user:' >> $peertube_config_file
-    echo '  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).' >> $peertube_config_file
-    echo '  # -1 == unlimited' >> $peertube_config_file
-    echo '  video_quota: -1' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag' >> $peertube_config_file
-    echo '# Uses a lot of CPU!' >> $peertube_config_file
-    echo 'transcoding:' >> $peertube_config_file
-    echo '  enabled: true' >> $peertube_config_file
-    echo '  threads: 2' >> $peertube_config_file
-    echo '  resolutions: # Only created if the original video has a higher resolution' >> $peertube_config_file
-    echo '    240p: true' >> $peertube_config_file
-    echo '    360p: false' >> $peertube_config_file
-    echo '    480p: false' >> $peertube_config_file
-    echo '    720p: false' >> $peertube_config_file
-    echo '    1080p: false' >> $peertube_config_file
+    { echo '';
+      echo '# From the project root directory';
+      echo 'storage:';
+      echo "  certs: 'certs/'";
+      echo "  videos: 'videos/'";
+      echo "  logs: 'logs/'";
+      echo "  previews: 'previews/'";
+      echo "  thumbnails: 'thumbnails/'";
+      echo "  torrents: 'torrents/'";
+      echo "  cache: 'cache/'";
+      echo '';
+      echo 'cache:';
+      echo '  previews:';
+      echo '    size: 10 # Max number of previews you want to cache';
+      echo '';
+      echo 'admin:';
+      # This is deliberately a dummy email address
+      echo "  email: 'testuser@testdomain.net'";
+      echo '';
+      echo 'signup:';
+      echo '  enabled: true';
+      echo '  limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited';
+      echo '';
+      echo 'user:';
+      echo '  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).';
+      echo '  # -1 == unlimited';
+      echo '  video_quota: -1';
+      echo '';
+      echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag';
+      echo '# Uses a lot of CPU!';
+      echo 'transcoding:';
+      echo '  enabled: true';
+      echo '  threads: 2';
+      echo '  resolutions: # Only created if the original video has a higher resolution';
+      echo '    240p: true';
+      echo '    360p: false';
+      echo '    480p: false';
+      echo '    720p: false';
+      echo '    1080p: false'; } >> "$peertube_config_file"
 }
 
 function mesh_install_peertube {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    # shellcheck disable=SC2153
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi
-    if [[ $ARCHITECTURE != 'x86_64' && $ARCHITECTURE != 'amd64' ]]; then
+    if [[ "$ARCHITECTURE" != 'x86_64' && "$ARCHITECTURE" != 'amd64' ]]; then
         return
     fi
 
@@ -627,22 +631,21 @@ function mesh_install_peertube {
     function_check install_postgresql
     install_postgresql
 
-    if [ -d $rootdir$PEERTUBE_DIR ]; then
-        rm -rf $rootdir$PEERTUBE_DIR
+    if [ -d "$rootdir$PEERTUBE_DIR" ]; then
+        rm -rf "$rootdir$PEERTUBE_DIR"
     fi
 
-    git clone $PEERTUBE_REPO $rootdir$PEERTUBE_DIR
+    git clone "$PEERTUBE_REPO" "$rootdir$PEERTUBE_DIR"
 
     chroot "$rootdir" groupadd peertube
     chroot "$rootdir" useradd -c "PeerTube system account" -d $PEERTUBE_DIR -m -r -g peertube peertube
 
-    cd $rootdir$PEERTUBE_DIR
+    cd "$rootdir$PEERTUBE_DIR" || exit 246824524
     git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
 
-
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_peertube
+    cat <<EOF > "$rootdir/usr/bin/install_peertube"
 #!/bin/bash
 cd $PEERTUBE_DIR
 curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
@@ -683,34 +686,33 @@ if [ ! "\$?" = "0" ]; then
     exit 5293593
 fi
 EOF
-    chmod +x $rootdir/usr/bin/install_peertube
-    chroot "$rootdir" /usr/bin/install_peertube
-    if [ ! "$?" = "0" ]; then
+    chmod +x "$rootdir/usr/bin/install_peertube"
+    if ! chroot "$rootdir" /usr/bin/install_peertube; then
         echo $'PeerTube install failed'
         exit 735638
     fi
 
-    echo '[Unit]' > $rootdir/etc/systemd/system/peertube.service
-    echo 'Description=PeerTube Decentralized video streaming platform' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/peertube.service
-    echo '' >> $rootdir/etc/systemd/system/peertube.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'User=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'Group=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo "WorkingDirectory=$PEERTUBE_DIR" >> $rootdir/etc/systemd/system/peertube.service
-    echo "ExecStart=/usr/local/bin/npm start" >> $rootdir/etc/systemd/system/peertube.service
-    echo "ExecStop=/usr/local/bin/npm stop" >> $rootdir/etc/systemd/system/peertube.service
-    echo 'StandardOutput=syslog' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'StandardError=syslog' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'SyslogIdentifier=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'Restart=always' >> $rootdir/etc/systemd/system/peertube.service
-    echo "Environment=NODE_ENV=production" >> $rootdir/etc/systemd/system/peertube.service
-    echo '' >> $rootdir/etc/systemd/system/peertube.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/peertube.service
+    { echo '[Unit]';
+      echo 'Description=PeerTube Decentralized video streaming platform';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=peertube';
+      echo 'Group=peertube';
+      echo "WorkingDirectory=$PEERTUBE_DIR";
+      echo "ExecStart=/usr/local/bin/npm start";
+      echo "ExecStop=/usr/local/bin/npm stop";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=peertube';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/peertube.service"
 
-    peertube_create_config $rootdir
+    peertube_create_config "$rootdir"
 
     chroot "$rootdir" chown -R peertube:peertube $PEERTUBE_DIR
 
@@ -730,7 +732,7 @@ function install_peertube {
         ONION_ONLY='no'
     fi
 
-    if [ ! $PEERTUBE_DOMAIN_NAME ]; then
+    if [ ! "$PEERTUBE_DOMAIN_NAME" ]; then
         echo $'The peertube domain name was not specified'
         exit 783523
     fi
@@ -740,8 +742,8 @@ function install_peertube {
     function_check install_postgresql
     install_postgresql
 
-    if [ ! -d /var/www/$PEERTUBE_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$PEERTUBE_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs"
     fi
 
     if [ -d $PEERTUBE_DIR ]; then
@@ -759,60 +761,56 @@ function install_peertube {
     if [ -d /repos/peertube ]; then
         mkdir -p $PEERTUBE_DIR
         cp -r -p /repos/peertube/. $PEERTUBE_DIR
-        cd $PEERTUBE_DIR
+        cd "$PEERTUBE_DIR" || exit 642874682
         git pull
     else
         function_check git_clone
         git_clone $PEERTUBE_REPO $PEERTUBE_DIR
     fi
 
-    cd $PEERTUBE_DIR
+    cd "$PEERTUBE_DIR" || exit 27492742
     git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
     set_completion_param "peertube commit" "$PEERTUBE_COMMIT"
 
-    npm install -g yarn
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g yarn; then
         echo $'Failed to install yarn'
         exit 79353234
     fi
     yarn add -D webpack --network-concurrency 1
-    yarn install
-    if [ ! "$?" = "0" ]; then
+    if ! yarn install; then
         echo $'Failed to run yarn install'
         exit 63754235
     fi
-    npm install
-    if [ ! "$?" = "0" ]; then
+    if ! npm install; then
         echo $'Failed to install peertube'
         exit 7835243
     fi
-    npm run build
-    if [ ! "$?" = "0" ]; then
+    if ! npm run build; then
         echo $'Failed to build peertube'
         exit 5293593
     fi
 
     PEERTUBE_ONION_HOSTNAME=$(add_onion_service peertube 80 ${PEERTUBE_ONION_PORT})
 
-    echo '[Unit]' > /etc/systemd/system/peertube.service
-    echo 'Description=PeerTube Decentralized video streaming platform' >> /etc/systemd/system/peertube.service
-    echo 'After=syslog.target' >> /etc/systemd/system/peertube.service
-    echo 'After=network.target' >> /etc/systemd/system/peertube.service
-    echo '' >> /etc/systemd/system/peertube.service
-    echo '[Service]' >> /etc/systemd/system/peertube.service
-    echo 'User=peertube' >> /etc/systemd/system/peertube.service
-    echo 'Group=peertube' >> /etc/systemd/system/peertube.service
-    echo "WorkingDirectory=$PEERTUBE_DIR" >> /etc/systemd/system/peertube.service
-    echo "ExecStart=/usr/local/bin/npm start" >> /etc/systemd/system/peertube.service
-    echo "ExecStop=/usr/local/bin/npm stop" >> /etc/systemd/system/peertube.service
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/peertube.service
-    echo 'StandardError=syslog' >> /etc/systemd/system/peertube.service
-    echo 'SyslogIdentifier=peertube' >> /etc/systemd/system/peertube.service
-    echo 'Restart=always' >> /etc/systemd/system/peertube.service
-    echo "Environment=NODE_ENV=production" >> /etc/systemd/system/peertube.service
-    echo '' >> /etc/systemd/system/peertube.service
-    echo '[Install]' >> /etc/systemd/system/peertube.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/peertube.service
+    { echo '[Unit]';
+      echo 'Description=PeerTube Decentralized video streaming platform';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=peertube';
+      echo 'Group=peertube';
+      echo "WorkingDirectory=$PEERTUBE_DIR";
+      echo "ExecStart=/usr/local/bin/npm start";
+      echo "ExecStop=/usr/local/bin/npm stop";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=peertube';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/peertube.service
 
     peertube_create_config
 
@@ -820,10 +818,10 @@ function install_peertube {
 
     peertube_setup_web
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a peertube -p "$PEERTUBE_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a peertube -p "$PEERTUBE_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $PEERTUBE_DOMAIN_NAME
+    add_ddns_domain "$PEERTUBE_DOMAIN_NAME"
 
     systemctl enable peertube
     systemctl daemon-reload

src/freedombone-app-pelican

@@ -50,12 +50,12 @@ pelican_variables=(MY_USERNAME
                    PELICAN_BLOG_CODE)
 
 function pelican_remove_bad_blog_links {
-    find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
 }
 
 function logging_on_pelican {
@@ -73,104 +73,104 @@ function install_pelican_website {
     fi
     function_check nginx_http_redirect
     nginx_http_redirect $PELICAN_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
+      echo "    server_name ${PELICAN_DOMAIN_NAME};";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_ssl
-    nginx_ssl $PELICAN_DOMAIN_NAME
+    nginx_ssl "$PELICAN_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_limits "$PELICAN_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
 
     function_check create_site_certificate
-    create_site_certificate $PELICAN_DOMAIN_NAME 'yes'
+    create_site_certificate "$PELICAN_DOMAIN_NAME" 'yes'
 }
 
 function install_pelican_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;";
+      echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
+      echo "    server_name ${PELICAN_DOMAIN_NAME};";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_limits "$PELICAN_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
 }
 
 function pelican_editor_config {
     if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican ]; then
-        echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq org-support-shift-select t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq standard-indent 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq-default tab-width 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq c-basic-offset 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(mouse-wheel-mode t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq make-backup-files t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq version-control t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(setq default-major-mode 'text-mode)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(dolist (hook '(text-mode-hook))" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '    (add-hook hook (lambda () (flyspell-mode 1))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq-default fill-column 72)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq auto-fill-mode 0)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(setq-default auto-fill-function 'do-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
+        { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+          echo '(setq org-support-shift-select t)';
+          echo '(setq standard-indent 4)';
+          echo '(setq-default tab-width 4)';
+          echo '(setq c-basic-offset 4)';
+          echo '(mouse-wheel-mode t)';
+          echo '(setq make-backup-files t)';
+          echo '(setq version-control t)';
+          echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+          echo "(setq default-major-mode 'text-mode)";
+          echo "(dolist (hook '(text-mode-hook))";
+          echo '    (add-hook hook (lambda () (flyspell-mode 1))))';
+          echo '(setq-default fill-column 72)';
+          echo '(setq auto-fill-mode 0)';
+          echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
+          echo "(setq-default auto-fill-function 'do-auto-fill)"; } > "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican"
     fi
 }
 
@@ -179,7 +179,7 @@ function pelican_regenerate_blog {
     echo ''
     echo $'Regenerating blog...'
 
-    cd $PELICAN_BLOG_INSTALL_DIR
+    cd "$PELICAN_BLOG_INSTALL_DIR" || exit 463856348
     make html
     cp -r $PELICAN_BLOG_INSTALL_DIR/output/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
     chown -R www-data:www-data /var/www/$PELICAN_DOMAIN_NAME/htdocs
@@ -189,19 +189,19 @@ function pelican_new_blog {
     DATESTR=$(date "+%Y-%m-%d %H:%M:%S")
 
     if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry ]; then
-        echo $'Title: Blog Post Title' > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $"Date: ${DATESTR}" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $"Author: $(toxid --showuser)" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Category: default' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Tags: blog, tag' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Add your text here' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo -n $'To include an image copy it into the /etc/blog/content/images directory, ' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'then link to it with:' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'![My image]({filename}images/myimage.jpg)' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
+        { echo $'Title: Blog Post Title';
+          echo $"Date: ${DATESTR}";
+          echo $"Author: $(toxid --showuser)";
+          echo $'Category: default';
+          echo $'Tags: blog, tag';
+          echo  '';
+          echo $'Add your text here';
+          echo  '';
+          echo -n $'To include an image copy it into the /etc/blog/content/images directory, ';
+          echo $'then link to it with:';
+          echo  '';
+          echo $'![My image]({filename}images/myimage.jpg)';
+          echo  ''; } > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
     fi
 
     if [ -f /usr/bin/emacs ]; then
@@ -222,7 +222,7 @@ function pelican_new_blog {
 
     # move to the content directory
     CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
-    mv $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md
+    mv "$PELICAN_BLOG_INSTALL_DIR/.new-blog-entry" "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"
 
     # increment the index
     CURRENT_INDEX=$((CURRENT_INDEX + 1))
@@ -238,14 +238,14 @@ function pelican_edit_blog {
     CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
-    if [ ! -f $LAST_BLOG_ENTRY ]; then
+    if [ ! -f "$LAST_BLOG_ENTRY" ]; then
         return
     fi
 
     if [ -f /usr/bin/emacs ]; then
-        emacs -q --load $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican $LAST_BLOG_ENTRY
+        emacs -q --load "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican" "$LAST_BLOG_ENTRY"
     else
-        editor $LAST_BLOG_ENTRY
+        editor "$LAST_BLOG_ENTRY"
     fi
 
     pelican_regenerate_blog
@@ -258,18 +258,18 @@ function pelican_delete_blog {
     CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
-    if [ ! -f $LAST_BLOG_ENTRY ]; then
+    if [ ! -f "$LAST_BLOG_ENTRY" ]; then
         return
     fi
 
     dialog --title $"Delete the previous blog entry" \
            --backtitle $"Freedombone Mesh" \
            --defaultno \
-           --yesno $"\nAre you sure that you wish to delete the previous blog entry?" 8 60
+           --yesno $"\\nAre you sure that you wish to delete the previous blog entry?" 8 60
     sel=$?
     case $sel in
-        0) rm $LAST_BLOG_ENTRY
-           if [ $CURRENT_INDEX -gt 0 ]; then
+        0) rm "$LAST_BLOG_ENTRY"
+           if [ "$CURRENT_INDEX" -gt 0 ]; then
                CURRENT_INDEX=$PREVIOUS_INDEX
                echo "$CURRENT_INDEX" > $PELICAN_CURRENT_BLOG_INDEX
            else
@@ -297,8 +297,8 @@ function pelican_change_theme {
     for a in "${THEMES[@]}"
     do
         is_selected='off'
-        if [ $curr_theme_index ]; then
-            if [ $n -eq $curr_theme_index ]; then
+        if [ "$curr_theme_index" ]; then
+            if [ $n -eq "$curr_theme_index" ]; then
                 is_selected='on'
             fi
         else
@@ -308,28 +308,30 @@ function pelican_change_theme {
         fi
 
         themelist="$themelist $n $a $is_selected"
-        n=$[n+1]
-        theme_index=$[theme_index+1]
+        n=$((n+1))
+        theme_index=$((theme_index+1))
     done
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Mesh" \
            --title $"Select Blog Theme" \
            --radiolist $'Choose:' \
-           80 40 20 $themelist 2> $data
+           80 40 20 "$themelist" 2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    CHOSEN_THEME_INDEX=$(cat $data)
+    CHOSEN_THEME_INDEX=$(cat "$data")
+    rm -f "$data"
     echo "$CHOSEN_THEME_INDEX" > $PELICAN_BLOG_INSTALL_DIR/.blog-theme-index
     CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))
 
     CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}
 
-    cd $PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME
+    cd "$PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME" || exit 2648268284
     pelican_remove_bad_blog_links
 
     if grep -q "THEME=" $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py; then
@@ -341,8 +343,7 @@ function pelican_change_theme {
 }
 
 function configure_interactive_pelican {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Pelican Blogging" \
            --radiolist $"Choose an operation:" 18 50 11 \
@@ -350,23 +351,25 @@ function configure_interactive_pelican {
            2 $"Edit the previous blog entry" off \
            3 $"Delete the previous blog entry" off \
            4 $"Change theme" off \
-           5 $"Exit" off 2> $data
+           5 $"Exit" off 2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) pelican_new_blog;;
         2) pelican_edit_blog;;
         3) pelican_delete_blog;;
         4) pelican_change_theme;;
-        5) break;;
     esac
+    rm -f "$data"
 }
 
 function install_interactive_pelican {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -376,42 +379,43 @@ function install_interactive_pelican {
         PELICAN_DETAILS_COMPLETE=
         while [ ! $PELICAN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pelican Blog Configuration" \
-                       --form $"\nPlease enter your blog details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your blog details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'PELICAN_BLOG_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pelican Blog Configuration" \
-                       --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            PELICAN_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $PELICAN_DOMAIN_NAME ]; then
+            PELICAN_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$PELICAN_DOMAIN_NAME" ]; then
                 if [[ $PELICAN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     PELICAN_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$PELICAN_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PELICAN_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$PELICAN_DOMAIN_NAME" ]]; then
                     PELICAN_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        PELICAN_BLOG_CODE=$(cat $data | sed -n 2p)
+                        PELICAN_BLOG_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$PELICAN_BLOG_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             PELICAN_DOMAIN_NAME=
                         fi
                     fi
@@ -420,6 +424,7 @@ function install_interactive_pelican {
             if [ $PELICAN_DOMAIN_NAME ]; then
                 PELICAN_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -454,7 +459,7 @@ function backup_local_pelican {
 
 function restore_local_pelican {
     if [ -d /etc/blog ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/pelican ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/pelican" ]; then
             temp_restore_dir=/root/temppelican
             function_check restore_directory_from_usb
             restore_directory_from_usb $temp_restore_dir pelican
@@ -463,6 +468,7 @@ function restore_local_pelican {
             else
                 cp -r $temp_restore_dir/* /etc/blog/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
@@ -475,7 +481,7 @@ function restore_local_pelican {
         fi
     fi
     if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/pelican-site ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/pelican-site" ]; then
             temp_restore_dir=/root/temppelican-site
             function_check restore_directory_from_usb
             restore_directory_from_usb $temp_restore_dir pelican-site
@@ -484,6 +490,7 @@ function restore_local_pelican {
             else
                 cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
@@ -508,7 +515,7 @@ function backup_remote_pelican {
 
 function restore_remote_pelican {
     if [ -d /etc/blog ]; then
-        if [ -d $SERVER_DIRECTORY/backup/pelican ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/pelican" ]; then
             temp_restore_dir=/root/temppelican
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir pelican
@@ -517,6 +524,7 @@ function restore_remote_pelican {
             else
                 cp -r $temp_restore_dir/* /etc/blog/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 782352
             fi
@@ -524,7 +532,7 @@ function restore_remote_pelican {
         fi
     fi
     if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
-        if [ -d $SERVER_DIRECTORY/backup/pelican-site ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/pelican-site" ]; then
             temp_restore_dir=/root/temppelican-site
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir pelican-site
@@ -533,6 +541,7 @@ function restore_remote_pelican {
             else
                 cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 76382562
             fi
@@ -561,112 +570,112 @@ function remove_pelican {
 }
 
 function create_pelican_conf {
-    STATIC_BLOG_FILE=$1
+    STATIC_BLOG_FILE="$1"
 
-    echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE
-    echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE
-    echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "AUTHOR=u\"$MY_USERNAME\"" >> $STATIC_BLOG_FILE
-    echo "SITENAME=u'$DEFAULT_BLOG_TITLE'" >> $STATIC_BLOG_FILE
-    echo "SITEURL=''" >> $STATIC_BLOG_FILE
-    echo "PATH='content'" >> $STATIC_BLOG_FILE
-    echo 'TIMEZONE=u"Europe/London"' >> $STATIC_BLOG_FILE
-    echo "DEFAULT_LANG=u'en'" >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'FEED_ALL_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'CATEGORY_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'TRANSLATION_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'AUTHOR_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'AUTHOR_FEED_RSS=None' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DEFAULT_PAGINATION=False' >> $STATIC_BLOG_FILE
-    echo 'RELATIVE_URLS=True' >> $STATIC_BLOG_FILE
-    echo "THEME='themes/nice-blog'" >> $STATIC_BLOG_FILE
+    { echo '#!/usr/bin/env python';
+      echo '# -*- coding: utf-8 -*- #';
+      echo 'from __future__ import unicode_literals';
+      echo '';
+      echo "AUTHOR=u\"$MY_USERNAME\"";
+      echo "SITENAME=u'$DEFAULT_BLOG_TITLE'";
+      echo "SITEURL=''";
+      echo "PATH='content'";
+      echo 'TIMEZONE=u"Europe/London"';
+      echo "DEFAULT_LANG=u'en'";
+      echo '';
+      echo 'FEED_ALL_ATOM=None';
+      echo 'CATEGORY_FEED_ATOM=None';
+      echo 'TRANSLATION_FEED_ATOM=None';
+      echo 'AUTHOR_FEED_ATOM=None';
+      echo 'AUTHOR_FEED_RSS=None';
+      echo '';
+      echo 'DEFAULT_PAGINATION=False';
+      echo 'RELATIVE_URLS=True';
+      echo "THEME='themes/nice-blog'"; } > "$STATIC_BLOG_FILE"
 }
 
 function create_pelican_makefile {
-    STATIC_BLOG_FILE=$1
+    STATIC_BLOG_FILE="$1"
 
-    echo 'PY?=python' > $STATIC_BLOG_FILE
-    echo 'PELICAN?=pelican' >> $STATIC_BLOG_FILE
-    echo 'PELICANOPTS=' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'BASEDIR=$(CURDIR)' >> $STATIC_BLOG_FILE
-    echo 'INPUTDIR=$(BASEDIR)/content' >> $STATIC_BLOG_FILE
-    echo "OUTPUTDIR=$PELICAN_BLOG_PATH" >> $STATIC_BLOG_FILE
-    echo 'CONFFILE=$(BASEDIR)/pelicanconf.py' >> $STATIC_BLOG_FILE
-    echo 'PUBLISHCONF=$(BASEDIR)/publishconf.py' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DEBUG ?= 0' >> $STATIC_BLOG_FILE
-    echo 'ifeq ($(DEBUG), 1)' >> $STATIC_BLOG_FILE
-    echo -e '\tPELICANOPTS += -D' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'RELATIVE ?= 0' >> $STATIC_BLOG_FILE
-    echo 'ifeq ($(RELATIVE), 1)' >> $STATIC_BLOG_FILE
-    echo -e '\tPELICANOPTS += --relative-urls' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'html:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'clean:' >> $STATIC_BLOG_FILE
-    echo -e '\t[ ! -d $(OUTPUTDIR) ] || rm -rf $(OUTPUTDIR)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'regenerate:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) -r $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'serve:' >> $STATIC_BLOG_FILE
-    echo 'ifdef PORT' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server $(PORT)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'serve-global:' >> $STATIC_BLOG_FILE
-    echo 'ifdef SERVER' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 $(SERVER)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 0.0.0.0' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'devserver:' >> $STATIC_BLOG_FILE
-    echo 'ifdef PORT' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh restart $(PORT)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh restart' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'stopserver:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh stop' >> $STATIC_BLOG_FILE
-    echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'publish:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(PUBLISHCONF) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo '.PHONY: html clean regenerate serve serve-global devserver publish' >> $STATIC_BLOG_FILE
+    { echo 'PY?=python';
+      echo 'PELICAN?=pelican';
+      echo 'PELICANOPTS=';
+      echo '';
+      echo "BASEDIR=\$(CURDIR)";
+      echo "INPUTDIR=\$(BASEDIR)/content";
+      echo "OUTPUTDIR=$PELICAN_BLOG_PATH";
+      echo "CONFFILE=\$(BASEDIR)/pelicanconf.py";
+      echo "PUBLISHCONF=\$(BASEDIR)/publishconf.py";
+      echo '';
+      echo 'DEBUG ?= 0';
+      echo "ifeq (\$(DEBUG), 1)";
+      echo -e '\tPELICANOPTS += -D';
+      echo 'endif';
+      echo '';
+      echo 'RELATIVE ?= 0';
+      echo "ifeq (\$(RELATIVE), 1)";
+      echo -e '\tPELICANOPTS += --relative-urls';
+      echo 'endif';
+      echo '';
+      echo 'html:';
+      echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
+      echo '';
+      echo 'clean:';
+      echo -e "\\t[ ! -d \$(OUTPUTDIR) ] || rm -rf \$(OUTPUTDIR)";
+      echo '';
+      echo 'regenerate:';
+      echo -e "\\t\$(PELICAN) -r \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
+      echo '';
+      echo 'serve:';
+      echo 'ifdef PORT';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server \$(PORT)";
+      echo 'else';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server";
+      echo 'endif';
+      echo '';
+      echo 'serve-global:';
+      echo 'ifdef SERVER';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 \$(SERVER)";
+      echo 'else';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 0.0.0.0";
+      echo 'endif';
+      echo '';
+      echo 'devserver:';
+      echo 'ifdef PORT';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh restart \$(PORT)";
+      echo 'else';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh restart";
+      echo 'endif';
+      echo '';
+      echo 'stopserver:';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh stop";
+      echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."';
+      echo '';
+      echo 'publish:';
+      echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(PUBLISHCONF) \$(PELICANOPTS)";
+      echo '';
+      echo '.PHONY: html clean regenerate serve serve-global devserver publish'; } > "$STATIC_BLOG_FILE"
 }
 
 function create_pelican_publish_conf {
     STATIC_BLOG_FILE=$1
 
-    echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE
-    echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE
-    echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'import os' >> $STATIC_BLOG_FILE
-    echo 'import sys' >> $STATIC_BLOG_FILE
-    echo 'sys.path.append(os.curdir)' >> $STATIC_BLOG_FILE
-    echo 'from pelicanconf import *' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "SITEURL = ''" >> $STATIC_BLOG_FILE
-    echo 'RELATIVE_URLS = True' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'" >> $STATIC_BLOG_FILE
-    echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'" >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DELETE_OUTPUT_DIRECTORY = True' >> $STATIC_BLOG_FILE
+    { echo '#!/usr/bin/env python';
+      echo '# -*- coding: utf-8 -*- #';
+      echo 'from __future__ import unicode_literals';
+      echo '';
+      echo 'import os';
+      echo 'import sys';
+      echo 'sys.path.append(os.curdir)';
+      echo 'from pelicanconf import *';
+      echo '';
+      echo "SITEURL = ''";
+      echo 'RELATIVE_URLS = True';
+      echo '';
+      echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'";
+      echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'";
+      echo '';
+      echo 'DELETE_OUTPUT_DIRECTORY = True'; } > "$STATIC_BLOG_FILE"
 }
 
 function pelican_themes {
@@ -747,10 +756,12 @@ function pelican_themes {
 }
 
 function mesh_install_pelican {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
+    # shellcheck disable=SC2153
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" && "$VARIANT" != "usb" ]]; then
         return
     fi
 
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install python-pip
     chroot "$rootdir" pip install ipython
     chroot "$rootdir" pip install Markdown
@@ -760,34 +771,34 @@ function mesh_install_pelican {
     PELICAN_BLOG_INSTALL_DIR=/home/$MY_USERNAME/CreateBlog
     PELICAN_BLOG_PATH=/home/$MY_USERNAME/Public/Blog
 
-    if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR
+    if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR"
     fi
 
-    if [ ! -d $rootdir$PELICAN_BLOG_PATH ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_PATH
+    if [ ! -d "$rootdir$PELICAN_BLOG_PATH" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_PATH"
     fi
 
-    if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images
+    if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images"
     fi
 
-    create_pelican_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py
-    create_pelican_makefile $rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile
-    create_pelican_publish_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py
+    create_pelican_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
+    create_pelican_makefile "$rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile"
+    create_pelican_publish_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py"
 
-    mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/themes
-    cd $rootdir$PELICAN_BLOG_INSTALL_DIR/themes
+    mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes"
+    cd "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes" || exit 74624524
     pelican_themes
 
     #git clone --recursive $PELICAN_PLUGINS_REPO $rootdir$PELICAN_BLOG_INSTALL_DIR/plugins
 
-    chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR
-    chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Public
+    chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
+    chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Public"
 }
 
 function install_pelican {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_pelican
         return
     fi
@@ -800,29 +811,29 @@ function install_pelican {
 
     PELICAN_BLOG_PATH=/var/www/$PELICAN_DOMAIN_NAME/htdocs
 
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR ]; then
-        mkdir -p $PELICAN_BLOG_INSTALL_DIR
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR" ]; then
+        mkdir -p "$PELICAN_BLOG_INSTALL_DIR"
     fi
 
     if [ ! -d $PELICAN_BLOG_PATH ]; then
         mkdir -p $PELICAN_BLOG_PATH
     fi
 
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR/content ]; then
-        mkdir -p $PELICAN_BLOG_INSTALL_DIR/content
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/content" ]; then
+        mkdir -p "$PELICAN_BLOG_INSTALL_DIR/content"
     fi
 
-    create_pelican_conf $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py
-    create_pelican_makefile $PELICAN_BLOG_INSTALL_DIR/Makefile
-    create_pelican_publish_conf $PELICAN_BLOG_INSTALL_DIR/publishconf.py
+    create_pelican_conf "$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
+    create_pelican_makefile "$PELICAN_BLOG_INSTALL_DIR/Makefile"
+    create_pelican_publish_conf "$PELICAN_BLOG_INSTALL_DIR/publishconf.py"
 
-    mkdir -p $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes
-    cd $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes
+    mkdir -p "$PELICAN_THEMES_REPO" "$PELICAN_BLOG_INSTALL_DIR/themes"
+    cd "$PELICAN_BLOG_INSTALL_DIR/themes" || exit 45357282883
     pelican_themes
 
     #git clone --recursive $PELICAN_PLUGINS_REPO $PELICAN_BLOG_INSTALL_DIR/plugins
 
-    chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
     chown -R www-data:www-data $PELICAN_BLOG_PATH
 
     pelican_editor_config
@@ -834,7 +845,7 @@ function install_pelican {
     install_pelican_website_onion
 
     pelican_regenerate_blog
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR/output ]; then
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/output" ]; then
         echo $'Failed to generate pelican blog'
         exit 521892
     fi

src/freedombone-app-pihole

@@ -66,17 +66,17 @@ function pihole_copy_files {
     if [ ! -d /etc/.pihole ]; then
         mkdir /etc/.pihole
     fi
-    cp $INSTALL_DIR/pihole/adlists.default /etc/.pihole/adlists.default
-    cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default
+    cp "$INSTALL_DIR/pihole/adlists.default" /etc/.pihole/adlists.default
+    cp "$INSTALL_DIR/pihole/adlists.default" $piholeDir/adlists.default
     if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then
-        cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_CUSTOM_ADLIST
+        cp "$INSTALL_DIR/pihole/adlists.default" $PIHOLE_CUSTOM_ADLIST
     fi
-    cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
+    cp "$INSTALL_DIR/pihole/advanced/Scripts/*" /opt/$piholeBasename
     if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then
         rm /etc/dnsmasq.d/01-pihole.conf
     fi
-    cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
-    cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
+    cp "$INSTALL_DIR/pihole/advanced/pihole.cron" /etc/cron.d/pihole
+    cp "$INSTALL_DIR/pihole/gravity.sh" /opt/$piholeBasename
     chmod +x /opt/pihole/*.sh
 }
 
@@ -95,7 +95,7 @@ function pihole_update {
         return
     fi
 
-    if [ ! -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then
+    if [ ! -f "$HOME/${PROJECT_NAME}-wifi.cfg" ]; then
         PIHOLE_IFACE=eth0
     else
         read_config_param WIFI_INTERFACE
@@ -114,13 +114,13 @@ function pihole_update {
     echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
     echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}
 
-    echo 'domain-needed' > /etc/dnsmasq.conf
-    echo 'bogus-priv' >> /etc/dnsmasq.conf
-    echo 'no-resolv' >> /etc/dnsmasq.conf
-    echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf
-    echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
-    echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
-    echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
+    { echo 'domain-needed';
+      echo 'bogus-priv';
+      echo 'no-resolv';
+      echo "server=${PIHOLE_DNS1}";
+      echo "server=${PIHOLE_DNS2}";
+      echo "interface=${PIHOLE_IFACE}";
+      echo 'listen-address=127.0.0.1'; } > /etc/dnsmasq.conf
 
     pihole -g
     systemctl restart dnsmasq
@@ -132,8 +132,7 @@ function pihole_update {
 }
 
 function pihole_change_upstream_dns {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Ad Blocker Upstream DNS" \
            --radiolist $"Pick a domain name service (DNS):" 28 50 19 \
            1 $"Digital Courage" on \
@@ -154,13 +153,15 @@ function pihole_change_upstream_dns {
            16 $"DNS.Watch" off \
            17 $"uncensoreddns.org" off \
            18 $"Lorraine Data Network" off \
-           19 $"Google" off 2> $data
+           19 $"Google" off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) PIHOLE_DNS1='85.214.73.63'
            PIHOLE_DNS2='213.73.91.35'
            ;;
@@ -218,10 +219,12 @@ function pihole_change_upstream_dns {
         19) PIHOLE_DNS1='8.8.8.8'
             PIHOLE_DNS2='4.4.4.4'
             dialog --title $"WARNING" \
-                   --msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
+                   --msgbox $"\\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\\n\\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
             ;;
-        255) exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
+    rm -f "$data"
     write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
     write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
 }
@@ -252,8 +255,7 @@ function pihole_resume {
 function configure_interactive_pihole {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Ad Blocker" \
                --radiolist $"Choose an operation:" 16 70 7 \
@@ -263,13 +265,15 @@ function configure_interactive_pihole {
                4 $"Change upstream DNS servers" off \
                5 $"Pause blocker" off \
                6 $"Resume blocker" off \
-               7 $"Exit" on 2> $data
+               7 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) editor $PIHOLE_CUSTOM_ADLIST
                update_pihole_interactive
                ;;
@@ -286,8 +290,10 @@ function configure_interactive_pihole {
                ;;
             6) pihole_resume
                ;;
-            7) break;;
+            7) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -306,7 +312,7 @@ function upgrade_pihole {
     fi
 
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
+    set_repo_commit "$INSTALL_DIR/pihole" "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
 
     pihole_copy_files
     pihole_update
@@ -367,8 +373,8 @@ function remove_pihole {
         rm /etc/cron.d/pihole
     fi
 
-    if [ -d $INSTALL_DIR/pihole ]; then
-        rm -rf $INSTALL_DIR/pihole
+    if [ -d "$INSTALL_DIR/pihole" ]; then
+        rm -rf "$INSTALL_DIR/pihole"
     fi
 
     firewall_remove 53
@@ -391,27 +397,27 @@ function install_pihole {
 
     systemctl enable dnsmasq
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
-    if [ ! -d $INSTALL_DIR/pihole ]; then
-        cd $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR/pihole" ]; then
+        cd "$INSTALL_DIR" || exit 78245624527
 
         if [ -d /repos/pihole ]; then
             mkdir pihole
             cp -r -p /repos/pihole/. pihole
-            cd pihole
+            cd pihole || exit 24572424684
             git pull
         else
             git_clone $PIHOLE_REPO pihole
         fi
 
-        if [ ! -d $INSTALL_DIR/pihole ]; then
+        if [ ! -d "$INSTALL_DIR/pihole" ]; then
             exit 523925
         fi
-        cd $INSTALL_DIR/pihole
-        git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT
+        cd "$INSTALL_DIR/pihole" || exit 2682468242
+        git checkout "$PIHOLE_COMMIT" -b "$PIHOLE_COMMIT"
         set_completion_param "pihole commit" "$PIHOLE_COMMIT"
     fi
 
@@ -420,21 +426,21 @@ function install_pihole {
     fi
 
     # blank file which takes the place of ads
-    echo '<html>' > /var/www/pihole/htdocs/index.html
-    echo '<body>' >> /var/www/pihole/htdocs/index.html
-    echo '</body>' >> /var/www/pihole/htdocs/index.html
-    echo '</html>' >> /var/www/pihole/htdocs/index.html
+    { echo '<html>';
+      echo '<body>';
+      echo '</body>';
+      echo '</html>'; } > /var/www/pihole/htdocs/index.html
 
-    if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then
+    if [ ! -f "$INSTALL_DIR/pihole/gravity.sh" ]; then
         exit 26738
     fi
-    cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh
+    cp "$INSTALL_DIR/pihole/gravity.sh" /usr/local/bin/gravity.sh
     chmod 755 /usr/local/bin/gravity.sh
 
-    if [ ! -f $INSTALL_DIR/pihole/pihole ]; then
+    if [ ! -f "$INSTALL_DIR/pihole/pihole" ]; then
         exit 52935
     fi
-    cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole
+    cp "$INSTALL_DIR/pihole/pihole" /usr/local/bin/pihole
     chmod 755 /usr/local/bin/pihole
 
     if [ ! -d $piholeDir ]; then

src/freedombone-app-postactiv

@@ -66,12 +66,12 @@ function logging_off_postactiv {
 function postactiv_customise_logo {
     domain_name=$1
 
-    if [ -f /var/www/${domain_name}/htdocs/static/logo.png ]; then
+    if [ -f "/var/www/${domain_name}/htdocs/static/logo.png" ]; then
         if [ -f ~/freedombone/img/postactiv.png ]; then
-            cp ~/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png
+            cp ~/freedombone/img/postactiv.png "/var/www/${domain_name}/htdocs/static/logo.png"
         else
-            if [ -f /home/$MY_USERNAME/freedombone/img/postactiv.png ]; then
-                cp /home/$MY_USERNAME/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png
+            if [ -f "/home/$MY_USERNAME/freedombone/img/postactiv.png" ]; then
+                cp "/home/$MY_USERNAME/freedombone/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
             fi
         fi
     fi
@@ -80,13 +80,13 @@ function postactiv_customise_logo {
 function remove_user_postactiv {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp postactiv
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp postactiv
 
     function_check get_completion_param
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-        php scripts/deleteprofile.php -n $remove_username -y
+    if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
+        cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 3658254254
+        php scripts/deleteprofile.php -n "$remove_username" -y
     fi
 }
 
@@ -94,13 +94,13 @@ function add_user_postactiv {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a postactiv -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a postactiv -p "$new_user_password"
 
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-        php scripts/registeruser.php -n $new_username -w "$new_user_password" -e "$new_username@$HOSTNAME"
-        ${PROJECT_NAME}-addemail -u $new_username -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
+    if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs" ]; then
+        cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 346846834
+        php scripts/registeruser.php -n "$new_username" -w "$new_user_password" -e "$new_username@$HOSTNAME"
+        "${PROJECT_NAME}-addemail" -u "$new_username" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
         echo '0'
     else
         echo '1'
@@ -108,7 +108,7 @@ function add_user_postactiv {
 }
 
 function install_interactive_postactiv {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -118,54 +118,55 @@ function install_interactive_postactiv {
         POSTACTIV_DETAILS_COMPLETE=
         while [ ! $POSTACTIV_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PostActiv Configuration" \
-                       --form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
                        $"Code:" 4 1 "$(grep 'POSTACTIV_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PostActiv Configuration" \
-                       --form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
-                       2> $data
+                       $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            POSTACTIV_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            title=$(cat $data | sed -n 2p)
+            POSTACTIV_DOMAIN_NAME=$(sed -n 1p < "$data")
+            title=$(sed -n 2p < "$data")
             if [ ${#title} -gt 1 ]; then
-                POSTACTIV_TITLE=$welcome_msg
+                POSTACTIV_TITLE=$title
             fi
-            img_url=$(cat $data | sed -n 3p)
+            img_url=$(sed -n 3p < "$data")
             if [ ${#img_url} -gt 1 ]; then
                 POSTACTIV_BACKGROUND_IMAGE_URL=$img_url
             fi
-            if [ $POSTACTIV_DOMAIN_NAME ]; then
-                if [[ $POSTACTIV_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            if [ "$POSTACTIV_DOMAIN_NAME" ]; then
+                if [[ "$POSTACTIV_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     POSTACTIV_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$POSTACTIV_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $POSTACTIV_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$POSTACTIV_DOMAIN_NAME" ]]; then
                     POSTACTIV_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        POSTACTIV_CODE=$(cat $data | sed -n 4p)
+                        POSTACTIV_CODE=$(sed -n 4p < "$data")
                         validate_freedns_code "$POSTACTIV_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             POSTACTIV_DOMAIN_NAME=
                         fi
                     fi
@@ -174,11 +175,12 @@ function install_interactive_postactiv {
             if [ $POSTACTIV_DOMAIN_NAME ]; then
                 POSTACTIV_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # remove any invalid characters
         if [ ${#POSTACTIV_TITLE} -gt 0 ]; then
-            new_title=$(echo "$POSTACTIV_TITLE" | sed "s|'||g")
+            new_title=${"$POSTACTIV_TITLE"//\'//}
             POSTACTIV_TITLE="$new_title"
         fi
 
@@ -197,26 +199,26 @@ function change_password_postactiv {
 
     read_config_param 'POSTACTIV_DOMAIN_NAME'
 
-    cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts
+    cd "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts" || exit 246824682
     php setpassword.php "$curr_username" "$new_user_password"
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a postactiv -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a postactiv -p "$new_user_password"
 }
 
 function postactiv_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        POSTACTIV_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        POSTACTIV_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then
-            POSTACTIV_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then
+            POSTACTIV_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then
+    if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" $MY_USERNAME
+    create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function postactiv_running_script {
@@ -235,64 +237,63 @@ function reconfigure_postactiv {
 function postactiv_set_background_image {
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"PostActiv" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a background image URL' 10 60 2>$data
+           --inputbox $'Set a background image URL' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_background=$(<$data)
+            temp_background=$(<"$data")
             if [ ${#temp_background} -gt 0 ]; then
                 POSTACTIV_BACKGROUND_IMAGE_URL="$temp_background"
                 write_config_param "POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_BACKGROUND_IMAGE_URL"
 
-                if [[ $(pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then
+                if [[ $(pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then
                     dialog --title $"Set PostActiv background" \
                            --msgbox $"The background image has been set" 6 60
                 fi
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function postactiv_set_title {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"PostActiv" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a title' 10 60 2>$data
+           --inputbox $'Set a title' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_title=$(<$data)
+            new_title=$(<"$data")
             if [ ${#new_title} -gt 0 ]; then
                 POSTACTIV_TITLE="$new_title"
                 POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
                 write_config_param "POSTACTIV_TITLE" "$POSTACTIV_TITLE"
-                cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static
+                cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static" || exit 782452452
                 sed -i "s|\"name\":.*|\"name\": \"${POSTACTIV_TITLE}\",|g" config.json
                 dialog --title $"Set PostActiv title" \
                        --msgbox $"The title has been set" 6 60
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function postactiv_set_expire_months {
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     read_config_param "POSTACTIV_EXPIRE_MONTHS"
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"PostActiv" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>$data
+           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_expiry_months=$(<$data)
+            new_expiry_months=$(<"$data")
             if [ ${#new_expiry_months} -gt 0 ]; then
                 # should contain no spaces
                 if [[ "$new_expiry_months" == *" "* ]]; then
@@ -312,14 +313,14 @@ function postactiv_set_expire_months {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_postactiv {
     read_config_param "POSTACTIV_EXPIRE_MONTHS"
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"PostActiv" \
                --radiolist $"Choose an operation:" 16 70 7 \
@@ -329,21 +330,25 @@ function configure_interactive_postactiv {
                4 $"Select Qvitter user interface" off \
                5 $"Select Pleroma user interface" off \
                6 $"Select Classic user interface" off \
-               7 $"Exit" on 2> $data
+               7 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) postactiv_set_background_image;;
             2) postactiv_set_title;;
             3) postactiv_set_expire_months;;
             4) gnusocial_use_qvitter postactiv;;
             5) gnusocial_use_pleroma postactiv;;
             6) gnusocial_use_classic postactiv;;
-            7) break;;
+            7) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -353,22 +358,22 @@ function upgrade_postactiv {
         return
     fi
 
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if grep -q "postactiv domain" "$COMPLETION_FILE"; then
         POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO
+    set_repo_commit "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO
 
     # Ensure that installation script is removed
-    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then
-        rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php
+    if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then
+        rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php"
     fi
 
-    if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php ]; then
-        if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php ]; then
-            mv /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php
+    if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php" ]; then
+        if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" ]; then
+            mv "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php"
         fi
     fi
 
@@ -379,16 +384,16 @@ function upgrade_postactiv {
     gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME"
 
     upgrade_pleroma_frontend "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
-    postactiv_customise_logo
+    postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME"
     install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
-    chown -R www-data:www-data /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs"
     systemctl restart mariadb
 }
 
 
 function backup_local_postactiv {
     POSTACTIV_DOMAIN_NAME='postactiv'
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if grep -q "postactiv domain" "$COMPLETION_FILE"; then
         POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     fi
 
@@ -396,24 +401,24 @@ function backup_local_postactiv {
     /etc/cron.daily/postactiv-expire
 
     source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory"
     fi
 
     function_check suspend_site
-    suspend_site ${POSTACTIV_DOMAIN_NAME}
+    suspend_site "${POSTACTIV_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=postactivconfig
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
     dest_directory=postactivfile
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check backup_database_to_usb
     backup_database_to_usb postactiv
@@ -423,16 +428,16 @@ function backup_local_postactiv {
 }
 
 function restore_local_postactiv {
-    if ! grep -q "postactiv domain" $COMPLETION_FILE; then
+    if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then
         return
     fi
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ $POSTACTIV_DOMAIN_NAME ]; then
+    if [ "$POSTACTIV_DOMAIN_NAME" ]; then
         echo $"Restoring postactiv"
         temp_restore_dir=/root/temppostactiv
         postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd $postactiv_dir
+        cd "$postactiv_dir" || exit 468246242
         scripts/stopdaemons.sh
 
         function_check postactiv_create_database
@@ -446,36 +451,36 @@ function restore_local_postactiv {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir postactivconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir ]; then
-                cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
-                cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir" ]; then
+                cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/"
+                cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/"
             else
-                cp $temp_restore_dir/backup/config.php $postactiv_dir/
-                if [ ! -d $postactiv_dir/static ]; then
-                    mkdir $postactiv_dir/static
+                cp "$temp_restore_dir/backup/config.php" "$postactiv_dir/"
+                if [ ! -d "$postactiv_dir/static" ]; then
+                    mkdir "$postactiv_dir/static"
                 fi
-                cp -rp $temp_restore_dir/static/* $postactiv_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/"
             fi
-            chown www-data:www-data $postactiv_dir/config.php
-            chown -R www-data:www-data $postactiv_dir/static
+            chown www-data:www-data "$postactiv_dir/config.php"
+            chown -R www-data:www-data "$postactiv_dir/static"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_usb $temp_restore_dir postactivfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir/file ]; then
-                cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then
+                cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/"
             else
-                if [ ! -d $postactiv_dir/file ]; then
-                    mkdir $postactiv_dir/file
+                if [ ! -d "$postactiv_dir/file" ]; then
+                    mkdir "$postactiv_dir/file"
                 fi
-                cp -rp $temp_restore_dir/* $postactiv_dir/file/
+                cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/"
             fi
-            chown -R www-data:www-data $postactiv_dir/file
+            chown -R www-data:www-data "$postactiv_dir/file"
             rm -rf $temp_restore_dir
         fi
 
-        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
+        gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}"
 
         echo $"Restore of postactiv complete"
     fi
@@ -483,7 +488,7 @@ function restore_local_postactiv {
 
 function backup_remote_postactiv {
     POSTACTIV_DOMAIN_NAME='postactiv'
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if grep -q "postactiv domain" "$COMPLETION_FILE"; then
         POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     fi
 
@@ -491,24 +496,24 @@ function backup_remote_postactiv {
     /etc/cron.daily/postactiv-expire
 
     source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory"
     fi
 
     function_check suspend_site
-    suspend_site ${POSTACTIV_DOMAIN_NAME}
+    suspend_site "${POSTACTIV_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=postactivconfig
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
     dest_directory=postactivfile
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check backup_database_to_friend
     backup_database_to_friend postactiv
@@ -518,16 +523,16 @@ function backup_remote_postactiv {
 }
 
 function restore_remote_postactiv {
-    if ! grep -q "postactiv domain" $COMPLETION_FILE; then
+    if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then
         return
     fi
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ $POSTACTIV_DOMAIN_NAME ]; then
+    if [ "$POSTACTIV_DOMAIN_NAME" ]; then
         echo $"Restoring postactiv"
         temp_restore_dir=/root/temppostactiv
         postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd $postactiv_dir
+        cd "$postactiv_dir" || exit 24682464
         scripts/stopdaemons.sh
 
         function_check postactiv_create_database
@@ -542,36 +547,36 @@ function restore_remote_postactiv {
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir postactivconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir ]; then
-                cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
-                cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir" ]; then
+                cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/"
+                cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/"
             else
-                cp $temp_restore_dir/config.php $postactiv_dir/
-                if [ ! -d $postactiv_dir/static ]; then
-                    mkdir $postactiv_dir/static
+                cp "$temp_restore_dir/config.php" "$postactiv_dir/"
+                if [ ! -d "$postactiv_dir/static" ]; then
+                    mkdir "$postactiv_dir/static"
                 fi
-                cp -rp $temp_restore_dir/static/* $postactiv_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/"
             fi
-            chown www-data:www-data $postactiv_dir/config.php
-            chown -R www-data:www-data $postactiv_dir/static
+            chown www-data:www-data "$postactiv_dir/config.php"
+            chown -R www-data:www-data "$postactiv_dir/static"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_friend $temp_restore_dir postactivfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir/file ]; then
-                cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then
+                cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/"
             else
-                if [ ! -d $postactiv_dir/file ]; then
-                    mkdir $postactiv_dir/file
+                if [ ! -d "$postactiv_dir/file" ]; then
+                    mkdir "$postactiv_dir/file"
                 fi
-                cp -rp $temp_restore_dir/* $postactiv_dir/file/
+                cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/"
             fi
-            chown -R www-data:www-data $postactiv_dir/file
+            chown -R www-data:www-data "$postactiv_dir/file"
             rm -rf $temp_restore_dir
         fi
 
-        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
+        gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}"
 
         echo $"Restore of postactiv complete"
     fi
@@ -587,23 +592,23 @@ function remove_postactiv {
     read_config_param "POSTACTIV_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $POSTACTIV_DOMAIN_NAME"
-    nginx_dissite $POSTACTIV_DOMAIN_NAME
-    remove_certs $POSTACTIV_DOMAIN_NAME
+    nginx_dissite "$POSTACTIV_DOMAIN_NAME"
+    remove_certs "$POSTACTIV_DOMAIN_NAME"
     if [ -f /etc/cron.hourly/postactiv-daemons ]; then
         rm /etc/cron.hourly/postactiv-daemons
     fi
-    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+    if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh" ]; then
+        cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 2467245248
         scripts/stopdaemons.sh
     fi
-    kill_pid=$(ps aux | grep /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
+    kill -9 "$kill_pid"
 
-    if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
-        rm -rf /var/www/$POSTACTIV_DOMAIN_NAME
+    if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database postactiv
@@ -614,17 +619,17 @@ function remove_postactiv {
     fi
     remove_app postactiv
     remove_completion_param install_postactiv
-    sed -i '/postactiv/d' $COMPLETION_FILE
+    sed -i '/postactiv/d' "$COMPLETION_FILE"
     remove_backup_database_local postactiv
 
     sed -i '/postactiv-firewall/d' /etc/crontab
 
     function_check remove_ddns_domain
-    remove_ddns_domain $POSTACTIV_DOMAIN_NAME
+    remove_ddns_domain "$POSTACTIV_DOMAIN_NAME"
 }
 
 function install_postactiv_main {
-    if [ ! $POSTACTIV_DOMAIN_NAME ]; then
+    if [ ! "$POSTACTIV_DOMAIN_NAME" ]; then
         echo $'No domain name was given for postactiv'
         exit 7359
     fi
@@ -648,38 +653,38 @@ function install_postactiv_main {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
-        mkdir /var/www/$POSTACTIV_DOMAIN_NAME
+    if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$POSTACTIV_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/postactiv ]; then
-            mkdir /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-            cp -r -p /repos/postactiv/. /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-            cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/postactiv/. "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+            cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46824682682
             git pull
         else
             function_check git_clone
-            git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+            git_clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone postactiv repo'
             exit 87525
         fi
     fi
 
-    cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+    cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46287462828
     git checkout $POSTACTIV_COMMIT -b $POSTACTIV_COMMIT
     set_completion_param "postactiv commit" "$POSTACTIV_COMMIT"
 
-    chmod g+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar
-    chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file
-    chown -R www-data:www-data /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-    chmod +x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php
-    chmod 755 /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
-    chmod -x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
+    chmod g+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar"
+    chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file"
+    chown -R www-data:www-data "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+    chmod +x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php"
+    chmod 755 "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php"
+    chmod -x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php"
 
     function_check postactiv_create_database
     postactiv_create_database
@@ -695,118 +700,118 @@ function install_postactiv_main {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $POSTACTIV_DOMAIN_NAME
+    add_ddns_domain "$POSTACTIV_DOMAIN_NAME"
 
     POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})
 
     postactiv_nginx_site=/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $POSTACTIV_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $postactiv_nginx_site
-        echo '  listen 443 ssl;' >> $postactiv_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $postactiv_nginx_site
-        echo "  server_name $POSTACTIV_DOMAIN_NAME;" >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
+        nginx_http_redirect "$POSTACTIV_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $POSTACTIV_DOMAIN_NAME;";
+          echo ''; } >> "$postactiv_nginx_site"
         function_check nginx_compress
-        nginx_compress $POSTACTIV_DOMAIN_NAME
-        echo '' >> $postactiv_nginx_site
-        echo '  # Security' >> $postactiv_nginx_site
+        nginx_compress "$POSTACTIV_DOMAIN_NAME"
+        echo '' >> "$postactiv_nginx_site"
+        echo '  # Security' >> "$postactiv_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $POSTACTIV_DOMAIN_NAME
+        nginx_ssl "$POSTACTIV_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME
+        nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Logs' >> $postactiv_nginx_site
-        echo '  access_log /dev/null;' >> $postactiv_nginx_site
-        echo '  error_log /dev/null;' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Root' >> $postactiv_nginx_site
-        echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Index' >> $postactiv_nginx_site
-        echo '  index index.php;' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # PHP' >> $postactiv_nginx_site
-        echo '  location ~ \.php {' >> $postactiv_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Location' >> $postactiv_nginx_site
-        echo '  location / {' >> $postactiv_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$postactiv_nginx_site"
         function_check nginx_limits
-        nginx_limits $POSTACTIV_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Fancy URLs' >> $postactiv_nginx_site
-        echo '  location @postactiv {' >> $postactiv_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
-        echo '    deny all;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '}' >> $postactiv_nginx_site
+        nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @postactiv;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @postactiv {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}'; } >> "$postactiv_nginx_site"
     else
-        echo -n '' > $postactiv_nginx_site
+        echo -n '' > "$postactiv_nginx_site"
     fi
-    echo 'server {' >> $postactiv_nginx_site
-    echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;" >> $postactiv_nginx_site
-    echo "    server_name $POSTACTIV_ONION_HOSTNAME;" >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;";
+      echo "    server_name $POSTACTIV_ONION_HOSTNAME;";
+      echo ''; } >> "$postactiv_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME
-    echo '' >> $postactiv_nginx_site
+    nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
+    echo '' >> "$postactiv_nginx_site"
     function_check nginx_compress
-    nginx_compress $POSTACTIV_DOMAIN_NAME
-    echo '' >> $postactiv_nginx_site
-    echo '  # Logs' >> $postactiv_nginx_site
-    echo '  access_log /dev/null;' >> $postactiv_nginx_site
-    echo '  error_log /dev/null;' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Root' >> $postactiv_nginx_site
-    echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Index' >> $postactiv_nginx_site
-    echo '  index index.php;' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # PHP' >> $postactiv_nginx_site
-    echo '  location ~ \.php {' >> $postactiv_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Location' >> $postactiv_nginx_site
-    echo '  location / {' >> $postactiv_nginx_site
+    nginx_compress "$POSTACTIV_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$postactiv_nginx_site"
     function_check nginx_limits
-    nginx_limits $POSTACTIV_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Fancy URLs' >> $postactiv_nginx_site
-    echo '  location @postactiv {' >> $postactiv_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
-    echo '    deny all;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '}' >> $postactiv_nginx_site
+    nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @postactiv;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @postactiv {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$postactiv_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $POSTACTIV_DOMAIN_NAME 'yes'
+    create_site_certificate "$POSTACTIV_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -817,7 +822,7 @@ function install_postactiv_main {
     backup_database_local postactiv
 
     function_check nginx_ensite
-    nginx_ensite $POSTACTIV_DOMAIN_NAME
+    nginx_ensite "$POSTACTIV_DOMAIN_NAME"
 
     # NOTE: For the typical case always enable SSL and only
     # disable it if in onion only mode. This is due to complexities
@@ -834,8 +839,8 @@ function install_postactiv_main {
 
     # Create the configuration
     postactiv_installer=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts/install_cli.php
-    if [ ! -f $postactiv_installer ]; then
-        rm -rf /var/www/$POSTACTIV_DOMAIN_NAME
+    if [ ! -f "$postactiv_installer" ]; then
+        rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
         echo $'No postactiv commandline installer found'
         exit 53026
     fi
@@ -856,45 +861,45 @@ function install_postactiv_main {
     #fi
 
     # check postactiv has a config file
-    postactiv_config_file=/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php
-    if [ ! -f $postactiv_config_file ]; then
+    postactiv_config_file="/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php"
+    if [ ! -f "$postactiv_config_file" ]; then
         drop_database postactiv
-        rm -rf /var/www/$POSTACTIV_DOMAIN_NAME
+        rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
         echo $'Postactiv config.php not found'
         exit 87586
     fi
 
     # Some useful settings
-    if ! grep -q "Recommended postactiv settings" $postactiv_config_file; then
-        echo "" >> $postactiv_config_file
-        echo "// Recommended postactiv settings" >> $postactiv_config_file
-        echo "\$config['thumbnail']['maxsize'] = 3000;" >> $postactiv_config_file
-        echo "\$config['profile']['delete'] = true;" >> $postactiv_config_file
-        echo "\$config['profile']['changenick'] = true;" >> $postactiv_config_file
-        echo "\$config['public']['localonly'] = false;" >> $postactiv_config_file
-        echo "addPlugin('StoreRemoteMedia');" >> $postactiv_config_file
-        echo "\$config['queue']['enabled'] = true;" >> $postactiv_config_file
-        echo "\$config['queue']['daemon'] = true;" >> $postactiv_config_file
-        echo "\$config['ostatus']['hub_retries'] = 3;" >> $postactiv_config_file
+    if ! grep -q "Recommended postactiv settings" "$postactiv_config_file"; then
+        { echo "";
+          echo "// Recommended postactiv settings";
+          echo "\$config['thumbnail']['maxsize'] = 3000;";
+          echo "\$config['profile']['delete'] = true;";
+          echo "\$config['profile']['changenick'] = true;";
+          echo "\$config['public']['localonly'] = false;";
+          echo "addPlugin('StoreRemoteMedia');";
+          echo "\$config['queue']['enabled'] = true;";
+          echo "\$config['queue']['daemon'] = true;";
+          echo "\$config['ostatus']['hub_retries'] = 3;"; } >> "$postactiv_config_file"
     fi
 
