From f0cf4d28bd2f4ed5675080989a26003adb49b473 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 24 Feb 2018 14:32:08 +0000
Subject: [PATCH 01/67] wifi type options

---
 man/freedombone-image.1.gz | Bin 3488 -> 3484 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/man/freedombone-image.1.gz b/man/freedombone-image.1.gz
index ebaee07413bbf155d951a49366e92ef0befb57bb..5b33ddc48e80e7fa97c8239383345657c8d58cce 100644
GIT binary patch
literal 3484
zcmV;N4P){jiwFQ!cad5E1GQOgkJ~m9{_bBv_{&}oYdhJ#pch;Y=Y2_HT-IK!z0C!C
zML|il&8|eMqGYdw{`h-lNJ{c<nzjdA(WWs)@nz<jXPz02SMS8SQYy1WVvQQ<LT;3J
zDTZe+#N6)0*^8Io4#g1vzUgL(JEy7>C$6PwWIh}W#>;nNIG<i$4F}H``_D*RR7%#$
z2`Ms_XlaCh;u>AcBv)c>E1`|6Wu9xZ5!TdJxPz-z;lkp}kMqUNa<=^32BTWs*RtBE
z`bRNp#C?O)8CfX&D#d*%o!i?g!>^IX@5DX|>{RPi%x;9tvPwDUA6B-hRVD7babedu
z7zT~1g?~&_je9BX-{{KK;&Q$e*l&mTW;g!XnYdr7)SB$s!&Ka3e62T4g#%b4);gzS
zI&mK?qCe5^(MB0n;e_`G<$g7mh6-&kC+`nAx5fQzRSVM;2_J1I?su|+iOCkDN|hEf
zD*LlaYq8O|1C2CQj;DpV58fzrRlx&(*!Fku6RgP({ZY2aTBb_e?{jHhOjMov^XN?6
z!&I>M0}br;TGxk?=9ThnRJsSOU{riWuJH~kx0Q4}E(@bv@8-e(msiV++u6-(wwMnG
ztF3k-{R5cVSGp!Z0ZtOPOe?#*6sfGTafH>~&CTL=b#*Du7t`BIzzd7hyLoQ+^k&lN
zJQE&W*sG!qN;0|1UJV8U|0GIoaz$|DpJ|h5{K6h*-S4_;(g*%ordgwn{hEKsvlk-^
z#5a!^8s)lBzcGCFnQ^`jkL$0$|ISY+vhTj}e=8gQ|1YX&M(uO{_4xgFKVg=?|7^Zo
zP2aztdb?h#QkhJdRKu<*Oq!?|mMRl_U2nskKNEu^r|PB*z8DN(e8BrgRx+`<6mREu
zllOG;-+R9dZ-n!$KHkhOrtihwa{3nJGBrXy%A$mO5txhsauWI02Zvv5zt!nBUZ5#+
zD>IxQAgH&h3ulP{Ep4q#t#QGFut_bo!NlYs3TY04c*F_qe*4mO&-)a`-@hFUW;HC8
z=fKPZz+wv}YE6IGfLMPBdjFJ<aIlSVTiXC;8J!T&hUKKlWm(%&z>t}85A@eUrdu3P
z{6&w|SQuOLQoR%C+Npf~)mSV{O20tSsU>Rxt-KGJB(>!M&z{Ew?#r=)HM5LfEa-Uj
zABK#`?S^dUjR+DQd#ktxr^fumy?%Ku^!jyi;L8!S!AY+tnc7WU_HQg`cCXi&tff1c
z6n0v7mIz_CmO6KgGi)mqlag!TO6dmUb1}T)5m+&!gRU!E1a=*ZTUEf70`L`SZk?hF
z7z5S=%MJ&8foK3%s#LEJ9dVR0eV{`G8YGHzy0#U=pkZu$8T-#+K<v7$>+;oPvaZW<
zrpA7+v8^_f7$XZKrd7I~v{8Z(09=LK$*l%-U>{kx$ChbI35jgxQzO9y9*1L6AU`Cm
zzE{W!BP~wcuUqSC_iFst@E1-yP86AOKecIPzF56k+|4gvR|v$){3!5L6bE{PlIgFT
z6G1#bF-WJnPPb#qWZh;kBCI7w%W!;58_@=yP~$E!uX)2|7N;N_Z{<!23ORD8#yvaQ
z84D(4&b1s!94|<Gj79D3!vTj_N2V)EfPFyGwv}eX(<>1*K!;{BBkWZZk9bz#{d`vD
z<#0WaOM^&z15gCo2^gUL*W~Sg_Rui)j)3Mk!#{(;2f{I}-R^$Un|;C;BUp1DAJ~$&
zj-=&0VTDU@OschP@|ySV<$RhIUV!fxyb43M#Z3+*G3iM}!%pE*)F3@B;$=7pWy={6
zXW9q?_QukYH8CQuXNXiO%i@j3)d)tvfR8UY8B4PD4KD4(h&?TzK%jA)tU<YOKN%6K
zlQ|N|*K58+!9+?l!0S6vHc75i+yh9{Ilmu$dVnob;#>-*v_bkm09>EIZm0A_!b~to
z4&?0(r3L4G&G_TU0@B&S1bgwI4$h~E;K3MPzsmtQ^&!eoLPT+BK@j+1)N_e|*6E2p
zW8uguUO%(u1StiIjw8fVQs+=>{N+1Vd#*6Y;$r}Vl1>u<d?xzb+&<NDU?UCTWOa-X
zks({!%`-Fjl?Gm$u~GRtzqw7y(M|a8hfuoS3@GrBh>7AEK43-4@@_1UT2oGxtV`0o
zAp~mEL$Q|xls{b%aep{_|Gvx8r$>F_v+0_uhbIRKUUW_3)GrOh2Fy<ZLD7LbV44fi
zgY<8MHVfp>xo`tf1X4Q{9BWP&06kQJb`PSdbq<V2IeT$?1t~XwE2eXCvY12EjTZCw
zA5X;Wn)TDnctw(8Qx}5k;IW0{R1N8l5cG+H)*v>ZNFaxSg4G^Q<732ETk<BSRW|SF
z^r&VEB;`ZZ5^3y7a1f0-UawTuR+f&AV7#IWWfN?$r4s{Gu7;t>d|>&lPIT>^&lrI)
zm%xYd`iZXB>79Ueb0iMAq`_{KP;ti1R;+Aw8u9~{D3s)9(u*vrschrA{6v)iuhDVP
zPD>0i_<Sx_o;=7#^o-UiY{j<Pk?JI(7Ld2|Is9D!@`A8O9J8{$WAmCL-pt?NXRs~p
zK`Z(M!c#&DIgOI(&*>Gv1~E}v8mz8vrx&Z)4_6|T3Bv)ULYeI(^ko+GaVx8oH<dqy
zKUYlqhz?33Rpy}pxx4qK$Us^S)1Amb)<J#tnK80Xz?BE*Sezf)d`QC~6=IU#-L;C~
zL6xo4#aWs{<O(^kt^ckr?rvwRkN#$C9v2Wo_ws2jptnF35pvJ7+9BqXUiDBaOLa=)
z!`s^<vISY$pVZ5nI37fRG7ibP2S2iO&;qOgbwzSqn`2?q%Bg6yBSjVUWVaqWEvL?a
zzj0_B_&iFaF!tgt(VGoPrS`%Ufk1qL_mFu&M2O6!;ZiJ^P`kJfIc2RMVVLN!E}4pH
zh8TC)R<#}@1q>5-Y$b};%;l#8kwgP(0Cf~9YvYP-5^$qCo#%XU(34HrZ1se283=T|
zRw+a%+fGHbY1Me)<=qcq5CMBk_dy}?UAz~)(Tz=PhD%`Iibj0S+S)wxu&u$e%Igg}
zz)`IQB;W$HS3v(@@LZApe-sI>OIID@>LZn%ef#apzln>NZ}Ly$@p$+o`*A$|FuPsd
zp<ch9Uc8&lua-liG8S->yAR%6UpjNIM-eOP6^lEcpL88w=6T*A?es#td@DlzIsPTJ
zd#Lb_eHjb`P#|(cgrX;>9+q9xSZIrMW%}1=NHGD=kuE;W-pqznxe`(y3|PzyRS$Z~
z2{PYHIB{b`+bJOgmbpEI28yN>OZi-<4P|j^gNe{F6GvrgSw&G5gnHrC0Kd^`BG@;I
zg+Mit1B0RZ?K<w(wT(K;oXh3x@_*^nu~%TX?s2SOxPL*(6><lXA&Ux#tm8WjGTtGC
z9q-!<jUnwkj5fc%!k@Q`J7gnn&)H`g{flj65Whm;1|8xLaNfnmIUw)=2~%ZIB!4)V
zcD!f@u3nkuTZR5k8TZp@N9HtEDsd}Tv#^zV1jCS&X^Z`?A_<0)8MT7IZg~SDCeeeJ
zy-{1~rh01IsJ+k`Q8kQ9HenX=1_0+(2VY17-HEle3;m@29qgljR9CW$YUZnBc=qyI
zXxYY$_NQ#v>-cukgI#{{es(oqEyYCKEziZ}Ep!O^f9hXLbBzmfo;j2{Wv*s{MGs><
z#e@ce?SH-KTABeNv;jnJ`Y;xECfCeX!CpQyvf?W2j+!R40qnA-3Rhy5fiRaxhuTW&
zN^_3wLXR>Q_0*8WQt35{v+J6m&~J9ksA)$RQLHfVemFu{aL@HmWNK!Fr+U#_+ZX1&
zV|@wRM2OKNe)b?VgO9;WPA74FdfZ)z(l3+_Ug2}i2z0eb#3F9n)FhR>HDVD;cqPAJ
z0-^3p0D6AVrvO@zgA1xG$n)NUMCvfOrev#wtm5t{`I>>#bsHGubc`q=LO<5@rGDtm
z(w#X%V<|+aJB2b(vDqw9^%>4Fq?t+x9q<FRL#0XhjKy^iu8x<X`i#QU9i<MW4OJ-E
z)TEfA>n1=50xWcKWWtr8ziWh<qWX!HAXPM^w>!%))5buFRD4P*QFB<aV@r!n5sJ3Y
z*HNJicSqM_n}j=(9uC>6)4>2d?WlSp*!PvVMU?HdqjJ|LY~g7UG6}e;Q1t$3e8k-%
zK+=BStNoJHb;ub4J$}owLF|UJb-VsKK+%;R#3Fp@RxZ3>(6@{E)#}6I_Fsa&j}n7D
zsa-<QFzd^*R1gKe-Tkb!IEZ2B8;!wvTtQUSV%=<sVTDZ*qKpn|Wwy0UOcgE9YuA>F
zZH~^VxqgWKSR^NCdsd#l8t<5sjM1(b1KIIcPeMRV^+N2;hg=oA9-rxHh6|B2{ali1
zKSuOxOMZu6xi1d<xp&Y-1CNKVD!w9Om`0BVd#XniG|uNNcG&rJIlJ)966BrBtMl1(
zE~tYt97NT}+9uw-?TPsh37k&YLqP?^WPeJbO$`uA4Bj^E_0v$d9d-DSZ*^!6^s|=#
zK6d;i!}G4UNB5~VDzVzqlS7Bc^SieI;H~2JanfvXnwqB2mkRf4GT9)TG|3p&o+Q$3
zt8~)C;6yvuv?+Rew|cj@9S+WIBCc(Xgjk5bCpI~1hy$Vj7>tu@@IfW7+FhQ^82lGP
KbrjTtAOHY3h{7!Z

literal 3488
zcmV;R4PWvfiwFQ8u#Q>)1GQOgbK5o&{;pqv(HCEDEU9s?onGd0bMi|P&Bc<(lAFu;
zIvtRNB-A9p5~O5h^5gH>1wc}ElC~eN)20z$0POCw&px{xuilDvrBr5%#2Piyh1@9d
zLJZHo6?3~2XWzc~ekg|c_jUJ_xO1vHapGE<M&`r8V7z=QhV$w5)o}29vHy<5MWtk|
zoRA_@iIztAJFd~SOmZdGwi4R7TIRVn8(~dtg*&)f6)r5k{4ihKEN9ElZ7{0EeJ!hv
zs(%)vM%*_zososYuTtEX(z(5@GW;58{7&qnz)rPJ#q37NEUT1r{$^#HT2<n{yDsb+
z2g609YT<9wqsF}u_pf#3YH>MV3hcMTd$SvV?@Zh;RccN4>}D$Naeb{fO@#wkBi1^n
zV>)pkJfc6+@6kpXRpEs92jxB)OP305@J!yn<lGka*{T+%DH1-~PTcQg1s9VqMwKcp
zo~Z1vDy_vv!v?z2R5|Vz;yy&9&{c&9_{+AxgMYx9{LsJ39$Cv&iTiyn&9@U(r~W)T
z6Zdcx{QW=|_Ij=BLy70&FN%hbNx7}0V`F7ul<OHALVkI*yttj+tY(Y(aIo5HC(=Iv
zqkW}o!VnN7VOUz(<)uhvm5n2k?rv@tx2vm5alV+|UII~AoZiiIyQepkM(3IEfWlrC
zZBUYzRrYc)5cnria+51UApcC8MB^9sIO~4bRg*sO&oa##ZR~gaL!Ny*vH*GWh)bhf
z7wQX_&pvaV&Ef0%yB~k>4;0xCfAfDU8~*=qs%S>-eg5_M;}5^!DR2L5zFbY;y_<T!
zUaC@=Oqo=}uPI!bsF;Z=6MJ26gUz2wyOC3MQ-)X!25>$QeIqNG*j$P?^SjAAI{ELt
zUxqir`BoopW*5_U;%+&813sA=p&n&XBD}~&MgRqgV(at4FSg(6bQ=w5%G}Bf=LZPt
zt?DvZA}32*D^qJ2cn~(Jr8amlIfz1<gCOc~Lc1>;UH76-iTmT5!C+RyQ+W=|JOC`V
zP@>lKhYg7JhoJXQ`3MKw2)DHjV3yGd0d06rid>epEd?BzDfd8sEo8dI0mWbRSdE3T
zH80gWfv%m(*WZlA!ld*Itejf%7SPK3kV{fq9&qn@PQYHy6|9+M^kPBBqyKQph}>?-
zcixHM&9V22YjA2jpSV{qu7zH|Dh_NMkr{&YYLcnl#AW}%f@b$>oyl6dgGu41b?1qY
zW^1W)$2h~bLNO1y2BDO0Fg_Q<E4~6RW^~YXWs5+lV{xkrgi-*$BF(K+WPmXsIuPq{
zzy?GIxKgEhedvgzl<5N<A}}AZqSLjl7zPbv<LlUe4g(_8ZC#fyCzEwujx#m(dyQ?i
znZz7f7%{EV?WD~TqyXS5<W6oipacKNx;?f`Q>sDaGhYn}CWtr!lLGmnM)jjYUKnX{
z;y!JytKG}-U&CLx(l}9M#{JS(lKEowdT}?ud{rS4EAz9!T~Qq94XU4?HYb9pePU2S
zb)9a<RJ^*);6!*!jF#c}cx*%)ctVZ4#8T!Rmsy;GaJ-c}B`D=6oEmm^v@;e=$Xs4I
zkvLya>llmL`-c+_xsKvilmPpHvTZBPh99p)Ec+dr$&K(=O+4aRf%o%;n3scjAeRQ2
z_8OoFv=cBu`>!e5|LUP(>;nOrafW{egZG4ETD#r-r1$g*8%D6^(mk*xZyia?dBO@t
za89bVZ1S4-?v;6ZD!hQ$FL)J(Y>S&5NMh2H$cCN5ttdNsT*S+863Uh{BF?lC1niBa
zBWq$rUe6GzQkBIUjjNH2egU6f2r`yr?;9BH#E2s;pFp5-T&zL42tPRyLX$ZX$k%H&
zqF^E=8sPPvD4QhLDeM5!bk6U`m>%GZlsK1?DQ!^x4*=Iku-hr!k#G|nk^^~rLuJAF
zSTp`Ovw(E=Fu`6tsDtxmB1ABz*Y9!wPJM{VlMqoHS`Y+&81+ITpmlmW&sYSqison5
zoS>vY#BqjrO6me?jW@nywdbO8EItG<DCsl-z*nNrJ=>=`PHdDRoUD!+A~IA<yLsjY
zztX^KGj=MQ^Tlma&ThhgKZVluW<ZIDLQE9T@Bu4Qm3L!-(wcIiWL=Wx4IxmQ9*Vsr
zp!(^8i2K9U`}aeZK0WG_m`&HzFg!U(h@xu}r+#Z7HsF3r2+9uFfX7^b9@KuDv{@j3
zu7w+jB9Pjt;9PUM0O+9#w0jUut#e>J%GrzCD@eKd8!?@Wlf@jOZnT)c`*0#=*Q}pr
z#w(H(o4Sx(2ahcrr)o%dgrrXtv<9&OWda2Z6s-0L8XqIR+LAW~t+IJXr$=p4ASs`!
zmPlhyf`e$x@p`4Iwz70|1mhK5=#=1tEu9#kay1-H?gPtjb)st@e8vcbxdc9p*H2_#
zr*{I@&5=0dE(W_%LB$z2Td}g$X{ZlaqEM3WNiVXfjk1mF>JxPWyhg`CJ1udE!RKqS
z^5j82qI<MXVJr64j#MWRwSc^x&k^qekQanK;+U1~9h=u2@n+tFU%|Gt2d(G}2tN`^
z$Z3>Je@?IXHHeAY)?jsYJH1%Ve!3E&O&AWS6v}KTp)a$bk6T%#ysP{v{JCP;M|MyV
zsWJ}*$lbknMF!Gxc-)B$WF6FJpBW?T1YCJ=j>Y+*t%r0ultMh@cXzEKcu-|4b#a!a
z5V=APZ2P~fi@V#|>Vvn8-Qxm6$Sz;z0(uK{5ux@x>m6b}>2(jKvec(EKE1s^B3qD`
z{YkyNiPwV&P{yG+_uxmK4qAW}psq-cYjZ4YS~(S+cBH7Hp6u4+pyf0S@D_(zfv=-P
z3S%$c61~}wRB8>T3<Tl}yobsIB0^>+4Yy*!h1$h^C@5?F2*<>Lb;VRnGvv6#wyKR7
zDPXw3V=Ga#W-dP-h$I?N1E`}=S({hvlYkrD={)C~gPv@{W~(QJ%Rr#xwMrpE*>)<b
zEvv>0FCTsgg9zATx(^D8ZShg`PB%8O8H~Wb6<zT)Yisk&!?p&?Dz7)_07tzRkN^W{
zuYmr+;JG6G|0oieOQsHC`bcGG-+%w&@8aUc>-^(*JRUx&ew<G~&2CqB=-02O7jI|t
ztL2cWj0K$J>4SII*UsFVQN)gV#p2G_CtZh^`8n^9_VGfzcq2mpIsPrRd#LaaeHjb~
zP$Kd`gt8~6v6WrZwJ;Xx+Vt<vP+|g}BVD|oy`BxJb0wra7_gWZsvh)I6J)-Z2;#<u
zu~R|_EOUDZ0~Adqmg>1q8>-?o1`}aOCXU+FvWlWA2=&6N0e+*?MDTAE3xR4P2L?y=
zCv-fZYiDy*IhV`X<?(QCU&^yl=^j2A#N~^VI*tnb*4>UB49_p9xI*qgGGtK!k$3!r
zK}H)w+VQ@<)ELsv!|3ztEBtx8xI;DK@tl2D(Z4!52JtH-ZqOnA0Ows^oC5+6kT6vS
zMe>J}X~&Cp;Oez$epKjf%6OheJ2I!SQi)r!nuV{_BN&FHOxx^t9Z7JM%xDw@cFP+O
zF^L|$?48<5H`P<yM(u^ph^paS@(HtucK|rAI`~E!=uWJyU6?2JZLp92R$a+5s+n(&
z;n}NeVPqRC+Mn`aZ{piY4-WaoyV=!zwG<O^w>%e@x6mOJ|EYg1%{2_<I&&y>%3RF?
zi*CkziUkb>+y7wEjWh#7Xak7c^kFRSOs<)&g1>xaWW`n39Su!r1Ndc49j?Sv2Etq(
z9cn9SD$O;vOFgPsG*d$nOQqK+&aP{MLVwsXqoExcqF7<z{cwb^;GX-R$kfaTPxYer
zwr|XP$NCz!i4bE%{L_Ol3_b=g1)aq8>G5<SO25!Lc!keBBhb|%5sSEOQ<GHk-iS>o
z;g#Zo2MBdv1JLt>J_XQ%0$fmML6P?!BvOaNH5FSOWED?GDb@^}ZrZ>gr(;A35$3U`
zFZIK0mTcw>jja%&?i9*E#bL8V*JrrKkY*|&bifbL4wWY1GZxo9xH?{j`ZG#TcT_r1
zHdLYDQ<LHmT{i(j5MW`7BNOffy{!>uiuxx~g4EHF-tIiZOdAs=Qt>INM9pc%fh{d6
zMQGYS-$#Wu+#Q+6J_$CG9uC#2)4>2d?WlSp*w2-CM3n8cqjuL9Y~g7UG6}e;(DeRk
ze8k-%K+^u)tNoJHO~@GnJ$}owL7axOcf0vHK+&}x#3F2TD;M4^=-b8oYW03``)@&?
zM2W$k^e!Q3nDu2@Du@C<?tV5}9K<yAgT@d%?jR}}v2M1+u)?NDQAP)iGTUAzmWr0=
zwQF0&wnpbPTtCElEQ%AfJu6S&jd#pR&S+PRiR}18Cn2Dwej(20L#>KakI&3BgFz%s
zKUZYhj}iUelHcK1?u!F|;T?3@z}Lf972gptOk+fYKh+}|8s}>k2kd;hoL%@~3F^+}
z)%k2X7c@Z`4x;K~Z4)hTXJY<C0+$nxP*4G}*q>5r(*T4DgZB+b{WSD#M-x8OTOEc2
z{i@}^j~#!>@Vx8&(S4nbO02eY=g{Ht{O%0^c&m7PoHQGprlv>eONDzmnQTx^nq&-b
zPZH_2RXXWmaH5@S+7dmzTfJS}4hQEp5!bdxK`g{S5}O<i#DUO%4#r6}c(0O|?JiHA
O82k^gWHo+vAOHZ0VYFNT


From d37241040beb3775372167d98e8c263c9bbb9052 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 24 Feb 2018 15:51:33 +0000
Subject: [PATCH 02/67] wifi configuration for image builds

---
 src/freedombone-image-customise | 49 ++++++++++++++++++++++++++-------
 1 file changed, 39 insertions(+), 10 deletions(-)

diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index 3339b19b..3d490ea6 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -485,19 +485,48 @@ configure_wifi() {
         return
     fi
 
+    wifi_setup_service=setupwififirstboot
+    wifi_setup_file=$rootdir/root/setup_wifi_firstboot
+    echo '#!/bin/bash' > $wifi_setup_file
+
     if [ -f $WIFI_NETWORKS_FILE ]; then
-        chroot "$rootdir" ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE
-        return
+        echo "${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE" >> $wifi_setup_file
+    else
+        if [[ $WIFI_TYPE != 'none' ]]; then
+            if [ ${#WIFI_PASSPHRASE} -lt 2 ]; then
+                return
+            fi
+            echo "${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT" >> $wifi_setup_file
+        else
+            echo "${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE --hotspot $WIFI_HOTSPOT" >> $wifi_setup_file
+        fi
     fi
 
-    if [[ $WIFI_TYPE != 'none' ]]; then
-        if [ ${#WIFI_PASSPHRASE} -lt 2 ]; then
-            return
-        fi
-        chroot "$rootdir" ${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT
-    else
-        chroot "$rootdir" ${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE --hotspot $WIFI_HOTSPOT
-    fi
+    echo "systemctl stop ${wifi_setup_service}" >> $wifi_setup_file
+    echo "systemctl disable ${wifi_setup_service}" >> $wifi_setup_file
+    echo "rm /etc/systemd/system/${wifi_setup_service}.service" >> $wifi_setup_file
+    echo 'systemctl reboot -i' >> $wifi_setup_file
+    chmod +x $wifi_setup_file
+
+
+    echo '[Unit]' > $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo 'Description=Initial wifi configuration' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo 'After=network.target' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo '' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo '[Service]' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo 'Type=simple' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo 'User=root' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo 'Group=root' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo 'WorkingDirectory=/root' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo "ExecStart=/root/setup_wifi_firstboot > /var/log/wifi_setup.log" >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo '' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo 'TimeoutSec=99999' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo '' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo '[Install]' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    chmod +x $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    chroot "$rootdir" systemctl enable ${wifi_setup_service}
 }
 
 ##############################################################################

From 6a9bd384403aedbd9777b98ff06593e14338083d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 10:29:50 +0000
Subject: [PATCH 03/67] Install command to do static analysis on bash scripts

---
 src/freedombone-image-customise | 1 +
 src/freedombone-utils-setup     | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index 3d490ea6..c1fa2de4 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -1699,6 +1699,7 @@ function image_setup_utils {
     chroot "$rootdir" apt-get -yq dist-upgrade
     chroot "$rootdir" apt-get -yq install ca-certificates
     chroot "$rootdir" apt-get -yq install apt-utils
+    chroot "$rootdir" apt-get -yq install shellcheck
 
     if [[ $ARCHITECTURE == 'amd64' ]]; then
         chroot "$rootdir" apt-get -yq install linux-image-amd64
diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup
index cf80486f..61869ae3 100755
--- a/src/freedombone-utils-setup
+++ b/src/freedombone-utils-setup
@@ -787,6 +787,11 @@ function congestion_control {
     fi
 }
 
+function install_shellcheck {
+    # Used by the tests command
+    apt-get -yq install shellcheck
+}
+
 function setup_utils {
     read_config_param "PROJECT_REPO"
     write_config_param "PROJECT_REPO" "$PROJECT_REPO"
@@ -1006,6 +1011,9 @@ function setup_utils {
 
     function_check setup_powerline
     setup_powerline
+
+    function_check install_shellcheck
+    install_shellcheck
 }
 
 function setup_email {

From 94053f6bedcceaee1a4c0f526dd187439fa04ad2 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 11:04:13 +0000
Subject: [PATCH 04/67] Tidying wifi command

---
 src/freedombone              |  2 +-
 src/freedombone-addcert      |  2 +-
 src/freedombone-addemail     |  2 +-
 src/freedombone-addlist      |  2 +-
 src/freedombone-clientcert   |  2 +-
 src/freedombone-config       |  2 +-
 src/freedombone-dhparam      |  2 +-
 src/freedombone-ignore       |  2 +-
 src/freedombone-image        |  2 +-
 src/freedombone-keydrive     |  2 +-
 src/freedombone-mesh-install |  2 +-
 src/freedombone-pass         |  2 +-
 src/freedombone-recoverkey   |  2 +-
 src/freedombone-remote       |  2 +-
 src/freedombone-renew-cert   |  2 +-
 src/freedombone-rmemail      |  2 +-
 src/freedombone-rmlist       |  2 +-
 src/freedombone-sec          |  2 +-
 src/freedombone-splitkey     |  2 +-
 src/freedombone-template     |  2 +-
 src/freedombone-tests        |  2 +-
 src/freedombone-unignore     |  2 +-
 src/freedombone-wifi         | 21 ++++++++++-----------
 23 files changed, 32 insertions(+), 33 deletions(-)

diff --git a/src/freedombone b/src/freedombone
index 5e69cc2b..d3ee8164 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -117,7 +117,7 @@ if [[ $command_options == "menuconfig"* ]]; then
     fi
     rm $interactive_file
 else
-    while [[ $# > 1 ]]
+    while [ $# -gt 1 ]
     do
         key="$1"
 
diff --git a/src/freedombone-addcert b/src/freedombone-addcert
index 5b6ee2f9..b37575ef 100755
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -85,7 +85,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-addemail b/src/freedombone-addemail
index e5ee8080..348f10ce 100755
--- a/src/freedombone-addemail
+++ b/src/freedombone-addemail
@@ -47,7 +47,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-addlist b/src/freedombone-addlist
index 9bbecd30..3e19c9e9 100755
--- a/src/freedombone-addlist
+++ b/src/freedombone-addlist
@@ -47,7 +47,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-clientcert b/src/freedombone-clientcert
index 72fda3f8..6c9750e1 100755
--- a/src/freedombone-clientcert
+++ b/src/freedombone-clientcert
@@ -57,7 +57,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
 key="$1"
 
diff --git a/src/freedombone-config b/src/freedombone-config
index 93a4b8d1..70db151c 100755
--- a/src/freedombone-config
+++ b/src/freedombone-config
@@ -810,7 +810,7 @@ function validate_freedns_code {
 }
 
 # Get the commandline options
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-dhparam b/src/freedombone-dhparam
index ff5cc3e9..80392ca4 100755
--- a/src/freedombone-dhparam
+++ b/src/freedombone-dhparam
@@ -179,7 +179,7 @@ function regenerate_dh_keys {
     done
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-ignore b/src/freedombone-ignore
index d8ba372f..b3817f80 100755
--- a/src/freedombone-ignore
+++ b/src/freedombone-ignore
@@ -46,7 +46,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
 key="$1"
 
diff --git a/src/freedombone-image b/src/freedombone-image
index 9275230e..7d3f1948 100755
--- a/src/freedombone-image
+++ b/src/freedombone-image
@@ -293,7 +293,7 @@ function mesh_router_setup_script {
     echo 'WIFI_CHANNEL=9' >> $mesh_script_filename
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-keydrive b/src/freedombone-keydrive
index 4a01b9ee..c0b3f6e4 100755
--- a/src/freedombone-keydrive
+++ b/src/freedombone-keydrive
@@ -48,7 +48,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-mesh-install b/src/freedombone-mesh-install
index 9aef8f97..74145c28 100755
--- a/src/freedombone-mesh-install
+++ b/src/freedombone-mesh-install
@@ -275,7 +275,7 @@ function mesh_tox_client_toxic_from_repo {
     echo "Toxic Installed."
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-pass b/src/freedombone-pass
index a0ceee80..cbf77d94 100755
--- a/src/freedombone-pass
+++ b/src/freedombone-pass
@@ -188,7 +188,7 @@ function export_to_keepass {
     echo $"Exported $filename"
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-recoverkey b/src/freedombone-recoverkey
index 22c9b7ae..2c5e3c29 100755
--- a/src/freedombone-recoverkey
+++ b/src/freedombone-recoverkey
@@ -53,7 +53,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-remote b/src/freedombone-remote
index c3d5708a..8089f82d 100755
--- a/src/freedombone-remote
+++ b/src/freedombone-remote
@@ -75,7 +75,7 @@ function show_help {
 }
 
 # Get the commandline options
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-renew-cert b/src/freedombone-renew-cert
index 3fdc35b3..2bb88dee 100755
--- a/src/freedombone-renew-cert
+++ b/src/freedombone-renew-cert
@@ -172,7 +172,7 @@ function renew_startssl {
     ${PROJECT_NAME}-pin-cert $HOSTNAME remove
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
 key="$1"
 
diff --git a/src/freedombone-rmemail b/src/freedombone-rmemail
index 50c93ecc..848d9ebf 100755
--- a/src/freedombone-rmemail
+++ b/src/freedombone-rmemail
@@ -43,7 +43,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
 key="$1"
 
diff --git a/src/freedombone-rmlist b/src/freedombone-rmlist
index 1e2ce43c..1e0e241e 100755
--- a/src/freedombone-rmlist
+++ b/src/freedombone-rmlist
@@ -45,7 +45,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
 key="$1"
 
diff --git a/src/freedombone-sec b/src/freedombone-sec
index 733028fa..8d0420e1 100755
--- a/src/freedombone-sec
+++ b/src/freedombone-sec
@@ -1328,7 +1328,7 @@ function show_help {
 
 
 # Get the commandline options
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-splitkey b/src/freedombone-splitkey
index 92024835..22270a79 100755
--- a/src/freedombone-splitkey
+++ b/src/freedombone-splitkey
@@ -55,7 +55,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
 key="$1"
 
diff --git a/src/freedombone-template b/src/freedombone-template
index 2fc3c2c8..52728414 100755
--- a/src/freedombone-template
+++ b/src/freedombone-template
@@ -74,7 +74,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-tests b/src/freedombone-tests
index 6ca1e824..7ab50e9d 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -1217,7 +1217,7 @@ function test_stig {
     fi
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
diff --git a/src/freedombone-unignore b/src/freedombone-unignore
index 8ef34724..e0cb3c12 100755
--- a/src/freedombone-unignore
+++ b/src/freedombone-unignore
@@ -46,7 +46,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
 key="$1"
 
diff --git a/src/freedombone-wifi b/src/freedombone-wifi
index 7fb58548..c154f49a 100755
--- a/src/freedombone-wifi
+++ b/src/freedombone-wifi
@@ -75,7 +75,7 @@ function show_help {
     exit 0
 }
 
-while [[ $# > 1 ]]
+while [ $# -gt 1 ]
 do
     key="$1"
 
@@ -144,11 +144,11 @@ if [ ${NETWORKS_INTERACTIVE} ]; then
 fi
 
 if [ ! ${wifi_interface_specified} ]; then
-    if [ ! $WAIT_SEC ]; then
-       wpa_action ${WIFI_INTERFACE} stop
-       wpa_cli -i ${WIFI_INTERFACE} terminate
+    if [ ! "$WAIT_SEC" ]; then
+       wpa_action "${WIFI_INTERFACE}" stop
+       wpa_cli -i "${WIFI_INTERFACE}" terminate
     else
-        sleep ${WAIT_SEC}
+        sleep "${WAIT_SEC}"
     fi
     update_wifi_adaptors
     if [ ! $IFACE ]; then
@@ -166,7 +166,7 @@ if [ ${WIFI_DISABLE} ]; then
 fi
 
 if [[ ${WIFI_HOTSPOT} == 'no' ]]; then
-    if [ -f ${WIFI_NETWORKS_FILE} ]; then
+    if [ -f "${WIFI_NETWORKS_FILE}" ]; then
         wifi_established=
         wifi_retry_ctr=0
         while [ ! $wifi_established ]; do
@@ -184,7 +184,7 @@ if [[ ${WIFI_HOTSPOT} == 'no' ]]; then
             fi
             # has the limit of retries been reached?
             wifi_retry_ctr=$((wifi_retry_ctr+1))
-            if [ ${wifi_retry_ctr} -ge ${WIFI_MAX_RETRIES} ]; then
+            if [ ${wifi_retry_ctr} -ge "${WIFI_MAX_RETRIES}" ]; then
                 break
             fi
         done
@@ -198,14 +198,13 @@ if [[ ${WIFI_HOTSPOT} == 'no' ]]; then
     fi
 fi
 
-if [ ! ${WIFI_SSID} ]; then
+if [ ! "${WIFI_SSID}" ]; then
     echo $'No SSID given'
     exit 1
 fi
 
 if [[ ${WIFI_HOTSPOT} != 'no' ]]; then
-    hotspot_on
-    if [ ! "$?" = "0" ]; then
+    if ! hotspot_on; then
         exit "$?"
     fi
     exit 0
@@ -214,7 +213,7 @@ else
 fi
 
 if [[ "$WIFI_TYPE" != 'none' && "$WIFI_TYPE" != 'open' ]]; then
-    if [ ! $WIFI_PASSPHRASE ]; then
+    if [ ! "$WIFI_PASSPHRASE" ]; then
         echo $'No wifi passphrase was given'
         exit 2
     fi

From ad8d266452ee3d692ed4b88b2211a4dcbfa49bbf Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 11:27:48 +0000
Subject: [PATCH 05/67] Tidying zram

---
 src/freedombone-vars | 16 ++++++++--------
 src/freedombone-zram | 39 +++++++++++++++++++--------------------
 2 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/src/freedombone-vars b/src/freedombone-vars
index 0f5730cd..4efac588 100755
--- a/src/freedombone-vars
+++ b/src/freedombone-vars
@@ -28,9 +28,9 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-DEFAULT_LANGUAGE=$(echo $LANG)
+DEFAULT_LANGUAGE=$LANG
 
-if [ ! $PROJECT_NAME ]; then
+if [ ! "$PROJECT_NAME" ]; then
     PROJECT_NAME='freedombone'
 fi
 
@@ -81,24 +81,24 @@ ENABLE_SOCIAL_KEY_MANAGEMENT="no"
 SOCIALINSTANCE=
 
 # include utils
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 # include base system apps
-BASE_SYSTEM_FILES=/usr/share/${PROJECT_NAME}/base/${PROJECT_NAME}-base-*
+BASE_SYSTEM_FILES="/usr/share/${PROJECT_NAME}/base/${PROJECT_NAME}-base-*"
 for f in $BASE_SYSTEM_FILES
 do
-    source $f
+    source "$f"
 done
 
 #include apps
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 # optionally specify your name to appear on the blog
diff --git a/src/freedombone-zram b/src/freedombone-zram
index 05d9206d..b947112b 100755
--- a/src/freedombone-zram
+++ b/src/freedombone-zram
@@ -36,20 +36,19 @@ export TEXTDOMAINDIR="/usr/share/locale"
 DAEMON_FILENAME=/etc/systemd/system/zram.service
 
 function zram_daemon {
-  echo '[Unit]' > $DAEMON_FILENAME
-  echo 'Description=Zeronet Server' >> $DAEMON_FILENAME
-  echo 'After=syslog.target' >> $DAEMON_FILENAME
-  echo 'After=network.target' >> $DAEMON_FILENAME
-  echo '[Service]' >> $DAEMON_FILENAME
-  echo 'Type=simple' >> $DAEMON_FILENAME
-  echo 'User=zram' >> $DAEMON_FILENAME
-  echo 'Group=zram' >> $DAEMON_FILENAME
-  echo 'WorkingDirectory=' >> $DAEMON_FILENAME
-  echo "ExecStart=${PROJECT_NAME}-zram on" >> $DAEMON_FILENAME
-  echo '' >> $DAEMON_FILENAME
-  echo '[Install]' >> $DAEMON_FILENAME
-  echo 'WantedBy=multi-user.target' >> $DAEMON_FILENAME
-
+    { echo '[Unit]';
+      echo 'Description=Zeronet Server';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=zram';
+      echo 'Group=zram';
+      echo 'WorkingDirectory=';
+      echo "ExecStart=${PROJECT_NAME}-zram on";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } >> $DAEMON_FILENAME
 }
 
 function zram_on {
@@ -76,17 +75,17 @@ function zram_on {
 
         # initialize the devices
         for i in $(seq 0 $decr_num_cpus); do
-            echo $((mem_total / num_cpus)) > /sys/block/zram$i/disksize
+            echo $((mem_total / num_cpus)) > "/sys/block/zram$i/disksize"
         done
 
         # Creating swap filesystems
         for i in $(seq 0 $decr_num_cpus); do
-            mkswap /dev/zram$i
+            mkswap "/dev/zram$i"
         done
 
         # Switch the swaps on
         for i in $(seq 0 $decr_num_cpus); do
-            swapon -p 100 /dev/zram$i
+            swapon -p 100 "/dev/zram$i"
         done
 
         zram_daemon
@@ -103,8 +102,8 @@ function zram_off {
 
         # Switching off swap
         for i in $(seq 0 $decr_num_cpus); do
-            if [ "$(grep /dev/zram$i /proc/swaps)" != "" ]; then
-                swapoff /dev/zram$i
+            if [ "$(grep "/dev/zram$i" /proc/swaps)" != "" ]; then
+                swapoff "/dev/zram$i"
                 sleep 1
             fi
         done
@@ -123,7 +122,7 @@ function show_help {
     exit 0
 }
 
-if [ ! $1 ]; then
+if [ ! "$1" ]; then
     show_help
 else
     if [[ "$1" == "on" || "$1" == "enable" || "$1" == "yes" ]]; then

From 443d7a7913f0592869fcad22bbdf53e426ed738a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 12:50:46 +0000
Subject: [PATCH 06/67] Function name is an array

---
 src/freedombone-app-batman          |   4 +-
 src/freedombone-app-dlna            |   8 +-
 src/freedombone-app-ipfs            |   8 +-
 src/freedombone-app-irc             |   2 +-
 src/freedombone-app-keyserver       |   2 +-
 src/freedombone-app-mumble          |   4 +-
 src/freedombone-app-rss             |   4 +-
 src/freedombone-app-syncthing       |   4 +-
 src/freedombone-app-tox             |   8 +-
 src/freedombone-app-xmpp            |   4 +-
 src/freedombone-app-zeronet         |   4 +-
 src/freedombone-base-email          |  70 ++++++++---------
 src/freedombone-base-tripwire       |   4 +-
 src/freedombone-utils-avahi         | 112 ++++++++++++++--------------
 src/freedombone-utils-backup        |   4 +-
 src/freedombone-utils-cmake         |   4 +-
 src/freedombone-utils-cron          |   4 +-
 src/freedombone-utils-cryptopp      |   4 +-
 src/freedombone-utils-database      |   8 +-
 src/freedombone-utils-dns           |  16 ++--
 src/freedombone-utils-filesystem    |   4 +-
 src/freedombone-utils-final         |   4 +-
 src/freedombone-utils-firewall      |  28 +++----
 src/freedombone-utils-git           |   4 +-
 src/freedombone-utils-go            |   2 +-
 src/freedombone-utils-international |   4 +-
 src/freedombone-utils-login         |   4 +-
 src/freedombone-utils-mongodb       |   4 +-
 src/freedombone-utils-monkeysphere  |   4 +-
 src/freedombone-utils-network       |   4 +-
 src/freedombone-utils-nodejs        |   4 +-
 src/freedombone-utils-onion         |  20 ++---
 src/freedombone-utils-passwords     |   4 +-
 src/freedombone-utils-postgresql    |   4 +-
 src/freedombone-utils-repos         |   8 +-
 src/freedombone-utils-rng           |   8 +-
 src/freedombone-utils-setup         |  12 +--
 src/freedombone-utils-ssh           |  16 ++--
 src/freedombone-utils-tracker       |   4 +-
 src/freedombone-utils-upgrade       |   8 +-
 src/freedombone-utils-watchdog      |   4 +-
 src/freedombone-utils-web           |  16 ++--
 src/freedombone-utils-wifi          |  10 +--
 src/freedombone-utils-zram          |   4 +-
 src/freedombone-zram                |   2 +-
 45 files changed, 233 insertions(+), 231 deletions(-)

diff --git a/src/freedombone-app-batman b/src/freedombone-app-batman
index 907ba715..dfe27c37 100755
--- a/src/freedombone-app-batman
+++ b/src/freedombone-app-batman
@@ -53,7 +53,7 @@ function install_interactive_batman {
 }
 
 function configure_firewall_for_batman {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $ENABLE_BATMAN != "yes" ]]; then
@@ -62,7 +62,7 @@ function configure_firewall_for_batman {
 
     function_check save_firewall_settings
     save_firewall_settings
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function reconfigure_batman {
diff --git a/src/freedombone-app-dlna b/src/freedombone-app-dlna
index 902b3fde..0d44a44f 100755
--- a/src/freedombone-app-dlna
+++ b/src/freedombone-app-dlna
@@ -84,7 +84,7 @@ function upgrade_dlna {
 }
 
 function configure_firewall_for_dlna {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@@ -111,7 +111,7 @@ function configure_firewall_for_dlna {
 
     systemctl restart avahi-daemon
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function backup_local_dlna {
@@ -253,7 +253,7 @@ function install_dlna_main {
 }
 
 function script_for_attaching_usb_drive {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     echo '#!/bin/bash' > /usr/bin/attach-music
@@ -289,7 +289,7 @@ function script_for_attaching_usb_drive {
     echo 'exit 0' >> /usr/bin/remove-music
     chmod +x /usr/bin/remove-music
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_dlna {
diff --git a/src/freedombone-app-ipfs b/src/freedombone-app-ipfs
index a4bc2b9b..09d9bb5a 100755
--- a/src/freedombone-app-ipfs
+++ b/src/freedombone-app-ipfs
@@ -205,7 +205,7 @@ function remove_ipfs {
 }
 
 function configure_firewall_for_ipfs {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $ONION_ONLY != "no" ]]; then
@@ -213,11 +213,11 @@ function configure_firewall_for_ipfs {
     fi
 
     firewall_add IPFS $IPFS_PORT tcp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function mesh_install_ipfs_js {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -287,7 +287,7 @@ EOF
 
     chroot ${rootdir} systemctl enable ${IPFS_DAEMON_NAME}
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_ipfs_js {
diff --git a/src/freedombone-app-irc b/src/freedombone-app-irc
index cc8bb8aa..90883700 100755
--- a/src/freedombone-app-irc
+++ b/src/freedombone-app-irc
@@ -481,7 +481,7 @@ function configure_firewall_for_irc {
     if [ ! -d /etc/ngircd ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ ${INSTALLED_WITHIN_DOCKER} == "yes" ]]; then
diff --git a/src/freedombone-app-keyserver b/src/freedombone-app-keyserver
index 65bdd5fb..ca56349e 100755
--- a/src/freedombone-app-keyserver
+++ b/src/freedombone-app-keyserver
@@ -102,7 +102,7 @@ function configure_firewall_for_keyserver {
     firewall_add keyserver 11370 tcp
     firewall_add keyserver 11371 tcp
     firewall_add keyserver 11372 tcp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function keyserver_reset_database {
diff --git a/src/freedombone-app-mumble b/src/freedombone-app-mumble
index 897d264c..c447a308 100755
--- a/src/freedombone-app-mumble
+++ b/src/freedombone-app-mumble
@@ -225,14 +225,14 @@ function remove_mumble {
 }
 
 function configure_firewall_for_mumble {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $ONION_ONLY != "no" ]]; then
         return
     fi
     firewall_add Mumble ${MUMBLE_PORT}
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_mumble {
diff --git a/src/freedombone-app-rss b/src/freedombone-app-rss
index 6e6ab350..550e6209 100755
--- a/src/freedombone-app-rss
+++ b/src/freedombone-app-rss
@@ -604,7 +604,7 @@ function install_rss_gnusocial {
     set_repo_commit $RSS_READER_GNUSOCIAL_PATH "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT" $RSS_READER_GNUSOCIAL_REPO
     chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -648,7 +648,7 @@ function install_rss_mobile_reader {
         fi
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing
index 509fae0f..1cebff14 100755
--- a/src/freedombone-app-syncthing
+++ b/src/freedombone-app-syncthing
@@ -512,12 +512,12 @@ function remove_syncthing {
 }
 
 function configure_firewall_for_syncthing {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
     firewall_add Syncthing ${SYNCTHING_PORT}
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_syncthing_repo {
diff --git a/src/freedombone-app-tox b/src/freedombone-app-tox
index 2bc9f1ce..a9c30633 100755
--- a/src/freedombone-app-tox
+++ b/src/freedombone-app-tox
@@ -318,7 +318,7 @@ function remove_tox {
 
 function configure_firewall_for_tox {
     if [ ! $INSTALLING_MESH ]; then
-        if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
             return
         fi
     fi
@@ -341,11 +341,11 @@ function configure_firewall_for_tox {
     fi
 
     firewall_add Tox ${TOX_PORT}
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function tox_avahi {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -387,7 +387,7 @@ function tox_avahi {
 
     systemctl restart avahi-daemon
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_tox_node {
diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index 1c5f8a81..f6616426 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -573,7 +573,7 @@ function configure_firewall_for_xmpp {
     if [ ! -d /etc/prosody ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@@ -588,7 +588,7 @@ function configure_firewall_for_xmpp {
     firewall_add XMPP 5269 tcp
     firewall_add XMPP 5280 tcp
     firewall_add XMPP 5281 tcp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function remove_xmpp {
diff --git a/src/freedombone-app-zeronet b/src/freedombone-app-zeronet
index 56a0d310..3d09cb92 100755
--- a/src/freedombone-app-zeronet
+++ b/src/freedombone-app-zeronet
@@ -140,13 +140,13 @@ function remove_zeronet {
 }
 
 function configure_firewall_for_zeronet {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     firewall_add ZeroNet ${ZERONET_PORT}
     firewall_add Tracker ${TRACKER_PORT}
     firewall_add Tracker 1900 udp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_zeronet_blog {
diff --git a/src/freedombone-base-email b/src/freedombone-base-email
index d11c24e8..5cd65d3f 100755
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -120,7 +120,7 @@ function email_create_template {
 }
 
 function configure_email_onion {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
@@ -150,7 +150,7 @@ function configure_email_onion {
     set_completion_param "email onion domain" "${onion_address}"
     add_email_hostname "$onion_address"
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function check_email_address_exists {
@@ -207,7 +207,7 @@ function encrypt_incoming_email {
     function_check set_repo_commit
     set_repo_commit $INSTALL_DIR/gpgit "gpgit commit" "$GPGIT_COMMIT" $GPGIT_REPO
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -237,7 +237,7 @@ function encrypt_incoming_email {
         echo -n '| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $USER@' >> /etc/skel/.procmailrc
         echo "$DEFAULT_DOMAIN_NAME" >> /etc/skel/.procmailrc
     fi
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function encrypt_outgoing_email {
@@ -247,7 +247,7 @@ function encrypt_outgoing_email {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
@@ -287,7 +287,7 @@ function encrypt_outgoing_email {
         sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function encrypt_all_email {
@@ -320,7 +320,7 @@ function encrypt_all_email {
         fi
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -343,14 +343,14 @@ function encrypt_all_email {
         chmod 600 /home/$MY_USERNAME/README
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function email_client {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install lynx abook urlview mutt
@@ -475,7 +475,7 @@ function email_client {
         chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function email_archiving {
@@ -519,7 +519,7 @@ function email_archiving {
     function_check set_repo_commit
     set_repo_commit $INSTALL_DIR/cleanup-maildir "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT" $CLEANUP_MAILDIR_REPO
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -543,12 +543,12 @@ function email_archiving {
         fi
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # Ensure that the from field is correct when sending email from Mutt
 function email_from_address {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -561,14 +561,14 @@ function email_from_address {
         echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function create_public_mailing_list {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [ ! $PUBLIC_MAILING_LIST ]; then
@@ -658,14 +658,14 @@ function create_public_mailing_list {
 
     ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function create_private_mailing_list {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [ ! $PRIVATE_MAILING_LIST ]; then
@@ -720,7 +720,7 @@ function create_private_mailing_list {
     chmod 0000 /etc/shadow
     chmod 0000 /etc/gshadow
     #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function split_gpg_key_into_fragments {
@@ -753,7 +753,7 @@ function import_email {
       Now on your internet router forward ports
      25, 587, 465, 993 and 2222 to the ${PROJECT_NAME}
 "
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         if [[ $SYSTEM_TYPE == "mail"* ]]; then
             function_check backup_to_friends_servers
             backup_to_friends_servers
@@ -776,7 +776,7 @@ function import_email {
         fi
         return
     fi
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
     if [[ $SYSTEM_TYPE == "mail"* ]]; then
         function_check backup_to_friends_servers
         backup_to_friends_servers
@@ -886,7 +886,7 @@ function create_procmail {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then
@@ -924,7 +924,7 @@ function create_procmail {
         chmod 6755 /usr/bin/procmail
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function handle_admin_emails {
@@ -940,7 +940,7 @@ function spam_filtering {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install exim4-daemon-heavy
@@ -1109,14 +1109,14 @@ function spam_filtering {
     function_check cron_add_mins
     cron_add_mins 10 "$script_name 2> /dev/null"
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function configure_imap {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -1213,14 +1213,14 @@ function configure_imap {
     fi
 
     systemctl restart dovecot
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function configure_imap_client_certs {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
@@ -1295,7 +1295,7 @@ function configure_imap_client_certs {
     echo 0001 > /etc/ssl/sslserial
     #${PROJECT_NAME}-clientcert -u $MY_USERNAME
     systemctl restart dovecot
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function create_gpg_subkey {
@@ -1303,7 +1303,7 @@ function create_gpg_subkey {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install gnupg
@@ -1336,7 +1336,7 @@ function create_gpg_subkey {
 
     MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function gpg_key_exists {
@@ -1362,7 +1362,7 @@ function configure_gpg {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install gnupg dirmngr
@@ -1395,7 +1395,7 @@ function configure_gpg {
                 if [ -d /home/$MY_USERNAME/.gnupg/crls.d ]; then
                     chmod +x /home/$MY_USERNAME/.gnupg/crls.d
                 fi
-                mark_completed $FUNCNAME
+                mark_completed "${FUNCNAME[0]}"
                 return
             fi
         fi
@@ -1481,7 +1481,7 @@ function configure_gpg {
         fi
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function refresh_gpg_keys {
@@ -1525,7 +1525,7 @@ function install_email {
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -1533,7 +1533,7 @@ function install_email {
     install_email_basic
     configure_email_onion
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-base-tripwire b/src/freedombone-base-tripwire
index ccb0bb28..9769b077 100755
--- a/src/freedombone-base-tripwire
+++ b/src/freedombone-base-tripwire
@@ -49,7 +49,7 @@ function remove_tripwire {
 }
 
 function install_tripwire {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -146,7 +146,7 @@ function install_tripwire {
 
        ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-avahi b/src/freedombone-utils-avahi
index 6bfe43fa..0e299cc3 100755
--- a/src/freedombone-utils-avahi
+++ b/src/freedombone-utils-avahi
@@ -40,18 +40,20 @@ function create_avahi_service {
         exit 52925
     fi
 
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/${service_name}.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/${service_name}.service
-    echo '<service-group>' >> /etc/avahi/services/${service_name}.service
-    echo "  <name replace-wildcards=\"yes\">%h ${service_type}</name>" >> /etc/avahi/services/${service_name}.service
-    echo '  <service>' >> /etc/avahi/services/${service_name}.service
-    echo "    <type>_${service_type}._${service_protocol}</type>" >> /etc/avahi/services/${service_name}.service
-    echo "    <port>${service_port}</port>" >> /etc/avahi/services/${service_name}.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo "  <name replace-wildcards=\"yes\">%h ${service_type}</name>";
+      echo '  <service>';
+      echo "    <type>_${service_type}._${service_protocol}</type>";
+      echo "    <port>${service_port}</port>"; }  > "/etc/avahi/services/${service_name}.service"
+
     if [ "$service_description" ]; then
-        echo "    <txt-record>$service_description</txt-record>" >> /etc/avahi/services/${service_name}.service
+        echo "    <txt-record>$service_description</txt-record>" >> "/etc/avahi/services/${service_name}.service"
     fi
-    echo '  </service>' >> /etc/avahi/services/${service_name}.service
-    echo '</service-group>' >> /etc/avahi/services/${service_name}.service
+
+    { echo '  </service>';
+      echo '</service-group>'; } >> "/etc/avahi/services/${service_name}.service"
 }
 
 function mesh_avahi {
@@ -59,64 +61,64 @@ function mesh_avahi {
 
     decarray=( 1 2 3 4 5 6 7 8 9 0 )
     PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
-    sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|use-ipv4=.*|use-ipv4=no|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|use-ipv6=.*|use-ipv6=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|#allow-interfaces=.*|allow-interfaces=wlan0, wlan1, wlan2, wlan3, wlan4, wlan5|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|allow-interfaces=.*|allow-interfaces=wlan0, wlan1, wlan2, wlan3, wlan4, wlan5|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|#deny-interfaces=.*|deny-interfaces=eth0, eth1, eth2, eth3, eth4, eth5|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|deny-interfaces=.*|deny-interfaces=eth0, eth1, eth2, eth3, eth4, eth5|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|disallow-other-stacks=.*|disallow-other-stacks=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|#publish_addresses=.*|publish_addresses=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|publish_addresses=.*|publish_addresses=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|#publish-hinfo=.*|publish-hinfo=no|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|publish-hinfo=.*|publish-hinfo=no|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|#publish-workstation=.*|publish-workstation=no|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|publish-workstation=.*|publish-workstation=no|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|#publish-domain=.*|publish-domain=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|publish-domain=.*|publish-domain=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|#publish-a-on-ipv6=.*|publish-a-on-ipv6=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-    sed -i "s|publish-a-on-ipv6=.*|publish-a-on-ipv6=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
+    sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|use-ipv4=.*|use-ipv4=no|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|use-ipv6=.*|use-ipv6=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|#allow-interfaces=.*|allow-interfaces=wlan0, wlan1, wlan2, wlan3, wlan4, wlan5|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|allow-interfaces=.*|allow-interfaces=wlan0, wlan1, wlan2, wlan3, wlan4, wlan5|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|#deny-interfaces=.*|deny-interfaces=eth0, eth1, eth2, eth3, eth4, eth5|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|deny-interfaces=.*|deny-interfaces=eth0, eth1, eth2, eth3, eth4, eth5|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|disallow-other-stacks=.*|disallow-other-stacks=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|#publish_addresses=.*|publish_addresses=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|publish_addresses=.*|publish_addresses=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|#publish-hinfo=.*|publish-hinfo=no|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|publish-hinfo=.*|publish-hinfo=no|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|#publish-workstation=.*|publish-workstation=no|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|publish-workstation=.*|publish-workstation=no|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|#publish-domain=.*|publish-domain=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|publish-domain=.*|publish-domain=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|#publish-a-on-ipv6=.*|publish-a-on-ipv6=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+    sed -i "s|publish-a-on-ipv6=.*|publish-a-on-ipv6=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
 
-    if [ ! -d $rootdir/etc/avahi/services ]; then
-        mkdir -p $rootdir/etc/avahi/services
+    if [ ! -d "$rootdir/etc/avahi/services" ]; then
+        mkdir -p "$rootdir/etc/avahi/services"
     fi
 
     # remove an avahi service which isn't used
-    if [ -f $rootdir/etc/avahi/services/udisks.service ]; then
-        rm $rootdir/etc/avahi/services/udisks.service
+    if [ -f "$rootdir/etc/avahi/services/udisks.service" ]; then
+        rm "$rootdir/etc/avahi/services/udisks.service"
     fi
 
     # Add a mesh routing protocol service
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/routing.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/routing.service
-    echo '<service-group>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <name replace-wildcards="yes">%h routing</name>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '    <type>_bmx6._tcp</type>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  </service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '</service-group>' >> $rootdir/etc/avahi/services/routing.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h routing</name>';
+      echo '  <service>';
+      echo '    <type>_bmx6._tcp</type>';
+      echo '  </service>';
+      echo '</service-group>'; } > "$rootdir/etc/avahi/services/routing.service"
 
     # keep the daemon running
     WATCHDOG_SCRIPT_NAME="keepon"
-    echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    { echo '';
+      echo '# keep avahi daemon running';
+      echo "AVAHI_RUNNING=\$(pgrep avahi-daemon > /dev/null && echo Running)";
+      echo "if [ ! \$AVAHI_RUNNING ]; then";
+      echo '  systemctl start avahi-daemon';
+      echo "  echo -n \$CURRENT_DATE >> \$LOGFILE";
+      echo "  echo \" Avahi daemon restarted\" >> \$LOGFILE";
+      echo 'fi'; } >> "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
+    chmod +x "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
 }
 
 function install_avahi {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_avahi
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     # only enable avahi if we're doing mesh networking
@@ -140,11 +142,11 @@ function install_avahi {
         sed -i "s|host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function configure_firewall_for_avahi {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     iptables -A INPUT -p tcp --dport 548 -j ACCEPT
@@ -155,7 +157,7 @@ function configure_firewall_for_avahi {
     iptables -A INPUT -p udp --dport 5354 -j ACCEPT
     function_check save_firewall_settings
     save_firewall_settings
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately there is no "exit 0"
diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup
index a5b1f0d6..4bf0e681 100755
--- a/src/freedombone-utils-backup
+++ b/src/freedombone-utils-backup
@@ -67,7 +67,7 @@ function restart_site {
 }
 
 function configure_backup_key {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install gnupg dirmngr
@@ -132,7 +132,7 @@ function configure_backup_key {
     shred -zu ${MY_BACKUP_KEY}_public.asc
     shred -zu ${MY_BACKUP_KEY}_private.asc
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function backup_to_friends_servers {
diff --git a/src/freedombone-utils-cmake b/src/freedombone-utils-cmake
index 1e6829f2..46ef7137 100755
--- a/src/freedombone-utils-cmake
+++ b/src/freedombone-utils-cmake
@@ -83,7 +83,7 @@ function install_cmake {
         fi
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -111,7 +111,7 @@ function install_cmake {
     fi
     make install
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately there is no "exit 0"
diff --git a/src/freedombone-utils-cron b/src/freedombone-utils-cron
index e0ab63e9..09b8237d 100755
--- a/src/freedombone-utils-cron
+++ b/src/freedombone-utils-cron
@@ -43,7 +43,7 @@ function randomize_cron {
     # The predictable default timing of Debian cron jobs might
     # be exploitable knowledge. Avoid too much predictability
     # by randomizing the times when cron jobs run
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -74,7 +74,7 @@ function randomize_cron {
 
     systemctl restart cron
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function schedule_stig_tests {
diff --git a/src/freedombone-utils-cryptopp b/src/freedombone-utils-cryptopp
index 1fc511b3..59f1ac2b 100755
--- a/src/freedombone-utils-cryptopp
+++ b/src/freedombone-utils-cryptopp
@@ -76,7 +76,7 @@ function install_cryptopp {
         fi
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -98,7 +98,7 @@ function install_cryptopp {
     fi
     make install
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately there is no "exit 0"
diff --git a/src/freedombone-utils-database b/src/freedombone-utils-database
index 6afebc1c..e3fcf0d4 100755
--- a/src/freedombone-utils-database
+++ b/src/freedombone-utils-database
@@ -191,7 +191,7 @@ function mariadb_create_root_user {
 }
 
 function install_mariadb {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install software-properties-common debconf-utils
@@ -237,7 +237,7 @@ function install_mariadb {
 
     mariadb_create_root_user
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function backup_databases_script_header {
@@ -285,7 +285,7 @@ function repair_databases_script {
         sed -i "s|/usr/bin/repairdatabase|${PROJECT_NAME}-repair-database|g" /etc/cron.hourly/repair
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -299,7 +299,7 @@ function repair_databases_script {
     chmod 600 /etc/cron.hourly/repair
     chmod +x /etc/cron.hourly/repair
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function remove_database {
diff --git a/src/freedombone-utils-dns b/src/freedombone-utils-dns
index 7dd04fc2..7dc3bb39 100755
--- a/src/freedombone-utils-dns
+++ b/src/freedombone-utils-dns
@@ -102,7 +102,7 @@ function create_freedns_updater {
     fi
 
     # currently inadyn doesn't work as expected with freeDNS, so this is a workaround
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $DDNS_PROVIDER != *"freedns"* ]]; then
@@ -127,7 +127,7 @@ function create_freedns_updater {
         systemctl restart cron
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function add_ddns_domain {
@@ -192,7 +192,7 @@ function remove_ddns_domain {
 }
 
 function configure_dns {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -215,7 +215,7 @@ function configure_dns {
     # prevent resolv.conf from changing
     resolvconf -u
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function set_hostname {
@@ -233,18 +233,18 @@ function set_hostname {
 }
 
 function set_your_domain_name {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
     function_check set_hostname
     set_hostname $DEFAULT_DOMAIN_NAME
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function configure_firewall_for_dns {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@@ -254,7 +254,7 @@ function configure_firewall_for_dns {
     iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
     function_check save_firewall_settings
     save_firewall_settings
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-filesystem b/src/freedombone-utils-filesystem
index a8c2bee2..8712abd9 100755
--- a/src/freedombone-utils-filesystem
+++ b/src/freedombone-utils-filesystem
@@ -70,7 +70,7 @@ function install_tomb {
     set_repo_commit $INSTALL_DIR/tomb "tomb commit" "$TOMB_COMMIT" $TOMB_REPO
 
     if [ -f $COMPLETION_FILE ]; then
-        if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
             return
         fi
     fi
@@ -100,7 +100,7 @@ function install_tomb {
         exit 93462
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function defrag_filesystem {
diff --git a/src/freedombone-utils-final b/src/freedombone-utils-final
index f6f44d9e..7bc32dd6 100755
--- a/src/freedombone-utils-final
+++ b/src/freedombone-utils-final
@@ -29,7 +29,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 function install_final {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     # unmount any attached usb drive
@@ -41,7 +41,7 @@ function install_final {
     split_gpg_key_into_fragments
     lockdown_permissions
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
     clear
     echo ''
 
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index 2359fbe4..2b70d31a 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -50,7 +50,7 @@ function firewall_block_bad_ip_ranges {
     if [ $INSTALLING_MESH ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -86,7 +86,7 @@ function firewall_block_bad_ip_ranges {
     iptables -A INPUT -s 215.0.0.0/8 -j DROP
     iptables -A OUTPUT -s 215.0.0.0/8 -j DROP
     save_firewall_settings
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function global_rate_limit {
@@ -143,7 +143,7 @@ function configure_firewall {
         # recreate the firewall to remove RELATED
         sed -i "/firewall/d" $COMPLETION_FILE
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@@ -200,11 +200,11 @@ function configure_firewall {
     # Incoming malformed NULL packets:
     iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function firewall_drop_telnet {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     # telnet isn't enabled as an input and we can also
@@ -213,11 +213,11 @@ function firewall_drop_telnet {
     iptables -A OUTPUT -p udp --dport telnet -j REJECT
     function_check save_firewall_settings
     save_firewall_settings
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function configure_firewall_ping {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     # Only allow ping for mesh installs
@@ -228,11 +228,11 @@ function configure_firewall_ping {
     iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
     function_check save_firewall_settings
     save_firewall_settings
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function configure_internet_protocol {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
@@ -331,7 +331,7 @@ function configure_internet_protocol {
         sed -i 's|net.ipv4.tcp_timestamps.*|net.ipv4.tcp_timestamps=0|g' /etc/sysctl.conf
     fi
     /sbin/sysctl -p
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function mesh_firewall {
@@ -615,7 +615,7 @@ function firewall_unblock_domain {
 }
 
 function firewall_drop_spoofed_packets {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
@@ -627,11 +627,11 @@ function firewall_drop_spoofed_packets {
     iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
     function_check save_firewall_settings
     save_firewall_settings
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function firewall_rate_limits {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -652,7 +652,7 @@ function firewall_rate_limits {
 
     function_check save_firewall_settings
     save_firewall_settings
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-git b/src/freedombone-utils-git
index 9e2c3741..8b87552e 100755
--- a/src/freedombone-utils-git
+++ b/src/freedombone-utils-git
@@ -134,7 +134,7 @@ function set_repo_commit {
 }
 
 function configure_firewall_for_git {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@@ -146,7 +146,7 @@ function configure_firewall_for_git {
     fi
 
     firewall_add Git 9418 tcp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-go b/src/freedombone-utils-go
index bc77da17..4f673f71 100755
--- a/src/freedombone-utils-go
+++ b/src/freedombone-utils-go
@@ -227,7 +227,7 @@ function upgrade_golang {
         systemctl restart gogs
     fi
 
-    set_completion_param "$FUNCNAME" "$GO_VERSION"
+    set_completion_param "${FUNCNAME[0]}" "$GO_VERSION"
 }
 
 # NOTE: deliberately there is no "exit 0"
diff --git a/src/freedombone-utils-international b/src/freedombone-utils-international
index 35d57ed1..a2baf575 100755
--- a/src/freedombone-utils-international
+++ b/src/freedombone-utils-international
@@ -29,7 +29,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 function locale_setup {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -49,7 +49,7 @@ function locale_setup {
     update-locale LC_ALL=${DEFAULT_LANGUAGE}
     update-locale LC_CTYPE=${DEFAULT_LANGUAGE}
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-login b/src/freedombone-utils-login
index aa6e4cee..32cf290a 100755
--- a/src/freedombone-utils-login
+++ b/src/freedombone-utils-login
@@ -29,7 +29,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 function change_login_message {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -46,7 +46,7 @@ function change_login_message {
     echo "'    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'" >> /etc/motd
     echo $'                  Freedom in the Cloud' >> /etc/motd
     echo '' >> /etc/motd
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-mongodb b/src/freedombone-utils-mongodb
index d78d9909..b19e37b4 100755
--- a/src/freedombone-utils-mongodb
+++ b/src/freedombone-utils-mongodb
@@ -57,7 +57,7 @@ function install_mongodb {
         exit 7356272
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -90,7 +90,7 @@ function install_mongodb {
         fi
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function remove_mongodb {
diff --git a/src/freedombone-utils-monkeysphere b/src/freedombone-utils-monkeysphere
index 8d32638a..1ca49684 100755
--- a/src/freedombone-utils-monkeysphere
+++ b/src/freedombone-utils-monkeysphere
@@ -29,7 +29,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 function install_monkeysphere {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install monkeysphere msva-perl
@@ -60,7 +60,7 @@ function install_monkeysphere {
     fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
     monkeysphere-authentication add-identity-certifier $fpr
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-network b/src/freedombone-utils-network
index 39ac6c0b..7b9a5df4 100755
--- a/src/freedombone-utils-network
+++ b/src/freedombone-utils-network
@@ -48,7 +48,7 @@ ROUTER_IP_ADDRESS="192.168.1.254"
 MESH_INSTALL_DIR=/var/lib
 
 function install_static_network {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLING_ON_BBB == "yes" ]]; then
@@ -68,7 +68,7 @@ function install_static_network {
     echo '    netmask 255.255.255.0' >> /etc/network/interfaces.d/static
     echo "    gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces.d/static
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function get_external_ipv4_address {
diff --git a/src/freedombone-utils-nodejs b/src/freedombone-utils-nodejs
index a8ec2935..f83be531 100755
--- a/src/freedombone-utils-nodejs
+++ b/src/freedombone-utils-nodejs
@@ -222,7 +222,7 @@ function install_nodejs {
         mesh_install_nodejs
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         upgrade_nodejs
         return
     fi
@@ -256,7 +256,7 @@ function install_nodejs {
         fi
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately there is no "exit 0"
diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index b511f59a..c1996be0 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -221,7 +221,7 @@ function enable_ssh_via_onion {
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install tor connect-proxy
@@ -248,11 +248,11 @@ function enable_ssh_via_onion {
         echo 'Host *.onion' >> /etc/skel/.ssh/config
         echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /etc/skel/.ssh/config
     fi
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function configure_ssh_onion {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
@@ -268,14 +268,14 @@ function configure_ssh_onion {
     set_completion_param "ssh onion domain" "${SSH_ONION_HOSTNAME}"
     add_email_hostname "${SSH_ONION_HOSTNAME}"
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_tor {
     if [[ $SYSTEM_TYPE == "mesh*" ]]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -296,14 +296,14 @@ function install_tor {
     sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
     sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function resolve_dns_via_tor {
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [ ! -f /etc/tor/torrc ]; then
@@ -327,13 +327,13 @@ function resolve_dns_via_tor {
     echo 'nameserver 127.0.0.1:53' > $resolvconf
     resolvconf -u
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
 # Local Redirection and Anonymizing Middlebox
 function route_outgoing_traffic_through_tor {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
@@ -428,7 +428,7 @@ function route_outgoing_traffic_through_tor {
         echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function get_app_onion_address {
diff --git a/src/freedombone-utils-passwords b/src/freedombone-utils-passwords
index 90cc02c7..a4d420ea 100755
--- a/src/freedombone-utils-passwords
+++ b/src/freedombone-utils-passwords
@@ -41,13 +41,13 @@ DEFAULT_PASSWORD_LENGTH=20
 
 function enforce_good_passwords {
     # because humans are generally bad at choosing passwords
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install libpam-cracklib
 
     sed -i 's/password.*requisite.*pam_cracklib.so.*/password        required                       pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function create_password {
diff --git a/src/freedombone-utils-postgresql b/src/freedombone-utils-postgresql
index e8be209b..4aa271b8 100755
--- a/src/freedombone-utils-postgresql
+++ b/src/freedombone-utils-postgresql
@@ -69,7 +69,7 @@ function install_postgresql {
         return
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -101,7 +101,7 @@ function install_postgresql {
         exit 835290
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function add_postgresql_user {
diff --git a/src/freedombone-utils-repos b/src/freedombone-utils-repos
index b7f31f92..2dc70abe 100755
--- a/src/freedombone-utils-repos
+++ b/src/freedombone-utils-repos
@@ -32,7 +32,7 @@
 DEBIAN_REPO="ftp.us.debian.org"
 
 function create_repo_sources {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     rm -rf /var/lib/apt/lists/*
@@ -53,12 +53,12 @@ function create_repo_sources {
     apt-get update
     apt-get -yq install apt-transport-https
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # A command to create a git repository for a project
 function create_git_project {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install git
@@ -86,7 +86,7 @@ function create_git_project {
     echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
     chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-rng b/src/freedombone-utils-rng
index 500c4fe0..cb61fb4f 100755
--- a/src/freedombone-utils-rng
+++ b/src/freedombone-utils-rng
@@ -59,7 +59,7 @@ function check_hwrng {
 }
 
 function check_onerng_verification {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $HWRNG_TYPE != "onerng" ]]; then
@@ -78,7 +78,7 @@ function check_onerng_verification {
     echo $'OneRNG firmware verification passed'
     # if haveged was previously installed then remove it
     apt-get -yq remove haveged
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function install_onerng {
@@ -131,7 +131,7 @@ function install_onerng {
 }
 
 function random_number_generator {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@@ -165,7 +165,7 @@ function random_number_generator {
             ;;
     esac
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup
index 61869ae3..77522207 100755
--- a/src/freedombone-utils-setup
+++ b/src/freedombone-utils-setup
@@ -252,7 +252,7 @@ function turn_off_rsys_logging {
 }
 
 function initial_setup {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -283,7 +283,7 @@ function initial_setup {
         mkdir -p $INSTALL_DIR
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function turn_off_magic_sysrq {
@@ -316,7 +316,7 @@ function admin_user_sudo {
 function search_for_attached_usb_drive {
     # If a USB drive is attached then search for email,
     # gpg, ssh keys and emacs configuration
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     detect_usb_drive
@@ -404,7 +404,7 @@ function search_for_attached_usb_drive {
         fi
         echo $'No USB drive attached'
     fi
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function mark_admin_user_account {
@@ -681,14 +681,14 @@ function create_usb_canary {
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
     echo "ACTION==\"add\", KERNEL==\"sd*[!0-9]\", RUN+=\"/usr/local/bin/${PROJECT_NAME}-usb-canary\"" > /etc/udev/rules.d/00-usb-canary.rules
     udevadm control --reload-rules
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function setup_firewall {
diff --git a/src/freedombone-utils-ssh b/src/freedombone-utils-ssh
index bab31578..3e1b48ae 100755
--- a/src/freedombone-utils-ssh
+++ b/src/freedombone-utils-ssh
@@ -37,7 +37,7 @@ SSH_KEX="curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffi
 SSH_HOST_KEY_ALGORITHMS="ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-ed25519,ssh-rsa"
 
 function configure_ssh {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -125,7 +125,7 @@ function configure_ssh {
 
     function_check configure_firewall_for_ssh
     configure_firewall_for_ssh
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
@@ -135,7 +135,7 @@ function ssh_remove_small_moduli {
 }
 
 function configure_ssh_client {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     #sed -i 's/#   PasswordAuthentication.*/   PasswordAuthentication no/g' /etc/ssh/ssh_config
@@ -165,11 +165,11 @@ function configure_ssh_client {
 
     function_check ssh_remove_small_moduli
     ssh_remove_small_moduli
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function regenerate_ssh_keys {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     rm -f /etc/ssh/ssh_host_*
@@ -179,11 +179,11 @@ function regenerate_ssh_keys {
     ssh_remove_small_moduli
 
     systemctl restart ssh
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function configure_firewall_for_ssh {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@@ -192,7 +192,7 @@ function configure_firewall_for_ssh {
     fi
 
     firewall_add SSH ${SSH_PORT} tcp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function get_ssh_server_key {
diff --git a/src/freedombone-utils-tracker b/src/freedombone-utils-tracker
index 3a19978f..15fcf758 100755
--- a/src/freedombone-utils-tracker
+++ b/src/freedombone-utils-tracker
@@ -65,7 +65,7 @@ function install_tracker {
         return
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -97,7 +97,7 @@ function install_tracker {
     systemctl enable tracker.service
     systemctl start tracker.service
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-upgrade b/src/freedombone-utils-upgrade
index 01ff5f17..e8e5eb4e 100755
--- a/src/freedombone-utils-upgrade
+++ b/src/freedombone-utils-upgrade
@@ -43,20 +43,20 @@ function create_upgrade_script {
         fi
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
     apt-get -yq install unattended-upgrades
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function upgrade_installation_from_previous_versions {
     if [ ! -f $COMPLETION_FILE ]; then
         return
     fi
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -87,7 +87,7 @@ function upgrade_installation_from_previous_versions {
         rm /usr/local/bin/zeronetavahi
     fi
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-watchdog b/src/freedombone-utils-watchdog
index 00cf2581..8b05cf35 100755
--- a/src/freedombone-utils-watchdog
+++ b/src/freedombone-utils-watchdog
@@ -34,7 +34,7 @@
 WATCHDOG_SCRIPT_NAME="keepon"
 
 function install_watchdog_script {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
@@ -46,7 +46,7 @@ function install_watchdog_script {
     function_check cron_add_mins
     cron_add_mins 1 "/usr/bin/$WATCHDOG_SCRIPT_NAME"
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function daemon_is_running {
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index 8457bc58..3cb0d34d 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -437,7 +437,7 @@ function install_dynamicdns {
     function_check set_repo_commit
     set_repo_commit $INSTALL_DIR/inadyn "inadyn commit" "$INADYN_COMMIT" $INADYN_REPO
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -512,7 +512,7 @@ function install_dynamicdns {
     systemctl start inadyn
     systemctl daemon-reload
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function update_default_search_engine {
@@ -539,13 +539,13 @@ function update_default_search_engine {
 }
 
 function install_command_line_browser {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     apt-get -yq install elinks
     update_default_search_engine
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function mesh_web_server {
@@ -572,7 +572,7 @@ function install_web_server {
     function_check set_repo_commit
     set_repo_commit $INSTALL_DIR/nginx_ensite "nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     # remove apache
@@ -714,7 +714,7 @@ function install_web_server {
     function_check configure_firewall_for_web_access
     configure_firewall_for_web_access
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function remove_certs {
@@ -742,7 +742,7 @@ function remove_certs {
 }
 
 function configure_firewall_for_web_access {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
@@ -754,7 +754,7 @@ function configure_firewall_for_web_access {
     fi
     firewall_add HTTP 80 tcp
     firewall_add HTTPS 443 tcp
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function update_default_domain {
diff --git a/src/freedombone-utils-wifi b/src/freedombone-utils-wifi
index 1ecdf813..ecef691e 100755
--- a/src/freedombone-utils-wifi
+++ b/src/freedombone-utils-wifi
@@ -120,7 +120,7 @@ function setup_wifi {
         return
     fi
 
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -131,7 +131,7 @@ function setup_wifi {
 
     if [ -f $WIFI_NETWORKS_FILE ]; then
         ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE
-        mark_completed $FUNCNAME
+        mark_complete "${FUNCNAME[0]}"
         return
     fi
 
@@ -148,12 +148,12 @@ function setup_wifi {
     else
         ${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE --hotspot $HOTSPOT --networks $WIFI_NETWORKS_FILE
     fi
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # ath9k_htc driver
 function install_atheros_wifi {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
     if [ $INSTALLING_ON_BBB != "yes" ]; then
@@ -198,7 +198,7 @@ function install_atheros_wifi {
     if [ ! "$?" = "0" ]; then
         exit 74681
     fi
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 function update_wifi_adaptors {
diff --git a/src/freedombone-utils-zram b/src/freedombone-utils-zram
index 55b798d4..1c225804 100755
--- a/src/freedombone-utils-zram
+++ b/src/freedombone-utils-zram
@@ -29,7 +29,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 function enable_zram {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
@@ -40,7 +40,7 @@ function enable_zram {
 
     ${PROJECT_NAME}-zram on
 
-    mark_completed $FUNCNAME
+    mark_completed "${FUNCNAME[0]}"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-zram b/src/freedombone-zram
index b947112b..26cde1ae 100755
--- a/src/freedombone-zram
+++ b/src/freedombone-zram
@@ -48,7 +48,7 @@ function zram_daemon {
       echo "ExecStart=${PROJECT_NAME}-zram on";
       echo '';
       echo '[Install]';
-      echo 'WantedBy=multi-user.target'; } >> $DAEMON_FILENAME
+      echo 'WantedBy=multi-user.target'; } > $DAEMON_FILENAME
 }
 
 function zram_on {

From bcf377b9cd82723bee05ca858c6ce62f3d598bba Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 13:49:17 +0000
Subject: [PATCH 07/67] Tidy avahi utils

---
 src/freedombone-utils-avahi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-utils-avahi b/src/freedombone-utils-avahi
index 0e299cc3..7d24de6f 100755
--- a/src/freedombone-utils-avahi
+++ b/src/freedombone-utils-avahi
@@ -57,6 +57,7 @@ function create_avahi_service {
 }
 
 function mesh_avahi {
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install avahi-utils avahi-dnsconfd
 
     decarray=( 1 2 3 4 5 6 7 8 9 0 )
@@ -126,13 +127,12 @@ function install_avahi {
         return
     fi
 
-    ${PROJECT_NAME}-mesh-install -f avahi
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f avahi; then
         echo $'Failed to install avahi'
         exit 68442
     fi
 
-    if [ $DEFAULT_DOMAIN_NAME ]; then
+    if [ "$DEFAULT_DOMAIN_NAME" ]; then
         sed -i "s|#host-name=.*|host-name=$LOCAL_NAME|g" /etc/avahi/avahi-daemon.conf
         sed -i "s|host-name=.*|host-name=$LOCAL_NAME|g" /etc/avahi/avahi-daemon.conf
     else

From fee71d392e628e19769f0bfea92b95a2b749b293 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 14:35:20 +0000
Subject: [PATCH 08/67] Tidying backup utils

---
 src/freedombone-utils-backup | 459 ++++++++++++++++++-----------------
 1 file changed, 233 insertions(+), 226 deletions(-)

diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup
index 4bf0e681..5dc94993 100755
--- a/src/freedombone-utils-backup
+++ b/src/freedombone-utils-backup
@@ -52,16 +52,16 @@ function remove_backups_temp_directory {
 function suspend_site {
     # suspends a given website
     SUSPENDED_SITE="$1"
-    nginx_dissite $SUSPENDED_SITE
+    nginx_dissite "$SUSPENDED_SITE"
     systemctl reload nginx
 }
 
 function restart_site {
     # restarts a given website
-    if [ ! $SUSPENDED_SITE ]; then
+    if [ ! "$SUSPENDED_SITE" ]; then
         return
     fi
-    nginx_ensite $SUSPENDED_SITE
+    nginx_ensite "$SUSPENDED_SITE"
     systemctl reload nginx
     SUSPENDED_SITE=
 }
@@ -79,27 +79,27 @@ function configure_backup_key {
     fi
 
     gpg_agent_setup root
-    gpg_agent_setup $MY_USERNAME
+    gpg_agent_setup "$MY_USERNAME"
 
     # Generate a GPG key for backups
     BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
     if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
-        echo 'Key-Type: eddsa' > /home/$MY_USERNAME/gpg-genkey.conf
-        echo 'Key-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo 'Subkey-Type: eddsa' >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo 'Subkey-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo "Name-Real:  $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
-        echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
-        cat /home/$MY_USERNAME/gpg-genkey.conf
-        echo "Passphrase: $BACKUP_DUMMY_PASSWORD" >> /home/$MY_USERNAME/gpg-genkey.conf
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
+        { echo 'Key-Type: eddsa';
+          echo 'Key-Curve: Ed25519';
+          echo 'Subkey-Type: eddsa';
+          echo 'Subkey-Curve: Ed25519';
+          echo "Name-Real:  $MY_NAME";
+          echo "Name-Email: $MY_EMAIL_ADDRESS";
+          echo "Name-Comment: backup key";
+          echo 'Expire-Date: 0'; } > "/home/$MY_USERNAME/gpg-genkey.conf"
+        cat "/home/$MY_USERNAME/gpg-genkey.conf"
+        echo "Passphrase: $BACKUP_DUMMY_PASSWORD" >> "/home/$MY_USERNAME/gpg-genkey.conf"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/gpg-genkey.conf"
         echo $'Backup key does not exist. Creating it.'
-        su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
+        su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
 
-        shred -zu /home/$MY_USERNAME/gpg-genkey.conf
+        shred -zu "/home/$MY_USERNAME/gpg-genkey.conf"
         echo $'Checking that the Backup key was created'
         BACKUP_KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_NAME (backup key)")
         if [[ $BACKUP_KEY_EXISTS == "no" ]]; then
@@ -108,46 +108,46 @@ function configure_backup_key {
         fi
     fi
 
-    MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//')
+    MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_NAME (backup key)\"" - "$MY_USERNAME" | sed -n '2p' | sed 's/^[ \t]*//')
     echo "Backup key: $MY_BACKUP_KEY_ID"
     MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key
-    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
+    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_public.asc --armor --export $MY_BACKUP_KEY_ID" - "$MY_USERNAME"
 
-    if [ ! -f ${MY_BACKUP_KEY}_public.asc ]; then
+    if [ ! -f "${MY_BACKUP_KEY}_public.asc" ]; then
         echo 'Public backup key could not be exported'
         exit 36829
     fi
 
-    su -m root -c "echo '$BACKUP_DUMMY_PASSWORD' | gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_private.asc --armor --batch --passphrase-fd 0 --export-secret-key $MY_BACKUP_KEY_ID" - $MY_USERNAME
+    su -m root -c "echo '$BACKUP_DUMMY_PASSWORD' | gpg --homedir /home/$MY_USERNAME/.gnupg --output ${MY_BACKUP_KEY}_private.asc --armor --batch --passphrase-fd 0 --export-secret-key $MY_BACKUP_KEY_ID" - "$MY_USERNAME"
 
-    if [ ! -f ${MY_BACKUP_KEY}_private.asc ]; then
+    if [ ! -f "${MY_BACKUP_KEY}_private.asc" ]; then
         echo 'Private backup key could not be exported'
         exit 29235
     fi
 
     # import backup key to root user
-    gpg --import --import ${MY_BACKUP_KEY}_public.asc
-    echo '$BACKUP_DUMMY_PASSWORD' | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import ${MY_BACKUP_KEY}_private.asc
+    gpg --import --import "${MY_BACKUP_KEY}_public.asc"
+    echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --allow-secret-key-import --import "${MY_BACKUP_KEY}_private.asc"
 
-    shred -zu ${MY_BACKUP_KEY}_public.asc
-    shred -zu ${MY_BACKUP_KEY}_private.asc
+    shred -zu "${MY_BACKUP_KEY}_public.asc"
+    shred -zu "${MY_BACKUP_KEY}_private.asc"
 
     mark_completed "${FUNCNAME[0]}"
 }
 
 function backup_to_friends_servers {
     # update crontab
-    echo '#!/bin/bash' > /etc/cron.daily/backuptofriends
-    echo "if [ -f /usr/local/bin/${PROJECT_NAME}-backup-remote ]; then" >> /etc/cron.daily/backuptofriends
-    echo "    /usr/local/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
-    echo 'else' >> /etc/cron.daily/backuptofriends
-    echo "    /usr/bin/${PROJECT_NAME}-backup-remote" >> /etc/cron.daily/backuptofriends
-    echo 'fi' >> /etc/cron.daily/backuptofriends
+    { echo '#!/bin/bash';
+      echo "if [ -f /usr/local/bin/${PROJECT_NAME}-backup-remote ]; then";
+      echo "    /usr/local/bin/${PROJECT_NAME}-backup-remote";
+      echo 'else';
+      echo "    /usr/bin/${PROJECT_NAME}-backup-remote";
+      echo 'fi'; } > /etc/cron.daily/backuptofriends
     chmod +x /etc/cron.daily/backuptofriends
 }
 
 function backup_mount_drive {
-    if [ $1 ]; then
+    if [ "$1" ]; then
         if [[ "$1" == "/dev/"* ]]; then
             USB_DRIVE=$1
         else
@@ -157,25 +157,25 @@ function backup_mount_drive {
 
     # get the admin user
     ADMIN_USERNAME=$(get_completion_param "Admin user")
-    if [ $2 ]; then
+    if [ "$2" ]; then
         ADMIN_USERNAME=$2
     fi
-    ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)
+    ADMIN_NAME=$(getent passwd "$ADMIN_USERNAME" | cut -d: -f5 | cut -d, -f1)
 
-    if [ $3 ]; then
+    if [ "$3" ]; then
         RESTORE_APP=$3
     fi
 
     # check that the backup destination is available
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         echo $"Please attach a USB drive"
         exit 1
     fi
 
     # unmount if already mounted
-    umount -f $USB_MOUNT
-    if [ ! -d $USB_MOUNT ]; then
-        mkdir $USB_MOUNT
+    umount -f "$USB_MOUNT"
+    if [ ! -d "$USB_MOUNT" ]; then
+        mkdir "$USB_MOUNT"
     fi
     if [ -f /dev/mapper/encrypted_usb ]; then
         rm -rf /dev/mapper/encrypted_usb
@@ -183,33 +183,30 @@ function backup_mount_drive {
     cryptsetup luksClose encrypted_usb
 
     # mount the encrypted backup drive
-    cryptsetup luksOpen $USB_DRIVE encrypted_usb
-    if [ "$?" = "0" ]; then
+    if cryptsetup luksOpen "$USB_DRIVE" encrypted_usb; then
         USB_DRIVE=/dev/mapper/encrypted_usb
     fi
-    mount $USB_DRIVE $USB_MOUNT
-    if [ ! "$?" = "0" ]; then
+    if ! mount "$USB_DRIVE" "$USB_MOUNT"; then
         echo $"There was a problem mounting the USB drive to $USB_MOUNT"
-        rm -rf $USB_MOUNT
+        rm -rf "$USB_MOUNT"
         exit 783452
     fi
 }
 
 function backup_unmount_drive {
-    if [ $1 ]; then
-        USB_DRIVE=${1}
-        if [ $2 ]; then
-            USB_MOUNT=${2}
-        fi
-    fi
+    #if [ $1 ]; then
+    #    USB_DRIVE=${1}
+    #    if [ $2 ]; then
+    #        USB_MOUNT=${2}
+    #    fi
+    #fi
     sync
-    umount $USB_MOUNT
-    if [ ! "$?" = "0" ]; then
+    if ! umount "$USB_MOUNT"; then
         echo $"Unable to unmount the drive."
-        rm -rf $USB_MOUNT
+        rm -rf "$USB_MOUNT"
         exit 9
     fi
-    rm -rf $USB_MOUNT
+    rm -rf "$USB_MOUNT"
     if [[ $USB_DRIVE == /dev/mapper/encrypted_usb ]]; then
         echo $"Unmount encrypted USB"
         cryptsetup luksClose encrypted_usb
@@ -226,54 +223,55 @@ function backup_database_local_usb {
         restart_site
         exit 10
     fi
-    if [ ! -d $USB_MOUNT/backup/${1} ]; then
-        mkdir -p $USB_MOUNT/backup/${1}
+    if [ ! -d "$USB_MOUNT/backup/${1}" ]; then
+        mkdir -p "$USB_MOUNT/backup/${1}"
     fi
-    if [ ! -d $USB_MOUNT/backup/${1}data ]; then
-        mkdir -p $USB_MOUNT/backup/${1}data
+    if [ ! -d "$USB_MOUNT/backup/${1}data" ]; then
+        mkdir -p "$USB_MOUNT/backup/${1}data"
     fi
     local_database_dir=/root/temp${1}data
-    if [ ! -d ${local_database_dir} ]; then
-        mkdir -p ${local_database_dir}
+    if [ ! -d "${local_database_dir}" ]; then
+        mkdir -p "${local_database_dir}"
     fi
     echo $"Obtaining ${1} database backup"
     database_file_extension='sql'
-    if [ $USE_MONGODB ]; then
+    if [ "$USE_MONGODB" ]; then
         database_file_extension='mdb'
         USE_POSTGRESQL=
     fi
     if [ ! $USE_POSTGRESQL ]; then
-        if [ ! $USE_MONGODB ]; then
+        if [ ! "$USE_MONGODB" ]; then
             USE_MONGODB=
             USE_POSTGRESQL=
             keep_database_running
-            mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension}
+            mysqldump --lock-tables --password="$DATABASE_PASSWORD" "${1}" > "${local_database_dir}/${1}.${database_file_extension}"
         else
             USE_MONGODB=
             USE_POSTGRESQL=
-            mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip
+            mongodump --db "${1}" --archive="${local_database_dir}/${1}.${database_file_extension}" --gzip
         fi
     else
         USE_MONGODB=
         USE_POSTGRESQL=
-        cd /etc/postgresql
-        sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension}
+        cd /etc/postgresql || exit 673852
+        # shellcheck disable=2024
+        sudo -u postgres pg_dump "${1}" > "${local_database_dir}/${1}.${database_file_extension}"
     fi
-    if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then
-        if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then
+    if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
+        if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
             echo $"${1} database could not be saved"
-            shred -zu ${local_database_dir}/*
-            rm -rf ${local_database_dir}
-            umount $USB_MOUNT
-            rm -rf $USB_MOUNT
+            shred -zu "${local_database_dir}/*"
+            rm -rf "${local_database_dir}"
+            umount "$USB_MOUNT"
+            rm -rf "$USB_MOUNT"
             restart_site
             exit 6835872
         fi
     else
         echo $"${1} database could not be dumped"
-        rm -rf ${local_database_dir}
-        umount $USB_MOUNT
-        rm -rf $USB_MOUNT
+        rm -rf "${local_database_dir}"
+        umount "$USB_MOUNT"
+        rm -rf "$USB_MOUNT"
         restart_site
         exit 738653
     fi
@@ -282,13 +280,14 @@ function backup_database_local_usb {
 
 function backup_directory_to_usb_duplicity {
     create_backups_temp_directory
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir "$BACKUP_TEMP_DIRECTORY" --encrypt-key "$MY_BACKUP_KEY_ID" --full-if-older-than 4W --exclude-other-filesystems "${1}" "file://$USB_MOUNT/backup/${2}"
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
-        umount $USB_MOUNT
-        rm -rf $USB_MOUNT
+        umount "$USB_MOUNT"
+        rm -rf "$USB_MOUNT"
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
-            shred -zu ${1}/*
-            rm -rf ${1}
+            shred -zu "${1}/*"
+            rm -rf "${1}"
         fi
         function_check restart_site
         restart_site
@@ -296,13 +295,14 @@ function backup_directory_to_usb_duplicity {
         exit 8352925
     fi
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir "$BACKUP_TEMP_DIRECTORY" --encrypt-key "$MY_BACKUP_KEY_ID" --full-if-older-than 4W --exclude-other-filesystems "${1}" "file://$USB_MOUNT/backup/${2}"
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
-            umount $USB_MOUNT
-            rm -rf $USB_MOUNT
+            umount "$USB_MOUNT"
+            rm -rf "$USB_MOUNT"
             if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
-                shred -zu ${1}/*
-                rm -rf ${1}
+                shred -zu "${1}/*"
+                rm -rf "${1}"
             fi
             function_check restart_site
             restart_site
@@ -314,10 +314,11 @@ function backup_directory_to_usb_duplicity {
 }
 
 function backup_directory_to_usb {
-    if [ ! -d ${1} ]; then
+    if [ ! -d "${1}" ]; then
         echo $"WARNING: directory does not exist: ${1}"
     else
         BACKUP_KEY_EXISTS=$(gpg --list-keys "$ADMIN_NAME (backup key)")
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             echo $"Backup key could not be found"
             function_check restart_site
@@ -326,77 +327,76 @@ function backup_directory_to_usb {
         fi
 