-    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> $postactiv_config_file
+    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> "$postactiv_config_file"
 
     # This improves performance
-    sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $postactiv_config_file
+    sed -i "s|//\$config\\['db'\\]\\['schemacheck'\\].*|\$config\\['db'\\]\\['schemacheck'\\] = 'script';|g" "$postactiv_config_file"
 
     # remove the install script
-    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then
-        rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php
+    if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then
+        rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php"
     fi
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD"
 
     gnusocial_block_user_script
     gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME"
@@ -905,7 +910,7 @@ function install_postactiv_main {
 }
 
 function install_postactiv {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -925,8 +930,8 @@ function install_postactiv {
         install_nodejs pleroma-gnusocial
         install_pleroma_front_end "postactiv" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
         install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
-        postactiv_customise_logo
-        sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json
+        postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME"
+        sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json"
     fi
 
     expire_gnusocial_posts "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_EXPIRE_MONTHS"
@@ -940,8 +945,8 @@ function install_postactiv {
     # And doesn't forget logins
     gnusocial_use_qvitter postactiv
 
-    if [ $POSTACTIV_BACKGROUND_IMAGE_URL ]; then
-        pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
+    if [ "$POSTACTIV_BACKGROUND_IMAGE_URL" ]; then
+        pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
     fi
 
     APP_INSTALLED=1

src/freedombone-app-privatebin

@@ -56,7 +56,7 @@ function secure_privatebin {
     find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550
 
     chown -R ${rootuser}:${htgroup} "${pbpath}/"
-    chown -R www-data:www-data ${pbdata}
+    chown -R www-data:www-data "${pbdata}"
 }
 
 function logging_on_privatebin {
@@ -68,63 +68,65 @@ function logging_off_privatebin {
 }
 
 function remove_user_privatebin {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_privatebin {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
 
     echo '0'
 }
 
 function install_interactive_privatebin {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         PRIVATEBIN_DOMAIN_NAME='privatebin.local'
     else
         PRIVATEBIN_DETAILS_COMPLETE=
         while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PrivateBin Configuration" \
-                       --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
                        $"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PrivateBin Configuration" \
-                       --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            PRIVATEBIN_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $PRIVATEBIN_DOMAIN_NAME ]; then
-                if [[ $PRIVATEBIN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            PRIVATEBIN_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
+                if [[ "$PRIVATEBIN_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     PRIVATEBIN_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PRIVATEBIN_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$PRIVATEBIN_DOMAIN_NAME" ]]; then
                     PRIVATEBIN_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        PRIVATEBIN_CODE=$(cat $data | sed -n 2p)
+                        PRIVATEBIN_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$PRIVATEBIN_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             PRIVATEBIN_DOMAIN_NAME=
                         fi
                     fi
@@ -133,6 +135,7 @@ function install_interactive_privatebin {
             if [ $PRIVATEBIN_DOMAIN_NAME ]; then
                 PRIVATEBIN_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE"
@@ -142,8 +145,9 @@ function install_interactive_privatebin {
 }
 
 function change_password_privatebin {
-    curr_username="$1"
-    new_user_password="$2"
+#    curr_username="$1"
+#    new_user_password="$2"
+    echo -n ''
 }
 
 function reconfigure_privatebin {
@@ -156,13 +160,13 @@ function upgrade_privatebin {
         return
     fi
 
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
         PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs "privatebin commit" "$PRIVATEBIN_COMMIT" $PRIVATEBIN_REPO
+    set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO"
 
     secure_privatebin
 }
@@ -170,40 +174,40 @@ function upgrade_privatebin {
 
 function backup_local_privatebin {
     PRIVATEBIN_DOMAIN_NAME='privatebin'
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
         PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
     fi
 
-    source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
 
     function_check suspend_site
-    suspend_site ${PRIVATEBIN_DOMAIN_NAME}
+    suspend_site "${PRIVATEBIN_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=privatebin
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
 }
 
 function restore_local_privatebin {
-    if ! grep -q "privatebin domain" $COMPLETION_FILE; then
+    if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
         return
     fi
     PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    if [ $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
         echo $"Restoring privatebin"
         temp_restore_dir=/root/tempprivatebin
-        privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+        privatebin_dir="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
 
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir privatebin
         if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$privatebin_dir ]; then
-                cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
+            if [ -d "$temp_restore_dir$privatebin_dir" ]; then
+                cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
             else
-                cp -rp $temp_restore_dir/* $privatebin_dir/
+                cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
             fi
             secure_privatebin
             rm -rf $temp_restore_dir
@@ -215,39 +219,39 @@ function restore_local_privatebin {
 
 function backup_remote_privatebin {
     PRIVATEBIN_DOMAIN_NAME='privatebin'
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
         PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
     fi
 
-    source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
 
     function_check suspend_site
-    suspend_site ${PRIVATEBIN_DOMAIN_NAME}
+    suspend_site "${PRIVATEBIN_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=privatebin
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
 }
 
 function restore_remote_privatebin {
-    if ! grep -q "privatebin domain" $COMPLETION_FILE; then
+    if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
         return
     fi
     PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    if [ $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
         temp_restore_dir=/root/tempprivatebin
         privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
 
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir privatebin
         if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$privatebin_dir ]; then
-                cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
+            if [ -d "$temp_restore_dir$privatebin_dir" ]; then
+                cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
             else
-                cp -rp $temp_restore_dir/* $privatebin_dir/
+                cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
             fi
             secure_privatebin
             rm -rf $temp_restore_dir
@@ -262,14 +266,14 @@ function remove_privatebin {
     read_config_param "PRIVATEBIN_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $PRIVATEBIN_DOMAIN_NAME"
-    nginx_dissite $PRIVATEBIN_DOMAIN_NAME
-    remove_certs $PRIVATEBIN_DOMAIN_NAME
+    nginx_dissite "$PRIVATEBIN_DOMAIN_NAME"
+    remove_certs "$PRIVATEBIN_DOMAIN_NAME"
 
-    if [ -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
-        rm -rf /var/www/$PRIVATEBIN_DOMAIN_NAME
+    if [ -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PRIVATEBIN_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME"
     fi
     function_check remove_onion_service
     remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT}
@@ -278,18 +282,18 @@ function remove_privatebin {
     fi
     remove_app privatebin
     remove_completion_param install_privatebin
-    sed -i '/privatebin/d' $COMPLETION_FILE
+    sed -i '/privatebin/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $PRIVATEBIN_DOMAIN_NAME
+    remove_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"
 }
 
 function install_privatebin {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [ ! $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ ! "$PRIVATEBIN_DOMAIN_NAME" ]; then
         echo $'No domain name was given for privatebin'
         exit 7359
     fi
@@ -298,153 +302,153 @@ function install_privatebin {
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
     apt-get -yq install php-libsodium libsodium18 php-mcrypt
 
-    if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
-        mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME
+    if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/privatebin ]; then
-            mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-            cp -r -p /repos/privatebin/. /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-            cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/privatebin/. "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+            cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 3468246824
             git pull
         else
             function_check git_clone
-            git_clone $PRIVATEBIN_REPO /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+            git_clone "$PRIVATEBIN_REPO" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone privatebin repo'
             exit 63763873
         fi
     fi
 
-    cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-    git checkout $PRIVATEBIN_COMMIT -b $PRIVATEBIN_COMMIT
+    cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 24682462
+    git checkout "$PRIVATEBIN_COMMIT" -b "$PRIVATEBIN_COMMIT"
     set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT"
 
-    chmod g+w /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
 
     function_check add_ddns_domain
-    add_ddns_domain $PRIVATEBIN_DOMAIN_NAME
+    add_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"
 
     PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT})
 
     privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $PRIVATEBIN_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $privatebin_nginx_site
-        echo '  listen 443 ssl;' >> $privatebin_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $privatebin_nginx_site
-        echo "  server_name $PRIVATEBIN_DOMAIN_NAME;" >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
+        nginx_http_redirect "$PRIVATEBIN_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $PRIVATEBIN_DOMAIN_NAME;";
+          echo ''; } >> "$privatebin_nginx_site"
         function_check nginx_compress
-        nginx_compress $PRIVATEBIN_DOMAIN_NAME
-        echo '' >> $privatebin_nginx_site
-        echo '  # Security' >> $privatebin_nginx_site
+        nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
+        echo '' >> "$privatebin_nginx_site"
+        echo '  # Security' >> "$privatebin_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $PRIVATEBIN_DOMAIN_NAME
+        nginx_ssl "$PRIVATEBIN_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
+        nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Logs' >> $privatebin_nginx_site
-        echo '  access_log /dev/null;' >> $privatebin_nginx_site
-        echo '  error_log /dev/null;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  index index.php;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  location ~ \.php {' >> $privatebin_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Location' >> $privatebin_nginx_site
-        echo '  location / {' >> $privatebin_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$privatebin_nginx_site"
         function_check nginx_limits
-        nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $privatebin_nginx_site
-        echo '    deny all;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '}' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
+        nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @privatebin;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> "$privatebin_nginx_site"
     else
-        echo -n '' > $privatebin_nginx_site
+        echo -n '' > "$privatebin_nginx_site"
     fi
-    echo 'server {' >> $privatebin_nginx_site
-    echo "    listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;" >> $privatebin_nginx_site
-    echo "    server_name $PRIVATEBIN_ONION_HOSTNAME;" >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;";
+      echo "    server_name $PRIVATEBIN_ONION_HOSTNAME;";
+      echo ''; } >> "$privatebin_nginx_site"
     function_check nginx_compress
-    nginx_compress $PRIVATEBIN_DOMAIN_NAME
-    echo '' >> $privatebin_nginx_site
+    nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
+    echo '' >> "$privatebin_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
-    echo '' >> $privatebin_nginx_site
-    echo '  # Logs' >> $privatebin_nginx_site
-    echo '  access_log /dev/null;' >> $privatebin_nginx_site
-    echo '  error_log /dev/null;' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  index index.php;' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  location ~ \.php {' >> $privatebin_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  # Location' >> $privatebin_nginx_site
-    echo '  location / {' >> $privatebin_nginx_site
+    nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$privatebin_nginx_site"
     function_check nginx_limits
-    nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $privatebin_nginx_site
-    echo '    deny all;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '}' >> $privatebin_nginx_site
+    nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @privatebin;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$privatebin_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $PRIVATEBIN_DOMAIN_NAME 'yes'
+    create_site_certificate "$PRIVATEBIN_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $PRIVATEBIN_DOMAIN_NAME
+    nginx_ensite "$PRIVATEBIN_DOMAIN_NAME"
 
-    cp /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
+    cp "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
 
     # Change some defaults
-    sed -i 's|; qrcode|qrcode|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|default =.*|default = "1day"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|languagedefault =.*|languagedefault = "en"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1week =|; 1week =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1month =|; 1month =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1year =|; 1year =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|never =|; never =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|limit = 10|limit = 30|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|limit = 300|limit = 0|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|batchsize =.*|batchsize = 100|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|sizelimit =.*|sizelimit = 32768|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
+    sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1week =|; 1week =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1month =|; 1month =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|limit = 300|limit = 0|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|batchsize =.*|batchsize = 100|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|sizelimit =.*|sizelimit = 32768|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
 
-    mkdir -p /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data
+    mkdir -p "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
 
     secure_privatebin
 

src/freedombone-app-profanity

@@ -57,12 +57,13 @@ function logging_off_profanity {
 }
 
 function remove_user_profanity {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_profanity {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
 
     echo '0'
 }
@@ -82,19 +83,19 @@ function change_password_profanity {
 
     read_config_param DEFAULT_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a xmpp -p "$new_user_password"
 
     # TODO: this is currently interactive. Really there needs to be a
     # non-interactive password change option for prosodyctl
     clear
     echo ''
     echo $'Currently Prosody requires password changes to be done interactively'
-    prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME}
+    prosodyctl passwd "${curr_username}@${DEFAULT_DOMAIN_NAME}"
 
     XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
     XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-    if [ -f $XMPP_CLIENT_ACCOUNTS ]; then
-        sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS
+    if [ -f "$XMPP_CLIENT_ACCOUNTS" ]; then
+        sed -i "s|password=.*|password=$new_user_password|g" "$XMPP_CLIENT_ACCOUNTS"
     fi
 }
 
@@ -110,11 +111,11 @@ function upgrade_profanity {
 
     rm -rf /tmp/*
 
-    CURR_LIBMESODE_COMMIT=$(cat $COMPLETION_FILE | grep "libmesode commit" | awk -F ':' '{print $2}')
+    CURR_LIBMESODE_COMMIT=$(grep "libmesode commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_LIBMESODE_COMMIT" != "$LIBMESODE_COMMIT" ]]; then
         function_check set_repo_commit
-        set_repo_commit $INSTALL_DIR/libmesode "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO
-        cd $INSTALL_DIR/libmesode
+        set_repo_commit "$INSTALL_DIR/libmesode" "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO
+        cd "$INSTALL_DIR/libmesode" || exit 42682682
         ./bootstrap.sh
         ./configure
         make
@@ -124,42 +125,42 @@ function upgrade_profanity {
 
     rm -rf /tmp/*
 
-    CURR_PROFANITY_COMMIT=$(cat $COMPLETION_FILE | grep "profanity commit" | awk -F ':' '{print $2}')
+    CURR_PROFANITY_COMMIT=$(grep "profanity commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_PROFANITY_COMMIT" != "$PROFANITY_COMMIT" ]]; then
         function_check set_repo_commit
-        set_repo_commit $INSTALL_DIR/profanity "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO
-        cd $INSTALL_DIR/profanity
+        set_repo_commit "$INSTALL_DIR/profanity" "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO
+        cd "$INSTALL_DIR/profanity" || exit 248242684
         ./bootstrap.sh
         ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
         make
         make install
     fi
 
-    CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(cat $COMPLETION_FILE | grep "profanity omemo plugin commit" | awk -F ':' '{print $2}')
+    CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(grep "profanity omemo plugin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_PROFANITY_OMEMO_PLUGIN_COMMIT" != "$PROFANITY_OMEMO_PLUGIN_COMMIT" ]]; then
         # upgrade omemo plugins for all users
-        set_repo_commit $INSTALL_DIR/profanity-omemo-plugin "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO
-        cd $INSTALL_DIR/profanity-omemo-plugin
-        sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh
+        set_repo_commit "$INSTALL_DIR/profanity-omemo-plugin" "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO
+        cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 2468246284
+        sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
         pip uninstall -y profanity-omemo-plugin
         ./install.sh
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME/.local/share/profanity/plugins ]; then
-                    mkdir -p /home/$USERNAME/.local/share/profanity/plugins
+                if [ ! -d "/home/$USERNAME/.local/share/profanity/plugins" ]; then
+                    mkdir -p "/home/$USERNAME/.local/share/profanity/plugins"
                 fi
-                if [ -f $INSTALL_DIR/profanity-omemo-plugin/omemo.py ]; then
-                    rm $INSTALL_DIR/profanity-omemo-plugin/omemo.*
+                if [ -f "$INSTALL_DIR/profanity-omemo-plugin/omemo.py" ]; then
+                    rm "$INSTALL_DIR/profanity-omemo-plugin/omemo.*"
                 fi
-                cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$USERNAME/.local/share/profanity/plugins
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/.local
+                cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/home/$USERNAME/.local/share/profanity/plugins"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.local"
             fi
         done
         if [ -f /etc/skel/.local/share/profanity/plugins/omemo.py ]; then
             rm /etc/skel/.local/share/profanity/plugins/omemo.*
         fi
-        cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins
+        cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/etc/skel/.local/share/profanity/plugins"
     fi
 
     chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
@@ -183,11 +184,11 @@ function restore_remote_profanity {
 
 function remove_profanity {
     if [ -f /usr/local/bin/profanity ]; then
-        cd $INSTALL_DIR/profanity
+        cd "$INSTALL_DIR/profanity" || exit 4628462848
         make uninstall
 
         remove_completion_param install_profanity
-        sed -i '/profanity/d' $COMPLETION_FILE
+        sed -i '/profanity/d' "$COMPLETION_FILE"
     fi
 }
 
@@ -197,8 +198,8 @@ function install_profanity {
         return
     fi
     # install profanity from source in order to get OMEMO support
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     apt-get -yq install automake autoconf autoconf-archive libtool build-essential
@@ -207,15 +208,15 @@ function install_profanity {
 
     # dependency for profanity not available in debian
     if [ -d /repos/libmesode ]; then
-        mkdir $INSTALL_DIR/libmesode
-        cp -r -p /repos/libmesode/. $INSTALL_DIR/libmesode
-        cd $INSTALL_DIR/libmesode
+        mkdir "$INSTALL_DIR/libmesode"
+        cp -r -p /repos/libmesode/. "$INSTALL_DIR/libmesode"
+        cd "$INSTALL_DIR/libmesode" || exit 46287642846872
         git pull
     else
-        git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
+        git_clone "$LIBMESODE_REPO" "$INSTALL_DIR/libmesode"
     fi
 
-    cd $INSTALL_DIR/libmesode
+    cd "$INSTALL_DIR/libmesode" || exit 2468246284
     git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT
     ./bootstrap.sh
     ./configure
@@ -225,15 +226,15 @@ function install_profanity {
 
     # build profanity
     if [ -d /repos/profanity ]; then
-        mkdir $INSTALL_DIR/profanity
-        cp -r -p /repos/profanity/. $INSTALL_DIR/profanity
-        cd $INSTALL_DIR/profanity
+        mkdir "$INSTALL_DIR/profanity"
+        cp -r -p /repos/profanity/. "$INSTALL_DIR/profanity"
+        cd "$INSTALL_DIR/profanity" || exit 2468246824
         git pull
     else
-        git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
+        git_clone "$PROFANITY_REPO" "$INSTALL_DIR/profanity"
     fi
 
-    cd $INSTALL_DIR/profanity
+    cd "$INSTALL_DIR/profanity" || exit 54287452858
     git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT
     ./bootstrap.sh
     ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
@@ -249,116 +250,116 @@ function install_profanity {
     apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev
 
     if [ -d /repos/profanity-omemo ]; then
-        mkdir $INSTALL_DIR/profanity-omemo-plugin
-        cp -r -p /repos/profanity-omemo/. $INSTALL_DIR/profanity-omemo-plugin
-        cd $INSTALL_DIR/profanity-omemo-plugin
+        mkdir "$INSTALL_DIR/profanity-omemo-plugin"
+        cp -r -p /repos/profanity-omemo/. "$INSTALL_DIR/profanity-omemo-plugin"
+        cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 24682462842
         git pull
     else
-        git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
+        git_clone "$PROFANITY_OMEMO_PLUGIN_REPO" "$INSTALL_DIR/profanity-omemo-plugin"
     fi
 
-    cd $INSTALL_DIR/profanity-omemo-plugin
+    cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 6428468248
     git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT
-    if [ ! -f $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py ]; then
+    if [ ! -f "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" ]; then
         echo $'prof_omemo_plugin.py not found'
         exit 389225
     fi
-    sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh
+    sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
     ./install.sh
 
     mkdir -p /etc/skel/.local/share/profanity/plugins
-    cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins
-    cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$MY_USERNAME/.local/share/profanity/plugins
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
+    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /etc/skel/.local/share/profanity/plugins
+    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/home/$MY_USERNAME/.local/share/profanity/plugins"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
 
     XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
     XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-    if [ ! -d $XMPP_CLIENT_DIR ]; then
-        mkdir -p $XMPP_CLIENT_DIR
+    if [ ! -d "$XMPP_CLIENT_DIR" ]; then
+        mkdir -p "$XMPP_CLIENT_DIR"
     fi
 
     XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
-    MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME")
+    #MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME")
 
     if [[ $ONION_ONLY == 'no' ]]; then
-        echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
-        echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-        echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
-        # There is a bug where profanity doesn't refresh the screen
-        # after gpg-agent has asked for a password, so for now
-        # don't set the gpg key by default
-        #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
-        echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+        { echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]";
+          echo 'enabled=true';
+          echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}";
+          echo "server=$XMPP_ONION_HOSTNAME";
+          # There is a bug where profanity doesn't refresh the screen
+          # after gpg-agent has asked for a password, so for now
+          # don't set the gpg key by default
+          #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
+          echo "pgp.keyid=";
+          echo 'resource=profanity';
+          echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}";
+          echo "muc.nick=${MY_USERNAME}";
+          echo 'presence.last=online';
+          echo 'presence.login=online';
+          echo 'priority.online=0';
+          echo 'priority.chat=0';
+          echo 'priority.away=0';
+          echo 'priority.xa=0';
+          echo 'priority.dnd=0'; } > "$XMPP_CLIENT_ACCOUNTS"
         if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-            echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+            echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
         fi
     fi
 
     if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
-        echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
+        echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> "$XMPP_CLIENT_ACCOUNTS"
         if [[ $ONION_ONLY == 'no' ]]; then
-            echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
+            echo 'enabled=false' >> "$XMPP_CLIENT_ACCOUNTS"
         else
-            echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+            echo 'enabled=true' >> "$XMPP_CLIENT_ACCOUNTS"
         fi
-        echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
-        # There is a bug where profanity doesn't refresh the screen
-        # after gpg-agent has asked for a password, so for now
-        # don't set the gpg key by default
-        #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
-        echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.service=${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+        { echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}";
+          echo "server=$XMPP_ONION_HOSTNAME";
+          # There is a bug where profanity doesn't refresh the screen
+          # after gpg-agent has asked for a password, so for now
+          # don't set the gpg key by default
+          #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
+          echo "pgp.keyid=";
+          echo 'resource=profanity';
+          echo "muc.service=${XMPP_ONION_HOSTNAME}";
+          echo "muc.nick=${MY_USERNAME}";
+          echo 'presence.last=online';
+          echo 'presence.login=online';
+          echo 'priority.online=0';
+          echo 'priority.chat=0';
+          echo 'priority.away=0';
+          echo 'priority.xa=0';
+          echo 'priority.dnd=0'; } >> "$XMPP_CLIENT_ACCOUNTS"
         if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-            echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+            echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
         fi
     fi
 
-    if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
-        mkdir -p /home/$MY_USERNAME/.config/profanity
+    if [ ! -d "/home/$MY_USERNAME/.config/profanity" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/profanity"
     fi
-    echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
+    echo '[connection]' > "/home/$MY_USERNAME/.config/profanity/profrc"
     if [[ $ONION_ONLY == 'no' ]]; then
-        echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+        echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
     else
-        echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+        echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
     fi
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[plugins]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'load=prof_omemo_plugin.py;' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[otr]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'policy=opportunistic' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[pgp]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[ui]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'enc.warn=true' >> /home/$MY_USERNAME/.config/profanity/profrc
+    { echo '';
+      echo '[plugins]';
+      echo 'load=prof_omemo_plugin.py;';
+      echo '';
+      echo '[otr]';
+      echo 'policy=opportunistic';
+      echo 'log=off';
+      echo '';
+      echo '[pgp]';
+      echo 'log=off';
+      echo '';
+      echo '[ui]';
+      echo 'enc.warn=true'; } >> "/home/$MY_USERNAME/.config/profanity/profrc"
 
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
 
     chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
     APP_INSTALLED=1

src/freedombone-app-radicale

@@ -61,15 +61,15 @@ function logging_off_radicale {
 function remove_user_radicale {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp radicale
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp radicale
 
     if grep -q "${remove_username}:" ${RADICALE_USERS}; then
         sed -i "/${remove_username}:/d" ${RADICALE_USERS}
-        if [ -d /var/www/radicale/collections/${remove_username} ]; then
-            rm -rf /var/www/radicale/collections/${remove_username}
+        if [ -d "/var/www/radicale/collections/${remove_username}" ]; then
+            rm -rf "/var/www/radicale/collections/${remove_username}"
         fi
-        if [ -f /var/www/radicale/collections/${remove_username}.props ]; then
-            rm /var/www/radicale/collections/${remove_username}.props
+        if [ -f "/var/www/radicale/collections/${remove_username}.props" ]; then
+            rm "/var/www/radicale/collections/${remove_username}.props"
         fi
         systemctl restart radicale
     fi
@@ -79,7 +79,7 @@ function add_user_radicale {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a radicale -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a radicale -p "$new_user_password"
 
     if [ ! -f ${RADICALE_USERS} ]; then
         touch ${RADICALE_USERS}
@@ -88,13 +88,13 @@ function add_user_radicale {
     if ! grep -q "$new_username:" ${RADICALE_USERS}; then
         htpasswd -bd ${RADICALE_USERS} "$new_username" "$new_user_password"
 
-        echo '{"ICAL:calendar-color": "#9e50df"}' > /var/www/radicale/collections/${new_username}.props
-        mkdir /var/www/radicale/collections/${new_username}
-        echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > /var/www/radicale/collections/${new_username}/calendar.props
-        echo 'BEGIN:VCALENDAR' > /var/www/radicale/collections/${new_username}/calendar
-        echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN' >> /var/www/radicale/collections/${new_username}/calendar
-        echo 'VERSION:2.0' >> /var/www/radicale/collections/${new_username}/calendar
-        echo 'END:VCALENDAR' >> /var/www/radicale/collections/${new_username}/calendar
+        echo '{"ICAL:calendar-color": "#9e50df"}' > "/var/www/radicale/collections/${new_username}.props"
+        mkdir "/var/www/radicale/collections/${new_username}"
+        echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > "/var/www/radicale/collections/${new_username}/calendar.props"
+        { echo 'BEGIN:VCALENDAR';
+          echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN';
+          echo 'VERSION:2.0';
+          echo 'END:VCALENDAR'; } >> "/var/www/radicale/collections/${new_username}/calendar"
 
         chown -R www-data:www-data /var/www/radicale
         chmod -R 755 /var/www/radicale/*
@@ -107,7 +107,7 @@ function change_password_radicale {
     existing_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $existing_username -a radicale -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$existing_username" -a radicale -p "$new_user_password"
 
     if grep -q "${existing_username}:" ${RADICALE_USERS}; then
         sed -i "/${existing_username}:/d" ${RADICALE_USERS}
@@ -127,14 +127,14 @@ function reconfigure_radicale {
     rm -rf /var/log/radicale/*
 
     # create an admin password
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
     add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
 
     touch /var/log/radicale/radicale.log
     chown -R www-data:www-data /var/log/radicale
@@ -145,7 +145,7 @@ function upgrade_radicale {
         return
     fi
 
-    if ! grep -q "radicale version:" $COMPLETION_FILE; then
+    if ! grep -q "radicale version:" "$COMPLETION_FILE"; then
         return
     fi
 
@@ -155,7 +155,7 @@ function upgrade_radicale {
     fi
 
     # get the source
-    cd /var/www/radicale
+    cd /var/www/radicale || exit 62784628468
     wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
 
     # check the hash
@@ -170,7 +170,7 @@ function upgrade_radicale {
         exit 73529
     fi
     rm Radicale-${RADICALE_VERSION}.tar.gz
-    cd Radicale-${RADICALE_VERSION}
+    cd "Radicale-${RADICALE_VERSION}" || exit 264824684
 
     # move the old command
     mv /usr/local/bin/radicale /usr/local/bin/radicale_previous
@@ -186,9 +186,9 @@ function upgrade_radicale {
     fi
 
     # remove the old source
-    rm -rf Radicale-${CURR_RADICALE_VERSION}
+    rm -rf "Radicale-${CURR_RADICALE_VERSION}" || exit 6842684282
 
-    sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" "${COMPLETION_FILE}"
     chown -R www-data:www-data /var/www/radicale
     systemctl restart radicale
     systemctl restart nginx
@@ -219,6 +219,7 @@ function restore_local_radicale {
         else
             cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -233,6 +234,7 @@ function restore_local_radicale {
         else
             cp -r $temp_restore_dir/* /var/www/radicale/*
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -264,6 +266,7 @@ function restore_remote_radicale {
         else
             cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 236746
         fi
@@ -276,6 +279,7 @@ function restore_remote_radicale {
         else
             cp -r $temp_restore_dir/* /var/www/radicale
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 3674284
         fi
@@ -332,17 +336,17 @@ function remove_radicale {
     fi
 
     remove_completion_param install_radicale
-    sed -i '/radicale/d' $COMPLETION_FILE
-    sed -i '/# Start radicale/,/# End radicale/d' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+    sed -i '/radicale/d' "$COMPLETION_FILE"
+    sed -i '/# Start radicale/,/# End radicale/d' "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
     systemctl restart nginx
 }
 
 function install_radicale {
     if [[ $ONION_ONLY == 'no' ]]; then
         # obtain a cert for the default domain
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+        if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
             echo $'Obtaining certificate for the main domain'
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
+            create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
         fi
     fi
 
@@ -368,7 +372,7 @@ function install_radicale {
     fi
 
     # get the source
-    cd /var/www/radicale
+    cd /var/www/radicale || exit 462874628
     wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
 
     # check the hash
@@ -383,7 +387,7 @@ function install_radicale {
         exit 623252
     fi
     rm Radicale-${RADICALE_VERSION}.tar.gz
-    cd Radicale-${RADICALE_VERSION}
+    cd "Radicale-${RADICALE_VERSION}" || exit 872462842
     python setup.py install
     if [ ! -f /usr/local/bin/radicale ]; then
         echo $'Radicale did not install'
@@ -398,52 +402,52 @@ function install_radicale {
     fi
 
     # create the configuration
-    echo '[server]' >  ${RADICALE_DIRECTORY}/config
-    echo 'hosts=localhost:52322' >> ${RADICALE_DIRECTORY}/config
-    echo 'ssl = False' >> ${RADICALE_DIRECTORY}/config
-    echo 'daemon = False' >> ${RADICALE_DIRECTORY}/config
-    echo 'base_prefix=/radicale/' >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[storage]' >> ${RADICALE_DIRECTORY}/config
-    echo 'type = filesystem' >> ${RADICALE_DIRECTORY}/config
-    echo "filesystem_folder = /var/www/radicale/collections" >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[well-known]' >> ${RADICALE_DIRECTORY}/config
-    echo "caldav = '/%(user)s/caldav/'" >> ${RADICALE_DIRECTORY}/config
-    echo "carddav = '/%(user)s/carddav/'" >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '#[auth]' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_hostname = localhost' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_port = 143' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_ssl = False' >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[logging]' >> ${RADICALE_DIRECTORY}/config
-    echo 'debug = False' >> ${RADICALE_DIRECTORY}/config
+    { echo '[server]';
+      echo 'hosts=localhost:52322';
+      echo 'ssl = False';
+      echo 'daemon = False';
+      echo 'base_prefix=/radicale/';
+      echo '';
+      echo '[storage]';
+      echo 'type = filesystem';
+      echo "filesystem_folder = /var/www/radicale/collections";
+      echo '';
+      echo '[well-known]';
+      echo "caldav = '/%(user)s/caldav/'";
+      echo "carddav = '/%(user)s/carddav/'";
+      echo '';
+      echo '#[auth]';
+      echo '#imap_hostname = localhost';
+      echo '#imap_port = 143';
+      echo '#imap_ssl = False';
+      echo '';
+      echo '[logging]';
+      echo 'debug = False'; } > "${RADICALE_DIRECTORY}/config"
 
     # create an admin password
     if [ ${#RADICALE_PASSWORD} -lt 8 ]; then
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
-            RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+            RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
     add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
 
-    echo '[Unit]' > /etc/systemd/system/radicale.service
-    echo 'Description=Radicale CalDAV Server' >> /etc/systemd/system/radicale.service
-    echo 'After=network.target' >> /etc/systemd/system/radicale.service
-    echo '' >> /etc/systemd/system/radicale.service
-    echo '[Service]' >> /etc/systemd/system/radicale.service
-    echo 'Type=simple' >> /etc/systemd/system/radicale.service
-    echo 'User=www-data' >> /etc/systemd/system/radicale.service
-    echo 'Group=www-data' >> /etc/systemd/system/radicale.service
-    echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config" >> /etc/systemd/system/radicale.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/radicale.service
-    echo 'RestartSec=10' >> /etc/systemd/system/radicale.service
-    echo '' >> /etc/systemd/system/radicale.service
-    echo '[Install]' >> /etc/systemd/system/radicale.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/radicale.service
+    { echo '[Unit]';
+      echo 'Description=Radicale CalDAV Server';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo 'Group=www-data';
+      echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/radicale.service
 
     addresses_str=$"Addresses"
     echo "{\"tag\": \"VADDRESSBOOK\", \"D:displayname\": \"${addresses_str}\"}" > /var/www/radicale/collections/addresses.props
@@ -461,107 +465,107 @@ function install_radicale {
     systemctl enable radicale
     systemctl start radicale
 
-    if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then
+    if [ ! -f "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" ]; then
         # create a new site config
         RADICALE_ONION_HOSTNAME=$(add_onion_service radicale 80 ${RADICALE_ONION_PORT})
 
         if [[ $ONION_ONLY == 'no' ]]; then
-            echo 'server {' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    listen 443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    #listen [::]:443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            { echo 'server {';
+              echo "    listen 443 ssl;";
+              echo "    #listen [::]:443 ssl;";
+              echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
             function_check nginx_ssl
-            nginx_ssl ${DEFAULT_DOMAIN_NAME} mobile
+            nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile
             function_check nginx_disable_sniffing
-            nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    server_name ${DEFAULT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
+            { echo '';
+              echo "    server_name ${DEFAULT_DOMAIN_NAME};";
 
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+              echo '';
+              echo '    access_log /dev/null;';
+              echo '    error_log /dev/null;';
+              echo '';
+              echo '    # Start radicale';
+              echo '    location @radicale {';
+              echo '        auth_basic "Radicale";';
+              echo '        auth_basic_user_file /var/www/radicale/users;';
+              echo '        proxy_pass http://localhost:52322;';
+              echo '        proxy_buffering off;';
+              echo "        proxy_set_header Host \$host;";
+              echo "        proxy_set_header X-Real-IP \$remote_addr;";
+              echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+              echo "        proxy_set_header X-Forwarded-Proto \$scheme;";
+              echo '    }';
+              echo '';
+              echo '    location /radicale {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '';
+              echo '    location /.well-known/carddav {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '';
+              echo '    location /.well-known/caldav {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '    # End radicale';
+              echo '}';
+              echo ''; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         else
-            echo -n '' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo -n '' > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         fi
-        echo 'server {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo "    listen localhost:${RADICALE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo "    server_name ${RADICALE_ONION_HOSTNAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        { echo 'server {';
+          echo "    listen localhost:${RADICALE_ONION_PORT} default_server;";
+          echo '';
+          echo "    server_name ${RADICALE_ONION_HOSTNAME};";
+          echo '';
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+          echo '    # Start radicale';
+          echo '    location @radicale {';
+          echo '        auth_basic "Radicale";';
+          echo '        auth_basic_user_file /var/www/radicale/users;';
+          echo '        proxy_pass http://localhost:52322;';
+          echo '        proxy_buffering off;';
+          echo "        proxy_set_header Host \$host;";
+          echo "        proxy_set_header X-Real-IP \$remote_addr;";
+          echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "        proxy_set_header X-Forwarded-Proto \$scheme;";
+          echo '    }';
+          echo '';
+          echo '    location /radicale {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '';
+          echo '    location /.well-known/carddav {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '';
+          echo '    location /.well-known/caldav {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '    # End radicale';
+          echo '}'; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
 
         set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}"
     else
         # alter the existing site config
-        if ! grep -q "# Start radicale" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
-            sed -i '/]:443/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file \/var\/www\/radicale\/users;\n    proxy_pass http:\/\/localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location \/radicale {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/carddav {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/caldav {\n      try_files $uri @radicale;\n  }\n  # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            sed -i '/listen localhost/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file \/var\/www\/radicale\/users;\n    proxy_pass http:\/\/localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location \/radicale {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/carddav {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/caldav {\n      try_files $uri @radicale;\n  }\n  # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        if ! grep -q "# Start radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"; then
+            sed -i "/]:443/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host \$host;\\n    proxy_set_header X-Real-IP \$remote_addr;\\n    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto \$scheme;\\n  }\\n\\n  location \\/radicale {\\n      try_files \$uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/carddav {\\n      try_files \$uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files \$uri @radicale;\\n  }\\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
+            sed -i "/listen localhost/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host \$host;\\n    proxy_set_header X-Real-IP \$remote_addr;\\n    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto \$scheme;\\n  }\\n\\n  location \\/radicale {\\n      try_files \$uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/carddav {\\n      try_files \$uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files \$uri @radicale;\\n  }\\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         fi
     fi
 
     # create a certificate
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-            ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --dhkey ${DH_KEYLENGTH}
-            check_certificates $DEFAULT_DOMAIN_NAME
+    if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
+        if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
+            "${PROJECT_NAME}-addcert" -h "$DEFAULT_DOMAIN_NAME" --dhkey "${DH_KEYLENGTH}"
+            check_certificates "$DEFAULT_DOMAIN_NAME"
         fi
     fi
 
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         sed -i "s|radicale.crt|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
         sed -i "s|radicale.pem|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
     fi
@@ -572,13 +576,13 @@ function install_radicale {
 
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
 
     # keep track of the version so we can check for upgrades
-    if ! grep -q "radicale version:" ${COMPLETION_FILE}; then
-        echo "radicale version:${RADICALE_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "radicale version:" "${COMPLETION_FILE}"; then
+        echo "radicale version:${RADICALE_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" "${COMPLETION_FILE}"
     fi
 
     APP_INSTALLED=1

src/freedombone-app-riot

@@ -76,39 +76,40 @@ function install_interactive_riot {
         RIOT_DETAILS_COMPLETE=
         while [ ! $RIOT_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Riot Web user interface for Matrix" \
-                       --form $"\nPlease enter your details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
+                       --form $"\\nPlease enter your details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
                        $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
                        $"Code:" 2 1 "$(grep 'RIOT_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Riot Web user interface for Matrix" \
-                       --form $"\nPlease enter your details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
+                       --form $"\\nPlease enter your details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
                        $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            RIOT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $RIOT_DOMAIN_NAME ]; then
+            RIOT_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$RIOT_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$RIOT_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $RIOT_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$RIOT_DOMAIN_NAME" ]]; then
                     RIOT_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        RIOT_CODE=$(cat $data | sed -n 2p)
+                        RIOT_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$RIOT_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             RIOT_DOMAIN_NAME=
                         fi
                     fi
@@ -117,6 +118,7 @@ function install_interactive_riot {
             if [ $RIOT_DOMAIN_NAME ]; then
                 RIOT_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -132,14 +134,14 @@ function reconfigure_riot {
 
 function riot_download {
     # download
-    if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then
-        wget ${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz -O $INSTALL_DIR/${RIOT_FILENAME}.tar.gz
+    if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
+        wget "${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz" -O "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz"
     fi
-    if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then
+    if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
         echo $'Unable to download Riot Web from releases'
         exit 62836
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 2468724628
 
     # check the hash
     curr_hash=$(sha256sum ${RIOT_FILENAME}.tar.gz | awk -F ' ' '{print $1}')
@@ -149,17 +151,17 @@ function riot_download {
     fi
 
     tar -xzvf ${RIOT_FILENAME}.tar.gz
-    if [ ! -d $INSTALL_DIR/${RIOT_FILENAME} ]; then
+    if [ ! -d "$INSTALL_DIR/${RIOT_FILENAME}" ]; then
         echo $'Unable to extract Riot Web tarball'
         exit 542826
     fi
-    cp -r $INSTALL_DIR/${RIOT_FILENAME}/* /var/www/$RIOT_DOMAIN_NAME/htdocs
+    cp -r "$INSTALL_DIR/${RIOT_FILENAME}/*" "/var/www/$RIOT_DOMAIN_NAME/htdocs"
 
-    chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$RIOT_DOMAIN_NAME/htdocs"
 }
 
 function upgrade_riot {
-    if ! grep -q 'riot version:' $COMPLETION_FILE; then
+    if ! grep -q 'riot version:' "$COMPLETION_FILE"; then
         return
     fi
 
@@ -171,7 +173,7 @@ function upgrade_riot {
     fi
 
     riot_download
-    sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" "${COMPLETION_FILE}"
     riot_remove_bad_links
 
     systemctl restart nginx
@@ -207,7 +209,7 @@ function remove_riot {
     fi
 
     remove_completion_param install_riot
-    sed -i '/riot /d' $COMPLETION_FILE
+    sed -i '/riot /d' "$COMPLETION_FILE"
 }
 
 function install_riot {
@@ -216,7 +218,7 @@ function install_riot {
     fi
 
     # check that matrix has been installed
-    if [ ! $MATRIX_DOMAIN_NAME ]; then
+    if [ ! "$MATRIX_DOMAIN_NAME" ]; then
         exit 687292
     fi
     if [[ "$MATRIX_DOMAIN_NAME" != *'.'* ]]; then
@@ -235,32 +237,32 @@ function install_riot {
         mkdir -p /var/www/$RIOT_DOMAIN_NAME/htdocs
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
 
     riot_download
 
-    cd /var/www/$RIOT_DOMAIN_NAME/htdocs
+    cd "/var/www/$RIOT_DOMAIN_NAME/htdocs" || exit 4628462876
 
-    if [[ $ONION_ONLY == 'no' ]]; then
+    if [[ "$ONION_ONLY" == 'no' ]]; then
         riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
         cp config.sample.json $riot_config_file
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file
-        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
+        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," "$riot_config_file"
     else
         riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
-        cp config.sample.json $riot_config_file
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file
-        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file
+        cp config.sample.json "$riot_config_file"
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
+        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," "$riot_config_file"
     fi
-    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file
-    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file
-    sed -i 's|https://piwik.riot.im/||g' $riot_config_file
+    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" "$riot_config_file"
+    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" "$riot_config_file"
+    sed -i 's|https://piwik.riot.im/||g' "$riot_config_file"
 
     RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
 
@@ -268,68 +270,68 @@ function install_riot {
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         nginx_http_redirect $RIOT_DOMAIN_NAME
-        echo 'server {' >> $riot_nginx_site
-        echo '  listen 443 ssl;' >> $riot_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $riot_nginx_site
-        echo "  server_name $RIOT_DOMAIN_NAME;" >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Security' >> $riot_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $RIOT_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> $riot_nginx_site
         function_check nginx_ssl
         nginx_ssl $RIOT_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $RIOT_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Logs' >> $riot_nginx_site
-        echo '  access_log /dev/null;' >> $riot_nginx_site
-        echo '  error_log /dev/null;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Root' >> $riot_nginx_site
-        echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  index index.html;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  location / {' >> $riot_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.html;';
+          echo '';
+          echo '  location / {'; } >> $riot_nginx_site
         function_check nginx_limits
         nginx_limits $RIOT_DOMAIN_NAME '15m'
-        echo '  }' >> $riot_nginx_site
-        echo '}' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
+        { echo '  }';
+          echo '}';
+          echo ''; } >> $riot_nginx_site
     else
         echo -n '' > $riot_nginx_site
     fi
-    echo 'server {' >> $riot_nginx_site
-    echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;" >> $riot_nginx_site
-    echo "    server_name $RIOT_ONION_HOSTNAME;" >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;";
+      echo "    server_name $RIOT_ONION_HOSTNAME;";
+      echo ''; } >> $riot_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $RIOT_DOMAIN_NAME
-    echo '' >> $riot_nginx_site
-    echo '  # Logs' >> $riot_nginx_site
-    echo '  access_log /dev/null;' >> $riot_nginx_site
-    echo '  error_log /dev/null;' >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  # Root' >> $riot_nginx_site
-    echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  index index.html;' >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  location / {' >> $riot_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo '  location / {'; } >> $riot_nginx_site
     function_check nginx_limits
     nginx_limits $RIOT_DOMAIN_NAME '15m'
-    echo '  }' >> $riot_nginx_site
-    echo '}' >> $riot_nginx_site
+    echo '  }' >> "$riot_nginx_site"
+    echo '}' >> "$riot_nginx_site"
 
-    sed '/Content-Security-Policy/d' $riot_nginx_site
-    sed -i 's| DENY;| SAMEORIGIN;|g' $riot_nginx_site
-    sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' $riot_nginx_site
-    sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' $riot_nginx_site
+    sed '/Content-Security-Policy/d' "$riot_nginx_site"
+    sed -i 's| DENY;| SAMEORIGIN;|g' "$riot_nginx_site"
+    sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' "$riot_nginx_site"
+    sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' "$riot_nginx_site"
 
     function_check create_site_certificate
-    if [ ! -f /etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem ]; then
-        create_site_certificate $RIOT_DOMAIN_NAME 'yes'
+    if [ ! -f "/etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem" ]; then
+        create_site_certificate "$RIOT_DOMAIN_NAME" 'yes'
     fi
 
     function_check nginx_ensite
@@ -344,10 +346,10 @@ function install_riot {
     systemctl restart nginx
 
     set_completion_param "riot domain" "$RIOT_DOMAIN_NAME"
-    if ! grep -q "riot version:" ${COMPLETION_FILE}; then
-        echo "riot version:${RIOT_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "riot version:" "${COMPLETION_FILE}"; then
+        echo "riot version:${RIOT_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" "${COMPLETION_FILE}"
     fi
     APP_INSTALLED=1
 }

src/freedombone-app-rss

@@ -62,12 +62,13 @@ function logging_off_rss {
 }
 
 function remove_user_rss {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_rss {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
@@ -77,26 +78,27 @@ function install_interactive_rss {
 }
 
 function change_password_rss {
-    curr_username="$1"
-    new_user_password="$2"
+    echo -n ''
+#    curr_username="$1"
+#    new_user_password="$2"
 
     #${PROJECT_NAME}-pass -u "$curr_username" -a rss -p "$new_user_password"
 }
 
 function rss_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        RSS_READER_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
-            RSS_READER_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
+            RSS_READER_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
+    if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
+    create_database ttrss "$RSS_READER_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_rss {
@@ -131,8 +133,8 @@ function upgrade_rss {
         # remove any previous install
         if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
             if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
-                sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-                sed -i '/rss mobile reader commit/d' $COMPLETION_FILE
+                sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
+                sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
                 rm -rf $RSS_READER_PATH/g2ttree-mobile
             fi
         fi
@@ -184,6 +186,7 @@ function restore_local_rss {
                 fi
                 cp -r $temp_restore_dir/* /etc/share/tt-rss/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -193,12 +196,12 @@ function restore_local_rss {
                 exit 528823
             fi
             if [ -d /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME} ]; then
-                ln -s /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${2}.key
-                ln -s /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${2}.pem
+                ln -s "/etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${2}.key"
+                ln -s "/etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${2}.pem"
             else
                 # Ensure that the bundled SSL cert is being used
                 if [ -f /etc/ssl/certs/${RSS_READER_DOMAIN_NAME}.bundle.crt ]; then
-                    sed -i "s|${RSS_READER_DOMAIN_NAME}.crt|${RSS_READER_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${2}
+                    sed -i "s|${RSS_READER_DOMAIN_NAME}.crt|${RSS_READER_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${2}"
                 fi
             fi
         fi
@@ -207,14 +210,14 @@ function restore_local_rss {
     function_check rss_modifications
     rss_modifications
 
-    if [ -d $USB_MOUNT/backup/ttrss ]; then
+    if [ -d "$USB_MOUNT/backup/ttrss" ]; then
         chown -R www-data:www-data /etc/share/tt-rss
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
     fi
 
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
     sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
     MARIADB_PASSWORD=
 }
@@ -245,7 +248,7 @@ function backup_remote_rss {
 
 function restore_remote_rss {
     temp_restore_dir=/root/tempttrss
-    if grep -q "rss reader domain" $COMPLETION_FILE; then
+    if grep -q "rss reader domain" "$COMPLETION_FILE"; then
         echo $"Restoring ttrss"
         function_check get_mariadb_password
         get_mariadb_password
@@ -263,6 +266,7 @@ function restore_remote_rss {
                 fi
                 cp -r $temp_restore_dir/* /etc/share/tt-rss/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 6391
             fi
@@ -280,14 +284,14 @@ function restore_remote_rss {
         function_check rss_modifications
         rss_modifications
 
-        if [ -d $SERVER_DIRECTORY/backup/ttrss ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/ttrss" ]; then
             chown -R www-data:www-data /etc/share/tt-rss
         fi
         if [ -d /root/tempttrss ]; then
             rm -rf /root/tempttrss
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
         MARIADB_PASSWORD=
 
@@ -313,9 +317,9 @@ function remove_rss {
     function_check drop_database
     drop_database ttrss
     remove_completion_param install_rss
-    sed -i '/RSS /d' $COMPLETION_FILE
-    sed -i '/rss /d' $COMPLETION_FILE
-    sed -i '/rss_/d' $COMPLETION_FILE
+    sed -i '/RSS /d' "$COMPLETION_FILE"
+    sed -i '/rss /d' "$COMPLETION_FILE"
+    sed -i '/rss_/d' "$COMPLETION_FILE"
     remove_backup_database_local ttrss
 }
 
@@ -329,15 +333,15 @@ function rss_modifications {
 
     # ensure that socks5 proxy is used
     if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/plugins/af_unburn/init.php; then
-        sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
+        sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/plugins/af_unburn/init.php"
         rss_modified=1
     fi
     if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/include/functions.php; then
-        sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
+        sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/include/functions.php"
         rss_modified=1
     fi
     if [ $rss_modified ]; then
-        cd $RSS_READER_PATH
+        cd $RSS_READER_PATH || exit 564286428
         git commit -a -m"Modify for Tor proxying"
     fi
     chown -R www-data:www-data $RSS_READER_PATH
@@ -358,12 +362,12 @@ function install_rss_main {
     if [ ! -d /etc/share ]; then
         mkdir /etc/share
     fi
-    cd /etc/share
+    cd /etc/share || exit 46284628
 
     if [ -d /repos/rss ]; then
         mkdir tt-rss
         cp -r -p /repos/rss/. tt-rss
-        cd tt-rss
+        cd tt-rss || exit 462846822
         git pull
     else
         function_check git_clone
@@ -374,7 +378,7 @@ function install_rss_main {
         echo $'Could not clone RSS reader repo'
         exit 52925
     fi
-    cd $RSS_READER_PATH
+    cd $RSS_READER_PATH || exit 42479825792593
     git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
     set_completion_param "rss reader commit" "$RSS_READER_COMMIT"
 
@@ -397,151 +401,151 @@ function install_rss_main {
     USE_V2_ONION_ADDRESS=1
     RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT})
 
-    echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;";
+      echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;";
+      echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /etc/share/ttrss-mobile;';
+      echo '  index index.html index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    try_files \$uri \$uri/ @ttrss;";
+      echo '  }';
+      echo '  location /tt-rss {';
+      echo "    try_files \$uri \$uri/ @ttrss_base;";
+      echo '  }';
+      echo '';
+      echo '  location @ttrss {';
+      echo "    rewrite ^(.*)\$ /index.html?p=\$1 last;";
+      echo '  }';
+      echo '  location @ttrss_base {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Permitted-Cross-Domain-Policies none;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  client_max_body_size 15m;';
+      echo '}';
+      echo '';
+      echo 'server {';
+      echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;";
+      echo "  server_name $RSS_READER_ONION_HOSTNAME;";
+      echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /etc/share/tt-rss;';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo "  set \$mobile_rewrite do_not_perform;";
+      echo '';
+      echo '  ## chi http_user_agent for mobile / smart phones ##';
+      echo "  if (\$http_user_agent ~* \"(android|bb\\d+|meego).+mobile|avantgo|bada\\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino\") {";
+      echo "    set \$mobile_rewrite perform;";
+      echo '  }';
+      echo '';
+      echo "  if (\$http_user_agent ~* \"^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\\-(n|u)|c55\\/|capi|ccwa|cdm\\-|cell|chtm|cldc|cmd\\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\\-s|devi|dica|dmob|do(c|p)o|ds(12|\\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\\-|_)|g1 u|g560|gene|gf\\-5|g\\-mo|go(\\.w|od)|gr(ad|un)|haie|hcit|hd\\-(m|p|t)|hei\\-|hi(pt|ta)|hp( i|ip)|hs\\-c|ht(c(\\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\\-(20|go|ma)|i230|iac( |\\-|\\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\\/)|klon|kpt |kwc\\-|kyo(c|k)|le(no|xi)|lg( g|\\/(k|l|u)|50|54|\\-[a-w])|libw|lynx|m1\\-w|m3ga|m50\\/|ma(te|ui|xo)|mc(01|21|ca)|m\\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\\-2|po(ck|rt|se)|prox|psio|pt\\-g|qa\\-a|qc(07|12|21|32|60|\\-[2-7]|i\\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\\-|oo|p\\-)|sdk\\/|se(c(\\-|0|1)|47|mc|nd|ri)|sgh\\-|shar|sie(\\-|m)|sk\\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\\-|v\\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\\-|tdg\\-|tel(i|m)|tim\\-|t\-mo|to(pl|sh)|ts(70|m\\-|m3|m5)|tx\\-9|up(\\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\\-|your|zeto|zte\\-)\") {";
+      echo "    set \$mobile_rewrite perform;";
+      echo '  }';
+      echo '';
+      echo "  if (\$mobile_rewrite = perform) {";
+      echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;";
+      echo '    break;';
+      echo '  }';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    try_files \$uri \$uri/ @ttrss;";
+      echo '  }';
+      echo '';
+      echo '  location @ttrss {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Permitted-Cross-Domain-Policies none;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  client_max_body_size 15m;';
+      echo '}'; } > "/etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME"
 
     if [ ! -f $RSS_READER_PATH/config.php ]; then
         # generate a config file
         RSS_FEED_CRYPT_KEY="$(create_password 24)"
-        echo '<?php' > $RSS_READER_PATH/config.php
-        echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php
-        echo "  define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php
-        echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php
-        echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php
-        echo "  define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php
-        echo "  define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php
-        echo "  define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php
-        echo "  define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-        echo "  define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-        echo "  define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php
-        echo "  define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php
-        echo "  define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php
-        echo "  define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php
-        echo "  define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php
-        echo "  define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php
-        echo "  define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php
-        echo "  define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php
-        echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php
-        echo "  define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php
-        echo "  define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php
+        { echo '<?php';
+          echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');";
+          echo "  define('DB_TYPE', 'mysql');";
+          echo "  define('DB_HOST', 'localhost');";
+          echo "  define('DB_USER', 'root');";
+          echo "  define('DB_NAME', 'ttrss');";
+          echo "  define('DB_PASS', '${MARIADB_PASSWORD}');";
+          echo "  define('DB_PORT', '3306');";
+          echo "  define('MYSQL_CHARSET', 'UTF8');";
+          echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');";
+          echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');";
+          echo "  define('SINGLE_USER_MODE', false);";
+          echo "  define('SIMPLE_UPDATE_MODE', false);";
+          echo "  define('PHP_EXECUTABLE', '/usr/bin/php');";
+          echo "  define('LOCK_DIRECTORY', 'lock');";
+          echo "  define('CACHE_DIR', 'cache');";
+          echo "  define('ICONS_DIR', \"feed-icons\");";
+          echo "  define('ICONS_URL', \"feed-icons\");";
+          echo "  define('AUTH_AUTO_CREATE', true);";
+          echo "  define('AUTH_AUTO_LOGIN', true);";
+          echo "  define('FORCE_ARTICLE_PURGE', 0);";
+          echo "  define('PUBSUBHUBBUB_HUB', '');";
+          echo "  define('PUBSUBHUBBUB_ENABLED', false);";
+          echo "  define('SPHINX_SERVER', 'localhost:9312');";
+          echo "  define('SPHINX_INDEX', 'ttrss, delta');";
+          echo "  define('ENABLE_REGISTRATION', false);";
+          echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');";
+          echo "  define('REG_MAX_USERS', 10);";
+          echo "  define('SESSION_COOKIE_LIFETIME', 86400);";
+          echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');";
+          echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');";
+          echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');";
+          echo "  define('SMTP_SERVER', '');";
+          echo "  define('SMTP_LOGIN', '');";
+          echo "  define('SMTP_PASSWORD', '');";
+          echo "  define('SMTP_SECURE', '');";
+          echo "  define('CHECK_FOR_UPDATES', false);";
+          echo "  define('ENABLE_GZIP_OUTPUT', false);";
+          echo "  define('PLUGINS', 'auth_internal, note, gnusocial');";
+          echo "  define('LOG_DESTINATION', 'sql');";
+          echo "  define('CONFIG_VERSION', 26);"; } > $RSS_READER_PATH/config.php
     fi
 
     # initialize the database
@@ -569,28 +573,28 @@ function install_rss_main {
     systemctl restart nginx
 
     # daemon to update feeds
-    echo '[Unit]' > /etc/systemd/system/ttrss.service
-    echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
-    echo 'After=network.target mariadb.service' >> /etc/systemd/system/ttrss.service
-    echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
-    echo '' >> /etc/systemd/system/ttrss.service
-    echo '[Service]' >> /etc/systemd/system/ttrss.service
-    echo 'User=www-data' >> /etc/systemd/system/ttrss.service
-    echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service
-    echo '' >> /etc/systemd/system/ttrss.service
-    echo '[Install]' >> /etc/systemd/system/ttrss.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service
+    { echo '[Unit]';
+      echo 'Description=ttrss_backend';
+      echo 'After=network.target mariadb.service';
+      echo 'After=tor.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=www-data';
+      echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ttrss.service
     systemctl enable ttrss
     systemctl daemon-reload
     systemctl start ttrss
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a rss -p "$RSS_READER_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a rss -p "$RSS_READER_ADMIN_PASSWORD"
 
     install_completed rss_main
 }
 
 function install_rss_gnusocial {
-    if [ ! $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ ! "$GNUSOCIAL_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -604,23 +608,23 @@ function install_rss_gnusocial {
     set_repo_commit $RSS_READER_GNUSOCIAL_PATH "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" $RSS_READER_GNUSOCIAL_REPO
     chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 7246284
     function_check git_clone
     git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial
-    if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then
+    if [ ! -d "$INSTALL_DIR/ttrss-gnusocial" ]; then
         echo $'Could not clone repo for RSS reader gnusocial plugin'
         exit 52838
     fi
-    cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH
-    cd $RSS_READER_GNUSOCIAL_PATH
+    cp -r "$INSTALL_DIR/ttrss-gnusocial" $RSS_READER_GNUSOCIAL_PATH
+    cd "$RSS_READER_GNUSOCIAL_PATH" || exit 782462424
     git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
     set_completion_param "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT"
     chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
@@ -642,22 +646,22 @@ function install_rss_mobile_reader {
     # remove any previous install
     if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
         if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
-            sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-            sed -i '/rss mobile reader commit/d' $COMPLETION_FILE
+            sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
+            sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
             rm -rf $RSS_READER_PATH/g2ttree-mobile
         fi
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
-    cd /etc/share
+    cd /etc/share || exit 7498264462
 
     if [ -d /repos/rss-mobile ]; then
         mkdir ttrss-mobile
         cp -r -p /repos/rss-mobile/. ttrss-mobile
-        cd ttrss-mobile
+        cd ttrss-mobile || exit 462846284682
         git pull
     else
         function_check git_clone
@@ -668,7 +672,7 @@ function install_rss_mobile_reader {
         echo $'Could not clone RSS mobile reader repo'
         exit 24816
     fi
-    cd $RSS_MOBILE_READER_PATH
+    cd "$RSS_MOBILE_READER_PATH" || exit 462846246824
     git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
     set_completion_param "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT"
 

src/freedombone-app-scuttlebot

@@ -61,39 +61,44 @@ function scuttlebot_create_invite {
     invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')
 
     clear
-    echo -e '\n\nYour Scuttlebot invite code is:\n\n'${invite_string}'\n\n'
+    echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n"
+    # shellcheck disable=SC2034
     read -n1 -r -p $"Press any key to continue..." key
 }
 
 function configure_interactive_scuttlebot {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Scuttlebot" \
                --radiolist $"Choose an operation:" 10 50 2 \
                1 $"Create an invite" off \
-               2 $"Exit" on 2> $data
+               2 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) scuttlebot_create_invite;;
-            2) break;;
+            2) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function remove_user_scuttlebot {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_scuttlebot {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
@@ -109,8 +114,8 @@ function install_interactive_scuttlebot {
 }
 
 function change_password_scuttlebot {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
@@ -123,7 +128,7 @@ function reconfigure_scuttlebot {
 }
 
 function upgrade_scuttlebot {
-    if ! grep -q 'scuttlebot version:' $COMPLETION_FILE; then
+    if ! grep -q 'scuttlebot version:' $"COMPLETION_FILE"; then
         return
     fi
 
@@ -134,11 +139,10 @@ function upgrade_scuttlebot {
         return
     fi
 
-    npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save
-    if [ ! "$?" = "0" ]; then
+    if ! npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save; then
         return
     fi
-    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
+    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
 }
 
 function backup_local_scuttlebot {
@@ -218,71 +222,72 @@ function remove_scuttlebot {
     fi
 
     remove_completion_param install_scuttlebot
-    sed -i '/scuttlebot /d' $COMPLETION_FILE
+    sed -i '/scuttlebot /d' "$COMPLETION_FILE"
 }
 
 function git_ssb_script {
     if [[ "$1" == "mesh" ]]; then
+        # shellcheck disable=SC2154
         git_ssb_script_name=$rootdir/usr/bin/git-ssb-create
         git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service
     else
         git_ssb_script_name=/usr/bin/git-ssb-create
         git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service
     fi
-    echo '#!/bin/bash' > $git_ssb_script_name
-    echo 'reponame="$1"' >> $git_ssb_script_name
-    echo '' >> $git_ssb_script_name
-    echo 'if [[ "$reponame" != "" ]]; then' >> $git_ssb_script_name
-    echo '  mkdir $reponame' >> $git_ssb_script_name
-    echo '  cd $reponame' >> $git_ssb_script_name
-    echo '  git init' >> $git_ssb_script_name
-    echo '  git ssb create ssb $reponame' >> $git_ssb_script_name
-    echo '  git push --tags ssb master' >> $git_ssb_script_name
-    echo 'fi' >> $git_ssb_script_name
-    echo 'exit 0' >> $git_ssb_script_name
+    { echo '#!/bin/bash';
+      echo "reponame=\"\$1\"";
+      echo '';
+      echo "if [[ \"\$reponame\" != \"\" ]]; then";
+      echo "  mkdir \$reponame";
+      echo "  cd \$reponame";
+      echo '  git init';
+      echo "  git ssb create ssb \$reponame";
+      echo '  git push --tags ssb master';
+      echo 'fi';
+      echo 'exit 0'; } > $git_ssb_script_name
     chmod +x $git_ssb_script_name
 
-    echo '[Unit]' > $git_ssb_daemon_filename
-    echo 'Description=Git SSB (SSB git web interface)' >> $git_ssb_daemon_filename
-    echo 'After=syslog.target' >> $git_ssb_daemon_filename
-    echo 'After=network.target' >> $git_ssb_daemon_filename
-    echo 'After=scuttlebot.target' >> $git_ssb_daemon_filename
-    echo '' >> $git_ssb_daemon_filename
-    echo '[Service]' >> $git_ssb_daemon_filename
-    echo 'Type=simple' >> $git_ssb_daemon_filename
-    echo 'User=scuttlebot' >> $git_ssb_daemon_filename
-    echo 'Group=scuttlebot' >> $git_ssb_daemon_filename
-    echo "WorkingDirectory=/etc/scuttlebot" >> $git_ssb_daemon_filename
-    echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT" >> $git_ssb_daemon_filename
-    echo 'Restart=always' >> $git_ssb_daemon_filename
-    echo 'Environment="USER=scuttlebot"' >> $git_ssb_daemon_filename
-    echo '' >> $git_ssb_daemon_filename
-    echo '[Install]' >> $git_ssb_daemon_filename
-    echo 'WantedBy=multi-user.target' >> $git_ssb_daemon_filename
+    { echo '[Unit]';
+      echo 'Description=Git SSB (SSB git web interface)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=scuttlebot.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT";
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $git_ssb_daemon_filename
 }
 
 function scuttlebot_git_setup {
     if [[ "$1" == "mesh" ]]; then
-        if [ ! -d $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then
-            mkdir $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight
+        if [ ! -d "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
+            mkdir "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
         fi
-        if [ ! -f $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then
+        if [ ! -f "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
             echo $'Could not find foundation.css'
             exit 347687245
         fi
-        cp $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css
+        cp "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"
 
         git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
-        echo 'server {' > $git_ssb_nginx_site
-        echo "  listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site
-        echo "  server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
-        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
-        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
-        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
+        { echo 'server {';
+          echo "  listen $NGINX_GIT_SSB_PORT default_server;";
+          echo "  server_name P${PEER_ID}.local;";
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  add_header X-XSS-Protection "1; mode=block";';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header X-Frame-Options SAMEORIGIN;'; } > "$git_ssb_nginx_site"
     else
         if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then
             exit 7357225
@@ -300,15 +305,15 @@ function scuttlebot_git_setup {
         git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
         function_check nginx_http_redirect
         nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
-        echo 'server {' >> $git_ssb_nginx_site
-        echo '  listen 443 ssl;' >> $git_ssb_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $git_ssb_nginx_site
-        echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;";
+          echo ''; } >> $git_ssb_nginx_site
         function_check nginx_compress
         nginx_compress $SCUTTLEBOT_DOMAIN_NAME
-        echo '' >> $git_ssb_nginx_site
-        echo '  # Security' >> $git_ssb_nginx_site
+        echo '' >> "$git_ssb_nginx_site"
+        echo '  # Security' >> "$git_ssb_nginx_site"
         function_check nginx_ssl
         nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
 
@@ -316,45 +321,45 @@ function scuttlebot_git_setup {
         nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
     fi
 
-    echo '' >> $git_ssb_nginx_site
-    echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site
-    echo '' >> $git_ssb_nginx_site
-    echo '  location = / {' >> $git_ssb_nginx_site
-    echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
-    echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
-    echo '  }' >> $git_ssb_nginx_site
-    echo '}' >> $git_ssb_nginx_site
+    { echo '';
+      echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+      echo '';
+      echo '  location = / {';
+      echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '}'; } >> $git_ssb_nginx_site
 
-    if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then
-        echo '' >> $git_ssb_nginx_site
-        echo 'server {' >> $git_ssb_nginx_site
-        echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site
-        echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
-        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
-        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
-        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  location = / {' >> $git_ssb_nginx_site
-        echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
-        echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
-        echo '  }' >> $git_ssb_nginx_site
-        echo '}' >> $git_ssb_nginx_site
+    if [ "$SCUTTLEBOT_ONION_HOSTNAME" ]; then
+        { echo '';
+          echo 'server {';
+          echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;";
+          echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};";
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  add_header X-XSS-Protection "1; mode=block";';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header X-Frame-Options SAMEORIGIN;';
+          echo '';
+          echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+          echo '';
+          echo '  location = / {';
+          echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection upgrade;';
+          echo '  }';
+          echo '}'; } >> $git_ssb_nginx_site
     fi
     if [[ "$1" != "mesh" ]]; then
         nginx_ensite git_ssb
@@ -364,23 +369,23 @@ function scuttlebot_git_setup {
 function mesh_install_dat {
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_dat
+    cat <<EOF > "$rootdir/usr/bin/install_dat"
 #!/bin/bash
 npm install --arch=$NPM_ARCH -g dat
 npm install --arch=$NPM_ARCH -g @garbados/dat-boi
 npm install --arch=$NPM_ARCH -g add-to-systemd
-add-to-systemd dat-boi --user $(whoami) `which dat-boi`
+add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
 EOF
     chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat
     chroot "$rootdir" /usr/bin/install_dat
-    rm $rootdir/usr/bin/install_dat
+    rm "$rootdir/usr/bin/install_dat"
 }
 
 function install_dat {
     npm install -g dat
     npm install -g @garbados/dat-boi
     npm install -g add-to-systemd
-    add-to-systemd dat-boi --user $(whoami) `which dat-boi`
+    add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
 }
 
 function mesh_install_scuttlebot {
@@ -390,7 +395,7 @@ function mesh_install_scuttlebot {
 
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_scuttlebot
+    cat <<EOF > "$rootdir/usr/bin/install_scuttlebot"
 #!/bin/bash
 npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION}
 npm install --arch=$NPM_ARCH -g git-ssb
@@ -398,37 +403,37 @@ npm install --arch=$NPM_ARCH -g git-remote-ssb
 EOF
     chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
     chroot "$rootdir" /usr/bin/install_scuttlebot
-    rm $rootdir/usr/bin/install_scuttlebot
+    rm "$rootdir/usr/bin/install_scuttlebot"
 
-    if [ ! -f $rootdir/usr/local/bin/sbot ]; then
+    if [ ! -f "$rootdir/usr/local/bin/sbot" ]; then
         echo $'Scuttlebot was not installed'
         exit 528253
     fi
 
-    if [ ! -d $rootdir/etc/scuttlebot ]; then
-        mkdir -p $rootdir/etc/scuttlebot
+    if [ ! -d "$rootdir/etc/scuttlebot" ]; then
+        mkdir -p "$rootdir/etc/scuttlebot"
     fi
 
     # an unprivileged user to run as
     chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot
 
     # daemon
-    echo '[Unit]' > $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Description=Scuttlebot (messaging system)' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Type=simple' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'User=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Group=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo "WorkingDirectory=/etc/scuttlebot" >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'ExecStart=/usr/local/bin/sbot server' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Restart=always' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Environment="USER=scuttlebot"' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service
+    { echo '[Unit]';
+      echo 'Description=Scuttlebot (messaging system)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/scuttlebot.service"
 
     scuttlebot_git_setup mesh
     git_ssb_script mesh
@@ -455,22 +460,22 @@ function install_scuttlebot {
     useradd -d /etc/scuttlebot/ scuttlebot
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/scuttlebot.service
-    echo 'Description=Scuttlebot (messaging system)' >> /etc/systemd/system/scuttlebot.service
-    echo 'After=syslog.target' >> /etc/systemd/system/scuttlebot.service
-    echo 'After=network.target' >> /etc/systemd/system/scuttlebot.service
-    echo '' >> /etc/systemd/system/scuttlebot.service
-    echo '[Service]' >> /etc/systemd/system/scuttlebot.service
-    echo 'Type=simple' >> /etc/systemd/system/scuttlebot.service
-    echo 'User=scuttlebot' >> /etc/systemd/system/scuttlebot.service
-    echo 'Group=scuttlebot' >> /etc/systemd/system/scuttlebot.service
-    echo "WorkingDirectory=/etc/scuttlebot" >> /etc/systemd/system/scuttlebot.service
-    echo 'ExecStart=/usr/local/bin/sbot server' >> /etc/systemd/system/scuttlebot.service
-    echo 'Restart=always' >> /etc/systemd/system/scuttlebot.service
-    echo 'Environment="USER=scuttlebot"' >> /etc/systemd/system/scuttlebot.service
-    echo '' >> /etc/systemd/system/scuttlebot.service
-    echo '[Install]' >> /etc/systemd/system/scuttlebot.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/scuttlebot.service
+    { echo '[Unit]';
+      echo 'Description=Scuttlebot (messaging system)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/scuttlebot.service
 
     chown -R scuttlebot:scuttlebot /etc/scuttlebot
 
@@ -489,24 +494,24 @@ function install_scuttlebot {
         exit 73528
     fi
 
-    echo '{' > /etc/scuttlebot/.ssb/config
-    echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\"," >> /etc/scuttlebot/.ssb/config
-    echo "  \"port\": ${SCUTTLEBOT_PORT}," >> /etc/scuttlebot/.ssb/config
-    echo '  "timeout": 30000,' >> /etc/scuttlebot/.ssb/config
-    echo '  "pub": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "local": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "friends": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "dunbar": 150,' >> /etc/scuttlebot/.ssb/config
-    echo '    "hops": 3' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "gossip": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "connections": 2' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "master": [],' >> /etc/scuttlebot/.ssb/config
-    echo '  "logging": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "level": "error"' >> /etc/scuttlebot/.ssb/config
-    echo '  }' >> /etc/scuttlebot/.ssb/config
-    echo '}' >> /etc/scuttlebot/.ssb/config
+    { echo '{';
+      echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
+      echo "  \"port\": ${SCUTTLEBOT_PORT},";
+      echo '  "timeout": 30000,';
+      echo '  "pub": true,';
+      echo '  "local": true,';
+      echo '  "friends": {';
+      echo '    "dunbar": 150,';
+      echo '    "hops": 3';
+      echo '  },';
+      echo '  "gossip": {';
+      echo '    "connections": 2';
+      echo '  },';
+      echo '  "master": [],';
+      echo '  "logging": {';
+      echo '    "level": "error"';
+      echo '  }';
+      echo '}'; } > /etc/scuttlebot/.ssb/config
     chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
     systemctl restart scuttlebot.service
 
@@ -527,10 +532,10 @@ function install_scuttlebot {
 
     systemctl restart nginx
 
-    if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then
-        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "scuttlebot version:" "${COMPLETION_FILE}"; then
+        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
     fi
 
     APP_INSTALLED=1

src/freedombone-app-syncthing

@@ -66,12 +66,12 @@ function syncthing_create_ids_file {
 
     SYNCTHING_ID=$(cat ~/.syncthing-server-id)
     if [ ! -f $SYNCTHING_CONFIG_FILE ]; then
-        echo $'# Your syncthing configuration file' > $SYNCTHING_CONFIG_FILE
-        echo '#' >> $SYNCTHING_CONFIG_FILE
-        echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID" >> $SYNCTHING_CONFIG_FILE
-        echo '#' >> $SYNCTHING_CONFIG_FILE
-        echo '# Paste the IDs of your devices below' >> $SYNCTHING_CONFIG_FILE
-        echo '#' >> $SYNCTHING_CONFIG_FILE
+        { echo $'# Your syncthing configuration file';
+          echo '#';
+          echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID";
+          echo '#';
+          echo '# Paste the IDs of your devices below';
+          echo '#'; } > $SYNCTHING_CONFIG_FILE
     fi
 }
 
@@ -94,12 +94,13 @@ function syncthing_show_id {
     SYNCTHING_ID=$(cat ~/.syncthing-server-id)
     dialog --title $"Device ID for ${PROJECT_NAME}" \
            --backtitle $"Freedombone User Control Panel" \
-           --msgbox $"In a desktop terminal press shift and select the ID below,\nthen right click and copy.\n\nWithin Connectbot select Menu/Copy and then highlight the ID below\n\n$SYNCTHING_ID\n\nAlternatively press Enter to display a QR code which can be scanned." 13 78
+           --msgbox $"In a desktop terminal press shift and select the ID below,\\nthen right click and copy.\\n\\nWithin Connectbot select Menu/Copy and then highlight the ID below\\n\\n$SYNCTHING_ID\\n\\nAlternatively press Enter to display a QR code which can be scanned." 13 78
     clear
     echo $'Your Syncthing ID code'
     echo ''
     echo -n "$SYNCTHING_ID" | qrencode -t UTF8
     echo ''
+    # shellcheck disable=SC2034
     read -n1 -rsp $"Press any key to continue..." key
 }
 
@@ -110,21 +111,23 @@ function syncthing_add_id {
 
     syncthing_create_ids_file
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Add a Syncthing device ID" \
            --form $"Paste the device ID for your laptop/desktop/netbook/phone/tablet below" 9 80 2 \
            $"Device ID:" 1 1 "" 1 26 80 80 \
            $"Description (optional):" 2 1 "" 2 26 80 80 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p)
-    SYNCTHING_DESCRIPTION=$(cat $data | sed -n 2p)
+    SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
+    SYNCTHING_DESCRIPTION=$(sed -n 2p < "$data")
+    rm -f "$data"
 
     if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
         return
@@ -164,19 +167,21 @@ function syncthing_remove_id {
 
     syncthing_create_ids_file
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Remove a Syncthing device ID" \
            --form $"Paste the device ID which is to be removed below" 8 80 1 \
            $"Device ID:" 1 1 "" 1 14 80 80 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p)
+    SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
+    rm -f "$data"
 
     if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
         return
@@ -212,8 +217,7 @@ function run_client_syncthing {
 
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"File Synchronization" \
                --radiolist $"Choose an operation:" 12 70 6 \
@@ -221,19 +225,23 @@ function run_client_syncthing {
                2 $"Add an ID for another machine or device" off \
                3 $"Remove an ID for another machine or device" off \
                4 $"Manually edit device IDs" off \
-               5 $"Back to main menu" on 2> $data
+               5 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) syncthing_show_id;;
             2) syncthing_add_id;;
             3) syncthing_remove_id;;
             4) syncthing_manual_edit;;
-            5) break;;
+            5) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -260,21 +268,21 @@ function backup_local_syncthing {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
         fi
@@ -288,7 +296,7 @@ function restore_local_syncthing {
     fi
 
     temp_restore_dir=/root/tempsyncthing
-    if [ -d $USB_MOUNT/backup/syncthingconfig ]; then
+    if [ -d "$USB_MOUNT/backup/syncthingconfig" ]; then
         echo $"Restoring syncthing configuration"
         function_check restore_directory_from_usb
         restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
@@ -297,9 +305,7 @@ function restore_local_syncthing {
         if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
             mkdir -p $SYNCTHING_CONFIG_PATH
         fi
-        cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/
-
-        if [ ! "$?" = "0" ]; then
+        if ! cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/; then
             set_user_permissions
             backup_unmount_drive
             systemctl start syncthing
@@ -309,7 +315,7 @@ function restore_local_syncthing {
         rm -rf ${temp_restore_dir}config
     fi
 
-    if [ -d $USB_MOUNT/backup/syncthingshared ]; then
+    if [ -d "$USB_MOUNT/backup/syncthingshared" ]; then
         echo $"Restoring syncthing shared files"
         restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
         #cp -r ${temp_restore_dir}shared/* /
@@ -321,28 +327,29 @@ function restore_local_syncthing {
         rm -rf ${temp_restore_dir}shared
     fi
 
-    if [ -d $USB_MOUNT/backup/syncthing ]; then
+    if [ -d "$USB_MOUNT/backup/syncthing" ]; then
         for d in $USB_MOUNT/backup/syncthing/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring syncthing files for $USERNAME"
-                restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then
-                    cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
+                restore_directory_from_usb "${temp_restore_dir}" "syncthing/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/Sync" ]; then
+                    cp -r "${temp_restore_dir}/home/$USERNAME/Sync" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/Sync ]; then
-                        mkdir /home/$USERNAME/Sync
+                    if [ ! -d "/home/$USERNAME/Sync" ]; then
+                        mkdir "/home/$USERNAME/Sync"
                     fi
                     if [ -d /root/Sync ]; then
-                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        cp -r /root/Sync/* "/home/$USERNAME/Sync/"
                         rm -rf /root/Sync
                     else
-                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                        cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     set_user_permissions
@@ -354,13 +361,13 @@ function restore_local_syncthing {
                 rm -rf ${temp_restore_dir}
 
                 # restore device IDs from config settings
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
                 fi
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
                 fi
             fi
         done
@@ -389,21 +396,21 @@ function backup_remote_syncthing {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
         fi
@@ -416,7 +423,7 @@ function restore_remote_syncthing {
         systemctl stop cron
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/syncthingconfig" ]; then
         echo $"Restoring syncthing configuration"
         temp_restore_dir=/root/tempsyncthingconfig
         function_check restore_directory_from_friend
@@ -425,8 +432,7 @@ function restore_remote_syncthing {
         if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
             mkdir -p $SYNCTHING_CONFIG_PATH
         fi
-        cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/
-        if [ ! "$?" = "0" ]; then
+        if ! cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/; then
             systemctl start syncthing
             systemctl start cron
             exit 6833
@@ -434,7 +440,7 @@ function restore_remote_syncthing {
         rm -rf $temp_restore_dir
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/syncthingshared" ]; then
         echo $"Restoring syncthing shared files"
         temp_restore_dir=/root/tempsyncthingshared
         function_check restore_directory_from_friend
@@ -446,30 +452,31 @@ function restore_remote_syncthing {
         rm -rf ${temp_restore_dir}
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/syncthing" ]; then
         for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring syncthing files for $USERNAME"
                 temp_restore_dir=/root/tempsyncthing
                 function_check restore_directory_from_friend
-                restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
+                restore_directory_from_friend "$temp_restore_dir" "syncthing/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/Sync" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/Sync" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/Sync ]; then
-                        mkdir /home/$USERNAME/Sync
+                    if [ ! -d "/home/$USERNAME/Sync" ]; then
+                        mkdir "/home/$USERNAME/Sync"
                     fi
                     if [ -d /root/Sync ]; then
-                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        cp -r /root/Sync/* "/home/$USERNAME/Sync/"
                         rm -rf /root/Sync
                     else
-                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                        cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     systemctl start syncthing
@@ -479,13 +486,13 @@ function restore_remote_syncthing {
                 rm -rf $temp_restore_dir
 
                 # restore device IDs from config settings
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
                 fi
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
                 fi
                 echo $"Restore of syncthing files for $USERNAME complete"
             fi
@@ -512,12 +519,12 @@ function remove_syncthing {
 }
 
 function configure_firewall_for_syncthing {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
     firewall_add Syncthing ${SYNCTHING_PORT}
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_syncthing_repo {
@@ -537,22 +544,22 @@ function install_syncthing {
 
     # This probably does need to run as root so that it can access the Sync directories
     # in each user's home directory
-    echo '[Unit]' > /etc/systemd/system/syncthing.service
-    echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
-    echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
-    echo 'After=network.target' >> /etc/systemd/system/syncthing.service
-    echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
-    echo '' >> /etc/systemd/system/syncthing.service
-    echo '[Service]' >> /etc/systemd/system/syncthing.service
-    echo 'User=root' >> /etc/systemd/system/syncthing.service
-    echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
-    echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
-    echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
-    echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
-    echo '' >> /etc/systemd/system/syncthing.service
-    echo '[Install]' >> /etc/systemd/system/syncthing.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
+    { echo '[Unit]';
+      echo 'Description=Syncthing - Open Source Continuous File Synchronization';
+      echo 'Documentation=man:syncthing(1)';
+      echo 'After=network.target';
+      echo 'Wants=syncthing-inotify@.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=root';
+      echo "Environment='all_proxy=socks5://localhost:9050'";
+      echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0';
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/syncthing.service
     systemctl enable syncthing
     systemctl daemon-reload
     systemctl start syncthing

src/freedombone-app-tahoelafs

@@ -72,52 +72,52 @@ function add_user_tahoelafs {
 
     new_username="$1"
     new_user_password="$2"
-    ${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a tahoelafs -p "$new_user_password"
     if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "'/${new_username}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
-    echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username}
+    echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${new_username}"
     echo '0'
 }
 
 function remove_user_tahoelafs {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp tahoelafs
     if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "/${remove_username}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
 }
 
 function change_password_tahoelafs {
     change_username="$1"
     change_password="$2"
-    ${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password"
+    "${PROJECT_NAME}-pass" -u "$change_username" -a tahoelafs -p "$change_password"
     if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "/tahoe-${change_username}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
-    echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username}
+    echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${change_username}"
 }
 
 function add_tahoelafs_storage_node_interactive {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Add Tahoe-LAFS storage node" \
-           --form $"\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
+           --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
            $"Hostname:" 1 1 "" 1 14 53 40 \
            $"Public Key:" 2 1 "" 2 14 53 255 \
            $"Nickname:" 3 1 "" 3 14 53 255 \
            $"FURL:" 4 1 "" 4 14 53 255 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
-    storage_hostname=$(cat $data | sed -n 1p)
-    public_key="$(cat $data | sed -n 2p)"
-    nick=$(cat $data | sed -n 3p)
-    furl=$(cat $data | sed -n 4p)
+    storage_hostname=$(sed -n 1p < "$data")
+    public_key=$(sed -n 2p < "$data")
+    nick=$(sed -n 3p < "$data")
+    furl=$(sed -n 4p < "$data")
+    rm -f "$data"
 
     if [ ${#public_key} -eq 0 ]; then
         return
@@ -142,23 +142,26 @@ function edit_tahoelafs_shares {
     read_config_param TAHOELAFS_SHARES_HAPPY
     read_config_param TAHOELAFS_SHARES_TOTAL
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Tahoe-LAFS shares" \
-           --form $"\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
+           --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
            $"Needed:" 1 1 "${TAHOELAFS_SHARES_NEEDED}" 1 14 4 4 \
            $"Happy:" 2 1 "${TAHOELAFS_SHARES_HAPPY}" 2 14 4 4 \
            $"Total:" 3 1 "${TAHOELAFS_SHARES_TOTAL}" 3 14 4 4 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    tl_needed="$(cat $data | sed -n 1p)"
-    tl_happy="$(cat $data | sed -n 2p)"
-    tl_total="$(cat $data | sed -n 3p)"
+    tl_needed=$(sed -n 1p < "$data")
+    tl_happy=$(sed -n 2p < "$data")
+    tl_total=$(sed -n 3p < "$data")
+    rm -f "$data"
+
     if [ ${#tl_needed} -gt 0 ]; then
         TAHOELAFS_SHARES_NEEDED=${tl_needed}
     fi
@@ -185,88 +188,90 @@ function edit_tahoelafs_shares {
 }
 
 function configure_interactive_tahoelafs {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Tahoe-LAFS" \
            --radiolist $"The least authority is always the best" 11 50 5 \
            1 "Add a storage node" off \
            2 "Manually edit storage nodes" off \
            3 "Shares settings" off \
-           4 "Back to main menu" on 2> $data
+           4 "Back to main menu" on 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) add_tahoelafs_storage_node_interactive;;
         2) edit_tahoelafs_nodes;;
         3) edit_tahoelafs_shares;;
     esac
+    rm -f "$data"
 }
 
 function tahoelafs_setup_client_config {
-    config_file=$1
+    config_file="$1"
     nick="$2"
 
-    echo '[node]' > $config_file
-    echo "nickname = $nick" >> $config_file
-    echo 'reveal-IP-address = false' >> $config_file
-    echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1" >> $config_file
-    echo 'web.static = public_html' >> $config_file
-    echo 'tub.port = disabled' >> $config_file
-    echo 'tub.location = disabled' >> $config_file
-    echo '' >> $config_file
-    echo '[client]' >> $config_file
-    echo 'introducer.furl =' >> $config_file
-    echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file
-    echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file
-    echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file
-    echo '' >> $config_file
-    echo '[storage]' >> $config_file
-    echo 'enabled = false' >> $config_file
-    echo 'reserved_space = 3G' >> $config_file
-    echo '' >> $config_file
-    echo '[helper]' >> $config_file
-    echo 'enabled = false' >> $config_file
-    echo '' >> $config_file
-    echo '[connections]' >> $config_file
-    echo 'tcp = tor' >> $config_file
+    { echo '[node]';
+      echo "nickname = $nick";
+      echo 'reveal-IP-address = false';
+      echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1";
+      echo 'web.static = public_html';
+      echo 'tub.port = disabled';
+      echo 'tub.location = disabled';
+      echo '';
+      echo '[client]';
+      echo 'introducer.furl =';
+      echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
+      echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
+      echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
+      echo '';
+      echo '[storage]';
+      echo 'enabled = false';
+      echo 'reserved_space = 3G';
+      echo '';
+      echo '[helper]';
+      echo 'enabled = false';
+      echo '';
+      echo '[connections]';
+      echo 'tcp = tor'; } > "$config_file"
 }
 
 function tahoelafs_setup_storage_config {
-    config_file=$1
+    config_file="$1"
     nick="$2"
 
-    echo '[node]' > $config_file
-    echo "nickname = $nick" >> $config_file
-    echo 'reveal-IP-address = false' >> $config_file
-    echo 'web.port =' >> $config_file
-    echo 'web.static = public_html' >> $config_file
-    echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1" >> $config_file
-    echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}" >> $config_file
-    echo '' >> $config_file
-    echo '[client]' >> $config_file
-    echo 'introducer.furl =' >> $config_file
-    echo 'helper.furl =' >> $config_file
-    echo '' >> $config_file
-    echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file
-    echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file
-    echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file
-    echo '' >> $config_file
-    echo '[storage]' >> $config_file
-    echo 'enabled = true' >> $config_file
-    echo 'reserved_space = 3G' >> $config_file
-    echo 'expire.enabled = true' >> $config_file
-    echo 'expire.mode = age' >> $config_file
-    echo 'expire.override_lease_duration = 3 months' >> $config_file
-    echo '' >> $config_file
-    echo '[helper]' >> $config_file
-    echo 'enabled = false' >> $config_file
-    echo '' >> $config_file
-    echo '[connections]' >> $config_file
-    echo 'tcp = tor' >> $config_file
+    { echo '[node]';
+      echo "nickname = $nick";
+      echo 'reveal-IP-address = false';
+      echo 'web.port =';
+      echo 'web.static = public_html';
+      echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1";
+      echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}";
+      echo '';
+      echo '[client]';
+      echo 'introducer.furl =';
+      echo 'helper.furl =';
+      echo '';
+      echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
+      echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
+      echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
+      echo '';
+      echo '[storage]';
+      echo 'enabled = true';
+      echo 'reserved_space = 3G';
+      echo 'expire.enabled = true';
+      echo 'expire.mode = age';
+      echo 'expire.override_lease_duration = 3 months';
+      echo '';
+      echo '[helper]';
+      echo 'enabled = false';
+      echo '';
+      echo '[connections]';
+      echo 'tcp = tor'; } > "$config_file"
 
     chown -R tahoelafs:debian-tor $TAHOE_DIR
 }
@@ -304,6 +309,7 @@ function restore_local_tahoelafs {
     else
         cp -r $temp_restore_dir/* $TAHOE_DIR/
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         if [ -d ${TAHOE_DIR}-old ]; then
             mv ${TAHOE_DIR}-old $TAHOE_DIR
@@ -346,14 +352,15 @@ function restore_remote_tahoelafs {
     else
         cp -r $temp_restore_dir/* $TAHOE_DIR/
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
-        if [ -d ${$TAHOE_DIR}-old ]; then
-            mv ${TAHOE_DIR}-old $TAHOE_DIR
+        if [ -d "${TAHOE_DIR}-old" ]; then
+            mv "${TAHOE_DIR}-old" $TAHOE_DIR
         fi
         exit 623925
     fi
-    if [ -d ${$TAHOE_DIR}-old ]; then
-        rm -rf ${$TAHOE_DIR}-old
+    if [ -d "${TAHOE_DIR}-old" ]; then
+        rm -rf "${TAHOE_DIR}-old"
     fi
     rm -rf $temp_restore_dir
     chown -R tahoelafs:debian-tor $TAHOE_DIR
@@ -398,7 +405,7 @@ function remove_tahoelafs {
     remove_completion_param install_tahoelafs
     function_check remove_onion_service
     remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT}
-    remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} $(get_tahoelafs_nick)
+    remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} "$(get_tahoelafs_nick)"
     sed -i '/HidServAuth /d' /etc/tor/torrc
 
     groupdel -f tahoelafs
@@ -437,23 +444,23 @@ function create_tahoelafs_stealth_node {
         exit 682362
     fi
 
-    if [ ! -f ${node_dir}/tahoe.cfg ]; then
+    if [ ! -f "${node_dir}/tahoe.cfg" ]; then
         su -c "mkdir ${node_dir}" - tahoelafs
         su -c "$TAHOE_COMMAND create-node -C ${node_dir} --hostname=fixme" - tahoelafs
-        tahoelafs_setup_storage_config ${node_dir}/tahoe.cfg ${node_nick}
+        tahoelafs_setup_storage_config "${node_dir}/tahoe.cfg" "${node_nick}"
     fi
 
-    if [ ! -f ${client_dir}/tahoe.cfg ]; then
+    if [ ! -f "${client_dir}/tahoe.cfg" ]; then
         su -c "mkdir ${client_dir}" - tahoelafs
         su -c "$TAHOE_COMMAND create-client -C ${client_dir}" - tahoelafs
-        tahoelafs_setup_client_config ${client_dir}/tahoe.cfg ${client_nick}
+        tahoelafs_setup_client_config "${client_dir}/tahoe.cfg" "${client_nick}"
     fi
 }
 
 function create_tahoelafs_introducer {
     introducer_dir="$1"
 
-    if [ -f ${introducer_dir}/tahoe.cfg ]; then
+    if [ -f "${introducer_dir}/tahoe.cfg" ]; then
         return
     fi
 
@@ -470,7 +477,7 @@ function create_tahoelafs_storage_node {
         return
     fi
 
-    if [ -f ${node_dir}/tahoe.cfg ]; then
+    if [ -f "${node_dir}/tahoe.cfg" ]; then
         return
     fi
 
@@ -487,15 +494,15 @@ function create_tahoelafs_client {
         return
     fi
 
-    if [ -f ${client_dir}/tahoe.cfg ]; then
+    if [ -f "${client_dir}/tahoe.cfg" ]; then
         return
     fi
 
     su -c "mkdir ${client_dir}" - tahoelafs
     su -c "$TAHOE_COMMAND create-client -C ${client_dir} --introducer=\"$furl\" --listen=tor --hide-ip --hostname=127.0.0.1" - tahoelafs
-    sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' $client_dir/tahoe.cfg
-    sed -i 's|tub.port =.*|tub.port = disabled|g' $client_dir/tahoe.cfg
-    sed -i 's|tub.location =.*|tub.location = disabled|g' $client_dir/tahoe.cfg
+    sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' "$client_dir/tahoe.cfg"
+    sed -i 's|tub.port =.*|tub.port = disabled|g' "$client_dir/tahoe.cfg"
+    sed -i 's|tub.location =.*|tub.location = disabled|g' "$client_dir/tahoe.cfg"
 }
 
 function get_tahoelafs_furl {
@@ -510,11 +517,11 @@ function get_tahoelafs_nick {
 }
 
 function get_tahoelafs_storage_hostname {
-    echo "$(cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname)"
+    cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname
 }
 
 function get_tahoelafs_public_key {
-    echo "$(cat $TAHOE_DIR/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
+    grep 'v0-' "$TAHOE_DIR/storage/node.pubkey" | sed 's|pub-||g'
 }
 
 function add_tahoelafs_server {
@@ -549,10 +556,10 @@ function add_tahoelafs_server {
         fi
         echo '# storage' >> ${tahoelafs_storage_file}
     fi
-    echo "  ${public_key}:" >> ${tahoelafs_storage_file}
-    echo "    ann:" >> ${tahoelafs_storage_file}
-    echo "      nickname: ${nick}" >> ${tahoelafs_storage_file}
-    echo "      anonymous-storage-FURL: ${furl}" >> ${tahoelafs_storage_file}
+    { echo "  ${public_key}:";
+      echo "    ann:";
+      echo "      nickname: ${nick}";
+      echo "      anonymous-storage-FURL: ${furl}"; } >> "${tahoelafs_storage_file}"
     chown tahoelafs:debian-tor ${tahoelafs_storage_file}
 
     if ! grep -q "HidServAuth ${storage_hostname}" /etc/tor/torrc; then
@@ -566,27 +573,27 @@ function create_tahoelafs_daemon {
     TAHOELAFS_DAEMON_FILE=/etc/systemd/system/tahoelafs-${daemon_name}.service
     echo "Creating daemon: $TAHOELAFS_DAEMON_FILE"
 
-    echo '[Unit]' > $TAHOELAFS_DAEMON_FILE
-    echo "Description=Tahoe-LAFS ${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo 'After=syslog.target' >> $TAHOELAFS_DAEMON_FILE
-    echo 'After=network.target' >> $TAHOELAFS_DAEMON_FILE
-    echo '' >> $TAHOELAFS_DAEMON_FILE
-    echo '[Service]' >> $TAHOELAFS_DAEMON_FILE
-    echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE
-    echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE
-    echo "Group=debian-tor" >> $TAHOELAFS_DAEMON_FILE
-    echo "WorkingDirectory=${TAHOE_DIR}" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE
-    echo 'RestartSec=10' >> $TAHOELAFS_DAEMON_FILE
-    echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"" >> $TAHOELAFS_DAEMON_FILE
-    echo '' >> $TAHOELAFS_DAEMON_FILE
-    echo '[Install]' >> $TAHOELAFS_DAEMON_FILE
-    echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE
-    systemctl enable tahoelafs-${daemon_name}
+    { echo '[Unit]';
+      echo "Description=Tahoe-LAFS ${daemon_name}";
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=tahoelafs";
+      echo "Group=debian-tor";
+      echo "WorkingDirectory=${TAHOE_DIR}";
+      echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}";
+      echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$TAHOELAFS_DAEMON_FILE"
+    systemctl enable "tahoelafs-${daemon_name}"
     systemctl daemon-reload
-    systemctl start tahoelafs-${daemon_name}
+    systemctl start "tahoelafs-${daemon_name}"
 }
 
 function create_tahoelafs_web {
@@ -596,44 +603,44 @@ function create_tahoelafs_web {
     TAHOELAFS_LOGIN_TEXT=$'Tahoe-LAFS login'
 
     tahoelafs_nginx_site=/etc/nginx/sites-available/tahoelafs
-    echo 'server {' > $tahoelafs_nginx_site
-    echo "    listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;" >> $tahoelafs_nginx_site
-    echo "    server_name $TAHOELAFS_ONION_HOSTNAME;" >> $tahoelafs_nginx_site
-    echo '' >> $tahoelafs_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;";
+      echo "    server_name $TAHOELAFS_ONION_HOSTNAME;";
+      echo ''; } > "$tahoelafs_nginx_site"
     function_check nginx_disable_sniffing
     nginx_disable_sniffing tahoelafs
-    echo '' >> $tahoelafs_nginx_site
-    echo '  # Logs' >> $tahoelafs_nginx_site
-    echo '  access_log /dev/null;' >> $tahoelafs_nginx_site
-    echo '  error_log /dev/null;' >> $tahoelafs_nginx_site
-    echo '' >> $tahoelafs_nginx_site
-    echo '  # Root' >> $tahoelafs_nginx_site
-    echo "  root /var/www/tahoelafs/htdocs;" >> $tahoelafs_nginx_site
-    echo '' >> $tahoelafs_nginx_site
-    echo '  location / {' >> $tahoelafs_nginx_site
-    echo "    auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";" >> $tahoelafs_nginx_site
-    echo '    auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;' >> $tahoelafs_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/tahoelafs/htdocs;";
+      echo '';
+      echo '  location / {';
+      echo "    auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";";
+      echo '    auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;'; } >> "$tahoelafs_nginx_site"
     function_check nginx_limits
     nginx_limits tahoelafs '15m'
-    echo '    rewrite /(.*) /$1 break;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header Host $http_host;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header X-NginX-Proxy true;' >> $tahoelafs_nginx_site
-    echo "    proxy_pass http://localhost:${TAHOELAFS_PORT};" >> $tahoelafs_nginx_site
-    echo '    proxy_redirect off;' >> $tahoelafs_nginx_site
-    echo '  }' >> $tahoelafs_nginx_site
-    echo '}' >> $tahoelafs_nginx_site
+    { echo "    rewrite /(.*) /\$1 break;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$http_host;";
+      echo '    proxy_set_header X-NginX-Proxy true;';
+      echo "    proxy_pass http://localhost:${TAHOELAFS_PORT};";
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '}'; } >> "$tahoelafs_nginx_site"
 
-    TAHOELAFS_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
+    TAHOELAFS_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
     if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
         touch /etc/nginx/.htpasswd-tahoelafs
     fi
     if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "/${MY_USERNAME}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
-    echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME}
+    echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${MY_USERNAME}"
 
     function_check nginx_ensite
     nginx_ensite tahoelafs
@@ -641,7 +648,7 @@ function create_tahoelafs_web {
 }
 
 function install_tahoelafs {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         return
     fi
 
@@ -687,12 +694,12 @@ function install_tahoelafs {
     client_nick=${MY_USERNAME}-client
 
     # create an onion address for storage node
-    TAHOELAFS_STORAGE_ONION_HOSTNAME=$(add_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_PORT} ${TAHOELAFS_STORAGE_ONION_PORT} ${node_nick})
+    TAHOELAFS_STORAGE_ONION_HOSTNAME=$(add_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_PORT} ${TAHOELAFS_STORAGE_ONION_PORT} "${node_nick}")
 
     # create an onion address for client node
     TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})
 
-    create_tahoelafs_stealth_node $TAHOE_DIR/storage $TAHOE_DIR/client ${node_nick} ${client_nick}
+    create_tahoelafs_stealth_node "$TAHOE_DIR/storage" "$TAHOE_DIR/client" "${node_nick}" "${client_nick}"
 
     # start the storage node
     su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs

src/freedombone-app-tox

@@ -74,12 +74,12 @@ function logging_off_tox {
 function remove_user_tox {
     remove_username="$1"
 
-    if [ -d /home/$remove_username/.config/tox ]; then
-        if [ -d /home/$remove_username/.config/tox/chatlogs ]; then
-            shred -zu /home/$remove_username/.config/tox/chatlogs/*
-            rm -rf /home/$remove_username/.config/tox/chatlogs
+    if [ -d "/home/$remove_username/.config/tox" ]; then
+        if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
+            shred -zu "/home/$remove_username/.config/tox/chatlogs/*"
+            rm -rf "/home/$remove_username/.config/tox/chatlogs"
         fi
-        shred -zu /home/$remove_username/.config/tox/*
+        shred -zu "/home/$remove_username/.config/tox/*"
     fi
 }
 
@@ -87,27 +87,27 @@ function add_user_tox {
     new_username="$1"
 
     # Note: password isn't used
-    new_user_password="$2"
+    #new_user_password="$2"
 
     USER_TOX_FILE=/home/${new_username}/.config/tox/data.tox
-    if [ ! -f $USER_TOX_FILE ]; then
-        mkdir -p /home/${new_username}/.config/tox
-        chown -R ${new_username}:${new_username} /home/${new_username}/.config
-        su -c "toxid -u ${new_username} -n data" - $new_username
-        su -c "toxid --setuser ${new_username}" - $new_username
+    if [ ! -f "$USER_TOX_FILE" ]; then
+        mkdir -p "/home/${new_username}/.config/tox"
+        chown -R "${new_username}":"${new_username}" "/home/${new_username}/.config"
+        su -c "toxid -u ${new_username} -n data" - "$new_username"
+        su -c "toxid --setuser ${new_username}" - "$new_username"
     fi
 }
 
 function run_client_tox {
     # create a tox user
     USER_TOX_FILE=/home/${USER}/.config/tox/data.tox
-    if [ ! -f $USER_TOX_FILE ]; then
-        mkdir -p /home/${USER}/.config/tox
-        chown -R ${USER}:${USER} /home/${USER}/.config
-        toxid -u ${USER} -n data
-        toxid --setuser ${USER}
+    if [ ! -f "$USER_TOX_FILE" ]; then
+        mkdir -p "/home/${USER}/.config/tox"
+        chown -R "${USER}":"${USER}" "/home/${USER}/.config"
+        toxid -u "${USER}" -n data
+        toxid --setuser "${USER}"
     fi
-    toxic -f $USER_TOX_FILE --force-tcp --SOCKS5-proxy 127.0.0.1 9050
+    toxic -f "$USER_TOX_FILE" --force-tcp --SOCKS5-proxy 127.0.0.1 9050
 }
 
 function install_interactive_tox {
@@ -121,16 +121,17 @@ function configure_interactive_tox {
     fi
     bootstrap_id=$(cat $TOX_BOOTSTRAP_ID_FILE)
     dialog --title $"Tox Bootstrap Node ID" \
-           --msgbox $"\n$bootstrap_id\n\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
+           --msgbox $"\\n$bootstrap_id\\n\\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
 }
 
 function mesh_tox_qtox {
-    if [ ! ${rootdir}$INSTALL_DIR ]; then
+    # shellcheck disable=SC2154
+    if [ ! "${rootdir}$INSTALL_DIR" ]; then
         INSTALL_DIR=${rootdir}/root/build
     fi
 
-    if [ ! -d ${rootdir}$INSTALL_DIR ]; then
-        mkdir -p ${rootdir}$INSTALL_DIR
+    if [ ! -d "${rootdir}$INSTALL_DIR" ]; then
+        mkdir -p "${rootdir}$INSTALL_DIR"
     fi
 
     chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
@@ -149,30 +150,30 @@ function mesh_tox_qtox {
     chroot "${rootdir}" apt-get -yq install build-essential cmake ffmpeg libexif-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk2.0-dev libopenal-dev libqrencode-dev libqt5opengl5-dev libqt5svg5-dev libsqlcipher-dev libxss-dev pkg-config qrencode qt5-default qt5-qmake qttools5-dev qttools5-dev-tools yasm
 
     if [ -d /repos/qtox ]; then
-        mkdir ${rootdir}$INSTALL_DIR/qtox
-        cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox
-        cd ${rootdir}$INSTALL_DIR/qtox
+        mkdir "${rootdir}$INSTALL_DIR/qtox"
+        cp -r -p /repos/qtox/. "${rootdir}$INSTALL_DIR/qtox"
+        cd "${rootdir}$INSTALL_DIR/qtox" || exit 264826826
         git pull
     else
-        git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
+        git clone "$QTOX_REPO" "${rootdir}$INSTALL_DIR/qtox"
     fi
 
-    if [ ! -d ${rootdir}$INSTALL_DIR/qtox ]; then
+    if [ ! -d "${rootdir}$INSTALL_DIR/qtox" ]; then
         exit 72428
     fi
-    cd ${rootdir}${INSTALL_DIR}/qtox
+    cd "${rootdir}${INSTALL_DIR}/qtox" || exit 235745728
     git checkout $QTOX_COMMIT -b $QTOX_COMMIT
-    chroot ${rootdir} /bin/bash -x <<EOF
+    chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/qtox
 export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig"
 cmake .
 make
 make install
 EOF
-    if [ ! -f ${rootdir}/usr/local/bin/qtox ]; then
+    if [ ! -f "${rootdir}/usr/local/bin/qtox" ]; then
         exit 75784
     fi
-    cp ${rootdir}/usr/local/bin/qtox ${rootdir}/usr/bin/qtox
+    cp "${rootdir}/usr/local/bin/qtox" "${rootdir}/usr/bin/qtox"
 }
 
 function reconfigure_tox {
@@ -181,10 +182,10 @@ function reconfigure_tox {
 
 function upgrade_tox {
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
-    if [[ $(commit_has_changed $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
-        cd $INSTALL_DIR/toxcore
-        sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
+    set_repo_commit "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
+    if [[ $(commit_has_changed "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
+        cd "$INSTALL_DIR/toxcore" || exit 53683563
+        sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
         autoreconf -i
         ./configure --enable-daemon
         make
@@ -194,9 +195,9 @@ function upgrade_tox {
     fi
 
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
-    if [[ $(commit_has_changed $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
-        cd $INSTALL_DIR/toxic
+    set_repo_commit "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
+    if [[ $(commit_has_changed "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
+        cd "$INSTALL_DIR/toxic" || exit 4684618
         make
         make install
     fi
@@ -221,12 +222,11 @@ function backup_local_tox {
 }
 
 function restore_local_tox {
-    if [ -d $USB_MOUNT/backup/tox ]; then
+    if [ -d "$USB_MOUNT/backup/tox" ]; then
         echo $"Restoring Tox node settings"
         function_check restore_directory_from_usb
         #restore_directory_from_usb / tox
-        restore_directory_from_usb /var/lib/tox-bootstrapd tox
-        if [ ! "$?" = "0" ]; then
+        if ! restore_directory_from_usb /var/lib/tox-bootstrapd tox; then
             function_check set_user_permissions
             set_user_permissions
             function_check backup_unmount_drive
@@ -234,8 +234,7 @@ function restore_local_tox {
             exit 6393
         fi
         cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
-        systemctl restart tox-bootstrapd.service
-        if [ ! "$?" = "0" ]; then
+        if ! systemctl restart tox-bootstrapd.service; then
             systemctl status tox-bootstrapd.service
             function_check set_user_permissions
             set_user_permissions
@@ -259,17 +258,15 @@ function backup_remote_tox {
 }
 
 function restore_remote_tox {
-    if [ -d $SERVER_DIRECTORY/backup/tox ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/tox" ]; then
         echo $"Restoring Tox node settings"
         function_check restore_directory_from_friend
         #restore_directory_from_friend / tox
-        restore_directory_from_friend /var/lib/tox-bootstrapd tox
-        if [ ! "$?" = "0" ]; then
+        if ! restore_directory_from_friend /var/lib/tox-bootstrapd tox; then
             exit 93653
         fi
         cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
-        systemctl restart tox-bootstrapd.service
-        if [ ! "$?" = "0" ]; then
+        if ! systemctl restart tox-bootstrapd.service; then
             systemctl status tox-bootstrapd.service
             exit 59369
         fi
@@ -283,8 +280,7 @@ function remove_tox_node {
     function_check remove_onion_service
     remove_onion_service tox ${TOX_PORT}
 
-    ${PROJECT_NAME}-mesh-install -f tox_node --remove yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f tox_node --remove yes; then
         echo $'Failed to remove tox node'
         exit 763836
     fi
@@ -293,21 +289,20 @@ function remove_tox_node {
 }
 
 function remove_tox_avahi {
-    cd $INSTALL_DIR/toxid
+    cd "$INSTALL_DIR/toxid" || exit 82456275
     make uninstall
-    rm -rf $INSTALL_DIR/toxid
-    sed -i '/tox_avahi/d' $COMPLETION_FILE
+    rm -rf "$INSTALL_DIR/toxid"
+    sed -i '/tox_avahi/d' "$COMPLETION_FILE"
 }
 
 function remove_tox_client {
-    ${PROJECT_NAME}-mesh-install -f tox_client --remove yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f tox_client --remove yes; then
         echo $'Could not remove Tox client'
         exit 737253
     fi
-    sed -i '/install_tox_client/d' $COMPLETION_FILE
-    sed -i '/Tox /d' $COMPLETION_FILE
-    sed -i '/Toxic /d' $COMPLETION_FILE
+    sed -i '/install_tox_client/d' "$COMPLETION_FILE"
+    sed -i '/Tox /d' "$COMPLETION_FILE"
+    sed -i '/Toxic /d' "$COMPLETION_FILE"
 }
 
 function remove_tox {
@@ -317,8 +312,8 @@ function remove_tox {
 }
 
 function configure_firewall_for_tox {
-    if [ ! $INSTALLING_MESH ]; then
-        if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [ ! "$INSTALLING_MESH" ]; then
+        if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
             return
         fi
     fi
@@ -331,21 +326,21 @@ function configure_firewall_for_tox {
         return
     fi
 
-    TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
+    TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
     if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
         TOX_PORT=$TOX_PORT_MAIN
     fi
-    if [ ! $TOX_PORT ]; then
+    if [ ! "$TOX_PORT" ]; then
         echo $'No Tox port was specified'
         exit 32856
     fi
 
-    firewall_add Tox ${TOX_PORT}
-    mark_completed $FUNCNAME
+    firewall_add Tox "${TOX_PORT}"
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function tox_avahi {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -355,24 +350,23 @@ function tox_avahi {
     fi
 
     # install a command to obtain the Tox ID
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 131497953
 
     if [ -d /repos/toxid ]; then
-        mkdir $INSTALL_DIR/toxid
-        cp -r -p /repos/toxid/. $INSTALL_DIR/toxid
-        cd $INSTALL_DIR/toxid
+        mkdir "$INSTALL_DIR/toxid"
+        cp -r -p /repos/toxid/. "$INSTALL_DIR/toxid"
+        cd "$INSTALL_DIR/toxid" || exit 468276424526
         git pull
     else
         function_check git_clone
-        git_clone $TOXID_REPO $INSTALL_DIR/toxid
+        git_clone "$TOXID_REPO" "$INSTALL_DIR/toxid"
     fi
 
-    if [ ! -d $INSTALL_DIR/toxid ]; then
+    if [ ! -d "$INSTALL_DIR/toxid" ]; then
         exit 63921
     fi
-    cd $INSTALL_DIR/toxid
-    make
-    if [ ! "$?" = "0" ]; then
+    cd "$INSTALL_DIR/toxid" || exit 4782462846
+    if ! make; then
         exit 58432
     fi
     make install
@@ -387,7 +381,7 @@ function tox_avahi {
 
     systemctl restart avahi-daemon
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_tox_node {
@@ -399,13 +393,13 @@ function install_tox_node {
     mesh_tox_node
 
     # onion address for bootstrapping
-    TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT})
+    add_onion_service tox "${TOX_PORT}" "${TOX_PORT}"
 
     systemctl restart tox-bootstrapd.service
 
     sleep 3
 
-    TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
+    TOX_PUBLIC_KEY=$(grep tox /var/log/syslog | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
     if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
         echo $'Could not obtain the tox node public key'
         exit 6529
@@ -435,58 +429,58 @@ function install_tox_client {
 
 function mesh_tox_node {
     # obtain commits from the main file
-    TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    TOXCORE_COMMIT_MAIN=$(grep "TOXCORE_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
         TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
     fi
-    if [ ! $TOXCORE_COMMIT ]; then
+    if [ ! "$TOXCORE_COMMIT" ]; then
         echo $'No Tox commit was specified'
         exit 76325
     fi
 
-    TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    TOXID_REPO_MAIN=$(grep "TOXID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
         TOXID_REPO=$TOXID_REPO_MAIN
     fi
-    if [ ! $TOXID_REPO ]; then
+    if [ ! "$TOXID_REPO" ]; then
         echo $'No ToxID repo was specified'
         exit 78252
     fi
 
-    TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
+    TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
     if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
         TOX_PORT=$TOX_PORT_MAIN
     fi
-    if [ ! $TOX_PORT ]; then
+    if [ ! "$TOX_PORT" ]; then
         echo $'No Tox port was specified'
         exit 32856
     fi
 
-    TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    TOXCORE_REPO_MAIN=$(grep "TOXCORE_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
         TOXCORE_REPO=$TOXCORE_REPO_MAIN
     fi
-    if [ ! $TOXCORE_REPO ]; then
+    if [ ! "$TOXCORE_REPO" ]; then
         echo $'No Tox repo was specified'
         exit 16865
     fi
 
-    if [ ! $TOXCORE_COMMIT ]; then
+    if [ ! "$TOXCORE_COMMIT" ]; then
         echo $'No Tox commit was specified'
         exit 76325
     fi
 
-    if [ ! $TOXCORE_REPO ]; then
+    if [ ! "$TOXCORE_REPO" ]; then
         echo $'No Tox repo was specified'
         exit 16865
     fi
 
-    if [ $rootdir ]; then
-        chroot ${rootdir} apt-get -yq install build-essential libtool autotools-dev
-        chroot ${rootdir} apt-get -yq install automake checkinstall check git yasm
-        chroot ${rootdir} apt-get -yq install libsodium18 libsodium-dev libcap2-bin
-        chroot ${rootdir} apt-get -yq install libconfig9 libconfig-dev autoconf
-        chroot ${rootdir} apt-get -yq install libopus-dev libvpx-dev
+    if [ "$rootdir" ]; then
+        chroot "${rootdir}" apt-get -yq install build-essential libtool autotools-dev
+        chroot "${rootdir}" apt-get -yq install automake checkinstall check git yasm
+        chroot "${rootdir}" apt-get -yq install libsodium18 libsodium-dev libcap2-bin
+        chroot "${rootdir}" apt-get -yq install libconfig9 libconfig-dev autoconf
+        chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev
     else
         apt-get -yq install build-essential libtool autotools-dev
         apt-get -yq install automake checkinstall check git yasm
@@ -495,27 +489,26 @@ function mesh_tox_node {
         apt-get -yq install libopus-dev libvpx-dev
     fi
 
-    if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
-        mkdir -p ${rootdir}${INSTALL_DIR}
+    if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+        mkdir -p "${rootdir}${INSTALL_DIR}"
     fi
-    if [ ! -d ${rootdir}${INSTALL_DIR}/toxcore ]; then
+    if [ ! -d "${rootdir}${INSTALL_DIR}/toxcore" ]; then
         if [ -d /repos/toxcore ]; then
-            mkdir ${rootdir}${INSTALL_DIR}/toxcore
-            cp -r -p /repos/toxcore/. ${rootdir}${INSTALL_DIR}/toxcore
-            cd ${rootdir}${INSTALL_DIR}/toxcore
+            mkdir "${rootdir}${INSTALL_DIR}/toxcore"
+            cp -r -p /repos/toxcore/. "${rootdir}${INSTALL_DIR}/toxcore"
+            cd "${rootdir}${INSTALL_DIR}/toxcore" || exit 2468246284
             git pull
         else
-            git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
-            if [ ! "$?" = "0" ]; then
-                exit 429252
+            if ! git clone "${TOXCORE_REPO}" "${rootdir}${INSTALL_DIR}/toxcore"; then
+                exit 4292521
             fi
         fi
     fi
-    cd ${rootdir}$INSTALL_DIR/toxcore
-    git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT
+    cd "${rootdir}$INSTALL_DIR/toxcore" || exit 46824624
+    git checkout "$TOXCORE_COMMIT" -b "$TOXCORE_COMMIT"
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /bin/bash -x <<EOF
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxcore
 autoreconf -i
 ./configure --enable-daemon
@@ -532,28 +525,28 @@ make install
 EOF
     fi
 
-    cp $rootdir/usr/local/lib/libtoxcore* $rootdir/usr/lib/
-    cp ${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service $rootdir/etc/systemd/system/
-    sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} systemctl enable tox-bootstrapd.service
+    cp "$rootdir/usr/local/lib/libtoxcore*" "$rootdir/usr/lib/"
+    cp "${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service" "$rootdir/etc/systemd/system/"
+    sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" systemctl enable tox-bootstrapd.service
     else
         systemctl enable tox-bootstrapd.service
     fi
 
     SECONDS=0
-    if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
+    if [ ! -f "$rootdir/usr/local/bin/tox-bootstrapd" ]; then
         duration=$SECONDS
-        echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+        echo $"Toxcore compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
         echo $'Unable to make toxcore'
         exit 73835
     fi
     duration=$SECONDS
-    echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+    echo $"Toxcore compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
-        chroot ${rootdir} /bin/chmod 700 /var/lib/tox-bootstrapd
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
+        chroot "${rootdir}" /bin/chmod 700 /var/lib/tox-bootstrapd
     else
         chmod 600 /etc/shadow
         chmod 600 /etc/gshadow
@@ -564,87 +557,89 @@ EOF
     fi
 
     # remove Maildir
-    if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
-        rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
+    if [ -d "$rootdir/var/lib/tox-bootstrapd/Maildir" ]; then
+        rm -rf "$rootdir/var/lib/tox-bootstrapd/Maildir"
     fi
 