         MY_BACKUP_KEY_ID=$(gpg --list-keys "$ADMIN_NAME (backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
-        if [ ! -d $USB_MOUNT/backup/${2} ]; then
-            mkdir -p $USB_MOUNT/backup/${2}
+        if [ ! -d "$USB_MOUNT/backup/${2}" ]; then
+            mkdir -p "$USB_MOUNT/backup/${2}"
         fi
 
-        backup_directory_to_usb_duplicity ${1} ${2}
+        backup_directory_to_usb_duplicity "${1}" "${2}"
 
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
-            shred -zu ${1}/*
-            rm -rf ${1}
+            shred -zu "${1}/*"
+            rm -rf "${1}"
         fi
     fi
 }
 
 function restore_directory_from_usb_duplicity {
     create_backups_temp_directory
-    PASSPHRASE="$BACKUP_DUMMY_PASSWORD" duplicity restore --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --force file://$USB_MOUNT/backup/${2} ${1}
+    PASSPHRASE="$BACKUP_DUMMY_PASSWORD" duplicity restore --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir "$BACKUP_TEMP_DIRECTORY" --force "file://$USB_MOUNT/backup/${2}" "${1}"
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         echo "WARNING: failed to restore $USB_MOUNT/backup/${2} to ${1}"
     fi
-    PASSPHRASE=
     remove_backups_temp_directory
 }
 
 function restore_directory_from_usb {
-    if [ ! ${1} ]; then
+    if [ ! "${1}" ]; then
         echo "$USB_MOUNT/backup/${2} -> ${1}"
         echo $'No restore destination given'
         return
     fi
-    if [ ! ${2} ]; then
+    if [ ! "${2}" ]; then
         echo "$USB_MOUNT/backup/${2} -> ${1}"
         echo $'No restore source given'
         return
     fi
-    if [ ! -d ${1} ]; then
-        mkdir ${1}
+    if [ ! -d "${1}" ]; then
+        mkdir "${1}"
     fi
-    restore_directory_from_usb_duplicity ${1} ${2}
+    restore_directory_from_usb_duplicity "${1}" "${2}"
 }
 
 function restore_directory_from_friend_duplicity {
     create_backups_temp_directory
-    PASSPHRASE="$BACKUP_DUMMY_PASSWORD" duplicity restore --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --force file://$SERVER_DIRECTORY/backup/${2} ${1}
-    PASSPHRASE=
+    PASSPHRASE="$BACKUP_DUMMY_PASSWORD" duplicity restore --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir "$BACKUP_TEMP_DIRECTORY" --force "file://$SERVER_DIRECTORY/backup/${2}" "${1}"
     remove_backups_temp_directory
 }
 
 function restore_directory_from_friend {
-    if [ ! ${1} ]; then
+    if [ ! "${1}" ]; then
         echo $'No restore destination given'
         return
     fi
-    if [ ! ${2} ]; then
+    if [ ! "${2}" ]; then
         echo $'No restore source given'
         return
     fi
-    if [ ! -d ${1} ]; then
-        mkdir ${1}
+    if [ ! -d "${1}" ]; then
+        mkdir "${1}"
     fi
-    restore_directory_from_friend_duplicity ${1} ${2}
+    restore_directory_from_friend_duplicity "${1}" "${2}"
 }
 
 function backup_database_to_usb {
     database_name=$1
     local_database_dir=/root/temp${1}data
-    backup_database_local_usb ${database_name}
-    if [ ! -f ${local_database_dir}/${1}.sql ]; then
+    backup_database_local_usb "${database_name}"
+    if [ ! -f "${local_database_dir}/${1}.sql" ]; then
         echo $"Error backing up ${1} database to ${local_database_dir}/${1}.sql"
         exit 62383
     fi
-    backup_directory_to_usb ${local_database_dir} ${database_name}data
+    backup_directory_to_usb "${local_database_dir}" "${database_name}data"
 }
 
 # after user files have been restored permissions may need to be set
@@ -405,18 +405,19 @@ function set_user_permissions {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            chown -R $USERNAME:$USERNAME /home/$USERNAME
+            chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME"
         fi
     done
 }
 
 function backup_directory_to_friend_duplicity {
     create_backups_temp_directory
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir "$BACKUP_TEMP_DIRECTORY" --ssh-askpass --encrypt-key "${ADMIN_BACKUP_KEY_ID}" --full-if-older-than 4W --exclude-other-filesystems "${1}" "$SERVER_DIRECTORY/backup/${2}"
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
-        if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
-            shred -zu ${1}/*
-            rm -rf ${1}
+        if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
+            shred -zu "${1}/*"
+            rm -rf "${1}"
         fi
         function_check restart_site
         restart_site
@@ -424,11 +425,12 @@ function backup_directory_to_friend_duplicity {
         exit 5293526
     fi
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir "$BACKUP_TEMP_DIRECTORY" --ssh-askpass --encrypt-key "${ADMIN_BACKUP_KEY_ID}" --full-if-older-than 4W --exclude-other-filesystems "${1}" "$SERVER_DIRECTORY/backup/${2}"
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
-            if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
-                shred -zu ${1}/*
-                rm -rf ${1}
+            if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
+                shred -zu "${1}/*"
+                rm -rf "${1}"
             fi
             function_check restart_site
             restart_site
@@ -441,6 +443,7 @@ function backup_directory_to_friend_duplicity {
 
 function backup_directory_to_friend {
     BACKUP_KEY_EXISTS=$(gpg --list-keys "$ADMIN_NAME (backup key)")
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         echo $"Backup key could not be found"
         function_check restart_site
@@ -449,15 +452,15 @@ function backup_directory_to_friend {
     fi
 
     ADMIN_BACKUP_KEY_ID=$(gpg --list-keys "$ADMIN_NAME (backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
-    if [ ! -d $SERVER_DIRECTORY/backup/${2} ]; then
-        mkdir -p $SERVER_DIRECTORY/backup/${2}
+    if [ ! -d "$SERVER_DIRECTORY/backup/${2}" ]; then
+        mkdir -p "$SERVER_DIRECTORY/backup/${2}"
     fi
 
-    backup_directory_to_friend_duplicity ${1} ${2}
+    backup_directory_to_friend_duplicity "${1}" "${2}"
 
-    if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
-        shred -zu /root/temp${2}/*
-        rm -rf /root/temp${2}
+    if [[ "${1}" == "/root/temp"* || ${1} == *"tempbackup" ]]; then
+        shred -zu "/root/temp${2}/*"
+        rm -rf "/root/temp${2}"
     fi
 }
 
@@ -468,15 +471,15 @@ function backup_database_remote {
         restart_site
         exit 5783
     fi
-    if [ ! -d $SERVER_DIRECTORY/backup/${1} ]; then
-        mkdir -p $SERVER_DIRECTORY/backup/${1}
+    if [ ! -d "$SERVER_DIRECTORY/backup/${1}" ]; then
+        mkdir -p "$SERVER_DIRECTORY/backup/${1}"
     fi
-    if [ ! -d $SERVER_DIRECTORY/backup/${1}data ]; then
-        mkdir -p $SERVER_DIRECTORY/backup/${1}data
+    if [ ! -d "$SERVER_DIRECTORY/backup/${1}data" ]; then
+        mkdir -p "$SERVER_DIRECTORY/backup/${1}data"
     fi
     local_database_dir=/root/temp${1}data
-    if [ ! -d ${local_database_dir} ]; then
-        mkdir -p ${local_database_dir}
+    if [ ! -d "${local_database_dir}" ]; then
+        mkdir -p "${local_database_dir}"
     fi
 
     echo "Obtaining ${1} database backup"
@@ -490,35 +493,36 @@ function backup_database_remote {
             USE_MONGODB=
             USE_POSTGRESQL=
             keep_database_running
-            mysqldump --lock-tables --password="$DATABASE_PASSWORD" ${1} > ${local_database_dir}/${1}.${database_file_extension}
+            mysqldump --lock-tables --password="$DATABASE_PASSWORD" "${1}" > "${local_database_dir}/${1}.${database_file_extension}"
         else
             USE_MONGODB=
             USE_POSTGRESQL=
-            mongodump --db ${1} --archive=${local_database_dir}/${1}.${database_file_extension} --gzip
+            mongodump --db "${1}" --archive="${local_database_dir}/${1}.${database_file_extension}" --gzip
         fi
     else
         USE_MONGODB=
         USE_POSTGRESQL=
-        cd /etc/postgresql
-        sudo -u postgres pg_dump ${1} > ${local_database_dir}/${1}.${database_file_extension}
+        cd /etc/postgresql || exit 782563472
+        # shellcheck disable=SC2024
+        sudo -u postgres pg_dump "${1}" > "${local_database_dir}/${1}.${database_file_extension}"
     fi
 
-    if [ -f ${local_database_dir}/${1}.${database_file_extension} ]; then
-        if [ ! -s ${local_database_dir}/${1}.${database_file_extension} ]; then
+    if [ -f "${local_database_dir}/${1}.${database_file_extension}" ]; then
+        if [ ! -s "${local_database_dir}/${1}.${database_file_extension}" ]; then
             echo $"${1} database could not be saved"
-            shred -zu ${local_database_dir}/*
-            rm -rf ${local_database_dir}
+            shred -zu "${local_database_dir}/*"
+            rm -rf "${local_database_dir}"
             # Send a warning email
-            echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+            echo $"Unable to export ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
             function_check restart_site
             restart_site
             exit 57386728
         fi
     else
         echo $"${1} database could not be dumped"
-        rm -rf ${local_database_dir}
+        rm -rf "${local_database_dir}"
         # Send a warning email
-        echo $"Unable to dump ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+        echo $"Unable to dump ${1} database" | mail -s $"${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
         function_check restart_site
         restart_site
         exit 36874289
@@ -527,8 +531,8 @@ function backup_database_remote {
 
 function backup_database_to_friend {
     database_name=$1
-    backup_database_remote $database_name
-    backup_directory_to_friend /root/temp${database_name}data ${database_name}data
+    backup_database_remote "$database_name"
+    backup_directory_to_friend "/root/temp${database_name}data" "${database_name}data"
 }
 
 function backup_apps {
@@ -542,9 +546,9 @@ function backup_apps {
     for app_name in "${APPS_INSTALLED_NAMES[@]}"
     do
         echo $"Backup ${app_name}"
-        app_load_variables ${app_name}
-        function_check backup_${localremote}_${app_name}
-        backup_${localremote}_${app_name}
+        app_load_variables "${app_name}"
+        function_check "backup_${localremote}_${app_name}"
+        "backup_${localremote}_${app_name}"
         BACKUP_APPS_COMPLETED+=("${app_name}")
         echo $"Backup ${app_name} completed"
     done
@@ -562,7 +566,7 @@ function restore_apps {
     for app_name in "${APPS_INSTALLED_NAMES[@]}"
     do
         confirm_restore=
-        if [ ! $2 ]; then
+        if [ ! "$2" ]; then
             confirm_restore=1
         else
             if [[ "$RESTORE_APP" == "$app_name" || "$RESTORE_APP" == "all" ]]; then
@@ -571,9 +575,9 @@ function restore_apps {
         fi
         if [ $confirm_restore ]; then
             echo $"Restoring ${app_name}"
-            app_load_variables ${app_name}
-            function_check restore_${localremote}_${app_name}
-            restore_${localremote}_${app_name}
+            app_load_variables "${app_name}"
+            function_check "restore_${localremote}_${app_name}"
+            "restore_${localremote}_${app_name}"
             RESTORE_APPS_COMPLETED+=("${app_name}")
             echo $"Restored ${app_name}"
         fi
@@ -584,7 +588,7 @@ function restore_database_from_friend {
     DATABASE_PASSWORD=
     RESTORE_SUBDIR="root"
 
-    if [ -d $SERVER_DIRECTORY/backup/${1}data ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/${1}data" ]; then
         database_file_extension='sql'
         if [ $USE_MONGODB ]; then
             database_file_extension='mdb'
@@ -592,14 +596,14 @@ function restore_database_from_friend {
         fi
         echo $"Restoring ${1} database"
         local_database_dir=/root/temp${1}data
-        restore_directory_from_friend ${local_database_dir} ${1}data
-        database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}
-        if [ ! -f $database_file ]; then
-            database_file=${local_database_dir}/${restore_app_name}.${database_file_extension}
+        restore_directory_from_friend "${local_database_dir}" "${1}data"
+        database_file="${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}"
+        if [ ! -f "$database_file" ]; then
+            database_file="${local_database_dir}/${restore_app_name}.${database_file_extension}"
         fi
-        if [ ! -f $database_file ]; then
+        if [ ! -f "$database_file" ]; then
             echo $"Unable to restore ${1} database"
-            rm -rf ${local_database_dir}
+            rm -rf "${local_database_dir}"
             exit 5289252
         fi
         if [ ! $USE_POSTGRESQL ]; then
@@ -607,61 +611,63 @@ function restore_database_from_friend {
                 USE_MONGODB=
                 USE_POSTGRESQL=
                 keep_database_running
-                mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < ${database_file})
+                mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" "${restore_app_name}" -o < "${database_file}")
             else
                 USE_MONGODB=
                 USE_POSTGRESQL=
-                mongorestore --gzip --archive=${database_file} --db ${restore_app_name}
+                mongorestore --gzip --archive="${database_file}" --db "${restore_app_name}"
             fi
         else
             USE_MONGODB=
             USE_POSTGRESQL=
-            cd /etc/postgresql
-            mysqlsuccess=$(sudo -u postgres pg_restore ${database_file})
+            cd /etc/postgresql || exit 23784634
+            mysqlsuccess=$(sudo -u postgres pg_restore "${database_file}")
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             echo "$mysqlsuccess"
             exit 8735271
         fi
-        if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data ]; then
-            shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/*
+        if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data" ]; then
+            shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${1}data/*"
         else
-            shred -zu ${local_database_dir}/*.${database_file_extension}
+            shred -zu "${local_database_dir}/*.${database_file_extension}"
         fi
-        rm -rf ${local_database_dir}
+        rm -rf "${local_database_dir}"
         echo $"Restoring ${1} installation"
-        restore_directory_from_friend /root/temp${1} ${1}
+        restore_directory_from_friend "/root/temp${1}" "${1}"
         RESTORE_SUBDIR="var"
-        if [ ${1} ]; then
+        if [ "${1}" ]; then
             # create directory to restore to
-            if [ ! -d /var/www/${2}/htdocs ]; then
-                mkdir -p /var/www/${2}/htdocs
-                chown www-data:www-data /var/www/${2}/htdocs
+            if [ ! -d "/var/www/${2}/htdocs" ]; then
+                mkdir -p "/var/www/${2}/htdocs"
+                chown www-data:www-data "/var/www/${2}/htdocs"
             fi
 
-            if [ -d /var/www/${2}/htdocs ]; then
-                restore_from_dir=/root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs
-                if [ ! -d /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs ]; then
-                    restore_from_dir=/root/temp${1}
+            if [ -d "/var/www/${2}/htdocs" ]; then
+                restore_from_dir="/root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs"
+                if [ ! -d "/root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs" ]; then
+                    restore_from_dir="/root/temp${1}"
                 fi
 
-                if [ -d $restore_from_dir ]; then
-                    if [ -d /root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs ]; then
-                        rm -rf /var/www/${2}/htdocs
-                        mv $restore_from_dir /var/www/${2}/
+                if [ -d "$restore_from_dir" ]; then
+                    if [ -d "/root/temp${1}/${RESTORE_SUBDIR}/www/${2}/htdocs" ]; then
+                        rm -rf "/var/www/${2}/htdocs"
+                        mv "$restore_from_dir" "/var/www/${2}/"
                     else
-                        cp -r $restore_from_dir/* /var/www/${2}/htdocs/
+                        cp -r "$restore_from_dir/*" "/var/www/${2}/htdocs/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         exit 78352682
                     fi
-                    if [ -d /etc/letsencrypt/live/${2} ]; then
-                        ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key
-                        ln -s /etc/letsencrypt/live/${2}/fullchain.pem /etc/ssl/certs/${2}.pem
+                    if [ -d "/etc/letsencrypt/live/${2}" ]; then
+                        ln -s "/etc/letsencrypt/live/${2}/privkey.pem" "/etc/ssl/private/${2}.key"
+                        ln -s "/etc/letsencrypt/live/${2}/fullchain.pem" "/etc/ssl/certs/${2}.pem"
                     else
                         # Ensure that the bundled SSL cert is being used
-                        if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then
-                            sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}
+                        if [ -f "/etc/ssl/certs/${2}.bundle.crt" ]; then
+                            sed -i "s|${2}.crt|${2}.bundle.crt|g" "/etc/nginx/sites-available/${2}"
                         fi
                     fi
                 fi
@@ -678,11 +684,11 @@ function restore_database {
     restore_app_name=$1
     restore_app_domain=$2
 
-    if [ -d $USB_MOUNT/backup/${restore_app_name}data ]; then
+    if [ -d "$USB_MOUNT/backup/${restore_app_name}data" ]; then
         echo $"Restoring ${restore_app_name} database"
         local_database_dir=/root/temp${restore_app_name}data
-        if [ -d ${local_database_dir} ]; then
-            rm -rf ${local_database_dir}
+        if [ -d "${local_database_dir}" ]; then
+            rm -rf "${local_database_dir}"
         fi
         function_check restore_directory_from_usb
         restore_directory_from_usb "${local_database_dir}" "${restore_app_name}data"
@@ -691,13 +697,13 @@ function restore_database {
             database_file_extension='mdb'
             USE_POSTGRESQL=
         fi
-        database_file=${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}
-        if [ ! -f $database_file ]; then
-            database_file=${local_database_dir}/${restore_app_name}.${database_file_extension}
+        database_file="${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/${restore_app_name}.${database_file_extension}"
+        if [ ! -f "$database_file" ]; then
+            database_file="${local_database_dir}/${restore_app_name}.${database_file_extension}"
         fi
-        if [ ! -f $database_file ]; then
+        if [ ! -f "$database_file" ]; then
             echo $"Unable to restore ${restore_app_name} database"
-            rm -rf ${local_database_dir}
+            rm -rf "${local_database_dir}"
             function_check set_user_permissions
             set_user_permissions
             function_check backup_unmount_drive
@@ -709,19 +715,20 @@ function restore_database {
                 USE_MONGODB=
                 USE_POSTGRESQL=
                 keep_database_running
-                cp $database_file ~/test.sql
-                mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" ${restore_app_name} -o < $database_file)
+                cp "$database_file" ~/test.sql
+                mysqlsuccess=$(mysql -u root --password="$DATABASE_PASSWORD" "${restore_app_name}" -o < "$database_file")
             else
                 USE_MONGODB=
                 USE_POSTGRESQL=
-                mongorestore --gzip --archive=$database_file --db ${restore_app_name}
+                mongorestore --gzip --archive="$database_file" --db "${restore_app_name}"
             fi
         else
             USE_MONGODB=
             USE_POSTGRESQL=
-            cd /etc/postgresql
-            mysqlsuccess=$(sudo -u postgres pg_restore $database_file)
+            cd /etc/postgresql || exit 638463
+            mysqlsuccess=$(sudo -u postgres pg_restore "$database_file")
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             echo "$mysqlsuccess"
             function_check set_user_permissions
@@ -730,51 +737,52 @@ function restore_database {
             backup_unmount_drive
             exit 482638995
         fi
-        if [ -d ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data ]; then
-            shred -zu ${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/*
+        if [ -d "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data" ]; then
+            shred -zu "${local_database_dir}/${RESTORE_SUBDIR}/temp${restore_app_name}data/*"
         else
-            shred -zu ${local_database_dir}/*.${database_file_extension}
+            shred -zu "${local_database_dir}/*.${database_file_extension}"
         fi
 
-        rm -rf ${local_database_dir}
+        rm -rf "${local_database_dir}"
         echo $"Restoring ${restore_app_name} installation"
-        if [ ! -d /root/temp${restore_app_name} ]; then
-            mkdir /root/temp${restore_app_name}
+        if [ ! -d "/root/temp${restore_app_name}" ]; then
+            mkdir "/root/temp${restore_app_name}"
         fi
         function_check restore_directory_from_usb
         restore_directory_from_usb "/root/temp${restore_app_name}" "${restore_app_name}"
         RESTORE_SUBDIR="var"
-        if [ ${restore_app_domain} ]; then
+        if [ "${restore_app_domain}" ]; then
             # create directory to restore to
-            if [ ! -d /var/www/${restore_app_domain}/htdocs ]; then
-                mkdir -p /var/www/${restore_app_domain}/htdocs
-                chown www-data:www-data /var/www/${restore_app_domain}/htdocs
+            if [ ! -d "/var/www/${restore_app_domain}/htdocs" ]; then
+                mkdir -p "/var/www/${restore_app_domain}/htdocs"
+                chown www-data:www-data "/var/www/${restore_app_domain}/htdocs"
             fi
 
-            if [ -d /var/www/${restore_app_domain}/htdocs ]; then
-                restore_from_dir=/root/temp${restore_app_name}/${RESTORE_SUBDIR}/www/${restore_app_domain}/htdocs
-                if [ ! -d $restore_from_dir ]; then
+            if [ -d "/var/www/${restore_app_domain}/htdocs" ]; then
+                restore_from_dir="/root/temp${restore_app_name}/${RESTORE_SUBDIR}/www/${restore_app_domain}/htdocs"
+                if [ ! -d "$restore_from_dir" ]; then
                     restore_from_dir=/root/temp${restore_app_name}
                 fi
-                if [ -d $restore_from_dir ]; then
-                    if [ -d /root/temp${restore_app_name}/${RESTORE_SUBDIR}/www/${restore_app_domain}/htdocs ]; then
-                        rm -rf /var/www/${restore_app_domain}/htdocs
-                        mv $restore_from_dir /var/www/${restore_app_domain}/
+                if [ -d "$restore_from_dir" ]; then
+                    if [ -d "/root/temp${restore_app_name}/${RESTORE_SUBDIR}/www/${restore_app_domain}/htdocs" ]; then
+                        rm -rf "/var/www/${restore_app_domain}/htdocs"
+                        mv "$restore_from_dir" "/var/www/${restore_app_domain}/"
                     else
-                        cp -r $restore_from_dir/* /var/www/${restore_app_domain}/htdocs/
+                        cp -r "$restore_from_dir/*" "/var/www/${restore_app_domain}/htdocs/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         set_user_permissions
                         backup_unmount_drive
                         exit 78252429
                     fi
-                    if [ -d /etc/letsencrypt/live/${restore_app_domain} ]; then
-                        ln -s /etc/letsencrypt/live/${restore_app_domain}/privkey.pem /etc/ssl/private/${restore_app_domain}.key
-                        ln -s /etc/letsencrypt/live/${restore_app_domain}/fullchain.pem /etc/ssl/certs/${restore_app_domain}.pem
+                    if [ -d "/etc/letsencrypt/live/${restore_app_domain}" ]; then
+                        ln -s "/etc/letsencrypt/live/${restore_app_domain}/privkey.pem" "/etc/ssl/private/${restore_app_domain}.key"
+                        ln -s "/etc/letsencrypt/live/${restore_app_domain}/fullchain.pem" "/etc/ssl/certs/${restore_app_domain}.pem"
                     else
                         # Ensure that the bundled SSL cert is being used
-                        if [ -f /etc/ssl/certs/${restore_app_domain}.bundle.crt ]; then
-                            sed -i "s|${restore_app_domain}.crt|${restore_app_domain}.bundle.crt|g" /etc/nginx/sites-available/${restore_app_domain}
+                        if [ -f "/etc/ssl/certs/${restore_app_domain}.bundle.crt" ]; then
+                            sed -i "s|${restore_app_domain}.crt|${restore_app_domain}.bundle.crt|g" "/etc/nginx/sites-available/${restore_app_domain}"
                         fi
                     fi
                 fi
@@ -797,8 +805,7 @@ function valid_backup_destination {
     available_variants_list=()
     available_system_variants
 
-    item_in_array "${destination_dir}" "${available_variants_list[@]}"
-    if [[ $? != 0 ]]; then
+    if ! item_in_array "${destination_dir}" "${available_variants_list[@]}"; then
         is_valid="no"
     fi
 
@@ -806,14 +813,14 @@ function valid_backup_destination {
 }
 
 function backup_extra_directories {
-    if [ ! -f $BACKUP_EXTRA_DIRECTORIES ]; then
+    if [ ! -f "$BACKUP_EXTRA_DIRECTORIES" ]; then
         return
     fi
 
     backup_type="$1"
 
     echo $"Backing up some additional directories"
-    while read backup_line
+    while read -r backup_line
     do
         backup_dir=$(echo "$backup_line" | awk -F ',' '{print $1}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
         if [ -d "$backup_dir" ]; then
@@ -831,7 +838,7 @@ function backup_extra_directories {
         else
             echo $"WARNING: Directory $backup_dir does not exist"
         fi
-    done <$BACKUP_EXTRA_DIRECTORIES
+    done <"$BACKUP_EXTRA_DIRECTORIES"
 }
 
 # NOTE: deliberately no exit 0

From 229a9c30915c5d4c66f151f321d8b2f0f3e83512 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 14:41:52 +0000
Subject: [PATCH 09/67] Tidying cmake utils

---
 src/freedombone-utils-cmake | 49 ++++++++++++++++++-------------------
 1 file changed, 24 insertions(+), 25 deletions(-)

diff --git a/src/freedombone-utils-cmake b/src/freedombone-utils-cmake
index 46ef7137..28231d80 100755
--- a/src/freedombone-utils-cmake
+++ b/src/freedombone-utils-cmake
@@ -32,25 +32,26 @@ CMAKE_REPO="https://github.com/Kitware/CMake"
 CMAKE_COMMIT='d6734eeb875ceca5d810e829ca90541918dca2b4'
 
 function mesh_install_cmake {
-    if [ ! -d $rootdir$INSTALL_DIR ]; then
-        chroot "$rootdir" mkdir -p $INSTALL_DIR
+    # shellcheck disable=SC2154
+    if [ ! -d "$rootdir$INSTALL_DIR" ]; then
+        chroot "$rootdir" mkdir -p "$INSTALL_DIR"
     fi
 
     chroot "$rootdir" apt-get -yq install build-essential
 
     if [ -d /repos/cmake ]; then
-        mkdir $rootdir$INSTALL_DIR/cmake
-        cp -r -p /repos/cmake/. $rootdir$INSTALL_DIR/cmake
-        cd $rootdir$INSTALL_DIR/cmake
+        mkdir "$rootdir$INSTALL_DIR/cmake"
+        cp -r -p /repos/cmake/. "$rootdir$INSTALL_DIR/cmake"
+        cd "$rootdir$INSTALL_DIR/cmake" || exit 678346836
         git pull
     else
-        git clone $CMAKE_REPO $rootdir$INSTALL_DIR/cmake
+        git clone "$CMAKE_REPO" "$rootdir$INSTALL_DIR/cmake"
     fi
 
-    cd $rootdir$INSTALL_DIR/cmake
+    cd "$rootdir$INSTALL_DIR/cmake" || exit 734634684
     git checkout $CMAKE_COMMIT -b $CMAKE_COMMIT
 
-    cat <<EOF > $rootdir/root/install_cmake
+    cat <<EOF > "$rootdir/root/install_cmake"
 cd $INSTALL_DIR/cmake
 ./bootstrap
 make
@@ -65,18 +66,17 @@ EOF
 }
 
 function install_cmake {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_cmake
         return
     fi
 
-    if [ -d $INSTALL_DIR/cmake ]; then
-        if ! grep -q "CMake commit:$CMAKE_COMMIT" $COMPLETION_FILE; then
-            set_repo_commit $INSTALL_DIR/cmake "CMake commit" "$CMAKE_COMMIT" $CMAKE_REPO
-            cd $INSTALL_DIR/cmake
+    if [ -d "$INSTALL_DIR/cmake" ]; then
+        if ! grep -q "CMake commit:$CMAKE_COMMIT" "$COMPLETION_FILE"; then
+            set_repo_commit "$INSTALL_DIR/cmake" "CMake commit" "$CMAKE_COMMIT" "$CMAKE_REPO"
+            cd "$INSTALL_DIR/cmake" || exit 36873638
             ./bootstrap
-            make
-            if [ ! "$?" = "0" ]; then
+            if ! make; then
                 exit 72581
             fi
             make install
@@ -87,26 +87,25 @@ function install_cmake {
         return
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     apt-get -yq install build-essential
 
     if [ -d /repos/cmake ]; then
-        mkdir $INSTALL_DIR/cmake
-        cp -r -p /repos/cmake/. $INSTALL_DIR/cmake
-        cd $INSTALL_DIR/cmake
+        mkdir "$INSTALL_DIR/cmake"
+        cp -r -p /repos/cmake/. "$INSTALL_DIR/cmake"
+        cd "$INSTALL_DIR/cmake" || exit 374893758
         git pull
     else
-        git_clone $CMAKE_REPO $INSTALL_DIR/cmake
+        git_clone "$CMAKE_REPO" "$INSTALL_DIR/cmake"
     fi
 
-    cd $INSTALL_DIR/cmake
-    git checkout $CMAKE_COMMIT -b $CMAKE_COMMIT
+    cd "$INSTALL_DIR/cmake" || exit 3467384
+    git checkout "$CMAKE_COMMIT" -b "$CMAKE_COMMIT"
     ./bootstrap
-    make
-    if [ ! "$?" = "0" ]; then
+    if ! make; then
         exit 72581
     fi
     make install

From 34e59ae03075e267e8e9090dde039aefc5a0916b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 14:51:29 +0000
Subject: [PATCH 10/67] Tidying config utils

---
 src/freedombone-utils-config | 112 +++++++++++++++++------------------
 1 file changed, 54 insertions(+), 58 deletions(-)

diff --git a/src/freedombone-utils-config b/src/freedombone-utils-config
index 6851216a..00191c46 100755
--- a/src/freedombone-utils-config
+++ b/src/freedombone-utils-config
@@ -106,10 +106,10 @@ function get_completion_param {
     param_name="$1"
 
     if [ ${#param_name} -gt 0 ]; then
-        if [ $COMPLETION_FILE ]; then
-            if [ -f $COMPLETION_FILE ]; then
-                if grep -q "${param_name}:" $COMPLETION_FILE; then
-                    param_value=$(cat $COMPLETION_FILE | grep "${param_name}:" | head -n 1 | awk -F ':' '{print $2}')
+        if [ "$COMPLETION_FILE" ]; then
+            if [ -f "$COMPLETION_FILE" ]; then
+                if grep -q "${param_name}:" "$COMPLETION_FILE"; then
+                    param_value=$(grep "${param_name}:" "$COMPLETION_FILE" | head -n 1 | awk -F ':' '{print $2}')
                     echo "$param_value"
                     return
                 fi
@@ -123,7 +123,7 @@ function set_completion_param {
     param_name="$1"
     param_value="$2"
 
-    if [ ! $COMPLETION_FILE ]; then
+    if [ ! "$COMPLETION_FILE" ]; then
         COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
     fi
     if [ ${#COMPLETION_FILE} -eq 0 ]; then
@@ -132,14 +132,14 @@ function set_completion_param {
 
     if [ ${#param_name} -gt 0 ]; then
         if [ ${#param_value} -gt 0 ]; then
-            if [ -f $COMPLETION_FILE ]; then
-                if grep -q "${param_name}:" $COMPLETION_FILE; then
-                    sed -i "s|${param_name}:.*|${param_name}:${param_value}|g" $COMPLETION_FILE
+            if [ -f "$COMPLETION_FILE" ]; then
+                if grep -q "${param_name}:" "$COMPLETION_FILE"; then
+                    sed -i "s|${param_name}:.*|${param_name}:${param_value}|g" "$COMPLETION_FILE"
                 else
-                    echo "${param_name}:${param_value}" >> $COMPLETION_FILE
+                    echo "${param_name}:${param_value}" >> "$COMPLETION_FILE"
                 fi
             else
-                echo "${param_name}:${param_value}" > $COMPLETION_FILE
+                echo "${param_name}:${param_value}" > "$COMPLETION_FILE"
             fi
         fi
     fi
@@ -148,7 +148,7 @@ function set_completion_param {
 function mark_completed {
     param_name="$1"
 
-    if [ ! $COMPLETION_FILE ]; then
+    if [ ! "$COMPLETION_FILE" ]; then
         COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
     fi
     if [ ${#COMPLETION_FILE} -eq 0 ]; then
@@ -156,12 +156,12 @@ function mark_completed {
     fi
 
     if [ ${#param_name} -gt 0 ]; then
-        if [ -f $COMPLETION_FILE ]; then
-            if ! grep -Fxq "${param_name}" $COMPLETION_FILE; then
-                echo "${param_name}" >> $COMPLETION_FILE
+        if [ -f "$COMPLETION_FILE" ]; then
+            if ! grep -Fxq "${param_name}" "$COMPLETION_FILE"; then
+                echo "${param_name}" >> "$COMPLETION_FILE"
             fi
         else
-            echo "${param_name}" > $COMPLETION_FILE
+            echo "${param_name}" > "$COMPLETION_FILE"
         fi
     fi
 }
@@ -169,16 +169,16 @@ function mark_completed {
 function is_completed {
     param_name="$1"
 
-    if [ ! $COMPLETION_FILE ]; then
-        COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+    if [ ! "$COMPLETION_FILE" ]; then
+        COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
     fi
     if [ ${#COMPLETION_FILE} -eq 0 ]; then
-        COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+        COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
     fi
 
     if [ ${#param_name} -gt 0 ]; then
-        if [ -f $COMPLETION_FILE ]; then
-            if grep -Fxq "${param_name}" $COMPLETION_FILE; then
+        if [ -f "$COMPLETION_FILE" ]; then
+            if grep -Fxq "${param_name}" "$COMPLETION_FILE"; then
                 echo "1"
                 return
             fi
@@ -191,15 +191,11 @@ function read_config_param {
     param_name="$1"
 
     if [ ${#param_name} -gt 0 ]; then
-        if [ $CONFIGURATION_FILE ]; then
-            if [ -f $CONFIGURATION_FILE ]; then
-                if grep -q "${param_name}=" $CONFIGURATION_FILE; then
-                    param_value=$(cat $CONFIGURATION_FILE | grep "${param_name}=" | head -n 1 | awk -F '=' '{print $2}')
-                    if [[ "${param_value}" != *" "* ]]; then
-                        export ${param_name}=${param_value}
-                    else
-                        export ${param_name}="${param_value}"
-                    fi
+        if [ "$CONFIGURATION_FILE" ]; then
+            if [ -f "$CONFIGURATION_FILE" ]; then
+                if grep -q "${param_name}=" "$CONFIGURATION_FILE"; then
+                    param_value=$(grep "${param_name}=" "$CONFIGURATION_FILE" | head -n 1 | awk -F '=' '{print $2}')
+                    export "${param_name}"="${param_value}"
                 fi
             fi
         fi
@@ -210,10 +206,10 @@ function config_param_exists {
     param_name="$1"
 
     if [ ${#param_name} -gt 0 ]; then
-        if [ $CONFIGURATION_FILE ]; then
-            if [ -f $CONFIGURATION_FILE ]; then
-                if grep -q "${param_name}=" $CONFIGURATION_FILE; then
-                    param_value=$(cat $CONFIGURATION_FILE | grep "${param_name}=" | head -n 1 | awk -F '=' '{print $2}')
+        if [ "$CONFIGURATION_FILE" ]; then
+            if [ -f "$CONFIGURATION_FILE" ]; then
+                if grep -q "${param_name}=" "$CONFIGURATION_FILE"; then
+                    param_value=$(grep "${param_name}=" "$CONFIGURATION_FILE" | head -n 1 | awk -F '=' '{print $2}')
                     if [ ${#param_value} -gt 0 ]; then
                         echo "1"
                         return
@@ -229,7 +225,7 @@ function write_config_param {
     param_name="$1"
     param_value="$2"
 
-    if [ ! $CONFIGURATION_FILE ]; then
+    if [ ! "$CONFIGURATION_FILE" ]; then
         CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
     fi
     if [ ${#CONFIGURATION_FILE} -eq 0 ]; then
@@ -238,14 +234,14 @@ function write_config_param {
 
     if [ ${#param_name} -gt 0 ]; then
         if [ ${#param_value} -gt 0 ]; then
-            if [ -f $CONFIGURATION_FILE ]; then
-                if grep -q "${param_name}=" $CONFIGURATION_FILE; then
-                    sed -i "s|${param_name}=.*|${param_name}=${param_value}|g" $CONFIGURATION_FILE
+            if [ -f "$CONFIGURATION_FILE" ]; then
+                if grep -q "${param_name}=" "$CONFIGURATION_FILE"; then
+                    sed -i "s|${param_name}=.*|${param_name}=${param_value}|g" "$CONFIGURATION_FILE"
                 else
-                    echo "${param_name}=${param_value}" >> $CONFIGURATION_FILE
+                    echo "${param_name}=${param_value}" >> "$CONFIGURATION_FILE"
                 fi
             else
-                echo "${param_name}=${param_value}" > $CONFIGURATION_FILE
+                echo "${param_name}=${param_value}" > "$CONFIGURATION_FILE"
             fi
         fi
     fi
@@ -255,10 +251,10 @@ function remove_config_param {
     param_name="$1"
 
     if [ ${#param_name} -gt 0 ]; then
-        if [ $CONFIGURATION_FILE ]; then
-            if [ -f $CONFIGURATION_FILE ]; then
-                if grep -q "${param_name}=" $CONFIGURATION_FILE; then
-                    sed -i "/${param_name}=/d" $CONFIGURATION_FILE
+        if [ "$CONFIGURATION_FILE" ]; then
+            if [ -f "$CONFIGURATION_FILE" ]; then
+                if grep -q "${param_name}=" "$CONFIGURATION_FILE"; then
+                    sed -i "/${param_name}=/d" "$CONFIGURATION_FILE"
                 fi
             fi
         fi
@@ -269,13 +265,13 @@ function remove_completion_param {
     param_name="$1"
 
     if [ ${#param_name} -gt 0 ]; then
-        if [ $COMPLETION_FILE ]; then
-            if [ -f $COMPLETION_FILE ]; then
-                if grep -Fxq "${param_name}" $COMPLETION_FILE; then
-                    sed -i "/${param_name}/d" $COMPLETION_FILE
+        if [ "$COMPLETION_FILE" ]; then
+            if [ -f "$COMPLETION_FILE" ]; then
+                if grep -Fxq "${param_name}" "$COMPLETION_FILE"; then
+                    sed -i "/${param_name}/d" "$COMPLETION_FILE"
                 fi
-                if grep -q "${param_name}:" $COMPLETION_FILE; then
-                    sed -i "/${param_name}:/d" $COMPLETION_FILE
+                if grep -q "${param_name}:" "$COMPLETION_FILE"; then
+                    sed -i "/${param_name}:/d" "$COMPLETION_FILE"
                 fi
             fi
         fi
@@ -291,16 +287,16 @@ function save_configuration_values {
 
 function read_configuration_values {
     # if not installing on a Beaglebone then use sdb as the USB drive by default
-    if [ ! $INSTALLING_ON_BBB ]; then
+    if [ ! "$INSTALLING_ON_BBB" ]; then
         if [[ $USB_DRIVE == /dev/sda1 ]]; then
             USB_DRIVE=/dev/sdb1
         fi
     fi
 
-    if [ -f $CONFIGURATION_FILE ]; then
+    if [ -f "$CONFIGURATION_FILE" ]; then
         # Ensure that a copy of the config exists for upgrade purposes
         if [[ $CONFIGURATION_FILE != "/root/${PROJECT_NAME}.cfg" ]]; then
-            cp $CONFIGURATION_FILE /root/${PROJECT_NAME}.cfg
+            cp "$CONFIGURATION_FILE" "/root/${PROJECT_NAME}.cfg"
         fi
 
         for v in "${configuration_variables[@]}"
@@ -308,8 +304,9 @@ function read_configuration_values {
             read_config_param "$v"
         done
 
-        if grep -q "DEBIAN_REPO" $CONFIGURATION_FILE; then
+        if grep -q "DEBIAN_REPO" "$CONFIGURATION_FILE"; then
             read_config_param "DEBIAN_REPO"
+            # shellcheck disable=SC2034
             CHECK_MESSAGE=$"Check your internet connection, /etc/network/interfaces and /etc/resolvconf/resolv.conf.d/head, then delete $COMPLETION_FILE, run 'rm -fR /var/lib/apt/lists/* && apt-get update --fix-missing' and run this script again. If hash sum mismatches persist then try setting $DEBIAN_REPO to a different mirror and also change /etc/apt/sources.list."
         fi
     fi
@@ -317,7 +314,7 @@ function read_configuration_values {
 
 function read_configuration {
     if [[ $INSTALLING_FROM_CONFIGURATION_FILE == "yes"  ]]; then
-        if [ ! -f $CONFIGURATION_FILE ]; then
+        if [ ! -f "$CONFIGURATION_FILE" ]; then
             echo $"The configuration file $CONFIGURATION_FILE was not found"
             exit 8935
         fi
@@ -336,8 +333,8 @@ function check_system_type {
 
 # check that domain names are valid and that they are unique for each app
 function check_domains {
-    specified_domains=$(cat $CONFIGURATION_FILE | grep "_DOMAIN_NAME" | uniq)
-    domains_array=($specified_domains)
+    specified_domains=$(grep "_DOMAIN_NAME" "$CONFIGURATION_FILE" | uniq)
+    domains_array=("$specified_domains")
     checked_domains=()
 
     for d in "${domains_array[@]}"
@@ -346,8 +343,7 @@ function check_domains {
         if [[ "$domain_param" != "DEFAULT_DOMAIN_NAME" ]]; then
             domain_value=$(echo "$d" | awk -F '=' '{print $2}')
             if [[ "$domain_value" != "${LOCAL_NAME}.local" ]]; then
-                item_in_array "${domain_value}" "${checked_domains[@]}"
-                if [[ $? != 0 ]]; then
+                if ! item_in_array "${domain_value}" "${checked_domains[@]}"; then
                     # test that this is a valid domain name
                     function_check test_domain_name
                     test_domain_name "$domain_value"

From 4e655ae8daddca0282e57cb6499c94af2e4fc7bb Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 15:16:23 +0000
Subject: [PATCH 11/67] Tidying cron utils

---
 src/freedombone-utils-cron | 52 +++++++++++++++++++-------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/freedombone-utils-cron b/src/freedombone-utils-cron
index 09b8237d..a041acac 100755
--- a/src/freedombone-utils-cron
+++ b/src/freedombone-utils-cron
@@ -31,7 +31,7 @@
 function cron_add_mins {
     if ! grep -q "${2}" /etc/crontab; then
         job_user='root'
-        if [ $3 ]; then
+        if [ "$3" ]; then
             job_user=$3
         fi
         echo "*/${1}            * *   *   *   ${job_user} ${2}" >> /etc/crontab
@@ -48,29 +48,29 @@ function randomize_cron {
     fi
 
     # randomize the day on which the weekly cron job runs
-    randdow=$(($RANDOM%6+1))
-    sed -i "s|\* \* 7|* * $randdow|g" /etc/crontab
+    randdow=$((RANDOM%6+1))
+    sed -i "s|\\* \\* 7|* * $randdow|g" /etc/crontab
 
     # randomize the time when the weekly cron job runs
-    randmin=$(($RANDOM%60))
-    randhr=$(($RANDOM%3+1))
+    randmin=$((RANDOM%60))
+    randhr=$((RANDOM%3+1))
     sed -i "s|47 6|$randmin $randhr|g" /etc/crontab
 
     # randomize the time when the daily cron job runs
-    randmin=$(($RANDOM%60))
-    randhr=$(($RANDOM%3+4))
-    sed -i "s|25 6\t\* \* \*|$randmin $randhr\t* * *|g" /etc/crontab
+    randmin=$((RANDOM%60))
+    randhr=$((RANDOM%3+4))
+    sed -i "s|25 6\\t\\* \\* \\*|$randmin $randhr\\t* * *|g" /etc/crontab
 
     # randomize the time when the hourly cron job runs
-    randmin=$(($RANDOM%60))
-    sed -i "s|17 \*\t|$randmin *\t|g" /etc/crontab
+    randmin=$((RANDOM%60))
+    sed -i "s|17 \\*\\t|$randmin *\\t|g" /etc/crontab
 
     # randomize monthly cron job time and day
-    randmin=$(($RANDOM%60))
-    randhr=$(($RANDOM%22+1))
-    randdom=$(($RANDOM%27+1))
-    sed -i "s|52 6\t|$randmin $randhr\t|g" /etc/crontab
-    sed -i "s|\t1 \* \*|\t$randdom * *|g" /etc/crontab
+    randmin=$((RANDOM%60))
+    randhr=$((RANDOM%22+1))
+    randdom=$((RANDOM%27+1))
+    sed -i "s|52 6\\t|$randmin $randhr\\t|g" /etc/crontab
+    sed -i "s|\\t1 \\* \\*|\\t$randdom * *|g" /etc/crontab
 
     systemctl restart cron
 
@@ -79,17 +79,17 @@ function randomize_cron {
 
 function schedule_stig_tests {
     stig_tests_script=/tmp/stig_tests_script
-    echo '#!/bin/bash' > $stig_tests_script
-    echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}" >> $stig_tests_script
-    echo "pkill ${PROJECT_NAME}-tests" >> $stig_tests_script
-    echo 'rm -rf /tmp/*' >> $stig_tests_script
-    echo "${PROJECT_NAME}-tests --stig yes > /tmp/daily-stig-tests" >> $stig_tests_script
-    echo 'if [ ! "$?" = "0" ]; then' >> $stig_tests_script
-    echo "    echo \"\$(cat /tmp/daily-stig-tests)\" | mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS" >> $stig_tests_script
-    echo 'fi' >> $stig_tests_script
-    echo 'if [ -f /tmp/daily-stig-tests ]; then' >> $stig_tests_script
-    echo '  rm /tmp/daily-stig-tests' >> $stig_tests_script
-    echo 'fi' >> $stig_tests_script
+    { echo '#!/bin/bash';
+      echo "ADMIN_EMAIL_ADDRESS=${MY_USERNAME}@\${HOSTNAME}";
+      echo "pkill ${PROJECT_NAME}-tests";
+      echo 'rm -rf /tmp/*';
+      echo "${PROJECT_NAME}-tests --stig yes > /tmp/daily-stig-tests";
+      echo 'if [ ! "$?" = "0" ]; then';
+      echo "    echo \"\$(cat /tmp/daily-stig-tests)\" | mail -s \"${PROJECT_NAME} STIG test failures\" \$ADMIN_EMAIL_ADDRESS";
+      echo 'fi';
+      echo 'if [ -f /tmp/daily-stig-tests ]; then';
+      echo '  rm /tmp/daily-stig-tests';
+      echo 'fi'; } > $stig_tests_script
     chmod +x $stig_tests_script
 
     if [ ! -f /etc/cron.daily/stig_tests ]; then

From f2429555a812b61d41fbe5ad913e1d082f519b81 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 15:20:03 +0000
Subject: [PATCH 12/67] Tidying cryptopp utils

---
 src/freedombone-utils-cryptopp | 42 ++++++++++++++++------------------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/src/freedombone-utils-cryptopp b/src/freedombone-utils-cryptopp
index 59f1ac2b..4ead2b1c 100755
--- a/src/freedombone-utils-cryptopp
+++ b/src/freedombone-utils-cryptopp
@@ -32,22 +32,22 @@ CRYPTOPP_REPO="https://github.com/weidai11/cryptopp"
 CRYPTOPP_COMMIT='65e91a8caa8c1846cb311bc83d8507e12699d6d3'
 
 function mesh_install_cryptopp {
-    if [ ! -d $rootdir$INSTALL_DIR ]; then
-        chroot "$rootdir" mkdir -p $INSTALL_DIR
+    # shellcheck disable=SC2154
+    if [ ! -d "$rootdir$INSTALL_DIR" ]; then
+        chroot "$rootdir" mkdir -p "$INSTALL_DIR"
     fi
 
     chroot "$rootdir" apt-get -yq install build-essential
 
-    git clone $CRYPTOPP_REPO $rootdir$INSTALL_DIR/cryptopp
-    cd $rootdir$INSTALL_DIR/cryptopp
+    git clone "$CRYPTOPP_REPO" "$rootdir$INSTALL_DIR/cryptopp"
+    cd "$rootdir$INSTALL_DIR/cryptopp" || exit 346873625
     git checkout $CRYPTOPP_COMMIT -b $CRYPTOPP_COMMIT
-    mkdir $rootdir$INSTALL_DIR/cryptopp/build
+    mkdir "$rootdir$INSTALL_DIR/cryptopp/build"
 
-    cat <<EOF > $rootdir/root/install_cryptopp
+    cat <<EOF > "$rootdir/root/install_cryptopp"
 cd $INSTALL_DIR/cryptopp/build
 cmake ..
-make
-if [ ! "$?" = "0" ]; then
+if ! make; then
     exit 62825
 fi
 make install
@@ -58,18 +58,17 @@ EOF
 }
 
 function install_cryptopp {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_cryptopp
         return
     fi
 
-    if [ -d $INSTALL_DIR/cryptopp ]; then
-        if ! grep -q "Crypto++ commit:$CRYPTOPP_COMMIT" $COMPLETION_FILE; then
-            set_repo_commit $INSTALL_DIR/cryptopp "Crypto++ commit" "$CRYPTOPP_COMMIT" $CRYPTOPP_REPO
+    if [ -d "$INSTALL_DIR/cryptopp" ]; then
+        if ! grep -q "Crypto++ commit:$CRYPTOPP_COMMIT" "$COMPLETION_FILE"; then
+            set_repo_commit "$INSTALL_DIR/cryptopp" "Crypto++ commit" "$CRYPTOPP_COMMIT" "$CRYPTOPP_REPO"
             cd $INSTALL_DIR/cryptopp/build
             cmake ..
-            make
-            if [ ! "$?" = "0" ]; then
+            if ! make; then
                 exit 72581
             fi
             make install
@@ -80,20 +79,19 @@ function install_cryptopp {
         return
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     apt-get -yq install build-essential
 
-    git_clone $CRYPTOPP_REPO $INSTALL_DIR/cryptopp
-    cd $INSTALL_DIR/cryptopp
+    git_clone "$CRYPTOPP_REPO" "$INSTALL_DIR/cryptopp"
+    cd "$INSTALL_DIR/cryptopp" || exit 257478246
     git checkout $CRYPTOPP_COMMIT -b $CRYPTOPP_COMMIT
-    mkdir -p $INSTALL_DIR/cryptopp/build
-    cd $INSTALL_DIR/cryptopp/build
+    mkdir -p "$INSTALL_DIR/cryptopp/build"
+    cd "$INSTALL_DIR/cryptopp/build" || exit 6275425427
     cmake ..
-    make
-    if [ ! "$?" = "0" ]; then
+    if ! make; then
         exit 62826
     fi
     make install

From feca89a19fddbdb9b0ab5c0fa82727d0a6ec7763 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 17:28:57 +0000
Subject: [PATCH 13/67] Tidying database utils

---
 src/freedombone-utils-database | 258 +++++++++++++++++----------------
 1 file changed, 130 insertions(+), 128 deletions(-)

diff --git a/src/freedombone-utils-database b/src/freedombone-utils-database
index e3fcf0d4..6242c2e7 100755
--- a/src/freedombone-utils-database
+++ b/src/freedombone-utils-database
@@ -37,14 +37,14 @@ BACKUP_INCLUDES_DATABASES="no"
 function store_original_mariadb_password {
     if [ ! -f /root/.mariadboriginal ]; then
         echo $'Storing original mariadb password'
-        ORIGINAL_MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        ORIGINAL_MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         # We can store this in plaintext because it will soon be of historical interest only
         echo -n "$ORIGINAL_MARIADB_PASSWORD" > /root/.mariadboriginal
     fi
 }
 
 function keep_database_running {
-    if [ ! $(daemon_is_running mariadb) ]; then
+    if [ ! "$(daemon_is_running mariadb)" ]; then
         systemctl start mariadb
     fi
 }
@@ -65,65 +65,65 @@ function backup_database_local {
 
     backup_databases_script=/usr/bin/backupdatabases
     if ! grep -q "# Check database daemon" /usr/bin/backupdatabases; then
-        echo '' >> /usr/bin/backupdatabases
-        echo '# Check database daemon is running' >> /usr/bin/backupdatabases
-        echo 'if [ ! $(systemctl is-active mariadb >/dev/null 2>&1 && echo Running) ]; then' >> /usr/bin/backupdatabases
-        echo '    systemctl start mariadb' >> /usr/bin/backupdatabases
-        echo 'fi' >> /usr/bin/backupdatabases
-        echo '' >> /usr/bin/backupdatabases
+        { echo '';
+          echo '# Check database daemon is running';
+          echo "if [ ! \$(systemctl is-active mariadb >/dev/null 2>&1 && echo Running) ]; then";
+          echo '    systemctl start mariadb';
+          echo 'fi';
+          echo ''; } >> /usr/bin/backupdatabases
     fi
 
     if ! grep -q "# Backup the ${database_name} database" $backup_databases_script; then
-        echo "# Backup the ${database_name} database" >> $backup_databases_script
-        echo "TEMPFILE=/root/${database_name}.sql" >> $backup_databases_script
-        echo "DAILYFILE=/var/backups/${database_name}_daily.sql" >> $backup_databases_script
-        echo "mysqldump --password=\"\$MYSQL_PASSWORD\" ${database_name} > \$TEMPFILE" >> $backup_databases_script
-        echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> $backup_databases_script
-        echo 'if [ "$FILESIZE" -eq "0" ]; then' >> $backup_databases_script
-        echo '    if [ -f $DAILYFILE ]; then' >> $backup_databases_script
-        echo '        cp $DAILYFILE $TEMPFILE' >> $backup_databases_script
-        echo '' >> $backup_databases_script
-        echo '        # try to restore yesterdays database' >> $backup_databases_script
-        echo "        mysql -u root --password=\"\$MYSQL_PASSWORD\" ${database_name} -o < \$DAILYFILE" >> $backup_databases_script
-        echo '' >> $backup_databases_script
-        echo '        # Send a warning email' >> $backup_databases_script
-        echo "        echo \"Unable to create a backup of the ${database_name} database. Attempted to restore from yesterdays backup\" | mail -s \"${database_name} backup\" \$EMAIL" >> $backup_databases_script
-        echo '    else' >> $backup_databases_script
-        echo '        # Send a warning email' >> $backup_databases_script
-        echo "        echo \"Unable to create a backup of the ${database_name} database.\" | mail -s \"${database_name} backup\" \$EMAIL" >> $backup_databases_script
-        echo '    fi' >> $backup_databases_script
-        echo 'else' >> $backup_databases_script
-        echo '    chmod 600 $TEMPFILE' >> $backup_databases_script
-        echo '    mv $TEMPFILE $DAILYFILE' >> $backup_databases_script
-        echo '' >> $backup_databases_script
-        echo '    # Make the backup readable only by root' >> $backup_databases_script
-        echo '    chmod 600 $DAILYFILE' >> $backup_databases_script
-        echo 'fi' >> $backup_databases_script
-        echo "# End of ${database_name} database backup" >> $backup_databases_script
+        { echo "# Backup the ${database_name} database";
+          echo "TEMPFILE=/root/${database_name}.sql";
+          echo "DAILYFILE=/var/backups/${database_name}_daily.sql";
+          echo "mysqldump --password=\"\$MYSQL_PASSWORD\" ${database_name} > \$TEMPFILE";
+          echo "FILESIZE=\$(stat -c%s \$TEMPFILE)";
+          echo "if [ \"\$FILESIZE\" -eq \"0\" ]; then";
+          echo "    if [ -f \$DAILYFILE ]; then";
+          echo "        cp \$DAILYFILE \$TEMPFILE";
+          echo '';
+          echo '        # try to restore yesterdays database';
+          echo "        mysql -u root --password=\"\$MYSQL_PASSWORD\" ${database_name} -o < \$DAILYFILE";
+          echo '';
+          echo '        # Send a warning email';
+          echo "        echo \"Unable to create a backup of the ${database_name} database. Attempted to restore from yesterdays backup\" | mail -s \"${database_name} backup\" \$EMAIL";
+          echo '    else';
+          echo '        # Send a warning email';
+          echo "        echo \"Unable to create a backup of the ${database_name} database.\" | mail -s \"${database_name} backup\" \$EMAIL";
+          echo '    fi';
+          echo 'else';
+          echo "    chmod 600 \$TEMPFILE";
+          echo "    mv \$TEMPFILE \$DAILYFILE";
+          echo '';
+          echo '    # Make the backup readable only by root';
+          echo "    chmod 600 \$DAILYFILE";
+          echo 'fi';
+          echo "# End of ${database_name} database backup"; } >> $backup_databases_script
     fi
 
     weekly_backup_script=/etc/cron.weekly/backupdatabasesweekly
     if ! grep -q "Backup ${database_name}" ${weekly_backup_script}; then
-        echo "# Backup ${database_name}" >> ${weekly_backup_script}
-        echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then" >> ${weekly_backup_script}
-        echo "  cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_2weekly.sql" >> ${weekly_backup_script}
-        echo 'fi' >> ${weekly_backup_script}
-        echo "if [ -f /var/backups/${database_name}_daily.sql ]; then" >> ${weekly_backup_script}
-        echo "  cp -f /var/backups/${database_name}_daily.sql /var/backups/${database_name}_weekly.sql" >> ${weekly_backup_script}
-        echo 'fi' >> ${weekly_backup_script}
-        echo "# End of backup for ${database_name}" >> ${weekly_backup_script}
+        { echo "# Backup ${database_name}";
+          echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then";
+          echo "  cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_2weekly.sql";
+          echo 'fi';
+          echo "if [ -f /var/backups/${database_name}_daily.sql ]; then";
+          echo "  cp -f /var/backups/${database_name}_daily.sql /var/backups/${database_name}_weekly.sql";
+          echo 'fi';
+          echo "# End of backup for ${database_name}"; } >> ${weekly_backup_script}
     fi
 
     monthly_backup_script=/etc/cron.monthly/backupdatabasesmonthly
     if ! grep -q "Backup ${database_name}" ${monthly_backup_script}; then
-        echo "# Backup ${database_name}" >> ${monthly_backup_script}
-        echo "if [ -f /var/backups/${database_name}_monthly.sql ]; then" >> ${monthly_backup_script}
-        echo "  cp -f /var/backups/${database_name}_monthly.sql /var/backups/${database_name}_2monthly.sql" >> ${monthly_backup_script}
-        echo 'fi' >> ${monthly_backup_script}
-        echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then" >> ${monthly_backup_script}
-        echo "  cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_monthly.sql" >> ${monthly_backup_script}
-        echo 'fi' >> ${monthly_backup_script}
-        echo "# End of backup for ${database_name}" >> ${monthly_backup_script}
+        { echo "# Backup ${database_name}";
+          echo "if [ -f /var/backups/${database_name}_monthly.sql ]; then";
+          echo "  cp -f /var/backups/${database_name}_monthly.sql /var/backups/${database_name}_2monthly.sql";
+          echo 'fi';
+          echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then";
+          echo "  cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_monthly.sql";
+          echo 'fi';
+          echo "# End of backup for ${database_name}"; } >> ${monthly_backup_script}
     fi
 
     if ! grep -q "${database_name}" /etc/cron.hourly/repair; then
@@ -138,15 +138,15 @@ function get_mariadb_password {
     DATABASE_PASSWORD_FILE=/root/dbpass
     if [ -f $DATABASE_PASSWORD_FILE ]; then
         MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE)
-        ${PROJECT_NAME}-pass -u root -a mariadb -p "$MARIADB_PASSWORD"
-        stored_password=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        "${PROJECT_NAME}-pass" -u root -a mariadb -p "$MARIADB_PASSWORD"
+        stored_password=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then
             shred -zu $DATABASE_PASSWORD_FILE
             echo $'MariaDB password moved into password store'
             return
         fi
     fi
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
     if [[ "$MARIADB_PASSWORD" == *'failed'* ]]; then
         echo $'Could not obtain mariadb password'
         exit 835225
@@ -155,12 +155,12 @@ function get_mariadb_password {
 
 function mariadb_kill_stone_dead {
     systemctl stop mariadb
-    kill_pid=$(ps aux | grep mysqld_safe | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
-    kill_pid=$(ps aux | grep mysqld | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
-    kill_pid=$(ps aux | grep mysqld | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep mysqld_safe | head -n 1)
+    kill -9 "$kill_pid"
+    kill_pid=$(pgrep mysqld | head -n 1)
+    kill -9 "$kill_pid"
+    kill_pid=$(pgrep mysqld | head -n 1)
+    kill -9 "$kill_pid"
 }
 
 function mariadb_fix_authentication {
@@ -201,14 +201,15 @@ function install_mariadb {
 
     function_check get_mariadb_password
     get_mariadb_password
-    if [ ! $MARIADB_PASSWORD ]; then
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
-            MARIADB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "$MARIADB_PASSWORD" ]; then
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+            passfile="$(cat "$IMAGE_PASSWORD_FILE")"
+            MARIADB_PASSWORD="$(printf "%s" "$passfile")"
         else
-            MARIADB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
+            MARIADB_PASSWORD=$(create_password "${MINIMUM_PASSWORD_LENGTH}")
         fi
     fi
-    ${PROJECT_NAME}-pass -u root -a mariadb -p "$MARIADB_PASSWORD"
+    "${PROJECT_NAME}-pass" -u root -a mariadb -p "$MARIADB_PASSWORD"
 
     debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD"
     debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD"
@@ -243,37 +244,37 @@ function install_mariadb {
 function backup_databases_script_header {
     if [ ! -f /usr/bin/backupdatabases ]; then
         # daily
-        echo '#!/bin/sh' > /usr/bin/backupdatabases
-        echo '' >> /usr/bin/backupdatabases
-        echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases
-        echo '' >> /usr/bin/backupdatabases
-        echo "MYSQL_PASSWORD=\$(${PROJECT_NAME}-pass -u root -a mariadb)" >> /usr/bin/backupdatabases
-        echo 'umask 0077' >> /usr/bin/backupdatabases
-        echo '' >> /usr/bin/backupdatabases
-        echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases
-        echo "if [ -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backupdatabases
-        echo '  exit 1' >> /usr/bin/backupdatabases
-        echo 'fi' >> /usr/bin/backupdatabases
+        { echo '#!/bin/sh';
+          echo '';
+          echo "EMAIL='$MY_EMAIL_ADDRESS'";
+          echo '';
+          echo "MYSQL_PASSWORD=\$(${PROJECT_NAME}-pass -u root -a mariadb)";
+          echo 'umask 0077';
+          echo '';
+          echo '# exit if we are backing up to friends servers';
+          echo "if [ -f $FRIENDS_SERVERS_LIST ]; then";
+          echo '  exit 1';
+          echo 'fi'; } > /usr/bin/backupdatabases
         chmod 600 /usr/bin/backupdatabases
         chmod +x /usr/bin/backupdatabases
 
-        echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily
-        echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily
+        { echo '#!/bin/sh';
+          echo '/usr/bin/backupdatabases'; } > /etc/cron.daily/backupdatabasesdaily
         chmod 600 /etc/cron.daily/backupdatabasesdaily
         chmod +x /etc/cron.daily/backupdatabasesdaily
 
         # weekly
-        echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly
-        echo '' >> /etc/cron.weekly/backupdatabasesweekly
-        echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly
+        { echo '#!/bin/sh';
+          echo '';
+          echo 'umask 0077'; } > /etc/cron.weekly/backupdatabasesweekly
 
         chmod 600 /etc/cron.weekly/backupdatabasesweekly
         chmod +x /etc/cron.weekly/backupdatabasesweekly
 
         # monthly
-        echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly
-        echo '' >> /etc/cron.monthly/backupdatabasesmonthly
-        echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly
+        { echo '#!/bin/sh';
+          echo '';
+          echo 'umask 0077'; } > /etc/cron.monthly/backupdatabasesmonthly
 
         chmod 600 /etc/cron.monthly/backupdatabasesmonthly
         chmod +x /etc/cron.monthly/backupdatabasesmonthly
@@ -289,7 +290,7 @@ function repair_databases_script {
         return
     fi
 
-    db_pass=$(${PROJECT_NAME}-pass -u root -p mariadb)
+    db_pass=$("${PROJECT_NAME}-pass" -u root -p mariadb)
     if [[ "$db_pass" == 'Error:'* ]]; then
         return
     fi
@@ -304,22 +305,23 @@ function repair_databases_script {
 
 function remove_database {
     app_name="$1"
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
     echo "drop database ${app_name};
-quit" > $INSTALL_DIR/batch.sql
-    chmod 600 $INSTALL_DIR/batch.sql
+quit" > "$INSTALL_DIR/batch.sql"
+    chmod 600 "$INSTALL_DIR/batch.sql"
     keep_database_running
-    mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
-    shred -zu $INSTALL_DIR/batch.sql
+    mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
+    shred -zu "$INSTALL_DIR/batch.sql"
 }
 
 function initialise_database {
     database_name=$1
     database_file=$2
     keep_database_running
-    mysql -u root --password="$MARIADB_PASSWORD" -D $database_name < $database_file
+    mysql -u root --password="$MARIADB_PASSWORD" -D "$database_name" < "$database_file"
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         exit 62952
     fi
@@ -329,25 +331,25 @@ function run_query {
     database_name=$1
     database_query=$2
     keep_database_running
-    mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name
+    mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" "$database_name"
 }
 
 function run_query_root {
     database_name=$1
     database_query=$2
     keep_database_running
-    mysql -e "$database_query" $database_name
+    mysql -e "$database_query" "$database_name"
 }
 
 function create_database {
     app_name="$1"
     app_admin_password="$2"
     app_admin_username=$3
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
-    if [ ! $app_admin_username ]; then
-        app_admin_username=${app_name}admin
+    if [ ! "$app_admin_username" ]; then
+        app_admin_username="${app_name}admin"
     fi
 
     echo "create database ${app_name};
@@ -355,11 +357,11 @@ CREATE USER '$app_admin_username@localhost' IDENTIFIED BY '${app_admin_password}
 update mysql.user set plugin = '' where User='$app_admin_username@localhost';
 GRANT ALL PRIVILEGES ON ${app_name}.* TO '$app_admin_username@localhost';
 flush privileges;
-quit" > $INSTALL_DIR/batch.sql
-    chmod 600 $INSTALL_DIR/batch.sql
+quit" > "$INSTALL_DIR/batch.sql"
+    chmod 600 "$INSTALL_DIR/batch.sql"
     keep_database_running
-    mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
-    shred -zu $INSTALL_DIR/batch.sql
+    mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
+    shred -zu "$INSTALL_DIR/batch.sql"
 }
 
 function run_query_with_output {
@@ -381,11 +383,11 @@ function drop_database {
 
     echo "drop database ${app_name};
 flush privileges;
-quit" > $INSTALL_DIR/batch.sql
-    chmod 600 $INSTALL_DIR/batch.sql
+quit" > "$INSTALL_DIR/batch.sql"
+    chmod 600 "$INSTALL_DIR/batch.sql"
     keep_database_running
-    mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql
-    shred -zu $INSTALL_DIR/batch.sql
+    mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql"
+    shred -zu "$INSTALL_DIR/batch.sql"
 }
 
 
@@ -393,7 +395,7 @@ function database_reinstall {
     apt-get -yq purge mariadb*
     rm -rf /var/lib/mysql
     rm -rf /etc/mysql
-    sed -i '/mariadb/d' ~/${PROJECT_NAME}-completed.txt
+    sed -i '/mariadb/d' "${HOME}/${PROJECT_NAME}-completed.txt"
     install_mariadb
 }
 
@@ -404,11 +406,11 @@ function install_rethinkdb {
         exit 723723452
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 6384684
 
     echo "deb http://download.rethinkdb.com/apt $DEBIAN_VERSION main" | tee /etc/apt/sources.list.d/rethinkdb.list
 
@@ -416,25 +418,25 @@ function install_rethinkdb {
     apt-get update
     apt-get -yq install rethinkdb
 
-    echo 'runuser=rethinkdb' > /etc/rethinkdb/instances.d/default.conf
-    echo 'rungroup=rethinkdb' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# pid-file=/var/run/rethinkdb/rethinkdb.pid' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# directory=/var/lib/rethinkdb/default' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# log-file=/var/log/rethinkdb' >> /etc/rethinkdb/instances.d/default.conf
-    echo 'bind=127.0.0.1' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# canonical-address=' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# driver-port=28015' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# cluster-port=29015' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# join=example.com:29015' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# port-offset=0' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# reql-http-proxy=socks5://example.com:1080' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# http-port=8091' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# no-http-admin' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# cores=2' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# cache-size=1024' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# io-threads=64' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# direct-io' >> /etc/rethinkdb/instances.d/default.conf
-    echo '# server-name=server1' >> /etc/rethinkdb/instances.d/default.conf
+    { echo 'runuser=rethinkdb';
+      echo 'rungroup=rethinkdb';
+      echo '# pid-file=/var/run/rethinkdb/rethinkdb.pid';
+      echo '# directory=/var/lib/rethinkdb/default';
+      echo '# log-file=/var/log/rethinkdb';
+      echo 'bind=127.0.0.1';
+      echo '# canonical-address=';
+      echo '# driver-port=28015';
+      echo '# cluster-port=29015';
+      echo '# join=example.com:29015';
+      echo '# port-offset=0';
+      echo '# reql-http-proxy=socks5://example.com:1080';
+      echo '# http-port=8091';
+      echo '# no-http-admin';
+      echo '# cores=2';
+      echo '# cache-size=1024';
+      echo '# io-threads=64';
+      echo '# direct-io';
+      echo '# server-name=server1'; } > /etc/rethinkdb/instances.d/default.conf
 
     systemctl restart rethinkdb
 }

From 05f39281f2ea06ec11e6a9ed66249ab9048c78e9 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 17:32:57 +0000
Subject: [PATCH 14/67] Tidying function checking utils

---
 src/freedombone-utils-depends | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-utils-depends b/src/freedombone-utils-depends
index aee2a609..bb2572ac 100755
--- a/src/freedombone-utils-depends
+++ b/src/freedombone-utils-depends
@@ -29,14 +29,14 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 function function_check {
-    if [ ! "$(type ${1} 2>/dev/null)" ]; then
+    if [ ! "$(type "${1}" 2>/dev/null)" ]; then
         echo $"Dependency error: The function ${1} has not been defined"
         exit 72528
     fi
 }
 
 function function_exists {
-    if [ ! "$(type ${1} 2>/dev/null)" ]; then
+    if [ ! "$(type "${1}" 2>/dev/null)" ]; then
         echo "0"
     else
         echo "1"

From 8b4ddff6eb2760b139537c95915cbdeae34a4c36 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 25 Feb 2018 22:15:36 +0000
Subject: [PATCH 15/67] Tidying gnusocial utils

---
 src/freedombone-utils-dns            |  32 +-
 src/freedombone-utils-filesystem     |  43 +-
 src/freedombone-utils-final          |  68 +-
 src/freedombone-utils-firewall       | 261 ++++---
 src/freedombone-utils-git            |  29 +-
 src/freedombone-utils-gnusocialtools | 999 +++++++++++++--------------
 6 files changed, 710 insertions(+), 722 deletions(-)

diff --git a/src/freedombone-utils-dns b/src/freedombone-utils-dns
index 7dc3bb39..cd726d04 100755
--- a/src/freedombone-utils-dns
+++ b/src/freedombone-utils-dns
@@ -131,7 +131,7 @@ function create_freedns_updater {
 }
 
 function add_ddns_domain {
-    if [ ! $1 ]; then
+    if [ ! "$1" ]; then
         echo $'ddns domain not specified'
         exit 5638
     fi
@@ -147,10 +147,10 @@ function add_ddns_domain {
         exit 5745
     fi
     if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
-        echo '' >> /etc/inadyn.conf
-        echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf
-        echo '  ssl' >> /etc/inadyn.conf
-        echo "  checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf
+        { echo '';
+          echo "system $DDNS_PROVIDER";
+          echo '  ssl';
+          echo "  checkip-url $GET_IP_ADDRESS_URL /"; } >> /etc/inadyn.conf
         if [ $DDNS_USERNAME ]; then
             echo "  username $DDNS_USERNAME" >> /etc/inadyn.conf
         fi
@@ -168,7 +168,7 @@ function add_ddns_domain {
 }
 
 function remove_ddns_domain {
-    if [ ! $1 ]; then
+    if [ ! "$1" ]; then
         echo $'ddns domain not specified'
         exit 5638
     fi
@@ -203,14 +203,14 @@ function configure_dns {
     # allow changes to resolv.conf
     chattr -i $resolvconf
 
-    echo 'domain localdomain' > $resolvconf
-    echo 'search localdomain' >> $resolvconf
-    echo "nameserver $NAMESERVER1" >> $resolvconf
-    echo "nameserver $NAMESERVER2" >> $resolvconf
-    echo "nameserver $NAMESERVER3" >> $resolvconf
-    echo "nameserver $NAMESERVER4" >> $resolvconf
-    echo "nameserver $NAMESERVER5" >> $resolvconf
-    echo "nameserver $NAMESERVER6" >> $resolvconf
+    { echo 'domain localdomain';
+      echo 'search localdomain';
+      echo "nameserver $NAMESERVER1";
+      echo "nameserver $NAMESERVER2";
+      echo "nameserver $NAMESERVER3";
+      echo "nameserver $NAMESERVER4";
+      echo "nameserver $NAMESERVER5";
+      echo "nameserver $NAMESERVER6"; } > $resolvconf
 
     # prevent resolv.conf from changing
     resolvconf -u
@@ -222,7 +222,7 @@ function set_hostname {
     DEFAULT_DOMAIN_NAME="$1"
 
     echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
-    hostname $DEFAULT_DOMAIN_NAME
+    hostname "$DEFAULT_DOMAIN_NAME"
     echo "$DEFAULT_DOMAIN_NAME" > /etc/mailname
 
     if grep -q "127.0.1.1" /etc/hosts; then
@@ -238,7 +238,7 @@ function set_your_domain_name {
     fi
 
     function_check set_hostname
-    set_hostname $DEFAULT_DOMAIN_NAME
+    set_hostname "$DEFAULT_DOMAIN_NAME"
 
     mark_completed "${FUNCNAME[0]}"
 }
diff --git a/src/freedombone-utils-filesystem b/src/freedombone-utils-filesystem
index 8712abd9..3a708882 100755
--- a/src/freedombone-utils-filesystem
+++ b/src/freedombone-utils-filesystem
@@ -32,44 +32,45 @@ TOMB_REPO="https://github.com/dyne/Tomb"
 TOMB_COMMIT='c80ebd6d6ed77980eb5b559757e03ea13a29bdd1'
 
 function mesh_install_tomb {
-    chroot ${rootdir} apt-get -yq install cryptsetup zsh pinentry-curses
+    # shellcheck disable=SC2154
+    chroot "${rootdir}" apt-get -yq install cryptsetup zsh pinentry-curses
 
-    if [ ! -d ${rootdir}/$INSTALL_DIR ]; then
-        mkdir -p ${rootdir}/$INSTALL_DIR
+    if [ ! -d "${rootdir}/$INSTALL_DIR" ]; then
+        mkdir -p "${rootdir}/$INSTALL_DIR"
     fi
 
     if [ -d /repos/tomb ]; then
-        mkdir ${rootdir}/$INSTALL_DIR/tomb
-        cp -r -p /repos/tomb/. ${rootdir}/$INSTALL_DIR/tomb
-        cd ${rootdir}/$INSTALL_DIR/tomb
+        mkdir "${rootdir}/$INSTALL_DIR/tomb"
+        cp -r -p /repos/tomb/. "${rootdir}/$INSTALL_DIR/tomb"
+        cd "${rootdir}/$INSTALL_DIR/tomb" || exit 3648368
         git pull
     else
-        git_clone $TOMB_REPO ${rootdir}/$INSTALL_DIR/tomb
+        git_clone "$TOMB_REPO" "${rootdir}/$INSTALL_DIR/tomb"
     fi
 
-    cd ${rootdir}/$INSTALL_DIR/tomb
+    cd "${rootdir}/$INSTALL_DIR/tomb" || exit 7346384
 
     git checkout $TOMB_COMMIT -b $TOMB_COMMIT
 
-    chroot ${rootdir} /bin/bash -x <<EOF
+    chroot "${rootdir}" /bin/bash -x <<EOF
 cd $INSTALL_DIR/tomb
 make install
 EOF
-    if [ ! -f ${rootdir}/usr/local/bin/tomb ]; then
+    if [ ! -f "${rootdir}/usr/local/bin/tomb" ]; then
         exit 93462
     fi
 }
 
 function install_tomb {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_tomb
         return
     fi
 
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/tomb "tomb commit" "$TOMB_COMMIT" $TOMB_REPO
+    set_repo_commit "$INSTALL_DIR/tomb" "tomb commit" "$TOMB_COMMIT" "$TOMB_REPO"
 
-    if [ -f $COMPLETION_FILE ]; then
+    if [ -f "$COMPLETION_FILE" ]; then
         if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
             return
         fi
@@ -77,22 +78,22 @@ function install_tomb {
 
     apt-get -yq install cryptsetup zsh pinentry-curses
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     if [ -d /repos/tomb ]; then
-        mkdir $INSTALL_DIR/tomb
-        cp -r -p /repos/tomb/. $INSTALL_DIR/tomb
-        cd $INSTALL_DIR/tomb
+        mkdir "$INSTALL_DIR/tomb"
+        cp -r -p /repos/tomb/. "$INSTALL_DIR/tomb"
+        cd "$INSTALL_DIR/tomb" || exit 7684638
         git pull
     else
-        git_clone $TOMB_REPO $INSTALL_DIR/tomb
+        git_clone "$TOMB_REPO" "$INSTALL_DIR/tomb"
     fi
 
-    cd $INSTALL_DIR/tomb
+    cd "$INSTALL_DIR/tomb" || exit 364863463
 
-    git checkout $TOMB_COMMIT -b $TOMB_COMMIT
+    git checkout "$TOMB_COMMIT" -b "$TOMB_COMMIT"
     set_completion_param "tomb commit" "$TOMB_COMMIT"
 
     make install
diff --git a/src/freedombone-utils-final b/src/freedombone-utils-final
index 7bc32dd6..5886db9e 100755
--- a/src/freedombone-utils-final
+++ b/src/freedombone-utils-final
@@ -33,9 +33,9 @@ function install_final {
         return
     fi
     # unmount any attached usb drive
-    if [ -d $USB_MOUNT ]; then
-        umount $USB_MOUNT
-        rm -rf $USB_MOUNT
+    if [ -d "$USB_MOUNT" ]; then
+        umount "$USB_MOUNT"
+        rm -rf "$USB_MOUNT"
     fi
     function_check split_gpg_key_into_fragments
     split_gpg_key_into_fragments
@@ -63,32 +63,32 @@ $(get_ssh_server_key)
     echo ''
 
     # add user menu on ssh login
-    if ! grep -q 'controluser' /home/$MY_USERNAME/.bashrc; then
-        echo 'controluser' >> /home/$MY_USERNAME/.bashrc
+    if ! grep -q 'controluser' "/home/$MY_USERNAME/.bashrc"; then
+        echo 'controluser' >> "/home/$MY_USERNAME/.bashrc"
     fi
-    if [ ! -f $IMAGE_PASSWORD_FILE ]; then
-        if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then
+    if [ ! -f "$IMAGE_PASSWORD_FILE" ]; then
+        if [ -f "/root/${PROJECT_NAME}-wifi.cfg" ]; then
             create_wifi_startup_script
             echo ''
             echo $'Shutting down the system. Detatch the ethernet cable, attach wifi dongle, then power on again.'
             echo ''
-            ${PROJECT_NAME}-logging off --restart
+            "${PROJECT_NAME}-logging" off --restart
             systemctl poweroff
             return
         fi
         echo $'Turning off logging'
-        ${PROJECT_NAME}-logging off --restart
+        "${PROJECT_NAME}-logging" off --restart
         echo $'Rebooting the system'
         systemctl reboot -i
     fi
     echo $'Turning off logging'
-    ${PROJECT_NAME}-logging off --restart
+    "${PROJECT_NAME}-logging" off --restart
 }
 
 function update_installed_apps_list {
     # Why does this secondary file exist, apart from COMPLETION_FILE ?
     # It's so that it is visible to unprivileged users from the user control panel
-    cat $COMPLETION_FILE | grep "install_" > /usr/share/${PROJECT_NAME}/installed.txt
+    grep "install_" "$COMPLETION_FILE" > "/usr/share/${PROJECT_NAME}/installed.txt"
 }
 
 function create_default_user_removal_daemon {
@@ -96,31 +96,31 @@ function create_default_user_removal_daemon {
 
     first_start_daemon_filename=/etc/systemd/system/firststart.service
     first_start_script=/usr/local/bin/firststart
-    echo '#!/bin/bash' > $first_start_script
-    echo 'if [ -d /home/fbone]; then' >> $first_start_script
-    echo '    userdel -r fbone' >> $first_start_script
-    echo '    if [ -d /home/fbone]; then' >> $first_start_script
-    echo '        rm -rf /home/fbone' >> $first_start_script
-    echo '    fi' >> $first_start_script
-    echo 'fi' >> $first_start_script
-    echo 'systemctl disable firststart' >> $first_start_script
-    echo "rm $first_start_daemon_filename" >> $first_start_script
+    { echo '#!/bin/bash';
+      echo 'if [ -d /home/fbone]; then';
+      echo '    userdel -r fbone';
+      echo '    if [ -d /home/fbone]; then';
+      echo '        rm -rf /home/fbone';
+      echo '    fi';
+      echo 'fi';
+      echo 'systemctl disable firststart';
+      echo "rm $first_start_daemon_filename"; } > $first_start_script
     chmod +x $first_start_script
 
-    echo '[Unit]' > $first_start_daemon_filename
-    echo 'Description=Daemon run on first boot' >> $first_start_daemon_filename
-    echo 'After=syslog.target' >> $first_start_daemon_filename
-    echo 'After=network.target' >> $first_start_daemon_filename
-    echo '' >> $first_start_daemon_filename
-    echo '[Service]' >> $first_start_daemon_filename
-    echo 'User=root' >> $first_start_daemon_filename
-    echo 'Group=root' >> $first_start_daemon_filename
-    echo "ExecStart=$first_start_script" >> $first_start_daemon_filename
-    echo 'StandardOutput=syslog' >> $first_start_daemon_filename
-    echo 'StandardError=syslog' >> $first_start_daemon_filename
-    echo '' >> $first_start_daemon_filename
-    echo '[Install]' >> $first_start_daemon_filename
-    echo 'WantedBy=multi-user.target' >> $first_start_daemon_filename
+    { echo '[Unit]';
+      echo 'Description=Daemon run on first boot';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=root';
+      echo 'Group=root';
+      echo "ExecStart=$first_start_script";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $first_start_daemon_filename
     systemctl enable firststart
 }
 
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index 2b70d31a..fc95b87f 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -47,7 +47,7 @@ function save_firewall_settings {
 }
 
 function firewall_block_bad_ip_ranges {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         return
     fi
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
@@ -135,13 +135,13 @@ function firewall_enable_vpn {
 }
 
 function configure_firewall {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_firewall
         return
     fi
     if grep -q "RELATED" /etc/firewall.conf; then
         # recreate the firewall to remove RELATED
-        sed -i "/firewall/d" $COMPLETION_FILE
+        sed -i "/firewall/d" "$COMPLETION_FILE"
     fi
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
@@ -276,10 +276,10 @@ function configure_internet_protocol {
         echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
     fi
     if ! grep -q "keepalive" /etc/sysctl.conf; then
-        echo '# keepalive' >> /etc/sysctl.conf
-        echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
-        echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
-        echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
+        { echo '# keepalive';
+          echo 'net.ipv4.tcp_keepalive_probes = 9';
+          echo 'net.ipv4.tcp_keepalive_intvl = 75';
+          echo 'net.ipv4.tcp_keepalive_time = 7200'; } >> /etc/sysctl.conf
     fi
     if ! grep -q "net.ipv4.conf.default.send_redirects" /etc/sysctl.conf; then
         echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
@@ -335,103 +335,100 @@ function configure_internet_protocol {
 }
 
 function mesh_firewall {
-    FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
+    # shellcheck disable=SC2154
+    FIREWALL_FILENAME="${rootdir}/etc/systemd/system/meshfirewall.service"
     MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
 
-    echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    chmod +x $MESH_FIREWALL_SCRIPT
+    { echo '#!/bin/bash';
+      echo 'iptables -P INPUT ACCEPT';
+      echo 'ip6tables -P INPUT ACCEPT';
+      echo 'iptables -F';
+      echo 'ip6tables -F';
+      echo 'iptables -t nat -F';
+      echo 'ip6tables -t nat -F';
+      echo 'iptables -X';
+      echo 'ip6tables -X';
+      echo 'iptables -P INPUT DROP';
+      echo 'ip6tables -P INPUT DROP';
+      echo 'iptables -A INPUT -i lo -j ACCEPT';
+      echo 'ip6tables -A INPUT -i lo -j ACCEPT';
+      echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo '';
+      echo '# Make sure incoming tcp connections are SYN packets';
+      echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo '';
+      echo '# Drop packets with incoming fragments';
+      echo 'iptables -A INPUT -f -j DROP';
+      echo 'ip6tables -A INPUT -f -j DROP';
+      echo '';
+      echo '# Drop bogons';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo '';
+      echo '# Incoming malformed NULL packets:';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo '';
+      echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT"; } > "$MESH_FIREWALL_SCRIPT"
+    chmod +x "$MESH_FIREWALL_SCRIPT"
 
-    echo '[Unit]' > $FIREWALL_FILENAME
-    echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Service]' >> $FIREWALL_FILENAME
-    echo 'Type=oneshot' >> $FIREWALL_FILENAME
-    echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
-    echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Install]' >> $FIREWALL_FILENAME
-    echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
-    chmod +x $FIREWALL_FILENAME
+    { echo '[Unit]';
+      echo 'Description=Mesh Firewall';
+      echo '';
+      echo '[Service]';
+      echo 'Type=oneshot';
+      echo 'ExecStart=/usr/bin/mesh-firewall';
+      echo 'RemainAfterExit=no';
+      echo '';
+      echo 'TimeoutSec=30';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$FIREWALL_FILENAME"
+    chmod +x "$FIREWALL_FILENAME"
     chroot "$rootdir" systemctl enable meshfirewall
 }
 
 function firewall_add {
-    firewall_name=$(echo "$1" | sed "s| |-|g")
+    firewall_name=$(string="$1" ; echo "${string// /-}")
     firewall_port=$2
     firewall_protocol="$3"
 
-    if ! grep -q "${firewall_name}=${firewall_port}" $FIREWALL_CONFIG; then
-        echo "${firewall_name}=${firewall_port}" >> $FIREWALL_CONFIG
-        if [ ! ${firewall_protocol} ]; then
-            iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
-            if [ ! "$?" = "0" ]; then
-                iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
+    if ! grep -q "${firewall_name}=${firewall_port}" "$FIREWALL_CONFIG"; then
+        echo "${firewall_name}=${firewall_port}" >> "$FIREWALL_CONFIG"
+        if [ ! "${firewall_protocol}" ]; then
+            if ! iptables -C INPUT -p udp --dport "${firewall_port}" -j ACCEPT; then
+                iptables -A INPUT -p udp --dport "${firewall_port}" -j ACCEPT
             fi
 
-            iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
-            if [ ! "$?" = "0" ]; then
-                iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
+            if ! iptables -C INPUT -p tcp --dport "${firewall_port}" -j ACCEPT; then
+                iptables -A INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
             fi
         else
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
-                iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
-                if [ ! "$?" = "0" ]; then
-                    iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
+                if ! iptables -C INPUT -p udp --dport "${firewall_port}" -j ACCEPT; then
+                    iptables -A INPUT -p udp --dport "${firewall_port}" -j ACCEPT
                 fi
             fi
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
-                iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
-                if [ ! "$?" = "0" ]; then
-                    iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
+                if ! iptables -C INPUT -p tcp --dport "${firewall_port}" -j ACCEPT; then
+                    iptables -A INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
                 fi
             fi
         fi
@@ -440,33 +437,29 @@ function firewall_add {
 }
 
 function firewall_add_range {
-    firewall_name=$(echo "$1" | sed "s| |-|g")
+    firewall_name=$(string="$1" ; echo "${string// /-}")
     firewall_port_start=$2
     firewall_port_end=$3
     firewall_protocol="$4"
 
-    if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" $FIREWALL_CONFIG; then
-        echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> $FIREWALL_CONFIG
-        if [ ! ${firewall_protocol} ]; then
-            iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
-            if [ ! "$?" = "0" ]; then
-                iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
+    if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" "$FIREWALL_CONFIG"; then
+        echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> "$FIREWALL_CONFIG"
+        if [ ! "${firewall_protocol}" ]; then
+            if ! iptables -C INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
+                iptables -A INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
             fi
-            iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
-            if [ ! "$?" = "0" ]; then
-                iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
+            if ! iptables -C INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
+                iptables -A INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
             fi
         else
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
-                iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
-                if [ ! "$?" = "0" ]; then
-                    iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
+                if ! iptables -C INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
+                    iptables -A INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
                 fi
             fi
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
-                iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
-                if [ ! "$?" = "0" ]; then
-                    iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
+                if ! iptables -C INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
+                    iptables -A INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
                 fi
             fi
         fi
@@ -479,23 +472,23 @@ function firewall_remove {
     firewall_port=$1
     firewall_protocol="$2"
 
-    if [ ! -f $FIREWALL_CONFIG ]; then
+    if [ ! -f "$FIREWALL_CONFIG" ]; then
         return
     fi
 