     # create configuration file
     TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
-    echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG
-    echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG
+    { echo "port = $TOX_PORT";
+      echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"';
+      echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"';
+      echo 'enable_ipv6 = true';
+      echo 'enable_ipv4_fallback = true';
+      echo 'enable_lan_discovery = true';
+      echo 'enable_tcp_relay = true';
+      echo "tcp_relay_ports = [443, 3389, $TOX_PORT]";
+      echo 'enable_motd = true';
+      echo 'motd = "tox-bootstrapd"'; } > "$TOX_BOOTSTRAP_CONFIG"
 
     if [ $TOX_NODES ]; then
-        echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG
+        echo 'bootstrap_nodes = (' >> "$TOX_BOOTSTRAP_CONFIG"
         toxcount=0
         while [ "x${TOX_NODES[toxcount]}" != "x" ]
         do
-            toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
-            toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
-            toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
-            toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
-            toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
-            echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG
+            # shellcheck disable=SC2102
+            nodes_str=$(echo $TOX_NODES[toxcount])
+            toxval_ipv4=$(awk "$nodes_str" -F ',' '{print $1}')
+            toxval_ipv6=$(awk "$nodes_str" -F ',' '{print $2}')
+            toxval_port=$(awk "$nodes_str" -F ',' '{print $3}')
+            toxval_pubkey=$(awk "$nodes_str" -F ',' '{print $4}')
+            toxval_maintainer=$(awk "$nodes_str" -F ',' '{print $5}')
+            echo "{ // $toxval_maintainer" >> "$TOX_BOOTSTRAP_CONFIG"
             if [[ $toxval_ipv6 != 'NONE' ]]; then
-                echo "  address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG
+                echo "  address = \"$toxval_ipv6\"" >> "$TOX_BOOTSTRAP_CONFIG"
             else
-                echo "  address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG
+                echo "  address = \"$toxval_ipv4\"" >> "$TOX_BOOTSTRAP_CONFIG"
             fi
-            echo "  port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG
-            echo "  public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG
-            toxcount=$(( $toxcount + 1 ))
+            echo "  port = $toxval_port" >> "$TOX_BOOTSTRAP_CONFIG"
+            echo "  public_key = \"$toxval_pubkey\"" >> "$TOX_BOOTSTRAP_CONFIG"
+            toxcount=$((toxcount + 1))
             if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
-                echo "}," >> $TOX_BOOTSTRAP_CONFIG
+                echo "}," >> "$TOX_BOOTSTRAP_CONFIG"
             else
-                echo "}" >> $TOX_BOOTSTRAP_CONFIG
+                echo "}" >> "$TOX_BOOTSTRAP_CONFIG"
             fi
         done
-        echo ')' >> $TOX_BOOTSTRAP_CONFIG
+        echo ')' >> "$TOX_BOOTSTRAP_CONFIG"
     fi
 
-    if [ -f $rootdir/var/lib/tox-bootstrapd/keys ]; then
-        chmod 700 $rootdir/var/lib/tox-bootstrapd/keys
+    if [ -f "$rootdir/var/lib/tox-bootstrapd/keys" ]; then
+        chmod 700 "$rootdir/var/lib/tox-bootstrapd/keys"
     fi
 }
 
 function mesh_tox_avahi {
-    if [ ! -d $rootdir/etc/avahi ]; then
+    if [ ! -d "$rootdir/etc/avahi" ]; then
         echo $'tox_avahi: avahi is not installed'
         exit 87359
     fi
 
-    if [ ! $TOXID_REPO ]; then
+    if [ ! "$TOXID_REPO" ]; then
         echo $'No ToxID repo was specified'
         exit 78252
     fi
 
-    if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
-        mkdir -p ${rootdir}${INSTALL_DIR}
+    if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+        mkdir -p "${rootdir}${INSTALL_DIR}"
     fi
 
     if [ -d /repos/toxid ]; then
-        mkdir ${rootdir}${INSTALL_DIR}/toxid
-        cp -r -p /repos/toxid/. ${rootdir}${INSTALL_DIR}/toxid
-        cd ${rootdir}${INSTALL_DIR}/toxid
+        mkdir "${rootdir}${INSTALL_DIR}/toxid"
+        cp -r -p /repos/toxid/. "${rootdir}${INSTALL_DIR}/toxid"
+        cd "${rootdir}${INSTALL_DIR}/toxid" || exit 2468246
         git pull
     else
-        git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
+        git clone "${TOXID_REPO}" "${rootdir}${INSTALL_DIR}/toxid"
     fi
 
-    if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then
+    if [ ! -d "${rootdir}${INSTALL_DIR}/toxid" ]; then
         echo $'Unable to clone toxid repo'
         exit 768352
     fi
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /bin/bash -x <<EOF
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxid
 make
 make install
@@ -657,45 +652,46 @@ make install
 EOF
     fi
 
-    if [ ! -f $rootdir/usr/local/bin/toxid ]; then
+    if [ ! -f "$rootdir/usr/local/bin/toxid" ]; then
         echo $'toxid not found'
         exit 74370
     fi
-    if [ ! -f $rootdir/usr/local/bin/toxavahi ]; then
+    if [ ! -f "$rootdir/usr/local/bin/toxavahi" ]; then
         exit 3621729
     fi
 
     MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
-    echo '#!/bin/bash' > $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    chmod +x $MESH_SYNC_COMMAND
+    { echo '#!/bin/bash';
+      echo '/usr/local/bin/toxavahi 2> /dev/null';
+      echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
+    chmod +x "$MESH_SYNC_COMMAND"
 
-    if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then
-        echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/cro        echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
+    if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
+        { echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null";
+          echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
+          echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
     fi
 }
 
 function mesh_tox_client {
 
-    TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+    TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
 
     # obtain commits from the main file
-    TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    TOXIC_COMMIT_MAIN=$(grep "TOXIC_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
         TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
     fi
 
-    TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    TOXIC_REPO_MAIN=$(grep "TOXIC_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
         TOXIC_REPO=$TOXIC_REPO_MAIN
     fi
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
-        chroot ${rootdir} apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
-        chroot ${rootdir} apt-get -yq install libqrencode-dev
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
+        chroot "${rootdir}" apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
+        chroot "${rootdir}" apt-get -yq install libqrencode-dev
     else
         apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
         apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
@@ -704,57 +700,57 @@ function mesh_tox_client {
 
     TEMP_SCRIPT_NAME=fbtmp728353.sh
     TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
-    echo '#!/bin/bash' > $TEMP_SCRIPT
-    echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
-    echo 'if [ -d /repos/toxic ]; then' >> $TEMP_SCRIPT
-    echo "    mkdir $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo "    cp -r -p /repos/toxic/. $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo "    cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo '    git pull' >> $TEMP_SCRIPT
-    echo 'else' >> $TEMP_SCRIPT
-    echo "    git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo 'fi' >> $TEMP_SCRIPT
-    echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
-    echo 'make' >> $TEMP_SCRIPT
-    echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
-    echo '    exit 1' >> $TEMP_SCRIPT
-    echo 'fi' >> $TEMP_SCRIPT
-    echo 'make install' >> $TEMP_SCRIPT
-    echo 'exit 0' >> $TEMP_SCRIPT
+    { echo '#!/bin/bash';
+      echo "mkdir -p $INSTALL_DIR";
+      echo 'if [ -d /repos/toxic ]; then';
+      echo "    mkdir $INSTALL_DIR/toxic";
+      echo "    cp -r -p /repos/toxic/. $INSTALL_DIR/toxic";
+      echo "    cd $INSTALL_DIR/toxic";
+      echo '    git pull';
+      echo 'else';
+      echo "    git clone $TOXIC_REPO $INSTALL_DIR/toxic";
+      echo 'fi';
+      echo "cd $INSTALL_DIR/toxic";
+      echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT";
+      echo 'make';
+      echo 'if [ ! "$?" = "0" ]; then';
+      echo '    exit 1';
+      echo 'fi';
+      echo 'make install';
+      echo 'exit 0'; } > "$TEMP_SCRIPT"
     chmod +x $TEMP_SCRIPT
-    cp $TEMP_SCRIPT $rootdir/root/
+    cp "$TEMP_SCRIPT" "$rootdir/root/"
 
-    TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+    TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
 
     SECONDS=0
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /root/$TEMP_SCRIPT_NAME
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" "/root/$TEMP_SCRIPT_NAME"
     else
         /root/$TEMP_SCRIPT_NAME
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         cat -n /root/fbtmp728353.sh
         duration=$SECONDS
-        echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+        echo $"Toxic client compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
         echo $'Unable to make tox client'
         rm $TEMP_SCRIPT
         exit 74872
     fi
     rm $TEMP_SCRIPT
-    if [ ! -f $rootdir$TOXIC_FILE ]; then
+    if [ ! -f "$rootdir$TOXIC_FILE" ]; then
         echo $"Tox client was not installed to $TOXIC_FILE"
         exit 63278
     fi
     duration=$SECONDS
-    echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+    echo $"Toxic client compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
 }
 
 function enable_tox_repo {
-    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
+    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > "$rootdir/etc/apt/sources.list.d/tox.list"
 
-
-    cat >> $rootdir/root/gettoxkey.sh <<EOF
+    cat >> "$rootdir/root/gettoxkey.sh" <<EOF
 #!/bin/bash
 wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key
 apt-key add /root/tox.key
@@ -769,30 +765,30 @@ EOF
 function install_tox {
     configure_firewall_for_tox
 
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_tox_node
         mesh_tox_avahi
         mesh_tox_client
     else
         avoid_tor_restart=
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
             if [[ $ONION_ONLY != 'no' ]]; then
                 avoid_tor_restart=1
             fi
         fi
 
         if [ $avoid_tor_restart ]; then
-            ${PROJECT_NAME}-logging on --onion
+            "${PROJECT_NAME}-logging" on --onion
         else
-            ${PROJECT_NAME}-logging on
+            "${PROJECT_NAME}-logging" on
         fi
 
         install_tox_node
 
         if [ $avoid_tor_restart ]; then
-            ${PROJECT_NAME}-logging off --onion
+            "${PROJECT_NAME}-logging" off --onion
         else
-            ${PROJECT_NAME}-logging off
+            "${PROJECT_NAME}-logging" off
         fi
 
         tox_avahi

src/freedombone-app-turtl

@@ -68,22 +68,24 @@ function logging_off_turtl {
 }
 
 function change_password_turtl {
-    change_username="$1"
-    new_user_password="$2"
+    echo -n ''
+#    change_username="$1"
+#    new_user_password="$2"
 }
 
 function remove_user_turtl {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_turtl {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
 function install_interactive_turtl {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -128,7 +130,7 @@ function configure_interactive_turtl_signups {
     dialog --title $"Allow new turtl signups" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nAllow registration of new users?" 10 60
+           --yesno $"\\nAllow registration of new users?" 10 60
     sel=$?
     case $sel in
         0)
@@ -146,15 +148,14 @@ function configure_interactive_turtl_signups {
 }
 
 function configure_interactive_turtl_storage {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change storage limit" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>$data
+           --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>"$data"
     sel=$?
     case $sel in
         0)
-            STORAGE=$(<$data)
+            STORAGE=$(<"$data")
             if [ ${#STORAGE} -gt 0 ]; then
                 TURTL_STORAGE_LIMIT_MB=$STORAGE
                 sed -i "s|defparameter *default-storage-limit*.*|defparameter *default-storage-limit* ${TURTL_STORAGE_LIMIT_MB})|g" $TURTL_BASE_DIR/api/config/config.lisp
@@ -164,27 +165,31 @@ function configure_interactive_turtl_storage {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_turtl {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"turtl app settings" \
            --radiolist $"Choose an operation:" 12 70 3 \
            1 $"Enable/disable new user registrations" off \
            2 $"Change storage limit" off \
-           3 $"Exit" on 2> $data
+           3 $"Exit" on 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) configure_interactive_turtl_signups;;
         2) configure_interactive_turtl_storage;;
-        3) return;;
+        3) rm -f "$data"
+           return;;
     esac
+    rm -f "$data"
 }
 
 function reconfigure_turtl {
@@ -255,7 +260,7 @@ function restore_local_turtl {
         else
             cp -r ${temp_restore_dir}/* /etc/turtl/
         fi
-
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -273,6 +278,7 @@ function restore_local_turtl {
             cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -318,6 +324,7 @@ function restore_remote_turtl {
             cp -r ${temp_restore_dir}/* /etc/turtl/
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             if [ -d /etc/turtl_previous ]; then
                 mv /etc/turtl_previous $TURTL_BASE_DIR
@@ -338,6 +345,7 @@ function restore_remote_turtl {
             cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             exit 26783
@@ -358,7 +366,7 @@ function remove_turtl {
     remove_rethinkdb
     remove_app turtl
     remove_completion_param install_turtl
-    sed -i '/turtl/d' $COMPLETION_FILE
+    sed -i '/turtl/d' "$COMPLETION_FILE"
     nginx_dissite $TURTL_DOMAIN_NAME
     if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
         rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
@@ -444,18 +452,18 @@ __ENDCONFIG__
         exit 6238234
     fi
 
-    echo '[Unit]' > /etc/systemd/system/turtl.service
-    echo 'Description=Note taking service' >> /etc/systemd/system/turtl.service
-    echo 'Documentation=http://turtl.it' >> /etc/systemd/system/turtl.service
-    echo 'Requires=network.target' >> /etc/systemd/system/turtl.service
-    echo 'Requires=rethinkdb.service' >> /etc/systemd/system/turtl.service
-    echo 'After=network.target' >> /etc/systemd/system/turtl.service
-    echo 'After=rethinkdb.service' >> /etc/systemd/system/turtl.service
-    echo '' >> /etc/systemd/system/turtl.service
-    echo '[Service]' >> /etc/systemd/system/turtl.service
-    echo 'Type=simple' >> /etc/systemd/system/turtl.service
-    echo 'User=turtl' >> /etc/systemd/system/turtl.service
-    echo "WorkingDirectory=$TURTL_BASE_DIR/api/" >> /etc/systemd/system/turtl.service
+    { echo '[Unit]';
+      echo 'Description=Note taking service';
+      echo 'Documentation=http://turtl.it';
+      echo 'Requires=network.target';
+      echo 'Requires=rethinkdb.service';
+      echo 'After=network.target';
+      echo 'After=rethinkdb.service';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=turtl';
+      echo "WorkingDirectory=$TURTL_BASE_DIR/api/"; } > /etc/systemd/system/turtl.service
 
     if [[ "$check_architecture" == *"64"* && "$check_architecture" != *"arm"* ]]; then
         echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
@@ -466,9 +474,9 @@ __ENDCONFIG__
             echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
         fi
     fi
-    echo '' >> /etc/systemd/system/turtl.service
-    echo '[Install]' >> /etc/systemd/system/turtl.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turtl.service
+    { echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/turtl.service
     chmod +x /etc/systemd/system/turtl.service
 
     chown -R turtl:turtl $TURTL_BASE_DIR
@@ -484,7 +492,7 @@ function install_turtl_api {
     if [ ! -d $TURTL_BASE_DIR ]; then
         mkdir -p $TURTL_BASE_DIR
     fi
-    cd $TURTL_BASE_DIR
+    cd "$TURTL_BASE_DIR" || exit 745726542
     mkdir cd $TURTL_BASE_DIR/data
     check_architecture=$(uname -a)
 
@@ -600,21 +608,21 @@ __ENDCONFIG__
     chown -R rethinkdb:rethinkdb /var/lib/rethinkdb
 
     # install turtl API
-    cd $TURTL_BASE_DIR/
+    cd "$TURTL_BASE_DIR/" || exit 6428462
 
     if [ -d /repos/turtl ]; then
         mkdir $TURTL_BASE_DIR/api
         cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
-        cd $TURTL_BASE_DIR/api
+        cd "$TURTL_BASE_DIR/api" || exit 57141845
         git pull
     else
         git clone $TURTL_REPO $TURTL_BASE_DIR/api
     fi
 
-    cd $TURTL_BASE_DIR/api
+    cd "$TURTL_BASE_DIR/api" || exit 35814614
     git checkout $TURTL_COMMIT -b $TURTL_COMMIT
     set_completion_param "turtl commit" "$TURTL_COMMIT"
-    cd $TURTL_BASE_DIR/quicklisp/local-projects
+    cd "$TURTL_BASE_DIR/quicklisp/local-projects" || exit 43618941415
     git clone git://github.com/orthecreedence/cl-hash-util
     if [[ "$check_architecture" != *"arm"* ]]; then
         if [[ "$check_architecture" == *"64"* ]]; then
@@ -627,20 +635,20 @@ __ENDCONFIG__
     fi
 
     # config
-    echo '(defvar *enabled-cors-resources* "resource://turtl-at-lyonbros-dot-com"' > $TURTL_BASE_DIR/api/config/config.footer
-    echo '  "When set, will enable CORS for resource:// origins if they match the given' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '   string. Entries should be comma separated (this string is passed verbatim in' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '   the Access-Control-Allow-Origin header).")' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '(defparameter *public-actions*' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "  \`((:post . ,(concatenate 'string *api-path* \"/users\"))" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "    (:post . ,(concatenate 'string *api-path* \"/log/error\"))" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '    (:post . "/cla/sign")' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '    (:get  . "/ping")' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '    (:get  . "/admin")' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "    (:get . ,(cl-ppcre:create-scanner (concatenate 'string *api-path* \"/invites/codes/([0-9a-f-]+)\"))))" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "  \"A list of public resources/actions that do not require authentication.\")" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "(defvar *analytics* '(:enabled t" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '                      :db "analytics"))' >> $TURTL_BASE_DIR/api/config/config.footer
+    { echo '(defvar *enabled-cors-resources* "resource://turtl-at-lyonbros-dot-com"';
+      echo '  "When set, will enable CORS for resource:// origins if they match the given';
+      echo '   string. Entries should be comma separated (this string is passed verbatim in';
+      echo '   the Access-Control-Allow-Origin header).")';
+      echo '(defparameter *public-actions*';
+      echo "  \`((:post . ,(concatenate 'string *api-path* \"/users\"))";
+      echo "    (:post . ,(concatenate 'string *api-path* \"/log/error\"))";
+      echo '    (:post . "/cla/sign")';
+      echo '    (:get  . "/ping")';
+      echo '    (:get  . "/admin")';
+      echo "    (:get . ,(cl-ppcre:create-scanner (concatenate 'string *api-path* \"/invites/codes/([0-9a-f-]+)\"))))";
+      echo "  \"A list of public resources/actions that do not require authentication.\")";
+      echo "(defvar *analytics* '(:enabled t";
+      echo '                      :db "analytics"))'; } > "$TURTL_BASE_DIR/api/config/config.footer"
 
     cp $TURTL_BASE_DIR/asdf.lisp $TURTL_BASE_DIR/api
     echo '(load (compile-file "asdf.lisp"))' > $TURTL_BASE_DIR/api/launch.lisp
@@ -657,54 +665,54 @@ function install_turtl_nginx {
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         nginx_http_redirect $TURTL_DOMAIN_NAME
-        echo 'server {' >> $turtl_nginx_site
-        echo '  listen 443 ssl;' >> $turtl_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $turtl_nginx_site
-        echo "  server_name ${TURTL_DOMAIN_NAME};" >> $turtl_nginx_site
-        echo '' >> $turtl_nginx_site
-        echo '  # Security' >> $turtl_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name ${TURTL_DOMAIN_NAME};";
+          echo '';
+          echo '  # Security'; } >> "$turtl_nginx_site"
         function_check nginx_ssl
         nginx_ssl $TURTL_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $TURTL_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $turtl_nginx_site
-        echo '' >> $turtl_nginx_site
-        echo '  # Logs' >> $turtl_nginx_site
-        echo '  access_log /dev/null;' >> $turtl_nginx_site
-        echo '  error_log /dev/null;' >> $turtl_nginx_site
-        echo '' >> $turtl_nginx_site
-        echo '  location / {' >> $turtl_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  location / {'; } >> "$turtl_nginx_site"
         function_check nginx_limits
         nginx_limits $TURTL_DOMAIN_NAME '15m'
-        echo "    proxy_pass        http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site
-        echo '    proxy_set_header  Host $host;' >> $turtl_nginx_site
-        echo '    proxy_buffering   off;' >> $turtl_nginx_site
-        echo '  }' >> $turtl_nginx_site
-        echo '}' >> $turtl_nginx_site
+        { echo "    proxy_pass        http://localhost:${TURTL_PORT}/;";
+          echo "    proxy_set_header  Host \$host;";
+          echo '    proxy_buffering   off;';
+          echo '  }';
+          echo '}'; } >> "$turtl_nginx_site"
     else
         echo -n '' > $turtl_nginx_site
     fi
-    echo 'server {' >> $turtl_nginx_site
-    echo "  listen 127.0.0.1:${TURTL_ONION_PORT};" >> $turtl_nginx_site
-    echo "  server_name ${TURTL_ONION_HOSTNAME};" >> $turtl_nginx_site
-    echo '' >> $turtl_nginx_site
+    { echo 'server {';
+      echo "  listen 127.0.0.1:${TURTL_ONION_PORT};";
+      echo "  server_name ${TURTL_ONION_HOSTNAME};";
+      echo ''; } >> $turtl_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $TURTL_DOMAIN_NAME
-    echo '' >> $turtl_nginx_site
-    echo '  # Logs' >> $turtl_nginx_site
-    echo '  access_log /dev/null;' >> $turtl_nginx_site
-    echo '  error_log /dev/null;' >> $turtl_nginx_site
-    echo '' >> $turtl_nginx_site
-    echo '  location / {' >> $turtl_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  location / {'; } >> $turtl_nginx_site
     function_check nginx_limits
     nginx_limits $TURTL_DOMAIN_NAME '15m'
-    echo "    proxy_pass        http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site
-    echo '    proxy_set_header  Host $host;' >> $turtl_nginx_site
-    echo '    proxy_buffering   off;' >> $turtl_nginx_site
-    echo '  }' >> $turtl_nginx_site
-    echo '}' >> $turtl_nginx_site
+    { echo "    proxy_pass        http://localhost:${TURTL_PORT}/;";
+      echo "    proxy_set_header  Host \$host;";
+      echo '    proxy_buffering   off;';
+      echo '  }';
+      echo '}'; } >> $turtl_nginx_site
 
     function_check add_ddns_domain
     add_ddns_domain $TURTL_DOMAIN_NAME

src/freedombone-app-vim

@@ -62,27 +62,27 @@ function backup_local_vim {
             echo $"Backing up Vim config for $USERNAME"
 
             # create a temporary directory
-            if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                mkdir /home/$USERNAME/$VIM_TEMP_DIR
+            if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # copy config files into the directory
-            if [ -f /home/$USERNAME/.vimrc ]; then
-                cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.vimrc" ]; then
+                cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
-            if [ -f /home/$USERNAME/.viminfo ]; then
-                cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.viminfo" ]; then
+                cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # backup the directory
             function_check backup_directory_to_usb
-            backup_directory_to_usb /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME
+            backup_directory_to_usb "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
 
             # remove temporary directory
-            if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
             fi
         fi
     done
@@ -90,24 +90,25 @@ function backup_local_vim {
 
 function restore_local_vim {
     temp_restore_dir=/root/tempvim
-    if [ -d $USB_MOUNT/backup/vim ]; then
+    if [ -d "$USB_MOUNT/backup/vim" ]; then
         for d in $USB_MOUNT/backup/vim/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Vim config for $USERNAME"
                 function_check restore_directory_from_usb
-                restore_directory_from_usb $temp_restore_dir vim/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/
+                restore_directory_from_usb "$temp_restore_dir" "vim/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                        mkdir /home/$USERNAME/$VIM_TEMP_DIR
+                    if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                        mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -116,14 +117,14 @@ function restore_local_vim {
                     backup_unmount_drive
                     exit 664
                 fi
-                cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME
-                if [ -f /home/$USERNAME/.viminfo ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo
+                cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
+                if [ -f "/home/$USERNAME/.viminfo" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
                 fi
-                if [ -f /home/$USERNAME/.vimrc ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc
+                if [ -f "/home/$USERNAME/.vimrc" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
                 fi
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
                 rm -rf $temp_restore_dir
             fi
         done
@@ -137,27 +138,27 @@ function backup_remote_vim {
             echo $"Backing up Vim config for $USERNAME"
 
             # create a temporary directory
-            if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                mkdir /home/$USERNAME/$VIM_TEMP_DIR
+            if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # copy config files into the directory
-            if [ -f /home/$USERNAME/.vimrc ]; then
-                cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.vimrc" ]; then
+                cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
-            if [ -f /home/$USERNAME/.viminfo ]; then
-                cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.viminfo" ]; then
+                cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # backup the directory
             function_check backup_directory_to_friend
-            backup_directory_to_friend /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME
+            backup_directory_to_friend "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
 
             # remove temporary directory
-            if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
             fi
         fi
     done
@@ -165,24 +166,25 @@ function backup_remote_vim {
 
 function restore_remote_vim {
     temp_restore_dir=/root/tempvim
-    if [ -d $USB_MOUNT/backup/vim ]; then
+    if [ -d "$USB_MOUNT/backup/vim" ]; then
         for d in $USB_MOUNT/backup/vim/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Vim config for $USERNAME"
                 function_check restore_directory_from_friend
-                restore_directory_from_friend $temp_restore_dir vim/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/
+                restore_directory_from_friend "$temp_restore_dir vim/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                        mkdir /home/$USERNAME/$VIM_TEMP_DIR
+                    if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                        mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -191,14 +193,14 @@ function restore_remote_vim {
                     backup_unmount_drive
                     exit 664
                 fi
-                cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME
-                if [ -f /home/$USERNAME/.viminfo ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo
+                cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
+                if [ -f "/home/$USERNAME/.viminfo" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
                 fi
-                if [ -f /home/$USERNAME/.vimrc ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc
+                if [ -f "/home/$USERNAME/.vimrc" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
                 fi
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
                 rm -rf $temp_restore_dir
             fi
         done
@@ -210,7 +212,7 @@ function remove_vim {
     # This may change with Debian Stretch
     # apt-get -yq remove --purge vim
     update-alternatives --set editor /usr/bin/nano
-    sed -i '/install_vim/d' $COMPLETION_FILE
+    sed -i '/install_vim/d' "$COMPLETION_FILE"
 
     # remove Vim as the mutt email editor
     if [ -f /etc/Muttrc ]; then
@@ -220,9 +222,9 @@ function remove_vim {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        sed -i '/set editor=/d' /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
                     fi
                 fi
             fi
@@ -244,11 +246,11 @@ function install_vim {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        echo "set editor=\"$VIM_MUTT_EDITOR\"" >> /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        echo "set editor=\"$VIM_MUTT_EDITOR\"" >> "/home/$USERNAME/.muttrc"
                     else
-                        sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" /home/$USERNAME/.muttrc
+                        sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" "/home/$USERNAME/.muttrc"
                     fi
                 fi
             fi

src/freedombone-app-vpn

@@ -82,23 +82,24 @@ function install_interactive_vpn {
     VPN_DETAILS_COMPLETE=
     while [ ! $VPN_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         currtlsport=$(grep 'VPN_TLS_PORT' temp.cfg | awk -F '=' '{print $2}')
-        if [ $currtlsport ]; then
+        if [ "$currtlsport" ]; then
             VPN_TLS_PORT=$currtlsport
         fi
         dialog --backtitle $"Freedombone Configuration" \
                --title $"VPN Configuration" \
-               --form $"\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
+               --form $"\\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
                $"TLS port:" 1 1 "$VPN_TLS_PORT" 1 12 5 5 \
-               2> $data
+               2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        tlsport=$(cat $data | sed -n 1p)
+        tlsport=$(sed -n 1p < "$data")
         if [ ${#tlsport} -gt 1 ]; then
             if [[ "$tlsport" != *' '* && "$tlsport" != *'.'* ]]; then
                 VPN_TLS_PORT="$tlsport"
@@ -106,27 +107,27 @@ function install_interactive_vpn {
                 write_config_param "VPN_TLS_PORT" "$VPN_TLS_PORT"
             fi
         fi
+        rm -f "$data"
     done
     clear
     APP_INSTALLED=1
 }
 
 function vpn_change_tls_port {
-    if ! grep -q "VPN-TLS" $FIREWALL_CONFIG; then
+    if ! grep -q "VPN-TLS" "$FIREWALL_CONFIG"; then
         EXISTING_VPN_TLS_PORT=443
     else
-        EXISTING_VPN_TLS_PORT=$(cat $FIREWALL_CONFIG | grep "VPN-TLS" | awk -F '=' '{print $2}')
+        EXISTING_VPN_TLS_PORT=$(grep "VPN-TLS" "$FIREWALL_CONFIG" | awk -F '=' '{print $2}')
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"VPN Configuration" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Change TLS port' 10 50 $EXISTING_VPN_TLS_PORT 2>$data
+           --inputbox $'Change TLS port' 10 50 "$EXISTING_VPN_TLS_PORT" 2>"$data"
     sel=$?
     case $sel in
         0)
-            tlsport=$(<$data)
+            tlsport=$(<"$data")
             if [ ${#tlsport} -gt 0 ]; then
                 if [[ "$tlsport" != "$EXISTING_VPN_TLS_PORT" ]]; then
                     clear
@@ -137,22 +138,22 @@ function vpn_change_tls_port {
 
                     for d in /home/*/ ; do
                         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-                        if [ -f /home/$USERNAME/stunnel-client.conf ]; then
-                            cp /etc/stunnel/stunnel-client.conf /home/$USERNAME/stunnel-client.conf
-                            chown $USERNAME:$USERNAME /home/$USERNAME/stunnel-client.conf
+                        if [ -f "/home/$USERNAME/stunnel-client.conf" ]; then
+                            cp "/etc/stunnel/stunnel-client.conf" "/home/$USERNAME/stunnel-client.conf"
+                            chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel-client.conf"
                         fi
                     done
 
-                    if [ $VPN_TLS_PORT -eq 443 ]; then
+                    if [ "$VPN_TLS_PORT" -eq 443 ]; then
                         if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then
-                            firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
+                            firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
                         fi
                         systemctl stop nginx
                         systemctl disable nginx
                     else
                         if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then
-                            firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
-                            firewall_add VPN-TLS ${VPN_TLS_PORT} tcp
+                            firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
+                            firewall_add VPN-TLS "${VPN_TLS_PORT}" tcp
                         fi
                         systemctl enable nginx
                         systemctl restart nginx
@@ -160,7 +161,7 @@ function vpn_change_tls_port {
 
                     systemctl restart stunnel
 
-                    if [ $VPN_TLS_PORT -eq 443 ]; then
+                    if [ "$VPN_TLS_PORT" -eq 443 ]; then
                         dialog --title $"VPN Configuration" \
                                --msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
                     else
@@ -171,52 +172,56 @@ function vpn_change_tls_port {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function vpn_regenerate_client_keys {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Regenerate VPN keys for a user" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'username' 10 50 2>$data
+           --inputbox $'username' 10 50 2>"$data"
     sel=$?
     case $sel in
         0)
-            USERNAME=$(<$data)
+            USERNAME=$(<"$data")
             if [ ${#USERNAME} -gt 0 ]; then
-                if [ -d /home/$USERNAME ]; then
+                if [ -d "/home/$USERNAME" ]; then
                     clear
-                    create_user_vpn_key $USERNAME
+                    create_user_vpn_key "$USERNAME"
                     dialog --title $"Regenerate VPN keys for a user" \
                            --msgbox $"VPN keys were regenerated for $USERNAME" 6 60
                 fi
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_vpn {
     read_config_param VPN_TLS_PORT
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"VPN Configuration" \
                --radiolist $"Choose an operation:" 13 70 3 \
                1 $"Change TLS port (currently $VPN_TLS_PORT)" off \
                2 $"Regenerate keys for a user" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) vpn_change_tls_port;;
             2) vpn_regenerate_client_keys;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -231,8 +236,8 @@ function upgrade_vpn {
 function backup_local_vpn {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
-            cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}
+        if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+            cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
         fi
     done
 
@@ -252,9 +257,9 @@ function restore_local_vpn {
 
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then
-                cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME
-                chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME
+            if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
+                cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
             fi
         done
     fi
@@ -265,13 +270,13 @@ function restore_local_vpn {
         rm -rf ${temp_restore_dir}
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /home/$USERNAME/stunnel.pem ]; then
-                cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem
+            if [ -f "/home/$USERNAME/stunnel.pem" ]; then
+                cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
             fi
-            if [ -f /home/$USERNAME/stunnel.p12 ]; then
-                cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12
+            if [ -f "/home/$USERNAME/stunnel.p12" ]; then
+                cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
             fi
         done
     fi
@@ -280,8 +285,8 @@ function restore_local_vpn {
 function backup_remote_vpn {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
-            cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}
+        if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+            cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
         fi
     done
 
@@ -301,9 +306,9 @@ function restore_remote_vpn {
 
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then
-                cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME
-                chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME
+            if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
+                cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
             fi
         done
     fi
@@ -314,13 +319,13 @@ function restore_remote_vpn {
         rm -rf ${temp_restore_dir}
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /home/$USERNAME/stunnel.pem ]; then
-                cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem
+            if [ -f "/home/$USERNAME/stunnel.pem" ]; then
+                cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
             fi
-            if [ -f /home/$USERNAME/stunnel.p12 ]; then
-                cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12
+            if [ -f "/home/$USERNAME/stunnel.p12" ]; then
+                cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
             fi
         done
     fi
@@ -332,8 +337,8 @@ function remove_vpn {
     rm /etc/systemd/system/stunnel.service
 
     systemctl stop openvpn
-    if [ $VPN_TLS_PORT -ne 443 ]; then
-        firewall_remove VPN-TLS $VPN_TLS_PORT
+    if [ "$VPN_TLS_PORT" -ne 443 ]; then
+        firewall_remove VPN-TLS "$VPN_TLS_PORT"
     else
         systemctl enable nginx
         systemctl restart nginx
@@ -354,10 +359,10 @@ function remove_vpn {
     # remove any client keys
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
-            shred -zu /home/$USERNAME/$OPENVPN_KEY_FILENAME
+        if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+            shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
         fi
-        rm /home/$USERNAME/stunnel*
+        rm "/home/$USERNAME/stunnel*"
     done
     userdel -f vpn
     groupdel -f vpn
@@ -370,107 +375,108 @@ function remove_vpn {
 function create_user_vpn_key {
     username=$1
 
-    if [ ! -d /home/$username ]; then
+    if [ ! -d "/home/$username" ]; then
         return
     fi
 
     echo $"Creating VPN key for $username"
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 4728468246
 
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.crt
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.crt"
     fi
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.key
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.key"
     fi
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.csr ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.csr
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.csr" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.csr"
     fi
 
     sed -i 's| --interact||g' build-key
     ./build-key "$username"
 
-    if [ ! -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
+    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
         echo $'VPN user cert not generated'
         exit 783528
     fi
-    user_cert=$(cat /etc/openvpn/easy-rsa/keys/$username.crt)
+    user_cert=$(cat "/etc/openvpn/easy-rsa/keys/$username.crt")
     if [ ${#user_cert} -lt 10 ]; then
-        cat /etc/openvpn/easy-rsa/keys/$username.crt
+        cat "/etc/openvpn/easy-rsa/keys/$username.crt"
         echo $'User cert generation failed'
         exit 634659
     fi
-    if [ ! -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
+    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
         echo $'VPN user key not generated'
         exit 682523
     fi
-    user_key=$(cat /etc/openvpn/easy-rsa/keys/$username.key)
+    user_key=$(cat "/etc/openvpn/easy-rsa/keys/$username.key")
     if [ ${#user_key} -lt 10 ]; then
-        cat /etc/openvpn/easy-rsa/keys/$username.key
+        cat "/etc/openvpn/easy-rsa/keys/$username.key"
         echo $'User key generation failed'
         exit 285838
     fi
 
     user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME
 
-    echo 'client' > $user_vpn_cert_file
-    echo 'dev tun' >> $user_vpn_cert_file
-    echo 'proto tcp' >> $user_vpn_cert_file
-    echo "remote localhost $STUNNEL_PORT" >> $user_vpn_cert_file
-    echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway" >> $user_vpn_cert_file
-    echo 'resolv-retry infinite' >> $user_vpn_cert_file
-    echo 'nobind' >> $user_vpn_cert_file
-    echo 'tun-mtu 1500' >> $user_vpn_cert_file
-    echo 'tun-mtu-extra 32' >> $user_vpn_cert_file
-    echo 'mssfix 1450' >> $user_vpn_cert_file
-    echo 'persist-key' >> $user_vpn_cert_file
-    echo 'persist-tun' >> $user_vpn_cert_file
-    echo 'auth-nocache' >> $user_vpn_cert_file
-    echo 'remote-cert-tls server' >> $user_vpn_cert_file
-    echo 'comp-lzo' >> $user_vpn_cert_file
-    echo 'verb 3' >> $user_vpn_cert_file
-    echo '' >> $user_vpn_cert_file
+    { echo 'client';
+      echo 'dev tun';
+      echo 'proto tcp';
+      echo "remote localhost $STUNNEL_PORT";
+      echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway";
+      echo 'resolv-retry infinite';
+      echo 'nobind';
+      echo 'tun-mtu 1500';
+      echo 'tun-mtu-extra 32';
+      echo 'mssfix 1450';
+      echo 'persist-key';
+      echo 'persist-tun';
+      echo 'auth-nocache';
+      echo 'remote-cert-tls server';
+      echo 'comp-lzo';
+      echo 'verb 3';
+      echo ''; } > "$user_vpn_cert_file"
 
-    echo '<ca>' >> $user_vpn_cert_file
-    cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
-    echo '</ca>' >> $user_vpn_cert_file
+    {
+        echo '<ca>';
+        cat /etc/openvpn/ca.crt;
+        echo '</ca>';
 
-    echo '<cert>' >> $user_vpn_cert_file
-    cat /etc/openvpn/easy-rsa/keys/$username.crt >> $user_vpn_cert_file
-    echo '</cert>' >> $user_vpn_cert_file
+        echo '<cert>';
+        cat "/etc/openvpn/easy-rsa/keys/$username.crt;"
+        echo '</cert>';
 
-    echo '<key>' >> $user_vpn_cert_file
-    cat /etc/openvpn/easy-rsa/keys/$username.key >> $user_vpn_cert_file
-    echo '</key>' >> $user_vpn_cert_file
+        echo '<key>';
+        cat "/etc/openvpn/easy-rsa/keys/$username.key;"
+        echo '</key>'; } >> "$user_vpn_cert_file"
 
-    chown $username:$username $user_vpn_cert_file
+    chown "$username":"$username" "$user_vpn_cert_file"
 
     # keep a backup
-    cp $user_vpn_cert_file /etc/openvpn/easy-rsa/keys/$username.ovpn
+    cp "$user_vpn_cert_file" "/etc/openvpn/easy-rsa/keys/$username.ovpn"
 
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
-    shred -zu /etc/openvpn/easy-rsa/keys/$username.key
+    shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
 
     echo $"VPN key created at $user_vpn_cert_file"
 }
 
 function add_user_vpn {
     new_username="$1"
-    new_user_password="$2"
+#    new_user_password="$2"
 
-    create_user_vpn_key $new_username
+    create_user_vpn_key "$new_username"
     if [ -f /etc/stunnel/stunnel.pem ]; then
-        cp /etc/stunnel/stunnel.pem /home/$new_username/stunnel.pem
-        chown $new_username:$new_username /home/$new_username/stunnel.pem
+        cp /etc/stunnel/stunnel.pem "/home/$new_username/stunnel.pem"
+        chown "$new_username":"$new_username" "/home/$new_username/stunnel.pem"
     fi
     if [ -f /etc/stunnel/stunnel.p12 ]; then
-        cp /etc/stunnel/stunnel.p12 /home/$new_username/stunnel.p12
-        chown $new_username:$new_username /home/$new_username/stunnel.p12
+        cp /etc/stunnel/stunnel.p12 "/home/$new_username/stunnel.p12"
+        chown "$new_username":"$new_username" "/home/$new_username/stunnel.p12"
     fi
-    cp /etc/stunnel/stunnel-client.conf /home/$new_username/stunnel-client.conf
-    chown $new_username:$new_username /home/$new_username/stunnel-client.conf
+    cp /etc/stunnel/stunnel-client.conf "/home/$new_username/stunnel-client.conf"
+    chown "$new_username":"$new_username" "/home/$new_username/stunnel-client.conf"
 }
 
 function remove_user_vpn {
@@ -516,15 +522,16 @@ function generate_stunnel_keys {
     fi
     chmod 640 /etc/stunnel/stunnel.p12
 
-    cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
-    cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
-    chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel*
+    cp /etc/stunnel/stunnel.pem "/home/$MY_USERNAME/stunnel.pem"
+    cp /etc/stunnel/stunnel.p12 "/home/$MY_USERNAME/stunnel.p12"
+    chown "$MY_USERNAME":"$MY_USERNAME" "$prefix/home/$MY_USERNAME/stunnel*"
 }
 
 function install_stunnel {
     prefix=
     prefixchroot=
-    if [ $rootdir ]; then
+    # shellcheck disable=SC2154
+    if [ "$rootdir" ]; then
         prefix=$rootdir
         prefixchroot="chroot $rootdir"
         VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@@ -532,53 +539,53 @@ function install_stunnel {
 
     $prefixchroot apt-get -yq install stunnel4
 
-    if [ ! $prefix ]; then
-        cd /etc/stunnel
+    if [ ! "$prefix" ]; then
+        cd /etc/stunnel || exit 46284624
         generate_stunnel_keys
     fi
 
-    echo 'chroot = /var/lib/stunnel4' > $prefix/etc/stunnel/stunnel.conf
-    echo 'pid = /stunnel4.pid' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'setuid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'setgid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'socket = l:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'socket = r:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
-    echo '[openvpn]' >> $prefix/etc/stunnel/stunnel.conf
-    echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf
-    echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf
+    { echo 'chroot = /var/lib/stunnel4';
+      echo 'pid = /stunnel4.pid';
+      echo 'setuid = stunnel4';
+      echo 'setgid = stunnel4';
+      echo 'socket = l:TCP_NODELAY=1';
+      echo 'socket = r:TCP_NODELAY=1';
+      echo 'cert = /etc/stunnel/stunnel.pem';
+      echo '[openvpn]';
+      echo "accept = $VPN_TLS_PORT";
+      echo 'connect = localhost:1194';
+      echo 'cert = /etc/stunnel/stunnel.pem';
+      echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel.conf"
 
-    sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4
+    sed -i 's|ENABLED=.*|ENABLED=1|g' "$prefix/etc/default/stunnel4"
 
-    echo '[openvpn]' > $prefix/etc/stunnel/stunnel-client.conf
-    echo 'client = yes' >> $prefix/etc/stunnel/stunnel-client.conf
-    echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
-    echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
-    echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf
-    echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf
+    { echo '[openvpn]';
+      echo 'client = yes';
+      echo "accept = $STUNNEL_PORT";
+      echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT";
+      echo 'cert = stunnel.pem';
+      echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel-client.conf"
 
-    echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service
-    echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'DefaultDependencies=no' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'After=network.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'After=syslog.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo '' >> $prefix/etc/systemd/system/stunnel.service
-    echo '[Install]' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'WantedBy=multi-user.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'Alias=stunnel.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo '' >> $prefix/etc/systemd/system/stunnel.service
-    echo '[Service]' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'Type=forking' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'RuntimeDirectory=stunnel' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'ExecStop=/usr/bin/killall -9 stunnel' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'RemainAfterExit=yes' >> $prefix/etc/systemd/system/stunnel.service
+    { echo '[Unit]';
+      echo 'Description=SSL tunnel for network daemons';
+      echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html';
+      echo 'DefaultDependencies=no';
+      echo 'After=network.target';
+      echo 'After=syslog.target';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target';
+      echo 'Alias=stunnel.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=forking';
+      echo 'RuntimeDirectory=stunnel';
+      echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf';
+      echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf';
+      echo 'ExecStop=/usr/bin/killall -9 stunnel';
+      echo 'RemainAfterExit=yes'; } > "$prefix/etc/systemd/system/stunnel.service"
 
-    if [ ! $prefix ]; then
+    if [ ! "$prefix" ]; then
         if [ $VPN_TLS_PORT -eq 443 ]; then
             systemctl stop nginx
             systemctl disable nginx
@@ -591,15 +598,15 @@ function install_stunnel {
         systemctl daemon-reload
         systemctl start stunnel
 
-        cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
+        cp /etc/stunnel/stunnel-client.conf "/home/$MY_USERNAME/stunnel-client.conf"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/stunnel*"
     fi
 }
 
 function vpn_generate_keys {
     # generate host keys
     if [ ! -f /etc/openvpn/dh2048.pem ]; then
-        ${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem
+        "${PROJECT_NAME}-dhparam" -o /etc/openvpn/dh2048.pem
     fi
     if [ ! -f /etc/openvpn/dh2048.pem ]; then
         echo $'vpn dhparams were not generated'
@@ -607,7 +614,8 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 5628756256
+    # shellcheck disable=SC1091
     . ./vars
     ./clean-all
     vpn_openssl_version='1.0.0'
@@ -651,13 +659,13 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
 
-    create_user_vpn_key ${MY_USERNAME}
+    create_user_vpn_key "${MY_USERNAME}"
 }
 
 function install_vpn {
     prefix=
     prefixchroot=
-    if [ $rootdir ]; then
+    if [ "$rootdir" ]; then
         prefix=$rootdir
         prefixchroot="chroot $rootdir"
         VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@@ -668,50 +676,50 @@ function install_vpn {
     $prefixchroot useradd -r -s /bin/false -g vpn vpn
 
     # server configuration
-    echo 'port 1194' > $prefix/etc/openvpn/server.conf
-    echo 'proto tcp' >> $prefix/etc/openvpn/server.conf
-    echo 'dev tun' >> $prefix/etc/openvpn/server.conf
-    echo 'tun-mtu 1500' >> $prefix/etc/openvpn/server.conf
-    echo 'tun-mtu-extra 32' >> $prefix/etc/openvpn/server.conf
-    echo 'mssfix 1450' >> $prefix/etc/openvpn/server.conf
-    echo 'ca /etc/openvpn/ca.crt' >> $prefix/etc/openvpn/server.conf
-    echo 'cert /etc/openvpn/server.crt' >> $prefix/etc/openvpn/server.conf
-    echo 'key /etc/openvpn/server.key' >> $prefix/etc/openvpn/server.conf
-    echo 'dh /etc/openvpn/dh2048.pem' >> $prefix/etc/openvpn/server.conf
-    echo 'server 10.8.0.0 255.255.255.0' >> $prefix/etc/openvpn/server.conf
-    echo 'push "redirect-gateway def1 bypass-dhcp"' >> $prefix/etc/openvpn/server.conf
-    echo "push \"dhcp-option DNS 85.214.73.63\"" >> $prefix/etc/openvpn/server.conf
-    echo "push \"dhcp-option DNS 213.73.91.35\"" >> $prefix/etc/openvpn/server.conf
-    echo 'keepalive 5 30' >> $prefix/etc/openvpn/server.conf
-    echo 'comp-lzo' >> $prefix/etc/openvpn/server.conf
-    echo 'persist-key' >> $prefix/etc/openvpn/server.conf
-    echo 'persist-tun' >> $prefix/etc/openvpn/server.conf
-    echo 'status /dev/null' >> $prefix/etc/openvpn/server.conf
-    echo 'verb 3' >> $prefix/etc/openvpn/server.conf
-    echo '' >> $prefix/etc/openvpn/server.conf
+    { echo 'port 1194';
+      echo 'proto tcp';
+      echo 'dev tun';
+      echo 'tun-mtu 1500';
+      echo 'tun-mtu-extra 32';
+      echo 'mssfix 1450';
+      echo 'ca /etc/openvpn/ca.crt';
+      echo 'cert /etc/openvpn/server.crt';
+      echo 'key /etc/openvpn/server.key';
+      echo 'dh /etc/openvpn/dh2048.pem';
+      echo 'server 10.8.0.0 255.255.255.0';
+      echo 'push "redirect-gateway def1 bypass-dhcp"';
+      echo "push \"dhcp-option DNS 85.214.73.63\"";
+      echo "push \"dhcp-option DNS 213.73.91.35\"";
+      echo 'keepalive 5 30';
+      echo 'comp-lzo';
+      echo 'persist-key';
+      echo 'persist-tun';
+      echo 'status /dev/null';
+      echo 'verb 3';
+      echo ''; } > "$prefix/etc/openvpn/server.conf"
 
-    if [ ! $prefix ]; then
+    if [ ! "$prefix" ]; then
         echo 1 > /proc/sys/net/ipv4/ip_forward
     fi
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' $prefix/etc/sysctl.conf
+    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
+    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
+    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' "$prefix/etc/sysctl.conf"
 
-    cp -r $prefix/usr/share/easy-rsa/ $prefix/etc/openvpn
-    if [ ! -d $prefix/etc/openvpn/easy-rsa/keys ]; then
-        mkdir $prefix/etc/openvpn/easy-rsa/keys
+    cp -r "$prefix/usr/share/easy-rsa/" "$prefix/etc/openvpn"
+    if [ ! -d "$prefix/etc/openvpn/easy-rsa/keys" ]; then
+        mkdir "$prefix/etc/openvpn/easy-rsa/keys"
     fi
 
     # keys configuration
-    sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
+    sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
 
-    if [ ! $prefix ]; then
+    if [ ! "$prefix" ]; then
         vpn_generate_keys
         firewall_enable_vpn
 
@@ -724,7 +732,7 @@ function install_vpn {
 
     install_stunnel
 
-    if [ ! $prefix ]; then
+    if [ ! "$prefix" ]; then
         systemctl restart openvpn
     fi
 

src/freedombone-app-wekan

@@ -1,498 +0,0 @@
-#!/bin/bash
-#
-# .---.                  .              .
-# |                      |              |
-# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
-# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
-# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
-#
-#                    Freedom in the Cloud
-#
-# Wekan kanban
-#
-# License
-# =======
-#
-# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-VARIANTS=''
-
-IN_DEFAULT_INSTALL=0
-SHOW_ON_ABOUT=0
-
-WEKAN_DOMAIN_NAME=
-WEKAN_CODE=
-WEKAN_PORT=8081
-WEKAN_ONION_PORT=8120
-WEKAN_REPO="https://github.com/wekan/wekan"
-WEKAN_COMMIT='dc547c38d1f5ca72729f6d8f81eb03671ca15934'
-FLOW_ROUTER_REPO="git://github.com/wekan/flow-router.git"
-FLOW_ROUTER_COMMIT='0c1f6423ed9b68eb00cfb1a19492438917a38956'
-WEKAN_DIR=/etc/wekan
-
-wekan_variables=(ONION_ONLY
-                 WEKAN_DOMAIN_NAME
-                 WEKAN_CODE
-                 DDNS_PROVIDER
-                 MY_USERNAME)
-
-function logging_on_wekan {
-    echo -n ''
-}
-
-function logging_off_wekan {
-    echo -n ''
-}
-
-function remove_user_wekan {
-    remove_username="$1"
-}
-
-function add_user_wekan {
-    new_username="$1"
-    new_user_password="$2"
-    echo '0'
-}
-
-function install_interactive_wekan {
-    if [[ $ONION_ONLY != "no" ]]; then
-        GIT_DOMAIN_NAME='wekan.local'
-        write_config_param "WEKAN_DOMAIN_NAME" "$WEKAN_DOMAIN_NAME"
-    else
-        function_check interactive_site_details
-        interactive_site_details wekan
-    fi
-    APP_INSTALLED=1
-}
-
-function change_password_wekan {
-    curr_username="$1"
-    new_user_password="$2"
-}
-
-function reconfigure_wekan {
-    echo -n ''
-}
-
-function upgrade_wekan {
-    CURR_WEKAN_COMMIT=$(get_completion_param "wekan commit")
-    if [[ "$CURR_WEKAN_COMMIT" == "$WEKAN_COMMIT" ]]; then
-        return
-    fi
-
-    systemctl stop wekan
-
-    # update to the next commit
-    function_check set_repo_commit
-    set_repo_commit $WEKAN_DIR "wekan commit" "$WEKAN_COMMIT" $WEKAN_REPO
-
-    systemctl start wekan
-}
-
-function backup_local_wekan {
-    source_directory=$WEKAN_DIR/data
-    if [ -d $source_directory ]; then
-        systemctl stop wekan
-
-        dest_directory=wekan
-        function_check suspend_site
-        suspend_site wekan
-
-        function_check backup_database_to_usb
-        backup_database_to_usb wekan
-
-        function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
-
-        function_check restart_site
-        restart_site
-
-        systemctl start wekan
-    fi
-}
-
-function restore_local_wekan {
-    if [ -d $WEKAN_DIR ]; then
-        systemctl stop wekan
-
-        function_check restore_database
-        restore_database gogs ${WEKAN_DOMAIN_NAME}
-
-        temp_restore_dir=/root/tempwekan
-        function_check restore_directory_from_usb
-        restore_directory_from_usb $temp_restore_dir wekan
-        if [ -d $temp_restore_dir$WEKAN_DIR/data ]; then
-            cp -r $temp_restore_dir$WEKAN_DIR/data/* $WEKAN_DIR/data/
-        else
-            cp -r $temp_restore_dir/* $WEKAN_DIR/data/
-        fi
-        rm -rf $temp_restore_dir
-        systemctl start wekan
-    fi
-}
-
-function backup_remote_wekan {
-    if grep -q "wekan domain" $COMPLETION_FILE; then
-        temp_backup_dir=$WEKAN_DIR/data
-        if [ -d $temp_backup_dir ]; then
-            systemctl stop wekan
-
-            function_check suspend_site
-            suspend_site wekan
-
-            echo $"Backing up Wekan installation"
-
-            function_check backup_database_to_friend
-            backup_database_to_friend wekan
-
-            function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir wekan
-
-            function_check restart_site
-            restart_site
-
-            systemctl start wekan
-        else
-            echo $"wekan domain specified but not found in ${temp_backup_dir}"
-        fi
-    fi
-}
-
-function restore_remote_wekan {
-    if [ -d $WEKAN_DIR ]; then
-        systemctl stop wekan
-
-        function_check restore_database_from_friend
-        restore_database_from_friend wekan
-
-        temp_restore_dir=/root/tempwekan
-        function_check restore_directory_from_usb
-        restore_directory_from_friend $temp_restore_dir wekan
-        if [ -d $temp_restore_dir$WEKAN_DIR/data ]; then
-            cp -r $temp_restore_dir$WEKAN_DIR/data/* $WEKAN_DIR/data/
-        else
-            cp -r $temp_restore_dir/* $WEKAN_DIR/data/
-        fi
-        rm -rf $temp_restore_dir
-        systemctl start wekan
-    fi
-}
-
-function remove_wekan {
-    systemctl stop wekan
-    systemctl disable wekan
-    if [ -f /etc/systemd/system/wekan.service ]; then
-        rm /etc/systemd/system/wekan.service
-    fi
-    systemctl daemon-reload
-
-    function_check remove_nodejs
-    remove_nodejs wekan
-
-    nginx_dissite wekan
-
-    if [ -d $WEKAN_DIR ]; then
-        rm -rf $WEKAN_DIR
-    fi
-    if [ -f /etc/nginx/sites-available/wekan ]; then
-        rm /etc/nginx/sites-available/wekan
-    fi
-    function_check drop_database
-    drop_database wekan
-    function_check remove_onion_service
-    remove_onion_service wekan ${WEKAN_ONION_PORT}
-    remove_app wekan
-    remove_completion_param install_wekan
-    sed -i '/wekan/d' $COMPLETION_FILE
-
-    groupdel -f wekan
-    userdel -r wekan
-    remove_meteor
-}
-
-function wekan_create_database {
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        WEKAN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-    else
-        if [ ! ${GIT_ADMIN_PASSWORD} ]; then
-            WEKAN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-        fi
-    fi
-    if [ ! $WEKAN_ADMIN_PASSWORD ]; then
-        return
-    fi
-
-    function_check create_database
-    create_database gogs "$WEKAN_ADMIN_PASSWORD"
-}
-
-function install_wekan_main {
-    if [[ $(app_is_installed wekan_main) == "1" ]]; then
-        return
-    fi
-
-    if [ ! -d /var/www/wekan ]; then
-        mkdir /var/www/wekan
-    fi
-    if [ -d $WEKAN_DIR ]; then
-        rm -rf $WEKAN_DIR
-    fi
-
-    if [ -d /repos/wekan ]; then
-        mkdir -p $WEKAN_DIR
-        cp -r -p /repos/wekan/. $WEKAN_DIR
-        cd $WEKAN_DIR
-        git pull
-    else
-        function_check git_clone
-        git_clone $WEKAN_REPO $WEKAN_DIR
-    fi
-
-    if [ ! -d $WEKAN_DIR ]; then
-        echo $'Unable to clone wekan repo'
-        exit 783251
-    fi
-
-    # an unprivileged user to run as
-    groupadd wekan
-    useradd -c "Wekan account" -d $WEKAN_DIR/ -m -r -g wekan wekan
-
-    cd $WEKAN_DIR
-    git checkout $WEKAN_COMMIT -b $WEKAN_COMMIT
-    set_completion_param "wekan commit" "$WEKAN_COMMIT"
-
-    chown -R wekan:wekan $WEKAN_DIR
-
-    WEKAN_ONION_HOSTNAME=$(add_onion_service wekan 80 ${WEKAN_ONION_PORT})
-    set_completion_param "wekan onion domain" "$WEKAN_ONION_HOSTNAME"
-
-    wekan_nginx_site=/etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    if [[ ${ONION_ONLY} == "no" ]]; then
-        function_check nginx_http_redirect
-        nginx_http_redirect ${WEKAN_DOMAIN_NAME}
-        echo 'server {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo "    root /var/www/${WEKAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo "    server_name ${WEKAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        function_check nginx_ssl
-        nginx_ssl ${WEKAN_DOMAIN_NAME}
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${WEKAN_DOMAIN_NAME}
-        echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    location / {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        function_check nginx_limits
-        nginx_limits ${WEKAN_DOMAIN_NAME} '15m'
-        echo "        proxy_pass http://localhost:$WEKAN_PORT;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '        log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    else
-        echo -n '' > /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    fi
-    echo 'server {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo "    listen 127.0.0.1:${WEKAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo "    root /var/www/$WEKAN_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo "    server_name $WEKAN_DOMAIN_NAME;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing ${WEKAN_DOMAIN_NAME}
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    location / {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    function_check nginx_limits
-    nginx_limits ${WEKAN_DOMAIN_NAME} '15m'
-    echo "        proxy_pass http://localhost:$WEKAN_PORT;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-
-    function_check nginx_ensite
-    nginx_ensite wekan
-
-    install_completed wekan_main
-}
-
-function install_wekan {
-    apt-get -qy install build-essential c++ capnproto curl
-
-    function_check install_nodejs
-    install_nodejs wekan
-
-    install_wekan_main
-    install_meteor
-
-    cd $WEKAN_DIR
-
-    su -c 'npm install babel-runtime' - wekan
-    su -c 'npm install node-gyp' - wekan
-    su -c 'npm install node-pre-gyp' - wekan
-    su -c 'npm install fibers' - wekan
-    su -c 'npm install bcrypt' - wekan
-    su -c 'npm install bson' - wekan
-    su -c 'npm install es6-promise' - wekan
-    su -c 'npm install meteor-node-stubs' - wekan
-    su -c 'npm install winston' - wekan
-    su -c 'npm install winston-zulip' - wekan
-    su -c 'npm install xss' - wekan
-
-    # Remove any directories from previous installs
-    if [ -d $WEKAN_DIR/.meteor ]; then
-        rm -rf $WEKAN_DIR/.meteor
-    fi
-    if [ -d $WEKAN_DIR/app ]; then
-        rm -rf $WEKAN_DIR/app
-    fi
-    if [ -d $WEKAN_DIR/app_build ]; then
-        rm -rf $WEKAN_DIR/app_build
-    fi
-
-    # Get additional packages
-    mkdir -p $WEKAN_DIR/.meteor/packages
-    chown wekan:wekan --recursive $WEKAN_DIR/.meteor
-    cd $WEKAN_DIR/.meteor/packages
-    if [ ! -d /repos/flowrouter ]; then
-        su -c "git clone --depth 1 -b master $FLOW_ROUTER_REPO kadira-flow-router" - wekan
-    else
-        mkdir kadira-flow-router
-        cp -r -p /repos/flowrouter/. kadira-flow-router
-        cd kadira-flow-router
-        git pull
-        cd ..
-    fi
-    cd kadira-flow-router
-    git checkout $FLOW_ROUTER_COMMIT -b $FLOW_ROUTER_COMMIT
-    cd ..
-    if [ ! -d /repos/meteoruseraccounts ]; then
-        su -c "git clone --depth 1 -b master $METEOR_USERACCOUNTS_REPO meteor-useraccounts-core" - wekan
-    else
-        mkdir meteor-useraccounts-core
-        cp -r -p /repos/meteoruseraccounts/. meteor-useraccounts-core
-        cd meteor-useraccounts-core
-        git pull
-        cd ..
-    fi
-    cd meteor-useraccounts-core
-    git checkout $METEOR_USERACCOUNTS_COMMIT -b $METEOR_USERACCOUNTS_COMMIT
-    cd ..
-    if [ ! -f $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js ]; then
-        echo $"File not found: $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js"
-        exit 7289529
-    fi
-    sed -i 's/api\.versionsFrom/\/\/api.versionsFrom/' $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js
-    cd $WEKAN_DIR/.meteor
-    su -c "$WEKAN_DIR/.meteor/meteor -- help" - wekan
-
-    # Build app
-    if [ ! -d $WEKAN_DIR/app ]; then
-        echo $'No app subdirectory found'
-        exit 294569
-    fi
-    cd $WEKAN_DIR/app
-    su -c "$WEKAN_DIR/.meteor/meteor add standard-minifier-js" - wekan
-    su -c "$WEKAN_DIR/.meteor/meteor npm install" - wekan
-    su -c "$WEKAN_DIR/.meteor/meteor build --directory $WEKAN_DIR/app_build" - wekan
-    cp $WEKAN_DIR/app/fix-download-unicode/cfs_access-point.txt $WEKAN_DIR/app_build/bundle/programs/server/packages/cfs_access-point.js
-    chown wekan:wekan $WEKAN_DIR/app_build/bundle/programs/server/packages/cfs_access-point.js
-    sed -i "s|build\/Release\/bson|browser_build\/bson|g" $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/cfs_gridfs/node_modules/mongodb/node_modules/bson/ext/index.js
-    if [ ! -d $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt ]; then
-        echo $"No subdirectory found: $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt"
-        exit 479832
-    fi
-    cd $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt
-    su -c 'rm -rf node_modules/bcrypt' - wekan
-    su -c 'npm install bcrypt' - wekan
-    cd $WEKAN_DIR/app_build/bundle/programs/server/
-    su -c 'npm install' - wekan
-    mv $WEKAN_DIR/app_build/bundle ../build
-
-    if [ ! -f $WEKAN_DIR/build/main.js ]; then
-        echo $'main.js not found'
-        exit 7828252
-    fi
-
-    # Cleanup
-    rm -R $WEKAN_DIR/.meteor
-    rm -R $WEKAN_DIR/app
-    rm -R $WEKAN_DIR/app_build
-
-    chown -R wekan:wekan $WEKAN_DIR
-
-    function_check install_mariadb
-    install_mariadb
-
-    function_check get_mariadb_password
-    get_mariadb_password
-
-    function_check wekan_create_database
-    wekan_create_database
-
-    # daemon
-    echo '[Unit]' > /etc/systemd/system/wekan.service
-    echo 'Description=Wekan' >> /etc/systemd/system/wekan.service
-    echo 'After=syslog.target' >> /etc/systemd/system/wekan.service
-    echo 'After=network.target' >> /etc/systemd/system/wekan.service
-    echo '' >> /etc/systemd/system/wekan.service
-    echo '[Service]' >> /etc/systemd/system/wekan.service
-    echo 'User=wekan' >> /etc/systemd/system/wekan.service
-    echo 'Group=wekan' >> /etc/systemd/system/wekan.service
-    echo "WorkingDirectory=$WEKAN_DIR" >> /etc/systemd/system/wekan.service
-    echo "ExecStart=/usr/local/bin/node $WEKAN_DIR/build/main.js" >> /etc/systemd/system/wekan.service
-    echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/wekan.service
-    echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/wekan.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/wekan.service
-    echo '' >> /etc/systemd/system/wekan.service
-    echo '[Install]' >> /etc/systemd/system/wekan.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wekan.service
-    systemctl enable wekan.service
-    systemctl daemon-reload
-    systemctl start wekan.service
-
-    systemctl restart nginx
-
-    set_completion_param "wekan domain" "$WEKAN_DOMAIN_NAME"
-
-    APP_INSTALLED=1
-}
-
-# NOTE: deliberately there is no "exit 0"

src/freedombone-app-zeronet

@@ -105,7 +105,7 @@ function remove_zeronet_blog {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroBlog
     fi
     remove_completion_param install_zeronet_blog
-    sed -i '/zeronet blog/d' $COMPLETION_FILE
+    sed -i '/zeronet blog/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet_mail {
@@ -113,7 +113,7 @@ function remove_zeronet_mail {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroMail
     fi
     remove_completion_param install_zeronet_mail
-    sed -i '/zeronet mail/d' $COMPLETION_FILE
+    sed -i '/zeronet mail/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet_forum {
@@ -121,7 +121,7 @@ function remove_zeronet_forum {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroTalk
     fi
     remove_completion_param install_zeronet_forum
-    sed -i '/zeronet forum/d' $COMPLETION_FILE
+    sed -i '/zeronet forum/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet {
@@ -133,20 +133,20 @@ function remove_zeronet {
     firewall_remove ${TRACKER_PORT}
     firewall_remove 1900 udp
 
-    ${PROJECT_NAME}-mesh-install -f zeronet --remove yes
+    "${PROJECT_NAME}-mesh-install" -f zeronet --remove yes
     remove_completion_param install_zeronet
     remove_completion_param configure_firewall_for_zeronet
-    sed -i '/zeronet/d' $COMPLETION_FILE
+    sed -i '/zeronet/d' "$COMPLETION_FILE"
 }
 
 function configure_firewall_for_zeronet {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     firewall_add ZeroNet ${ZERONET_PORT}
     firewall_add Tracker ${TRACKER_PORT}
     firewall_add Tracker 1900 udp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_zeronet_blog {
@@ -161,14 +161,14 @@ function install_zeronet_blog {
 
     ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 246284728
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/blog.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/blog.txt ]; then
         echo $'Unable to create blog'
         exit 479
     fi
-    blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}')
-    blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    blog_address=$(grep "Site address" blog.txt | awk -F ':' '{print $2}')
+    blog_private_key=$(grep "Site private key" blog.txt | awk -F ':' '{print $2}')
     ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/}
     ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/}
 
@@ -197,24 +197,24 @@ function install_zeronet_blog {
         echo $'ZeroBlog repo could not be cloned'
         exit 6739
     fi
-    cd $MESH_INSTALL_DIR/zeronet/ZeroBlog
+    cd "$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 47298462874
     git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
     set_completion_param "zeroNet blog commit" "$ZERONET_BLOG_COMMIT"
 
     echo $"ZeroNet Blog address:     $ZERONET_BLOG_ADDRESS"
     echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroBlog/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroBlog/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS"
 
-    if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then
-        mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data
+    if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data" ]; then
+        mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
     fi
-    cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data
-    sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
-    sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
-    sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
-    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
-    sed -i "s/Blogging platform Demo/Blogging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY
+    cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
+    sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
+    sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
+    sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
+    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
+    sed -i "s/Blogging platform Demo/Blogging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_BLOG_ADDRESS" "$ZERONET_BLOG_PRIVATE_KEY"
 
     # Add an avahi service
     function_check create_avahi_service
@@ -223,11 +223,11 @@ function install_zeronet_blog {
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myblog
+    echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myblog"
 
     install_completed zeronet_blog
 }
@@ -244,14 +244,14 @@ function install_zeronet_mail {
 
     ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 4628462862
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/mail.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/mail.txt ]; then
         echo $'Unable to create mail'
         exit 479
     fi
-    mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}')
-    mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    mail_address=$(grep "Site address" mail.txt | awk -F ':' '{print $2}')
+    mail_private_key=$(grep "Site private key" mail.txt | awk -F ':' '{print $2}')
     ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/}
     ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/}
 
@@ -280,24 +280,24 @@ function install_zeronet_mail {
         echo $'ZeroMail repo could not be cloned'
         exit 6739
     fi
-    cd $MESH_INSTALL_DIR/zeronet/ZeroMail
+    cd "$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 246284682
     git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
     set_completion_param "zeroNet mail commit" "$ZERONET_MAIL_COMMIT"
 
     echo $"ZeroNet Mail address:     $ZERONET_MAIL_ADDRESS"
     echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroMail/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroMail/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS"
 
-    if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then
-        mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data
+    if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data" ]; then
+        mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
     fi
-    cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data
-    sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
-    sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
-    sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
-    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
-    sed -i "s/Mailging platform Demo/Mailging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY
+    cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
+    sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
+    sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
+    sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
+    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
+    sed -i "s/Mailging platform Demo/Mailging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_MAIL_ADDRESS" "$ZERONET_MAIL_PRIVATE_KEY"
 
     # Add an avahi service
     function_check create_avahi_service
@@ -306,11 +306,11 @@ function install_zeronet_mail {
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/mymail
+    echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/mymail"
 
     install_completed zeronet_mail
 }
@@ -327,14 +327,14 @@ function install_zeronet_forum {
 
     ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 472984624628
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/forum.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/forum.txt ]; then
         echo $'Unable to create forum'
         exit 479
     fi
-    forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}')
-    forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    forum_address=$(grep "Site address" forum.txt | awk -F ':' '{print $2}')
+    forum_private_key=$(grep "Site private key" forum.txt | awk -F ':' '{print $2}')
     ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/}
     ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/}
 
@@ -368,13 +368,13 @@ function install_zeronet_forum {
 
     echo $"Forum address:     $ZERONET_FORUM_ADDRESS"
     echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroTalk/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS
-    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i 's/Messaging Board Demo/Messaging Board/g' $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
-    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroTalk/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS"
+    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i 's/Messaging Board Demo/Messaging Board/g' "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
+    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_FORUM_ADDRESS" "$ZERONET_FORUM_PRIVATE_KEY" --inner_path data/users/content.json
 
     # Add an avahi service
     function_check create_avahi_service
@@ -383,11 +383,11 @@ function install_zeronet_forum {
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myforum
+    echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myforum"
 
     install_completed zeronet_forum
 }
@@ -397,7 +397,7 @@ function install_zeronet_main {
         return
     fi
 
-    ${PROJECT_NAME}-mesh-install -f zeronet
+    "${PROJECT_NAME}-mesh-install" -f zeronet
     systemctl daemon-reload
     systemctl start tracker.service
     systemctl start zeronet.service
@@ -408,117 +408,118 @@ function install_zeronet_main {
 }
 
 function mesh_zeronet {
-    ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_REPO_MAIN=$(grep "ZERONET_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#ZERONET_REPO_MAIN} -gt 4 ]; then
         ZERONET_REPO=$ZERONET_REPO_MAIN
     fi
-    if [ ! $ZERONET_REPO ]; then
+    if [ ! "$ZERONET_REPO" ]; then
         echo $'No ZeroNet repo was specified'
         exit 723539
     fi
 
-    ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_COMMIT_MAIN=$(grep "ZERONET_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#ZERONET_COMMIT_MAIN} -gt 4 ]; then
         ZERONET_COMMIT=$ZERONET_COMMIT_MAIN
     fi
-    if [ ! $ZERONET_COMMIT ]; then
+    if [ ! "$ZERONET_COMMIT" ]; then
         echo $'No ZeroNet commit was specified'
         exit 490439
     fi
 
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install python python-msgpack python-gevent
     chroot "$rootdir" apt-get -yq install python-pip bittornado
     chroot "$rootdir" pip install msgpack-python --upgrade
 
-    chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
+    chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/zeronet/" -s /bin/false zeronet
 
     if [ -d /repos/zeronet ]; then
-        mkdir $rootdir$MESH_INSTALL_DIR/zeronet
-        cp -r -p /repos/zeronet/. $rootdir$MESH_INSTALL_DIR/zeronet
-        cd $rootdir$MESH_INSTALL_DIR/zeronet
+        mkdir "$rootdir$MESH_INSTALL_DIR/zeronet"
+        cp -r -p /repos/zeronet/. "$rootdir$MESH_INSTALL_DIR/zeronet"
+        cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2648246284
         git pull
     else
-        git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
+        git clone "$ZERONET_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet"
     fi
 
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet" ]; then
         echo 'WARNING: Unable to clone zeronet'
         return
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet
-    git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
-    if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
-        echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2468276484682
+    git checkout "$ZERONET_COMMIT" -b "$ZERONET_COMMIT"
+    if ! grep -q "ZeroNet commit" "$COMPLETION_FILE"; then
+        echo "ZeroNet commit:$ZERONET_COMMIT" >> "$rootdir$COMPLETION_FILE"
     else
-        sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
+        sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" "$COMPLETION_FILE"
     fi
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 
     # Hack to ensure that the file access port is opened
     # This is because zeronet normally relies on an internet site
     # to do this, but on a purely local mesh the internet isn't available
-    sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n            sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py
+    sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n            sys.modules["main"].file_server.port_opened = True|g' "$rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py"
 
     ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
-    echo '[Unit]' > $ZERONET_DAEMON
-    echo 'Description=Zeronet Server' >> $ZERONET_DAEMON
-    echo 'After=syslog.target' >> $ZERONET_DAEMON
-    echo 'After=network.target' >> $ZERONET_DAEMON
-    echo '[Service]' >> $ZERONET_DAEMON
-    echo 'Type=simple' >> $ZERONET_DAEMON
-    echo 'User=zeronet' >> $ZERONET_DAEMON
-    echo 'Group=zeronet' >> $ZERONET_DAEMON
-    echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON
-    echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON
-    echo '' >> $ZERONET_DAEMON
-    echo 'TimeoutSec=300' >> $ZERONET_DAEMON
-    echo '' >> $ZERONET_DAEMON
-    echo '[Install]' >> $ZERONET_DAEMON
-    echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON
+    { echo '[Unit]';
+      echo 'Description=Zeronet Server';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=zeronet';
+      echo 'Group=zeronet';
+      echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet";
+      echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$ZERONET_DAEMON"
 
     TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
-    echo '[Unit]' > $TRACKER_DAEMON
-    echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
-    echo 'After=syslog.target' >> $TRACKER_DAEMON
-    echo 'After=network.target' >> $TRACKER_DAEMON
-    echo '[Service]' >> $TRACKER_DAEMON
-    echo 'Type=simple' >> $TRACKER_DAEMON
-    echo 'User=tracker' >> $TRACKER_DAEMON
-    echo 'Group=tracker' >> $TRACKER_DAEMON
-    echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON
-    echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo 'TimeoutSec=300' >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo '[Install]' >> $TRACKER_DAEMON
-    echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
+    { echo '[Unit]';
+      echo 'Description=Torrent Tracker';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=tracker';
+      echo 'Group=tracker';
+      echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker";
+      echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$TRACKER_DAEMON"
 
-    chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then
-        mkdir $rootdir$MESH_INSTALL_DIR/tracker
+    chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/tracker/" -s /bin/false tracker
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/tracker" ]; then
+        mkdir "$rootdir$MESH_INSTALL_DIR/tracker"
     fi
-    chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker
+    chroot "$rootdir" chown -R tracker:tracker "$MESH_INSTALL_DIR/tracker"
 
     # publish regularly
     MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
-    echo '#!/bin/bash' > $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    chmod +x $MESH_SYNC_COMMAND
+    { echo '#!/bin/bash';
+      echo '/usr/local/bin/toxavahi 2> /dev/null';
+      echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
+    chmod +x "$MESH_SYNC_COMMAND"
 
-    if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then
-        echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
+    if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
+        { echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null";
+          echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
+          echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
     fi
 
     chroot "$rootdir" systemctl enable tracker.service
@@ -526,95 +527,95 @@ function mesh_zeronet {
 }
 
 function mesh_zeronet_blog {
-    ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_BLOG_REPO=$(grep "ZERONET_BLOG_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_BLOG_COMMIT=$(grep "ZERONET_BLOG_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then
+    git clone "$ZERONET_BLOG_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" ]; then
         echo $'ZeroBlog repo could not be cloned'
         exit 6739
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
-    git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 247824628
+    git checkout "$ZERONET_BLOG_COMMIT" -b "$ZERONET_BLOG_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_mail {
-    ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_MAIL_REPO=$(grep "ZERONET_MAIL_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_MAIL_COMMIT=$(grep "ZERONET_MAIL_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then
+    git clone "$ZERONET_MAIL_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" ]; then
         echo $'ZeroMail repo could not be cloned'
         exit 78493
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
-    git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 2467824628
+    git checkout "$ZERONET_MAIL_COMMIT" -b "$ZERONET_MAIL_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_forum {
-    ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_FORUM_REPO=$(grep "ZERONET_FORUM_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_FORUM_COMMIT=$(grep "ZERONET_FORUM_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then
+    git clone "$ZERONET_FORUM_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" ]; then
         echo $'ZeroTalk repo could not be cloned'
         exit 78252
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
-    git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" || exit 246824628
+    git checkout "$ZERONET_FORUM_COMMIT" -b "$ZERONET_FORUM_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_id {
-    ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_ID_REPO=$(grep "ZERONET_ID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_ID_COMMIT=$(grep "ZERONET_ID_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then
+    git clone "$ZERONET_ID_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" ]; then
         echo $'ZeroID repo could not be cloned'
         exit 37936
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
-    git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" || exit 8723563244
+    git checkout "$ZERONET_ID_COMMIT" -b "$ZERONET_ID_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function install_zeronet {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_zeronet
         mesh_zeronet_blog
         mesh_zeronet_mail

src/freedombone-archive-mail

@@ -33,34 +33,34 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-archive-mail
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation"
 
 for d in /home/*/ ; do
     USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
     if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
         # for every user who has a mail directory
-        if [ -d /home/$USERNAME/Maildir ]; then
+        if [ -d "/home/$USERNAME/Maildir" ]; then
             MUTTRC=/home/$USERNAME/.muttrc
             # update archives
             python /usr/bin/cleanup-maildir --archive-folder="archive" --maildir-root="/home/$USERNAME/Maildir" archive ""
             # ensure the user has permissions on the archives
             for archive_dir in /home/$USERNAME/Maildir/archive-* ; do
-                chown -R $USERNAME:$USERNAME $archive_dir
+                chown -R "$USERNAME":"$USERNAME" "$archive_dir"
             done
             # add the archive to .muttrc if needed
-            if [ -f $MUTTRC ]; then
-                MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
+            if [ -f "$MUTTRC" ]; then
+                MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
                 YR=$(date +"%Y")
                 PREV_YR=$((YR - 1))
                 BACKUP_DIRECTORY=archive-$YR
                 PREV_BACKUP_DIRECTORY=archive-$PREV_YR
                 if [[ $MUTT_MAILBOXES != *$BACKUP_DIRECTORY* ]]; then
                     if [[ $MUTT_MAILBOXES == *$PREV_BACKUP_DIRECTORY* ]]; then
-                        sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" $MUTTRC
+                        sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" "$MUTTRC"
                     else
-                        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" $MUTTRC
+                        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" "$MUTTRC"
                     fi
-                    chown $USERNAME:$USERNAME $MUTTRC
+                    chown "$USERNAME":"$USERNAME" "$MUTTRC"
                 fi
             fi
         fi

src/freedombone-backup-local

@@ -59,13 +59,13 @@ function please_wait {
 
 please_wait
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # include utils which allow function_check and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 clear
@@ -82,7 +82,7 @@ ADMIN_NAME=
 # Sites are suspended so that verification should work
 SUSPENDED_SITE=
 
-DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
 
 function make_backup_directory {
     # make a backup directory on the drive
@@ -100,7 +100,7 @@ function make_backup_directory {
 function check_storage_space_remaining {
     # Check space remaining on the usb drive
     used_percent=$(df -k $USB_MOUNT | tail -n 1 | awk -F ' ' '{print $5}' | awk -F '%' '{print $1}')
-    if [ $used_percent -gt 95 ]; then
+    if [ "$used_percent" -gt 95 ]; then
         echo $"Less than 5% of space remaining on backup drive"
         umount $USB_MOUNT
         rm -rf $USB_MOUNT
@@ -114,105 +114,105 @@ function backup_users {
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # Backup any gpg keys
-            if [ -d /home/$USERNAME/.gnupg ]; then
+            if [ -d "/home/$USERNAME/.gnupg" ]; then
                 echo $"Backing up gpg keys for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.gnupg gnupg/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
             fi
 
             # Backup any personal settings
-            if [ -d /home/$USERNAME/personal ]; then
+            if [ -d "/home/$USERNAME/personal" ]; then
                 echo $"Backing up personal settings for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/personal personal/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/personal" "personal/$USERNAME"
             fi
 
             # Backup ssh keys
-            if [ -d /home/$USERNAME/.ssh ]; then
+            if [ -d "/home/$USERNAME/.ssh" ]; then
                 echo $"Backing up ssh keys for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.ssh ssh/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.ssh" "ssh/$USERNAME"
             fi
 
             # Backup fin database if it exists
-            if [ -d /home/$USERNAME/.fin ]; then
+            if [ -d "/home/$USERNAME/.fin" ]; then
                 echo $"Backing up fin files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.fin fin/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.fin" "fin/$USERNAME"
             fi
 
             # Backup emacs
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
-                backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.emacs.d" "config/$USERNAME"
             fi
 
             # Backup user configs
-            if [ -d /home/$USERNAME/.config ]; then
+            if [ -d "/home/$USERNAME/.config" ]; then
                 echo $"Backing up config files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.config config/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.config" "config/$USERNAME"
             fi
 
             # Backup monkeysphere
-            if [ -d /home/$USERNAME/.monkeysphere ]; then
+            if [ -d "/home/$USERNAME/.monkeysphere" ]; then
                 echo $"Backing up monkeysphere files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
             fi
 
             # Backup user local
-            if [ -d /home/$USERNAME/.local ]; then
+            if [ -d "/home/$USERNAME/.local" ]; then
                 echo $"Backing up local files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.local local/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.local" "local/$USERNAME"
             fi
 
             # Backup mutt
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 echo $"Backing up Mutt settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup
+                cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
                 if [ -f /etc/Muttrc ]; then
-                    cp /etc/Muttrc /home/$USERNAME/tempbackup
+                    cp /etc/Muttrc "/home/$USERNAME/tempbackup"
                 fi
-                backup_directory_to_usb /home/$USERNAME/tempbackup mutt/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
             fi
-            if [ -d /home/$USERNAME/.mutt ]; then
+            if [ -d "/home/$USERNAME/.mutt" ]; then
                 echo $"Backing up Mutt configurations for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                backup_directory_to_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
             fi
 
             # Backup email
-            if [ -d /home/$USERNAME/Maildir ]; then
+            if [ -d "/home/$USERNAME/Maildir" ]; then
                 echo $"Stopping mail server"
                 systemctl stop exim4
                 echo $"Creating an email archive for $USERNAME"
-                if [ ! -d /root/tempbackupemail/$USERNAME ]; then
-                    mkdir -p /root/tempbackupemail/$USERNAME
+                if [ ! -d "/root/tempbackupemail/$USERNAME" ]; then
+                    mkdir -p "/root/tempbackupemail/$USERNAME"
                 fi
-                tar -czvf /root/tempbackupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir
+                tar -czvf "/root/tempbackupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
                 echo $"Restarting mail server"
                 systemctl start exim4
                 echo $"Backing up emails for $USERNAME"
-                backup_directory_to_usb /root/tempbackupemail/$USERNAME mail/$USERNAME
+                backup_directory_to_usb "/root/tempbackupemail/$USERNAME" "mail/$USERNAME"
             fi
 
             # Backup spamassassin
-            if [ -d /home/$USERNAME/.spamassassin ]; then
+            if [ -d "/home/$USERNAME/.spamassassin" ]; then
                 echo $"Backing up spamassassin settings for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.spamassassin spamassassin/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
             fi
 
             # Backup procmail
-            if [ -f /home/$USERNAME/.procmailrc ]; then
+            if [ -f "/home/$USERNAME/.procmailrc" ]; then
                 echo $"Backing up procmail settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
-                backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
+                cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
+                backup_directory_to_usb "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
             fi
 
-            gpg_agent_enable $USERNAME
+            gpg_agent_enable "$USERNAME"
         fi
     done
 }
@@ -231,11 +231,11 @@ function backup_directories {
     for dr in "${backup_dirs[@]}"
     do
         # if this directory exists then back it up to the given destination
-        source_directory=$(echo $dr | awk -F ',' '{print $1}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-        if [ -d $source_directory ]; then
-            dest_directory=$(echo $dr | awk -F ',' '{print $2}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+        source_directory=$(echo "$dr" | awk -F ',' '{print $1}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+        if [ -d "$source_directory" ]; then
+            dest_directory=$(echo "$dr" | awk -F ',' '{print $2}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
             echo $"Backing up $source_directory to $dest_directory"
-            backup_directory_to_usb $source_directory $dest_directory
+            backup_directory_to_usb "$source_directory" "$dest_directory"
         fi
 
         restart_site
@@ -243,8 +243,8 @@ function backup_directories {
 }
 
 function remove_backup_directory {
-    if [ $1 ]; then
-        if [[ $1 == "remove" ]]; then
+    if [ "$1" ]; then
+        if [[ "$1" == "remove" ]]; then
             if [ -d $USB_MOUNT/backup ]; then
                 rm -rf $USB_MOUNT/backup
                 echo $'Existing backup directory removed'
@@ -274,7 +274,7 @@ function backup_blocklist {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
         cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
     fi
     backup_directory_to_usb $temp_backup_dir blocklist
@@ -287,8 +287,8 @@ function backup_configfiles {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
-        cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
+        cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
     fi
     if [ -f /root/.nostore ]; then
         cp -f /root/.nostore $temp_backup_dir
@@ -297,13 +297,13 @@ function backup_configfiles {
             rm $temp_backup_dir/.nostore
         fi
     fi
-    cp -f $CONFIGURATION_FILE $temp_backup_dir
-    cp -f $COMPLETION_FILE $temp_backup_dir
+    cp -f "$CONFIGURATION_FILE" $temp_backup_dir
+    cp -f "$COMPLETION_FILE" $temp_backup_dir
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
-    if [ -f $MONGODB_APPS_FILE ]; then
-        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
     fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
@@ -355,7 +355,8 @@ function backup_postgresql {
     if [ ! -d $temp_backup_dir ]; then
         mkdir $temp_backup_dir
     fi
-    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    # shellcheck disable=SC2024
+    sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
     if [ ! -s $temp_backup_dir/postgresql.sql ]; then
         echo $"Unable to backup postgresql settings"
         rm -rf $temp_backup_dir
@@ -375,8 +376,8 @@ if [[ $1 == "remove" ]]; then
 fi
 
 gpg_agent_setup root
-backup_mount_drive $1 $2
-remove_backup_directory $remove_option
+backup_mount_drive "$1" "$2"
+remove_backup_directory "$remove_option"
 make_backup_directory
 check_storage_space_remaining
 backup_users

src/freedombone-backup-remote

@@ -43,30 +43,30 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # utilities needed for backup commands
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # Temporary location for data to be backed up to other servers
 SERVER_DIRECTORY=/root/remotebackup
 
 # get the version of Go being used
-GO_VERSION=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go | grep 'GO_VERSION=' | head -n 1 | awk -F '=' '{print $2}')
+GO_VERSION=$(grep 'GO_VERSION=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go" | head -n 1 | awk -F '=' '{print $2}')
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
-ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)
+ADMIN_NAME=$(getent passwd "$ADMIN_USERNAME" | cut -d: -f5 | cut -d, -f1)
 ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
 if [ ! -f /etc/ssl/private/backup.key ]; then
     echo $"Creating backup key"
     ${PROJECT_NAME}-addcert -h backup --dhkey 2048
 fi
 
-if [ ! -f /home/${ADMIN_USERNAME}/backup.list ]; then
+if [ ! -f "/home/${ADMIN_USERNAME}/backup.list" ]; then
     exit 1
 fi
 
@@ -92,16 +92,16 @@ function suspend_site {
         return
     fi
     SUSPENDED_SITE="$1"
-    nginx_dissite $SUSPENDED_SITE
+    nginx_dissite "$SUSPENDED_SITE"
     systemctl reload nginx
 }
 
 function restart_site {
     # restarts a given website
-    if [ ! $SUSPENDED_SITE ]; then
+    if [ ! "$SUSPENDED_SITE" ]; then
         return
     fi
-    nginx_ensite $SUSPENDED_SITE
+    nginx_ensite "$SUSPENDED_SITE"
     systemctl reload nginx
     SUSPENDED_SITE=
 }
@@ -115,7 +115,7 @@ function backup_blocklist {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
         cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
     fi
     backup_directory_to_friend $temp_backup_dir blocklist
@@ -128,8 +128,8 @@ function backup_configfiles {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
-        cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
+        cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
     fi
     if [ -f /root/.nostore ]; then
         cp -f /root/.nostore $temp_backup_dir
@@ -138,13 +138,13 @@ function backup_configfiles {
             rm $temp_backup_dir/.nostore
         fi
     fi
-    cp -f $CONFIGURATION_FILE $temp_backup_dir
-    cp -f $COMPLETION_FILE $temp_backup_dir
+    cp -f "$CONFIGURATION_FILE" $temp_backup_dir
+    cp -f "$COMPLETION_FILE" $temp_backup_dir
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
-    if [ -f $MONGODB_APPS_FILE ]; then
-        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
     fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
@@ -158,114 +158,114 @@ function backup_users {
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # personal settings
-            if [ -d /home/$USERNAME/personal ]; then
+            if [ -d "/home/$USERNAME/personal" ]; then
                 echo $"Backing up personal settings for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/personal personal/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/personal" "personal/$USERNAME"
             fi
 
             # gpg keys
-            if [ -d /home/$USERNAME/.gnupg ]; then
+            if [ -d "/home/$USERNAME/.gnupg" ]; then
                 echo $"Backing up gpg keys for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.gnupg gnupg/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
             fi
 
             # ssh keys
-            if [ -d /home/$USERNAME/.ssh ]; then
+            if [ -d "/home/$USERNAME/.ssh" ]; then
                 echo $"Backing up ssh keys for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.ssh ssh/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.ssh" "ssh/$USERNAME"
             fi
 
             # syncthing files
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
 
             # config files
-            if [ -d /home/$USERNAME/.config ]; then
+            if [ -d "/home/$USERNAME/.config" ]; then
                 echo $"Backing up config files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.config config/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.config" "config/$USERNAME"
             fi
 
             # monkeysphere files
-            if [ -d /home/$USERNAME/.monkeysphere ]; then
+            if [ -d "/home/$USERNAME/.monkeysphere" ]; then
                 echo $"Backing up monkeysphere files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
             fi
 
             # fin files
-            if [ -d /home/$USERNAME/.fin ]; then
+            if [ -d "/home/$USERNAME/.fin" ]; then
                 echo $"Backing up fin files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.fin fin/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.fin" "fin/$USERNAME"
             fi
 
             # local files
-            if [ -d /home/$USERNAME/.local ]; then
+            if [ -d "/home/$USERNAME/.local" ]; then
                 echo $"Backing up local files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.local local/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.local" "local/$USERNAME"
             fi
 
             # mutt settings
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 echo $"Backing up Mutt settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup
+                cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
                 if [ -f /etc/Muttrc ]; then
-                    cp /etc/Muttrc /home/$USERNAME/tempbackup
+                    cp /etc/Muttrc "/home/$USERNAME/tempbackup"
                 fi
-                backup_directory_to_friend /home/$USERNAME/tempbackup mutt/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
             fi
-            if [ -d /home/$USERNAME/.mutt ]; then
+            if [ -d "/home/$USERNAME/.mutt" ]; then
                 echo $"Backing up Mutt configurations for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                backup_directory_to_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
             fi
 
             # procmail settings
-            if [ -f /home/$USERNAME/.procmailrc ]; then
+            if [ -f "/home/$USERNAME/.procmailrc" ]; then
                 echo $"Backing up procmail settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
-                backup_directory_to_friend /home/$USERNAME/tempbackup procmail/$USERNAME
+                cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
+                backup_directory_to_friend "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
             fi
 
             # spamassassin settings
-            if [ -d /home/$USERNAME/.spamassassin ]; then
+            if [ -d "/home/$USERNAME/.spamassassin" ]; then
                 echo $"Backing up spamassassin settings for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.spamassassin spamassassin/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
             fi
 
             # email
-            if [ -d /home/$USERNAME/Maildir ]; then
+            if [ -d "/home/$USERNAME/Maildir" ]; then
                 echo $"Stopping mail server"
                 systemctl stop exim4
                 echo $"Creating an email archive"
-                if [ ! -d /root/backupemail/$USERNAME ]; then
-                    mkdir -p /root/backupemail/$USERNAME
+                if [ ! -d "/root/backupemail/$USERNAME" ]; then
+                    mkdir -p "/root/backupemail/$USERNAME"
                 fi
-                tar -czvf /root/backupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir
+                tar -czvf "/root/backupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
                 echo $"Restarting mail server"
                 systemctl start exim4
                 echo $"Backing up emails for $USERNAME"
-                backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
+                backup_directory_to_friend "/root/backupemail/$USERNAME" "mail/$USERNAME"
             fi
-            gpg_agent_enable $USERNAME
+            gpg_agent_enable "$USERNAME"
         fi
     done
 }
@@ -313,13 +313,13 @@ function backup_web_server {
 }
 
 function backup_admin_readme {
-    if [ -f /home/$ADMIN_USERNAME/README ]; then
+    if [ -f "/home/$ADMIN_USERNAME/README" ]; then
         echo $"Backing up README"
-        if [ ! -d /home/$ADMIN_USERNAME/tempbackup ]; then
-            mkdir -p /home/$ADMIN_USERNAME/tempbackup
+        if [ ! -d "/home/$ADMIN_USERNAME/tempbackup" ]; then
+            mkdir -p "/home/$ADMIN_USERNAME/tempbackup"
         fi
-        cp -f /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/tempbackup
-        backup_directory_to_friend /home/$ADMIN_USERNAME/tempbackup readme
+        cp -f "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/tempbackup"
+        backup_directory_to_friend "/home/$ADMIN_USERNAME/tempbackup" readme
     fi
 }
 
@@ -330,12 +330,12 @@ function backup_mariadb {
             mkdir $temp_backup_dir
         fi
         keep_database_running
-        mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql
+        mysqldump --password="$DATABASE_PASSWORD" mysql user > "$temp_backup_dir/mysql.sql"
         if [ ! -s $temp_backup_dir/mysql.sql ]; then
             echo $"Unable to backup MariaDB settings"
             rm -rf $temp_backup_dir
             # Send a warning email
-            echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+            echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
             exit 653
         fi
         echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
@@ -353,12 +353,13 @@ function backup_postgresql {
     if [ ! -d $temp_backup_dir ]; then
         mkdir $temp_backup_dir
     fi
-    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    # shellcheck disable=SC2024
+    sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
     if [ ! -s $temp_backup_dir/postgresql.sql ]; then
         echo $"Unable to backup postgresql settings"
         rm -rf $temp_backup_dir
-        umount $USB_MOUNT
-        rm -rf $USB_MOUNT
+        umount "$USB_MOUNT"
+        rm -rf "$USB_MOUNT"
         exit 684365
     fi
     echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
@@ -375,10 +376,10 @@ function get_key_share {
     # Get a share index based on the supplied domain name
     # This ensures that the same share is always given to the same domain
     sharenumstr=$(md5sum <<< "$REMOTE_DOMAIN")
-    share_index=$(echo $((0x${sharenumstr%% *} % ${no_of_shares})) | tr -d -)
+    share_index=$(echo $((0x${sharenumstr%% *} % no_of_shares)) | tr -d -)
 
     # get the filename
-    share_files=(/home/$USERNAME/.gnupg_fragments/keyshare.asc.*)
+    share_files=("/home/$USERNAME/.gnupg_fragments/keyshare.asc.*")
     share_filename=${share_files[share_index]}
 
     echo "$share_filename"
@@ -391,35 +392,37 @@ function disperse_key_shares {
     REMOTE_PASSWORD=$4
     REMOTE_SERVER=$5
 
-    if [ -d /home/$USERNAME/.gnupg_fragments ]; then
-        if [ $REMOTE_DOMAIN ]; then
-            cd /home/$USERNAME/.gnupg_fragments
+    if [ -d "/home/$USERNAME/.gnupg_fragments" ]; then
+        if [ "$REMOTE_DOMAIN" ]; then
+            cd "/home/$USERNAME/.gnupg_fragments" || exit 34687246462
+            # shellcheck disable=SC2012
             no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
             if (( no_of_shares > 1 )); then
-                share_filename=$(get_key_share $no_of_shares "$USERNAME" "$REMOTE_DOMAIN")
+                share_filename=$(get_key_share "$no_of_shares" "$USERNAME" "$REMOTE_DOMAIN")
 
                 # create a temp directory containing the share
                 temp_key_share_dir=/home/$USERNAME/tempkey
                 temp_key_share_fragments=$temp_key_share_dir/.gnupg_fragments_${USERNAME}
-                mkdir -p $temp_key_share_fragments
-                cp $share_filename $temp_key_share_fragments/
+                mkdir -p "$temp_key_share_fragments"
+                cp "$share_filename" "$temp_key_share_fragments/"
 
                 # copy the fragments directory to the remote server
                 /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
-                                 scp -r -P $REMOTE_SSH_PORT $temp_key_share_fragments $REMOTE_SERVER
+                                 scp -r -P "$REMOTE_SSH_PORT" "$temp_key_share_fragments" "$REMOTE_SERVER"
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     # Send a warning email
                     echo "Key share to $REMOTE_SERVER failed" | \
-                        mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS
+                        mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
                 else
                     # Send a confirmation email
                     echo "Key ${share_filename} shared to $REMOTE_SERVER" | \
-                        mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS
+                        mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
                 fi
 
                 # remove the temp file/directory
-                shred -zu $temp_key_share_fragments/*
-                rm -rf $temp_key_share_dir
+                shred -zu "$temp_key_share_fragments/*"
+                rm -rf "$temp_key_share_dir"
             fi
         fi
     fi
@@ -449,13 +452,13 @@ if [[ $TEST_MODE == "no" ]]; then
 fi
 
 # For each remote server
-while read remote_server
+while read -r remote_server
 do
     # Get the server and its password
     # Format is:
     #   username@domain <port number> /home/username <ssh password>
     REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
-    if [ $REMOTE_SERVER ]; then
+    if [ "$REMOTE_SERVER" ]; then
         REMOTE_DOMAIN=$(echo "${remote_server}" | awk -F ' ' '{print $1}' | awk -F '@' '{print $2}')
         REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
         REMOTE_DIRECTORY=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
@@ -469,23 +472,22 @@ do
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                disperse_key_shares $USERNAME $REMOTE_DOMAIN $REMOTE_SSH_PORT "$REMOTE_PASSWORD" $REMOTE_SERVER
+                disperse_key_shares "$USERNAME" "$REMOTE_DOMAIN" "$REMOTE_SSH_PORT" "$REMOTE_PASSWORD" "$REMOTE_SERVER"
             fi
         done
 
         if [[ $TEST_MODE == "yes" ]]; then
             echo "rsync -ratlzv --rsh=\"/usr/bin/sshpass -p '$REMOTE_PASSWORD' ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no\" $SERVER_DIRECTORY/backup $REMOTE_SERVER"
         fi
-        rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $SERVER_DIRECTORY/backup $REMOTE_SERVER
-        if [ ! "$?" = "0" ]; then
+        if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$SERVER_DIRECTORY/backup" "$REMOTE_SERVER"; then
             echo "$NOW Backup to $REMOTE_SERVER failed" >> /var/log/remotebackups.log
             # Send a warning email
-            echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+            echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
         else
             echo "$NOW Backed up to $REMOTE_SERVER" >> /var/log/remotebackups.log
         fi
     fi
 
-done < /home/${ADMIN_USERNAME}/backup.list
+done < "/home/${ADMIN_USERNAME}/backup.list"
 
 exit 0

src/freedombone-base-tripwire

@@ -37,7 +37,7 @@ function backup_remote_tripwire {
 }
 
 function remove_tripwire {
-    if ! grep -Fxq "tripwire" $COMPLETION_FILE; then
+    if ! grep -Fxq "tripwire" "$COMPLETION_FILE"; then
         return
     fi
     apt-get -yq remove --purge tripwire
@@ -45,11 +45,11 @@ function remove_tripwire {
         rm -rf /etc/tripwire
     fi
     rm /usr/bin/reset-tripwire
-    sed -i '/tripwire/d' $COMPLETION_FILE
+    sed -i '/tripwire/d' "$COMPLETION_FILE"
 }
 
 function install_tripwire {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -60,35 +60,35 @@ function install_tripwire {
 
     apt-get -yq install tripwire qrencode
     apt-get -yq autoremove
-    cd /etc/tripwire
+    cd /etc/tripwire || exit 246852845
 
-    echo 'ROOT          =/usr/sbin' > /etc/tripwire/twcfg.txt
-    echo 'POLFILE       =/etc/tripwire/tw.pol' >> /etc/tripwire/twcfg.txt
-    echo 'DBFILE        =/var/lib/tripwire/$(HOSTNAME).twd' >> /etc/tripwire/twcfg.txt
-    echo 'REPORTFILE    =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr' >> /etc/tripwire/twcfg.txt
-    echo 'SITEKEYFILE   =/etc/tripwire/$(HOSTNAME)-site.key' >> /etc/tripwire/twcfg.txt
-    echo 'LOCALKEYFILE  =/etc/tripwire/$(HOSTNAME)-local.key' >> /etc/tripwire/twcfg.txt
-    echo 'EDITOR        =/usr/bin/editor' >> /etc/tripwire/twcfg.txt
-    echo 'LATEPROMPTING =false' >> /etc/tripwire/twcfg.txt
-    echo 'LOOSEDIRECTORYCHECKING =false' >> /etc/tripwire/twcfg.txt
-    echo 'MAILNOVIOLATIONS =false' >> /etc/tripwire/twcfg.txt
-    echo 'EMAILREPORTLEVEL =3' >> /etc/tripwire/twcfg.txt
-    echo 'REPORTLEVEL   =3' >> /etc/tripwire/twcfg.txt
-    echo 'SYSLOGREPORTING =false' >> /etc/tripwire/twcfg.txt
-    echo 'MAILMETHOD    =SENDMAIL' >> /etc/tripwire/twcfg.txt
-    echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t' >> /etc/tripwire/twcfg.txt
-    echo 'SMTPHOST      =localhost' >> /etc/tripwire/twcfg.txt
-    echo 'SMTPPORT      =25' >> /etc/tripwire/twcfg.txt
-    echo 'TEMPDIRECTORY =/tmp' >> /etc/tripwire/twcfg.txt
-    echo 'MAILFROMADDRESS =tripwire@$(HOSTNAME)' >> /etc/tripwire/twcfg.txt
+    { echo 'ROOT          =/usr/sbin';
+      echo 'POLFILE       =/etc/tripwire/tw.pol';
+      echo "DBFILE        =/var/lib/tripwire/\$(HOSTNAME).twd";
+      echo "REPORTFILE    =/var/lib/tripwire/report/\$(HOSTNAME)-\$(DATE).twr";
+      echo "SITEKEYFILE   =/etc/tripwire/\$(HOSTNAME)-site.key";
+      echo "LOCALKEYFILE  =/etc/tripwire/\$(HOSTNAME)-local.key";
+      echo 'EDITOR        =/usr/bin/editor';
+      echo 'LATEPROMPTING =false';
+      echo 'LOOSEDIRECTORYCHECKING =false';
+      echo 'MAILNOVIOLATIONS =false';
+      echo 'EMAILREPORTLEVEL =3';
+      echo 'REPORTLEVEL   =3';
+      echo 'SYSLOGREPORTING =false';
+      echo 'MAILMETHOD    =SENDMAIL';
+      echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t';
+      echo 'SMTPHOST      =localhost';
+      echo 'SMTPPORT      =25';
+      echo 'TEMPDIRECTORY =/tmp';
+      echo "MAILFROMADDRESS =tripwire@\$(HOSTNAME)"; } > /etc/tripwire/twcfg.txt
 
     echo '
 
-       ' | twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key -S /etc/tripwire/${HOSTNAME}-site.key
+       ' | twadmin --generate-keys -L "/etc/tripwire/${HOSTNAME}-local.key" -S "/etc/tripwire/${HOSTNAME}-site.key"
 
     echo '
 
-       ' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
+       ' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt
 
     # make a script for easy resetting of the tripwire
     echo '#!/bin/sh' > /usr/bin/reset-tripwire
@@ -137,16 +137,16 @@ function install_tripwire {
     sed -i '/\/usr\/local\/bin/d' /etc/tripwire/twpol.txt
 
     # Avoid logging the changed database
-    sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
+    sed -i "s|\$(TWETC)/tw.pol.*||g" /etc/tripwire/twpol.txt
     # site key name
-    sed -i 's|$(TWETC)/site.key|$(TWETC)/$(HOSTNAME)-site.key|g' /etc/tripwire/twpol.txt
+    sed -i "s|$(TWETC)/site.key|\$(TWETC)/\$(HOSTNAME)-site.key|g" /etc/tripwire/twpol.txt
 
     # create the policy
     echo '
 
-       ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
+       ' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0

src/freedombone-client

@@ -55,11 +55,11 @@ if [ ! -f $MAIN_PROJECT_FILE ]; then
 fi
 
 # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
-UTILS_SSH=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh
-SSH_CIPHERS=$(cat $UTILS_SSH | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_MACS=$(cat $UTILS_SSH | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_KEX=$(cat $UTILS_SSH | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_HOST_KEY_ALGORITHMS=$(cat $UTILS_SSH | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
+UTILS_SSH="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh"
+SSH_CIPHERS=$(grep 'SSH_CIPHERS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_MACS=$(grep 'SSH_MACS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_KEX=$(grep 'SSH_KEX=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_HOST_KEY_ALGORITHMS=$(grep 'SSH_HOST_KEY_ALGORITHMS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
 
 # refresh gpg keys every few hours
 REFRESH_GPG_KEYS_HOURS=2
@@ -74,7 +74,7 @@ function global_rate_limit {
     fi
 
     sudo cp $SYSCTL_FILE ~/sysctl.conf
-    sudo chown $CURR_USER:$CURR_GROUP ~/sysctl.conf
+    sudo chown "$CURR_USER":"$CURR_GROUP" ~/sysctl.conf
     if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then
         echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf
     else
@@ -94,7 +94,7 @@ function refresh_gpg_keys {
         fi
     fi
     sudo cp /etc/crontab ~/temp_crontab
-    sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab
+    sudo chown "$CURR_USER":"$CURR_GROUP" ~/temp_crontab
     if ! grep -q 'gpg --refresh-keys' ~/temp_crontab; then
         echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
         sudo cp ~/temp_crontab /etc/crontab
@@ -105,8 +105,9 @@ function refresh_gpg_keys {
 
 # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
 function ssh_remove_small_moduli {
-    sudo awk '$5 > 2000' /etc/ssh/moduli > /home/$CURR_USER/moduli
-    sudo mv /home/$CURR_USER/moduli /etc/ssh/moduli
+    # shellcheck disable=SC2024
+    sudo awk '$5 > 2000' /etc/ssh/moduli > "/home/$CURR_USER/moduli"
+    sudo mv "/home/$CURR_USER/moduli" /etc/ssh/moduli
 }
 
 function configure_ssh_client {
@@ -124,7 +125,7 @@ function configure_ssh_client {
     sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
     if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
@@ -134,7 +135,7 @@ function configure_ssh_client {
     sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
     if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   Ciphers $SSH_CIPHERS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
@@ -142,17 +143,17 @@ function configure_ssh_client {
     sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
     if ! grep -q "MACs " /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   MACs $SSH_MACS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
     fi
 
     # Create ssh keys
-    if [ ! -f /home/$CURR_USER/.ssh/id_ed25519 ]; then
+    if [ ! -f "/home/$CURR_USER/.ssh/id_ed25519" ]; then
         ssh-keygen -t ed25519 -o -a 100
     fi
-    if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
+    if [ ! -f "/home/$CURR_USER/.ssh/id_rsa" ]; then
         ssh-keygen -t rsa -b 2048 -o -a 100
     fi
 
@@ -170,20 +171,20 @@ function configure_ssh_client {
     fi
     if ! grep -q "# ${PROJECT_NAME} settings" ~/.ssh/config; then
         if ! grep -q 'ProxyCommand' ~/.ssh/config; then
-            echo "# ${PROJECT_NAME} settings start" >> ~/.ssh/config
-            echo 'Host *.onion' >> ~/.ssh/config
-            echo '  ServerAliveInterval 60' >> ~/.ssh/config
-            echo '  ServerAliveCountMax 3' >> ~/.ssh/config
+            { echo "# ${PROJECT_NAME} settings start";
+              echo 'Host *.onion';
+              echo '  ServerAliveInterval 60';
+              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
 
-            if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then
+            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
                 echo "  ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; $proxycmd'" >> ~/.ssh/config
             else
                 echo "  ProxyCommand $proxycmd" >> ~/.ssh/config
             fi
-            echo 'Host *' >> ~/.ssh/config
-            echo '  ServerAliveInterval 60' >> ~/.ssh/config
-            echo '  ServerAliveCountMax 3' >> ~/.ssh/config
-            if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then
+            { echo 'Host *';
+              echo '  ServerAliveInterval 60';
+              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
+            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
                 echo '  ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config
             fi
             echo "# ${PROJECT_NAME} settings end" >> ~/.ssh/config
@@ -194,8 +195,8 @@ function configure_ssh_client {
     echo $'Go to the Administrator Control Panel, select "Manage Users", '
     echo $'"Change user ssh public key" then "yes" and paste the following:'
     echo ''
-    echo $(cat /home/$CURR_USER/.ssh/id_rsa.pub)
-    echo $(cat /home/$CURR_USER/.ssh/id_ed25519.pub)
+    cat "/home/$CURR_USER/.ssh/id_rsa.pub"
+    cat "/home/$CURR_USER/.ssh/id_ed25519.pub"
     echo ''
     echo $'Then go to "Security Settings", select "Allow ssh login with passwords"'
     echo $'and set it to "no".'
@@ -222,37 +223,37 @@ function setup_client_app_irc {
     else
         sudo pacman -S --noconfirm hexchat tor
     fi
-    if [ ! -d /home/$CURR_USER/.config/hexchat ]; then
-        mkdir -p /home/$CURR_USER/.config/hexchat
+    if [ ! -d "/home/$CURR_USER/.config/hexchat" ]; then
+        mkdir -p "/home/$CURR_USER/.config/hexchat"
     fi
-    echo 'net_proxy_host = 127.0.0.1' > /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_port = 9050' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_type = 3' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_use = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+    { echo 'net_proxy_host = 127.0.0.1';
+      echo 'net_proxy_port = 9050';
+      echo 'net_proxy_type = 3';
+      echo 'net_proxy_use = 0';
 
-    echo 'net_proxy_auth = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_pass = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_user = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'net_proxy_auth = 1';
+      echo 'net_proxy_pass = HexChat';
+      echo 'net_proxy_user = HexChat';
 
-    echo 'dcc_auto_chat = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'dcc_auto_resume = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'dcc_auto_send = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_hide_version = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'identd = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'dcc_auto_chat = 0';
+      echo 'dcc_auto_resume = 0';
+      echo 'dcc_auto_send = 0';
+      echo 'irc_hide_version = 1';
+      echo 'identd = 0';
 
-    echo 'away_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_part_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_quit_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'away_reason =';
+      echo 'irc_part_reason =';
+      echo 'irc_quit_reason =';
 
-    echo "irc_real_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_user_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick1 = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick2 = ${USER}_" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick3 = ${USER}__" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo "irc_real_name = ${USER}";
+      echo "irc_user_name = ${USER}";
+      echo "irc_nick1 = ${USER}";
+      echo "irc_nick2 = ${USER}_";
+      echo "irc_nick3 = ${USER}__";
 
-    echo 'completion_suffix = :' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'completion_suffix = :';
 
-    echo 'gui_slist_skip = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'gui_slist_skip = 1'; } > "/home/$CURR_USER/.config/hexchat/hexchat.conf"
 
     echo $'hexchat configured'
 }
@@ -272,8 +273,8 @@ function setup_client_app {
 
 function remove_known_hosts_entries {
     # remove any previous freedombone entries from known hosts
-    if [ -f /home/$CURR_USER/.ssh/known_hosts ]; then
-        sed -i "/${PROJECT_NAME}.local/d" /home/$CURR_USER/.ssh/known_hosts
+    if [ -f "/home/$CURR_USER/.ssh/known_hosts" ]; then
+        sed -i "/${PROJECT_NAME}.local/d" "/home/$CURR_USER/.ssh/known_hosts"
     fi
 }
 
@@ -294,7 +295,7 @@ function verify_ssh_server_key {
     kill ${pid}
 }
 
-while [[ $# > 0 ]]
+while [ $# -gt 0 ]
 do
     key="$1"
 

src/freedombone-clientcert

@@ -57,36 +57,36 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
-key="$1"
+    key="$1"
 
-case $key in
-    --help)
-    show_help
-    ;;
-    -u|--username)
+    case $key in
+        --help)
+            show_help
+            ;;
+        -u|--username)
+            shift
+            USERNAME="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
+    esac
     shift
-    USERNAME="$1"
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
-shift
 done
 
-if [ ! $USERNAME ]; then
+if [ ! "$USERNAME" ]; then
     echo $'No username specified'
     exit 5748
 fi
 
-if [ ! -d /home/$USERNAME ]; then
+if [ ! -d "/home/$USERNAME" ]; then
     echo $"User $USERNAME not found"
     exit 76239
 fi
 
-if [ -d /home/$USERNAME/emailcert ]; then
+if [ -d "/home/$USERNAME/emailcert" ]; then
     echo $'Client certs were already for created'
     exit 2953
 fi
@@ -97,75 +97,71 @@ fi
 
 # Add a user password
 if ! grep -q "$USERNAME:{plain}" /etc/dovecot/passwd-file; then
-  echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file
+    echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file
 fi
 
 chmod 600 /etc/dovecot/passwd-file
 
 # create a user cert
-${PROJECT_NAME}-addcert -h $USERNAME --nodh ""
+"${PROJECT_NAME}-addcert" -h "$USERNAME" --nodh ""
 
-if [ ! -f /etc/ssl/private/$USERNAME.key ]; then
+if [ ! -f "/etc/ssl/private/$USERNAME.key" ]; then
     echo $'User certificates were not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 74835
 fi
 
 # create a certificate request
 openssl req -new -sha256 -subj \
         "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" \
-        -key /etc/ssl/private/$USERNAME.key \
-        -out /etc/ssl/requests/$USERNAME.csr
+        -key "/etc/ssl/private/$USERNAME.key" \
+        -out "/etc/ssl/requests/$USERNAME.csr"
 
-if [ ! -f /etc/ssl/requests/$USERNAME.csr ]; then
+if [ ! -f "/etc/ssl/requests/$USERNAME.csr" ]; then
     echo $'Certificate request was not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 83520
 fi
 
 # sign the certificate request
-cd /etc/ssl
+cd /etc/ssl || exit 742742542
 openssl ca -config /etc/ssl/dovecot-ca.cnf \
-        -in /etc/ssl/requests/$USERNAME.csr \
-        -out /etc/ssl/certs/$USERNAME.cer
+        -in "/etc/ssl/requests/$USERNAME.csr" \
+        -out "/etc/ssl/certs/$USERNAME.cer"
 
-if [ ! -f /etc/ssl/certs/$USERNAME.cer ]; then
+if [ ! -f "/etc/ssl/certs/$USERNAME.cer" ]; then
     echo $'Authentication certificate was not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 343569
 fi
 
 # move the cert to the user's home
-mkdir /home/$USERNAME/emailcert
-mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert
-cp /etc/ssl/certs/dovecot.crt /home/$USERNAME/emailcert
-cp /etc/ssl/certs/ca-$HOSTNAME.crt /home/$USERNAME/emailcert
-mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert
-mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert
-openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer \
-        -out /home/$USERNAME/emailcert/$USERNAME.p12 \
-        -inkey /home/$USERNAME/emailcert/$USERNAME.key \
-        -certfile /home/$USERNAME/emailcert/ca-$HOSTNAME.crt \
+mkdir "/home/$USERNAME/emailcert"
+mv "/etc/ssl/certs/$USERNAME.cer" "/home/$USERNAME/emailcert"
+cp "/etc/ssl/certs/dovecot.crt" "/home/$USERNAME/emailcert"
+cp "/etc/ssl/certs/ca-$HOSTNAME.crt" "/home/$USERNAME/emailcert"
+mv "/etc/ssl/private/$USERNAME.key" "/home/$USERNAME/emailcert"
+mv "/etc/ssl/certs/$USERNAME.crt" "/home/$USERNAME/emailcert"
+openssl pkcs12 -export -in "/home/$USERNAME/emailcert/$USERNAME.cer" \
+        -out "/home/$USERNAME/emailcert/$USERNAME.p12" \
+        -inkey "/home/$USERNAME/emailcert/$USERNAME.key" \
+        -certfile "/home/$USERNAME/emailcert/ca-$HOSTNAME.crt" \
         -password pass:""
 
 # make an install script
-echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh
-echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv $USERNAME.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv dovecot.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv $USERNAME.key /etc/ssl/private" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo 'exit 0' >> /home/$USERNAME/emailcert/install.sh
+{ echo '#!/bin/bash';
+  echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs";
+  echo "sudo mv $USERNAME.crt /etc/ssl/certs";
+  echo "sudo mv dovecot.crt /etc/ssl/certs";
+  echo "sudo mv $USERNAME.key /etc/ssl/private";
+  echo 'exit 0'; } > "/home/$USERNAME/emailcert/install.sh"
 
 # set permissions for the user
-chmod -R 755 /home/$USERNAME/emailcert
-chown -R $USERNAME:$USERNAME /home/$USERNAME/emailcert
-chmod +x /home/$USERNAME/emailcert/install.sh
+chmod -R 755 "/home/$USERNAME/emailcert"
+chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert"
+chmod +x "/home/$USERNAME/emailcert/install.sh"
 
-shred -zu /etc/ssl/requests/$USERNAME.csr
+shred -zu "/etc/ssl/requests/$USERNAME.csr"
 
 echo $'Email authentication certificate created. You can obtain it on the client with:'
 echo ''

src/freedombone-config

@@ -43,7 +43,7 @@ export TEXTDOMAINDIR="/usr/share/locale"
 FREEDOMBONE_WEBSITE="https://freedombone.net or http://4fvfozz6g3zmvf76.onion"
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # file containing new password
 IMAGE_PASSWORD_FILE=/root/login.txt
@@ -118,18 +118,18 @@ function please_wait {
         echo -n ''
 }
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 function show_help {
@@ -157,23 +157,25 @@ function choose_email_address {
         while [ ${#MY_EMAIL_ADDRESS} -lt 5 ]
         do
             EMAIL_ADDRESS=$(grep 'MY_EMAIL_ADDRESS' temp.cfg | awk -F '=' '{print $2}')
-            if [ ! $EMAIL_ADDRESS ]; then
+            if [ ! "$EMAIL_ADDRESS" ]; then
                 EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
             fi
             if [ ${#MY_EMAIL_ADDRESS} -lt 5 ]; then
                 EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
             fi
 