-    if grep -q "=${firewall_port}" $FIREWALL_CONFIG; then
-        if [ ! ${firewall_protocol} ]; then
-            iptables -D INPUT -p udp --dport ${firewall_port} -j ACCEPT
-            iptables -D INPUT -p tcp --dport ${firewall_port} -j ACCEPT
+    if grep -q "=${firewall_port}" "$FIREWALL_CONFIG"; then
+        if [ ! "${firewall_protocol}" ]; then
+            iptables -D INPUT -p udp --dport "${firewall_port}" -j ACCEPT
+            iptables -D INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
         else
             if [[ "${firewall_protocol}" == *"udp"* ]]; then
-                iptables -D INPUT -p udp --dport ${firewall_port} -j ACCEPT
+                iptables -D INPUT -p udp --dport "${firewall_port}" -j ACCEPT
             fi
             if [[ "${firewall_protocol}" == *"tcp"* ]]; then
-                iptables -D INPUT -p tcp --dport ${firewall_port} -j ACCEPT
+                iptables -D INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
             fi
         fi
-        sed -i "/=${firewall_port}/d" $FIREWALL_CONFIG
+        sed -i "/=${firewall_port}/d" "$FIREWALL_CONFIG"
         save_firewall_settings
     fi
 }
@@ -509,7 +502,7 @@ function domain_to_hex_string {
         characters=$(echo -n "$segment" | wc -c)
         hexnum=$(echo "obase=16; $characters" | bc)
         echo -n "|"
-        if [ $(echo -n "$hexnum" | wc -c) -lt 2 ]; then
+        if [ "$(echo -n "$hexnum" | wc -c)" -lt 2 ]; then
             echo -n "0"
         fi
         echo -n "$hexnum|$segment"
@@ -523,20 +516,19 @@ function firewall_block_domain {
     blocked_domain="$1"
     if [[ "$blocked_domain" == *'@'* ]]; then
         # Don't try to block email/microblog addresses
-        echo "${blocked_domain}" >> $FIREWALL_DOMAINS
+        echo "${blocked_domain}" >> "$FIREWALL_DOMAINS"
         return
     fi
-    if ! grep -q "$blocked_domain" $FIREWALL_DOMAINS; then
-        hexstr=$(domain_to_hex_string $blocked_domain)
-        iptables -C INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
-        if [ ! "$?" = "0" ]; then
+    if ! grep -q "$blocked_domain" "$FIREWALL_DOMAINS"; then
+        hexstr=$(domain_to_hex_string "$blocked_domain")
+        if ! iptables -C INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP; then
             iptables -A INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
             iptables -A INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
             iptables -A OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
             iptables -A OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
             iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
             iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
-            echo "${blocked_domain}" >> $FIREWALL_DOMAINS
+            echo "${blocked_domain}" >> "$FIREWALL_DOMAINS"
             save_firewall_settings
         fi
 
@@ -559,13 +551,12 @@ function firewall_block_ip {
         # Don't try to block email/microblog addresses
         return
     fi
-    if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
-        iptables -C INPUT -s $blocked_ip -j DROP
-        if [ ! "$?" = "0" ]; then
-            iptables -A INPUT -s $blocked_ip -j DROP
-            iptables -A OUTPUT -s $blocked_ip -j DROP
+    if ! grep -q "$blocked_ip" "$FIREWALL_DOMAINS"; then
+        if ! iptables -C INPUT -s "$blocked_ip" -j DROP; then
+            iptables -A INPUT -s "$blocked_ip" -j DROP
+            iptables -A OUTPUT -s "$blocked_ip" -j DROP
 
-            echo "${blocked_ip}" >> $FIREWALL_DOMAINS
+            echo "${blocked_ip}" >> "$FIREWALL_DOMAINS"
             save_firewall_settings
         fi
     fi
@@ -577,31 +568,31 @@ function firewall_unblock_ip {
         # Don't try to block email/microblog addresses
         return
     fi
-    if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
-        iptables -D INPUT -s $blocked_ip -j DROP
-        iptables -D OUTPUT -s $blocked_ip -j DROP
+    if grep -q "$blocked_ip" "$FIREWALL_DOMAINS"; then
+        iptables -D INPUT -s "$blocked_ip" -j DROP
+        iptables -D OUTPUT -s "$blocked_ip" -j DROP
 
-        sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS
-        echo "${blocked_ip}" >> $FIREWALL_DOMAINS
+        sed -i "/$blocked_ip/d" "$FIREWALL_DOMAINS"
+        echo "${blocked_ip}" >> "$FIREWALL_DOMAINS"
         save_firewall_settings
     fi
 }
 
 function firewall_refresh_blocklist {
-    if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
+    if [ ! -f "/root/${PROJECT_NAME}-firewall-domains.cfg" ]; then
         return
     fi
 
-    while read blocked_domain; do
-        firewall_block_domain $blocked_domain
-    done </root/${PROJECT_NAME}-firewall-domains.cfg
+    while read -r blocked_domain; do
+        firewall_block_domain "$blocked_domain"
+    done <"/root/${PROJECT_NAME}-firewall-domains.cfg"
 }
 
 function firewall_unblock_domain {
     unblocked_domain="$1"
-    if grep -q "${unblocked_domain}" $FIREWALL_DOMAINS; then
+    if grep -q "${unblocked_domain}" "$FIREWALL_DOMAINS"; then
         if [[ "${unblocked_domain}" != *'@'* ]]; then
-            hexstr=$(domain_to_hex_string $unblocked_domain)
+            hexstr=$(domain_to_hex_string "$unblocked_domain")
             iptables -D INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
             iptables -D INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
             iptables -D OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
@@ -610,7 +601,7 @@ function firewall_unblock_domain {
             iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
             save_firewall_settings
         fi
-        sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
+        sed -i "/${unblocked_domain}/d" "$FIREWALL_DOMAINS"
     fi
 }
 
diff --git a/src/freedombone-utils-git b/src/freedombone-utils-git
index 8b87552e..644d2212 100755
--- a/src/freedombone-utils-git
+++ b/src/freedombone-utils-git
@@ -37,22 +37,21 @@ function git_clone {
 }
 
 function git_pull {
-    if [ ! $1 ]; then
+    if [ ! "$1" ]; then
         echo $'git_pull no repo specified'
     fi
 
     git merge --abort
     git stash
-    git remote set-url origin $1
+    git remote set-url origin "$1"
     git checkout master
     git pull
 
-    if [ $2 ]; then
+    if [ "$2" ]; then
         # delete any existing branch
-        git branch -D $2
+        git branch -D "$2"
         # check out the new branch
-        git checkout $2 -b $2
-        if [ ! "$?" = "0" ]; then
+        if ! git checkout "$2" -b "$2"; then
             echo $"Unable to checkout $1 $2"
             exit 72357
         fi
@@ -63,8 +62,8 @@ function commit_has_changed {
     repo_dir=$1
     repo_commit_name=$2
     repo_commit=$3
-    if [ -d $repo_dir ]; then
-        if grep -q "$repo_commit_name" $COMPLETION_FILE; then
+    if [ -d "$repo_dir" ]; then
+        if grep -q "$repo_commit_name" "$COMPLETION_FILE"; then
             CURRENT_REPO_COMMIT=$(get_completion_param "$repo_commit_name")
             if [[ "$CURRENT_REPO_COMMIT" != "$repo_commit" ]]; then
                 echo "1"
@@ -86,13 +85,13 @@ function set_repo_commit {
     repo_commit=$3
     repo_url=$4
 
-    if [[ $(commit_has_changed $repo_dir $repo_commit_name $repo_commit) == "1" ]]; then
-        cd $repo_dir
-        git_pull $repo_url $repo_commit
+    if [[ $(commit_has_changed "$repo_dir" "$repo_commit_name" "$repo_commit") == "1" ]]; then
+        cd "$repo_dir" || exit 3856835
+        git_pull "$repo_url" "$repo_commit"
 
         # application specific stuff after updating the repo
         if [[ $repo_dir == *"www"* ]]; then
-            chown -R www-data:www-data $repo_dir
+            chown -R www-data:www-data "$repo_dir"
         fi
         if [[ $repo_dir == *"gpgit" ]]; then
             if [ ! -f /usr/bin/gpgit.pl ]; then
@@ -107,12 +106,12 @@ function set_repo_commit {
         fi
         if [[ $repo_dir == *"cleanup-maildir" ]]; then
             if [ ! -f /usr/bin/cleanup-maildir ]; then
-                cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
+                cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
             else
-                HASH1=$(sha256sum $INSTALL_DIR/cleanup-maildir/cleanup-maildir | awk -F ' ' '{print $1}')
+                HASH1=$(sha256sum "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" | awk -F ' ' '{print $1}')
                 HASH2=$(sha256sum /usr/bin/cleanup-maildir | awk -F ' ' '{print $1}')
                 if [[ "$HASH1" != "$HASH2" ]]; then
-                    cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
+                    cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
                 fi
             fi
         fi
diff --git a/src/freedombone-utils-gnusocialtools b/src/freedombone-utils-gnusocialtools
index 466222ff..503a04d3 100755
--- a/src/freedombone-utils-gnusocialtools
+++ b/src/freedombone-utils-gnusocialtools
@@ -45,26 +45,26 @@ GNUSOCIAL_MARKDOWN_COMMIT='03c53942f94b3376f0946e6e1fe566cc21ccf232'
 
 # Stuff to be done after restoring from backup
 function gnusocial_update_after_restore {
-    gnusocial_variant=$1
-    gnusocial_domain=$2
+    gnusocial_variant="$1"
+    gnusocial_domain="$2"
 
-    cd /var/www/${gnusocial_domain}/htdocs
+    cd "/var/www/${gnusocial_domain}/htdocs" || exit 36865853
 
     # Ensure that the database password is correct
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
     sed -i "s|\$config['db']['database'].*|\$config['db']['database'] = 'mysqli://root:${MARIADB_PASSWORD}@localhost/${gnusocial_variant}';|g" config.php
     MARIADB_PASSWORD=
 
     # Set permissions
-    chmod g+w /var/www/$gnusocial_domain/htdocs
-    chmod a+w /var/www/$gnusocial_domain/htdocs/avatar
-    chmod a+w /var/www/$gnusocial_domain/htdocs/file
-    chown -R www-data:www-data /var/www/$gnusocial_domain/htdocs
-    chmod +x /var/www/$gnusocial_domain/htdocs/scripts/maildaemon.php
+    chmod g+w "/var/www/$gnusocial_domain/htdocs"
+    chmod a+w "/var/www/$gnusocial_domain/htdocs/avatar"
+    chmod a+w "/var/www/$gnusocial_domain/htdocs/file"
+    chown -R www-data:www-data "/var/www/$gnusocial_domain/htdocs"
+    chmod +x "/var/www/$gnusocial_domain/htdocs/scripts/maildaemon.php"
 
     # This seems to be necessary to get the UI back
-    gnusocial_use_classic $gnusocial_variant
-    gnusocial_use_qvitter $gnusocial_variant
+    gnusocial_use_classic "$gnusocial_variant"
+    gnusocial_use_qvitter "$gnusocial_variant"
 
     # start the daemons
     su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data
@@ -72,16 +72,16 @@ function gnusocial_update_after_restore {
 
 function qvitter_update_background {
     domain_name="$1"
-    ext=$2
+    ext="$2"
 
-    if [ -d /var/www/${domain_name}/htdocs/local/plugins/Qvitter/img ]; then
-        if [ -f bg_custom.${ext} ]; then
-            cp bg_custom.${ext} /var/www/${domain_name}/htdocs/local/plugins/Qvitter/img
-            if ! grep -q "bg_custom.${ext}" /var/www/${domain_name}/htdocs/config.php; then
-                if grep -q 'sitebackground' /var/www/${domain_name}/htdocs/config.php; then
-                    sed -i '/sitebackground/d' /var/www/${domain_name}/htdocs/config.php
+    if [ -d "/var/www/${domain_name}/htdocs/local/plugins/Qvitter/img" ]; then
+        if [ -f "bg_custom.${ext}" ]; then
+            cp "bg_custom.${ext}" "/var/www/${domain_name}/htdocs/local/plugins/Qvitter/img"
+            if ! grep -q "bg_custom.${ext}" "/var/www/${domain_name}/htdocs/config.php"; then
+                if grep -q 'sitebackground' "/var/www/${domain_name}/htdocs/config.php"; then
+                    sed -i '/sitebackground/d' "/var/www/${domain_name}/htdocs/config.php"
                 fi
-                echo "\$config['site']['qvitter']['sitebackground'] = 'img/bg_custom.${ext}';" >> /var/www/${domain_name}/htdocs/config.php
+                echo "\$config['site']['qvitter']['sitebackground'] = 'img/bg_custom.${ext}';" >> "/var/www/${domain_name}/htdocs/config.php"
             fi
         fi
     fi
@@ -112,86 +112,86 @@ function pleroma_set_background_image_from_url {
     fi
 
     if [ ${#ext} -gt 0 ]; then
-        cd $basedir
+        cd "$basedir" || exit 638436783
 
         # remove any existing image
-        if [ -f bg_custom.${ext} ]; then
-            rm bg_custom.${ext}
+        if [ -f "bg_custom.${ext}" ]; then
+            rm "bg_custom.${ext}"
         fi
 
         # get the new image
-        wget "$url" -O bg_custom.${ext}
-        if [ ! -f bg_custom.${ext} ]; then
+        wget "$url" -O "bg_custom.${ext}"
+        if [ ! -f "bg_custom.${ext}" ]; then
             echo "$url"
             echo $'Custom background image for pleroma could not be downloaded'
             echo "1"
             return
         fi
 
-        if [ -d $basedir/static ]; then
-            cp bg_custom.${ext} static/bg_custom.${ext}
-            chown www-data:www-data static/bg_custom.${ext}
+        if [ -d "$basedir/static" ]; then
+            cp "bg_custom.${ext}" "static/bg_custom.${ext}"
+            chown www-data:www-data "static/bg_custom.${ext}"
             sed -i "s|\"background\":.*|\"background\": \"/static/bg_custom.${ext}\",|g" static/config.json
         fi
         if [ -d priv/static/static ]; then
-            cp bg_custom.${ext} priv/static/static/bg_custom.${ext}
-            chown www-data:www-data priv/static/static/bg_custom.${ext}
+            cp "bg_custom.${ext}" "priv/static/static/bg_custom.${ext}"
+            chown www-data:www-data "priv/static/static/bg_custom.${ext}"
             sed -i "s|\"background\":.*|\"background\": \"/static/bg_custom.${ext}\",|g" priv/static/static/config.json
         fi
 
-        if [[ "$basedir" != $PLEROMA_DIR ]]; then
-            qvitter_update_background ${domain_name} ${ext}
+        if [[ "$basedir" != "$PLEROMA_DIR" ]]; then
+            qvitter_update_background "${domain_name}" "${ext}"
         fi
 
-        rm bg_custom.${ext}
+        rm "bg_custom.${ext}"
     else
         echo "2"
         return
     fi
 
     # customise the logo
-    if [ -f $basedir/static/logo.png ]; then
-        if [ -f ~/freedombone/img/logo_fbone3.png ]; then
-            cp ~/freedombone/img/logo_fbone3.png $basedir/static/logo.png
-            if [ -d $basedir/priv/static/static ]; then
-                cp ~/freedombone/img/logo_fbone3.png $basedir/priv/static/static/logo.png
+    if [ -f "$basedir/static/logo.png" ]; then
+        if [ -f "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
+            cp "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/static/logo.png"
+            if [ -d "$basedir/priv/static/static" ]; then
+                cp "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/priv/static/static/logo.png"
             fi
         else
-            if [ -f /home/$MY_USERNAME/freedombone/img/logo_fbone3.png ]; then
-                cp /home/$MY_USERNAME/freedombone/img/logo_fbone3.png $basedir/static/logo.png
-                if [ -d $basedir/priv/static/static ]; then
-                    cp /home/$MY_USERNAME/freedombone/img/logo_fbone3.png $basedir/priv/static/static/logo.png
+            if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
+                cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/static/logo.png"
+                if [ -d "$basedir/priv/static/static" ]; then
+                    cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/priv/static/static/logo.png"
                 fi
             fi
         fi
     fi
 
     # customise the title
-    if [ -f $basedir/static/config.json ]; then
-        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" $basedir/static/config.json
+    if [ -f "$basedir/static/config.json" ]; then
+        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" "$basedir/static/config.json"
     fi
-    if [ -f $basedir/priv/static/static/config.json ]; then
-        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" $basedir/priv/static/static/config.json
+    if [ -f "$basedir/priv/static/static/config.json" ]; then
+        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" "$basedir/priv/static/static/config.json"
     fi
 
     echo "0"
 }
 
 function install_qvitter {
-    domain_name=$1
-    app_name=$2
+    domain_name="$1"
+    app_name="$2"
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/${domain_name}/htdocs/local/plugins/Qvitter "${app_name} theme commit" "$QVITTER_THEME_COMMIT" $QVITTER_THEME_REPO
+    set_repo_commit "/var/www/${domain_name}/htdocs/local/plugins/Qvitter" "${app_name} theme commit" "$QVITTER_THEME_COMMIT" "$QVITTER_THEME_REPO"
 
     # customise with project logo
-    if [ -f /var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png ]; then
-        if [ -f ~/freedombone/img/logo_fbone3.png ]; then
-            cp ~/freedombone/img/logo_fbone3.png /var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png
+    if [ -f "/var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png" ]; then
+        if [ -f "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
+            cp "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" "/var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png"
         else
-            if [ -f /home/$MY_USERNAME/freedombone/img/logo_fbone3.png ]; then
-                cp /home/$MY_USERNAME/freedombone/img/logo_fbone3.png /var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png
+            if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
+                cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" "/var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png"
             fi
         fi
     fi
@@ -202,101 +202,101 @@ function install_qvitter {
 
     apt-get -yq install wget
 
-    if [ ! -d /var/www/${domain_name}/htdocs/local/plugins ]; then
-        mkdir -p /var/www/${domain_name}/htdocs/local/plugins
+    if [ ! -d "/var/www/${domain_name}/htdocs/local/plugins" ]; then
+        mkdir -p "/var/www/${domain_name}/htdocs/local/plugins"
     fi
 
-    cd /var/www/${domain_name}/htdocs/local/plugins
+    cd "/var/www/${domain_name}/htdocs/local/plugins" || exit 64284632
 
     if [ -d /repos/qvitter ]; then
         mkdir Qvitter
         cp -r -p /repos/qvitter/. Qvitter
-        cd Qvitter
+        cd Qvitter || exit 2648246
         git pull
     else
         function_check git_clone
-        git_clone $QVITTER_THEME_REPO Qvitter
+        git_clone "$QVITTER_THEME_REPO" Qvitter
     fi
 
-    if [ ! -d /var/www/${domain_name}/htdocs/local/plugins/Qvitter ]; then
+    if [ ! -d "/var/www/${domain_name}/htdocs/local/plugins/Qvitter" ]; then
         echo $'Qvitter repo was not installed'
         exit 835638
     fi
 
-    cd /var/www/${domain_name}/htdocs/local/plugins/Qvitter
-    git checkout $QVITTER_THEME_COMMIT -b $QVITTER_THEME_COMMIT
+    cd "/var/www/${domain_name}/htdocs/local/plugins/Qvitter" || exit 7824245
+    git checkout "$QVITTER_THEME_COMMIT" -b "$QVITTER_THEME_COMMIT"
 
-    config_file=/var/www/${domain_name}/htdocs/config.php
-    if ! grep -q "addPlugin('Qvitter')" $config_file; then
-        echo "" >> $config_file
-        echo "// Qvitter settings" >> $config_file
-        echo "addPlugin('Qvitter');" >> $config_file
-        echo "\$config['site']['qvitter']['enabledbydefault'] = true;" >> $config_file
-        echo "\$config['site']['qvitter']['defaultbackgroundcolor'] = '#f4f4f4';" >> $config_file
-        echo "\$config['site']['qvitter']['defaultlinkcolor'] = '#0084B4';" >> $config_file
-        echo "\$config['site']['qvitter']['timebetweenpolling'] = 30000; // 30 secs" >> $config_file
+    config_file="/var/www/${domain_name}/htdocs/config.php"
+    if ! grep -q "addPlugin('Qvitter')" "$config_file"; then
+        { echo "";
+          echo "// Qvitter settings";
+          echo "addPlugin('Qvitter');";
+          echo "\$config['site']['qvitter']['enabledbydefault'] = true;";
+          echo "\$config['site']['qvitter']['defaultbackgroundcolor'] = '#f4f4f4';";
+          echo "\$config['site']['qvitter']['defaultlinkcolor'] = '#0084B4';";
+          echo "\$config['site']['qvitter']['timebetweenpolling'] = 30000; // 30 secs"; } >> "$config_file"
         if [[ $ONION_ONLY == 'no' ]]; then
-            echo "\$config['site']['qvitter']['urlshortenerapiurl'] = 'http://qttr.at/shortener.php';" >> $config_file
-            echo "\$config['site']['qvitter']['urlshortenersignature'] = 'b6afeec983';" >> $config_file
+            echo "\$config['site']['qvitter']['urlshortenerapiurl'] = 'http://qttr.at/shortener.php';" >> "$config_file"
+            echo "\$config['site']['qvitter']['urlshortenersignature'] = 'b6afeec983';" >> "$config_file"
         fi
-        echo "\$config['site']['qvitter']['favicon'] = 'img/favicon.ico?v=4';" >> $config_file
-        echo "\$config['site']['qvitter']['sprite'] = Plugin::staticPath('Qvitter', '').'img/sprite.png?v=40';" >> $config_file
-        echo "\$config['site']['qvitter']['enablewelcometext'] = false;" >> $config_file
-        echo "\$config['site']['qvitter']['blocked_ips'] = array();" >> $config_file
+        { echo "\$config['site']['qvitter']['favicon'] = 'img/favicon.ico?v=4';";
+          echo "\$config['site']['qvitter']['sprite'] = Plugin::staticPath('Qvitter', '').'img/sprite.png?v=40';";
+          echo "\$config['site']['qvitter']['enablewelcometext'] = false;";
+          echo "\$config['site']['qvitter']['blocked_ips'] = array();"; } >> "$config_file"
     fi
 
     # customise with project logo
-    if [ -f /var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png ]; then
-        if [ -f ~/freedombone/img/${app_name}_sprite.png ]; then
-            cp ~/freedombone/img/${app_name}_sprite.png /var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png
+    if [ -f "/var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png" ]; then
+        if [ -f "$HOME/${PROJECT_NAME}/img/${app_name}_sprite.png" ]; then
+            cp "$HOME/${PROJECT_NAME}/img/${app_name}_sprite.png" "/var/www/${domain_name}/htdocs/local/plugins/Qvitter/img/sprite.png"
         fi
     fi
 
-    chown -R www-data:www-data /var/www/${domain_name}/htdocs
+    chown -R www-data:www-data "/var/www/${domain_name}/htdocs"
 
-    cd /var/www/${domain_name}/htdocs
+    cd "/var/www/${domain_name}/htdocs" || exit 37483673
     php scripts/upgrade.php
     php scripts/checkschema.php
-    chown -R www-data:www-data /var/www/${domain_name}/htdocs
+    chown -R www-data:www-data "/var/www/${domain_name}/htdocs"
 
     set_completion_param "${app_name} theme commit" "$QVITTER_THEME_COMMIT"
 
-    install_completed ${app_name}_theme
+    install_completed "${app_name}_theme"
 }
 
 function install_gnusocial_default_background {
-    gnusocial_type=$1
-    domain_name=$2
+    gnusocial_type="$1"
+    domain_name="$2"
 
-    basedir=/var/www/${domain_name}/htdocs
+    basedir="/var/www/${domain_name}/htdocs"
     if [[ "$gnusocial_type" == 'pleroma' ]]; then
-        basedir=$PLEROMA_DIR/priv/static
+        basedir="$PLEROMA_DIR/priv/static"
     fi
 
     # customise the logo
-    if [ -f $basedir/static/logo.png ]; then
-        if [ -f ~/freedombone/img/logo_fbone3.png ]; then
-            cp ~/freedombone/img/logo_fbone3.png $basedir/static/logo_custom.png
-            sed -i "s|\"logo\":.*|\"logo\": \"/static/logo_custom.png\",|g" $basedir/static/config.json
+    if [ -f "$basedir/static/logo.png" ]; then
+        if [ -f "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
+            cp "$HOME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/static/logo_custom.png"
+            sed -i "s|\"logo\":.*|\"logo\": \"/static/logo_custom.png\",|g" "$basedir/static/config.json"
         else
-            if [ -f /home/$MY_USERNAME/freedombone/img/logo_fbone3.png ]; then
-                cp /home/$MY_USERNAME/freedombone/img/logo_fbone3.png $basedir/static/logo_custom.png
-                sed -i "s|\"logo\":.*|\"logo\": \"/static/logo_custom.png\",|g" $basedir/static/config.json
+            if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" ]; then
+                cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/logo_fbone3.png" "$basedir/static/logo_custom.png"
+                sed -i "s|\"logo\":.*|\"logo\": \"/static/logo_custom.png\",|g" "$basedir/static/config.json"
             fi
         fi
     fi
 
-    if [ ! -f $basedir/static/bg.jpg ]; then
+    if [ ! -f "$basedir/static/bg.jpg" ]; then
         return
     fi
 
-    if [ -f ~/freedombone/img/backgrounds/${gnusocial_type}.jpg ]; then
-        cp ~/freedombone/img/backgrounds/${gnusocial_type}.jpg $basedir/static/bg_custom.jpg
-        sed -i "s|\"background\":.*|\"background\": \"/static/bg_custom.jpg\",|g" $basedir/static/config.json
+    if [ -f "$HOME/${PROJECT_NAME}/img/backgrounds/${gnusocial_type}.jpg" ]; then
+        cp "$HOME/${PROJECT_NAME}/img/backgrounds/${gnusocial_type}.jpg" "$basedir/static/bg_custom.jpg"
+        sed -i "s|\"background\":.*|\"background\": \"/static/bg_custom.jpg\",|g" "$basedir/static/config.json"
     else
-        if [ -f /home/$MY_USERNAME/freedombone/img/backgrounds/${gnusocial_type}.jpg ]; then
-            cp /home/$MY_USERNAME/freedombone/img/backgrounds/${gnusocial_type}.jpg $basedir/static/bg_custom.jpg
-            sed -i "s|\"background\":.*|\"background\": \"/static/bg_custom.jpg\",|g" $basedir/static/config.json
+        if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/backgrounds/${gnusocial_type}.jpg" ]; then
+            cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/backgrounds/${gnusocial_type}.jpg" "$basedir/static/bg_custom.jpg"
+            sed -i "s|\"background\":.*|\"background\": \"/static/bg_custom.jpg\",|g" "$basedir/static/config.json"
         fi
     fi
 }
@@ -308,30 +308,30 @@ function install_pleroma_front_end {
     background_url="$3"
     title="$4"
 
-    if [ ! -d $INSTALL_DIR/pleroma ]; then
+    if [ ! -d "$INSTALL_DIR/pleroma" ]; then
 
         if [ -d /repos/pleroma-fe ]; then
-            mkdir -p $INSTALL_DIR/pleroma
-            cp -r -p /repos/pleroma-fe/. $INSTALL_DIR/pleroma
-            cd $INSTALL_DIR/pleroma
+            mkdir -p "$INSTALL_DIR/pleroma"
+            cp -r -p /repos/pleroma-fe/. "$INSTALL_DIR/pleroma"
+            cd "$INSTALL_DIR/pleroma" || exit 23468324
             git pull
         else
             function_check git_clone
-            git_clone $PLEROMA_FRONTEND_REPO $INSTALL_DIR/pleroma
+            git_clone "$PLEROMA_FRONTEND_REPO" "$INSTALL_DIR/pleroma"
         fi
 
-        if [ ! -d $INSTALL_DIR/pleroma ]; then
+        if [ ! -d "$INSTALL_DIR/pleroma" ]; then
             echo $'Unable to clone pleroma repo'
             exit 682252
         fi
     fi
 
-    cd $INSTALL_DIR/pleroma
-    git checkout $PLEROMA_FRONTEND_COMMIT -b $PLEROMA_FRONTEND_COMMIT
+    cd "$INSTALL_DIR/pleroma" || exit 2562844
+    git checkout "$PLEROMA_FRONTEND_COMMIT" -b "$PLEROMA_FRONTEND_COMMIT"
     set_completion_param "${app_name} pleroma commit" "$PLEROMA_FRONTEND_COMMIT"
 
-    if [ -d $INSTALL_DIR/pleroma/node_modules ]; then
-        rm -rf $INSTALL_DIR/pleroma/node_modules
+    if [ -d "$INSTALL_DIR/pleroma/node_modules" ]; then
+        rm -rf "$INSTALL_DIR/pleroma/node_modules"
     fi
 
     npm install -g yarn
@@ -341,35 +341,35 @@ function install_pleroma_front_end {
     npm install -g node-sass@4.5.2
     npm install -g whatwg-fetch@2.0.3
     yarn
-    if [ -f $INSTALL_DIR/pleroma/dist/index.html ]; then
-        rm -rf $INSTALL_DIR/pleroma/dist/*
+    if [ -f "$INSTALL_DIR/pleroma/dist/index.html" ]; then
+        rm -rf "$INSTALL_DIR/pleroma/dist/*"
     fi
     npm run build
-    if [ ! -d $INSTALL_DIR/pleroma/dist ]; then
+    if [ ! -d "$INSTALL_DIR/pleroma/dist" ]; then
         echo 'Unable to build pleroma'
         exit 7629352
     fi
-    if [ ! -f $INSTALL_DIR/pleroma/dist/index.html ]; then
+    if [ ! -f "$INSTALL_DIR/pleroma/dist/index.html" ]; then
         echo $'Unable to build pleroma index.html'
         exit 5282682
     fi
 
     if [[ "$app_name" != 'pleroma' ]]; then
-        cp -r $INSTALL_DIR/pleroma/dist/* /var/www/${pleroma_domain}/htdocs/
-        pleroma_set_background_image_from_url /var/www/${pleroma_domain}/htdocs "$pleroma_domain" "$background_url" "$title"
+        cp -r "$INSTALL_DIR/pleroma/dist/*" "/var/www/${pleroma_domain}/htdocs/"
+        pleroma_set_background_image_from_url "/var/www/${pleroma_domain}/htdocs" "$pleroma_domain" "$background_url" "$title"
     else
-        cp -r $INSTALL_DIR/pleroma/dist/* $PLEROMA_DIR/priv/static
-        pleroma_set_background_image_from_url $PLEROMA_DIR/priv/static "$pleroma_domain" "$background_url" "$title"
+        cp -r "$INSTALL_DIR/pleroma/dist/*" "$PLEROMA_DIR/priv/static"
+        pleroma_set_background_image_from_url "$PLEROMA_DIR/priv/static" "$pleroma_domain" "$background_url" "$title"
     fi
 
 
-    nginx_site=/etc/nginx/sites-available/${pleroma_domain}
-    sed -i 's|index index.php;|index index.html;|g' $nginx_site
+    nginx_site="/etc/nginx/sites-available/${pleroma_domain}"
+    sed -i 's|index index.php;|index index.html;|g' "$nginx_site"
 
-    if [ -f /var/www/${pleroma_domain}/htdocs/index.php ]; then
-        mv /var/www/${pleroma_domain}/htdocs/index.php /var/www/${pleroma_domain}/htdocs/index_qvitter.php
+    if [ -f "/var/www/${pleroma_domain}/htdocs/index.php" ]; then
+        mv "/var/www/${pleroma_domain}/htdocs/index.php" "/var/www/${pleroma_domain}/htdocs/index_qvitter.php"
     fi
-    sed -i 's|index.php|index_qvitter.php|g' $nginx_site
+    sed -i 's|index.php|index_qvitter.php|g' "$nginx_site"
 
     # remove any cached yarn files
     if [ -d /root/.cache/yarn ]; then
@@ -377,9 +377,9 @@ function install_pleroma_front_end {
     fi
 
     if [[ "$app_name" != 'pleroma' ]]; then
-        chown -R www-data:www-data /var/www/${pleroma_domain}/htdocs
+        chown -R www-data:www-data "/var/www/${pleroma_domain}/htdocs"
     else
-        chown -R pleroma:pleroma $PLEROMA_DIR
+        chown -R pleroma:pleroma "$PLEROMA_DIR"
     fi
 }
 
@@ -389,269 +389,267 @@ function upgrade_pleroma_frontend {
     background_url="$3"
     title="$4"
 
-    if [ -d $INSTALL_DIR/pleroma ]; then
-        set_repo_commit $INSTALL_DIR/pleroma "${app_name} pleroma commit" "$PLEROMA_FRONTEND_COMMIT" $PLEROMA_FRONTEND_REPO
-        cd $INSTALL_DIR/pleroma
+    if [ -d "$INSTALL_DIR/pleroma" ]; then
+        set_repo_commit "$INSTALL_DIR/pleroma" "${app_name} pleroma commit" "$PLEROMA_FRONTEND_COMMIT" "$PLEROMA_FRONTEND_REPO"
+        cd "$INSTALL_DIR/pleroma" || exit 3468356385
         yarn
         npm run build
-        if [ ! -d $INSTALL_DIR/pleroma/dist ]; then
+        if [ ! -d "$INSTALL_DIR/pleroma/dist" ]; then
             echo 'Unable to build pleroma'
             exit 268362
         fi
 
-        basedir=/var/www/${domain_name}/htdocs
+        basedir="/var/www/${domain_name}/htdocs"
         if [[ "$app_name" == 'pleroma' ]]; then
-            basedir=$PLEROMA_DIR/priv/static
+            basedir="$PLEROMA_DIR/priv/static"
         fi
-        if [ -f $basedir/static/logo.png ]; then
-            cp $basedir/static/logo.png $basedir/static/logo.png.old
+        if [ -f "$basedir/static/logo.png" ]; then
+            cp "$basedir/static/logo.png" "$basedir/static/logo.png.old"
         fi
-        if [ -f $basedir/static/bg.jpg ]; then
-            cp $basedir/static/bg.jpg $basedir/static/bg.jpg.old
+        if [ -f "$basedir/static/bg.jpg" ]; then
+            cp "$basedir/static/bg.jpg" "$basedir/static/bg.jpg.old"
         fi
-        if [ -f $basedir/static/config.json ]; then
-            cp $basedir/static/config.json $basedir/static/config.json.old
+        if [ -f "$basedir/static/config.json" ]; then
+            cp "$basedir/static/config.json" "$basedir/static/config.json.old"
         fi
-        cp -r $INSTALL_DIR/pleroma/dist/* $basedir/
-        if [ -f $basedir/static/config.json.old ]; then
-            mv $basedir/static/config.json.old $basedir/static/config.json
+        cp -r "$INSTALL_DIR/pleroma/dist/*" "$basedir/"
+        if [ -f "$basedir/static/config.json.old" ]; then
+            mv "$basedir/static/config.json.old" "$basedir/static/config.json"
         fi
-        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" $basedir/static/config.json
-        if [ -f $basedir/static/logo.png.old ]; then
-            cp $basedir/static/logo.png.old $basedir/static/logo.png
+        sed -i "s|\"name\":.*|\"name\": \"${title}\",|g" "$basedir/static/config.json"
+        if [ -f "$basedir/static/logo.png.old" ]; then
+            cp "$basedir/static/logo.png.old" "$basedir/static/logo.png"
         fi
-        if [ -f $basedir/static/bg.jpg.old ]; then
-            cp $basedir/static/bg.jpg.old $basedir/static/bg.jpg
+        if [ -f "$basedir/static/bg.jpg.old" ]; then
+            cp "$basedir/static/bg.jpg.old" "$basedir/static/bg.jpg"
         fi
 
-        if [ -f $basedir/index.php ]; then
-            mv $basedir/index.php $basedir/index_qvitter.php
+        if [ -f "$basedir/index.php" ]; then
+            mv "$basedir/index.php" "$basedir/index_qvitter.php"
         fi
-        chown -R www-data:www-data $basedir
+        chown -R www-data:www-data "$basedir"
     else
         install_pleroma_front_end "${app_name}" "${domain_name}" "${background_url}" "${title}"
     fi
 }
 
 function gnusocial_hourly_script {
-    gnusocial_type=$1
-    domain_name=$2
+    gnusocial_type="$1"
+    domain_name="$2"
 
     # check that the daemon is running
-    echo '#!/bin/bash' > /etc/cron.hourly/${gnusocial_type}-daemons
-    echo -n 'daemon_lines=$(ps aux | grep "' >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo -n "${domain_name}" >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo '/htdocs/scripts/queuedaemon.php" | grep "/var/www")' >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo "cd /var/www/${domain_name}/htdocs" >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo 'if [[ $daemon_lines != *"/var/www/"* ]]; then' >> /etc/cron.hourly/${gnusocial_type}-daemons
+    { echo '#!/bin/bash';
+      echo -n "daemon_lines=\$(ps aux | grep \"";
+      echo -n "${domain_name}";
+      echo '/htdocs/scripts/queuedaemon.php" | grep "/var/www")';
+      echo "cd /var/www/${domain_name}/htdocs";
+      echo "if [[ \$daemon_lines != *\"/var/www/\"* ]]; then";
+      echo "    ADMIN_USER=\$(cat $COMPLETION_FILE | grep 'Admin user' | awk -F ':' '{print \$2}')";
+      echo "    MY_EMAIL_ADDRESS=\$ADMIN_USER@$HOSTNAME";
+      echo -n "    echo \"Restarting ${gnusocial_type} daemons\" | mail -s \"${gnusocial_type} ";
+      echo "daemons not found\" \$MY_EMAIL_ADDRESS";
+      echo '    su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data';
+      echo 'fi';
+      echo 'php scripts/delete_orphan_files.php > /dev/null';
+      echo 'php scripts/clean_thumbnails.php -y > /dev/null';
+      echo 'php scripts/clean_file_table.php -y > /dev/null';
+      echo 'php scripts/upgrade.php > /dev/null'; } > "/etc/cron.hourly/${gnusocial_type}-daemons"
 
-    echo "    ADMIN_USER=\$(cat $COMPLETION_FILE | grep 'Admin user' | awk -F ':' '{print \$2}')" >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo '    MY_EMAIL_ADDRESS=$ADMIN_USER@$HOSTNAME' >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo -n "    echo \"Restarting ${gnusocial_type} daemons\" | mail -s \"${gnusocial_type} " >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo 'daemons not found" $MY_EMAIL_ADDRESS' >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo '    su -c "sh scripts/startdaemons.sh" -s /bin/sh www-data' >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo 'fi' >> /etc/cron.hourly/${gnusocial_type}-daemons
-
-    echo 'php scripts/delete_orphan_files.php > /dev/null' >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo 'php scripts/clean_thumbnails.php -y > /dev/null' >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo 'php scripts/clean_file_table.php -y > /dev/null' >> /etc/cron.hourly/${gnusocial_type}-daemons
-    echo 'php scripts/upgrade.php > /dev/null' >> /etc/cron.hourly/${gnusocial_type}-daemons
-
-    chmod +x /etc/cron.hourly/${gnusocial_type}-daemons
+    chmod +x "/etc/cron.hourly/${gnusocial_type}-daemons"
 }
 
 function gnusocial_block_user_script {
-    echo '#!/bin/bash' > /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo 'database_name=$1' >> /usr/bin/gnusocial-delete-user
-    echo 'remove_user=$2' >> /usr/bin/gnusocial-delete-user
-    echo 'domain_name=$3' >> /usr/bin/gnusocial-delete-user
-    echo 'MARIADB_PASSWORD=$(freedombone-pass -u root -a mariadb)' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo 'if [ ${#remove_user} -lt 2 ]; then' >> /usr/bin/gnusocial-delete-user
-    echo '  echo $"No user was specified"' >> /usr/bin/gnusocial-delete-user
-    echo '  exit 1' >> /usr/bin/gnusocial-delete-user
-    echo 'fi' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo 'if [[ "$remove_user" != *"."* || "$remove_user" != *"@"* ]]; then' >> /usr/bin/gnusocial-delete-user
-    echo '  echo $"This doesnt look like a user"' >> /usr/bin/gnusocial-delete-user
-    echo '  exit 2' >> /usr/bin/gnusocial-delete-user
-    echo 'fi' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo 'if [ ${#database_name} -lt 2 ]; then' >> /usr/bin/gnusocial-delete-user
-    echo '  echo $"No database was specified"' >> /usr/bin/gnusocial-delete-user
-    echo '  exit 3' >> /usr/bin/gnusocial-delete-user
-    echo 'fi' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo "nickname=\$(echo \"\$remove_user\" | awk -F '@' '{print \$1}')" >> /usr/bin/gnusocial-delete-user
-    echo "remove_domain=\$(echo \"\$remove_user\" | awk -F '@' '{print \$2}')" >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo "database_query=\"delete from notice where content REGEXP '\@\${remove_user}';\"" >> /usr/bin/gnusocial-delete-user
-    echo 'mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo 'database_query="select profile.id from profile where nickname = '"'"'${nickname}'"'"' and profileurl like '"'"'%${remove_domain}%'"'"';"' >> /usr/bin/gnusocial-delete-user
-    echo 'declare -a ids=$(mysql -u root --password="$MARIADB_PASSWORD" << EOF' >> /usr/bin/gnusocial-delete-user
-    echo 'use $database_name;' >> /usr/bin/gnusocial-delete-user
-    echo '$database_query' >> /usr/bin/gnusocial-delete-user
-    echo 'EOF' >> /usr/bin/gnusocial-delete-user
-    echo ')' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo 'ctr=0' >> /usr/bin/gnusocial-delete-user
-    echo 'for id in $ids' >> /usr/bin/gnusocial-delete-user
-    echo 'do' >> /usr/bin/gnusocial-delete-user
-    echo '  if [ $ctr -gt 0 ]; then' >> /usr/bin/gnusocial-delete-user
-    echo '      #echo "Removing user ID $id on $remove_domain"' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo '      database_query="delete from reply where profile_id=${id};"' >> /usr/bin/gnusocial-delete-user
-    echo '      mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo '      database_query="delete from reply where replied_id=${id};"' >> /usr/bin/gnusocial-delete-user
-    echo '      mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo '      if [ $domain_name ]; then' >> /usr/bin/gnusocial-delete-user
-    echo '          database_query="select rendered from notice where profile_id=${id} and rendered like '"'"'%/file/%'"'"';"' >> /usr/bin/gnusocial-delete-user
-    echo '          declare -a stored_files=$(mysql -u root --password="$MARIADB_PASSWORD" << EOF' >> /usr/bin/gnusocial-delete-user
-    echo 'use $database_name;' >> /usr/bin/gnusocial-delete-user
-    echo '$database_query' >> /usr/bin/gnusocial-delete-user
-    echo 'EOF' >> /usr/bin/gnusocial-delete-user
-    echo ')' >> /usr/bin/gnusocial-delete-user
-    echo -n "          files_to_delete=\$(echo \"\$stored_files\" | " >> /usr/bin/gnusocial-delete-user
-    echo 'sed -n '"'"'s/.*href="\([^"]*\).*/\1/p'"'"' | awk -F '"'"'file/'"'"' '"'"'{print $2}'"'"')' >> /usr/bin/gnusocial-delete-user
-    echo '          filectr=0' >> /usr/bin/gnusocial-delete-user
-    echo '          for f in $files_to_delete' >> /usr/bin/gnusocial-delete-user
-    echo '          do' >> /usr/bin/gnusocial-delete-user
-    echo '              if [ $filectr -gt 0 ]; then' >> /usr/bin/gnusocial-delete-user
-    echo '                  if $(ls /var/www/${domain_name}/htdocs/file/*${f}* 1> /dev/null 2>&1); then' >> /usr/bin/gnusocial-delete-user
-    echo '                      rm /var/www/${domain_name}/htdocs/file/*${f}*' >> /usr/bin/gnusocial-delete-user
-    echo '                  fi' >> /usr/bin/gnusocial-delete-user
-    echo '              fi' >> /usr/bin/gnusocial-delete-user
-    echo '              filectr=$((filectr + 1))' >> /usr/bin/gnusocial-delete-user
-    echo '          done' >> /usr/bin/gnusocial-delete-user
-    echo '      fi' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo '      database_query="delete from notice where profile_id=${id};"' >> /usr/bin/gnusocial-delete-user
-    echo '      mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo '      database_query="delete from profile where id=${id};"' >> /usr/bin/gnusocial-delete-user
-    echo '      mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-user
-    echo '' >> /usr/bin/gnusocial-delete-user
-    echo '      database_query="delete from qvitternotification where to_profile_id=${id} or from_profile_id=${id};"' >> /usr/bin/gnusocial-delete-user
-    echo '      mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-user
-    echo '  fi' >> /usr/bin/gnusocial-delete-user
-    echo '  ctr=$((ctr + 1))' >> /usr/bin/gnusocial-delete-user
-    echo 'done' >> /usr/bin/gnusocial-delete-user
+    { echo '#!/bin/bash';
+      echo '';
+      echo "database_name=\$1";
+      echo "remove_user=\$2";
+      echo "domain_name=\$3";
+      echo "MARIADB_PASSWORD=\$(freedombone-pass -u root -a mariadb)";
+      echo '';
+      echo "if [ \${#remove_user} -lt 2 ]; then";
+      echo '  echo $"No user was specified"';
+      echo '  exit 1';
+      echo 'fi';
+      echo '';
+      echo "if [[ \"\$remove_user\" != *\".\"* || \"\$remove_user\" != *\"@\"* ]]; then";
+      echo '  echo $"This doesnt look like a user"';
+      echo '  exit 2';
+      echo 'fi';
+      echo '';
+      echo "if [ \${#database_name} -lt 2 ]; then";
+      echo '  echo $"No database was specified"';
+      echo '  exit 3';
+      echo 'fi';
+      echo '';
+      echo "nickname=\$(echo \"\$remove_user\" | awk -F '@' '{print \$1}')";
+      echo "remove_domain=\$(echo \"\$remove_user\" | awk -F '@' '{print \$2}')";
+      echo '';
+      echo "database_query=\"delete from notice where content REGEXP '\\@\${remove_user}';\"";
+      echo "mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '';
+      echo "database_query=\"select profile.id from profile where nickname = '\${nickname}' and profileurl like '%\${remove_domain}%';\"";
+      echo "declare -a ids=\$(mysql -u root --password=\"\$MARIADB_PASSWORD\" << EOF";
+      echo "use \$database_name;";
+      echo "\$database_query";
+      echo 'EOF';
+      echo ')';
+      echo '';
+      echo 'ctr=0';
+      echo "for id in \$ids";
+      echo 'do';
+      echo "  if [ \$ctr -gt 0 ]; then";
+      echo "      #echo \"Removing user ID \$id on \$remove_domain\"";
+      echo '';
+      echo "      database_query=\"delete from reply where profile_id=\${id};\"";
+      echo "      mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '';
+      echo "      database_query=\"delete from reply where replied_id=\${id};\"";
+      echo "      mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '';
+      echo "      if [ \$domain_name ]; then";
+      echo "          database_query=\"select rendered from notice where profile_id=\${id} and rendered like '%/file/%';\"";
+      echo "          declare -a stored_files=\$(mysql -u root --password=\"\$MARIADB_PASSWORD\" << EOF";
+      echo "use \$database_name;";
+      echo "\$database_query";
+      echo 'EOF';
+      echo ')';
+      echo -n "          files_to_delete=\$(echo \"\$stored_files\" | ";
+      echo "sed -n 's/.*href=\"\\([^\"]*\\).*/\\1/p' | awk -F 'file/' '{print \$2}')";
+      echo '          filectr=0';
+      echo "          for f in \$files_to_delete";
+      echo '          do';
+      echo "              if [ \$filectr -gt 0 ]; then";
+      echo "                  if \$(ls /var/www/\${domain_name}/htdocs/file/*\${f}* 1> /dev/null 2>&1); then";
+      echo "                      rm /var/www/\${domain_name}/htdocs/file/*\${f}*";
+      echo '                  fi';
+      echo '              fi';
+      echo "              filectr=\$((filectr + 1))";
+      echo '          done';
+      echo '      fi';
+      echo '';
+      echo "      database_query=\"delete from notice where profile_id=\${id};\"";
+      echo "      mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '';
+      echo "      database_query=\"delete from profile where id=\${id};\"";
+      echo "      mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '';
+      echo "      database_query=\"delete from qvitternotification where to_profile_id=\${id} or from_profile_id=\${id};\"";
+      echo "      mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '  fi';
+      echo "  ctr=\$((ctr + 1))";
+      echo 'done'; } > /usr/bin/gnusocial-delete-user
     chmod +x /usr/bin/gnusocial-delete-user
 }
 
 function gnusocial_block_domain_script {
-    database_name=$1
-    gnusoc_domain=$2
+    database_name="$1"
+    gnusoc_domain="$2"
 