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
-                   --inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> $data
+                   --inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> "$data"
             sel=$?
             case $sel in
-                0) MY_EMAIL_ADDRESS=$(cat $data);;
-                1) exit 1;;
-                255) exit 1;;
+                0) MY_EMAIL_ADDRESS=$(cat "$data");;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
     fi
     save_configuration_values
@@ -183,23 +185,24 @@ function choose_social_instance_domain_name {
     DEFAULT_DOMAIN_DETAILS_COMPLETE=
     while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
             dialog --backtitle $"Freedombone Configuration" \
                    --title $"Instance domain" \
-                   --form $"\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
+                   --form $"\\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
                    $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
                    $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
-                   2> $data
+                   2> "$data"
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
-            if [ $DEFAULT_DOMAIN_NAME ]; then
+            DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
+            DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
+            if [ "$DEFAULT_DOMAIN_NAME" ]; then
                 validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                 if [ ! $VALID_CODE ]; then
                     DEFAULT_DOMAIN_NAME=
@@ -208,24 +211,27 @@ function choose_social_instance_domain_name {
         else
             dialog --backtitle $"Freedombone Configuration" \
                    --inputbox $"Enter your instance domain name:" 10 45 \
-                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0) DEFAULT_DOMAIN_NAME=$(cat $data);;
-                1) exit 1;;
-                255) exit 1;;
+                0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
         fi
-        if [ $DEFAULT_DOMAIN_NAME ]; then
+        if [ "$DEFAULT_DOMAIN_NAME" ]; then
             TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
             validate_domain_name
-            if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
+            if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
                 DEFAULT_DOMAIN_NAME=
                 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
             else
                 DEFAULT_DOMAIN_DETAILS_COMPLETE="yes"
             fi
         fi
+        rm -f "$data"
     done
     save_configuration_values
 }
@@ -242,8 +248,7 @@ function choose_default_domain_name {
         DEFAULT_DOMAIN_DETAILS_COMPLETE=
         while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Your main domain name" \
@@ -252,23 +257,26 @@ function choose_default_domain_name {
                        $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
                        $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
                        $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
-                       2> $data
+                       2> "$data"
                 sel=$?
                 case $sel in
-                    1) exit 1;;
-                    255) exit 1;;
+                    1) rm -f "$data"
+                       exit 1;;
+                    255) rm -f "$data"
+                         exit 1;;
                 esac
-                DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-                DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
-                EMAIL_DOMAIN_CODE=$(cat $data | sed -n 3p)
-                XMPP_DOMAIN_CODE=$(cat $data | sed -n 4p)
-                if [ $DEFAULT_DOMAIN_NAME ]; then
+                DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
+                DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
+                EMAIL_DOMAIN_CODE=$(sed -n 3p < "$data")
+                XMPP_DOMAIN_CODE=$(sed -n 4p < "$data")
+                rm -f "$data"
+                if [ "$DEFAULT_DOMAIN_NAME" ]; then
                     validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
                     fi
                 fi
-                if [ $EMAIL_DOMAIN_CODE ]; then
+                if [ "$EMAIL_DOMAIN_CODE" ]; then
                     validate_freedns_code "$EMAIL_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
@@ -277,7 +285,7 @@ function choose_default_domain_name {
                         write_config_param "EMAIL_DOMAIN_CODE" "$EMAIL_DOMAIN_CODE"
                     fi
                 fi
-                if [ $XMPP_DOMAIN_CODE ]; then
+                if [ "$XMPP_DOMAIN_CODE" ]; then
                     validate_freedns_code "$XMPP_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
@@ -289,18 +297,20 @@ function choose_default_domain_name {
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \
-                       "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                       "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
                 sel=$?
                 case $sel in
-                    0) DEFAULT_DOMAIN_NAME=$(cat $data);;
-                    1) exit 1;;
-                    255) exit 1;;
+                    0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
+                    1) rm -f "$data"
+                       exit 1;;
+                    255) rm -f "$data"
+                         exit 1;;
                 esac
             fi
-            if [ $DEFAULT_DOMAIN_NAME ]; then
+            if [ "$DEFAULT_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
                     DEFAULT_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
@@ -313,8 +323,7 @@ function choose_default_domain_name {
 }
 
 function dynamic_dns_setup {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --radiolist $"Choose Dynamic DNS provider:" 40 40 40 \
            1 dyn.com off \
@@ -349,13 +358,15 @@ function dynamic_dns_setup {
            30 strato.com off \
            31 freemyip.com off \
            32 cloudxns.net off \
-           33 none off 2> $data
+           33 none off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) DDNS_PROVIDER="default@www.dyn.com";;
         2) DDNS_PROVIDER="default@freedns.afraid.org";;
         3) DDNS_PROVIDER="default@www.zoneedit.com";;
@@ -389,8 +400,10 @@ function dynamic_dns_setup {
         31) DDNS_PROVIDER="default@freemyip.com";;
         32) DDNS_PROVIDER="default@www.cloudxns.net";;
         33) DDNS_PROVIDER="none";;
-        255) exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
+    rm -f "$data"
     save_configuration_values
 
     valid_ddns_username=
@@ -403,50 +416,55 @@ function dynamic_dns_setup {
     else
         while [ ! $valid_ddns_username ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
-                   --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0)  possible_username=$(cat $data)
+                0)  possible_username=$(cat "$data")
                     if [ "$possible_username" ]; then
                         if [ ${#possible_username} -gt 1 ]; then
-                            valid_ddns_username=$(cat $data)
-                            DDNS_USERNAME=$valid_ddns_username
+                            valid_ddns_username=$(cat "$data")
+                            DDNS_USERNAME="$valid_ddns_username"
+                            rm -f "$data"
                             break;
                         fi
                     fi
                     ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
         save_configuration_values
 
         while [ ! $valid_ddns_password ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
                    --clear \
                    --insecure \
-                   --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0)  possible_password=$(cat $data)
+                0)  possible_password=$(cat "$data")
                     if [ "$possible_password" ]; then
                         if [ ${#possible_password} -gt 1 ]; then
-                            valid_ddns_password=$(cat $data)
+                            valid_ddns_password=$(cat "$data")
                             DDNS_PASSWORD=$valid_ddns_password
                             break;
                         fi
                     fi
                     ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            if [ ${#DDNS_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            rm -f "$data"
+            if [ ${#DDNS_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 dialog --title $"Password quality check" --msgbox $"The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters. You may need to change your password on the dynamic DNS provider's web site." 10 40
                 DDNS_PASSWORD=""
             fi
@@ -458,10 +476,10 @@ function dynamic_dns_setup {
 function choose_dynamic_dns {
     DDNS_PROVIDER="none"
 
-    if [[ $SYSTEM_TYPE != "mesh"* && $ONION_ONLY == "no" ]]; then
+    if [[ "$SYSTEM_TYPE" != "mesh"* && "$ONION_ONLY" == "no" ]]; then
         dialog --title $"Dynamic DNS" \
                --backtitle $"Freedombone Configuration" \
-               --yesno $"\nConfigure a dynamic DNS service?\n\nIf it is already handled by your internet router then select 'no'." 10 50
+               --yesno $"\\nConfigure a dynamic DNS service?\\n\\nIf it is already handled by your internet router then select 'no'." 10 50
         sel=$?
         case $sel in
             0) dynamic_dns_setup;;
@@ -472,9 +490,8 @@ function choose_dynamic_dns {
 }
 
 function choose_debian_repo {
-    if [[ $MINIMAL_INSTALL == "no" ]]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+    if [[ "$MINIMAL_INSTALL" == "no" ]]; then
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
                --radiolist $"Where to download Debian packages from:" 25 45 49 \
                1 $"Australia" off \
@@ -525,13 +542,15 @@ function choose_debian_repo {
                46 $"Turkey" off \
                47 $"Ukraine" off \
                48 $"United Kingdom" off \
-               49 $"United States" on 2> $data
+               49 $"United States" on 2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) DEBIAN_REPO='ftp.au.debian.org';;
             2) DEBIAN_REPO='ftp.at.debian.org';;
             3) DEBIAN_REPO='ftp.by.debian.org';;
@@ -581,8 +600,10 @@ function choose_debian_repo {
             47) DEBIAN_REPO='ftp.ua.debian.org';;
             48) DEBIAN_REPO='ftp.uk.debian.org';;
             49) DEBIAN_REPO='ftp.us.debian.org';;
-            255) exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
+        rm -f "$data"
         save_configuration_values
     else
         DEBIAN_REPO='ftp.de.debian.org'
@@ -591,28 +612,31 @@ function choose_debian_repo {
 
 function choose_rng {
     if [[ $MINIMAL_INSTALL == "no" ]]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
-        if [[ $INSTALLING_ON_BBB != "yes" ]]; then
+        data=$(mktemp 2>/dev/null)
+        if [[ "$INSTALLING_ON_BBB" != "yes" ]]; then
             dialog --backtitle $"Freedombone Configuration" \
                    --radiolist $"Type of Random Number Generator:" 10 40 2 \
                    1 Haveged on \
-                   2 OneRNG off 2> $data
+                   2 OneRNG off 2> "$data"
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            case $(cat $data) in
+            case $(cat "$data") in
                 2) HWRNG_TYPE="onerng"
                    dialog --title $"OneRNG Device" \
                           --msgbox $"Please ensure that the OneRNG device is disconnected. You can reconnect it later during the installation" 8 60
                    ;;
-                255) exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
         else
             HWRNG_TYPE="beaglebone"
         fi
+        rm -f "$data"
         save_configuration_values
     fi
 }
@@ -621,9 +645,7 @@ function choose_social_key_management {
     if [[ $MINIMAL_INSTALL == "no" ]]; then
         interactive_gpg
 
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
-        SOCIAL_KEY_STR=$"\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\n\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
+        SOCIAL_KEY_STR=$"\\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\\n\\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
         if [[ $(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" temp.cfg | awk -F '=' '{print $2}') == "yes" ]]; then
             dialog --title $"Social Key Management" \
                    --backtitle $"Freedombone Configuration" \
@@ -659,36 +681,36 @@ function choose_username {
             if [ ! $SELECTED_USERNAME ]; then
                 SELECTED_USERNAME=$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
             fi
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
                    --title $"Username" \
-                   --inputbox $"Set your username for the system\n\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> $data
+                   --inputbox $"Set your username for the system\\n\\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> "$data"
             sel=$?
             case $sel in
-                0) possible_username=$(cat $data)
+                0) possible_username=$(cat "$data")
                    SELECTED_USERNAME=
-                   if [[ $possible_username != *' '* && $possible_username != *'/'* && $possible_username != *'\'* && $possible_username != *'*'* ]]; then
-                       if [ $possible_username ]; then
+                   if [[ "$possible_username" != *' '* && "$possible_username" != *'/'* && "$possible_username" != *'*'* ]]; then
+                       if [ "$possible_username" ]; then
                            if [ ${#possible_username} -gt 1 ]; then
-                               if [[ $possible_username != $GENERIC_IMAGE_USERNAME ]]; then
-                                   MY_USERNAME=$(cat $data)
+                               if [[ "$possible_username" != "$GENERIC_IMAGE_USERNAME" ]]; then
+                                   MY_USERNAME=$(cat "$data")
                                    please_wait
                                    echo ''
                                    echo $'Creating user account'
                                    chmod 600 /etc/shadow
                                    chmod 600 /etc/gshadow
-                                   useradd -m -s /bin/bash $MY_USERNAME
+                                   useradd -m -s /bin/bash "$MY_USERNAME"
                                    chmod 0000 /etc/shadow
                                    chmod 0000 /etc/gshadow
-                                   if [ -d /home/$MY_USERNAME ]; then
-                                       echo "${MY_USERNAME}:$(printf `cat $IMAGE_PASSWORD_FILE`)" | chpasswd
+                                   if [ -d "/home/$MY_USERNAME" ]; then
+                                       echo "${MY_USERNAME}:$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" | chpasswd
                                        # Add the user as a sudoer - they will be the new admin user
                                        if ! grep -q "$MY_USERNAME  ALL=(ALL) ALL" /etc/sudoers; then
                                            echo "$MY_USERNAME  ALL=(ALL) ALL" >> /etc/sudoers
                                            # remove the generic image admin user from sudoers
                                            sed -i "s|${GENERIC_IMAGE_USERNAME}.*||g" /etc/sudoers
                                        fi
+                                       rm -f "$data"
                                        break
                                    fi
                                fi
@@ -696,13 +718,16 @@ function choose_username {
                        fi
                    fi
                    ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
     else
         no_of_users=$(find /home/* -maxdepth 0 -type d | wc -l)
-        if [ $no_of_users -eq 1 ]; then
+        if [ "$no_of_users" -eq 1 ]; then
             # only a single user on the system
             MY_USERNAME=$(ls /home)
         else
@@ -741,13 +766,12 @@ function choose_full_name {
     valid_name=
     while [ ! $valid_name ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
-               --inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+               --inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
         sel=$?
         case $sel in
-            0)  possible_name=$(cat $data)
+            0)  possible_name=$(cat "$data")
                 if [ "$possible_name" ]; then
                     if [ ${#possible_name} -gt 1 ]; then
                         valid_name="$possible_name"
@@ -756,9 +780,12 @@ function choose_full_name {
                     fi
                 fi
                 ;;
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
+        rm -f "$data"
     done
     save_configuration_values
     please_wait
@@ -778,16 +805,17 @@ function choose_system_variant {
             varstate='on'
         fi
         varslist="$varslist $n $a $varstate"
-        n=$[n+1]
+        n=$((n+1))
     done
 
     variant_choice=$(dialog --stdout --backtitle $"Freedombone Configuration" \
                             --title $"Type of Installation" \
                             --radiolist $'Choose:' \
-                            27 40 20 $varslist)
+                            27 40 20 "$varslist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
-        variant_choice=$[variant_choice-1]
+        variant_choice=$((variant_choice-1))
         SYSTEM_TYPE=${available_variants_list[$variant_choice]}
         save_configuration_values
     fi
@@ -796,7 +824,7 @@ function choose_system_variant {
 function validate_freedns_code {
     freedns_code="$1"
 
-    FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\n\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters."
+    FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\\n\\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters."
 
     if [[ "$freedns_code" == *"."* || "$freedns_code" == "http"* || "$freedns_code" == *"wget "* || "$freedns_code" == *" "* ]]; then
         dialog --title $"Invalid FreeDNS Code" --msgbox "$FREEDNS_MESSAGE" 10 70
@@ -810,7 +838,7 @@ function validate_freedns_code {
 }
 
 # Get the commandline options
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -855,8 +883,7 @@ do
 done
 
 function interactive_select_language {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --radiolist $"Select your language:" 26 40 24 \
            1 $"Afrikaans" off \
@@ -926,13 +953,15 @@ function interactive_select_language {
            65 $"Thai" off \
            66 $"Turkish" off \
            67 $"Ukrainian" off \
-           68 $"Vietnamese" off 2> $data
+           68 $"Vietnamese" off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) DEFAULT_LANGUAGE='af_ZA.UTF-8';;
         2) DEFAULT_LANGUAGE='sq_AL.UTF-8';;
         3) DEFAULT_LANGUAGE='ar_SA.UTF-8';;
@@ -1002,6 +1031,7 @@ function interactive_select_language {
         67) DEFAULT_LANGUAGE='uk_UA.UTF-8';;
         68) DEFAULT_LANGUAGE='vi_VN.UTF-8';;
     esac
+    rm -f "$data"
     save_configuration_values
 
     please_wait
@@ -1021,22 +1051,26 @@ function interactive_select_language {
 function select_user {
     SELECTED_USERNAME=
 
-    users_array=($(ls /home))
+    homedirs=$(ls /home)
+    # shellcheck disable=SC2206
+    users_array=($homedirs)
 
     delete=(git)
-    for del in ${delete[@]}
+    for del in "${delete[@]}"
     do
+        # shellcheck disable=SC2206
         users_array=(${users_array[@]/$del})
     done
 
     i=0
     W=()
     name=()
+    # shellcheck disable=SC2068
     for u in ${users_array[@]}
     do
         if [[ $(is_valid_user "$u") == "1" ]]; then
             i=$((i+1))
-            W+=($i "$u")
+            W+=("$i" "$u")
             name+=("$u")
         fi
     done
@@ -1046,6 +1080,7 @@ function select_user {
     else
         user_index=$(dialog --backtitle $"Freedombone Configuration" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+        # shellcheck disable=SC2181
         if [ $? -eq 0 ]; then
             SELECTED_USERNAME="${name[$((user_index-1))]}"
         fi
@@ -1055,19 +1090,19 @@ function select_user {
 function interactive_config {
     # create a temporary copy of the configuration file
     # which can be used to pre-populate selections
-    if [ -f $CONFIGURATION_FILE ]; then
-        cp $CONFIGURATION_FILE temp.cfg
+    if [ -f "$CONFIGURATION_FILE" ]; then
+        cp "$CONFIGURATION_FILE" temp.cfg
     fi
 
     interactive_select_language
 
-    if [ $SOCIALINSTANCE ]; then
-        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
+    if [ "$SOCIALINSTANCE" ]; then
+        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
     else
-        if [[ $ONION_ONLY == "no" ]]; then
-            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+        if [[ "$ONION_ONLY" == "no" ]]; then
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
         else
-            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nWeb sites created will only be viewable within a Tor browser.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
         fi
     fi
 
@@ -1079,7 +1114,7 @@ function interactive_config {
     choose_social_key_management
     choose_rng
     choose_debian_repo
-    ${PROJECT_NAME}-wifi --networksinteractive $WIFI_NETWORKS_FILE
+    "${PROJECT_NAME}-wifi" --networksinteractive "$WIFI_NETWORKS_FILE"
     choose_dynamic_dns
     choose_default_domain_name
     choose_email_address
@@ -1109,7 +1144,7 @@ function interactive_config {
     fi
 
     # This file indicates that the configuration happened successfully
-    touch $HOME/.${PROJECT_NAME}-interactive
+    touch "$HOME/.${PROJECT_NAME}-interactive"
 }
 
 function show_result {
@@ -1120,11 +1155,11 @@ function show_result {
     echo ''
     echo $'Contents:'
     echo ''
-    cat $CONFIGURATION_FILE
+    cat "$CONFIGURATION_FILE"
     echo ''
 }
 
-if [ ! $CONFIGURATION_FILE ]; then
+if [ ! "$CONFIGURATION_FILE" ]; then
     CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 fi
 

src/freedombone-controlpanel-user

@@ -34,17 +34,17 @@ export TEXTDOMAIN=${PROJECT_NAME}-controlpanel-user
 export TEXTDOMAINDIR="/usr/share/locale"
 
 MY_EMAIL_ADDRESS=$USER@$HOSTNAME
-GPG_ID=$(gpg --list-keys $MY_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
+GPG_ID=$(gpg --list-keys "$MY_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
 GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
 
 # If the default key is specified within gpg.conf
 if [ -f ~/.gnupg/gpg.conf ]; then
     if grep -q "default-key" ~/.gnupg/gpg.conf; then
-        default_gpg_key=$(cat ~/.gnupg/gpg.conf | grep "default-key")
+        default_gpg_key=$(grep "default-key" ~/.gnupg/gpg.conf)
         if [[ "$default_gpg_key" != *'#'* ]]; then
-            default_gpg_key=$(cat ~/.gnupg/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+            default_gpg_key=$(grep "default-key" ~/.gnupg/gpg.conf | awk -F ' ' '{print $2}')
             if [ ${#default_gpg_key} -gt 3 ]; then
-                GPG_ID=$(gpg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
+                GPG_ID=$(gpg --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
             fi
         fi
     fi
@@ -52,27 +52,29 @@ fi
 
 # Start including files
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+  source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-  source $f
+  source "$f"
 done
 
 # End including files
 
 function any_key {
     echo ' '
+    # shellcheck disable=SC2034
     read -n1 -r -p $"Press any key to continue..." key
 }
 
 function remove_user_from_mailing_list {
-    USER_MAILING_LISTS=$(cat "/home/$USER/.procmailrc" | grep '\[' | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}')
+    # shellcheck disable=SC1003
+    USER_MAILING_LISTS=$(grep '\[' "/home/$USER/.procmailrc" | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}')
 
     i=0
     W=()
@@ -80,19 +82,20 @@ function remove_user_from_mailing_list {
     while read -r listname; do
         i=$((i+1))
         if [[ "$listname" != *']'* && "$listname" != *'['* ]]; then
-            W+=($i "$listname")
+            W+=("$i" "$listname")
             list_name+=("$listname")
-            echo $listname
+            echo "$listname"
         fi
     done <<< "$USER_MAILING_LISTS"
 
     i=$((i+1))
-    W+=($i $"Exit back to filtering rules menu")
+    W+=("$i" $"Exit back to filtering rules menu")
 
     list_selected=$(dialog --default-item "$i" --backtitle $"Freedombone User Control Panel" --title $"Remove yourself from a mailing list" --menu $"Select one of the following:" 24 50 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then # Exit with OK
-        if [ ${list_selected} -ne ${i} ]; then
+        if [ "${list_selected}" -ne "${i}" ]; then
             remove_list_name="${list_name[$((list_selected-1))]}"
 
             # find the line number where the list is defined
@@ -100,7 +103,7 @@ function remove_user_from_mailing_list {
             i=0
             while read -r line
             do
-                if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then
+                if [[ "$line" == *"\\[${remove_list_name}\\]"* ]]; then
                     line_number=${i}
                 fi
                 i=$((i+1))
@@ -112,8 +115,8 @@ function remove_user_from_mailing_list {
             fi
 
             # recreate the file
-            if [ -f /home/${USER}/.procmailrc_new ]; then
-                rm /home/${USER}/.procmailrc_new
+            if [ -f "/home/${USER}/.procmailrc_new" ]; then
+                rm "/home/${USER}/.procmailrc_new"
             fi
             i=0
             clip=0
@@ -141,15 +144,15 @@ function remove_user_from_mailing_list {
                     fi
                 fi
 
-                echo "$line" >> /home/${USER}/.procmailrc_new
+                echo "$line" >> "/home/${USER}/.procmailrc_new"
 
-                if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then
+                if [[ "$line" == *"\\[${remove_list_name}\\]"* ]]; then
                     line_number=${i}
                 fi
             done < "/home/$USER/.procmailrc"
-            cp /home/${USER}/.procmailrc_new /home/${USER}/.procmailrc
-            rm /home/${USER}/.procmailrc_new
-            chown ${USER}:${USER} /home/${USER}/.procmailrc
+            cp "/home/${USER}/.procmailrc_new" "/home/${USER}/.procmailrc"
+            rm "/home/${USER}/.procmailrc_new"
+            chown "${USER}":"${USER}" "/home/${USER}/.procmailrc"
             dialog --title $"Remove yourself from mailing list" \
                    --msgbox $"You have been removed from ${remove_list_name}" 6 50
         fi
@@ -157,27 +160,26 @@ function remove_user_from_mailing_list {
 }
 
 function add_to_mailing_list {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Subscribe to a mailing list" \
-           --form $"You can either enter a subject or an email address\n" 11 68 4 \
+           --form $"You can either enter a subject or an email address\\n" 11 68 4 \
            $"List folder name:" 1 1 "" 1 35 26 25 \
            $"Name between [] on subject line:" 2 1 "" 2 35 26 25 \
            $"List email address:" 3 1 "" 3 35 26 25 \
            $"Public:" 4 1 $"yes" 4 35 4 25 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    LIST_NAME=$(cat $data | sed -n 1p)
-    LIST_SUBJECT=$(cat $data | sed -n 2p)
-    LIST_EMAIL=$(cat $data | sed -n 3p)
-    LIST_PUBLIC=$(cat $data | sed -n 4p)
+    LIST_NAME=$(sed -n 1p < "$data")
+    LIST_SUBJECT=$(sed -n 2p < "$data")
+    LIST_EMAIL=$(sed -n 3p < "$data")
+    LIST_PUBLIC=$(sed -n 4p < "$data")
 
     if [ ${#LIST_PUBLIC} -lt 1 ]; then
         LIST_PUBLIC='no'
@@ -190,57 +192,56 @@ function add_to_mailing_list {
     if [ ${#LIST_NAME} -lt 2 ]; then
         dialog --title $"Add mailing list" \
                --msgbox $"No mailing list name was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [ ${#LIST_SUBJECT} -lt 2 ]; then
         if [ ${#LIST_EMAIL} -lt 2 ]; then
             dialog --title $"Add mailing list" \
                    --msgbox $"No mailing list subject or address was given" 6 40
-            rm $data
+            rm -f "$data"
             return
         fi
     fi
     if [ ${#LIST_SUBJECT} -gt 1 ]; then
-        ${PROJECT_NAME}-addlist -u $USER -l "$LIST_NAME" \
-                       -s "$LIST_SUBJECT" --public $LIST_PUBLIC
+        "${PROJECT_NAME}-addlist" -u "$USER" -l "$LIST_NAME" \
+                       -s "$LIST_SUBJECT" --public "$LIST_PUBLIC"
     else
         if [[ "$LIST_EMAIL" != *"@"* || "$LIST_EMAIL" != *"."* ]]; then
             dialog --title $"Add mailing list" \
                    --msgbox $"Unrecognised email address" 6 40
-            rm $data
+            rm -f "$data"
             return
         else
-            ${PROJECT_NAME}-addlist -u $USER -l "$LIST_NAME" \
-                           -e "$LIST_EMAIL" --public $LIST_PUBLIC
+            "${PROJECT_NAME}-addlist" -u "$USER" -l "$LIST_NAME" \
+                           -e "$LIST_EMAIL" --public "$LIST_PUBLIC"
         fi
     fi
 
     dialog --title $"Add mailing list" \
            --msgbox $"$LIST_NAME list was added" 6 40
-    rm $data
+    rm -f "$data"
 }
 
 function email_rule_address {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Create an email rule" \
-           --form "\n" 9 65 4 \
+           --form "\\n" 9 65 4 \
            $"When email arrives from address:" 1 1 "" 1 35 24 28 \
            $"Move to folder:" 2 1 "" 2 35 24 28 \
            $"Public:" 3 1 $"no" 3 35 4 25 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    RULE_EMAIL=$(cat $data | sed -n 1p)
-    RULE_FOLDER=$(cat $data | sed -n 2p)
-    RULE_PUBLIC=$(cat $data | sed -n 3p)
+    RULE_EMAIL=$(sed -n 1p < "$data")
+    RULE_FOLDER=$(sed -n 2p < "$data")
+    RULE_PUBLIC=$(sed -n 3p < "$data")
 
     if [ ${#RULE_PUBLIC} -lt 1 ]; then
         RULE_PUBLIC='no'
@@ -253,27 +254,27 @@ function email_rule_address {
     if [ ${#RULE_EMAIL} -lt 2 ]; then
         dialog --title $"Create an email rule" \
                --msgbox $"No email address was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [ ${#RULE_FOLDER} -lt 2 ]; then
         dialog --title $"Create an email rule" \
                --msgbox $"No folder name was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [[ "$RULE_EMAIL" != *"@"* || "$RULE_EMAIL" != *"."* ]]; then
         dialog --title $"Create an email rule" \
                --msgbox $"Unrecognised email address" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
 
-    ${PROJECT_NAME}-addemail -u $USER -e "$RULE_EMAIL" \
+    "${PROJECT_NAME}-addemail" -u "$USER" -e "$RULE_EMAIL" \
                    -g "$RULE_FOLDER" --public $RULE_PUBLIC
     dialog --title $"Create an email rule" \
            --msgbox $"Email rule for $RULE_EMAIL was added" 6 40
-    rm $data
+    rm -f "$data"
 }
 
 function gpg_set_trust {
@@ -281,8 +282,7 @@ function gpg_set_trust {
     fpr=$(gpg --with-colons --fingerprint "$TRUST_ADDRESS" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
     if [ ${#fpr} -gt 2 ]; then
 
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"Trust a PGP/GPG key or website domain" \
                --radiolist $"Set the trust level for $TRUST_ADDRESS:" 18 70 10 \
@@ -290,19 +290,18 @@ function gpg_set_trust {
                2 $"I do NOT trust" off \
                3 $"I trust marginally" on \
                4 $"I trust fully" off \
-               5 $"I trust ultimately" off 2> $data
+               5 $"I trust ultimately" off 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                return;;
-            255) rm $data
+            255) rm -f "$data"
                  return;;
         esac
-        TRUST_LEVEL=$(cat $data)
-        if [ ${TRUST_LEVEL} -ge 1 ] ; then
-            if [ ${TRUST_LEVEL} -le 5 ] ; then
-                echo -e "trust\n${TRUST_LEVEL}\ny\nsave\n" | gpg --command-fd 0 --edit-key $fpr
-                if [ "$?" = "0" ]; then
+        TRUST_LEVEL=$(cat "$data")
+        if [ "${TRUST_LEVEL}" -ge 1 ] ; then
+            if [ "${TRUST_LEVEL}" -le 5 ] ; then
+                if echo -e "trust\\n${TRUST_LEVEL}\\ny\\nsave\\n" | gpg --command-fd 0 --edit-key "$fpr"; then
                     gpg --update-trustdb
                     dialog --title $"Trust a PGP/GPG key or website domain" \
                            --backtitle $"Freedombone User Control Panel" \
@@ -310,30 +309,29 @@ function gpg_set_trust {
                 fi
             fi
         fi
-        rm $data
+        rm -f "$data"
     fi
 }
 
 function email_rule_subject {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Create an email rule" \
-           --form "\n" 9 75 4 \
+           --form "\\n" 9 75 4 \
            $"When email arrives with subject containing:" 1 1 "" 1 45 24 28 \
            $"Move to folder:" 2 1 "" 2 45 24 28 \
            $"Public:" 3 1 $"no" 3 45 4 25 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    RULE_SUBJECT=$(cat $data | sed -n 1p)
-    RULE_FOLDER=$(cat $data | sed -n 2p)
-    RULE_PUBLIC=$(cat $data | sed -n 3p)
+    RULE_SUBJECT=$(sed -n 1p < "$data")
+    RULE_FOLDER=$(sed -n 2p < "$data")
+    RULE_PUBLIC=$(sed -n 3p < "$data")
 
     if [ ${#RULE_PUBLIC} -lt 1 ]; then
         RULE_PUBLIC='no'
@@ -346,42 +344,41 @@ function email_rule_subject {
     if [ ${#RULE_SUBJECT} -lt 2 ]; then
         dialog --title $"Create an email rule" \
                --msgbox $"No subject text was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [ ${#RULE_FOLDER} -lt 2 ]; then
         dialog --title $"Create an email rule" \
                --msgbox $"No folder name was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
 
-    ${PROJECT_NAME}-addemail -u $USER -s "$RULE_SUBJECT" \
-                   -g "$RULE_FOLDER" --public $RULE_PUBLIC
+    "${PROJECT_NAME}-addemail" -u "$USER" -s "$RULE_SUBJECT" \
+                   -g "$RULE_FOLDER" --public "$RULE_PUBLIC"
     dialog --title $"Create an email rule" \
            --msgbox $"Email rule for subject '$RULE_SUBJECT' was added" 6 40
-    rm $data
+    rm -f "$data"
 }
 
 function block_unblock_email {
     blockstr=$"Block or unblock emails from a given address"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title "$blockstr" \
-           --form "\n" 8 65 3 \
+           --form "\\n" 8 65 3 \
            $"When email arrives from address:" 1 1 "" 1 35 24 100 \
            $"Block it:" 2 1 "yes" 2 35 4 4 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    BLOCK_EMAIL=$(cat $data | sed -n 1p)
-    BLOCK=$(cat $data | sed -n 2p)
+    BLOCK_EMAIL=$(sed -n 1p < "$data")
+    BLOCK=$(sed -n 2p < "$data")
     if [ ${#BLOCK_EMAIL} -lt 2 ]; then
         dialog --title "$blockstr" \
                --msgbox $"No email address was given" 6 40
@@ -390,64 +387,63 @@ function block_unblock_email {
     if [[ "$BLOCK_EMAIL" != *"@"* || "$BLOCK_EMAIL" != *"."* ]]; then
         dialog --title "$blockstr" \
                --msgbox $"Unrecognised email address" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then
-        ${PROJECT_NAME}-ignore -u $USER -e "$BLOCK_EMAIL"
+        "${PROJECT_NAME}-ignore" -u "$USER" -e "$BLOCK_EMAIL"
         dialog --title $"Block an email" \
                --msgbox "Email from $BLOCK_EMAIL is now blocked" 6 75
     else
-        ${PROJECT_NAME}-unignore -u $USER -e "$BLOCK_EMAIL"
+        "${PROJECT_NAME}-unignore" -u "$USER" -e "$BLOCK_EMAIL"
         dialog --title $"Unblock an email" \
                --msgbox "Email from $BLOCK_EMAIL is now unblocked" 6 75
     fi
-    rm $data
+    rm -f "$data"
 }
 
 function block_unblock_subject {
     blockstr=$"Block or unblock emails with text in the subject line"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title "$blockstr" \
-           --form "\n" 8 70 3 \
+           --form "\\n" 8 70 3 \
            $"When email arrives with subject text:" 1 1 "" 1 40 24 28 \
            $"Block it:" 2 1 "yes" 2 40 4 4 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    BLOCK_SUBJECT=$(cat $data | sed -n 1p)
-    BLOCK=$(cat $data | sed -n 2p)
+    BLOCK_SUBJECT=$(sed -n 1p < "$data")
+    BLOCK=$(sed -n 2p < "$data")
     if [ ${#BLOCK_SUBJECT} -lt 2 ]; then
         dialog --title "$blockstr" \
                --msgbox $"No subject was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then
-        ${PROJECT_NAME}-ignore -u $USER -t "$BLOCK_SUBJECT"
+        "${PROJECT_NAME}-ignore" -u "$USER" -t "$BLOCK_SUBJECT"
         dialog --title $"Block an email" \
                --msgbox $"Email with subject $BLOCK_SUBJECT is now blocked" 6 40
     else
-        ${PROJECT_NAME}-unignore -u $USER -t "$BLOCK_SUBJECT"
+        "${PROJECT_NAME}-unignore" -u "$USER" -t "$BLOCK_SUBJECT"
         dialog --title $"Unblock an email" \
                --msgbox $"Email with subject $BLOCK_SUBJECT is now unblocked" 6 40
     fi
-    rm $data
+    rm -f "$data"
 }
 
 function show_gpg_key {
-    GPG_FINGERPRINT=$(gpg --fingerprint $GPG_ID | sed -n '2p' | sed 's/^[ \t]*//')
-    GPG_DATE=$(gpg --fingerprint $GPG_ID | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
+    GPG_FINGERPRINT=$(gpg --fingerprint "$GPG_ID" | sed -n '2p' | sed 's/^[ \t]*//')
+    GPG_DATE=$(gpg --fingerprint "$GPG_ID" | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
     dialog --title $"My PGP/GPG Key" \
            --backtitle $"Freedombone User Control Panel" \
-           --msgbox $"Email Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE" 12 70
+           --msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70
 }
 
 function show_full_gpg_key {
@@ -455,18 +451,18 @@ function show_full_gpg_key {
     echo ''
     echo ''
     echo ''
-    gpg --armor --export $GPG_ID
+    gpg --armor --export "$GPG_ID"
     echo ''
     echo ''
     echo ''
-    gpg --armor --export-secret-key $GPG_ID
+    gpg --armor --export-secret-key "$GPG_ID"
     any_key
 }
 
 function publish_gpg_key {
-    gpg --send-key $GPG_ID
-    if [ $GPG_BACKUP_ID ]; then
-        gpg --send-key $GPG_BACKUP_ID
+    gpg --send-key "$GPG_ID"
+    if [ "$GPG_BACKUP_ID" ]; then
+        gpg --send-key "$GPG_BACKUP_ID"
     fi
     dialog --title $"Publish your PGP/GPG key" \
            --msgbox $"Your key has now been published" 6 40
@@ -479,15 +475,14 @@ function refresh_gpg_keys {
 }
 
 function add_gpg_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Enter email address, Key ID or full key below" \
            --backtitle $"Freedombone User Control Panel" \
-           --editbox $data 8 60 2>$data
+           --editbox "$data" 8 60
     sel=$?
     case $sel in
         0)
-            ADD_EMAIL_ADDRESS=$(<$data)
+            ADD_EMAIL_ADDRESS=$(<"$data")
             if [ ${#ADD_EMAIL_ADDRESS} -gt 2 ]; then
 
                 address_is_valid=
@@ -522,24 +517,23 @@ function add_gpg_key {
             fi
             ;;
     esac
-    rm $data
+    rm "$data"
 }
 
 function remove_gpg_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove someone's PGP/GPG key" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"Enter their email address or key ID below" 8 60 2>$data
+           --inputbox $"Enter their email address or key ID below" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            REMOVE_EMAIL_ADDRESS=$(<$data)
+            REMOVE_EMAIL_ADDRESS=$(<"$data")
             if [ ${#REMOVE_EMAIL_ADDRESS} -gt 2 ]; then
                 if [[ $REMOVE_EMAIL_ADDRESS == *"@"* && $REMOVE_EMAIL_ADDRESS == *"."* ]]; then
-                    if [[ $REMOVE_EMAIL_ADDRESS != $MY_EMAIL_ADDRESS ]]; then
+                    if [[ "$REMOVE_EMAIL_ADDRESS" != "$MY_EMAIL_ADDRESS" ]]; then
                         clear
-                        gpg --delete-key $REMOVE_EMAIL_ADDRESS
+                        gpg --delete-key "$REMOVE_EMAIL_ADDRESS"
                     else
                         dialog --title $"Remove someone's PGP/GPG key" \
                                --backtitle $"Freedombone User Control Panel" \
@@ -548,7 +542,7 @@ function remove_gpg_key {
                 else
                     if [[ $REMOVE_EMAIL_ADDRESS == "0x"* ]]; then
                         clear
-                        gpg --delete-key $REMOVE_EMAIL_ADDRESS
+                        gpg --delete-key "$REMOVE_EMAIL_ADDRESS"
                     else
                         dialog --title $"Unrecognised email address" \
                                --backtitle $"Freedombone User Control Panel" \
@@ -558,29 +552,28 @@ function remove_gpg_key {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function add_ssh_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Add an ssh key for logging in" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"This will allow you to log into ${PROJECT_NAME} if you have an ssh key on your system, and provides much stronger security than simply using a login password.\n\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>$data
+           --inputbox $"This will allow you to log into ${PROJECT_NAME} if you have an ssh key on your system, and provides much stronger security than simply using a login password.\\n\\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            SSH_PUBLIC_KEY=$(<$data)
+            SSH_PUBLIC_KEY=$(<"$data")
             if [ ${#SSH_PUBLIC_KEY} -gt 20 ]; then
                 if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
-                    if [ ! -d /home/$USER/.ssh ]; then
-                        mkdir /home/$USER/.ssh
+                    if [ ! -d "/home/$USER/.ssh" ]; then
+                        mkdir "/home/$USER/.ssh"
                     fi
-                    if [ ! -f /home/$USER/.ssh/authorized_keys ]; then
-                        touch /home/$USER/.ssh/authorized_keys
+                    if [ ! -f "/home/$USER/.ssh/authorized_keys" ]; then
+                        touch "/home/$USER/.ssh/authorized_keys"
                     fi
-                    if ! grep -q "$SSH_PUBLIC_KEY" /home/$USER/.ssh/authorized_keys; then
-                        echo "$SSH_PUBLIC_KEY" >> /home/$USER/.ssh/authorized_keys
+                    if ! grep -q "$SSH_PUBLIC_KEY" "/home/$USER/.ssh/authorized_keys"; then
+                        echo "$SSH_PUBLIC_KEY" >> "/home/$USER/.ssh/authorized_keys"
                         dialog --title $"New ssh key added" \
                                --backtitle $"Freedombone User Control Panel" \
                                --msgbox $"Your ssh key has now been added" 6 50
@@ -597,22 +590,21 @@ function add_ssh_key {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function remove_ssh_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove an ssh key for logging in" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"Enter the ssh public key which is to be removed. This can be just the address at the end.\n\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>$data
+           --inputbox $"Enter the ssh public key which is to be removed. This can be just the address at the end.\\n\\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            SSH_PUBLIC_KEY=$(<$data)
+            SSH_PUBLIC_KEY=$(<"$data")
             if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
-                if [ -f /home/$USER/.ssh/authorized_keys ]; then
-                    sed -i "s|.*${SSH_PUBLIC_KEY}.*||g" /home/$USER/.ssh/authorized_keys
+                if [ -f "/home/$USER/.ssh/authorized_keys" ]; then
+                    sed -i "s|.*${SSH_PUBLIC_KEY}.*||g" "/home/$USER/.ssh/authorized_keys"
                     dialog --title $"Remove an ssh public key" \
                            --backtitle $"Freedombone User Control Panel" \
                            --msgbox $"The ssh key has been removed" 6 50
@@ -620,12 +612,12 @@ function remove_ssh_key {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function smtp_proxy {
     MUTTRC_FILE=/home/$USER/.muttrc
-    if [ ! -f $MUTTRC_FILE ]; then
+    if [ ! -f "$MUTTRC_FILE" ]; then
         return
     fi
     SMTP_PROXY_ENABLE=$'no'
@@ -635,21 +627,20 @@ function smtp_proxy {
     SMTP_PROXY_USERNAME=''
     SMTP_PROXY_PASSWORD=''
 
-    if grep -q "set smtp_url" $MUTTRC_FILE; then
-        if grep -q "#set smtp_url" $MUTTRC_FILE; then
+    if grep -q "set smtp_url" "$MUTTRC_FILE"; then
+        if grep -q "#set smtp_url" "$MUTTRC_FILE"; then
             SMTP_PROXY_ENABLE=$'no'
         else
             SMTP_PROXY_ENABLE=$'yes'
         fi
-        SMTP_PROXY_PROTOCOL=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F ':' '{print $1}')
-        SMTP_PROXY_SERVER=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $2}')
-        SMTP_PROXY_PORT=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F ':' '{print $4}' | awk -F '/' '{print $1}')
-        SMTP_PROXY_USERNAME=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $1}')
-        SMTP_PROXY_PASSWORD=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $1}')
+        SMTP_PROXY_PROTOCOL=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F ':' '{print $1}')
+        SMTP_PROXY_SERVER=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $2}')
+        SMTP_PROXY_PORT=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F ':' '{print $4}' | awk -F '/' '{print $1}')
+        SMTP_PROXY_USERNAME=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $1}')
+        SMTP_PROXY_PASSWORD=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $1}')
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"SMTP Proxy for $USER" \
            --form $"You may need to proxy outgoing email via your ISP's mail server. If so enter the details below." 14 75 6 \
@@ -659,54 +650,52 @@ function smtp_proxy {
            $"Port:" 4 1 "$SMTP_PROXY_PORT" 4 24 5 5 \
            $"Username:" 5 1 "$SMTP_PROXY_USERNAME" 5 24 40 10000 \
            $"Password:" 6 1 "$SMTP_PROXY_PASSWORD" 6 24 40 10000 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    SMTP_PROXY_ENABLE=$(cat $data | sed -n 1p)
-    SMTP_PROXY_PROTOCOL=$(cat $data | sed -n 2p)
-    SMTP_PROXY_SERVER=$(cat $data | sed -n 3p)
-    SMTP_PROXY_PORT=$(cat $data | sed -n 4p)
-    SMTP_PROXY_USERNAME=$(cat $data | sed -n 5p)
-    SMTP_PROXY_PASSWORD=$(cat $data | sed -n 6p)
+    SMTP_PROXY_ENABLE=$(sed -n 1p < "$data")
+    SMTP_PROXY_PROTOCOL=$(sed -n 2p < "$data")
+    SMTP_PROXY_SERVER=$(sed -n 3p < "$data")
+    SMTP_PROXY_PORT=$(sed -n 4p < "$data")
+    SMTP_PROXY_USERNAME=$(sed -n 5p < "$data")
+    SMTP_PROXY_PASSWORD=$(sed -n 6p < "$data")
 
     # change muttrc
-    if [ $SMTP_PROXY_ENABLE != $'no' ]; then
-        if ! grep -q "set smtp_url" $MUTTRC_FILE; then
-            echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> $MUTTRC_FILE
+    if [ "$SMTP_PROXY_ENABLE" != $'no' ]; then
+        if ! grep -q "set smtp_url" "$MUTTRC_FILE"; then
+            echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> "$MUTTRC_FILE"
         else
-            sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" $MUTTRC_FILE
+            sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" "$MUTTRC_FILE"
         fi
-        sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE
+        sed -i 's|#set smtp_url|set smtp_url|g' "$MUTTRC_FILE"
     else
-        if grep -q "set smtp_url" $MUTTRC_FILE; then
-            sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE
+        if grep -q "set smtp_url" "$MUTTRC_FILE"; then
+            sed -i 's|set smtp_url|#set smtp_url|g' "$MUTTRC_FILE"
         fi
     fi
-    rm $data
+    rm -f "$data"
 }
 
 function sign_gpg_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Sign a PGP/GPG key or website domain" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"Enter the Key ID, address or domain to be signed.\n\nIf you are signing a website domain then include the https:// at the beginning.\n\nIf you are signing an ssh key then include ssh:// before the domain name." 14 75 2>$data
+           --inputbox $"Enter the Key ID, address or domain to be signed.\\n\\nIf you are signing a website domain then include the https:// at the beginning.\\n\\nIf you are signing an ssh key then include ssh:// before the domain name." 14 75 2>"$data"
     sel=$?
     case $sel in
         0)
-            SIGN_ADDRESS=$(<$data)
+            SIGN_ADDRESS=$(<"$data")
             if [ ${#SIGN_ADDRESS} -gt 2 ]; then
                 clear
                 gpg --search "$SIGN_ADDRESS"
                 fpr=$(gpg --with-colons --fingerprint "$SIGN_ADDRESS" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
                 if [ ${#fpr} -gt 2 ]; then
-                    gpg --sign-key $fpr
-                    if [ "$?" = "0" ]; then
+                    if gpg --sign-key "$fpr"; then
                         gpg --update-trustdb
                         dialog --title $"Sign a PGP/GPG key" \
                                --backtitle $"Freedombone User Control Panel" \
@@ -716,20 +705,19 @@ function sign_gpg_key {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 
 function gpg_key_trust {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Trust a PGP/GPG key or website domain" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"Enter the Key ID, address or domain to be trusted.\n\nIf you are trusting a website domain then include the https:// at the beginning.\n\nIf you are trusting an ssh key then include ssh:// before the domain name." 14 75 2>$data
+           --inputbox $"Enter the Key ID, address or domain to be trusted.\\n\\nIf you are trusting a website domain then include the https:// at the beginning.\\n\\nIf you are trusting an ssh key then include ssh:// before the domain name." 14 75 2>"$data"
     sel=$?
     case $sel in
         0)
-            TRUST_ADDRESS=$(<$data)
+            TRUST_ADDRESS=$(<"$data")
             if [ ${#TRUST_ADDRESS} -gt 2 ]; then
                 clear
                 gpg --search "$TRUST_ADDRESS"
@@ -737,14 +725,13 @@ function gpg_key_trust {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function menu_encryption_keys {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"My Encryption Keys" \
                --radiolist $"Choose an operation:" 19 70 11 \
@@ -758,15 +745,15 @@ function menu_encryption_keys {
                8 $"Add an ssh key for logging in" off \
                9 $"Remove an ssh key for logging in" off \
                10 $"Set the trust level for a PGP/GPG key" off \
-               11 $"Back to main menu" on 2> $data
+               11 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                break;;
-            255) rm $data
+            255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) show_gpg_key;;
             2) show_full_gpg_key;;
             3) publish_gpg_key;;
@@ -777,18 +764,17 @@ function menu_encryption_keys {
             8) add_ssh_key;;
             9) remove_ssh_key;;
             10) gpg_key_trust;;
-            11) rm $data
+            11) rm -f "$data"
                 break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
 function menu_email {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"Change Email Filtering Rules" \
                --radiolist $"Choose an operation:" 14 70 7 \
@@ -798,25 +784,25 @@ function menu_email {
                4 $"Add an email rule for a subject" off \
                5 $"Block or unblock an email address" off \
                6 $"Block or unblock email with subject text" off \
-               7 $"Back to main menu" on 2> $data
+               7 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                break;;
-            255) rm $data
+            255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) add_to_mailing_list;;
             2) remove_user_from_mailing_list;;
             3) email_rule_address;;
             4) email_rule_subject;;
             5) block_unblock_email;;
             6) block_unblock_subject;;
-            7) rm $data
+            7) rm -f "$data"
                break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
@@ -829,17 +815,17 @@ function menu_admin {
 }
 
 function sign_keys {
-    if [ ! -f /home/$USER/.monkeysphere/server_keys ]; then
+    if [ ! -f "/home/$USER/.monkeysphere/server_keys" ]; then
         return
     fi
 
     dialog --title $"Monkeysphere sign server keys" \
            --backtitle $"Freedombone Security Configuration" \
            --defaultno \
-           --yesno $"\nMonkeysphere has been enabled and you will need to sign and trust the server keys. Do you want to do that now?" 8 60
+           --yesno $"\\nMonkeysphere has been enabled and you will need to sign and trust the server keys. Do you want to do that now?" 8 60
     sel=$?
     case $sel in
-        0) ${PROJECT_NAME}-sec --sign yes;;
+        0) "${PROJECT_NAME}-sec" --sign yes;;
     esac
 }
 
@@ -853,13 +839,13 @@ function menu_run_client_app {
     for a in "${APPS_AVAILABLE[@]}"
     do
         if [[ ${APPS_INSTALLED[$app_index]} != "0" ]]; then
-            if [[ $(function_exists run_client_${a}) == "1" ]]; then
+            if [[ $(function_exists "run_client_${a}") == "1" ]]; then
                 applist="$applist $n $a off"
-                n=$[n+1]
+                n=$((n+1))
                 appnames+=("$a")
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
     if [ $n -le 1 ]; then
         return
@@ -871,29 +857,30 @@ function menu_run_client_app {
     choice=$(dialog --stdout --backtitle $"Freedombone" \
                      --title $"Run an App" \
                      --radiolist $'Choose:' \
-                     16 40 20 $applist)
+                     16 40 20 "$applist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
-        app_index=$[choice-1]
+        app_index=$((choice-1))
         chosen_app=${appnames[$app_index]}
         if [[ $chosen_app != "Exit" ]]; then
-            run_client_${chosen_app}
+            "run_client_${chosen_app}"
         fi
     fi
 }
 
 function show_your_email_address {
-    GPG_FINGERPRINT=$(gpg --fingerprint $GPG_ID | sed -n '2p' | sed 's/^[ \t]*//')
-    GPG_DATE=$(gpg --fingerprint $GPG_ID | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
+    GPG_FINGERPRINT=$(gpg --fingerprint "$GPG_ID" | sed -n '2p' | sed 's/^[ \t]*//')
+    GPG_DATE=$(gpg --fingerprint "$GPG_ID" | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
     if [ ! -f ~/.mutt/bdsmail ]; then
         dialog --title $"Show your Email Address" \
                --backtitle $"Freedombone User Control Panel" \
-               --msgbox $"Email Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE" 12 70
+               --msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70
     else
-        bdsmail_address=$(cat ~/.mutt/bdsmail | grep 'set from=' | awk -F '=' '{print $2}')
+        bdsmail_address=$(grep 'set from=' ~/.mutt/bdsmail | awk -F '=' '{print $2}')
         dialog --title $"Show your Email Address" \
                --backtitle $"Freedombone User Control Panel" \
-               --msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90
+               --msgbox $"\\nYou can press SHIFT and then drag the mouse and right click to copy.\\n\\nEmail Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE\\n\\nI2P Address: ${bdsmail_address}" 17 90
         clear
         echo ''
         echo $'Your bdsmail address as a QR code'
@@ -909,8 +896,7 @@ function show_your_email_address {
 function menu_top_level {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"User Control Panel" \
                --radiolist $"Choose an operation:" 20 60 13 \
@@ -923,15 +909,15 @@ function menu_top_level {
                7 $"Set an outgoing email proxy" off \
                8 $"Administrator controls" off \
                9 $"Exit to the command line" off \
-               10 $"Log out" on 2> $data
+               10 $"Log out" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                exit 1;;
-            255) rm $data
+            255) rm -f "$data"
                  exit 1;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) mutt;;
             2) show_your_email_address;;
             3) menu_email;;
@@ -940,17 +926,18 @@ function menu_top_level {
             6) menu_encryption_keys;;
             7) smtp_proxy;;
             8) menu_admin;;
-            9) rm $data
+            9) rm -f "$data"
                break;;
-            10) kill -HUP `pgrep -s 0 -o`;;
+            10) kill -HUP "$(pgrep -s 0 -o)";;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
 sign_keys
-gpg_agent_enable $USER
+gpg_agent_enable "$USER"
 menu_top_level
 clear
+# shellcheck disable=SC1090
 . ~/.bashrc
 exit 0

src/freedombone-dhparam

@@ -141,45 +141,44 @@ function calc_dh {
     if [[ $FAST == 'yes' ]]; then
         DHGROUP=$(( ( RANDOM % 4 )  + 14 ))
         if [[ ${DHGROUP} == 14 ]]; then
-            echo "$BETTERCRYPTO_GROUP14" > ${1}
+            echo "$BETTERCRYPTO_GROUP14" > "${1}"
         else
             if [[ ${DHGROUP} == 15 ]]; then
-                echo "$BETTERCRYPTO_GROUP15" > ${1}
+                echo "$BETTERCRYPTO_GROUP15" > "${1}"
             else
                 if [[ ${DHGROUP} == 16 ]]; then
-                    echo "$BETTERCRYPTO_GROUP16" > ${1}
+                    echo "$BETTERCRYPTO_GROUP16" > "${1}"
                 else
                     if [[ ${DHGROUP} == 17 ]]; then
-                        echo "$BETTERCRYPTO_GROUP17" > ${1}
+                        echo "$BETTERCRYPTO_GROUP17" > "${1}"
                     else
-                        echo "$BETTERCRYPTO_GROUP18" > ${1}
+                        echo "$BETTERCRYPTO_GROUP18" > "${1}"
                     fi
                 fi
             fi
         fi
     else
-        openssl dhparam -check -text $KEYLENGTH -out ${1}
-        if [ ! "$?" = "0" ]; then
+        if ! openssl dhparam -check -text $KEYLENGTH -out "${1}"; then
             exit 3674
         fi
     fi
-    chmod 640 ${1}
+    chmod 640 "${1}"
 }
 
 function regenerate_dh_keys {
     for file in /etc/ssl/mycerts/*
     do
         if [[ -f $file ]]; then
-            filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
-            if [ -f $filename ]; then
-                calc_dh $filename
+            filename=/etc/ssl/certs/$(echo "$file" | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
+            if [ -f "$filename" ]; then
+                calc_dh "$filename"
                 echo $"Recalculated DH params for $filename"
             fi
         fi
     done
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -202,7 +201,7 @@ do
         -o|--output)
             shift
             FAST='yes'
-            calc_dh ${1}
+            calc_dh "${1}"
             exit 0
             ;;
         --fast)
@@ -223,7 +222,7 @@ if [[ $RECALCULATE == "yes" || $RECALCULATE == "y" ]]; then
     exit 0
 fi
 
-if [ ! $HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
     echo $'No hostname specified'
     exit 5728
 fi
@@ -237,7 +236,7 @@ if [ ! -d /etc/ssl/mycerts ]; then
     mkdir -p /etc/ssl/mycerts
 fi
 
-calc_dh /etc/ssl/certs/$HOSTNAME.dhparam
+calc_dh "/etc/ssl/certs/$HOSTNAME.dhparam"
 
 systemctl reload nginx
 exit 0

src/freedombone-encrypt-mail

@@ -31,17 +31,17 @@
 USERNAME=$1
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+  source "$f"
 done
 
 ADMIN_USER=$(get_completion_param "Admin user")
 
-if [ ! $USERNAME ]; then
+if [ ! "$USERNAME" ]; then
     USERNAME=$ADMIN_USER
 fi
 
@@ -49,23 +49,23 @@ MAIL_DIR=/home/$USERNAME/Maildir
 EMAIL_ADDRESS=$USERNAME@$HOSTNAME
 
 # Does this key exist?
-gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1
-if [ $? -gt 0 ]; then
+if ! gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1; then
     echo $"A GPG key for $EMAIL_ADDRESS could not be found!"
     exit 0
 fi
 
 # Find all files in the Maildir specified.
 echo $"Calling find"
-find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' $4|while read line; do
+find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' "$4"|while read -r line; do
     gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS"  "/tmp/msg_$USERNAME"
 
     # Check to see if there are differences between the existing
     # Maildir file and what was created by gpgit.pl
     diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1;
+    # shellcheck disable=SC2181
     if [ $? -gt 0 ]; then
         # Preserve timestamps, set ownership.
-        chown $USERNAME:$USERNAME "/tmp/msg_$USERNAME"
+        chown "$USERNAME":"$USERNAME" "/tmp/msg_$USERNAME"
         chmod 600   "/tmp/msg_$USERNAME"
         touch   "/tmp/msg_$USERNAME" --reference="$line"
 

src/freedombone-format

@@ -33,7 +33,7 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-format
 export TEXTDOMAINDIR="/usr/share/locale"
 
-if [ ! $1 ]; then
+if [ ! "$1" ]; then
    echo $'Specify a drive, such as sdb, sdc, etc'
    exit 1
 fi
@@ -62,21 +62,18 @@ p
 a
 1
 w
-" | fdisk /dev/${USB_DRIVE_SHORT};mkfs.ext4 -L "$LABEL" /dev/${USB_DRIVE_SHORT}1
+" | fdisk "/dev/${USB_DRIVE_SHORT}";mkfs.ext4 -L "$LABEL" "/dev/${USB_DRIVE_SHORT}1"
 
 echo $"Formatting $USB_DRIVE as LUKS"
-cryptsetup -y -v luksFormat ${USB_DRIVE}
-if [ ! "$?" = "0" ]; then
+if ! cryptsetup -y -v luksFormat "${USB_DRIVE}"; then
     echo $"Failed to format $USB_DRIVE as LUKS"
     exit 36823
 fi
-cryptsetup luksOpen ${USB_DRIVE} encrypted_usb
-if [ ! "$?" = "0" ]; then
+if ! cryptsetup luksOpen "${USB_DRIVE}" encrypted_usb; then
     echo $"Failed to open LUKS formatted drive $USB_DRIVE"
     exit 37232
 fi
-mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL"
-if [ ! "$?" = "0" ]; then
+if ! mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL"; then
     cryptsetup luksClose encrypted_usb
     echo $'Format of drive $USB_DRIVE failed'
     exit 73218

src/freedombone-freedns

@@ -41,7 +41,7 @@ if [[ "$1" == "--verbose" || "$1" == "-v" ]]; then
     VERBOSE=1
 fi
 
-if [ ! -f $CONFIGURATION_FILE ]; then
+if [ ! -f "$CONFIGURATION_FILE" ]; then
     exit 0
 fi
 
@@ -52,28 +52,29 @@ function item_in_array {
 }
 
 detected_codes=()
-codelines=$(grep "_CODE=" $CONFIGURATION_FILE | uniq)
+codelines=$(grep "_CODE=" "$CONFIGURATION_FILE" | uniq)
 while read -r line; do
     code=$(echo "$line" | awk -F '=' '{print $2}')
-    item_in_array "$code" "${detected_codes[@]}"
-    if [[ $? != 0 ]]; then
+    if ! item_in_array "$code" "${detected_codes[@]}"; then
         detected_codes+=("$code")
     fi
 done <<< "$codelines"
 
-if [ ! -d $HOME/.freedns-update ]; then
-    mkdir $HOME/.freedns-update
+if [ ! -d "$HOME/.freedns-update" ]; then
+    mkdir "$HOME/.freedns-update"
 fi
-cd $HOME/.freedns-update
+cd "$HOME/.freedns-update" || exit 2467824684
 for code in "${detected_codes[@]}"
 do
     if [ $VERBOSE ]; then
         echo $"command: $FREEDNS_WGET${code}="
+        # shellcheck disable=SC1066,SC1067
         $FREEDNS_WGET${code}=
     else
         if [ -f /tmp/freedns ]; then
             rm /tmp/freedns
         fi
+        # shellcheck disable=SC1066,SC1067,SC1007
         $FREEDNS_WGET${code}= >> /tmp/freedns 2>&1
     fi
 done

src/freedombone-ignore

@@ -46,7 +46,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
 key="$1"
 
@@ -79,37 +79,37 @@ if ! [[ $MYUSERNAME && $EMAIL_ADDRESS ]]; then
     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
 
 # Ignore if subject line contains text
 if [ "$SUBJECT_TEXT" ]; then
-    if ! grep -q "Ignore rule for $SUBJECT_TEXT" $PM; then
-        echo "# Ignore rule for $SUBJECT_TEXT" >> $PM
-        echo ":0" >> $PM
-        echo "  * ^Subject:.*$SUBJECT_TEXT" >> $PM
-        echo "/dev/null" >> $PM
-        echo "# End of ignore rule" >> $PM
-        chown $MYUSERNAME:$MYUSERNAME $PM
+    if ! grep -q "Ignore rule for $SUBJECT_TEXT" "$PM"; then
+        { echo "# Ignore rule for $SUBJECT_TEXT";
+          echo ":0";
+          echo "  * ^Subject:.*$SUBJECT_TEXT";
+          echo "/dev/null";
+          echo "# End of ignore rule"; } >> "$PM"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 fi
 
 # ignore an email address
-if [ $EMAIL_ADDRESS ]; then
-    if ! grep -q "Ignore rule for $EMAIL_ADDRESS" $PM; then
-        echo "# Ignore rule for $EMAIL_ADDRESS" >> $PM
-        echo ":0" >> $PM
-        echo "  * ^From:.*$EMAIL_ADDRESS" >> $PM
-        echo "/dev/null" >> $PM
-        echo "# End of ignore rule" >> $PM
-        chown $MYUSERNAME:$MYUSERNAME $PM
+if [ "$EMAIL_ADDRESS" ]; then
+    if ! grep -q "Ignore rule for $EMAIL_ADDRESS" "$PM"; then
+        { echo "# Ignore rule for $EMAIL_ADDRESS";
+        echo ":0";
+        echo "  * ^From:.*$EMAIL_ADDRESS";
+        echo "/dev/null";
+        echo "# End of ignore rule"; } >> "$PM"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 fi
 
 PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
 exit 0

src/freedombone-image

@@ -42,14 +42,14 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 #get the project repo
 PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}"
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 read_config_param PROJECT_REPO
 
@@ -64,7 +64,7 @@ GENERIC_IMAGE_PASSWORD='freedombone'
 
 IMAGE_TYPE='beaglebone'
 CURR_DIR=$(pwd)
-CURR_USER=$(echo $USER)
+CURR_USER="$USER"
 TEMPBUILD_DIR=~/.tmp_${PROJECT_NAME}_build
 VMDEBOOTSTRAP_REPO=git://git.liw.fi/vmdebootstrap
 VMDEBOOTSTRAP_VERSION=0.8
@@ -73,7 +73,7 @@ IMAGE_SIZE=7.9G
 IMAGE_SIZE_SPECIFIED=
 IMAGE_NAME='full'
 
-USERNAME=$(echo $USER)
+USERNAME="$USER"
 PASSWORD=
 
 # IP address of the router (gateway)
@@ -96,7 +96,7 @@ CONFIG_FILENAME=
 DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # Optional ssh public key to allow
 SSH_PUBKEY="no"
@@ -175,38 +175,36 @@ function image_setup {
             sudo pacman -S --noconfirm qemu-static binfmt-qemu-static uboot-tools qemu parted
             sudo pacman -S --noconfirm dpkg-devtools bin86 arch-install-scripts qemu-arch-extra
             sudo pacman -S --noconfirm syncthing
-            mkdir $USERHOME/develop
-            if [ -d $USERHOME/develop/python-cliapp ]; then
-                sudo rm -rf $USERHOME/develop/python-cliapp
+            mkdir "$USERHOME/develop"
+            if [ -d "$USERHOME/develop/python-cliapp" ]; then
+                sudo rm -rf "$USERHOME/develop/python-cliapp"
             fi
-            git_clone $CLIAPP_REPO $USERHOME/develop/python-cliapp
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone "$CLIAPP_REPO" "$USERHOME/develop/python-cliapp"; then
                 echo $"Failed to clone python-cliapp"
                 return
             fi
-            if [ ! -d $USERHOME/develop/python-cliapp ]; then
+            if [ ! -d "$USERHOME/develop/python-cliapp" ]; then
                 echo $"Couldn't clone python-cliapp"
                 return
             fi
             sudo pacman -S --noconfirm python2-coverage python2-pytest-cov python2-sphinx
             sudo pacman -S --noconfirm autopep8 python2-pylint python2-yaml python2-xdg python2-pip
-            cd $USERHOME/develop/python-cliapp
+            cd "$USERHOME/develop/python-cliapp" || exit 7824526242
             git checkout $CLIAPP_COMMIT -b $CLIAPP_COMMIT
             sudo python2 setup.py install
             sudo pip2 install distro-info logging
-            if [ -d $USERHOME/develop/mbr ]; then
-                sudo rm -rf $USERHOME/develop/mbr
+            if [ -d "$USERHOME/develop/mbr" ]; then
+                sudo rm -rf "$USERHOME/develop/mbr"
             fi
-            git_clone $MBR_REPO $USERHOME/develop/mbr
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone $MBR_REPO "$USERHOME/develop/mbr"; then
                 echo $"Failed to clone mbr"
                 return
             fi
-            if [ ! -d $USERHOME/develop/mbr ]; then
+            if [ ! -d "$USERHOME/develop/mbr" ]; then
                 echo $"Couldn't clone mbr"
                 return
             fi
-            cd $USERHOME/develop/mbr
+            cd "$USERHOME/develop/mbr" || exit 2468724524
             git checkout $MBR_COMMIT -b $MBR_COMMIT
             makepkg --force --noconfirm
             if [ ! -f mbr-${MBR_VERSION}.tar.gz ]; then
@@ -214,11 +212,11 @@ function image_setup {
                 return
             fi
             tar -xzvf mbr-${MBR_VERSION}.tar.gz
-            if [ ! -d $USERHOME/develop/mbr/mbr-${MBR_VERSION} ]; then
+            if [ ! -d "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" ]; then
                 echo $"mbr tarball could not be extracted"
                 return
             fi
-            cd $USERHOME/develop/mbr/mbr-${MBR_VERSION}
+            cd "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" || exit 13584584
             cp ../*.patch .
             patch -p0 < *.patch
             ./configure
@@ -229,35 +227,34 @@ function image_setup {
                 return
             fi
             sudo cp /usr/local/sbin/install-mbr /sbin
-            if [ -d $USERHOME/develop/multipath-tools ]; then
-                sudo rm -rf $USERHOME/develop/multipath-tools
+            if [ -d "$USERHOME/develop/multipath-tools" ]; then
+                sudo rm -rf "$USERHOME/develop/multipath-tools"
             fi
-            git_clone $MULTIPATH_TOOLS_REPO $USERHOME/develop/multipath-tools
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone "$MULTIPATH_TOOLS_REPO" "$USERHOME/develop/multipath-tools"; then
                 echo $"Failed to clone multipath-tools"
                 return
             fi
-            if [ ! -d $USERHOME/develop/multipath-tools ]; then
+            if [ ! -d "$USERHOME/develop/multipath-tools" ]; then
                 echo $"Couldn't clone multipath-tools"
                 return
             fi
             sudo pacman -S --noconfirm device-mapper libaio liburcu fakeroot
-            cd $USERHOME/develop/multipath-tools
+            cd "$USERHOME/develop/multipath-tools" || exit 27462454
             makepkg --force --noconfirm
             makepkg -i --force --noconfirm
-            sudo wget https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION} -O /usr/share/debootstrap/scripts/debscript
-            sudo cp -f /usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION}
-            if [ ! -f /usr/share/debootstrap/scripts/${DEBIAN_VERSION} ]; then
+            sudo wget "https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION}" -O /usr/share/debootstrap/scripts/debscript
+            sudo cp -f "/usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
+            if [ ! -f "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" ]; then
                 echo $"No debian debootstrap script was found for $DEBIAN_VERSION"
                 return
             fi
-            debian_script_hash=$(sha256sum /usr/share/debootstrap/scripts/${DEBIAN_VERSION} | awk -F ' ' '{print $1}')
+            debian_script_hash=$(sha256sum "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" | awk -F ' ' '{print $1}')
             expected_debian_script_hash='620fa84c7ef64d10349aed38fa9cc2e7f00a6fcd1bc425f33ca2b57cc946fd0c'
             if [[ "$debian_script_hash" != "$expected_debian_script_hash" ]]; then
                 echo $"Invalid hash for debootstrap ${DEBIAN_VERSION} script"
                 return
             fi
-            sudo chmod +x /usr/share/debootstrap/scripts/${DEBIAN_VERSION}
+            sudo chmod +x "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
             ;;
         *)
             echo $'Unkown operating system'
@@ -271,29 +268,29 @@ function image_setup {
 function mesh_router_setup_script {
     # create a setup script for a mesh router
     mesh_script_filename=$1
-    echo "MY_USERNAME=${USERNAME}" > $mesh_script_filename
-    echo "DEFAULT_DOMAIN_NAME=${USERNAME}" >> $mesh_script_filename
-    echo 'SYSTEM_TYPE=mesh' >> $mesh_script_filename
-    echo 'INSTALLING_ON_BBB=no' >> $mesh_script_filename
-    echo 'USB_DRIVE=/dev/sda1' >> $mesh_script_filename
-    echo 'DDNS_PROVIDER=' >> $mesh_script_filename
-    echo 'DDNS_USERNAME=' >> $mesh_script_filename
-    echo 'DDNS_PASSWORD=' >> $mesh_script_filename
-    echo 'DEFAULT_LANGUAGE=en_GB.UTF-8' >> $mesh_script_filename
-    echo 'MY_EMAIL_ADDRESS=' >> $mesh_script_filename
-    echo 'ENABLE_BATMAN=yes' >> $mesh_script_filename
-    echo 'DEBIAN_REPO=' >> $mesh_script_filename
-    echo 'NAMESERVER1=' >> $mesh_script_filename
-    echo 'NAMESERVER2=' >> $mesh_script_filename
-    echo 'NAMESERVER3=' >> $mesh_script_filename
-    echo 'NAMESERVER4=' >> $mesh_script_filename
-    echo 'NAMESERVER5=' >> $mesh_script_filename
-    echo 'NAMESERVER6=' >> $mesh_script_filename
-    echo 'BATMAN_CELLID=any' >> $mesh_script_filename
-    echo 'WIFI_CHANNEL=9' >> $mesh_script_filename
+    { echo "MY_USERNAME=${USERNAME}";
+      echo "DEFAULT_DOMAIN_NAME=${USERNAME}";
+      echo 'SYSTEM_TYPE=mesh';
+      echo 'INSTALLING_ON_BBB=no';
+      echo 'USB_DRIVE=/dev/sda1';
+      echo 'DDNS_PROVIDER=';
+      echo 'DDNS_USERNAME=';
+      echo 'DDNS_PASSWORD=';
+      echo 'DEFAULT_LANGUAGE=en_GB.UTF-8';
+      echo 'MY_EMAIL_ADDRESS=';
+      echo 'ENABLE_BATMAN=yes';
+      echo 'DEBIAN_REPO=';
+      echo 'NAMESERVER1=';
+      echo 'NAMESERVER2=';
+      echo 'NAMESERVER3=';
+      echo 'NAMESERVER4=';
+      echo 'NAMESERVER5=';
+      echo 'NAMESERVER6=';
+      echo 'BATMAN_CELLID=any';
+      echo 'WIFI_CHANNEL=9'; } > "$mesh_script_filename"
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -304,11 +301,11 @@ do
         -c|--config)
             shift
             CONFIG_FILENAME="$1"
-            if [ ! -f $CONFIG_FILENAME ]; then
+            if [ ! -f "$CONFIG_FILENAME" ]; then
                 echo $"Config file $CONFIG_FILENAME not found"
                 exit 3
             fi
-            DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}')
+            DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
             ;;
         -t|--target|--board)
             shift
@@ -321,7 +318,7 @@ do
         -p|--password)
             shift
             PASSWORD="$1"
-            if [ ${#PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            if [ ${#PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 echo $"Your password chould contain at least ${MINIMUM_PASSWORD_LENGTH} characters"
                 exit 3628
             fi
@@ -415,7 +412,7 @@ do
             shift
             MIRROR="$1"
             ;;
-        --debianonly|--basic|--minimal)
+        --debianonly|--basic)
             shift
             DEBIAN_INSTALL_ONLY="$1"
             ;;
@@ -467,9 +464,9 @@ done
 
 if [[ $INTERACTIVE == "yes" || $INTERACTIVE == "y" || $INTERACTIVE == "Yes" ]]; then
     ${PROJECT_NAME}-config --minimal "$MINIMAL_INSTALL"
-    if [ -f $HOME/${PROJECT_NAME}.cfg ]; then
+    if [ -f "$HOME/${PROJECT_NAME}.cfg" ]; then
         CONFIG_FILENAME=$HOME/${PROJECT_NAME}.cfg
-        DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}')
+        DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
     fi
 fi
 
@@ -480,34 +477,36 @@ fi
 
 if [ ! $PASSWORD ]; then
     # generate a random password
-    PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${MINIMUM_PASSWORD_LENGTH})
+    PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c "${MINIMUM_PASSWORD_LENGTH}")
 fi
 
 # Move any existing images into a build subdirectory
 image_types=( xz img sig vdi qcow2 )
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        if [ ! -d ${CURR_DIR}/build ]; then
-            mkdir ${CURR_DIR}/build
+        if [ ! -d "${CURR_DIR}/build" ]; then
+            mkdir "${CURR_DIR}/build"
         fi
-        mv -f ${CURR_DIR}/${PROJECT_NAME}*.${im} ${CURR_DIR}/build
+        mv -f "${CURR_DIR}/${PROJECT_NAME}*.${im}" "${CURR_DIR}/build"
     fi
 done
 
 # Delete anything which didn't move
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        rm -f ${CURR_DIR}/${PROJECT_NAME}*.${im}
+        rm -f "${CURR_DIR}/${PROJECT_NAME}*.${im}"
     fi
 done
 
 # Remove any existing login credentials file
-if [ -f ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt ]; then
-    rm ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
+if [ -f "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt" ]; then
+    rm "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
 fi
 
 if [ -d $TEMPBUILD_DIR ]; then
@@ -522,8 +521,8 @@ fi
 
 cp -r /etc/${PROJECT_NAME}/* $TEMPBUILD_DIR
 rm -rf $TEMPBUILD_DIR/vendor
-chown -R $CURR_USER:$CURR_USER $TEMPBUILD_DIR
-cd $TEMPBUILD_DIR
+chown -R "$CURR_USER":"$CURR_USER" $TEMPBUILD_DIR
+cd $TEMPBUILD_DIR || exit 24729847
 
 if [[ $MINIMAL_INSTALL == "yes" ]]; then
     IMAGE_NAME=$'min'
@@ -565,8 +564,8 @@ if [[ "$SOCIALINSTANCE" == "gnusocial" || "$SOCIALINSTANCE" == "postactiv" ]]; t
     IMAGE_NAME="${IMAGE_NAME}-${SOCIALINSTANCE}"
 fi
 
-cd $TEMPBUILD_DIR
-make $IMAGE_TYPE \
+cd $TEMPBUILD_DIR || exit 724245267
+make "$IMAGE_TYPE" \
      MYUSERNAME="$USERNAME" \
      MYPASSWORD="$PASSWORD" \
      ROUTER_IP_ADDRESS="$ROUTER_IP_ADDRESS" \
@@ -603,6 +602,7 @@ make $IMAGE_TYPE \
      SOCIALINSTANCE="$SOCIALINSTANCE" \
      LOCAL_NAME="$LOCAL_NAME"
 
+# shellcheck disable=SC2181
 if [ ! "$?" = "0" ]; then
     echo $'Build failed'
     rm -rf $TEMPBUILD_DIR
@@ -615,7 +615,7 @@ if [[ $IMAGE_TYPE == "qemu"* ]]; then
 fi
 
 shopt -s nullglob
-imgfiles=(build/${PROJECT_NAME}*.${EXPECTED_EXTENSION})
+imgfiles=("build/${PROJECT_NAME}*.${EXPECTED_EXTENSION}")
 if [ ${#imgfiles[@]} -eq 0 ]; then
     echo $'Image was not created'
     rm -rf $TEMPBUILD_DIR
@@ -625,17 +625,18 @@ fi
 # Move images from temporary directory to the current directory
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq build/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        mv build/${PROJECT_NAME}*.${im} ${CURR_DIR}/
-        sudo chown ${CURR_USER}:${CURR_USER} ${CURR_DIR}/*.${im}
+        mv "build/${PROJECT_NAME}*.${im}" "${CURR_DIR}/"
+        sudo chown "${CURR_USER}":"${CURR_USER}" "${CURR_DIR}/*.${im}"
     fi
 done
 
 # Remove the temporary directory
 rm -rf ${TEMPBUILD_DIR}
 
-cd ${CURR_DIR}
+cd "${CURR_DIR}" || exit 2842845284
 
 clear
 if [[ $VARIANT != 'meshclient' && $VARIANT != 'meshusb' && $VARIANT != 'mesh' ]]; then
@@ -676,13 +677,13 @@ ls -lh ${PROJECT_NAME}*.img ${PROJECT_NAME}*.sig ${PROJECT_NAME}*.xz ${PROJECT_N
 
 # Remove the mesh script after use
 if [[ $VARIANT == "mesh"* ]]; then
-    rm -f $CONFIG_FILENAME
+    rm -f "$CONFIG_FILENAME"
 fi
 
 # record the default login credentials for later use
 echo $"Username: $USERNAME
-Password: $PASSWORD" > ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
-chmod 600 ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
+Password: $PASSWORD" > "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
+chmod 600 "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
 
 if [[ $IMAGE_TYPE != "qemu"* ]]; then
     echo ''

src/freedombone-image-hardware-setup

@@ -34,12 +34,11 @@ export TEXTDOMAINDIR="/usr/share/locale"
 enable_serial_console() {
     # By default, spawn a console on the serial port
     device="$1"
-    echo $"Adding a getty on the serial port"
+    echo "Adding a getty on the serial port"
     echo "T0:12345:respawn:/sbin/getty -L $device 115200 vt100" >> /etc/inittab
 }
 
 beaglebone_setup_boot() {
-    bbb_version=$1
 
     # Setup uEnv.txt
     if grep -q btrfs /etc/fstab ; then
@@ -47,12 +46,9 @@ beaglebone_setup_boot() {
     else
         fstype=ext4
     fi
-    if [ ! $bbb_version ]; then
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack.dtb | head -1 | cut -d/ -f4)
-    else
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack-${1}.dtb | head -1 | cut -d/ -f4)
-    fi
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/am335x-boneblack.dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
@@ -103,7 +99,6 @@ beaglebone_flash() {
 }
 
 beaglebone_repack_kernel() {
-    bbb_version=$1
     # process installed kernel to create uImage, uInitrd, dtb
     # using flash-kernel would be a good approach, except it fails in the
     # cross build environment due to too many environment checks...
@@ -119,12 +114,10 @@ beaglebone_repack_kernel() {
     echo "info: repacking beaglebone kernel and initrd"
 
     bbb_dtb='am335x-boneblack'
-    if [ $bbb_version ]; then
-        bbb_dtb="am335x-boneblack-${bbb_version}"
-    fi
 
-    kernelVersion=$(ls /usr/lib/*/${bbb_dtb}.dtb | head -1 | cut -d/ -f4)
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/${bbb_dtb}.dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
@@ -143,23 +136,23 @@ beaglebone_repack_kernel() {
 
     mkdir /tmp/initrd-repack
 
-    (cd /tmp/initrd-repack ; \
-     zcat /boot/$initRd | cpio -i ; \
+    (cd /tmp/initrd-repack || exit 2468246 ; \
+     zcat "/boot/$initRd" | cpio -i ; \
      rm -f conf/param.conf ; \
      find . | cpio --quiet -o -H newc | \
-         gzip -9 > /boot/$initRd )
+         gzip -9 > "/boot/$initRd" )
 
     rm -rf /tmp/initrd-repack
 
-    (cd /boot ; \
-     cp ${bbb_dtb_file} dtb ; \
-     cat $vmlinuz dtb >> temp-kernel ; \
+    (cd /boot || exit 246824684 ; \
+     cp "${bbb_dtb_file}" dtb ; \
+     cat "$vmlinuz" dtb >> temp-kernel ; \
      mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
              -C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
      rm -f temp-kernel ; \
      mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
              -n "Debian ramdisk ${version}" \
-             -d $initRd uInitrd )
+             -d "$initRd" uInitrd )
 }
 
 a20_setup_boot() {
@@ -171,8 +164,9 @@ a20_setup_boot() {
     else
         fstype=ext4
     fi
-    kernelVersion=$(ls /usr/lib/*/$dtb | head -1 | cut -d/ -f4)
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/$dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
@@ -213,7 +207,7 @@ EOF
 
     # Copy all DTBs
     mkdir -p /boot/dtbs
-    cp /usr/lib/$kernelVersion/* /boot/dtbs
+    cp "/usr/lib/$kernelVersion/*" /boot/dtbs
 
     # extra boot modules
     echo "rtc_sunxi" >> /etc/initramfs-tools/modules
@@ -224,7 +218,7 @@ setup_flash_kernel() {
     if [ ! -d /etc/flash-kernel ] ; then
        mkdir /etc/flash-kernel
     fi
-    echo -n "$1" > /etc/flash-kernel/machine
+    echo "$1" > /etc/flash-kernel/machine
 
     command_line=""
     if [ -n "$2" ] ; then

src/freedombone-image-make

@@ -35,11 +35,11 @@ export TEXTDOMAIN=${PROJECT_NAME}-image-make
 export TEXTDOMAINDIR="/usr/share/locale"
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup"
 
 #set -x # Enable debugging
 
@@ -103,7 +103,7 @@ a20_pkgs="linux-image-armmp-lpae u-boot-tools u-boot u-boot-sunxi"
 # Packages needed for self-hosted development
 dev_pkgs="build-essential devscripts make man-db emacs org-mode git mercurial"
 
-echo Building $MACHINE $PROJECT_NAME for $ARCHITECTURE.
+echo Building "$MACHINE" "$PROJECT_NAME" for "$ARCHITECTURE".
 
 case "$MACHINE" in
     beaglebone)
@@ -164,7 +164,7 @@ for p in $base_pkgs $extra_pkgs; do
 done
 
 # Make sure file is owned by current user, not root
-touch $(dirname $IMAGE)/${PROJECT_NAME}.log
+touch "$(dirname "$IMAGE")/${PROJECT_NAME}.log"
 
 if [ -x vendor/vmdebootstrap/vmdebootstrap ] ; then
     VMDEBOOTSTRAP=vendor/vmdebootstrap/vmdebootstrap
@@ -173,15 +173,15 @@ else
 fi
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
 echo $'Making customised customisation script'
-TEMP_CUSTOMISE=/etc/${PROJECT_NAME}/image-customise
-TEMP_CUSTOMISE2=/tmp/${PROJECT_NAME}-image-customise2
-TEMP_CUSTOMISE3=/tmp/${PROJECT_NAME}-image-customise3
-TEMP_CUSTOMISE4=/tmp/${PROJECT_NAME}-image-customise4
+TEMP_CUSTOMISE="/etc/${PROJECT_NAME}/image-customise"
+TEMP_CUSTOMISE2="/tmp/${PROJECT_NAME}-image-customise2"
+TEMP_CUSTOMISE3="/tmp/${PROJECT_NAME}-image-customise3"
+TEMP_CUSTOMISE4="/tmp/${PROJECT_NAME}-image-customise4"
 
 # cat all the things together
 combine_all_scripts $TEMP_CUSTOMISE2
@@ -191,43 +191,43 @@ if [ ! -f $TEMP_CUSTOMISE2 ]; then
 fi
 
 echo $'Changing values within customised customisation script'
-cp $PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise $TEMP_CUSTOMISE3
-if [ $MYUSERNAME ]; then
-    sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" $TEMP_CUSTOMISE3
+cp "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise" "$TEMP_CUSTOMISE3"
+if [ "$MYUSERNAME" ]; then
+    sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" "$TEMP_CUSTOMISE3"
 fi
-if [ $MYPASSWORD ]; then
-    sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" $TEMP_CUSTOMISE3
+if [ "$MYPASSWORD" ]; then
+    sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" "$TEMP_CUSTOMISE3"
 fi
-sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" $TEMP_CUSTOMISE3
-sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" $TEMP_CUSTOMISE3
-sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" $TEMP_CUSTOMISE3
-sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" $TEMP_CUSTOMISE3
-sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" $TEMP_CUSTOMISE3
-sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" $TEMP_CUSTOMISE3
-sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" $TEMP_CUSTOMISE3
-sed -i 's|#!/bin/bash||g' $TEMP_CUSTOMISE3
+sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" "$TEMP_CUSTOMISE3"
+sed -i 's|#!/bin/bash||g' "$TEMP_CUSTOMISE3"
 
 cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4
 if [ -f $TEMP_CUSTOMISE ]; then
@@ -256,19 +256,19 @@ sudo -H \
      SOURCE="$SOURCE" \
      CUSTOM_SETUP="$CUSTOM_SETUP" \
      $VMDEBOOTSTRAP \
-     --log $(dirname $IMAGE)/${PROJECT_NAME}.log \
+     --log "$(dirname "$IMAGE")/${PROJECT_NAME}.log" \
      --log-level debug \
-     --size $IMAGE_SIZE \
-     --image $IMAGE.img \
+     --size "$IMAGE_SIZE" \
+     --image "$IMAGE.img" \
      --hostname ${PROJECT_NAME} \
      --verbose \
-     --mirror $BUILD_MIRROR \
+     --mirror "$BUILD_MIRROR" \
      --customize "$TEMP_CUSTOMISE" \
      --lock-root-password \
-     --arch $ARCHITECTURE \
-     --distribution $SUITE \
-     $extra_opts \
-     $pkgopts
+     --arch "$ARCHITECTURE" \
+     --distribution "$SUITE" \
+     "$extra_opts" \
+     "$pkgopts"
 
 echo $'Removing customised customisation script'
 sudo shred -zu $TEMP_CUSTOMISE

src/freedombone-image-vmdebootstrap

@@ -36,7 +36,7 @@ VMDEBOOTSTRAP_BRANCH='bashrc/freedombone'
 
 mkdir -p vendor
 if [ -d vendor/vmdebootstrap ] ; then
-    (cd vendor/vmdebootstrap; git checkout .; git pull)
+    (cd vendor/vmdebootstrap || exit 246824624; git checkout .; git pull)
 else
     git clone $VMDEBOOTSTRAP_REPO vendor/vmdebootstrap
 fi
@@ -103,5 +103,5 @@ EOF
     sudo mv /tmp/ubuntu.csv /usr/share/distro-info/
 fi
 
-cd vendor/vmdebootstrap
+cd vendor/vmdebootstrap || exit 2648726446
 git checkout $VMDEBOOTSTRAP_BRANCH

src/freedombone-keydrive

@@ -48,7 +48,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -87,17 +87,17 @@ do
     shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     echo $'No username given'
     exit 69350
 fi
 
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"Home directory for $MY_USERNAME not found. This user may not exist on the system"
     exit 72378
 fi
 
-if [ ! -b $USB_DRIVE ]; then
+if [ ! -b "$USB_DRIVE" ]; then
     echo $'Please attach a USB drive'
     exit 65743
 fi
@@ -113,18 +113,15 @@ cryptsetup luksClose encrypted_usb
 
 # optionally format the drive
 if [[ $FORMAT == "yes" ]]; then
-    ${PROJECT_NAME}-format ${USB_DRIVE::-1}
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-format" "${USB_DRIVE::-1}"; then
         exit 36823
     fi
 fi
 
-cryptsetup luksOpen $USB_DRIVE encrypted_usb
-if [ "$?" = "0" ]; then
+if cryptsetup luksOpen "$USB_DRIVE" encrypted_usb; then
     USB_DRIVE=/dev/mapper/encrypted_usb
 fi
-mount $USB_DRIVE $USB_MOUNT
-if [ ! "$?" = "0" ]; then
+if ! mount $USB_DRIVE $USB_MOUNT; then
     echo $"There was a problem mounting the USB drive to $USB_MOUNT"
     rm -rf $USB_MOUNT
     exit 78543
@@ -132,7 +129,7 @@ fi
 
 # optionally create a master drive which contains the full GPG keyring
 if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; then
-    if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+    if [ ! -d "/home/$MY_USERNAME/.gnupg" ]; then
         echo $"No .gnupg directory was found for $MY_USERNAME"
         umount -f $USB_MOUNT
         rm -rf $USB_MOUNT
@@ -145,11 +142,11 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     export GPG_TTY
 
     USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-    GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
+    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
+    GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
 
     gpgerrstr=$'error'
-    gpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_ID)
+    gpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_ID")
     if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting public gpg key'
         echo "$gpgkey"
@@ -157,7 +154,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     fi
     echo ''
     echo $'Enter your gpg private key passphrase:'
-    gpgprivkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_ID)
+    gpgprivkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_ID")
     if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting private gpg key'
         echo "$gpgprivkey"
@@ -168,13 +165,13 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     # Dummy password to get around not being able to create a key without passphrase
     BACKUP_DUMMY_PASSWORD='backup'
 
-    backupgpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_BACKUP_ID)
+    backupgpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_BACKUP_ID")
     if [[ "$backupgpgkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting public gpg backup key'
         echo "$backupgpgkey"
         exit 735282
     fi
-    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_BACKUP_ID)
+    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_BACKUP_ID")
     if [[ "$backupgpgprivkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting private gpg backup key'
         echo "$backupgpgprivkey"
@@ -187,7 +184,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
     echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
 
-    cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
+    cp -rf "/home/$MY_USERNAME/.gnupg" $USB_MOUNT
 
     if [ -d /etc/letsencrypt ]; then
         cp -rf /etc/letsencrypt $USB_MOUNT
@@ -220,25 +217,25 @@ fi
 FRAGMENTS_DIR=$FRAGMENTS_DIR/$MY_USERNAME
 
 # make a directory to contain the fragments
-if [ ! -d $FRAGMENTS_DIR ]; then
-    mkdir -p $FRAGMENTS_DIR
+if [ ! -d "$FRAGMENTS_DIR" ]; then
+    mkdir -p "$FRAGMENTS_DIR"
     echo $"Made directory $FRAGMENTS_DIR"
 fi
-if [ ! -d $FRAGMENTS_DIR ]; then
+if [ ! -d "$FRAGMENTS_DIR" ]; then
     echo $"There was a problem making the directory $FRAGMENTS_DIR"
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 6843
 fi
 
-cd $FRAGMENTS_DIR
-no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l)
-if [ ! "$?" = "0" ]; then
+cd "$FRAGMENTS_DIR" || exit 13389478368
+# shellcheck disable=SC2012
+if ! no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l); then
     no_of_usb_shares=0
 fi
 if (( no_of_usb_shares > 0 )); then
     echo $"A key fragment already exists on the drive for the user $MY_USERNAME"
-    cd ~/
+    cd ~/ || exit 34678264583
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 58945
@@ -247,43 +244,44 @@ fi
 # copy a random fragment to the drive
 LOCAL_FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
 
-if [ ! -d $LOCAL_FRAGMENTS_DIR ]; then
-    ${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS
+if [ ! -d "$LOCAL_FRAGMENTS_DIR" ]; then
+    "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
 fi
 
-cd $LOCAL_FRAGMENTS_DIR
-no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l)
-if [ ! "$?" = "0" ]; then
+cd "$LOCAL_FRAGMENTS_DIR" || exit 7822452644
+# shellcheck disable=SC2012
+if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
     no_of_local_shares=0
 fi
 if (( no_of_local_shares < 3 )); then
-    ${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS
-    cd $LOCAL_FRAGMENTS_DIR
-    no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l)
-    if [ ! "$?" = "0" ]; then
+    "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
+    cd "$LOCAL_FRAGMENTS_DIR" || exit 724524242
+    # shellcheck disable=SC2012
+    if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
         no_of_local_shares=0
     fi
 fi
 
 if (( no_of_local_shares < 3 )); then
     echo $"Not enough key fragments available ${no_of_local_shares}"
-    cd ~/
+    cd ~/ || exit 7245267457
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 63386
 fi
 
-share_files=($LOCAL_FRAGMENTS_DIR/keyshare.asc.*)
+share_files=("$LOCAL_FRAGMENTS_DIR/keyshare.asc.*")
 SHARE_FILENAME=${share_files[RANDOM % ${#share_files[@]}]}
 
-cp -f $SHARE_FILENAME $FRAGMENTS_DIR
-cd $FRAGMENTS_DIR
+cp -f "$SHARE_FILENAME" "$FRAGMENTS_DIR"
+cd "$FRAGMENTS_DIR" || exit 2543244726
+# shellcheck disable=SC2012
 no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l)
 echo $"Number of fragments on the drive: ${no_of_usb_shares}"
 if (( no_of_usb_shares > 1 )); then
     echo $"Too many key fragments exist in $FRAGMENTS_DIR"
-    ls $FRAGMENTS_DIR
-    cd ~/
+    ls "$FRAGMENTS_DIR"
+    cd ~/ || 357836582645
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 54292
@@ -291,14 +289,14 @@ fi
 if (( no_of_usb_shares <= 0 )); then
     echo $"There was a problem copying the key fragment to $USB_DRIVE"
     echo $"Files found: ${no_of_usb_shares}"
-    ls $FRAGMENTS_DIR
-    cd ~/
+    ls "$FRAGMENTS_DIR"
+    cd ~/ || exit 743452452
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 54292
 fi
 
-cd ~/
+cd ~/ || exit 245672457
 umount -f $USB_MOUNT
 rm -rf $USB_MOUNT
 echo $"Key fragment copied to $USB_DRIVE. You may now remove the drive."

src/freedombone-logging

@@ -42,28 +42,28 @@ REMOVE_FILES_COMMAND='rm -rf'
 
 source /usr/local/bin/${PROJECT_NAME}-vars
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 APPS_AVAILABLE=()
 
 function logging_get_app_names {
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     for filename in $FILES
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-        if grep -q "logging_on_" ${filename}; then
-            if grep -q "logging_off_" ${filename}; then
+        if grep -q "logging_on_" "${filename}"; then
+            if grep -q "logging_off_" "${filename}"; then
                 APPS_AVAILABLE+=("${app_name}")
             fi
         fi
@@ -76,7 +76,7 @@ function turn_logging_on {
     for a in "${APPS_AVAILABLE[@]}"
     do
         echo $"Turning on logging for ${a}"
-        logging_on_${a}
+        "logging_on_${a}"
     done
 }
 
@@ -86,7 +86,7 @@ function turn_logging_off {
     for a in "${APPS_AVAILABLE[@]}"
     do
         echo $"Turning off logging for ${a}"
-        logging_off_${a}
+        "logging_off_${a}"
     done
 }
 
@@ -162,14 +162,14 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
         fi
         for filename in /etc/nginx/sites-available/* ; do
             filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')
-            sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" $filename
-            sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" $filename
+            sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" "$filename"
+            sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" "$filename"
         done
         sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf
         sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf
     fi
     if [ -f /etc/init.d/spamassassin ]; then
-        sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
+        sed -i "s|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
     fi
     if [ -d /etc/exim4 ]; then
         if [ ! -d /var/log/exim4 ]; then
@@ -211,16 +211,16 @@ else
     fi
     if [ -d /etc/nginx ]; then
         for filename in /etc/nginx/sites-available/* ; do
-            sed -i 's|access_log.*|access_log /dev/null;|g' $filename
-            sed -i 's|warn_log.*|warn_log /dev/null;|g' $filename
-            sed -i 's|error_log.*|error_log /dev/null;|g' $filename
+            sed -i 's|access_log.*|access_log /dev/null;|g' "$filename"
+            sed -i 's|warn_log.*|warn_log /dev/null;|g' "$filename"
+            sed -i 's|error_log.*|error_log /dev/null;|g' "$filename"
         done
         sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
         sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
         $REMOVE_FILES_COMMAND /var/log/nginx/*
     fi
     if [ -f /etc/init.d/spamassassin ]; then
-        sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
+        sed -i "s|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
     fi
     if [ -d /etc/exim4 ]; then
         sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs

src/freedombone-mesh-batman

@@ -29,7 +29,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=/root/${PROJECT_NAME}-completed.txt
+COMPLETION_FILE="/root/${PROJECT_NAME}-completed.txt"
 
 # hotspot passphrase must be 5 characters or longer
 HOTSPOT_PASSPHRASE="${PROJECT_NAME}"
@@ -40,28 +40,29 @@ source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh
 mesh_protocol_init
 update_wifi_adaptors
 
-if [ ! $IFACE ]; then
+if [ ! "$IFACE" ]; then
     echo $'No wlan adaptor'
     exit 0
 fi
 
 if [ -e /etc/default/batctl ]; then
+    # shellcheck disable=SC1091
     . /etc/default/batctl
 fi
 
 function status {
     batctl o
 
-    if grep -q "bmx6" $MESH_CURRENT_PROTOCOL; then
+    if grep -q "bmx6" "$MESH_CURRENT_PROTOCOL"; then
         bmx6 -c show=originators
     fi
-    if grep -q "bmx7" $MESH_CURRENT_PROTOCOL; then
+    if grep -q "bmx7" "$MESH_CURRENT_PROTOCOL"; then
         bmx7 -c show=originators
     fi
 }
 
 function stop {
-    if [ ! -f $MESH_CURRENT_PROTOCOL ]; then
+    if [ ! -f "$MESH_CURRENT_PROTOCOL" ]; then
         return
     fi
 
@@ -81,32 +82,33 @@ function stop {
     systemctl stop dnsmasq
     systemctl disable dnsmasq
 
+    # shellcheck disable=SC2153
     if [ "$EIFACE" ]; then
-        brctl delif $BRIDGE bat0
-        ifconfig $BRIDGE down || true
-        ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
+        brctl delif "$BRIDGE" bat0
+        ifconfig "$BRIDGE" down || true
+        ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
         if [[ "$ethernet_connected" != "0" ]]; then
             systemctl stop hostapd
-            brctl delif $BRIDGE $EIFACE
-            ifconfig $EIFACE down -promisc
+            brctl delif "$BRIDGE" "$EIFACE"
+            ifconfig "$EIFACE" down -promisc
         fi
-        brctl delbr $BRIDGE
+        brctl delbr "$BRIDGE"
     fi
 
     ifconfig bat0 down -promisc
 
-    batctl if del $IFACE
-    ifconfig $IFACE mtu 1500
-    ifconfig $IFACE down
-    iwconfig $IFACE mode managed
+    batctl if del "$IFACE"
+    ifconfig "$IFACE" mtu 1500
+    ifconfig "$IFACE" down
+    iwconfig "$IFACE" mode managed
 
-    if [ $IFACE_SECONDARY ]; then
+    if [ "$IFACE_SECONDARY" ]; then
         systemctl stop hostapd
         systemctl disable hostapd
-        batctl if del $IFACE_SECONDARY
-        ifconfig $IFACE_SECONDARY mtu 1500
-        ifconfig $IFACE_SECONDARY down
-        iwconfig $IFACE_SECONDARY mode managed
+        batctl if del "$IFACE_SECONDARY"
+        ifconfig "$IFACE_SECONDARY" mtu 1500
+        ifconfig "$IFACE_SECONDARY" down
+        iwconfig "$IFACE_SECONDARY" mode managed
     fi
 
     rmmod batman-adv
@@ -115,55 +117,56 @@ function stop {
 
     systemctl restart network-manager
 
-    if [ -f $MESH_CURRENT_PROTOCOL ]; then
-        rm $MESH_CURRENT_PROTOCOL
+    if [ -f "$MESH_CURRENT_PROTOCOL" ]; then
+        rm "$MESH_CURRENT_PROTOCOL"
     fi
 }
 
 function verify {
     tempfile="$(mktemp)"
-    batctl o > $tempfile
-    if grep -q "disabled" $tempfile; then
+    batctl o > "$tempfile"
+    if grep -q "disabled" "$tempfile"; then
         echo $'B.A.T.M.A.N. not enabled'
-        rm $tempfile
+        rm "$tempfile"
         stop
         exit 726835
     fi
     echo $'B.A.T.M.A.N. is running'
-    rm $tempfile
+    rm "$tempfile"
 }
 
 function add_wifi_interface {
     ifname=$1
     ifssid=$WIFI_SSID
-    if [ $2 ]; then
+    if [ "$2" ]; then
         ifssid=$2
     fi
     ifmode=ad-hoc
-    if [ $3 ]; then
+    if [ "$3" ]; then
         ifmode=$3
     fi
     ifchannel=$CHANNEL
-    if [ $4 ]; then
+    if [ "$4" ]; then
         ifchannel=$4
     fi
 
-    ifconfig $ifname down
-    ifconfig $ifname mtu 1532
+    ifconfig "$ifname" down
+    ifconfig "$ifname" mtu 1532
     peermac=$(assign_peer_address)
-    if [ ! $peermac ]; then
+    if [ ! "$peermac" ]; then
         echo $"Unable to obtain MAC address for $peermac on $ifname"
         return
     fi
-    ifconfig $ifname hw ether $peermac
+    ifconfig "$ifname" hw ether "$peermac"
     echo $"$ifname assigned MAC address $peermac"
-    iwconfig $ifname enc off
-    iwconfig $ifname mode $ifmode essid $ifssid channel $ifchannel
+    iwconfig "$ifname" enc off
+    iwconfig "$ifname" mode "$ifmode" essid "$ifssid" channel "$ifchannel"
 
-    batctl if add $ifname
-    ifconfig $ifname up
+    batctl if add "$ifname"
+    ifconfig "$ifname" up
 }
 
+# shellcheck disable=SC2120
 function start {
     update_wifi_adaptors
 
@@ -188,11 +191,11 @@ function start {
     global_rate_limit
 
     # Might have to re-enable wifi
-    rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true
+    rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
 
     secondary_wifi_available=
-    if [ $IFACE_SECONDARY ]; then
-        if [[ $IFACE != $IFACE_SECONDARY ]]; then
+    if [ "$IFACE_SECONDARY" ]; then
+        if [[ "$IFACE" != "$IFACE_SECONDARY" ]]; then
             if [ -d /etc/hostapd ]; then
                 if [ ${#HOTSPOT_PASSPHRASE} -gt 4 ]; then
                     secondary_wifi_available=1
@@ -215,23 +218,23 @@ function start {
     sed -i "s|ExecStart=.*|ExecStart=/usr/local/bin/babeld ${IFACE}|g" /etc/systemd/system/babel.service
     systemctl daemon-reload
 
-    add_wifi_interface $IFACE $WIFI_SSID ad-hoc $CHANNEL
+    add_wifi_interface "$IFACE" "$WIFI_SSID" ad-hoc "$CHANNEL"
 
     # NOTE: Don't connect the secondary wifi device. hostapd will handle that by itself
 
     ifconfig bat0 up promisc
 
-    brctl addbr $BRIDGE
-    brctl addif $BRIDGE bat0
+    brctl addbr "$BRIDGE"
+    brctl addif "$BRIDGE" bat0
     ifconfig bat0 0.0.0.0
     ethernet_connected='0'
     if [ "$EIFACE" ] ; then
-        ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
+        ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
         if [[ "$ethernet_connected" != "0" ]]; then
             echo $'Trying ethernet bridge to the internet'
-            brctl addif $BRIDGE $EIFACE
-            ifconfig $EIFACE 0.0.0.0
-            ifconfig $EIFACE up promisc
+            brctl addif "$BRIDGE" "$EIFACE"
+            ifconfig "$EIFACE" 0.0.0.0
+            ifconfig "$EIFACE" up promisc
             echo $'End of ethernet bridge'
 
             sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx6 dev=${IFACE} dev=${EIFACE}|g" /etc/systemd/system/bmx6.service
@@ -243,8 +246,8 @@ function start {
             echo $"$EIFACE is not connected"
         fi
     fi
-    ifconfig $BRIDGE up
-    dhclient $BRIDGE
+    ifconfig "$BRIDGE" up
+    dhclient "$BRIDGE"
 
     enable_mesh_seconary_wifi
 
@@ -257,34 +260,34 @@ function start {
 
     systemctl restart nginx
 
-    if [ ! -f $MESH_DEFAULT_PROTOCOL ]; then
-        echo 'bmx6' > $MESH_DEFAULT_PROTOCOL
+    if [ ! -f "$MESH_DEFAULT_PROTOCOL" ]; then
+        echo 'bmx6' > "$MESH_DEFAULT_PROTOCOL"
     fi
 
-    if grep -q "bmx6" $MESH_DEFAULT_PROTOCOL; then
+    if grep -q "bmx6" "$MESH_DEFAULT_PROTOCOL"; then
         systemctl enable bmx6
         systemctl restart bmx6
         sed -i 's|<type>.*|<type>_bmx6._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "bmx7" $MESH_DEFAULT_PROTOCOL; then
+    if grep -q "bmx7" "$MESH_DEFAULT_PROTOCOL"; then
         systemctl enable bmx7
         systemctl restart bmx7
         sed -i 's|<type>.*|<type>_bmx7._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "olsr" $MESH_DEFAULT_PROTOCOL; then
-        IFACE=$(cat /etc/systemd/system/olsr2.service | grep ExecStart | awk -F ' ' '{print $2}')
-        mesh_generate_ipv6_address $IFACE
+    if grep -q "olsr" "$MESH_DEFAULT_PROTOCOL"; then
+        IFACE=$(grep ExecStart "/etc/systemd/system/olsr2.service" | awk -F ' ' '{print $2}')
+        mesh_generate_ipv6_address "$IFACE"
 
         systemctl enable olsr2
         systemctl restart olsr2
         sed -i 's|<type>.*|<type>_olsr2._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "babel" $MESH_DEFAULT_PROTOCOL; then
-        IFACE=$(cat /etc/systemd/system/babel.service | grep ExecStart | awk -F ' ' '{print $2}')
-        mesh_generate_ipv6_address $IFACE
+    if grep -q "babel" "$MESH_DEFAULT_PROTOCOL"; then
+        IFACE=$(grep ExecStart /etc/systemd/system/babel.service | awk -F ' ' '{print $2}')
+        mesh_generate_ipv6_address "$IFACE"
 
         systemctl enable babel
         systemctl restart babel
@@ -295,7 +298,7 @@ function start {
 
     verify
 
-    echo "$(cat $MESH_DEFAULT_PROTOCOL)" > $MESH_CURRENT_PROTOCOL
+    cat "$MESH_DEFAULT_PROTOCOL" > "$MESH_CURRENT_PROTOCOL"
 }
 
 function monitor {
@@ -329,32 +332,33 @@ function monitor {
     echo ''
 
     # Might have to re-enable wifi
-    rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true
+    rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
 
-    ifconfig $IFACE down
-    ifconfig $IFACE mtu 1532
-    ifconfig $IFACE hw ether $(assign_peer_address)
-    iwconfig $IFACE enc off
-    iwconfig $IFACE mode monitor channel $CHANNEL
+    ifconfig "$IFACE" down
+    ifconfig "$IFACE" mtu 1532
+    ifconfig "$IFACE" hw ether "$(assign_peer_address)"
+    iwconfig "$IFACE" enc off
+    iwconfig "$IFACE" mode monitor channel "$CHANNEL"
     sleep 1
-    iwconfig $IFACE ap $CELLID
+    iwconfig "$IFACE" ap "$CELLID"
 
     modprobe batman-adv
-    batctl if add $IFACE
-    ifconfig $IFACE up
+    batctl if add "$IFACE"
+    ifconfig "$IFACE" up
 
-    horst -i $IFACE
+    horst -i "$IFACE"
 
     clear
     echo ''
     echo $'*** Restarting the network daemon. This may take a while. ***'
     echo ''
 
+    # shellcheck disable=SC2119
     start
 }
 
 if ! grep -q "$IFACE" /proc/net/dev; then
-    echo 'Interface $IFACE was not found'
+    echo "Interface \$IFACE was not found"
     stop
     exit 1
 fi
@@ -374,10 +378,11 @@ case "$1" in
         echo ''
         echo $'*** Starting mesh network connection ***'
         echo ''
+        # shellcheck disable=SC2119
         start
         ;;
     ping)
-        batctl ping $2
+        batctl ping "$2"
         ;;
     data)
         watch -n1 "batctl s | grep mgmt | grep bytes"
@@ -387,7 +392,7 @@ case "$1" in
         ;;
     *)
         echo "error: invalid parameter $1"
-        echo 'usage: $0 {start|stop|restart|status|ping|ls|list}'
+        echo "usage: \$0 {start|stop|restart|status|ping|ls|list}"
         exit 2
         ;;
 esac

src/freedombone-mesh-blog

@@ -42,17 +42,17 @@ BLOG_EDITOR='pluma'
 DEFAULT_BLOG_TITLE=$"Freedombone Blog"
 
 function remove_bad_blog_links {
-    find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
 }
 
 function ipfs_publish {
     DIR_TO_CHECK=/home/$USER/Public
-    if [ ! -d $DIR_TO_CHECK ]; then
+    if [ ! -d "$DIR_TO_CHECK" ]; then
         return
     fi
 
@@ -60,13 +60,13 @@ function ipfs_publish {
     echo $'Publishing to IPFS. This may take some time...'
 
     OLD_STAT_FILE=/home/$USER/.old_stat.txt
-    NEW_STAT=$(stat -t $DIR_TO_CHECK)
-    echo $($IPFS_COMMAND add -rq /home/$USER/Public | tail -n 1) > $IPFS_PUBLIC
-    echo "$NEW_STAT" > $OLD_STAT_FILE
+    NEW_STAT=$(stat -t "$DIR_TO_CHECK")
+    $IPFS_COMMAND add -rq "/home/$USER/Public" | tail -n 1 > "$IPFS_PUBLIC"
+    echo "$NEW_STAT" > "$OLD_STAT_FILE"
 
-    if [ -f $IPFS_PUBLIC ]; then
-        IPFS_PUBLIC_ID=$(cat $IPFS_PUBLIC)
-        $IPFS_COMMAND name publish /ipfs/$IPFS_PUBLIC_ID
+    if [ -f "$IPFS_PUBLIC" ]; then
+        IPFS_PUBLIC_ID=$(cat "$IPFS_PUBLIC")
+        $IPFS_COMMAND name publish "/ipfs/$IPFS_PUBLIC_ID"
     fi
 }
 
@@ -75,7 +75,7 @@ function regenerate_blog {
     echo ''
     echo $'Regenerating blog...'
 