-    echo '#!/bin/bash' > /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo 'database_name=$1' >> /usr/bin/gnusocial-delete-domain
-    echo 'remove_domain=$2' >> /usr/bin/gnusocial-delete-domain
-    echo 'domain_name=$3' >> /usr/bin/gnusocial-delete-domain
-    echo "MARIADB_PASSWORD=\$(${PROJECT_NAME}-pass -u root -a mariadb)" >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo 'if [ ${#remove_domain} -lt 2 ]; then' >> /usr/bin/gnusocial-delete-domain
-    echo '    echo $"No domain was specified"' >> /usr/bin/gnusocial-delete-domain
-    echo '    exit 1' >> /usr/bin/gnusocial-delete-domain
-    echo 'fi' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo 'if [[ "$remove_domain" != *"."* ]]; then' >> /usr/bin/gnusocial-delete-domain
-    echo '    echo $"This doesnt look like a domain"' >> /usr/bin/gnusocial-delete-domain
-    echo '    exit 2' >> /usr/bin/gnusocial-delete-domain
-    echo 'fi' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo 'if [ ${#database_name} -lt 2 ]; then' >> /usr/bin/gnusocial-delete-domain
-    echo '    echo $"No database was specified"' >> /usr/bin/gnusocial-delete-domain
-    echo '    exit 3' >> /usr/bin/gnusocial-delete-domain
-    echo 'fi' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo "database_query=\"select profile.id from profile where profileurl like '%\${remove_domain}%';\"" >> /usr/bin/gnusocial-delete-domain
-    echo 'declare -a ids=$(mysql -u root --password="$MARIADB_PASSWORD" << EOF' >> /usr/bin/gnusocial-delete-domain
-    echo 'use $database_name;' >> /usr/bin/gnusocial-delete-domain
-    echo '$database_query' >> /usr/bin/gnusocial-delete-domain
-    echo 'EOF' >> /usr/bin/gnusocial-delete-domain
-    echo ')' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo 'ctr=0' >> /usr/bin/gnusocial-delete-domain
-    echo 'for id in $ids' >> /usr/bin/gnusocial-delete-domain
-    echo 'do' >> /usr/bin/gnusocial-delete-domain
-    echo '    if [ $ctr -gt 0 ]; then' >> /usr/bin/gnusocial-delete-domain
-    echo '        #echo "Removing user ID $id on $remove_domain"' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo "        database_query=\"delete from conversation where uri like '%\${remove_domain}%';\"" >> /usr/bin/gnusocial-delete-domain
-    echo '        mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo '        database_query="delete from reply where profile_id=${id};"' >> /usr/bin/gnusocial-delete-domain
-    echo '        mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo '        database_query="delete from reply where replied_id=${id};"' >> /usr/bin/gnusocial-delete-domain
-    echo '        mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo '        if [ $domain_name ]; then' >> /usr/bin/gnusocial-delete-domain
-    echo '          database_query="select rendered from notice where profile_id=${id} and rendered like '"'"'%/file/%'"'"';"' >> /usr/bin/gnusocial-delete-domain
-    echo '          declare -a stored_files=$(mysql -u root --password="$MARIADB_PASSWORD" << EOF' >> /usr/bin/gnusocial-delete-domain
-    echo 'use $database_name;' >> /usr/bin/gnusocial-delete-domain
-    echo '$database_query' >> /usr/bin/gnusocial-delete-domain
-    echo 'EOF' >> /usr/bin/gnusocial-delete-domain
-    echo ')' >> /usr/bin/gnusocial-delete-domain
-    echo -n "           files_to_delete=\$(echo \"\$stored_files\" | " >> /usr/bin/gnusocial-delete-domain
-    echo 'sed -n '"'"'s/.*href="\([^"]*\).*/\1/p'"'"' | awk -F '"'"'file/'"'"' '"'"'{print $2}'"'"')' >> /usr/bin/gnusocial-delete-domain
-    echo '            filectr=0' >> /usr/bin/gnusocial-delete-domain
-    echo '            for f in $files_to_delete' >> /usr/bin/gnusocial-delete-domain
-    echo '            do' >> /usr/bin/gnusocial-delete-domain
-    echo '                if [ $filectr -gt 0 ]; then' >> /usr/bin/gnusocial-delete-domain
-    echo '                    if $(ls /var/www/${domain_name}/htdocs/file/*${f}* 1> /dev/null 2>&1); then' >> /usr/bin/gnusocial-delete-domain
-    echo '                        rm /var/www/${domain_name}/htdocs/file/*${f}*' >> /usr/bin/gnusocial-delete-domain
-    echo '                    fi' >> /usr/bin/gnusocial-delete-domain
-    echo '                fi' >> /usr/bin/gnusocial-delete-domain
-    echo '                filectr=$((filectr + 1))' >> /usr/bin/gnusocial-delete-domain
-    echo '            done' >> /usr/bin/gnusocial-delete-domain
-    echo '        fi' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo '        database_query="delete from notice where profile_id=${id};"' >> /usr/bin/gnusocial-delete-domain
-    echo '        mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo '        database_query="delete from profile where id=${id};"' >> /usr/bin/gnusocial-delete-domain
-    echo '        mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-domain
-    echo '' >> /usr/bin/gnusocial-delete-domain
-    echo '        database_query="delete from qvitternotification where to_profile_id=${id} or from_profile_id=${id};"' >> /usr/bin/gnusocial-delete-domain
-    echo '        mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name' >> /usr/bin/gnusocial-delete-domain
-    echo '    fi' >> /usr/bin/gnusocial-delete-domain
-    echo '    ctr=$((ctr + 1))' >> /usr/bin/gnusocial-delete-domain
-    echo 'done' >> /usr/bin/gnusocial-delete-domain
+    { echo '#!/bin/bash';
+      echo '';
+      echo "database_name=\$1";
+      echo "remove_domain=\$2";
+      echo "domain_name=\$3";
+      echo "MARIADB_PASSWORD=\$(${PROJECT_NAME}-pass -u root -a mariadb)";
+      echo '';
+      echo "if [ \${#remove_domain} -lt 2 ]; then";
+      echo '    echo $"No domain was specified"';
+      echo '    exit 1';
+      echo 'fi';
+      echo '';
+      echo "if [[ \"\$remove_domain\" != *\".\"* ]]; then";
+      echo '    echo $"This doesnt look like a domain"';
+      echo '    exit 2';
+      echo 'fi';
+      echo '';
+      echo "if [ \${#database_name} -lt 2 ]; then";
+      echo '    echo $"No database was specified"';
+      echo '    exit 3';
+      echo 'fi';
+      echo '';
+      echo "database_query=\"select profile.id from profile where profileurl like '%\${remove_domain}%';\"";
+      echo "declare -a ids=\$(mysql -u root --password=\"\$MARIADB_PASSWORD\" << EOF";
+      echo "use \$database_name;";
+      echo "\$database_query";
+      echo 'EOF';
+      echo ')';
+      echo '';
+      echo 'ctr=0';
+      echo "for id in \$ids";
+      echo 'do';
+      echo "    if [ \$ctr -gt 0 ]; then";
+      echo "        #echo \"Removing user ID \$id on \$remove_domain\"";
+      echo '';
+      echo "        database_query=\"delete from conversation where uri like '%\${remove_domain}%';\"";
+      echo "        mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '';
+      echo "        database_query=\"delete from reply where profile_id=\${id};\"";
+      echo "        mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" $database_name";
+      echo '';
+      echo "        database_query=\"delete from reply where replied_id=\${id};\"";
+      echo "        mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '';
+      echo "        if [ \$domain_name ]; then";
+      echo "          database_query=\"select rendered from notice where profile_id=\${id} and rendered like '%/file/%';\"";
+      echo "          declare -a stored_files=\$(mysql -u root --password=\"\$MARIADB_PASSWORD\" << EOF";
+      echo "use \$database_name;";
+      echo "\$database_query";
+      echo 'EOF';
+      echo ')';
+      echo -n "           files_to_delete=\$(echo \"\$stored_files\" | ";
+      echo "sed -n 's/.*href=\"\\([^\"]*\\).*/\\1/p' | awk -F 'file/' '{print \$2}')";
+      echo '            filectr=0';
+      echo "            for f in \$files_to_delete";
+      echo '            do';
+      echo "                if [ \$filectr -gt 0 ]; then";
+      echo "                    if \$(ls /var/www/\${domain_name}/htdocs/file/*\${f}* 1> /dev/null 2>&1); then";
+      echo "                        rm /var/www/\${domain_name}/htdocs/file/*\${f}*";
+      echo '                    fi';
+      echo '                fi';
+      echo "                filectr=\$((filectr + 1))";
+      echo '            done';
+      echo '        fi';
+      echo '';
+      echo "        database_query=\"delete from notice where profile_id=\${id};\"";
+      echo "        mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" $database_name";
+      echo '';
+      echo "        database_query=\"delete from profile where id=\${id};\"";
+      echo "        mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '';
+      echo "        database_query=\"delete from qvitternotification where to_profile_id=\${id} or from_profile_id=\${id};\"";
+      echo "        mysql -u root --password=\"\$MARIADB_PASSWORD\" -e \"\$database_query\" \$database_name";
+      echo '    fi';
+      echo "    ctr=\$((ctr + 1))";
+      echo 'done'; } > /usr/bin/gnusocial-delete-domain
     chmod +x /usr/bin/gnusocial-delete-domain
 
-    echo '#!/bin/bash' > /usr/bin/${database_name}-firewall
-    echo '' >> /usr/bin/${database_name}-firewall
-    echo "PROJECT_NAME=$PROJECT_NAME" >> /usr/bin/${database_name}-firewall
-    echo "GNUSOCIAL_DOMAIN_NAME=$gnusoc_domain" >> /usr/bin/${database_name}-firewall
-    echo "database_name=$database_name" >> /usr/bin/${database_name}-firewall
-    echo 'FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg' >> /usr/bin/${database_name}-firewall
-    echo '' >> /usr/bin/${database_name}-firewall
-    echo 'while read block; do' >> /usr/bin/${database_name}-firewall
-    echo '    if [[ "$block" != *"@"* ]]; then' >> /usr/bin/${database_name}-firewall
-    echo '        /usr/bin/gnusocial-delete-domain "$database_name" "$block" "$GNUSOCIAL_DOMAIN_NAME"' >> /usr/bin/${database_name}-firewall
-    echo '    else' >> /usr/bin/${database_name}-firewall
-    echo '        /usr/bin/gnusocial-delete-user "$database_name" "$block" "$GNUSOCIAL_DOMAIN_NAME"' >> /usr/bin/${database_name}-firewall
-    echo '    fi' >> /usr/bin/${database_name}-firewall
-    echo 'done <$FIREWALL_DOMAINS' >> /usr/bin/${database_name}-firewall
-    echo '' >> /usr/bin/${database_name}-firewall
-    echo '# remove any metadata from images uploaded in the last 2 minutes' >> /usr/bin/${database_name}-firewall
-    echo 'if [ -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then' >> /usr/bin/${database_name}-firewall
-    echo '    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs' >> /usr/bin/${database_name}-firewall
-    echo '    declare -a recent_image=$(find file ! -name thumb-* -mmin -2 -type f -exec ls -l {} + | awk -F '"'"'file/'"'"' '"'"'{print $2}'"'"')' >> /usr/bin/${database_name}-firewall
-    echo '    for f in ${recent_image[@]}' >> /usr/bin/${database_name}-firewall
-    echo '    do' >> /usr/bin/${database_name}-firewall
-    echo '        if [ ${#f} -gt 1 ]; then' >> /usr/bin/${database_name}-firewall
-    echo '            exiftool -q -all= "file/${f}"' >> /usr/bin/${database_name}-firewall
-    echo '        fi' >> /usr/bin/${database_name}-firewall
-    echo '    done' >> /usr/bin/${database_name}-firewall
-    echo 'fi' >> /usr/bin/${database_name}-firewall
-    chmod +x /usr/bin/${database_name}-firewall
+    { echo '#!/bin/bash';
+      echo '';
+      echo "PROJECT_NAME=$PROJECT_NAME";
+      echo "GNUSOCIAL_DOMAIN_NAME=$gnusoc_domain";
+      echo "database_name=$database_name";
+      echo "FIREWALL_DOMAINS=\$HOME/\${PROJECT_NAME}-firewall-domains.cfg";
+      echo '';
+      echo 'while read block; do';
+      echo "    if [[ \"\$block\" != *\"@\"* ]]; then";
+      echo "        /usr/bin/gnusocial-delete-domain \"\$database_name\" \"\$block\" \"\$GNUSOCIAL_DOMAIN_NAME\"";
+      echo '    else';
+      echo "        /usr/bin/gnusocial-delete-user \"\$database_name\" \"\$block\" \"\$GNUSOCIAL_DOMAIN_NAME\"";
+      echo '    fi';
+      echo "done <\$FIREWALL_DOMAINS";
+      echo '';
+      echo '# remove any metadata from images uploaded in the last 2 minutes';
+      echo "if [ -d /var/www/\$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then";
+      echo "    cd /var/www/\$GNUSOCIAL_DOMAIN_NAME/htdocs";
+      echo "    declare -a recent_image=\$(find file ! -name thumb-* -mmin -2 -type f -exec ls -l {} + | awk -F 'file/' '{print \$2}')";
+      echo "    for f in \${recent_image[@]}";
+      echo '    do';
+      echo "        if [ \${#f} -gt 1 ]; then";
+      echo "            exiftool -q -all= \"file/\${f}\"";
+      echo '        fi';
+      echo '    done';
+      echo 'fi'; } > "/usr/bin/${database_name}-firewall"
+    chmod +x "/usr/bin/${database_name}-firewall"
 
     if ! grep -q "${database_name}-firewall" /etc/crontab; then
         cron_add_mins 1 "/usr/bin/${database_name}-firewall"
@@ -659,81 +657,80 @@ function gnusocial_block_domain_script {
 }
 
 function expire_gnusocial_posts {
-    domain_name=$1
-    gnusocial_type=$2
-    expire_months=$3
+    domain_name="$1"
+    gnusocial_type="$2"
+    expire_months="$3"
 
-    if [ ! $expire_months ]; then
+    if [ ! "$expire_months" ]; then
         expire_months=3
     fi
 
-    expire_days=$((expire_months * 30))
+    #expire_days=$((expire_months * 30))
 
     # files are what take up most of the backup time, so don't keep them for very long
     expire_days_files=7
 
     # To prevent the database size from growing endlessly this script expires posts
     # after a number of months
-    if [ ! -d /var/www/${domain_name}/htdocs ]; then
+    if [ ! -d "/var/www/${domain_name}/htdocs" ]; then
         return
     fi
 
-    gnusocial_expire_posts_script=/usr/bin/${gnusocial_type}-expire-posts
+    gnusocial_expire_posts_script="/usr/bin/${gnusocial_type}-expire-posts"
 
-    echo '<?php' > $gnusocial_expire_posts_script
-    echo '' >> $gnusocial_expire_posts_script
-    echo "// ${gnusocial_type} post expiry script, based on StatExpire by Tony Baldwin" >> $gnusocial_expire_posts_script
-    echo '// https://github.com/tonybaldwin/statexpire' >> $gnusocial_expire_posts_script
-    echo '' >> $gnusocial_expire_posts_script
-    echo "\$oldate=date((\"Y-m-d\"), strtotime(\"-${expire_months} months\"));" >> $gnusocial_expire_posts_script
-    echo '$username="root";' >> $gnusocial_expire_posts_script
-    echo "\$password=shell_exec('${PROJECT_NAME}-pass -u root -a mariadb');" >> $gnusocial_expire_posts_script
-    echo "\$database=\"${gnusocial_type}\";" >> $gnusocial_expire_posts_script
-    echo '' >> $gnusocial_expire_posts_script
-    echo 'if (!$link = mysqli_connect("localhost", $username, $password)) {' >> $gnusocial_expire_posts_script
-    echo '    echo "Could not connect to mariadb";' >> $gnusocial_expire_posts_script
-    echo '    exit;' >> $gnusocial_expire_posts_script
-    echo '}' >> $gnusocial_expire_posts_script
-    echo '' >> $gnusocial_expire_posts_script
-    echo 'if (!mysqli_select_db($link, $database)) {' >> $gnusocial_expire_posts_script
-    echo "    echo \"Could not select ${gnusocial_type} database\";" >> $gnusocial_expire_posts_script
-    echo '    exit;' >> $gnusocial_expire_posts_script
-    echo '}' >> $gnusocial_expire_posts_script
-    echo '' >> $gnusocial_expire_posts_script
-    echo "\$notice_query=\"DELETE FROM notice WHERE created <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_posts_script
-    echo "\$conversation_query=\"DELETE FROM conversation WHERE created <= '$oldate 01:01:01'\";" >> $gnusocial_expire_posts_script
-    echo "\$reply_query=\"DELETE FROM reply WHERE modified <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_posts_script
-    echo "\$notification_query=\"DELETE FROM qvitternotification WHERE created <= '\$oldate 01:01:01'\";" >> $gnusocial_expire_posts_script
-    echo '' >> $gnusocial_expire_posts_script
-    echo 'mysqli_query($link, $notice_query);' >> $gnusocial_expire_posts_script
-    echo '$rowaff1=mysqli_affected_rows($link);' >> $gnusocial_expire_posts_script
-    echo 'mysqli_query($link, $conversation_query);' >> $gnusocial_expire_posts_script
-    echo '$rowaff2=mysqli_affected_rows($link);' >> $gnusocial_expire_posts_script
-    echo 'mysqli_query($link, $reply_query);' >> $gnusocial_expire_posts_script
-    echo '$rowaff3=mysqli_affected_rows($link);' >> $gnusocial_expire_posts_script
-    echo 'mysqli_query($link, $notification_query);' >> $gnusocial_expire_posts_script
-    echo '$rowaff4=mysqli_affected_rows($link);' >> $gnusocial_expire_posts_script
-    echo 'mysqli_close($link);' >> $gnusocial_expire_posts_script
-    echo '' >> $gnusocial_expire_posts_script
-    echo -n "echo \"Expire ${gnusocial_type} posts: " >> $gnusocial_expire_posts_script
-    echo '$rowaff1 notices, $rowaff2 conversations, $rowaff3 replies, and $rowaff4 qvitter notifications deleted from database.\n";' >> $gnusocial_expire_posts_script
-    chmod +x $gnusocial_expire_posts_script
+    { echo '<?php';
+      echo '':
+      echo "// ${gnusocial_type} post expiry script, based on StatExpire by Tony Baldwin";
+      echo '// https://github.com/tonybaldwin/statexpire';
+      echo '';
+      echo "\$oldate=date((\"Y-m-d\"), strtotime(\"-${expire_months} months\"));";
+      echo "\$username=\"root\";";
+      echo "\$password=shell_exec('${PROJECT_NAME}-pass -u root -a mariadb');";
+      echo "\$database=\"${gnusocial_type}\";";
+      echo '';
+      echo "if (!\$link = mysqli_connect(\"localhost\", \$username, \$password)) {";
+      echo '    echo "Could not connect to mariadb";';
+      echo '    exit;';
+      echo '}';
+      echo '';
+      echo "if (!mysqli_select_db(\$link, \$database)) {";
+      echo "    echo \"Could not select ${gnusocial_type} database\";";
+      echo '    exit;';
+      echo '}';
+      echo '';
+      echo "\$notice_query=\"DELETE FROM notice WHERE created <= '\$oldate 01:01:01'\";";
+      echo "\$conversation_query=\"DELETE FROM conversation WHERE created <= '\$oldate 01:01:01'\";";
+      echo "\$reply_query=\"DELETE FROM reply WHERE modified <= '\$oldate 01:01:01'\";";
+      echo "\$notification_query=\"DELETE FROM qvitternotification WHERE created <= '\$oldate 01:01:01'\";";
+      echo '';
+      echo "mysqli_query(\$link, \$notice_query);";
+      echo "\$rowaff1=mysqli_affected_rows(\$link);";
+      echo "mysqli_query(\$link, \$conversation_query);";
+      echo "\$rowaff2=mysqli_affected_rows(\$link);";
+      echo "mysqli_query(\$link, \$reply_query);";
+      echo "\$rowaff3=mysqli_affected_rows(\$link);";
+      echo "mysqli_query(\$link, \$notification_query);";
+      echo "\$rowaff4=mysqli_affected_rows(\$link);";
+      echo "mysqli_close(\$link);";
+      echo '';
+      echo "echo \"Expire ${gnusocial_type} posts: \$rowaff1 notices, \$rowaff2 conversations, \$rowaff3 replies, and \$rowaff4 qvitter notifications deleted from database.\";"; } > "$gnusocial_expire_posts_script"
+    chmod +x "$gnusocial_expire_posts_script"
 
-    gnusocial_expire_script=/etc/cron.daily/${gnusocial_type}-expire
-    echo '#!/bin/bash' > $gnusocial_expire_script
-    echo "find /var/www/${domain_name}/htdocs/file/* -mtime +${expire_days_files} -exec rm {} +" >> $gnusocial_expire_script
-    echo "/usr/bin/php $gnusocial_expire_posts_script" >> $gnusocial_expire_script
-    chmod +x $gnusocial_expire_script
+    gnusocial_expire_script="/etc/cron.daily/${gnusocial_type}-expire"
+    { echo '#!/bin/bash';
+      echo "find /var/www/${domain_name}/htdocs/file/* -mtime +${expire_days_files} -exec rm {} +";
+      echo "/usr/bin/php $gnusocial_expire_posts_script"; } > "$gnusocial_expire_script"
+    chmod +x "$gnusocial_expire_script"
 
     # remove any old cron job
     if grep -q "${gnusocial_type}-expire" /etc/crontab; then
         sed -i "/${gnusocial_type}-expire/d" /etc/crontab
-        rm /usr/bin/${gnusocial_type}-expire
+        rm "/usr/bin/${gnusocial_type}-expire"
     fi
 
     # remove old expire script
-    if [ -f /etc/cron.weekly/clear-${gnusocial_type}-database ]; then
-        rm /etc/cron.weekly/clear-${gnusocial_type}-database
+    if [ -f "/etc/cron.weekly/clear-${gnusocial_type}-database" ]; then
+        rm "/etc/cron.weekly/clear-${gnusocial_type}-database"
     fi
 }
 
@@ -742,20 +739,20 @@ function gnusocial_use_classic {
 
     domain_name=$(get_completion_param "$database_name domain")
 
-    if [ -f /var/www/$domain_name/htdocs/index_qvitter.php ]; then
-        mv /var/www/$domain_name/htdocs/index_qvitter.php /var/www/$domain_name/htdocs/index.php
+    if [ -f "/var/www/$domain_name/htdocs/index_qvitter.php" ]; then
+        mv "/var/www/$domain_name/htdocs/index_qvitter.php" "/var/www/$domain_name/htdocs/index.php"
     fi
 
-    if [ -f /etc/nginx/sites-available/$domain_name ]; then
-        sed -i 's|index_qvitter.php|index.php|g' /etc/nginx/sites-available/$domain_name
-        sed -i 's|index.html|index.php|g' /etc/nginx/sites-available/$domain_name
+    if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
+        sed -i 's|index_qvitter.php|index.php|g' "/etc/nginx/sites-available/$domain_name"
+        sed -i 's|index.html|index.php|g' "/etc/nginx/sites-available/$domain_name"
     fi
 
-    if ! grep -q "//addPlugin('Qvitter')" /var/www/$domain_name/htdocs/config.php; then
-        sed -i "s|// addPlugin('Qvitter')|addPlugin('Qvitter')|g" /var/www/$domain_name/htdocs/config.php
-        sed -i "s|addPlugin('Qvitter')|//addPlugin('Qvitter')|g" /var/www/$domain_name/htdocs/config.php
+    if ! grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
+        sed -i "s|// addPlugin('Qvitter')|addPlugin('Qvitter')|g" "/var/www/$domain_name/htdocs/config.php"
+        sed -i "s|addPlugin('Qvitter')|//addPlugin('Qvitter')|g" "/var/www/$domain_name/htdocs/config.php"
     fi
-    chown -R www-data:www-data /var/www/${domain_name}/htdocs
+    chown -R www-data:www-data "/var/www/${domain_name}/htdocs"
 
     systemctl restart nginx
 }
@@ -765,132 +762,132 @@ function gnusocial_use_qvitter {
 
     domain_name=$(get_completion_param "$database_name domain")
 
-    if [ -f /var/www/$domain_name/htdocs/index_qvitter.php ]; then
-        mv /var/www/$domain_name/htdocs/index_qvitter.php /var/www/$domain_name/htdocs/index.php
+    if [ -f "/var/www/$domain_name/htdocs/index_qvitter.php" ]; then
+        mv "/var/www/$domain_name/htdocs/index_qvitter.php" "/var/www/$domain_name/htdocs/index.php"
     fi
 
-    if [ -f /etc/nginx/sites-available/$domain_name ]; then
-        sed -i 's|index_qvitter.php|index.php|g' /etc/nginx/sites-available/$domain_name
-        sed -i 's|index.html|index.php|g' /etc/nginx/sites-available/$domain_name
+    if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
+        sed -i 's|index_qvitter.php|index.php|g' "/etc/nginx/sites-available/$domain_name"
+        sed -i 's|index.html|index.php|g' "/etc/nginx/sites-available/$domain_name"
     fi
 
-    if grep -q "//addPlugin('Qvitter')" /var/www/$domain_name/htdocs/config.php; then
-        sed -i "s|//addPlugin('Qvitter')|addPlugin('Qvitter')|g" /var/www/$domain_name/htdocs/config.php
+    if grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
+        sed -i "s|//addPlugin('Qvitter')|addPlugin('Qvitter')|g" "/var/www/$domain_name/htdocs/config.php"
     fi
-    if grep -q "// addPlugin('Qvitter')" /var/www/$domain_name/htdocs/config.php; then
-        sed -i "s|// addPlugin('Qvitter')|addPlugin('Qvitter')|g" /var/www/$domain_name/htdocs/config.php
+    if grep -q "// addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
+        sed -i "s|// addPlugin('Qvitter')|addPlugin('Qvitter')|g" "/var/www/$domain_name/htdocs/config.php"
     fi
-    chown -R www-data:www-data /var/www/${domain_name}/htdocs
+    chown -R www-data:www-data "/var/www/${domain_name}/htdocs"
 
     systemctl restart nginx
     systemctl restart php7.0-fpm
 }
 
 function gnusocial_use_pleroma {
-    database_name=$1
+    database_name="$1"
 
     domain_name=$(get_completion_param "$database_name domain")
 
-    if [ ! -d /var/www/$domain_name/htdocs/static ]; then
+    if [ ! -d "/var/www/$domain_name/htdocs/static" ]; then
         return
     fi
 
-    if [ -f /var/www/$domain_name/htdocs/index.php ]; then
-        mv /var/www/$domain_name/htdocs/index.php /var/www/$domain_name/htdocs/index_qvitter.php
+    if [ -f "/var/www/$domain_name/htdocs/index.php" ]; then
+        mv "/var/www/$domain_name/htdocs/index.php" "/var/www/$domain_name/htdocs/index_qvitter.php"
     fi
 
-    if [ -f /etc/nginx/sites-available/$domain_name ]; then
-        sed -i 's|index.php|index_qvitter.php|g' /etc/nginx/sites-available/$domain_name
-        sed -i 's|index index_qvitter.php|index index.html|g' /etc/nginx/sites-available/$domain_name
+    if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
+        sed -i 's|index.php|index_qvitter.php|g' "/etc/nginx/sites-available/$domain_name"
+        sed -i 's|index index_qvitter.php|index index.html|g' "/etc/nginx/sites-available/$domain_name"
     fi
 
-    if grep -q "//addPlugin('Qvitter')" /var/www/$domain_name/htdocs/config.php; then
-        sed -i "s|//addPlugin('Qvitter')|addPlugin('Qvitter')|g" /var/www/$domain_name/htdocs/config.php
+    if grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
+        sed -i "s|//addPlugin('Qvitter')|addPlugin('Qvitter')|g" "/var/www/$domain_name/htdocs/config.php"
     fi
-    if grep -q "// addPlugin('Qvitter')" /var/www/$domain_name/htdocs/config.php; then
-        sed -i "s|// addPlugin('Qvitter')|addPlugin('Qvitter')|g" /var/www/$domain_name/htdocs/config.php
+    if grep -q "// addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
+        sed -i "s|// addPlugin('Qvitter')|addPlugin('Qvitter')|g" "/var/www/$domain_name/htdocs/config.php"
     fi
 
-    cp $INSTALL_DIR/pleroma/dist/index.html /var/www/${domain_name}/htdocs/index.html
+    cp "$INSTALL_DIR/pleroma/dist/index.html" "/var/www/${domain_name}/htdocs/index.html"
     chmod +x static/css
     chmod +x static/font
     chmod +x static/font/css
     chmod +x static/font/font
     chmod +x static/js
     chmod +x static
-    chown -R www-data:www-data /var/www/${domain_name}/htdocs
+    chown -R www-data:www-data "/var/www/${domain_name}/htdocs"
 
     systemctl restart nginx
 }
 
 function install_gnusocial_plugin_sharings {
-    domain_name=$1
-    social_app_name=$2
+    domain_name="$1"
+    social_app_name="$2"
 
-    if [ ! -d /var/www/$domain_name/htdocs/local/plugins ]; then
-        mkdir -p /var/www/$domain_name/htdocs/local/plugins
+    if [ ! -d "/var/www/$domain_name/htdocs/local/plugins" ]; then
+        mkdir -p "/var/www/$domain_name/htdocs/local/plugins"
     fi
 
     apt-get -yq install liblocale-msgfmt-perl gettext
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$domain_name/htdocs/local/plugins/Sharings "$social_app_name sharings plugin commit" "$SHARINGS_COMMIT" $SHARINGS_REPO
+    set_repo_commit "/var/www/$domain_name/htdocs/local/plugins/Sharings" "$social_app_name sharings plugin commit" "$SHARINGS_COMMIT" "$SHARINGS_REPO"
 
-    if [[ $(app_is_installed ${social_app_name}_plugin_sharings) == "1" ]]; then
+    if [[ $(app_is_installed "${social_app_name}_plugin_sharings") == "1" ]]; then
         return
     fi
 
-    cd /var/www/$domain_name/htdocs/local/plugins
+    cd "/var/www/$domain_name/htdocs/local/plugins" || exit 28746245
 
     if [ -d /repos/sharings ]; then
         mkdir Sharings
         cp -r -p /repos/sharings/. Sharings
-        cd Sharings
+        cd Sharings || exit 25762454
         git pull
     else
         function_check git_clone
-        git_clone $SHARINGS_REPO Sharings
+        git_clone "$SHARINGS_REPO" Sharings
     fi
 
-    if [ ! -d /var/www/$domain_name/htdocs/local/plugins/Sharings ]; then
+    if [ ! -d "/var/www/$domain_name/htdocs/local/plugins/Sharings" ]; then
         echo $"Unable to clone $social_app_name sharings plugin"
         exit 36738
     fi
 
-    cd /var/www/$domain_name/htdocs/local/plugins/Sharings
+    cd "/var/www/$domain_name/htdocs/local/plugins/Sharings" || exit 2846244
     git stash
     git checkout master
-    git branch -D $SHARINGS_COMMIT
-    git checkout $SHARINGS_COMMIT -b $SHARINGS_COMMIT
+    git branch -D "$SHARINGS_COMMIT"
+    git checkout "$SHARINGS_COMMIT" -b "$SHARINGS_COMMIT"
 
     # enable the plugin
-    if ! grep -q "addPlugin('Sharings');" /var/www/$domain_name/htdocs/config.php; then
-        echo "addPlugin('Sharings');" >> /var/www/$domain_name/htdocs/config.php
+    if ! grep -q "addPlugin('Sharings');" "/var/www/$domain_name/htdocs/config.php"; then
+        echo "addPlugin('Sharings');" >> "/var/www/$domain_name/htdocs/config.php"
     fi
 
-    cd /var/www/$domain_name/htdocs
+    cd "/var/www/$domain_name/htdocs" || exit 2684624874
     php scripts/checkschema.php
-    cd /var/www/$domain_name/htdocs/local/plugins/Sharings
+    cd "/var/www/$domain_name/htdocs/local/plugins/Sharings" || exit 246824684
     php scripts/seedsharings.php
-    cd /var/www/$domain_name/htdocs
+    cd "/var/www/$domain_name/htdocs" || exit 23524584
     php scripts/upgrade.php
     php scripts/checkschema.php
 
     # Languages
-    cd /var/www/$domain_name/htdocs/local/plugins/Sharings/locale/en/LC_MESSAGES
+    cd "/var/www/$domain_name/htdocs/local/plugins/Sharings/locale/en/LC_MESSAGES" || exit 53825488
     msgfmt -o Sharings.mo Sharings.po
     if [ ! -f Sharings.po ]; then
         echo $"English translations for $social_app_name sharings plugin were not created"
         exit 782923
     fi
-    cd /var/www/$domain_name/htdocs/local/plugins/Sharings/locale/en_GB/LC_MESSAGES
+    cd "/var/www/$domain_name/htdocs/local/plugins/Sharings/locale/en_GB/LC_MESSAGES" || exit 268442845
     msgfmt -o Sharings.mo Sharings.po
     if [ ! -f Sharings.po ]; then
         echo $"English (GB) translations for $social_app_name sharings plugin were not created"
         exit 23528
     fi
-    cd /var/www/$domain_name/htdocs/local/plugins/Sharings/locale/en_US/LC_MESSAGES
+    cd "/var/www/$domain_name/htdocs/local/plugins/Sharings/locale/en_US/LC_MESSAGES" || exit 264824628
     msgfmt -o Sharings.mo Sharings.po
     if [ ! -f Sharings.po ]; then
         echo $"English (US) translations for $social_app_name sharings plugin were not created"
@@ -898,107 +895,107 @@ function install_gnusocial_plugin_sharings {
     fi
 
     # Looks like this update function isn't supported by the current php version
-    sed -i 's|ActivityVerb::UPDATE, ||g' /var/www/$domain_name/htdocs/local/plugins/Sharings/SharingsPlugin.php
+    sed -i 's|ActivityVerb::UPDATE, ||g' "/var/www/$domain_name/htdocs/local/plugins/Sharings/SharingsPlugin.php"
 
-    chown -R www-data:www-data /var/www/$domain_name/htdocs
+    chown -R www-data:www-data "/var/www/$domain_name/htdocs"
 
     set_completion_param gnusocial "$social_app_name sharings plugin commit" "$SHARINGS_COMMIT"
-    install_completed ${social_app_name}_plugin_sharings
+    install_completed "${social_app_name}_plugin_sharings"
 }
 
 function install_gnusocial_plugin_sharings_theme {
-    domain_name=$1
-    social_app_name=$2
+    domain_name="$1"
+    social_app_name="$2"
 
-    if [ ! -d /var/www/$domain_name/htdocs/local/plugins ]; then
-        mkdir -p /var/www/$domain_name/htdocs/local/plugins
+    if [ ! -d "/var/www/$domain_name/htdocs/local/plugins" ]; then
+        mkdir -p "/var/www/$domain_name/htdocs/local/plugins"
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$domain_name/htdocs/local/plugins/SharingsTheme "$social_app_name sharings theme plugin commit" "$SHARINGS_THEME_COMMIT" $SHARINGS_THEME_REPO
+    set_repo_commit "/var/www/$domain_name/htdocs/local/plugins/SharingsTheme" "$social_app_name sharings theme plugin commit" "$SHARINGS_THEME_COMMIT" "$SHARINGS_THEME_REPO"
 
-    if [[ $(app_is_installed ${social_app_name}_plugin_sharings_theme) == "1" ]]; then
+    if [[ $(app_is_installed "${social_app_name}_plugin_sharings_theme") == "1" ]]; then
         return
     fi
 
-    cd /var/www/$domain_name/htdocs/local/plugins
+    cd "/var/www/$domain_name/htdocs/local/plugins" || exit 682425642
     function_check git_clone
-    git_clone $SHARINGS_THEME_REPO SharingsTheme
-    if [ ! -d /var/www/$domain_name/htdocs/local/plugins/SharingsTheme ]; then
+    git_clone "$SHARINGS_THEME_REPO" SharingsTheme
+    if [ ! -d "/var/www/$domain_name/htdocs/local/plugins/SharingsTheme" ]; then
         echo $"Unable to clone $social_app_name sharings plugin theme"
         exit 639253
     fi
 
-    cd /var/www/$domain_name/htdocs/local/plugins/SharingsTheme
+    cd "/var/www/$domain_name/htdocs/local/plugins/SharingsTheme" || exit 2648724684
     git stash
     git checkout master
-    git branch -D $SHARINGS_THEME_COMMIT
-    git checkout $SHARINGS_THEME_COMMIT -b $SHARINGS_THEME_COMMIT
+    git branch -D "$SHARINGS_THEME_COMMIT"
+    git checkout "$SHARINGS_THEME_COMMIT" -b "$SHARINGS_THEME_COMMIT"
 
     # enable the plugin
-    if ! grep -q "addPlugin('SharingsTheme');" /var/www/$domain_name/htdocs/config.php; then
-        echo "addPlugin('SharingsTheme');" >> /var/www/$domain_name/htdocs/config.php
+    if ! grep -q "addPlugin('SharingsTheme');" "/var/www/$domain_name/htdocs/config.php"; then
+        echo "addPlugin('SharingsTheme');" >> "/var/www/$domain_name/htdocs/config.php"
     fi
 
-    cd /var/www/$domain_name/htdocs
+    cd "/var/www/$domain_name/htdocs" || exit 246824624
     php scripts/checkschema.php
 
-    chown -R www-data:www-data /var/www/$domain_name/htdocs
+    chown -R www-data:www-data "/var/www/$domain_name/htdocs"
 
     set_completion_param "$social_app_name sharings plugin theme commit" "$SHARINGS_THEME_COMMIT"
-    install_completed ${social_app_name}_plugin_sharings_theme
+    install_completed "${social_app_name}_plugin_sharings_theme"
 }
 
 function install_gnusocial_markdown {
-    domain_name=$1
-    social_app_name=$2
+    domain_name="$1"
+    social_app_name="$2"
 
-    GNUSOCIAL_PATH=/var/www/$domain_name/htdocs
+    GNUSOCIAL_PATH="/var/www/$domain_name/htdocs"
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit $GNUSOCIAL_PATH/local/plugins/Markdown "$social_app_name Markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT" $GNUSOCIAL_MARKDOWN_REPO
+    set_repo_commit "$GNUSOCIAL_PATH/local/plugins/Markdown" "$social_app_name Markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT" "$GNUSOCIAL_MARKDOWN_REPO"
 
-    if [[ $(app_is_installed ${social_app_name}_markdown) == "1" ]]; then
+    if [[ $(app_is_installed "${social_app_name}_markdown") == "1" ]]; then
         return
     fi
 
-    if [ -d $GNUSOCIAL_PATH/local/plugins/Markdown ]; then
-        rm -rf $GNUSOCIAL_PATH/local/plugins/Markdown
+    if [ -d "$GNUSOCIAL_PATH/local/plugins/Markdown" ]; then
+        rm -rf "$GNUSOCIAL_PATH/local/plugins/Markdown"
     fi
 
-    if [ ! -d $GNUSOCIAL_PATH/local/plugins ]; then
-        mkdir -p $GNUSOCIAL_PATH/local/plugins
+    if [ ! -d "$GNUSOCIAL_PATH/local/plugins" ]; then
+        mkdir -p "$GNUSOCIAL_PATH/local/plugins"
     fi
 
-    cd $GNUSOCIAL_PATH/local/plugins
+    cd "$GNUSOCIAL_PATH/local/plugins" || exit 268476248
 
     if [ -d /repos/gnusocial-markdown ]; then
         mkdir Markdown
         cp -r -p /repos/gnusocial-markdown/. Markdown
-        cd Markdown
+        cd Markdown || exit 62847524
         git pull
     else
         function_check git_clone
-        git_clone $GNUSOCIAL_MARKDOWN_REPO Markdown
+        git_clone "$GNUSOCIAL_MARKDOWN_REPO" Markdown
     fi
 
-    cd $GNUSOCIAL_PATH/local/plugins/Markdown
-    git checkout $GNUSOCIAL_MARKDOWN_COMMIT -b $GNUSOCIAL_MARKDOWN_COMMIT
+    cd "$GNUSOCIAL_PATH/local/plugins/Markdown" || exit 26584526745
+    git checkout "$GNUSOCIAL_MARKDOWN_COMMIT" -b "$GNUSOCIAL_MARKDOWN_COMMIT"
 
-    gnusocial_config_file=$GNUSOCIAL_PATH/config.php
-    if ! grep -q "addPlugin('Markdown'" $gnusocial_config_file; then
-        echo "" >> $gnusocial_config_file
-        echo "// Markdown settings" >> $gnusocial_config_file
-        echo "addPlugin('Markdown');" >> $gnusocial_config_file
+    gnusocial_config_file="$GNUSOCIAL_PATH/config.php"
+    if ! grep -q "addPlugin('Markdown'" "$gnusocial_config_file"; then
+        { echo "";
+          echo "// Markdown settings";
+          echo "addPlugin('Markdown');"; } >> "$gnusocial_config_file"
     fi
 
     set_completion_param "$social_app_name markdown commit" "$GNUSOCIAL_MARKDOWN_COMMIT"
 
-    chown -R www-data:www-data $GNUSOCIAL_PATH
+    chown -R www-data:www-data "$GNUSOCIAL_PATH"
 
-    install_completed ${social_app_name}_markdown
+    install_completed "${social_app_name}_markdown"
 }
 
 # NOTE: deliberately there is no "exit 0"

From 8848ea40ef2729e8b5e8b0940274ac82554eff8b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 26 Feb 2018 13:50:40 +0000
Subject: [PATCH 16/67] Tidying

---
 src/cronic                         |   8 +-
 src/freedombone                    |  97 +++--
 src/freedombone-addcert            | 115 +++---
 src/freedombone-addemail           | 135 ++++---
 src/freedombone-addlist            | 153 ++++----
 src/freedombone-addremove          |  62 +--
 src/freedombone-adduser            | 185 +++++----
 src/freedombone-app-akaunting      | 303 +++++++--------
 src/freedombone-app-batman         |  53 ++-
 src/freedombone-app-bdsmail        | 244 ++++++------
 src/freedombone-app-cryptpad       | 594 ++++++++++++++---------------
 src/freedombone-app-dlna           | 109 +++---
 src/freedombone-app-dokuwiki       | 500 ++++++++++++------------
 src/freedombone-app-edith          | 267 ++++++-------
 src/freedombone-app-emacs          | 292 +++++++-------
 src/freedombone-utils-go           |  76 ++--
 src/freedombone-utils-gpg          | 245 ++++++------
 src/freedombone-utils-guile        |  34 +-
 src/freedombone-utils-i2p          |   8 +-
 src/freedombone-utils-interactive  | 119 +++---
 src/freedombone-utils-keys         | 154 ++++----
 src/freedombone-utils-login        |  15 +-
 src/freedombone-utils-mesh         | 192 +++++-----
 src/freedombone-utils-meteor       |  31 +-
 src/freedombone-utils-mongodb      |  51 +--
 src/freedombone-utils-monkeysphere |  20 +-
 src/freedombone-utils-network      |  28 +-
 27 files changed, 2047 insertions(+), 2043 deletions(-)

diff --git a/src/cronic b/src/cronic
index 2e8e9b27..385979f2 100755
--- a/src/cronic
+++ b/src/cronic
@@ -12,14 +12,14 @@ ERR=$TMP/cronic.err
 TRACE=$TMP/cronic.trace
 
 set +e
-"$@" >$OUT 2>$TRACE
+"$@" >"$OUT" 2>"$TRACE"
 RESULT=$?
 set -e
 
 PATTERN="^${PS4:0:1}\\+${PS4:1}"
-if grep -aq "$PATTERN" $TRACE
+if grep -aq "$PATTERN" "$TRACE"
 then
-    ! grep -av "$PATTERN" $TRACE > $ERR
+    ! grep -av "$PATTERN" "$TRACE" > "$ERR"
 else
     ERR=$TRACE
 fi
@@ -33,7 +33,7 @@ if [ $RESULT -ne 0 ]
     echo
     echo "STANDARD OUTPUT:"
     cat "$OUT"
-    if [ $TRACE != $ERR ]
+    if [ "$TRACE" != "$ERR" ]
     then
         echo
         echo "TRACE-ERROR OUTPUT:"
diff --git a/src/freedombone b/src/freedombone
index d3ee8164..0549bcf4 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -42,61 +42,61 @@ fi
 
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
-command_options=$1
+command_options="$1"
 
-if [[ $command_options == "menuconfig-full" ]]; then
+if [[ "$command_options" == "menuconfig-full" ]]; then
     MINIMAL_INSTALL="no"
 fi
 
-if [[ $command_options == "menuconfig-onion" ]]; then
+if [[ "$command_options" == "menuconfig-onion" ]]; then
     MINIMAL_INSTALL="yes"
     ONION_ONLY="yes"
 fi
 
-if [[ $command_options == "menuconfig-gnusocial" ]]; then
+if [[ "$command_options" == "menuconfig-gnusocial" ]]; then
     MINIMAL_INSTALL="yes"
     ONION_ONLY="no"
     SOCIALINSTANCE='gnusocial'
 fi
 
-if [[ $command_options == "menuconfig-postactiv" ]]; then
+if [[ "$command_options" == "menuconfig-postactiv" ]]; then
     MINIMAL_INSTALL="yes"
     ONION_ONLY="no"
     SOCIALINSTANCE='postactiv'
 fi
 
-if [ ! $CONFIGURATION_FILE ]; then
-    CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+if [ ! "$CONFIGURATION_FILE" ]; then
+    CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 fi
-if [ ! $COMPLETION_FILE ]; then
-    COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+if [ ! "$COMPLETION_FILE" ]; then
+    COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
 fi
 
 # before the interactive config so that wifi adaptors may be detected
 setup_wifi_atheros
 
-if [[ $command_options == "menuconfig"* ]]; then
+if [[ "$command_options" == "menuconfig"* ]]; then
     if [[ "$2" == "--reset" ]]; then
-        if [ -f $CONFIGURATION_FILE ]; then
-            rm $CONFIGURATION_FILE
+        if [ -f "$CONFIGURATION_FILE" ]; then
+            rm "$CONFIGURATION_FILE"
         fi
-        if [ -f $COMPLETION_FILE ]; then
-            rm $COMPLETION_FILE
+        if [ -f "$COMPLETION_FILE" ]; then
+            rm "$COMPLETION_FILE"
         fi
-        if [ -f /usr/share/${PROJECT_NAME}/installed.txt ]; then
-            rm /usr/share/${PROJECT_NAME}/installed.txt
+        if [ -f "/usr/share/${PROJECT_NAME}/installed.txt" ]; then
+            rm "/usr/share/${PROJECT_NAME}/installed.txt"
         fi
         if [ -f /root/removed ]; then
             rm /root/removed
@@ -104,18 +104,18 @@ if [[ $command_options == "menuconfig"* ]]; then
     fi
 
     # clear the interactive file which indicates configuration success
-    interactive_file=$HOME/.${PROJECT_NAME}-interactive
-    if [ -f $interactive_file ]; then
-        rm $interactive_file
+    interactive_file="$HOME/.${PROJECT_NAME}-interactive"
+    if [ -f "$interactive_file" ]; then
+        rm "$interactive_file"
     fi
 
     interactive_configuration
 
     # check that the interactive file was created
-    if [ ! -f $interactive_file ]; then
+    if [ ! -f "$interactive_file" ]; then
         exit 6393562
     fi
-    rm $interactive_file
+    rm "$interactive_file"
 else
     while [ $# -gt 1 ]
     do
@@ -169,12 +169,12 @@ else
             # Static IP address for the system
             --ip)
                 shift
-                LOCAL_NETWORK_STATIC_IP_ADDRESS=$1
+                LOCAL_NETWORK_STATIC_IP_ADDRESS="$1"
                 ;;
             # IP address for the internet router
             --iprouter)
                 shift
-                ROUTER_IP_ADDRESS=$1
+                ROUTER_IP_ADDRESS="$1"
                 ;;
             # ssh port
             --ssh)
@@ -214,61 +214,61 @@ else
             # Mumble server password
             --vpass)
                 shift
-                MUMBLE_SERVER_PASSWORD=$1
+                MUMBLE_SERVER_PASSWORD="$1"
                 ;;
             # Mumble server port
             --vport)
                 shift
-                MUMBLE_PORT=$1
+                MUMBLE_PORT="$1"
                 ;;
             # DNS Nameserver 1
             --ns1)
                 shift
-                NAMESERVER1=$1
+                NAMESERVER1="$1"
                 ;;
             # DNS Nameserver 2
             --ns2)
                 shift
-                NAMESERVER2=$1
+                NAMESERVER2="$1"
                 ;;
             # DNS Nameserver 3
             --ns3)
                 shift
-                NAMESERVER3=$1
+                NAMESERVER3="$1"
                 ;;
             # DNS Nameserver 4
             --ns4)
                 shift
-                NAMESERVER4=$1
+                NAMESERVER4="$1"
                 ;;
             # DNS Nameserver 5
             --ns5)
                 shift
-                NAMESERVER5=$1
+                NAMESERVER5="$1"
                 ;;
             # DNS Nameserver 6
             --ns6)
                 shift
-                NAMESERVER6=$1
+                NAMESERVER6="$1"
                 ;;
             # Debian repository
             --repo)
                 shift
-                DEBIAN_REPO=$1
+                DEBIAN_REPO="$1"
                 ;;
             # clear the config file
             --reset)
-                if [ -f $CONFIGURATION_FILE ]; then
-                    rm $CONFIGURATION_FILE
+                if [ -f "$CONFIGURATION_FILE" ]; then
+                    rm "$CONFIGURATION_FILE"
                 fi
-                if [ -f $COMPLETION_FILE ]; then
-                    rm $COMPLETION_FILE
+                if [ -f "$COMPLETION_FILE" ]; then
+                    rm "$COMPLETION_FILE"
                 fi
                 ;;
             # minimal install
             --minimal)
                 shift
-                MINIMAL_INSTALL=$1
+                MINIMAL_INSTALL="$1"
                 ;;
             *)
                 # unknown option
@@ -293,7 +293,7 @@ function parse_args {
     read_config_param 'DDNS_USERNAME'
     read_config_param 'DDNS_PASSWORD'
 
-    if [ ! -d /home/$MY_USERNAME ]; then
+    if [ ! -d "/home/$MY_USERNAME" ]; then
         echo $"There is no user '$MY_USERNAME' on the system. Use 'adduser $MY_USERNAME' to create the user."
         exit 1
     fi
@@ -304,7 +304,7 @@ function parse_args {
             exit 2
         fi
     fi
-    if [ ! $MY_USERNAME ]; then
+    if [ ! "$MY_USERNAME" ]; then
         echo 'No username specified'
         show_help
         exit 3
@@ -312,11 +312,11 @@ function parse_args {
     if [[ $SYSTEM_TYPE != "mesh"* ]]; then
         if [[ "$DDNS_PROVIDER" != 'none' ]]; then
             if [[ $ONION_ONLY == "no" ]]; then
-                if [ ! $DDNS_USERNAME ]; then
+                if [ ! "$DDNS_USERNAME" ]; then
                     echo $'Please provide the username for your dynamic DNS provider with the --ddnsuser option'
                     exit 7823
                 fi
-                if [ ! $DDNS_PASSWORD ]; then
+                if [ ! "$DDNS_PASSWORD" ]; then
                     echo $'Please provide the password for your dynamic DNS provider with the --ddnspass option'
                     exit 6382
                 fi
@@ -324,7 +324,7 @@ function parse_args {
         fi
     fi
 
-    if [ ! $SYSTEM_TYPE ]; then
+    if [ ! "$SYSTEM_TYPE" ]; then
         SYSTEM_TYPE=$'full'
         write_config_param "SYSTEM_TYPE" "$SYSTEM_TYPE"
     fi
@@ -338,8 +338,7 @@ function parse_args {
 
 # run some initial tests
 clear
-${PROJECT_NAME}-tests
-if [ ! "$?" = "0" ]; then
+if ! "${PROJECT_NAME}-tests"; then
     exit 768252
 fi
 
@@ -354,7 +353,7 @@ upgrade_installation_from_previous_versions
 setup_utils
 setup_email
 setup_web
-setup_apps $command_options
+setup_apps "$command_options"
 setup_final
 
 echo ''
diff --git a/src/freedombone-addcert b/src/freedombone-addcert
index b37575ef..ffcd9709 100755
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale"
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # Don't pin certs by default
@@ -145,11 +145,11 @@ do
             ;;
         --dhkey)
             shift
-            DH_KEYLENGTH=${1}
+            DH_KEYLENGTH="${1}"
             ;;
         --pin)
             shift
-            PIN_CERTS=${1}
+            PIN_CERTS="${1}"
             ;;
         *)
             # unknown option
@@ -158,8 +158,8 @@ do
     shift
 done
 
-if [ ! $HOSTNAME ]; then
-    if [ ! $LETSENCRYPT_HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
+    if [ ! "$LETSENCRYPT_HOSTNAME" ]; then
         echo $'No hostname specified'
         exit 5748
     fi
@@ -180,16 +180,16 @@ function remove_cert_letsencrypt {
     CERTFILE=$LETSENCRYPT_HOSTNAME
 
     # disable the site if needed
-    if [ -f /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME} ]; then
-        if grep -q "443" /etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}; then
-            nginx_dissite ${LETSENCRYPT_HOSTNAME}
+    if [ -f "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}" ]; then
+        if grep -q "443" "/etc/nginx/sites-available/${LETSENCRYPT_HOSTNAME}"; then
+            nginx_dissite "${LETSENCRYPT_HOSTNAME}"
         fi
     fi
 
     # remove the cert
-    rm -rf /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*
-    rm -rf /etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*
-    rm /etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf
+    rm -rf "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}*"
+    rm -rf "/etc/letsencrypt/archive/${LETSENCRYPT_HOSTNAME}*"
+    rm "/etc/letsencrypt/renewal/${LETSENCRYPT_HOSTNAME}.conf"
 
     # restart the web server
     systemctl restart nginx
@@ -199,14 +199,14 @@ function add_cert_letsencrypt {
     CERTFILE=$LETSENCRYPT_HOSTNAME
 
     # obtain the email address for the admin user
-    if [ ! $MY_EMAIL_ADDRESS ]; then
-        if [ -f $CONFIGURATION_FILE ]; then
+    if [ ! "$MY_EMAIL_ADDRESS" ]; then
+        if [ -f "$CONFIGURATION_FILE" ]; then
             read_config_param MY_EMAIL_ADDRESS
         fi
     fi
-    if [ ! $MY_EMAIL_ADDRESS ]; then
-        if [ -f $COMPLETION_FILE ]; then
-            if grep -q "Admin user:" $COMPLETION_FILE; then
+    if [ ! "$MY_EMAIL_ADDRESS" ]; then
+        if [ -f "$COMPLETION_FILE" ]; then
+            if grep -q "Admin user:" "$COMPLETION_FILE"; then
                 function_check get_completion_param
                 ADMIN_USER=$(get_completion_param "Admin user")
                 if [ ${#ADMIN_USER} -eq 0 ]; then
@@ -232,8 +232,7 @@ function add_cert_letsencrypt {
     chgrp -R root /etc/letsencrypt
     chmod -R 777 /etc/letsencrypt
 
-    certbot certonly -n --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
-    if [ ! "$?" = "0" ]; then
+    if ! certbot certonly -n --server "$LETSENCRYPT_SERVER" --standalone -d "$LETSENCRYPT_HOSTNAME" --renew-by-default --agree-tos --email "$MY_EMAIL_ADDRESS"; then
         echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
         echo $'Also see https://letsencrypt.status.io to check for any service outages'
         chgrp -R ssl-cert /etc/letsencrypt
@@ -245,42 +244,42 @@ function add_cert_letsencrypt {
     fi
 
     # replace some legacy filenames
-    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt ]; then
-        mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" ]; then
+        mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
     fi
-    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt ]; then
-        mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" ]; then
+        mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
     fi
-    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
-    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" /etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME
+    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.bundle.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
+    sed -i "s|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.crt|ssl_certificate /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem|g" "/etc/nginx/sites-available/$LETSENCRYPT_HOSTNAME"
 
     # link the private key
-    if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
-        if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
-            mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
+    if [ -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
+        if [ ! -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old" ]; then
+            mv "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old"
         else
-            rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+            rm -f "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
         fi
     fi
-    if [ -L /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
-        rm /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+    if [ -L "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key" ]; then
+        rm "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
     fi
-    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+    ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem" "/etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key"
 
     # link the public key
-    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
-        if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
-            mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
+    if [ -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
+        if [ ! -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old" ]; then
+            mv "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old"
         else
-            rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+            rm -f "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
         fi
     fi
-    if [ -L /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
-        rm /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    if [ -L "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem" ]; then
+        rm "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
     fi
-    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+    ln -s "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem"
 
-    cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
+    cp "/etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem" "/etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem"
 
     update_default_domain
 
@@ -291,12 +290,11 @@ function add_cert_letsencrypt {
     chmod -R g=rX /etc/letsencrypt
     chown -R root:ssl-cert /etc/letsencrypt
 
-    nginx_ensite ${LETSENCRYPT_HOSTNAME}
+    nginx_ensite "${LETSENCRYPT_HOSTNAME}"
     systemctl start nginx
 
-    if [ $PIN_CERTS ]; then
-        ${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
-        if [ ! "$?" = "0" ]; then
+    if [ "$PIN_CERTS" ]; then
+        if ! "${PROJECT_NAME}-pin-cert" "$LETSENCRYPT_HOSTNAME"; then
             echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
             exit 62878
         fi
@@ -304,21 +302,20 @@ function add_cert_letsencrypt {
 }
 
 function add_cert_selfsigned {
-    if [[ $ORGANISATION == "Freedombone-CA" ]]; then
+    if [[ "$ORGANISATION" == "Freedombone-CA" ]]; then
         CERTFILE="ca-$HOSTNAME"
     fi
 
-    openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
+    openssl req -x509 "${EXTENSIONS}" -nodes -days 3650 -sha256 \
             -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
-            -newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \
-            -out /etc/ssl/certs/${CERTFILE}.crt
-    chmod 400 /etc/ssl/private/${CERTFILE}.key
-    chmod 640 /etc/ssl/certs/${CERTFILE}.crt
-    cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
+            -newkey rsa:2048 -keyout "/etc/ssl/private/${CERTFILE}.key" \
+            -out "/etc/ssl/certs/${CERTFILE}.crt"
+    chmod 400 "/etc/ssl/private/${CERTFILE}.key"
+    chmod 640 "/etc/ssl/certs/${CERTFILE}.crt"
+    cp "/etc/ssl/certs/${CERTFILE}.crt" "/etc/ssl/mycerts"
 
-    if [ $PIN_CERTS ]; then
-        ${PROJECT_NAME}-pin-cert $CERTFILE
-        if [ ! "$?" = "0" ]; then
+    if [ "$PIN_CERTS" ]; then
+        if ! "${PROJECT_NAME}-pin-cert" "$CERTFILE"; then
             echo $"Certificate for $CERTFILE could not be pinned"
             exit 62879
         fi
@@ -326,9 +323,9 @@ function add_cert_selfsigned {
 }
 
 function generate_dh_params {
-    if [ ! $NODH ]; then
-        if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
-            ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+    if [ ! "$NODH" ]; then
+        if [ ! -f "/etc/ssl/certs/${CERTFILE}.dhparam" ]; then
+            "${PROJECT_NAME}-dhparam" -h "${CERTFILE}" --fast yes
         fi
     fi
 }
@@ -346,12 +343,12 @@ function make_cert_bundle {
 }
 
 function create_cert {
-    if [ $remove_cert ]; then
+    if [ "$remove_cert" ]; then
         remove_cert_letsencrypt
         return
     fi
 
-    if [ $LETSENCRYPT_HOSTNAME ]; then
+    if [ "$LETSENCRYPT_HOSTNAME" ]; then
         add_cert_letsencrypt
     else
         add_cert_selfsigned
diff --git a/src/freedombone-addemail b/src/freedombone-addemail
index 348f10ce..bf2926a2 100755
--- a/src/freedombone-addemail
+++ b/src/freedombone-addemail
@@ -52,49 +52,49 @@ do
     key="$1"
 
     case $key in
-    -h|--help)
-        show_help
-        ;;
-    -u|--user)
-        shift
-        MYUSERNAME="$1"
-        ;;
-    -e|--email)
-        shift
-        EMAILADDRESS="$1"
-        ;;
-    -s|--subject)
-        shift
-        SUBJECT_TEXT="$1"
-        ;;
-    -g|--group)
-        shift
-        GROUP_NAME="$1"
-        ;;
-    -p|--public)
-        shift
-        PUBLIC="$1"
-        ;;
-    *)
-        # unknown option
-        ;;
+        -h|--help)
+            show_help
+            ;;
+        -u|--user)
+            shift
+            MYUSERNAME="$1"
+            ;;
+        -e|--email)
+            shift
+            EMAILADDRESS="$1"
+            ;;
+        -s|--subject)
+            shift
+            SUBJECT_TEXT="$1"
+            ;;
+        -g|--group)
+            shift
+            GROUP_NAME="$1"
+            ;;
+        -p|--public)
+            shift
+            PUBLIC="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
     esac
     shift
 done
 
-if ! [[ $MYUSERNAME && $GROUP_NAME ]]; then
+if ! [[ "$MYUSERNAME" && "$GROUP_NAME" ]]; then
     show_help
 fi
 
-if [ ${#EMAILADDRESS} -lt 2 ]; then
+if [ "${#EMAILADDRESS}" -lt 2 ]; then
     if [ ${#SUBJECT_TEXT} -lt 2 ]; then
-    show_help
+        show_help
     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
-LISTDIR=/home/$MYUSERNAME/Maildir/$GROUP_NAME
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
+LISTDIR="/home/$MYUSERNAME/Maildir/$GROUP_NAME"
 
 proc_rule="  * ^From:.*$EMAILADDRESS"
 proc_comment="# Email rule for $EMAILADDRESS -> $GROUP_NAME"
@@ -104,54 +104,53 @@ if [ ${#SUBJECT_TEXT} -gt 0 ]; then
 fi
 
 if [ ! -d "$LISTDIR" ]; then
-    mkdir -m 700 $LISTDIR
-    mkdir -m 700 $LISTDIR/tmp
-    mkdir -m 700 $LISTDIR/new
-    mkdir -m 700 $LISTDIR/cur
+    mkdir -m 700 "$LISTDIR"
+    mkdir -m 700 "$LISTDIR/tmp"
+    mkdir -m 700 "$LISTDIR/new"
+    mkdir -m 700 "$LISTDIR/cur"
 fi
-chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
-if ! grep -q "$proc_comment" $PM; then
+chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
+if ! grep -q "$proc_comment" "$PM"; then
     if [[ $PUBLIC != "yes" ]]; then
-    # private emails go after the encryption stage
-    echo '' >> $PM
-    echo "$proc_comment" >> $PM
-    echo ":0" >> $PM
-    echo "$proc_rule" >> $PM
-    echo "$LISTDIR/new" >> $PM
-    echo "# End of rule" >> $PM
+        # private emails go after the encryption stage
+        { echo '';
+          echo "$proc_comment";
+          echo ":0";
+          echo "$proc_rule";
+          echo "$LISTDIR/new";
+          echo "# End of rule"; } >> "$PM"
     else
-    # public emails are copied before the encryption stage
-    if ! grep -q '# encrypt' $PM; then
-        echo '' >> $PM
-        echo "$proc_comment" >> $PM
-        echo ":0" >> $PM
-        echo "$proc_rule" >> $PM
-        echo "$LISTDIR/new" >> $PM
-        echo "# End of rule" >> $PM
-    else
-        filter=$(echo "$proc_comment\n:0\n${proc_rule}\n$LISTDIR/new\n# End of rule\n")
-        sed -i "/# encrypt/i ${filter}" $PM
+        # public emails are copied before the encryption stage
+        if ! grep -q '# encrypt' "$PM"; then
+            { echo '';
+              echo "$proc_comment";
+              echo ":0";
+              echo "$proc_rule";
+              echo "$LISTDIR/new";
+              echo "# End of rule"; } >> "$PM"
+        else
+            sed -i "/# encrypt/i $proc_comment\\n:0\\n${proc_rule}\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
+        fi
     fi
-    fi
-    chown $MYUSERNAME:$MYUSERNAME $PM
+    chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
 fi
 
 if [ ! -f "$MUTTRC" ]; then
-    cp /etc/Muttrc $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    cp /etc/Muttrc "$MUTTRC"
+    chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
 fi
 
 PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
-MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
-if [[ $MUTT_MAILBOXES != *$GROUP_NAME* ]]; then
-    if ! grep -q "=$GROUP_NAME" $MUTTRC; then
-    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
+if [[ "$MUTT_MAILBOXES" != *$GROUP_NAME* ]]; then
+    if ! grep -q "=$GROUP_NAME" "$MUTTRC"; then
+        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$GROUP_NAME|g" "$MUTTRC"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
     fi
 fi
 
diff --git a/src/freedombone-addlist b/src/freedombone-addlist
index 3e19c9e9..d76d4cd0 100755
--- a/src/freedombone-addlist
+++ b/src/freedombone-addlist
@@ -52,119 +52,114 @@ do
     key="$1"
 
     case $key in
-    -h|--help)
-        show_help
-        ;;
-    -u|--user)
-        shift
-        MYUSERNAME="$1"
-        ;;
-    -l|--list)
-        shift
-        MAILINGLIST="$1"
-        ;;
-    -s|--subject)
-        shift
-        SUBJECTTAG="$1"
-        ;;
-    -e|--email)
-        shift
-        LIST_ADDRESS="$1"
-        ;;
-    -p|--public)
-        shift
-        PUBLIC="$1"
-        ;;
-    *)
-        # unknown option
-        ;;
+        -h|--help)
+            show_help
+            ;;
+        -u|--user)
+            shift
+            MYUSERNAME="$1"
+            ;;
+        -l|--list)
+            shift
+            MAILINGLIST="$1"
+            ;;
+        -s|--subject)
+            shift
+            SUBJECTTAG="$1"
+            ;;
+        -e|--email)
+            shift
+            LIST_ADDRESS="$1"
+            ;;
+        -p|--public)
+            shift
+            PUBLIC="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
     esac
     shift
 done
 
-if [ ! $MYUSERNAME ]; then
+if [ ! "$MYUSERNAME" ]; then
     show_help
 fi
 
-if [[ ! $MAILINGLIST && ! $SUBJECTTAG ]]; then
+if [[ ! "$MAILINGLIST" && ! "$SUBJECTTAG" ]]; then
     show_help
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
-LISTDIR=/home/$MYUSERNAME/Maildir/$MAILINGLIST
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
+LISTDIR="/home/$MYUSERNAME/Maildir/$MAILINGLIST"
 
-if grep -q "=$MAILINGLIST" $MUTTRC; then
+if grep -q "=$MAILINGLIST" "$MUTTRC"; then
     echo $"Mailing list $MAILINGLIST was already added"
 fi
 
 if [ ! -d "$LISTDIR" ]; then
-    mkdir -m 700 $LISTDIR
-    mkdir -m 700 $LISTDIR/tmp
-    mkdir -m 700 $LISTDIR/new
-    mkdir -m 700 $LISTDIR/cur
+    mkdir -m 700 "$LISTDIR"
+    mkdir -m 700 "$LISTDIR/tmp"
+    mkdir -m 700 "$LISTDIR/new"
+    mkdir -m 700 "$LISTDIR/cur"
 fi
 
-chown -R $MYUSERNAME:$MYUSERNAME $LISTDIR
+chown -R "$MYUSERNAME":"$MYUSERNAME" "$LISTDIR"
 
 if [ ${#SUBJECTTAG} -gt 0 ]; then
     # use the subject tag
-    if ! grep -q "Subject:.*()\[$SUBJECTTAG\]" $PM; then
-    if [[ $PUBLIC != "yes" ]]; then
-        # private emails go after the encryption stage
-        filter="
-# Email rule for $MAILINGLIST subject [$SUBJECTTAG]
-:0
-  * ^Subject:.*()\[$SUBJECTTAG\]
-$LISTDIR/new
-# End of rule
-"
-        echo "$filter" >> $PM
-    else
-        # public emails are copied before hte encryption stage
-        if ! grep -q '# encrypt' $PM; then
-        filter="
-# Email rule for $MAILINGLIST subject [$SUBJECTTAG]
-:0
-  * ^Subject:.*()\[$SUBJECTTAG\]
-$LISTDIR/new
-# End of rule
-"
-        echo "$filter" >> $PM
+    if ! grep -q "Subject:.*()\\[$SUBJECTTAG\\]" "$PM"; then
+        if [[ $PUBLIC != "yes" ]]; then
+            # private emails go after the encryption stage
+            { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
+              echo ":0";
+              echo "  * ^Subject:.*()\\[$SUBJECTTAG\\]";
+              echo "$LISTDIR/new";
+              echo "# End of rule";
+              echo ""; } >> "$PM"
         else
-        filter=$(echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]\n:0\n  * ^Subject:.*()\\\[$SUBJECTTAG\\\]\n$LISTDIR/new\n# End of rule\n")
-        sed -i "/# encrypt/i ${filter}" $PM
+            # public emails are copied before hte encryption stage
+            if ! grep -q '# encrypt' "$PM"; then
+                { echo "# Email rule for $MAILINGLIST subject [$SUBJECTTAG]";
+                  echo ":0";
+                  echo "  * ^Subject:.*()\\[$SUBJECTTAG\\]";
+                  echo "$LISTDIR/new";
+                  echo "# End of rule";
+                  echo ""; } >> "$PM"
+            else
+                sed -i "/# encrypt/i # Email rule for $MAILINGLIST subject [$SUBJECTTAG]\\n:0\\n  * ^Subject:.*()\\\\[$SUBJECTTAG\\\\]\\n$LISTDIR/new\\n# End of rule\\n" "$PM"
+            fi
         fi
-    fi
-    chown $MYUSERNAME:$MYUSERNAME $PM
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 else
-    exit $(${PROJECT_NAME}-addemail -u $MYUSERNAME -e $LIST_ADDRESS -g $MAILINGLIST --public $PUBLIC)
+    exit "$("${PROJECT_NAME}-addemail" -u "$MYUSERNAME" -e "$LIST_ADDRESS" -g "$MAILINGLIST" --public "$PUBLIC")"
 fi
 
 if [ ! -f "$MUTTRC" ]; then
-    cp /etc/Muttrc $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    cp /etc/Muttrc "$MUTTRC"
+    chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
 fi
 
-PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+PROCMAILLOG="/home/$MYUSERNAME/log"
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
-MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
-if [[ $MUTT_MAILBOXES != *$MAILINGLIST* ]]; then
-    if ! grep -q "=$MAILINGLIST" $MUTTRC; then
-    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
+if [[ "$MUTT_MAILBOXES" != *$MAILINGLIST* ]]; then
+    if ! grep -q "=$MAILINGLIST" "$MUTTRC"; then
+        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$MAILINGLIST|g" "$MUTTRC"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
     fi
 fi
 
-if [ $LIST_ADDRESS ]; then
-    sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" $MUTTRC
-    if ! grep -q "subscribe $LIST_ADDRESS" $MUTTRC; then
-    echo "subscribe $LIST_ADDRESS" >> $MUTTRC
+if [ "$LIST_ADDRESS" ]; then
+    sed -i "s|unsubscribe $LIST_ADDRESS|subscribe $LIST_ADDRESS|g" "$MUTTRC"
+    if ! grep -q "subscribe $LIST_ADDRESS" "$MUTTRC"; then
+        echo "subscribe $LIST_ADDRESS" >> "$MUTTRC"
     fi
 fi
 
diff --git a/src/freedombone-addremove b/src/freedombone-addremove
index 2c8f8c5f..219d45d8 100755
--- a/src/freedombone-addremove
+++ b/src/freedombone-addremove
@@ -34,27 +34,27 @@ export TEXTDOMAIN=${PROJECT_NAME}-addremove
 export TEXTDOMAINDIR="/usr/share/locale"
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 # Start including files
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-  source $f
+    source "$f"
 done
 
 # End including files
@@ -67,17 +67,17 @@ function mark_unselected_apps_as_removed {
         return
     fi
 
-    if [ -f $REMOVED_APPS_FILE ]; then
-        rm $REMOVED_APPS_FILE
+    if [ -f "$REMOVED_APPS_FILE" ]; then
+        rm "$REMOVED_APPS_FILE"
     fi
 
     app_index=0
     for app_name in "${APPS_AVAILABLE[@]}"
     do
         if [[ ${APPS_CHOSEN[$app_index]} == "0" ]]; then
-            echo "_${app_name}_" >> $REMOVED_APPS_FILE
+            echo "_${app_name}_" >> "$REMOVED_APPS_FILE"
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 }
 
@@ -93,7 +93,7 @@ function app_expected_to_be_installed {
             echo "0"
             return
         fi
-        if ! grep -q "IN_DEFAULT_INSTALL=1" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then
+        if ! grep -q "IN_DEFAULT_INSTALL=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
             echo "0"
             return
         fi
@@ -102,7 +102,7 @@ function app_expected_to_be_installed {
 }
 
 function show_apps {
-    select_all_apps=$1
+    select_all_apps="$1"
     applist=""
     n=1
     app_index=0
@@ -117,19 +117,20 @@ function show_apps {
                 applist="$applist $n $a on"
             fi
         fi
-        n=$[n+1]
-        app_index=$[app_index+1]
+        n=$((n+1))
+        app_index=$((app_index+1))
     done
 
     choices=$(dialog --stdout --backtitle $"Freedombone" \
                      --title $"Add/Remove Applications" \
                      --checklist $'Choose:' \
-                     27 40 20 $applist)
+                     27 40 20 "$applist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
         for choice in $choices
         do
-            app_index=$[choice-1]
+            app_index=$((choice-1))
             APPS_CHOSEN[$app_index]="1"
         done
     else
@@ -151,10 +152,10 @@ function remove_apps_selected {
                 else
                     removals="${APPS_AVAILABLE[$app_index]}"
                 fi
-                n=$[n+1]
+                n=$((n+1))
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 
     # if no apps to be removed then don't do anything
@@ -166,7 +167,7 @@ function remove_apps_selected {
     dialog --title $"Remove applications" \
            --backtitle $"Freedombone" \
            --defaultno \
-           --yesno $"\nYou have chosen to remove $n apps.\n\n    $removals\n\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\n\nAre you sure that you wish to continue?" 15 60
+           --yesno $"\\nYou have chosen to remove $n apps.\\n\\n    $removals\\n\\nIf you choose 'yes' then this will remove both the applications and their data/messages. If you don't have a backup then you will not be able to recover the data for these applications.\\n\\nAre you sure that you wish to continue?" 15 60
     sel=$?
     case $sel in
         1) return;;
@@ -195,10 +196,10 @@ function install_apps_selected {
                 else
                     installs="${APPS_AVAILABLE[$app_index]}"
                 fi
-                n=$[n+1]
+                n=$((n+1))
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 
     # if no apps to be installed then don't do anything
@@ -212,13 +213,13 @@ function install_apps_selected {
             dialog --title $"$installs" \
                    --backtitle $"Freedombone" \
                    --defaultno \
-                   --yesno $"\nThis will install the $installs app\n\nProceed?" 9 40
+                   --yesno $"\\nThis will install the $installs app\\n\\nProceed?" 9 40
         else
-            dialog_height=$((15 + $n))
+            dialog_height=$((15 + "$n"))
             dialog --title $"Add applications" \
                    --backtitle $"Freedombone" \
                    --defaultno \
-                   --yesno $"\nYou have chosen to install $n apps\n\n    $installs\n\nProceed?" $dialog_height 60
+                   --yesno $"\\nYou have chosen to install $n apps\\n\\n    $installs\\n\\nProceed?" $dialog_height 60
         fi
         sel=$?
         case $sel in
@@ -232,14 +233,13 @@ function install_apps_selected {
     # install the apps
     read_configuration
     install_apps interactive
-    if [ ! $APP_INSTALLED_SUCCESS ]; then
+    if [ ! "$APP_INSTALLED_SUCCESS" ]; then
         echo $'One or more apps failed to install'
     fi
 }
 
 if [[ $1 == "test"* ]]; then
-    ${PROJECT_NAME}-tests
-    if [ ! "$?" = "0" ]; then
+    if ! ${PROJECT_NAME}-tests; then
         exit 2
     fi
 fi
@@ -251,8 +251,8 @@ if [[ ${#APPS_AVAILABLE[@]} == 0 ]]; then
     exit 1
 fi
 
-show_apps $1
-mark_unselected_apps_as_removed $1
+show_apps "$1"
+mark_unselected_apps_as_removed "$1"
 
 clear
 
diff --git a/src/freedombone-adduser b/src/freedombone-adduser
index 9271fca4..9dfb9178 100755
--- a/src/freedombone-adduser
+++ b/src/freedombone-adduser
@@ -34,18 +34,18 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-adduser
 export TEXTDOMAINDIR="/usr/share/locale"
 
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 ADD_USERNAME=$1
@@ -55,35 +55,35 @@ SSH_PORT=2222
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 DEFAULT_DOMAIN_NAME=
 
-if [ ! $ADD_USERNAME ]; then
+if [ ! "$ADD_USERNAME" ]; then
     echo $'No username was given'
     exit 1
 fi
 
-if [ -d /home/$ADD_USERNAME ]; then
+if [ -d "/home/$ADD_USERNAME" ]; then
     echo $"The user $ADD_USERNAME already exists"
     exit 2
 fi
 
-if [ ! -f $COMPLETION_FILE ]; then
+if [ ! -f "$COMPLETION_FILE" ]; then
     echo $"$COMPLETION_FILE not found"
-    userdel -r $ADD_USERNAME
+    userdel -r "$ADD_USERNAME"
     exit 3
 fi
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
-NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
+NEW_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
 chmod 600 /etc/shadow
 chmod 600 /etc/gshadow
-useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME
-adduser $ADD_USERNAME sasl
-groupadd $ADD_USERNAME
+useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash "$ADD_USERNAME"
+adduser "$ADD_USERNAME" sasl
+groupadd "$ADD_USERNAME"
 chmod 0000 /etc/shadow
 chmod 0000 /etc/gshadow
 
-if [ ! -d /home/$ADD_USERNAME ]; then
+if [ ! -d "/home/$ADD_USERNAME" ]; then
     echo $'Home directory was not created'
     exit 4
 fi
@@ -91,15 +91,15 @@ fi
 if [ "$SSH_PUBLIC_KEY" ]; then
     if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
         if [ -f "$SSH_PUBLIC_KEY" ]; then
-            mkdir /home/$ADD_USERNAME/.ssh
-            cp $SSH_PUBLIC_KEY /home/$ADD_USERNAME/.ssh/authorized_keys
-            chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
+            mkdir "/home/$ADD_USERNAME/.ssh"
+            cp "$SSH_PUBLIC_KEY" "/home/$ADD_USERNAME/.ssh/authorized_keys"
+            chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
             echo $'ssh public key installed'
         else
             if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
-                mkdir /home/$ADD_USERNAME/.ssh
-                echo "$SSH_PUBLIC_KEY" > /home/$ADD_USERNAME/.ssh/authorized_keys
-                chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.ssh
+                mkdir "/home/$ADD_USERNAME/.ssh"
+                echo "$SSH_PUBLIC_KEY" > "/home/$ADD_USERNAME/.ssh/authorized_keys"
+                chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.ssh"
                 echo $'ssh public key installed'
             else
                 echo $'The second parameter does not look like an ssh key'
@@ -109,55 +109,54 @@ if [ "$SSH_PUBLIC_KEY" ]; then
     fi
 fi
 
-if [ -d /home/$ADD_USERNAME/Maildir ]; then
-    if grep -q "set from=" /home/$ADD_USERNAME/.muttrc; then
-        sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" /home/$ADD_USERNAME/.muttrc
+if [ -d "/home/$ADD_USERNAME/Maildir" ]; then
+    if grep -q "set from=" "/home/$ADD_USERNAME/.muttrc"; then
+        sed -i "s|set from=.*|set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'|g" "/home/$ADD_USERNAME/.muttrc"
     else
-        echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> /home/$ADD_USERNAME/.muttrc
+        echo "set from='$ADD_USERNAME <$ADD_USERNAME@$HOSTNAME>'" >> "/home/$ADD_USERNAME/.muttrc"
     fi
 
-    USERN='$USER@'
-    sed -i "s|$USERN|$ADD_USERNAME@|g" /home/$ADD_USERNAME/.procmailrc
+    sed -i "s|\$USER@|$ADD_USERNAME@|g" "/home/$ADD_USERNAME/.procmailrc"
 fi
 
 # generate a gpg key
 echo "Making a GPG key for $ADD_USERNAME@$HOSTNAME"
-mkdir /home/$ADD_USERNAME/.gnupg
-echo "keyserver $GPG_KEYSERVER" >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'keyserver-options auto-key-retrieve' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo '' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo '# default preferences' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'personal-digest-preferences SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'cert-digest-algo SHA256' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
-echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> /home/$ADD_USERNAME/.gnupg/gpg.conf
+mkdir "/home/$ADD_USERNAME/.gnupg"
+{ echo "keyserver $GPG_KEYSERVER";
+  echo 'keyserver-options auto-key-retrieve';
+  echo '';
+  echo '# default preferences';
+  echo 'personal-digest-preferences SHA256';
+  echo 'cert-digest-algo SHA256';
+  echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "/home/$ADD_USERNAME/.gnupg/gpg.conf"
 
-chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
-chmod 700 /home/$ADD_USERNAME/.gnupg
-chmod 600 /home/$ADD_USERNAME/.gnupg/*
+chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
+chmod 700 "/home/$ADD_USERNAME/.gnupg"
+chmod 600 "/home/$ADD_USERNAME/.gnupg/*"
 
 # Generate a GPG key
-echo 'Key-Type: eddsa' > /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Key-Curve: Ed25519' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Subkey-Type: eddsa' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo "Name-Real:  $ADD_USERNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo "Name-Email: $ADD_USERNAME@$HOSTNAME" >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo 'Expire-Date: 0' >> /home/$ADD_USERNAME/gpg-genkey.conf
-echo "Passphrase: $NEW_USER_PASSWORD" >> /home/$ADD_USERNAME/gpg-genkey.conf
-chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/gpg-genkey.conf
-su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - $ADD_USERNAME
-chown -R $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/.gnupg
-shred -zu /home/$ADD_USERNAME/gpg-genkey.conf
+{ echo 'Key-Type: eddsa';
+  echo 'Key-Curve: Ed25519';
+  echo 'Subkey-Type: eddsa';
+  echo "Name-Real:  $ADD_USERNAME";
+  echo "Name-Email: $ADD_USERNAME@$HOSTNAME";
+  echo 'Expire-Date: 0';
+  echo "Passphrase: $NEW_USER_PASSWORD"; } > "/home/$ADD_USERNAME/gpg-genkey.conf"
+chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/gpg-genkey.conf"
+su -m root -c "gpg --homedir /home/$ADD_USERNAME/.gnupg --batch --full-gen-key /home/$ADD_USERNAME/gpg-genkey.conf" - "$ADD_USERNAME"
+chown -R "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/.gnupg"
+shred -zu "/home/$ADD_USERNAME/gpg-genkey.conf"
 MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADD_USERNAME" "$ADD_USERNAME@$HOSTNAME")
-MY_GPG_PUBLIC_KEY=/home/$ADD_USERNAME/public_key.gpg
-su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $ADD_USERNAME
+MY_GPG_PUBLIC_KEY="/home/$ADD_USERNAME/public_key.gpg"
+su -m root -c "gpg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - "$ADD_USERNAME"
 
-if [ ! -f $MY_GPG_PUBLIC_KEY ]; then
+if [ ! -f "$MY_GPG_PUBLIC_KEY" ]; then
     echo "GPG public key was not generated for $ADD_USERNAME@$HOSTNAME $MY_GPG_PUBLIC_KEY_ID"
-    userdel -r $ADD_USERNAME
+    userdel -r "$ADD_USERNAME"
     exit 7
 fi
 
-gpg_agent_setup $ADD_USERNAME
+gpg_agent_setup "$ADD_USERNAME"
 
 # add a monkeysphere subkey
 #echo $'Adding monkeysphere subkey'
@@ -173,82 +172,82 @@ gpg_agent_setup $ADD_USERNAME
 #echo $'Updating monkeysphere users'
 #monkeysphere-authentication update-users
 
-if [ -f /home/$ADD_USERNAME/.muttrc ]; then
+if [ -f "/home/$ADD_USERNAME/.muttrc" ]; then
     # encrypt outgoing mail to the "sent" folder
-    if ! grep -q "pgp_encrypt_only_command" /home/$ADD_USERNAME/.muttrc; then
-        echo '' >> /home/$ADD_USERNAME/.muttrc
-        echo $'# Encrypt items in the Sent folder' >> /home/$ADD_USERNAME/.muttrc
-        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_only_command" "/home/$ADD_USERNAME/.muttrc"; then
+        { echo '';
+          echo $'# Encrypt items in the Sent folder';
+          echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$ADD_USERNAME/.muttrc"
     else
-        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
     fi
 
-    if ! grep -q "pgp_encrypt_sign_command" /home/$ADD_USERNAME/.muttrc; then
-        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$ADD_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_sign_command" "/home/$ADD_USERNAME/.muttrc"; then
+        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$ADD_USERNAME/.muttrc"
     else
-        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$ADD_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$ADD_USERNAME/.muttrc"
     fi
 fi
 
-if ! grep -q "Change your GPG password" /home/$ADD_USERNAME/README; then
-    echo '' >> /home/$ADD_USERNAME/README
-    echo '' >> /home/$ADD_USERNAME/README
-    echo $'# Change your GPG password' >> /home/$ADD_USERNAME/README
-    echo $"It's very important to add a password to your GPG key so that" >> /home/$ADD_USERNAME/README
-    echo $"if anyone does get access to your email they still won't be able" >> /home/$ADD_USERNAME/README
-    echo $'to read them without knowning the GPG password.' >> /home/$ADD_USERNAME/README
-    echo $'You can change the it with:' >> /home/$ADD_USERNAME/README
-    echo '' >> /home/$ADD_USERNAME/README
-    echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID" >> /home/$ADD_USERNAME/README
-    echo '  passwd' >> /home/$ADD_USERNAME/README
-    echo '  save' >> /home/$ADD_USERNAME/README
-    echo '  quit' >> /home/$ADD_USERNAME/README
+if ! grep -q "Change your GPG password" "/home/$ADD_USERNAME/README"; then
+    { echo '';
+      echo '';
+      echo $'# Change your GPG password';
+      echo $"It's very important to add a password to your GPG key so that";
+      echo $"if anyone does get access to your email they still won't be able";
+      echo $'to read them without knowning the GPG password.';
+      echo $'You can change the it with:';
+      echo '';
+      echo "  gpg --edit-key $MY_GPG_PUBLIC_KEY_ID";
+      echo '  passwd';
+      echo '  save';
+      echo '  quit'; } >> "/home/$ADD_USERNAME/README"
 fi
 
-chown $ADD_USERNAME:$ADD_USERNAME /home/$ADD_USERNAME/README
-chown $ADD_USERNAME:$ADD_USERNAME $MY_GPG_PUBLIC_KEY
-chmod 600 /home/$ADD_USERNAME/README
+chown "$ADD_USERNAME":"$ADD_USERNAME" "/home/$ADD_USERNAME/README"
+chown "$ADD_USERNAME":"$ADD_USERNAME" "$MY_GPG_PUBLIC_KEY"
+chmod 600 "/home/$ADD_USERNAME/README"
 
 echo $'Detecting installed apps...'
 detect_apps
 get_apps_installed_names
 for app_name in "${APPS_INSTALLED_NAMES[@]}"
 do
-    if [[ $(function_exists add_user_${app_name}) == "1" ]]; then
+    if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then
         echo $"Adding user to ${app_name}"
-        app_load_variables ${app_name}
-        retval=$(add_user_${app_name} "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
+        app_load_variables "${app_name}"
+        retval=$("add_user_${app_name}" "$ADD_USERNAME" "$NEW_USER_PASSWORD" | tail -n 1)
         if [[ $retval != '0' ]]; then
             echo $"Failed with error code ${retval}"
-            ${PROJECT_NAME}-rmuser $ADD_USERNAME --force
+            "${PROJECT_NAME}-rmuser" "$ADD_USERNAME" --force
             exit 672392
         fi
-        if ! grep -q "${app_name}_${ADD_USERNAME}" $APP_USERS_FILE; then
-            echo "${app_name}_${ADD_USERNAME}" >> $APP_USERS_FILE
+        if ! grep -q "${app_name}_${ADD_USERNAME}" "$APP_USERS_FILE"; then
+            echo "${app_name}_${ADD_USERNAME}" >> "$APP_USERS_FILE"
         fi
     fi
 done
 
 if [ -f /etc/nginx/.htpasswd ]; then
     if ! grep -q "${ADD_USERNAME}:" /etc/nginx/.htpasswd; then
-        echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd $ADD_USERNAME
+        echo "$NEW_USER_PASSWORD" | htpasswd -i -s /etc/nginx/.htpasswd "$ADD_USERNAME"
     fi
 fi
 
 # add user menu on ssh login
-if ! grep -q 'controluser' /home/$ADD_USERNAME/.bashrc; then
-    echo 'controluser' >> /home/$ADD_USERNAME/.bashrc
+if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then
+    echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc"
 fi
 
 # fix some gpg strangeness when searching for keys
-printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$ADD_USERNAME/.gnupg/S.dirmngr
-if [ -d /home/$ADD_USERNAME/.gnupg/crls.d ]; then
-    chmod +x /home/$ADD_USERNAME/.gnupg/crls.d
+printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$ADD_USERNAME/.gnupg/S.dirmngr"
+if [ -d "/home/$ADD_USERNAME/.gnupg/crls.d" ]; then
+    chmod +x "/home/$ADD_USERNAME/.gnupg/crls.d"
 fi
 
-${PROJECT_NAME}-pass -u $ADD_USERNAME -a login -p "$NEW_USER_PASSWORD"
+"${PROJECT_NAME}-pass" -u "$ADD_USERNAME" -a login -p "$NEW_USER_PASSWORD"
 
-gpg_agent_enable $ADD_USERNAME
+gpg_agent_enable "$ADD_USERNAME"
 
 clear
 
diff --git a/src/freedombone-app-akaunting b/src/freedombone-app-akaunting
index 82fbc44d..6887c7a4 100755
--- a/src/freedombone-app-akaunting
+++ b/src/freedombone-app-akaunting
@@ -49,12 +49,12 @@ akaunting_variables=(ONION_ONLY
                      MY_USERNAME)
 
 function akaunting_remove_bad_links {
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 365873658
 