-    cd $BLOG_PATH
+    cd $BLOG_PATH || exit 246872648
     if grep -q "SITENAME=u'${DEFAULT_BLOG_TITLE}'" $BLOG_PATH/pelicanconf.py; then
         TOX_NICK=$(toxid --showuser)
         BLOG_TITLE=$"${TOX_NICK}'s Blog"
@@ -83,7 +83,7 @@ function regenerate_blog {
     fi
     make html
 
-    cd $BLOG_PATH
+    cd $BLOG_PATH || exit 23682468
     remove_bad_blog_links
 
     ipfs_publish
@@ -97,19 +97,19 @@ function view_blog {
 function new_blog {
     DATESTR=$(date "+%Y-%m-%d %H:%M:%S")
 
-    echo $'Title: Blog Post Title' > ~/.new-blog-entry
-    echo $"Date: ${DATESTR}" >> ~/.new-blog-entry
-    echo $"Author: $(toxid --showuser)" >> ~/.new-blog-entry
-    echo $'Category: default' >> ~/.new-blog-entry
-    echo $'Tags: blog, tag' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo $'Add your text here' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ' >> ~/.new-blog-entry
-    echo $'then link to it with:' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo $'![My image]({filename}images/myimage.jpg)' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
+    { echo $'Title: Blog Post Title';
+      echo $"Date: ${DATESTR}";
+      echo $"Author: $(toxid --showuser)";
+      echo $'Category: default';
+      echo $'Tags: blog, tag';
+      echo  '';
+      echo $'Add your text here';
+      echo  '';
+      echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ';
+      echo $'then link to it with:';
+      echo  '';
+      echo $'![My image]({filename}images/myimage.jpg)';
+      echo  ''; } > ~/.new-blog-entry
 
     $BLOG_EDITOR ~/.new-blog-entry
 
@@ -119,26 +119,26 @@ function new_blog {
     if grep -q $"Blog Post Title" ~/.new-blog-entry; then
         return
     fi
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
-        echo '0' > $CURRENT_BLOG_INDEX
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
+        echo '0' > "$CURRENT_BLOG_INDEX"
     fi
 
     # move to the content directory
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
-    mv ~/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
+    mv ~/.new-blog-entry "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"
 
     # increment the index
     CURRENT_INDEX=$((CURRENT_INDEX + 1))
-    echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX
+    echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
 
     regenerate_blog
 }
 
 function edit_blog {
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
         return
     fi
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
     if [ ! -f $LAST_BLOG_ENTRY ]; then
@@ -149,23 +149,23 @@ function edit_blog {
 }
 
 function delete_blog {
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
         return
     fi
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
     if [ ! -f $LAST_BLOG_ENTRY ]; then
         return
     fi
 
-    if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then
+    if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then
         rm $LAST_BLOG_ENTRY
-        if [ $CURRENT_INDEX -gt 0 ]; then
+        if [ "$CURRENT_INDEX" -gt 0 ]; then
             CURRENT_INDEX=$PREVIOUS_INDEX
-            echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX
+            echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
         else
-            rm -f $CURRENT_BLOG_INDEX
+            rm -f "$CURRENT_BLOG_INDEX"
         fi
         regenerate_blog
     fi
@@ -180,8 +180,8 @@ function change_theme {
 
     n=1
     curr_theme_index=
-    if [ -f /home/$USER/.blog-theme-index ]; then
-        curr_theme_index=$(cat /home/$USER/.blog-theme-index)
+    if [ -f "/home/$USER/.blog-theme-index" ]; then
+        curr_theme_index=$(cat "/home/$USER/.blog-theme-index")
     fi
     if [ -f /tmp/.blog-themes ]; then
         rm /tmp/.blog-themes
@@ -189,10 +189,11 @@ function change_theme {
     for a in "${THEMES[@]}"
     do
         echo "$n $a" >> /tmp/.blog-themes
-        n=$[n+1]
+        n=$((n+1))
     done
 
     CHOSEN_THEME_INDEX=$(
+    # shellcheck disable=SC2002
     cat /tmp/.blog-themes | \
         awk -F ' ' '{
         for(i=1;i<=NF;i++){
@@ -204,15 +205,15 @@ function change_theme {
            --column=$'Index' --column=$'Theme' \
            --print-column=1 --hide-column=1 --width=300 --height=400)
     rm /tmp/.blog-themes
-    if [ ! $CHOSEN_THEME_INDEX ]; then
+    if [ ! "$CHOSEN_THEME_INDEX" ]; then
         exit 1
     fi
 
-    echo "$CHOSEN_THEME_INDEX" > /home/$USER/.blog-theme-index
+    echo "$CHOSEN_THEME_INDEX" > "/home/$USER/.blog-theme-index"
     CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))
 
     CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}
-    cd cd $BLOG_PATH/themes/$CHOSEN_THEME
+    cd "$BLOG_PATH/themes/$CHOSEN_THEME" || exit 346746824
     remove_bad_blog_links
     if grep -q "THEME=" $BLOG_PATH/pelicanconf.py; then
         sed -i "s|THEME=.*|THEME='themes/${CHOSEN_THEME}'|g" $BLOG_PATH/pelicanconf.py

src/freedombone-mesh-connect

@@ -54,7 +54,8 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 246872464
+    # shellcheck disable=SC1091
     . ./vars
     ./clean-all
     vpn_openssl_version='1.0.0'
@@ -147,12 +148,12 @@ function mesh_setup_vpn {
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
 
     # create an archive of the vpn client files
-    cd /home/$MY_USERNAME
+    cd /home/$MY_USERNAME || exit 346825628354
     tar -czvf vpn.tar.gz stunnel* client.ovpn
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz
 
     if [ -f vpn.tar.gz ]; then
-        zenity --info --title $"Generate VPN client keys" --text $"\nNew VPN client keys have been generated in the /home/fbone directory.\n\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\n\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600
+        zenity --info --title $"Generate VPN client keys" --text $"\\nNew VPN client keys have been generated in the /home/fbone directory.\\n\\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\\n\\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600
     fi
 }
 
@@ -190,7 +191,7 @@ function connect_to_mesh {
                     sed -i "s|route .*|route $ip_or_domain 255.255.255.255 net_gateway|g" ~/client.ovpn
 
                     clear
-                    cd ~/
+                    cd ~/ || exit 234628422874
                     sudo stunnel stunnel-client.conf
                     sudo openvpn client.ovpn
                 fi

src/freedombone-mesh-install

@@ -108,26 +108,26 @@ function mesh_avahi {
     fi
 
     # Add a mesh routing protocol service
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/routing.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/routing.service
-    echo '<service-group>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <name replace-wildcards="yes">%h routing</name>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '    <type>_bmx6._tcp</type>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  </service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '</service-group>' >> $rootdir/etc/avahi/services/routing.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h routing</name>';
+      echo '  <service>';
+      echo '    <type>_bmx6._tcp</type>';
+      echo '  </service>';
+      echo '</service-group>'; } > "$rootdir/etc/avahi/services/routing.service"
 
     # keep the daemon running
     WATCHDOG_SCRIPT_NAME="keepon"
-    echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    { echo '';
+    echo '# keep avahi daemon running';
+    echo "AVAHI_RUNNING=\$(pgrep avahi-daemon > /dev/null && echo Running)";
+    echo "if [ ! \$AVAHI_RUNNING ]; then";
+    echo '  systemctl start avahi-daemon';
+    echo "  echo -n \$CURRENT_DATE >> \$LOGFILE";
+    echo "  echo \" Avahi daemon restarted\" >> \$LOGFILE";
+    echo 'fi'; } >> "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
+    chmod +x "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
 }
 
 function install_batman_remove {
@@ -154,23 +154,23 @@ function install_batman {
     fi
 
     BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
-    echo '[Unit]' > $BATMAN_DAEMON
-    echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
-    echo 'After=network.target' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Service]' >> $BATMAN_DAEMON
-    echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
-    echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
-    echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
-    echo 'Restart=on-failure' >> $BATMAN_DAEMON
-    echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
-    echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
-    echo 'TimeoutSec=300' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Install]' >> $BATMAN_DAEMON
-    echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+    { echo '[Unit]';
+      echo 'Description=B.A.T.M.A.N. Advanced';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'RemainAfterExit=yes';
+      echo "ExecStart=/var/lib/batman start";
+      echo "ExecStop=/var/lib/batman stop";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '# Allow time for the server to start/stop';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
     $CHROOT_PREFIX systemctl enable batman
 }
 
@@ -178,79 +178,79 @@ function mesh_firewall {
     FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
     MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
 
-    echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+    { echo '#!/bin/bash';
+      echo 'iptables -P INPUT ACCEPT';
+      echo 'ip6tables -P INPUT ACCEPT';
+      echo 'iptables -F';
+      echo 'ip6tables -F';
+      echo 'iptables -t nat -F';
+      echo 'ip6tables -t nat -F';
+      echo 'iptables -X';
+      echo 'ip6tables -X';
+      echo 'iptables -P INPUT DROP';
+      echo 'ip6tables -P INPUT DROP';
+      echo 'iptables -A INPUT -i lo -j ACCEPT';
+      echo 'ip6tables -A INPUT -i lo -j ACCEPT';
+      echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo '';
+      echo '# Make sure incoming tcp connections are SYN packets';
+      echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo '';
+      echo '# Drop packets with incoming fragments';
+      echo 'iptables -A INPUT -f -j DROP';
+      echo 'ip6tables -A INPUT -f -j DROP';
+      echo '';
+      echo '# Drop bogons';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo '';
+      echo '# Incoming malformed NULL packets:';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo '';
+      echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
 
-    echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+      echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT";
 
-    echo '# OLSR2/MANET' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+      echo '# OLSR2/MANET';
+      echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT';
+      echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT';
 
-    echo '# Babel' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+      echo '# Babel';
+      echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT'; } > "$MESH_FIREWALL_SCRIPT"
     chmod +x $MESH_FIREWALL_SCRIPT
 
-    echo '[Unit]' > $FIREWALL_FILENAME
-    echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Service]' >> $FIREWALL_FILENAME
-    echo 'Type=oneshot' >> $FIREWALL_FILENAME
-    echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
-    echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Install]' >> $FIREWALL_FILENAME
-    echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
+    { echo '[Unit]';
+      echo 'Description=Mesh Firewall';
+      echo '';
+      echo '[Service]';
+      echo 'Type=oneshot';
+      echo 'ExecStart=/usr/bin/mesh-firewall';
+      echo 'RemainAfterExit=no';
+      echo '';
+      echo 'TimeoutSec=30';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $FIREWALL_FILENAME
     chmod +x $FIREWALL_FILENAME
     $CHROOT_PREFIX systemctl enable meshfirewall
 }
@@ -275,7 +275,7 @@ function mesh_tox_client_toxic_from_repo {
     echo "Toxic Installed."
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -290,7 +290,7 @@ do
         -r|--rootdir)
             shift
             rootdir="$1"
-            CHROOT_PREFIX='chroot "${rootdir}"'
+            CHROOT_PREFIX="chroot \"\${rootdir}\""
             ;;
         -w|--wifi|--interface)
             shift

src/freedombone-mesh-invite

@@ -35,13 +35,13 @@ invite=$(sudo -- bash -c 'su -c "sbot invite.create 1" - scuttlebot' | awk -F '"
 
 if [ ${#invite} -lt 10 ]; then
    dialog --title $"Create Invite" \
-          --msgbox $"\nThe invite could not be created" 7 70
+          --msgbox $"\\nThe invite could not be created" 7 70
    exit 1
 fi
 
 echo "$invite" | xclip -selection c
 
 dialog --title $"Create Invite" \
-       --msgbox $"\nThe invite has been copied to the clipboard.\n\nYou can paste it with CTRL+v" 9 70
+       --msgbox $"\\nThe invite has been copied to the clipboard.\\n\\nYou can paste it with CTRL+v" 9 70
 
 exit 0

src/freedombone-mesh-reset

@@ -43,12 +43,12 @@ if ! zenity --question --title=$'New Identity' --text=$"Do you want to reset you
     sudo pkill midori
     sudo pkill patchwork
     sudo rm -f $MESH_INSTALL_COMPLETED
-    sudo ${PROJECT_NAME}-image-mesh $USER new
+    sudo "${PROJECT_NAME}-image-mesh" "$USER" new
 
     sudo batman start
 
-    if [ -f $HOME/mesh-desktop.sh ]; then
-        $HOME/mesh-desktop.sh
+    if [ -f "$HOME/mesh-desktop.sh" ]; then
+        "$HOME/mesh-desktop.sh"
     else
         zenity --info --title=$"New Identity" --text=$"You now have a new identity" --width=200
     fi

src/freedombone-mesh-routing

@@ -31,34 +31,34 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-mesh-routing
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi"
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh"
 
 function mesh_stop_daemon {
     daemon_name=$1
 
     clear
     echo ''
-    echo $"Stopping $1..."
-    sudo systemctl stop $1
-    echo $"Disabling $1..."
-    sudo systemctl disable $1
+    echo $"Stopping ${daemon_name}..."
+    sudo systemctl stop "${daemon_name}"
+    echo $"Disabling ${daemon_name}..."
+    sudo systemctl disable "${daemon_name}"
 }
 
 clear
 echo ''
 echo $'Scanning for BMX6 protocol...'
-bmx6_peers=$(avahi-browse -at | grep routing | grep bmx6 | wc -l)
+bmx6_peers=$(avahi-browse -at | grep routing | grep -c bmx6)
 
 clear
 echo ''
 echo $'Scanning for OLSR2 protocol...'
-olsr2_peers=$(avahi-browse -at | grep routing | grep olsr2 | wc -l)
+olsr2_peers=$(avahi-browse -at | grep routing | grep -c olsr2)
 
 clear
 echo ''
 echo $'Scanning for Babel protocol...'
-babel_peers=$(avahi-browse -at | grep routing | grep babel | wc -l)
+babel_peers=$(avahi-browse -at | grep routing | grep -c babel)
 
 clear
 
@@ -71,28 +71,28 @@ case $sel in
 esac
 
 temp_script=$HOME/.change_routing
-echo '#!/bin/bash' > $temp_script
-echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL" >> $temp_script
-echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL" >> $temp_script
-echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service" >> $temp_script
-echo 'systemctl restart avahi-daemon' >> $temp_script
-echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')" >> $temp_script
-echo 'network=fd66:66:66' >> $temp_script
-echo 'search_ipv6=$(ifconfig $1 | grep $network)' >> $temp_script
-echo 'if [ $search_ipv6 ]; then' >> $temp_script
-echo "    result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')" >> $temp_script
-echo '    ip -6 addr add ${result}/128 dev $1' >> $temp_script
-echo 'else' >> $temp_script
-echo '    ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )' >> $temp_script
-echo '    a=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    b=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    c=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    result=$network:$a:$b:$c:$d:$e' >> $temp_script
-echo '    ip -6 addr add ${result}/128 dev $1' >> $temp_script
-echo 'fi' >> $temp_script
-chmod +x $temp_script
+{ echo '#!/bin/bash';
+  echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL";
+  echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL";
+  echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service";
+  echo 'systemctl restart avahi-daemon';
+  echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')";
+  echo 'network=fd66:66:66';
+  echo "search_ipv6=\$(ifconfig \$1 | grep \$network)";
+  echo "if [ \$search_ipv6 ]; then";
+  echo "    result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')";
+  echo "    ip -6 addr add \${result}/128 dev \$1";
+  echo 'else';
+  echo '    ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )';
+  echo "    a=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    b=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    c=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    d=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    e=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    result=\$network:\$a:\$b:\$c:\$d:\$e";
+  echo "    ip -6 addr add \${result}/128 dev \$1";
+  echo 'fi'; } > "$temp_script"
+chmod +x "$temp_script"
 
 clear
 echo ''
@@ -100,7 +100,7 @@ echo $'Authentication to change mesh protocol'
 echo ''
 
 case $data in
-    1)  sudo $temp_script 'bmx6'
+    1)  sudo "$temp_script" 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'olsr2'
         mesh_stop_daemon 'babel'
@@ -111,7 +111,7 @@ case $data in
         echo $'Starting BMX6...'
         sudo systemctl start bmx6
         ;;
-    2)  sudo $temp_script 'olsr2'
+    2)  sudo "$temp_script" 'olsr2'
         mesh_stop_daemon 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'babel'
@@ -122,7 +122,7 @@ case $data in
         echo $'Starting OLSR2...'
         sudo systemctl start olsr2
         ;;
-    3)  sudo $temp_script 'babel'
+    3)  sudo "$temp_script" 'babel'
         mesh_stop_daemon 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'olsr2'
@@ -135,6 +135,6 @@ case $data in
         ;;
 esac
 
-rm $temp_script
+rm "$temp_script"
 
 exit 0

src/freedombone-mesh-visit-site

@@ -51,7 +51,7 @@ fi
 
 USERS_FILE_LINES=$(wc -l $USERS_FILE | awk -F ' ' '{print $1}')
 
-if [ $USERS_FILE_LINES -gt 200 ]; then
+if [ "$USERS_FILE_LINES" -gt 200 ]; then
     # If there are more than a Dunbar number of peers then ask for the peer name or ID
     data=$(zenity --entry --title="Visit IPFS site" --text="Enter the username or Tox ID for the site you wish to visit")
     sel=$?
@@ -62,7 +62,7 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
         if ! grep -q "$TOX_USERNAME_OR_ID" $USERS_FILE; then
                     TOX_ID="$TOX_USERNAME_OR_ID"
         else
-                    TOX_ID=$(cat "$USERS_FILE" | grep "$TOX_USERNAME_OR_ID" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//')
+                    TOX_ID=$(grep "$TOX_USERNAME_OR_ID" "$USERS_FILE" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//')
         fi
 
         if [ ${#TOX_ID} -gt 5 ]; then
@@ -70,7 +70,7 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
             zenity --info --title $"Visit a site" --text $"An IPFS site was not found for the user '$TOX_USERNAME_OR_ID'" --width 500
             exit 3
                     fi
-                    IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}')
+                    IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
                     pkill $BROWSER
                     setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &
 
@@ -85,7 +85,8 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
 else
     # If there are a relatively small number of users then choose from a list
     TOX_ID=$(
-    cat $USERS_FILE | \
+    # shellcheck disable=SC2002
+    cat "$USERS_FILE" | \
         awk -F ' ' '{
         for(i=1;i<=NF;i++){
             print $i;
@@ -95,10 +96,10 @@ else
            --title='Visit the site of another user' \
            --column='Username' --column='Tox ID' \
            --print-column=2 --hide-column=2 --width=300 --height=400)
-    if [ ! $TOX_ID ]; then
+    if [ ! "$TOX_ID" ]; then
         exit 0
     fi
-    IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}')
+    IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
     pkill $BROWSER
     setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &
 

src/freedombone-pass

@@ -60,7 +60,7 @@ function get_backup_key_id {
     MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
     if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
         echo $"Error: gpg backup key was not found"
-        return 58213
+        exit 58213
     fi
 }
 
@@ -99,7 +99,7 @@ function pad_string {
     pass_string="$1"
     str_length=${#pass_string}
     total_padding=$((128 - str_length))
-    leading_padding=$((1 + RANDOM % $total_padding))
+    leading_padding=$((1 + RANDOM % total_padding))
     trailing_padding=$((total_padding - leading_padding))
     leading=$(printf "%-${leading_padding}s")
     trailing=$(printf "%-${trailing_padding}s")
@@ -118,8 +118,7 @@ function run_tests {
         echo $'Incorrect padded length'
         exit 78352
     fi
-    ${PROJECT_NAME}-pass -u root -a tests -p "$pass"
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-pass" -u root -a tests -p "$pass"; then
         echo $'Unable to encrypt password'
         exit 72725
     fi
@@ -142,8 +141,8 @@ function clear_passwords {
     for d in /root/.passwords/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
         if [[ "$USERNAME" != 'root' ]]; then
-            shred -zu /root/.passwords/$USERNAME/*
-            rm -rf /root/.passwords/$USERNAME
+            shred -zu "/root/.passwords/$USERNAME/*"
+            rm -rf "/root/.passwords/$USERNAME"
         fi
     done
     if [ ! -f $NO_PASSWORD_STORE_FILE ]; then
@@ -156,39 +155,39 @@ function clear_passwords {
 function export_to_keepass {
     filename="$1"
 
-    echo '<database>' > $filename
-    echo '  <group>' >> $filename
-    echo "    <title>${PROJECT_NAME}</title>" >> $filename
-    echo '    <icon>48</icon>' >> $filename
+    { echo '<database>';
+      echo '  <group>';
+      echo "    <title>${PROJECT_NAME}</title>";
+      echo '    <icon>48</icon>'; } > "$filename"
 
     for d in /root/.passwords/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
-        echo '    <group>' >> $filename
-        echo "      <title>$USERNAME</title>" >> $filename
-        echo '      <icon>0</icon>' >> $filename
+        { echo '    <group>';
+          echo "      <title>$USERNAME</title>";
+          echo '      <icon>0</icon>'; } >> "$filename"
         for a in /root/.passwords/$USERNAME/* ; do
-            APP_NAME=$(basename $a)
-            app_password=$(${PROJECT_NAME}-pass -u $USERNAME -a $APP_NAME)
-            echo '      <entry>' >> $filename
-            echo "        <title>$APP_NAME</title>" >> $filename
-            echo "        <username>$USERNAME</username>" >> $filename
-            echo "        <password>$app_password</password>" >> $filename
-            echo '        <url/>' >> $filename
-            echo '        <comment/>' >> $filename
-            echo '        <icon>0</icon>' >> $filename
-            echo '        <expire>Never</expire>' >> $filename
-            echo '      </entry>' >> $filename
+            APP_NAME=$(basename "$a")
+            app_password=$("${PROJECT_NAME}-pass" -u "$USERNAME" -a "$APP_NAME")
+            { echo '      <entry>';
+              echo "        <title>$APP_NAME</title>";
+              echo "        <username>$USERNAME</username>";
+              echo "        <password>$app_password</password>";
+              echo '        <url/>';
+              echo '        <comment/>';
+              echo '        <icon>0</icon>';
+              echo '        <expire>Never</expire>';
+              echo '      </entry>'; } >> "$filename"
         done
-        echo '    </group>' >> $filename
+        echo '    </group>' >> "$filename"
     done
 
-    echo '  </group>' >> $filename
-    echo '</database>' >> $filename
+    echo '  </group>' >> "$filename"
+    echo '</database>' >> "$filename"
 
     echo $"Exported $filename"
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -245,9 +244,9 @@ do
     shift
 done
 
-if [ ${REMOVE_USERNAME} ]; then
-    if [ -d ~/.passwords/${REMOVE_USERNAME} ]; then
-        rm -rf ~/.passwords/${REMOVE_USERNAME}
+if [ "${REMOVE_USERNAME}" ]; then
+    if [ -d "${HOME}/.passwords/${REMOVE_USERNAME}" ]; then
+        rm -rf "${HOME}/.passwords/${REMOVE_USERNAME}"
     fi
     exit 0
 fi
@@ -271,43 +270,43 @@ if [ $TESTS ]; then
     exit 0
 fi
 
-if [ $EXPORT_FILENAME ]; then
-    export_to_keepass $EXPORT_FILENAME
+if [ "$EXPORT_FILENAME" ]; then
+    export_to_keepass "$EXPORT_FILENAME"
     exit 0
 fi
 
-if [ ! $CURR_USERNAME ]; then
+if [ ! "$CURR_USERNAME" ]; then
     echo $'Error: No username given'
     exit 1
 fi
 
-if [ ! -d /home/$CURR_USERNAME ]; then
+if [ ! -d "/home/$CURR_USERNAME" ]; then
     if [[ "$CURR_USERNAME" != "root" ]]; then
         echo $"Error: User $CURR_USERNAME does not exist"
         exit 2
     fi
 fi
 
-if [ ${REMOVE_APP} ]; then
-    if [ -d ~/.passwords/${CURR_USERNAME}/${REMOVE_APP} ]; then
-        shred -zu ~/.passwords/${CURR_USERNAME}/${REMOVE_APP}
+if [ "${REMOVE_APP}" ]; then
+    if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then
+        shred -zu "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
     fi
     exit 0
 fi
 
-if [ ! $CURR_APP ]; then
+if [ ! "$CURR_APP" ]; then
     echo $'Error: No app name given'
     exit 3
 fi
 
 if [ ${#CURR_PASSWORD} -eq 0 ]; then
     # retrieve password
-    if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
+    if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
         MASTER_PASSWORD=
         echo ""
         exit 4
     else
-        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
+        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP")
         remove_padding "${pass}"
     fi
 else
@@ -318,12 +317,12 @@ else
             exit 0
         fi
     fi
-    if [ ! -d ~/.passwords/$CURR_USERNAME ]; then
-        mkdir -p ~/.passwords/$CURR_USERNAME
+    if [ ! -d "${HOME}/.passwords/$CURR_USERNAME" ]; then
+        mkdir -p "${HOME}/.passwords/$CURR_USERNAME"
     fi
     # padding helps to ensure than nothing can be learned from the length of the cyphertext
-    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
-    if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
+    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP"
+    if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
         MASTER_PASSWORD=
         exit 5
     fi

src/freedombone-pin-cert

@@ -43,20 +43,20 @@ function pin_all_certs {
         return
     fi
 
-    cd $WEBSITES_DIRECTORY
-    for file in `dir -d *` ; do
-        if grep -q "Public-Key-Pins" $file; then
+    cd $WEBSITES_DIRECTORY || exit 2468724684
+    for file in $(dir -d "*") ; do
+        if grep -q "Public-Key-Pins" "$file"; then
             DOMAIN_NAME=$file
             KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
-            if [ -f $KEY_FILENAME ]; then
+            if [ -f "$KEY_FILENAME" ]; then
                 BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
-                if [ -f $BACKUP_KEY_FILENAME ]; then
-                    KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
-                    BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+                if [ -f "$BACKUP_KEY_FILENAME" ]; then
+                    KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+                    BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
                     if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
 
                         PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=${PIN_MAX_AGE}; includeSubDomains';"
-                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
+                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$file"
                         echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
                     fi
                 fi
@@ -65,7 +65,7 @@ function pin_all_certs {
     done
 }
 
-if [[ $1 == "all" ]]; then
+if [[ "$1" == "all" ]]; then
     pin_all_certs
     systemctl restart nginx
     exit 0
@@ -77,7 +77,7 @@ KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
 BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
 SITE_FILENAME=$WEBSITES_DIRECTORY/${DOMAIN_NAME}
 
-if [ ! ${DOMAIN_NAME} ]; then
+if [ ! "${DOMAIN_NAME}" ]; then
     exit 0
 fi
 
@@ -86,8 +86,8 @@ if [ ! -f "$SITE_FILENAME" ]; then
 fi
 
 if [[ $REMOVE == "remove" ]]; then
-    if grep -q "Public-Key-Pins" $SITE_FILENAME; then
-        sed -i "/Public-Key-Pins/d" $SITE_FILENAME
+    if grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
+        sed -i "/Public-Key-Pins/d" "$SITE_FILENAME"
         echo $"Removed pinning for ${DOMAIN_NAME}"
         systemctl restart nginx
     fi
@@ -104,8 +104,8 @@ if [ ! -f "$BACKUP_KEY_FILENAME" ]; then
     exit 2
 fi
 
-KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
-BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
 
 if [ ${#KEY_HASH} -lt 5 ]; then
     echo 'Pin hash unexpectedly short'
@@ -118,15 +118,15 @@ if [ ${#BACKUP_KEY_HASH} -lt 5 ]; then
 fi
 
 PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
-if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
-    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" $SITE_FILENAME
+if ! grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
+    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" "$SITE_FILENAME"
 else
-    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
+    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$SITE_FILENAME"
 fi
 
 systemctl restart nginx
 
-if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then
+if ! grep -q "add_header Public-Key-Pins" "$SITE_FILENAME"; then
     echo $'Pinning failed'
 fi
 

src/freedombone-powerline

@@ -56,23 +56,23 @@ __powerline() {
   readonly WHITE_BRIGHT=15
 
   # Font effects
-  readonly DIM="\[$(tput dim)\]"
-  readonly REVERSE="\[$(tput rev)\]"
-  readonly RESET="\[$(tput sgr0)\]"
-  readonly BOLD="\[$(tput bold)\]"
+  readonly DIM="\\[$(tput dim)\\]"
+  readonly REVERSE="\\[$(tput rev)\\]"
+  readonly RESET="\\[$(tput sgr0)\\]"
+  readonly BOLD="\\[$(tput bold)\\]"
 
   # Generate terminal colour codes
   # $1 is an int (a colour) and $2 must be 'fg' or 'bg'
   __colour() {
     case "$2" in
       'fg'*)
-        echo "\[$(tput setaf "$1")\]"
+        echo "\\[$(tput setaf "$1")\\]"
         ;;
       'bg'*)
-        echo "\[$(tput setab "$1")\]"
+        echo "\\[$(tput setab "$1")\\]"
         ;;
       *)
-        echo "\[$(tput setab "$1")\]"
+        echo "\\[$(tput setab "$1")\\]"
         ;;
     esac
   }
@@ -288,7 +288,7 @@ __powerline() {
       if [ ! -z "${text+x}" ]; then
         text+="@"
       fi
-      text+="\h"
+      text+="\\h"
     fi
 
     if [ ! -z ${text+x} ]; then

src/freedombone-recoverkey

@@ -33,13 +33,13 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-recoverkey
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # include utils which allow function_check, go and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 FRIENDS_SERVERS_LIST=
@@ -53,7 +53,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -78,69 +78,71 @@ do
     shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     show_help
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     echo $'No username given'
     exit 3578
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
+FRAGMENTS_DIR="/home/$MY_USERNAME/.gnupg_fragments"
 
 # if no remote backup list was given then assume recover from USB
-if [ ! $FRIENDS_SERVERS_LIST ]; then
+if [ ! "$FRIENDS_SERVERS_LIST" ]; then
     interactive_gpg_from_usb
     exit 0
 fi
 
 # obtain shares/fragments from remote locations
-if [ $FRIENDS_SERVERS_LIST ]; then
+if [ "$FRIENDS_SERVERS_LIST" ]; then
     # For each remote server
-    while read remote_server
+    while read -r remote_server
     do
         # Get the server and its password
         # Format is:
         #   username@domain:/home/username <port number> <ssh password>
         REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
-        if [ $REMOTE_SERVER ]; then
+        if [ "$REMOTE_SERVER" ]; then
             REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
             REMOTE_PASSWORD=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
 
             # create a directory if it doesn't exist
-            if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
-                mkdir -p /home/$MY_USERNAME/.gnupg_fragments
+            if [ ! -d "/home/$MY_USERNAME/.gnupg_fragments" ]; then
+                mkdir -p "/home/$MY_USERNAME/.gnupg_fragments"
             fi
 
             echo -n $"Starting key retrieval from $REMOTE_SERVER..."
-            /usr/bin/sshpass -p $REMOTE_PASSWORD \
-                             scp -r -P $REMOTE_SSH_PORT $REMOTE_SERVER/.gnupg_fragments/* /home/$MY_USERNAME/.gnupg_fragments
+            /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
+                             scp -r -P "$REMOTE_SSH_PORT" "$REMOTE_SERVER/.gnupg_fragments/*" "/home/$MY_USERNAME/.gnupg_fragments"
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $'FAILED'
             else
                 echo $'Ok'
             fi
         fi
-    done < $FRIENDS_SERVERS_LIST
+    done < "$FRIENDS_SERVERS_LIST"
 fi
 
 # was a directory created?
-if [ ! -d $FRAGMENTS_DIR ]; then
+if [ ! -d "$FRAGMENTS_DIR" ]; then
     echo $'No fragments have been recovered, so the key cannot be recovered'
     exit 7483
 fi
 
 # was anything downloaded?
-cd $FRAGMENTS_DIR
+cd "$FRAGMENTS_DIR" || exit 24682468
+# shellcheck disable=SC2012
 no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
 if (( no_of_shares == 0 )); then
     echo $'No key fragments were retrieved'
@@ -148,14 +150,14 @@ if (( no_of_shares == 0 )); then
 fi
 
 # set permissions on the fragments
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg_fragments
+chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg_fragments"
 
 # decrypt the file
 KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
-cd $FRAGMENTS_DIR
-gfcombine $KEYS_FILE.*
+cd "$FRAGMENTS_DIR" || exit 482746874624
+gfcombine "$KEYS_FILE.*"
 
-if [ ! -f $KEYS_FILE ]; then
+if [ ! -f "$KEYS_FILE" ]; then
     echo $'Unable to decrypt key. This may mean that not enough fragments are available'
     exit 6283
 fi
@@ -163,15 +165,14 @@ fi
 echo $'Key fragments recombined'
 
 # import the gpg key
-gpg --homedir=/home/$MY_USERNAME/.gnupg --allow-secret-key-import --import $KEYS_FILE
-if [ ! "$?" = "0" ]; then
+if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
     echo $'Unable to import gpg key'
-    shred -zu $KEYS_FILE
+    shred -zu "$KEYS_FILE"
     exit 3682
 fi
-shred -zu $KEYS_FILE
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
-chmod -R 600 /home/$MY_USERNAME/.gnupg
+shred -zu "$KEYS_FILE"
+chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
+chmod -R 600 "/home/$MY_USERNAME/.gnupg"
 
 echo $'GPG key was recovered'
 

src/freedombone-remote

@@ -35,7 +35,7 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-remote
 export TEXTDOMAINDIR="/usr/share/locale"
 
-CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 # User to create the list for
 MY_USERNAME=$USER
@@ -44,7 +44,7 @@ MY_USERNAME=$USER
 FRIENDS_SERVERS_LIST=
 
 # Minimum password length in characters
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # How many remote locations were specified
 entering_remote_backups_ctr=0
@@ -75,7 +75,7 @@ function show_help {
 }
 
 # Get the commandline options
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -117,24 +117,24 @@ do
 done
 
 function interactive_config_remote_backups {
-    if [ ! $MY_USERNAME ]; then
+    if [ ! "$MY_USERNAME" ]; then
         echo $'Please specify a username with the -u option'
         exit 7356
     fi
 
-    if [ ! /home/$MY_USERNAME ]; then
+    if [ ! -d "/home/$MY_USERNAME" ]; then
         echo $"The user /home/$MY_USERNAME does not exist on the system"
         exit 3689
     fi
 
-    if [ ! $FRIENDS_SERVERS_LIST ]; then
+    if [ ! "$FRIENDS_SERVERS_LIST" ]; then
         FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
     fi
 
     # clear any existing list
-    if [ -f $FRIENDS_SERVERS_LIST ]; then
-        rm -f $FRIENDS_SERVERS_LIST
-        touch $FRIENDS_SERVERS_LIST
+    if [ -f "$FRIENDS_SERVERS_LIST" ]; then
+        rm -f "$FRIENDS_SERVERS_LIST"
+        touch "$FRIENDS_SERVERS_LIST"
     fi
     # number of entries made
     entering_remote_backups_ctr=1
@@ -148,57 +148,57 @@ function interactive_config_remote_backups {
     remote_ssh_reciprocal_password=""
     while [[ $entering_remote_backups_done == "no" ]]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $RECIPROCAL == "yes" ]]; then
             dialog --backtitle "Freedombone Configuration" \
                    --title "$TITLE ${entering_remote_backups_ctr}" \
-                   --form "\nPlease specify the SSH login details for the remote server\n\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \
+                   --form "\\nPlease specify the SSH login details for the remote server\\n\\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \
                    "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
                    "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
                    "SSH port:" 3 1 "2222" 3 23 5 4 \
                    "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
                    "Reciprocal Username:" 5 1 "$remote_ssh_reciprocal_username" 5 23 20 100 \
                    "Reciprocal Password:" 6 1 "$remote_ssh_reciprocal_password" 6 23 20 100 \
-                   2> $data
+                   2> "$data"
         else
             dialog --backtitle "Freedombone Configuration" \
                    --title "$TITLE ${entering_remote_backups_ctr}" \
-                   --form "\nPlease specify the SSH login details for the remote server" 15 50 4 \
+                   --form "\\nPlease specify the SSH login details for the remote server" 15 50 4 \
                    "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
                    "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
                    "SSH port:" 3 1 "2222" 3 23 5 4 \
                    "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
-                   2> $data
+                   2> "$data"
         fi
         sel=$?
         case $sel in
             1) entering_remote_backups_done="yes";;
             255) entering_remote_backups_done="yes";;
         esac
-        remote_ssh_username=$(cat $data | sed -n 1p)
-        remote_ssh_domain=$(cat $data | sed -n 2p)
-        remote_ssh_port=$(cat $data | sed -n 3p)
-        remote_ssh_password=$(cat $data | sed -n 4p)
-        remote_ssh_reciprocal_username=$(cat $data | sed -n 5p)
-        remote_ssh_reciprocal_password=$(cat $data | sed -n 6p)
+        remote_ssh_username=$(sed -n 1p < "$data")
+        remote_ssh_domain=$(sed -n 2p < "$data")
+        remote_ssh_port=$(sed -n 3p < "$data")
+        remote_ssh_password=$(sed -n 4p < "$data")
+        remote_ssh_reciprocal_username=$(sed -n 5p < "$data")
+        remote_ssh_reciprocal_password=$(sed -n 6p < "$data")
+        rm -f "$data"
         if [[ $remote_ssh_username != "" && \
                     $remote_ssh_domain != "" && \
                     $remote_ssh_port != "" && \
                     $remote_ssh_password != "" ]]; then
 
-            if [ ${#remote_ssh_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            if [ ${#remote_ssh_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 dialog --title "Password quality check" --msgbox "The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
             else
 
                 if [[ $RECIPROCAL == "yes" ]]; then
                     if [[ $remote_ssh_reciprocal_username != "" && \
                                 $remote_ssh_reciprocal_password != "" ]]; then
-                        if [ ${#remote_ssh_reciprocal_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+                        if [ ${#remote_ssh_reciprocal_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                             dialog --title "Password quality check" --msgbox "The reciprocal password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
                         else
-                            echo ${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash | newusers
-                            echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                            echo "${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash" | newusers
+                            echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                             remote_ssh_username=""
                             remote_ssh_domain=""
                             remote_ssh_port=""
@@ -208,7 +208,7 @@ function interactive_config_remote_backups {
                             entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
                         fi
                     else
-                        echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                        echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                         remote_ssh_username=""
                         remote_ssh_domain=""
                         remote_ssh_port=""
@@ -218,7 +218,7 @@ function interactive_config_remote_backups {
                         entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
                     fi
                 else
-                    echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                    echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                     remote_ssh_username=""
                     remote_ssh_domain=""
                     remote_ssh_port=""
@@ -231,18 +231,18 @@ function interactive_config_remote_backups {
             entering_remote_backups_done="yes"
         fi
     done
-    if [ -f $FRIENDS_SERVERS_LIST ]; then
-        chown $MY_USERNAME:$MY_USERNAME $FRIENDS_SERVERS_LIST
+    if [ -f "$FRIENDS_SERVERS_LIST" ]; then
+        chown "$MY_USERNAME":"$MY_USERNAME" "$FRIENDS_SERVERS_LIST"
     fi
 }
 
 function show_result {
     clear
-    if (( $entering_remote_backups_ctr < 2 )); then
+    if (( "$entering_remote_backups_ctr" < 2 )); then
         echo $'No remote backup locations were specified'
         exit 0
     fi
-    if [ ! -f $FRIENDS_SERVERS_LIST ]; then
+    if [ ! -f "$FRIENDS_SERVERS_LIST" ]; then
         echo $"No remote backups list found: $FRIENDS_SERVERS_LIST"
         exit 7358
     fi
@@ -251,11 +251,11 @@ function show_result {
     echo ''
     echo $'Contents:'
     echo ''
-    cat $FRIENDS_SERVERS_LIST
+    cat "$FRIENDS_SERVERS_LIST"
     echo ''
 }
 
-if [ ! $FRIENDS_SERVERS_LIST ]; then
+if [ ! "$FRIENDS_SERVERS_LIST" ]; then
     FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
 fi
 

src/freedombone-renew-cert

@@ -59,8 +59,7 @@ function renew_letsencrypt {
         echo $"Renewing Let's Encrypt certificate"
     fi
 
-    ${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
-    if [ ! "$?" = "0" ]; then
+    if ! ${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH; then
         echo $"Unable to add Let's encrypt certificate"
         exit 6328
     fi
@@ -172,7 +171,7 @@ function renew_startssl {
     ${PROJECT_NAME}-pin-cert $HOSTNAME remove
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
 key="$1"
 
@@ -195,7 +194,7 @@ esac
 shift
 done
 
-if [ ! $HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
     echo $'No hostname specified'
     exit 5748
 fi
@@ -206,7 +205,7 @@ if ! which openssl > /dev/null ;then
 fi
 
 # check that the web site exists
-if [ ! -f /etc/nginx/sites-available/$HOSTNAME ]; then
+if [ ! -f "/etc/nginx/sites-available/$HOSTNAME" ]; then
     echo $"/etc/nginx/sites-available/$HOSTNAME does not exist"
     exit 7598
 fi

src/freedombone-repair-database

@@ -29,16 +29,16 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
-CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
+CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 export TEXTDOMAIN=${PROJECT_NAME}-repair-databases
 export TEXTDOMAINDIR="/usr/share/locale"
 
 # The database to be repaired
-DATABASE=$1
+DATABASE="$1"
 
-ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
 ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
 
 # Frequency - daily/weekly
@@ -62,36 +62,36 @@ TEMPFILE=/root/repair-database-$DATABASE
 
 umask 0077
 
-if [ $2 ]; then
-    BACKUP_TYPE=$2
+if [ "$2" ]; then
+    BACKUP_TYPE="$2"
 fi
 
 # check the database
-mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE
+mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
 
 # Attempt to repair the database if it contains errors
 if grep -q "Error" "$TEMPFILE"; then
-    mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair $DATABASE
+    mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair "$DATABASE"
 else
     # No errors were found, so exit
-    rm -f $TEMPFILE
+    rm -f "$TEMPFILE"
     exit 0
 fi
-rm -f $TEMPFILE
+rm -f "$TEMPFILE"
 
 # Check the database again
-mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE
+mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
 
 # If it still contains errors then restore from backup
 if grep -q "Error" "$TEMPFILE"; then
-    mysql -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE -o < /var/backups/${DATABASE}_${BACKUP_TYPE}.sql
+    mysql -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" -o < "/var/backups/${DATABASE}_${BACKUP_TYPE}.sql"
 
     # Send a warning email
-    echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" $ADMIN_EMAIL_ADDRESS
-    rm -f $TEMPFILE
+    echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" "$ADMIN_EMAIL_ADDRESS"
+    rm -f "$TEMPFILE"
 
     exit 1
 fi
-rm -f $TEMPFILE
+rm -f "$TEMPFILE"
 
 exit 0

src/freedombone-restore-local

@@ -31,7 +31,7 @@
 PROJECT_NAME='freedombone'
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 MONGODB_APPS_FILE=$HOME/.mongodbapps
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 
 # whether to restore everything or just a specific application
@@ -67,10 +67,10 @@ please_wait
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 # include utils which allow function_check, go and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 clear
@@ -83,7 +83,7 @@ ADMIN_NAME=
 
 read_config_param USB_DRIVE
 
-if [ -f $COMPLETION_FILE ]; then
+if [ -f "$COMPLETION_FILE" ]; then
     ADMIN_USERNAME=$(get_completion_param "Admin user")
 fi
 
@@ -98,7 +98,7 @@ function check_backup_exists {
 
 function check_admin_user {
     echo $"Checking that admin user exists"
-    if [ ! -d /home/$ADMIN_USERNAME ]; then
+    if [ ! -d "/home/$ADMIN_USERNAME" ]; then
         echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
         set_user_permissions
         backup_unmount_drive
@@ -108,7 +108,7 @@ function check_admin_user {
 
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
-    cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
     gpg_set_permissions root
 }
 
@@ -185,12 +185,11 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
-            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
-            if [ ! "$?" = "0" ]; then
+        if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
+            if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
                 set_user_permissions
                 backup_unmount_drive
-                rm -rf $temp_restore_dir
+                rm -rf "$temp_restore_dir"
                 exit 859034853
             fi
         fi
@@ -210,12 +209,11 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
-            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
-            if [ ! "$?" = "0" ]; then
+        if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
+            if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
                 set_user_permissions
                 backup_unmount_drive
-                rm -rf $temp_restore_dir
+                rm -rf "$temp_restore_dir"
                 exit 62121
             fi
         fi
@@ -274,6 +272,7 @@ function restore_mariadb {
             else
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
@@ -283,6 +282,7 @@ function restore_mariadb {
                     mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 set_user_permissions
@@ -292,9 +292,9 @@ function restore_mariadb {
             echo $"Restarting database"
             systemctl restart mariadb
             echo $"Ensure MariaDB handles authentication"
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
             mariadb_fix_authentication
-            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         fi
         rm -rf $temp_restore_dir
     fi
@@ -328,6 +328,7 @@ function restore_postgresql {
             else
                 mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
@@ -337,6 +338,7 @@ function restore_postgresql {
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 set_user_permissions
@@ -346,8 +348,8 @@ function restore_postgresql {
             echo $"Restarting database"
             systemctl restart postgresql
             echo $"Ensure postgresql handles authentication"
-            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
-            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+            POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
+            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
         fi
         rm -rf $temp_restore_dir
     fi
@@ -411,30 +413,30 @@ function restore_mutt_settings {
             fi
 
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Mutt configurations for $USERNAME"
-                restore_directory_from_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                restore_directory_from_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
                 echo $"Restoring Mutt settings for $USERNAME"
                 temp_restore_dir=/root/tempmutt
-                restore_directory_from_usb $temp_restore_dir mutt/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then
-                    if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                restore_directory_from_usb "$temp_restore_dir" "mutt/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
+                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
-                    if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
                         sed -i '/set sidebar_delim/d' /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 else
                     if [ -f $temp_restore_dir/.muttrc ]; then
-                        cp -f $temp_restore_dir/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                        cp -f "$temp_restore_dir/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
                     if [ -f $temp_restore_dir/Muttrc ]; then
                         cp -f $temp_restore_dir/Muttrc /etc/Muttrc
@@ -442,6 +444,7 @@ function restore_mutt_settings {
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -463,20 +466,21 @@ function restore_gpg {
         for d in $USB_MOUNT/backup/gnupg/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring gnupg settings for $USERNAME"
                 temp_restore_dir=/root/tempgnupg
-                restore_directory_from_usb $temp_restore_dir gnupg/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "gnupg/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.gnupg" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.gnupg" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.gnupg ]; then
-                        mkdir /home/$USERNAME/.gnupg
+                    if [ ! -d "/home/$USERNAME/.gnupg" ]; then
+                        mkdir "/home/$USERNAME/.gnupg"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.gnupg/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -484,10 +488,9 @@ function restore_gpg {
                     exit 276
                 fi
                 rm -rf $temp_restore_dir
-                gpg_set_permissions $USERNAME
+                gpg_set_permissions "$USERNAME"
                 if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
-                    cp -r /home/$USERNAME/.gnupg /root
-                    if [ ! "$?" = "0" ]; then
+                    if ! cp -r "/home/$USERNAME/.gnupg" /root; then
                         set_user_permissions
                         backup_unmount_drive
                         exit 283
@@ -509,18 +512,19 @@ function restore_procmail {
         for d in $USB_MOUNT/backup/procmail/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring procmail settings for $USERNAME"
                 temp_restore_dir=/root/tempprocmail
-                restore_directory_from_usb $temp_restore_dir procmail/$USERNAME
+                restore_directory_from_usb $temp_restore_dir "procmail/$USERNAME"
                 if [ -d $temp_restore_dir ]; then
-                    if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
+                    if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
                     else
-                        cp -f $temp_restore_dir/.procmailrc /home/$USERNAME/.procmailrc
+                        cp -f "$temp_restore_dir/.procmailrc" "/home/$USERNAME/.procmailrc"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         rm -rf $temp_restore_dir
                         set_user_permissions
@@ -544,21 +548,22 @@ function restore_spamassassin {
         for d in $USB_MOUNT/backup/spamassassin/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d $USB_MOUNT/backup/spamassassin/$USERNAME ]; then
-                    if [ ! -d /home/$USERNAME ]; then
-                        ${PROJECT_NAME}-adduser $USERNAME
+                if [ -d "$USB_MOUNT/backup/spamassassin/$USERNAME" ]; then
+                    if [ ! -d "/home/$USERNAME" ]; then
+                        ${PROJECT_NAME}-adduser "$USERNAME"
                     fi
                     echo $"Restoring spamassassin settings for $USERNAME"
                     temp_restore_dir=/root/tempspamassassin
-                    restore_directory_from_usb $temp_restore_dir spamassassin/$USERNAME
-                    if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                        cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
+                    restore_directory_from_usb $temp_restore_dir "spamassassin/$USERNAME"
+                    if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                        cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
                     else
-                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
-                        mkdir /home/$USERNAME/.spamassassin
+                    if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
+                        mkdir "/home/$USERNAME/.spamassassin"
                     fi
-                        cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
+                        cp -rf "$temp_restore_dir/*" "/home/$USERNAME/.spamassassin/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         rm -rf $temp_restore_dir
                         set_user_permissions
@@ -583,19 +588,20 @@ function restore_admin_readme {
 
         # Make a backup of the original README file
         # incase old passwords need to be used
-        if [ -f /home/$ADMIN_USERNAME/README ]; then
-            if [ ! -f /home/$ADMIN_USERNAME/README_original ]; then
-                cp /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/README_original
+        if [ -f "/home/$ADMIN_USERNAME/README" ]; then
+            if [ ! -f "/home/$ADMIN_USERNAME/README_original" ]; then
+                cp "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/README_original"
             fi
         fi
 
         temp_restore_dir=/root/tempreadme
         restore_directory_from_usb $temp_restore_dir readme
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
         else
-            cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README
+            cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             set_user_permissions
@@ -616,20 +622,21 @@ function restore_user_ssh_keys {
         for d in $USB_MOUNT/backup/ssh/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring ssh keys for $USERNAME"
                 temp_restore_dir=/root/tempssh
-                restore_directory_from_usb $temp_restore_dir ssh/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "ssh/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.ssh ]; then
-                        mkdir /home/$USERNAME/.ssh
+                    if [ ! -d "/home/$USERNAME/.ssh" ]; then
+                        mkdir "/home/$USERNAME/.ssh"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.ssh/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -652,20 +659,21 @@ function restore_user_config {
         for d in $USB_MOUNT/backup/config/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring config files for $USERNAME"
                 temp_restore_dir=/root/tempconfig
-                restore_directory_from_usb $temp_restore_dir config/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "config/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.config" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.config ]; then
-                        mkdir /home/$USERNAME/.config
+                    if [ ! -d "/home/$USERNAME/.config" ]; then
+                        mkdir "/home/$USERNAME/.config"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.config/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.config/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -688,20 +696,21 @@ function restore_user_monkeysphere {
         for d in $USB_MOUNT/backup/monkeysphere/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring monkeysphere ids for $USERNAME"
                 temp_restore_dir=/root/tempmonkeysphere
-                restore_directory_from_usb $temp_restore_dir monkeysphere/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "monkeysphere/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
-                        mkdir /home/$USERNAME/.monkeysphere
+                    if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
+                        mkdir "/home/$USERNAME/.monkeysphere"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -716,8 +725,8 @@ function restore_user_monkeysphere {
         MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
         read_config_param MY_EMAIL_ADDRESS
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
-        fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-        monkeysphere-authentication add-identity-certifier $fpr
+        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+        monkeysphere-authentication add-identity-certifier "$fpr"
         monkeysphere-authentication update-users
     fi
 }
@@ -732,20 +741,21 @@ function restore_user_fin {
         for d in $USB_MOUNT/backup/fin/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring fin files for $USERNAME"
                 temp_restore_dir=/root/tempfin
-                restore_directory_from_usb $temp_restore_dir fin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "fin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.fin ]; then
-                        mkdir /home/$USERNAME/.fin
+                    if [ ! -d "/home/$USERNAME/.fin" ]; then
+                        mkdir "/home/$USERNAME/.fin"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.fin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -768,20 +778,21 @@ function restore_user_local {
         for d in $USB_MOUNT/backup/local/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring local files for $USERNAME"
                 temp_restore_dir=/root/templocal
-                restore_directory_from_usb $temp_restore_dir local/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "local/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.local ]; then
-                        mkdir /home/$USERNAME/.local
+                    if [ ! -d "/home/$USERNAME/.local" ]; then
+                        mkdir "/home/$USERNAME/.local"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.local/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -809,6 +820,7 @@ function restore_certs {
         else
             cp -r /root/tempssl/* /etc/ssl/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -853,24 +865,25 @@ function restore_personal_settings {
         for d in $USB_MOUNT/backup/personal/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d $USB_MOUNT/backup/personal/$USERNAME ]; then
-                    if [ ! -d /home/$USERNAME ]; then
-                        ${PROJECT_NAME}-adduser $USERNAME
+                if [ -d "$USB_MOUNT/backup/personal/$USERNAME" ]; then
+                    if [ ! -d "/home/$USERNAME" ]; then
+                        ${PROJECT_NAME}-adduser "$USERNAME"
                     fi
                     echo $"Restoring personal settings for $USERNAME"
                     temp_restore_dir=/root/temppersonal
-                    restore_directory_from_usb $temp_restore_dir personal/$USERNAME
-                    if [ -d /home/$USERNAME/personal ]; then
-                        rm -rf /home/$USERNAME/personal
+                    restore_directory_from_usb $temp_restore_dir "personal/$USERNAME"
+                    if [ -d "/home/$USERNAME/personal" ]; then
+                        rm -rf "/home/$USERNAME/personal"
                     fi
-                    if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
-                        mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
+                    if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
+                        mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
                     else
-                        if [ ! -d /home/$USERNAME/personal ]; then
-                            mkdir /home/$USERNAME/personal
+                        if [ ! -d "/home/$USERNAME/personal" ]; then
+                            mkdir "/home/$USERNAME/personal"
                         fi
-                        cp -r $temp_restore_dir/* /home/$USERNAME/personal/
+                        cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         set_user_permissions
                         backup_unmount_drive
@@ -898,6 +911,7 @@ function restore_mailing_list {
         else
             cp -r $temp_restore_dir/* /var/spool/mlmmj/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -917,20 +931,21 @@ function restore_email {
         for d in $USB_MOUNT/backup/mail/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring emails for $USERNAME"
                 temp_restore_dir=/root/tempmail
-                restore_directory_from_usb $temp_restore_dir mail/$USERNAME
-                if [ ! -d /home/$USERNAME/Maildir ]; then
-                    mkdir /home/$USERNAME/Maildir
+                restore_directory_from_usb $temp_restore_dir "mail/$USERNAME"
+                if [ ! -d "/home/$USERNAME/Maildir" ]; then
+                    mkdir "/home/$USERNAME/Maildir"
                 fi
-                if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then
-                    tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
+                if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
+                    tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
                 else
                     tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     set_user_permissions
                     backup_unmount_drive
@@ -943,16 +958,16 @@ function restore_email {
 }
 
 function get_restore_app {
-    if [ ${1} ]; then
-        if [ ! -d /home/${1} ]; then
-            RESTORE_APP=${1}
+    if [ "${1}" ]; then
+        if [ ! -d "/home/${1}" ]; then
+            RESTORE_APP="${1}"
             echo $"Restore $RESTORE_APP"
         fi
     fi
 }
 
-get_restore_app ${2}
-backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
+get_restore_app "${2}"
+backup_mount_drive "${1}" "${ADMIN_USERNAME}" "${2}"
 check_backup_exists
 check_admin_user
 copy_gpg_keys
@@ -979,7 +994,7 @@ restore_certs
 restore_personal_settings
 restore_mailing_list
 restore_email
-restore_apps local $RESTORE_APP
+restore_apps local "$RESTORE_APP"
 set_user_permissions
 update_default_domain
 backup_unmount_drive

src/freedombone-restore-remote

@@ -37,19 +37,19 @@ BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
 export TEXTDOMAINDIR="/usr/share/locale"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-SERVER_NAME=$1
+SERVER_NAME="$1"
 
 # whether to restore everything or just a specific application
 RESTORE_APP='all'
 
-if [ ${2} ]; then
-    RESTORE_APP=${2}
+if [ "${2}" ]; then
+    RESTORE_APP="${2}"
 fi
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
@@ -60,46 +60,45 @@ SERVER_DIRECTORY=/root/remoterestore
 
 BACKUP_LIST=/home/${ADMIN_USERNAME}/backup.list
 
-if [ ! $SERVER_NAME ]; then
+if [ ! "$SERVER_NAME" ]; then
     echo $'restorefromfriend [server]'
     exit 1
 fi
 
-if [ ! -f $BACKUP_LIST ]; then
+if [ ! -f "$BACKUP_LIST" ]; then
     echo $"No friends list found at $BACKUP_LIST"
     exit 2
 fi
 
-if ! grep -q "$SERVER_NAME" $BACKUP_LIST; then
+if ! grep -q "$SERVER_NAME" "$BACKUP_LIST"; then
     echo $"Server not found within the friends list"
     exit 3
 fi
 
-REMOTE_SERVER=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $1}')
-REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $2}')
-REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $3}')
-REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $4}')
+REMOTE_SERVER=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $1}')
+REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $2}')
+REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $3}')
+REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $4}')
 REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY
 
 NOW=$(date +"%Y-%m-%d %H:%M:%S")
 
 echo "$NOW Starting restore from $REMOTE_SERVER" >> /var/log/remotebackups.log
-rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $REMOTE_SERVER/backup $SERVER_DIRECTORY
-if [ ! "$?" = "0" ]; then
+if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$REMOTE_SERVER/backup" "$SERVER_DIRECTORY"; then
     echo "$NOW Restore from $REMOTE_SERVER failed" >> /var/log/remotebackups.log
     # Send a warning email
-    echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" $ADMIN_EMAIL_ADDRESS
+    echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" "$ADMIN_EMAIL_ADDRESS"
     exit 790
 else
     echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> /var/log/remotebackups.log
 fi
 
 # MariaDB password
-DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
 
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
-    cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
     gpg_set_permissions root
 }
 
@@ -110,7 +109,7 @@ function restore_blocklist {
         fi
     fi
 
-    if [ -d $USB_MOUNT/backup/blocklist ]; then
+    if [ -d "$USB_MOUNT/backup/blocklist" ]; then
         echo $"Restoring blocklist"
         temp_restore_dir=/root/tempblocklist
         restore_directory_from_friend $temp_restore_dir blocklist
@@ -173,9 +172,8 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
-            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
-            if [ ! "$?" = "0" ]; then
+        if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
+            if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
                 unmount_drive
                 rm -rf $temp_restore_dir
                 exit 7835335
@@ -196,9 +194,8 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
-            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
-            if [ ! "$?" = "0" ]; then
+        if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
+            if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
                 unmount_drive
                 rm -rf $temp_restore_dir
                 exit 62121
@@ -242,6 +239,7 @@ function restore_mariadb {
             else
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
@@ -251,6 +249,7 @@ function restore_mariadb {
                     mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 exit 962
@@ -258,7 +257,7 @@ function restore_mariadb {
             echo $"Restarting database"
             systemctl restart mariadb
             echo $"Ensure MariaDB handles authentication"
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
             mariadb_fix_authentication
         fi
         rm -rf ${temp_restore_dir}
@@ -293,15 +292,17 @@ function restore_postgresql {
             else
                 mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
-                db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
+                db_pass=$("${PROJECT_NAME}-pass" -u root -a postgresql)
                 if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
                 else
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 exit 962
@@ -309,7 +310,7 @@ function restore_postgresql {
             echo $"Restarting database"
             systemctl restart postgresql
             echo $"Ensure postgresql handles authentication"
-            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+            POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
         fi
         rm -rf ${temp_restore_dir}
     fi
@@ -367,31 +368,31 @@ function restore_mutt_settings {
         fi
 
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/mutt/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/mutt/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring Mutt configurations for $USERNAME"
-                restore_directory_from_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                restore_directory_from_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
                 echo $"Restoring Mutt settings for $USERNAME"
                 temp_restore_dir=/root/tempmutt
-                restore_directory_from_friend ${temp_restore_dir} mutt/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
-                    if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc ]; then
-                        cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                restore_directory_from_friend ${temp_restore_dir} "mutt/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
+                    if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" ]; then
+                        cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
-                    if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc ]; then
-                        cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" ]; then
+                        cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
                         sed -i '/set sidebar_delim/d' /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 else
                     if [ -f ${temp_restore_dir}/.muttrc ]; then
-                        cp -f ${temp_restore_dir}/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                        cp -f "${temp_restore_dir}/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
                     if [ -f ${temp_restore_dir}/Muttrc ]; then
                         cp -f ${temp_restore_dir}/Muttrc /etc/Muttrc
@@ -399,6 +400,7 @@ function restore_mutt_settings {
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
@@ -417,29 +419,29 @@ function restore_gpg {
     for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/gnupg/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/gnupg/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring gnupg settings for $USERNAME"
                 temp_restore_dir=/root/tempgnupg
-                restore_directory_from_friend ${temp_restore_dir} gnupg/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
-                    cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
+                restore_directory_from_friend ${temp_restore_dir} "gnupg/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/.gnupg" ]; then
+                    cp -r "${temp_restore_dir}/home/$USERNAME/.gnupg" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.gnupg ]; then
-                        mkdir /home/$USERNAME/.gnupg
+                    if [ ! -d "/home/$USERNAME/.gnupg" ]; then
+                        mkdir "/home/$USERNAME/.gnupg"
                     fi
-                    cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
+                    cp -r "${temp_restore_dir}/*" "/home/$USERNAME/.gnupg/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
                 fi
                 rm -rf ${temp_restore_dir}
                 if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
-                    cp -r /home/$USERNAME/.gnupg /root
-                    if [ ! "$?" = "0" ]; then
+                    if ! cp -r "/home/$USERNAME/.gnupg" /root; then
                         exit 283
                     fi
                     gpg_set_permissions root
@@ -458,18 +460,19 @@ function restore_procmail {
     for d in $SERVER_DIRECTORY/backup/procmail/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/procmail/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/procmail/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring procmail settings for $USERNAME"
                 temp_restore_dir=/root/tempprocmail
-                restore_directory_from_friend ${temp_restore_dir} procmail/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
-                    cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
+                restore_directory_from_friend ${temp_restore_dir} "procmail/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
+                    cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
                 else
-                    cp -f ${temp_restore_dir}/.procmailrc /home/$USERNAME/.procmailrc
+                    cp -f "${temp_restore_dir}/.procmailrc" "/home/$USERNAME/.procmailrc"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
@@ -489,21 +492,22 @@ function restore_spamassassin {
     for d in $SERVER_DIRECTORY/backup/spamassassin/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/spamassassin/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/spamassassin/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring spamassassin settings for $USERNAME"
                 temp_restore_dir=/root/tempspamassassin
-                restore_directory_from_friend $temp_restore_dir spamassassin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                    cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "spamassassin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                    cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
-                        mkdir /home/$USERNAME/.spamassassin
+                    if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
+                        mkdir "/home/$USERNAME/.spamassassin"
                     fi
-                    cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
+                    cp -rf $temp_restore_dir/* "/home/$USERNAME/.spamassassin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 276
@@ -524,11 +528,12 @@ function restore_admin_readme {
         echo $"Restoring README"
         temp_restore_dir=/root/tempreadme
         restore_directory_from_friend $temp_restore_dir readme
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
         else
-            cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README
+            cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 276
@@ -546,21 +551,22 @@ function restore_ssh_keys {
     for d in $SERVER_DIRECTORY/backup/ssh/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/ssh/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/ssh/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring ssh keys for $USERNAME"
                 temp_restore_dir=/root/tempssh
-                restore_directory_from_friend $temp_restore_dir ssh/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "ssh/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.ssh ]; then
-                        mkdir /home/$USERNAME/.ssh
+                    if [ ! -d "/home/$USERNAME/.ssh" ]; then
+                        mkdir "/home/$USERNAME/.ssh"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.ssh/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -580,21 +586,22 @@ function restore_user_config {
     for d in $SERVER_DIRECTORY/backup/config/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/config/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/config/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring config files for $USERNAME"
                 temp_restore_dir=/root/tempconfig
-                restore_directory_from_friend $temp_restore_dir config/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "config/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.config ]; then
-                        mkdir /home/$USERNAME/.config
+                    if [ ! -d "/home/$USERNAME/.config" ]; then
+                        mkdir "/home/$USERNAME/.config"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.config/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.config/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -614,21 +621,22 @@ function restore_user_monkeysphere {
     for d in $SERVER_DIRECTORY/backup/monkeysphere/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/monkeysphere/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/monkeysphere/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring monkeysphere ids for $USERNAME"
                 temp_restore_dir=/root/tempmonkeysphere
-                restore_directory_from_friend $temp_restore_dir monkeysphere/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "monkeysphere/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
-                        mkdir /home/$USERNAME/.monkeysphere
+                    if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
+                        mkdir "/home/$USERNAME/.monkeysphere"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -641,8 +649,8 @@ function restore_user_monkeysphere {
         MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
         read_config_param MY_EMAIL_ADDRESS
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
-        fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-        monkeysphere-authentication add-identity-certifier $fpr
+        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+        monkeysphere-authentication add-identity-certifier "$fpr"
         monkeysphere-authentication update-users
     done
 }
@@ -656,21 +664,22 @@ function restore_user_fin {
     for d in $SERVER_DIRECTORY/backup/fin/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/fin/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/fin/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring fin files for $USERNAME"
                 temp_restore_dir=/root/tempfin
-                restore_directory_from_friend $temp_restore_dir fin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "fin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.fin ]; then
-                        mkdir /home/$USERNAME/.fin
+                    if [ ! -d "/home/$USERNAME/.fin" ]; then
+                        mkdir "/home/$USERNAME/.fin"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.fin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -690,21 +699,22 @@ function restore_user_local {
     for d in $SERVER_DIRECTORY/backup/local/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/local/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/local/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring local files for $USERNAME"
                 temp_restore_dir=/root/templocal
-                restore_directory_from_friend $temp_restore_dir local/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "local/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.local ]; then
-                        mkdir /home/$USERNAME/.local
+                    if [ ! -d "/home/$USERNAME/.local" ]; then
+                        mkdir "/home/$USERNAME/.local"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.local/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -729,6 +739,7 @@ function restore_certs {
         else
             cp -r /root/tempssl/* /etc/ssl/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 276
         fi
@@ -770,24 +781,25 @@ function restore_personal_settings {
     for d in $SERVER_DIRECTORY/backup/personal/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/personal/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/personal/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring personal settings for $USERNAME"
                 temp_restore_dir=/root/temppersonal
-                restore_directory_from_friend $temp_restore_dir personal/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
-                    if [ -d /home/$USERNAME/personal ]; then
-                        rm -rf /home/$USERNAME/personal
+                restore_directory_from_friend $temp_restore_dir "personal/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
+                    if [ -d "/home/$USERNAME/personal" ]; then
+                        rm -rf "/home/$USERNAME/personal"
                     fi
-                    mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
+                    mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
                 else
-                    if [ ! -d /home/$USERNAME/personal ]; then
-                        mkdir /home/$USERNAME/personal
+                    if [ ! -d "/home/$USERNAME/personal" ]; then
+                        mkdir "/home/$USERNAME/personal"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/personal/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     exit 18437643
                 fi
@@ -812,6 +824,7 @@ function restore_mailing_list {
         else
             cp -r $temp_restore_dir/* /var/spool/mlmmj/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 526
         fi
@@ -828,21 +841,22 @@ function restore_email {
     for d in $SERVER_DIRECTORY/backup/mail/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/mail/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/mail/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring emails for $USERNAME"
                 temp_restore_dir=/root/tempmail
-                restore_directory_from_friend $temp_restore_dir mail/$USERNAME
-                if [ ! -d /home/$USERNAME/Maildir ]; then
-                    mkdir /home/$USERNAME/Maildir
+                restore_directory_from_friend $temp_restore_dir "mail/$USERNAME"
+                if [ ! -d "/home/$USERNAME/Maildir" ]; then
+                    mkdir "/home/$USERNAME/Maildir"
                 fi
-                if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then
-                    tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
+                if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
+                    tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
                 else
                     tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     exit 927
                 fi
@@ -854,7 +868,7 @@ function restore_email {
 
 # Social key management
 # Recover any key fragments and reconstruct the gpg key
-${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
+${PROJECT_NAME}-recoverkey -u "${ADMIN_USERNAME}" -l "$BACKUP_LIST"
 
 copy_gpg_keys
 gpg_agent_setup root