     # copy jquery locally
     jquery_version='1.12.4'
     if [ ! -f jquery-${jquery_version}.js ]; then
-        cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+        cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3276324
         wget https://code.jquery.com/jquery-${jquery_version}.js
         jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
         if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@@ -74,7 +74,7 @@ function akaunting_remove_bad_links {
     sed -i '/googleapi/d' vendor/almasaeed2010/adminlte/dist/css/alt/AdminLTE-without-plugins.min.css
     sed -i "s|ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js|$AKAUNTING_DOMAIN_NAME/jquery-${jquery_version}.js|g" vendor/almasaeed2010/adminlte/plugins/ckeditor/samples/old/jquery.html
 
-    chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
 }
 
 function logging_on_akaunting {
@@ -88,65 +88,66 @@ function logging_off_akaunting {
 function remove_user_akaunting {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp akaunting
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp akaunting
 }
 
 function add_user_akaunting {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a akaunting -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a akaunting -p "$new_user_password"
 
     echo '0'
 }
 
 function install_interactive_akaunting {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         AKAUNTING_DOMAIN_NAME='akaunting.local'
     else
         AKAUNTING_DETAILS_COMPLETE=
         while [ ! $AKAUNTING_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Akaunting Configuration" \
-                       --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'AKAUNTING_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Akaunting Configuration" \
-                       --form $"\nPlease enter your Akaunting details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your Akaunting details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'AKAUNTING_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            AKAUNTING_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $AKAUNTING_DOMAIN_NAME ]; then
+            AKAUNTING_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$AKAUNTING_DOMAIN_NAME" ]; then
                 if [[ $AKAUNTING_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     AKAUNTING_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$AKAUNTING_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $AKAUNTING_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$AKAUNTING_DOMAIN_NAME" ]]; then
                     AKAUNTING_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        AKAUNTING_CODE=$(cat $data | sed -n 2p)
+                        AKAUNTING_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$AKAUNTING_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             AKAUNTING_DOMAIN_NAME=
                         fi
                     fi
@@ -155,6 +156,7 @@ function install_interactive_akaunting {
             if [ $AKAUNTING_DOMAIN_NAME ]; then
                 AKAUNTING_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         write_config_param "AKAUNTING_CODE" "$AKAUNTING_CODE"
@@ -169,23 +171,23 @@ function change_password_akaunting {
 
     read_config_param 'AKAUNTING_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a akaunting -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a akaunting -p "$new_user_password"
 }
 
 function akaunting_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        AKAUNTING_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        AKAUNTING_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then
-            AKAUNTING_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
+            AKAUNTING_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $AKAUNTING_ADMIN_PASSWORD ]; then
+    if [ ! "$AKAUNTING_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" $MY_USERNAME
+    create_database akaunting "$AKAUNTING_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_akaunting {
@@ -198,70 +200,69 @@ function upgrade_akaunting {
         return
     fi
 
-    if grep -q "akaunting domain" $COMPLETION_FILE; then
+    if grep -q "akaunting domain" "$COMPLETION_FILE"; then
         AKAUNTING_DOMAIN_NAME=$(get_completion_param "akaunting domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$AKAUNTING_DOMAIN_NAME/htdocs "akaunting commit" "$AKAUNTING_COMMIT" $AKAUNTING_REPO
+    set_repo_commit "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" "akaunting commit" "$AKAUNTING_COMMIT" "$AKAUNTING_REPO"
 
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 367835
     install_composer
     akaunting_remove_bad_links
 
-    chown -R www-data:www-data /var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_akaunting {
-    akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
-    if [ -d $akaunting_path ]; then
-        suspend_site ${AKAUNTING_DOMAIN_NAME}
+    akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
+    if [ -d "$akaunting_path" ]; then
+        suspend_site "${AKAUNTING_DOMAIN_NAME}"
         function_check backup_database_to_usb
         backup_database_to_usb akaunting
-        backup_directory_to_usb $akaunting_path akaunting
+        backup_directory_to_usb "$akaunting_path" akaunting
         restart_site
     fi
 }
 
 function restore_local_akaunting {
     temp_restore_dir=/root/tempakaunting
-    akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
+    akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
 
-    suspend_site ${AKAUNTING_DOMAIN_NAME}
+    suspend_site "${AKAUNTING_DOMAIN_NAME}"
 
     function_check akaunting_create_database
     akaunting_create_database
 
-    restore_database akaunting ${AKAUNTING_DOMAIN_NAME}
-    chown www-data:www-data $akaunting_dir
+    restore_database akaunting "${AKAUNTING_DOMAIN_NAME}"
+    chown www-data:www-data "$akaunting_dir"
 
     restart_site
 }
 
 function backup_remote_akaunting {
-    akaunting_path=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
-    if [ -d $akaunting_path ]; then
-        suspend_site ${AKAUNTING_DOMAIN_NAME}
+    akaunting_path="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
+    if [ -d "$akaunting_path" ]; then
+        suspend_site "${AKAUNTING_DOMAIN_NAME}"
         function_check backup_database_to_friend
         backup_database_to_friend akaunting
-        backup_directory_to_friend $akaunting_path akaunting
+        backup_directory_to_friend "$akaunting_path" akaunting
         restart_site
     fi
 }
 
 function restore_remote_akaunting {
-    temp_restore_dir=/root/tempakaunting
-    akaunting_dir=/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs
+    akaunting_dir="/var/www/${AKAUNTING_DOMAIN_NAME}/htdocs"
 
-    suspend_site ${AKAUNTING_DOMAIN_NAME}
+    suspend_site "${AKAUNTING_DOMAIN_NAME}"
 
     function_check akaunting_create_database
     akaunting_create_database
 
-    restore_database_from_friend akaunting ${AKAUNTING_DOMAIN_NAME}
-    chown www-data:www-data $akaunting_dir
+    restore_database_from_friend akaunting "${AKAUNTING_DOMAIN_NAME}"
+    chown www-data:www-data "$akaunting_dir"
 
     restart_site
 }
@@ -274,28 +275,28 @@ function remove_akaunting {
     read_config_param "AKAUNTING_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $AKAUNTING_DOMAIN_NAME"
-    nginx_dissite $AKAUNTING_DOMAIN_NAME
-    remove_certs $AKAUNTING_DOMAIN_NAME
+    nginx_dissite "$AKAUNTING_DOMAIN_NAME"
+    remove_certs "$AKAUNTING_DOMAIN_NAME"
 
-    if [ -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then
-        rm -rf /var/www/$AKAUNTING_DOMAIN_NAME
+    if [ -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$AKAUNTING_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database akaunting
     function_check remove_onion_service
-    remove_onion_service akaunting ${AKAUNTING_ONION_PORT}
+    remove_onion_service akaunting "${AKAUNTING_ONION_PORT}"
     if grep -q "akaunting" /etc/crontab; then
         sed -i "/akaunting/d" /etc/crontab
     fi
     remove_app akaunting
     remove_completion_param install_akaunting
-    sed -i '/akaunting/d' $COMPLETION_FILE
+    sed -i '/akaunting/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $AKAUNTING_DOMAIN_NAME
+    remove_ddns_domain "$AKAUNTING_DOMAIN_NAME"
 }
 
 function install_akaunting {
@@ -303,7 +304,7 @@ function install_akaunting {
         ONION_ONLY='no'
     fi
 
-    if [ ! $AKAUNTING_DOMAIN_NAME ]; then
+    if [ ! "$AKAUNTING_DOMAIN_NAME" ]; then
         echo $'No domain name was given for akaunting'
         exit 89353
     fi
@@ -317,142 +318,142 @@ function install_akaunting {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME ]; then
-        mkdir /var/www/$AKAUNTING_DOMAIN_NAME
+    if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$AKAUNTING_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
         if [ -d /repos/akaunting ]; then
-            mkdir /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-            cp -r -p /repos/akaunting/. /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-            cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/akaunting/. "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
+            cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23458735
             git pull
         else
             function_check git_clone
-            git_clone $AKAUNTING_REPO /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+            git_clone "$AKAUNTING_REPO" "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$AKAUNTING_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone akaunting repo'
             exit 2589389
         fi
     fi
 
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-    git checkout $AKAUNTING_COMMIT -b $AKAUNTING_COMMIT
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 23468724527
+    git checkout "$AKAUNTING_COMMIT" -b "$AKAUNTING_COMMIT"
     set_completion_param "akaunting commit" "$AKAUNTING_COMMIT"
 
-    chmod g+w /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs"
 
-    cd /var/www/$AKAUNTING_DOMAIN_NAME/htdocs
+    cd "/var/www/$AKAUNTING_DOMAIN_NAME/htdocs" || exit 34783524
     install_composer
 
     function_check akaunting_create_database
     akaunting_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $AKAUNTING_DOMAIN_NAME
+    add_ddns_domain "$AKAUNTING_DOMAIN_NAME"
 
     AKAUNTING_ONION_HOSTNAME=$(add_onion_service akaunting 80 ${AKAUNTING_ONION_PORT})
 
     akaunting_nginx_site=/etc/nginx/sites-available/$AKAUNTING_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $AKAUNTING_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $akaunting_nginx_site
-        echo '  listen 443 ssl;' >> $akaunting_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $akaunting_nginx_site
-        echo "  server_name $AKAUNTING_DOMAIN_NAME;" >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
+        nginx_http_redirect "$AKAUNTING_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $AKAUNTING_DOMAIN_NAME;";
+          echo ''; } >> "$akaunting_nginx_site"
         function_check nginx_compress
-        nginx_compress $AKAUNTING_DOMAIN_NAME
-        echo '' >> $akaunting_nginx_site
-        echo '  # Security' >> $akaunting_nginx_site
+        nginx_compress "$AKAUNTING_DOMAIN_NAME"
+        echo '' >> "$akaunting_nginx_site"
+        echo '  # Security' >> "$akaunting_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $AKAUNTING_DOMAIN_NAME
+        nginx_ssl "$AKAUNTING_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME
+        nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  access_log /dev/null;' >> $akaunting_nginx_site
-        echo '  error_log /dev/null;' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  index index.php;' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location ~ \.php {' >> $akaunting_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location / {' >> $akaunting_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  location / {'; } >> "$akaunting_nginx_site"
         function_check nginx_limits
-        nginx_limits $AKAUNTING_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location @akaunting {' >> $akaunting_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $akaunting_nginx_site
-        echo '    deny all;' >> $akaunting_nginx_site
-        echo '  }' >> $akaunting_nginx_site
-        echo '' >> $akaunting_nginx_site
-        echo '}' >> $akaunting_nginx_site
+        nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @akaunting;";
+          echo '  }';
+          echo '';
+          echo '  location @akaunting {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$akaunting_nginx_site"
     else
-        echo -n '' > $akaunting_nginx_site
+        echo -n '' > "$akaunting_nginx_site"
     fi
-    echo 'server {' >> $akaunting_nginx_site
-    echo "    listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;" >> $akaunting_nginx_site
-    echo "    server_name $AKAUNTING_ONION_HOSTNAME;" >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    function_check nginx_compress
-    nginx_compress $AKAUNTING_DOMAIN_NAME
-    echo '' >> $akaunting_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$AKAUNTING_ONION_PORT default_server;";
+      echo "    server_name $AKAUNTING_ONION_HOSTNAME;";
+      echo ''; } >> "$akaunting_nginx_site"
+      function_check nginx_compress
+    nginx_compress "$AKAUNTING_DOMAIN_NAME"
+    echo '' >> "$akaunting_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $AKAUNTING_DOMAIN_NAME
-    echo '' >> $akaunting_nginx_site
-    echo '  access_log /dev/null;' >> $akaunting_nginx_site
-    echo '  error_log /dev/null;' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;" >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  index index.php;' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location ~ \.php {' >> $akaunting_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $akaunting_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $akaunting_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location / {' >> $akaunting_nginx_site
+    nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
+    { echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$AKAUNTING_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  location / {'; } >> "$akaunting_nginx_site"
     function_check nginx_limits
-    nginx_limits $AKAUNTING_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @akaunting;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location @akaunting {' >> $akaunting_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '' >> $akaunting_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $akaunting_nginx_site
-    echo '    deny all;' >> $akaunting_nginx_site
-    echo '  }' >> $akaunting_nginx_site
-    echo '}' >> $akaunting_nginx_site
+    nginx_limits "$AKAUNTING_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @akaunting;";
+      echo '  }';
+      echo '';
+      echo '  location @akaunting {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$akaunting_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $AKAUNTING_DOMAIN_NAME 'yes'
+    create_site_certificate "$AKAUNTING_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $AKAUNTING_DOMAIN_NAME
+    nginx_ensite "$AKAUNTING_DOMAIN_NAME"
 
     akaunting_remove_bad_links
 
@@ -460,7 +461,7 @@ function install_akaunting {
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a akaunting -p "$AKAUNTING_ADMIN_PASSWORD"
 
     set_completion_param "akaunting domain" "$AKAUNTING_DOMAIN_NAME"
 
diff --git a/src/freedombone-app-batman b/src/freedombone-app-batman
index dfe27c37..22c64170 100755
--- a/src/freedombone-app-batman
+++ b/src/freedombone-app-batman
@@ -90,8 +90,7 @@ function restore_remote_batman {
 }
 
 function remove_batman {
-    ${PROJECT_NAME}-mesh-install -f batman --remove yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f batman --remove yes; then
         echo $'Failed to remove batman'
         exit 79353
     fi
@@ -100,45 +99,46 @@ function remove_batman {
 }
 
 function mesh_install_batman {
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl
     chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git
     chroot "$rootdir" apt-get -yq install wireless-tools rfkill
 
-    if ! grep -q "batman_adv" $rootdir/etc/modules; then
-        echo 'batman_adv' >> $rootdir/etc/modules
+    if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
+        echo 'batman_adv' >> "$rootdir/etc/modules"
     fi
 
     BATMAN_SCRIPT=$rootdir/var/lib/batman
 
-    if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
-        cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+    if [ -f "/usr/local/bin/${PROJECT_NAME}-mesh-batman" ]; then
+        cp "/usr/local/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
     else
-        cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
+        cp "/usr/bin/${PROJECT_NAME}-mesh-batman" "$BATMAN_SCRIPT"
     fi
 
     BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
-    echo '[Unit]' > $BATMAN_DAEMON
-    echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
-    echo 'After=network.target' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Service]' >> $BATMAN_DAEMON
-    echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
-    echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
-    echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
-    echo 'Restart=on-failure' >> $BATMAN_DAEMON
-    echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
-    echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
-    echo 'TimeoutSec=300' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Install]' >> $BATMAN_DAEMON
-    echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+    { echo '[Unit]';
+      echo 'Description=B.A.T.M.A.N. Advanced';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'RemainAfterExit=yes';
+      echo "ExecStart=/var/lib/batman start";
+      echo "ExecStop=/var/lib/batman stop";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '# Allow time for the server to start/stop';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
     chroot "$rootdir" systemctl enable batman
 }
 
 function install_batman {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_batman
         return
     fi
@@ -146,8 +146,7 @@ function install_batman {
         return
     fi
 
-    ${PROJECT_NAME}-mesh-install -f batman
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f batman; then
         echo $'Failed to install batman'
         exit 72524
     fi
diff --git a/src/freedombone-app-bdsmail b/src/freedombone-app-bdsmail
index 20ae44f1..1c9163da 100755
--- a/src/freedombone-app-bdsmail
+++ b/src/freedombone-app-bdsmail
@@ -49,29 +49,29 @@ function bdsmail_configure_users {
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
 
             # Add the user to the i2p group
-            usermod -a -G i2psvc $USERNAME
+            usermod -a -G i2psvc "$USERNAME"
 
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 # Create a mutt i2p folder
-                if ! grep -q ' =i2p' /home/$USERNAME/.muttrc; then
-                    MUTT_MAILBOXES=$(grep "mailboxes =" /home/$USERNAME/.muttrc)
-                    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" /home/$USERNAME/.muttrc
+                if ! grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
+                    MUTT_MAILBOXES=$(grep "mailboxes =" "/home/$USERNAME/.muttrc")
+                    sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =i2p|g" "/home/$USERNAME/.muttrc"
                 fi
 
                 # Create a mutt folder hook to the i2p config
-                if ! grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then
-                    echo 'folder-hook !i2p/*     source ~/.muttrc' >> /home/$USERNAME/.muttrc
+                if ! grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
+                    echo 'folder-hook !i2p/*     source ~/.muttrc' >> "/home/$USERNAME/.muttrc"
                 fi
-                if ! grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then
-                    echo 'folder-hook i2p/*     source ~/.mutt/bdsmail' >> /home/$USERNAME/.muttrc
+                if ! grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
+                    echo 'folder-hook i2p/*     source ~/.mutt/bdsmail' >> "/home/$USERNAME/.muttrc"
                 fi
             fi
 
             # Create a directory where i2p mail will be stored
-            if [ ! -d /home/$USERNAME/Maildir/i2p/new ]; then
-                mkdir -p /home/$USERNAME/Maildir/i2p/cur
-                mkdir -p /home/$USERNAME/Maildir/i2p/new
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/Maildir/i2p
+            if [ ! -d "/home/$USERNAME/Maildir/i2p/new" ]; then
+                mkdir -p "/home/$USERNAME/Maildir/i2p/cur"
+                mkdir -p "/home/$USERNAME/Maildir/i2p/new"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/Maildir/i2p"
             fi
         fi
     done
@@ -93,18 +93,18 @@ function add_user_bdsmail {
     new_username="$1"
     new_user_password="$2"
 
-    if [ ! -d /home/$new_username/.mutt ]; then
-        mkdir /home/$new_username/.mutt
-        cp /etc/skel/.mutt/bdsmail /home/$new_username/.mutt
+    if [ ! -d "/home/$new_username/.mutt" ]; then
+        mkdir "/home/$new_username/.mutt"
+        cp /etc/skel/.mutt/bdsmail "/home/$new_username/.mutt"
     fi
     read_config_param MY_USERNAME
-    BDSMAIL_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail)
-    sed -i "s|username|$new_username|g" /home/$new_username/.mutt/bdsmail
-    sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$new_username/.mutt/bdsmail
+    BDSMAIL_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail)
+    sed -i "s|username|$new_username|g" "/home/$new_username/.mutt/bdsmail"
+    sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$new_username/.mutt/bdsmail"
     bdsmail_configure_users
-    cd $BDSMAIL_DIR
-    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $new_username /home/$new_username/Maildir/i2p "$BDSMAIL_PASSWORD"
-    chown -R $new_username:$new_username /home/$new_username/.mutt
+    cd $BDSMAIL_DIR || exit 57247684234
+    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$new_username" "/home/$new_username/Maildir/i2p" "$BDSMAIL_PASSWORD"
+    chown -R "$new_username":"$new_username" "/home/$new_username/.mutt"
     echo '0'
 }
 
@@ -117,16 +117,16 @@ function change_password_bdsmail {
     curr_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$new_user_password"
 
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" /home/${USERNAME}/.mutt/bdsmail
-            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail
-            chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail
+            sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" "/home/${USERNAME}/.mutt/bdsmail"
+            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
+            chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
             cd $BDSMAIL_DIR
-            $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $curr_username /home/$curr_username/Maildir/i2p "$new_user_password"
+            $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$curr_username" "/home/$curr_username/Maildir/i2p" "$new_user_password"
         fi
     done
 }
@@ -136,9 +136,9 @@ function bdsmail_update_domain {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            cp /etc/skel/.mutt/bdsmail /home/${USERNAME}/.mutt/bdsmail
-            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" /home/${USERNAME}/.mutt/bdsmail
-            chown ${USERNAME}:${USERNAME} /home/${USERNAME}/.mutt/bdsmail
+            cp /etc/skel/.mutt/bdsmail "/home/${USERNAME}/.mutt/bdsmail"
+            sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
+            chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
         fi
     done
 }
@@ -154,7 +154,7 @@ function bdsmail_wait_for_key_generation {
         sleep 30
         bds_domain=$(bdsmail_domain)
         sleep_ctr=$((sleep_ctr + 1))
-        if [ $sleep_ctr -gt 100 ]; then
+        if [ "$sleep_ctr" -gt 100 ]; then
             break
         fi
     done
@@ -178,9 +178,9 @@ function upgrade_bdsmail {
     fi
 
     # update to the next commit
-    set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" $BDSMAIL_REPO
-    cd $BDSMAIL_DIR
-    make GOROOT=/home/go/go${GO_VERSION}
+    set_repo_commit $BDSMAIL_DIR "bdsmail commit" "$BDSMAIL_COMMIT" "$BDSMAIL_REPO"
+    cd $BDSMAIL_DIR || exit 2457245
+    make GOROOT="/home/go/go${GO_VERSION}"
     chown -R i2psvc:i2psvc $BDSMAIL_DIR
     systemctl restart bdsmail
 
@@ -210,7 +210,7 @@ function restore_local_bdsmail {
     function_check restore_directory_from_usb
     restore_directory_from_usb $temp_restore_dir bdsmail
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$bdsmail_dir ]; then
+        if [ -d $temp_restore_dir$bdsmail_dir ]; then
             cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
         else
             if [ ! -d $bdsmail_dir ]; then
@@ -246,7 +246,7 @@ function restore_remote_bdsmail {
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir bdsmail
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$bdsmail_dir ]; then
+        if [ -d $temp_restore_dir$bdsmail_dir ]; then
             cp -rp $temp_restore_dir$bdsmail_dir $bdsmail_dir/
         else
             if [ ! -d $bdsmail_dir ]; then
@@ -272,33 +272,33 @@ function remove_bdsmail {
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # remove the user from the i2p group
-            deluser $USERNAME i2psvc
+            deluser "$USERNAME" i2psvc
 
             # Remove mutt folder hook to the i2p config
-            if [ -f /home/$USERNAME/.muttrc ]; then
-                if grep -q 'folder-hook !i2p' /home/$USERNAME/.muttrc; then
-                    sed -i '/folder-hook !i2p/d' /home/$USERNAME/.muttrc
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
+                if grep -q 'folder-hook !i2p' "/home/$USERNAME/.muttrc"; then
+                    sed -i '/folder-hook !i2p/d' "/home/$USERNAME/.muttrc"
                 fi
-                if grep -q 'folder-hook i2p' /home/$USERNAME/.muttrc; then
-                    sed -i '/folder-hook i2p/d' /home/$USERNAME/.muttrc
+                if grep -q 'folder-hook i2p' "/home/$USERNAME/.muttrc"; then
+                    sed -i '/folder-hook i2p/d' "/home/$USERNAME/.muttrc"
                 fi
             fi
 
             # Remove folder
-            if grep -q ' =i2p' /home/$USERNAME/.muttrc; then
-                sed -i 's| =i2p||g' /home/$USERNAME/.muttrc
+            if grep -q ' =i2p' "/home/$USERNAME/.muttrc"; then
+                sed -i 's| =i2p||g' "/home/$USERNAME/.muttrc"
             fi
 
             # NOTE: leave Maildir/i2p/cur. We might want to archive that
             # or just be reinstalling the system without losing mail
-            rm -rf /home/$USERNAME/Maildir/i2p/new
+            rm -rf "/home/$USERNAME/Maildir/i2p/new"
         fi
     done
 
     remove_i2p
     remove_app bdsmail
     remove_completion_param install_bdsmail
-    sed -i '/bdsmail/d' $COMPLETION_FILE
+    sed -i '/bdsmail/d' "$COMPLETION_FILE"
     rm -rf /etc/skel/.mutt
     if [ -d $BDSMAIL_DIR ]; then
         rm -rf $BDSMAIL_DIR
@@ -322,7 +322,7 @@ function install_bdsmail {
         cd $BDSMAIL_DIR
         git pull
     else
-        git_clone $BDSMAIL_REPO $BDSMAIL_DIR
+        git_clone "$BDSMAIL_REPO" "$BDSMAIL_DIR"
     fi
 
     if [ ! -d $BDSMAIL_DIR ]; then
@@ -331,13 +331,13 @@ function install_bdsmail {
     fi
 
     cd $BDSMAIL_DIR
-    git checkout $BDSMAIL_COMMIT -b $BDSMAIL_COMMIT
+    git checkout "$BDSMAIL_COMMIT" -b "$BDSMAIL_COMMIT"
     set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT"
 
     mkdir -p $BDSMAIL_DIR/Maildir/i2p
     chmod -R 700 $BDSMAIL_DIR/Maildir
 
-    make GOROOT=/home/go/go${GO_VERSION}
+    make GOROOT="/home/go/go${GO_VERSION}"
     if [ ! -f $BDSMAIL_DIR/bin/bdsconfig ]; then
         echo $'Unable to make bdsmail'
         exit 87923567842
@@ -347,72 +347,72 @@ function install_bdsmail {
     i2p_enable_sam
 
     # create configuration file
-    $BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
-    echo '[maild]' > $BDSMAIL_DIR/config.ini
-    echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT" >> $BDSMAIL_DIR/config.ini
-    echo 'i2pkeyfile = bdsmail-privkey.dat' >> $BDSMAIL_DIR/config.ini
-    echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT" >> $BDSMAIL_DIR/config.ini
-    echo "bindweb = 127.0.0.1:$I2P_WEB_PORT" >> $BDSMAIL_DIR/config.ini
-    echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT" >> $BDSMAIL_DIR/config.ini
-    echo 'domain = localhost' >> $BDSMAIL_DIR/config.ini
-    echo 'maildir = Maildir/i2p' >> $BDSMAIL_DIR/config.ini
-    echo 'database = localhost.sqlite' >> $BDSMAIL_DIR/config.ini
-    echo 'assets = contrib/assets/web' >> $BDSMAIL_DIR/config.ini
+    #$BDSMAIL_DIR/bin/bdsconfig > $BDSMAIL_DIR/config.ini
+    { echo '[maild]':
+      echo "i2paddr = 127.0.0.1:$I2P_SAM_PORT";
+      echo 'i2pkeyfile = bdsmail-privkey.dat';
+      echo "bindmail = 127.0.0.1:$I2P_SMTP_PORT";
+      echo "bindweb = 127.0.0.1:$I2P_WEB_PORT";
+      echo "bindpop3 = 127.0.0.1:$I2P_POP3_PORT";
+      echo 'domain = localhost';
+      echo 'maildir = Maildir/i2p';
+      echo 'database = localhost.sqlite';
+      echo 'assets = contrib/assets/web'; } > $BDSMAIL_DIR/config.ini
 
-    echo '[Unit]' > /etc/systemd/system/bdsmail.service
-    echo 'Description=bdsmail' >> /etc/systemd/system/bdsmail.service
-    echo 'After=syslog.target' >> /etc/systemd/system/bdsmail.service
-    echo 'After=network.target' >> /etc/systemd/system/bdsmail.service
-    echo '' >> /etc/systemd/system/bdsmail.service
-    echo '[Service]' >> /etc/systemd/system/bdsmail.service
-    echo 'Type=simple' >> /etc/systemd/system/bdsmail.service
-    echo 'User=i2psvc' >> /etc/systemd/system/bdsmail.service
-    echo 'Group=i2psvc' >> /etc/systemd/system/bdsmail.service
-    echo "WorkingDirectory=$BDSMAIL_DIR" >> /etc/systemd/system/bdsmail.service
-    echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini" >> /etc/systemd/system/bdsmail.service
-    echo 'Restart=always' >> /etc/systemd/system/bdsmail.service
-    echo 'Environment="USER=i2psvc"' >> /etc/systemd/system/bdsmail.service
-    echo '' >> /etc/systemd/system/bdsmail.service
-    echo '[Install]' >> /etc/systemd/system/bdsmail.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/bdsmail.service
+    { echo '[Unit]';
+      echo 'Description=bdsmail';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=i2psvc';
+      echo 'Group=i2psvc';
+      echo "WorkingDirectory=$BDSMAIL_DIR";
+      echo "ExecStart=$BDSMAIL_DIR/bin/maild $BDSMAIL_DIR/config.ini";
+      echo 'Restart=always';
+      echo 'Environment="USER=i2psvc"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/bdsmail.service
 
-    echo '#!/usr/bin/env python2' > $BDSMAIL_DIR/get_address
-    echo 'import base64, hashlib, sys' >> $BDSMAIL_DIR/get_address
-    echo 'with open(sys.argv[1]) as f:' >> $BDSMAIL_DIR/get_address
-    echo "    print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")" >> $BDSMAIL_DIR/get_address
+    { echo '#!/usr/bin/env python2';
+      echo 'import base64, hashlib, sys';
+      echo 'with open(sys.argv[1]) as f:';
+      echo "    print(base64.b32encode(hashlib.sha256(base64.b64decode(f.read(516), '-~')).digest()).strip('=')+\".b32.i2p\")"; } > $BDSMAIL_DIR/get_address
     chmod +x $BDSMAIL_DIR/get_address
 
     chown -R i2psvc:i2psvc $BDSMAIL_DIR
     systemctl enable bdsmail
     systemctl start bdsmail
 
-    echo '#!/bin/bash' > /usr/bin/bdsmail_distribute
-    echo "BDSMAIL_DIR=$BDSMAIL_DIR" >> /usr/bin/bdsmail_distribute
-    echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')" >> /usr/bin/bdsmail_distribute
-    echo 'if [ ! -d $MAIL_DIR/postmaster/new ]; then' >> /usr/bin/bdsmail_distribute
-    echo '    exit 0' >> /usr/bin/bdsmail_distribute
-    echo 'fi' >> /usr/bin/bdsmail_distribute
-    echo 'for filename in $MAIL_DIR/postmaster/new/*; do' >> /usr/bin/bdsmail_distribute
-    echo '    to_line=$(cat $filename | grep "To: " | head -n 1)' >> /usr/bin/bdsmail_distribute
-    echo "    to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')" >> /usr/bin/bdsmail_distribute
-    echo '    if [ -d /home/$to_username/Maildir/i2p/new ]; then' >> /usr/bin/bdsmail_distribute
-    echo '        chown $to_username:$to_username $filename' >> /usr/bin/bdsmail_distribute
-    echo '        chmod 600 $filename' >> /usr/bin/bdsmail_distribute
-    echo '        mv $filename /home/$to_username/Maildir/i2p/new' >> /usr/bin/bdsmail_distribute
-    echo '    fi' >> /usr/bin/bdsmail_distribute
-    echo 'done' >> /usr/bin/bdsmail_distribute
+    { echo '#!/bin/bash';
+      echo "BDSMAIL_DIR=$BDSMAIL_DIR";
+      echo "MAIL_DIR=\$BDSMAIL_DIR/\$(cat \$BDSMAIL_DIR/config.ini | grep 'maildir =' | awk -F ' ' '{print \$3}')";
+      echo "if [ ! -d \$MAIL_DIR/postmaster/new ]; then";
+      echo '    exit 0';
+      echo 'fi';
+      echo "for filename in \$MAIL_DIR/postmaster/new/*; do";
+      echo "    to_line=\$(cat \$filename | grep \"To: \" | head -n 1)";
+      echo "    to_username=\$(echo \"\$to_line\" | awk -F ' ' '{print \$2}' | awk -F '@' '{print \$1}')";
+      echo "    if [ -d /home/\$to_username/Maildir/i2p/new ]; then";
+      echo "        chown \$to_username:\$to_username \$filename";
+      echo "        chmod 600 \$filename";
+      echo "        mv \$filename /home/\$to_username/Maildir/i2p/new";
+      echo '    fi';
+      echo 'done'; } > /usr/bin/bdsmail_distribute
     chmod +x /usr/bin/bdsmail_distribute
 
     if ! grep -q 'bdsmail_distribute' /etc/crontab; then
         cron_add_mins 1 '/usr/bin/bdsmail_distribute 2> /dev/null'
     fi
 
-    echo '#!/bin/bash' > /usr/bin/bdsmail_domain
-    echo "cd $BDSMAIL_DIR" >> /usr/bin/bdsmail_domain
-    echo 'if [ ! -f bdsmail-privkey.dat ]; then' >> /usr/bin/bdsmail_domain
-    echo '    exit 1' >> /usr/bin/bdsmail_domain
-    echo 'fi' >> /usr/bin/bdsmail_domain
-    echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'" >> /usr/bin/bdsmail_domain
+    { echo '#!/bin/bash';
+      echo "cd $BDSMAIL_DIR";
+      echo 'if [ ! -f bdsmail-privkey.dat ]; then';
+      echo '    exit 1';
+      echo 'fi';
+      echo "python2 get_address bdsmail-privkey.dat | tr '[:upper:]' '[:lower:]'"; } > /usr/bin/bdsmail_domain
     chmod +x /usr/bin/bdsmail_domain
 
     echo ''
@@ -422,7 +422,7 @@ function install_bdsmail {
 
     bdsmail_wait_for_key_generation
 
-    if [ ! $bds_domain ]; then
+    if [ ! "$bds_domain" ]; then
         systemctl stop bdsmail
         systemctl disable bdsmail
         remove_i2p
@@ -430,38 +430,38 @@ function install_bdsmail {
         exit 8934638
     fi
 
-    BDSMAIL_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a bdsmail -p "$BDSMAIL_PASSWORD"
-    cd $BDSMAIL_DIR
+    BDSMAIL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a bdsmail -p "$BDSMAIL_PASSWORD"
+    cd $BDSMAIL_DIR || exit 2346872427
     $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini admin $BDSMAIL_DIR/Maildir/i2p/admin "$BDSMAIL_PASSWORD"
 
     # Create mutt configuration
     if [ ! -d /etc/skel/.mutt ]; then
         mkdir /etc/skel/.mutt
     fi
-    echo 'set mbox_type=Maildir' > /etc/skel/.mutt/bdsmail
-    echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/" >> /etc/skel/.mutt/bdsmail
-    echo 'set use_from=yes' >> /etc/skel/.mutt/bdsmail
-    echo "set from=username@${bds_domain}" >> /etc/skel/.mutt/bdsmail
-    echo "set spoolfile=~/Maildir/i2p" >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_autoencrypt=no' >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_replyencrypt=no' >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_autosign=no' >> /etc/skel/.mutt/bdsmail
-    echo 'set pgp_replysign=no' >> /etc/skel/.mutt/bdsmail
+    { echo 'set mbox_type=Maildir';
+      echo "set smtp_url=smtp://username:password@127.0.0.1:$I2P_SMTP_PORT/";
+      echo 'set use_from=yes';
+      echo "set from=username@${bds_domain}";
+      echo "set spoolfile=~/Maildir/i2p";
+      echo 'set pgp_autoencrypt=no';
+      echo 'set pgp_replyencrypt=no';
+      echo 'set pgp_autosign=no';
+      echo 'set pgp_replysign=no'; } > /etc/skel/.mutt/bdsmail
 
     # mutt configuration for the admin user
-    if [ ! -d /home/$MY_USERNAME/.mutt ]; then
-        mkdir /home/$MY_USERNAME/.mutt
+    if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then
+        mkdir "/home/$MY_USERNAME/.mutt"
     fi
-    cp /etc/skel/.mutt/bdsmail /home/$MY_USERNAME/.mutt
-    sed -i "s|username|$MY_USERNAME|g" /home/$MY_USERNAME/.mutt/bdsmail
-    sed -i "s|password|$BDSMAIL_PASSWORD|g" /home/$MY_USERNAME/.mutt/bdsmail
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
+    cp /etc/skel/.mutt/bdsmail "/home/$MY_USERNAME/.mutt"
+    sed -i "s|username|$MY_USERNAME|g" "/home/$MY_USERNAME/.mutt/bdsmail"
+    sed -i "s|password|$BDSMAIL_PASSWORD|g" "/home/$MY_USERNAME/.mutt/bdsmail"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt"
 
     bdsmail_configure_users
 
-    cd $BDSMAIL_DIR
-    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini $MY_USERNAME /home/$MY_USERNAME/Maildir/i2p "$BDSMAIL_PASSWORD"
+    cd $BDSMAIL_DIR || exit 2457245
+    $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$MY_USERNAME" "/home/$MY_USERNAME/Maildir/i2p" "$BDSMAIL_PASSWORD"
 
     APP_INSTALLED=1
 }
diff --git a/src/freedombone-app-cryptpad b/src/freedombone-app-cryptpad
index 1a3d7c4b..4f0731ca 100755
--- a/src/freedombone-app-cryptpad
+++ b/src/freedombone-app-cryptpad
@@ -101,7 +101,7 @@ function upgrade_cryptpad {
     function_check set_repo_commit
     set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
 
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 254724
     cryptpad_create_config
     npm upgrade
     npm install
@@ -156,7 +156,7 @@ function restore_local_cryptpad {
 }
 
 function backup_remote_cryptpad {
-    if grep -q "cryptpad domain" $COMPLETION_FILE; then
+    if grep -q "cryptpad domain" "$COMPLETION_FILE"; then
         temp_backup_dir=$CRYPTPAD_DIR/datastore
         if [ -d $temp_backup_dir ]; then
             systemctl stop cryptpad
@@ -226,7 +226,7 @@ function remove_cryptpad {
     remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
     remove_app cryptpad
     remove_completion_param install_cryptpad
-    sed -i '/cryptpad/d' $COMPLETION_FILE
+    sed -i '/cryptpad/d' "$COMPLETION_FILE"
 
     userdel -r cryptpad
 }
@@ -236,123 +236,123 @@ function cryptpad_create_config {
 
     cryptpad_prefix=
     if [[ "$cryptpad_install_type" == "mesh" ]]; then
-        cryptpad_prefix=$rootdir
+        # shellcheck disable=SC2154
+        cryptpad_prefix="$rootdir"
     fi
 
-    echo '/*@flow*/' > $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '/*' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '  globals module' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '*/' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo 'module.exports = {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        httpAddress: '::'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        httpHeaders: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "X-XSS-Protection": "1; mode=block",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "X-Content-Type-Options": "nosniff",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "Access-Control-Allow-Origin": "*"' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        contentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"style-src 'unsafe-inline' 'self' \" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"script-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"font-src 'self' data:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "child-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "frame-src blob: *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "media-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"connect-src 'self' ws: wss: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"img-src 'self' data: blob:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "frame-ancestors *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        padContentSecurity: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"default-src 'none'\"," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"style-src 'unsafe-inline' 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"font-src 'self'\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "child-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "frame-src *",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                \"connect-src 'self' ws: wss:\" + domain," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '                "img-src * blob:",' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        ].join('; ')," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        httpPort: ${CRYPTPAD_PORT}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        // This is for allowing the cross-domain iframe to function when developing' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        httpSafePort: ${CRYPTPAD_PORT2}," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        websocketPath: '/cryptpad_websocket'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        logToStdout: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        verbose: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        mainPages: [' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "                'index'" >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        ],' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        removeDonateButton: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        allowSubscriptions: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+    { echo '/*@flow*/';
+      echo '/*';
+      echo '  globals module';
+      echo '*/';
+      echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
+      echo 'module.exports = {';
+      echo "        httpAddress: '::',";
+      echo '        httpHeaders: {';
+      echo '                "X-XSS-Protection": "1; mode=block",';
+      echo '                "X-Content-Type-Options": "nosniff",';
+      echo '                "Access-Control-Allow-Origin": "*"';
+      echo '        },';
+      echo '';
+      echo '        contentSecurity: [';
+      echo "                \"default-src 'none'\",";
+      echo "                \"style-src 'unsafe-inline' 'self' \" + domain,";
+      echo "                \"script-src 'self'\" + domain,";
+      echo "                \"font-src 'self' data:\" + domain,";
+      echo '';
+      echo '                "child-src blob: *",';
+    echo '                "frame-src blob: *",';
+    echo '                "media-src * blob:",';
+    echo '';
+    echo "                \"connect-src 'self' ws: wss: blob:\" + domain,";
+    echo '';
+    echo "                \"img-src 'self' data: blob:\" + domain,";
+    echo '';
+    echo '                "frame-ancestors *",';
+    echo "        ].join('; '),";
+    echo '';
+    echo '        padContentSecurity: [';
+    echo "                \"default-src 'none'\",";
+    echo "                \"style-src 'unsafe-inline' 'self'\" + domain,";
+    echo "                \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
+    echo "                \"font-src 'self'\" + domain,";
+    echo '';
+    echo '                "child-src *",';
+    echo '                "frame-src *",';
+    echo '';
+    echo "                \"connect-src 'self' ws: wss:\" + domain,";
+    echo '';
+    echo '                "img-src * blob:",';
+    echo "        ].join('; '),";
+    echo '';
+    echo "        httpPort: ${CRYPTPAD_PORT},";
+    echo '';
+    echo '        // This is for allowing the cross-domain iframe to function when developing';
+    echo "        httpSafePort: ${CRYPTPAD_PORT2},";
+    echo '';
+    echo "        websocketPath: '/cryptpad_websocket',";
+    echo '';
+    echo '        logToStdout: false,';
+    echo '';
+    echo '        verbose: false,';
+    echo '';
+    echo '        mainPages: [';
+    echo "                'index'";
+    echo '        ],';
+    echo '';
+    echo '        removeDonateButton: true,';
+    echo '        allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     if [[ "$cryptpad_install_type" == "mesh" ]]; then
-        echo "        myDomain: 'http://P${PEER_ID}.local'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+        echo "        myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     else
         CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
-        echo "        myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+        echo "        myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     fi
-    echo '        defaultStorageLimit: 50 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        customLimits: {' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        },' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        adminEmail: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        storage: './storage/file'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "       filePath: './datastore/'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        pinPath: './pins'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        blobPath: './blob'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        blobStagingPath: './blobstage'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        channelExpirationMs: 30000,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        openFileLimit: 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo "        rpc: './rpc.js'," >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        suppressRPCErrors: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        enableUploads: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        //restrictUploads: false,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        maxUploadSize: 20 * 1024 * 1024,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        //logFeedback: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '        //logRPC: true,' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
-    echo '};' >> $cryptpad_prefix$CRYPTPAD_DIR/config.js
+    { echo '        defaultStorageLimit: 50 * 1024 * 1024,';
+      echo '';
+      echo '        customLimits: {';
+      echo '        },';
+      echo '';
+      echo '        adminEmail: false,';
+      echo '';
+      echo "        storage: './storage/file',";
+      echo '';
+      echo "       filePath: './datastore/',";
+      echo "        pinPath: './pins',";
+      echo "        blobPath: './blob',";
+      echo "        blobStagingPath: './blobstage',";
+      echo '        channelExpirationMs: 30000,';
+      echo '        openFileLimit: 1024,';
+      echo "        rpc: './rpc.js',";
+      echo '        suppressRPCErrors: false,';
+      echo '        enableUploads: true,';
+      echo '        //restrictUploads: false,';
+      echo '        maxUploadSize: 20 * 1024 * 1024,';
+      echo '        //logFeedback: true,';
+      echo '        //logRPC: true,';
+      echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
 
     if [[ "$cryptpad_install_type" != "mesh" ]]; then
-        chown cryptpad:cryptpad $cryptpad_prefix$CRYPTPAD_DIR/config.js
+        chown cryptpad:cryptpad "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
     else
         chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
     fi
 }
 
 function mesh_install_cryptpad {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi
 
-    if [ ! -d $rootdir/var/www/cryptpad ]; then
-        mkdir $rootdir/var/www/cryptpad
+    if [ ! -d "$rootdir/var/www/cryptpad" ]; then
+        mkdir "$rootdir/var/www/cryptpad"
     fi
-    if [ -d $rootdir$CRYPTPAD_DIR ]; then
-        rm -rf $rootdir$CRYPTPAD_DIR
+    if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
+        rm -rf "$rootdir$CRYPTPAD_DIR"
     fi
 
-    git_clone $CRYPTPAD_REPO $rootdir$CRYPTPAD_DIR
+    git_clone "$CRYPTPAD_REPO" "$rootdir$CRYPTPAD_DIR"
 
-    if [ ! -d $rootdir$CRYPTPAD_DIR ]; then
+    if [ ! -d "$rootdir$CRYPTPAD_DIR" ]; then
         echo $'Unable to clone cryptpad repo'
         exit 783251
     fi
@@ -360,94 +360,94 @@ function mesh_install_cryptpad {
     # an unprivileged user to run as
     chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
 
-    cd $rootdir$CRYPTPAD_DIR
-    git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
+    cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
+    git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
 
     chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
     cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
-    echo 'server {' > $cryptpad_nginx_site
-    echo "  listen 80 default_server;" >> $cryptpad_nginx_site
-    echo "  server_name P${PEER_ID}.local;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Logs' >> $cryptpad_nginx_site
-    echo '  access_log /dev/null;' >> $cryptpad_nginx_site
-    echo '  error_log /dev/null;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Root' >> $cryptpad_nginx_site
-    echo "  root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  index index.html;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
-    echo '  add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
-    echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
-    echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Host $host;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '    # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
-    echo '    proxy_http_version 1.1;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
+    { echo 'server {';
+      echo "  listen 80 default_server;";
+      echo "  server_name P${PEER_ID}.local;";
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root $CRYPTPAD_DIR;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '';
+      echo "  if (\$uri = /pad/inner.html) {";
+      echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
+      echo '  }';
+      echo '';
+      echo '  location = /cryptpad_websocket {';
+      echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # WebSocket support (nginx 1.4)';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '';
 
-    echo '  location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
-    echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location ^~ /customize/ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
-    echo '    try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location = /api/config {' >> $cryptpad_nginx_site
-    echo '    default_type text/javascript;' >> $cryptpad_nginx_site
-    echo '    rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /blob/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /login/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /about.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /contact.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
-    echo '}' >> $cryptpad_nginx_site
+      echo '  location ^~ /customize.dist/ {';
+      echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root';
+      echo '  }';
+      echo '  location ^~ /customize/ {';
+      echo "    rewrite ^/customize/(.*)\$ \$1 break;";
+      echo "    try_files /customize/\$uri /customize.dist/\$uri;";
+      echo '  }';
+      echo '  location = /api/config {';
+      echo '    default_type text/javascript;';
+      echo '    rewrite ^.*$ /customize/api/config break;';
+      echo '  }';
+      echo '';
+      echo '  location ^~ /blob/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /register/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /login/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /about.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /contact.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /what-is-cryptpad.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
+      echo "    rewrite ^(.*)\$ \$1/ redirect;";
+      echo '  }';
+      echo '';
+      echo "  try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
+      echo '}'; } > "$cryptpad_nginx_site"
 
-    cd $rootdir$CRYPTPAD_DIR
+    cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
 
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_cryptpad
+    cat <<EOF > "$rootdir/usr/bin/install_cryptpad"
 #!/bin/bash
 cd $CRYPTPAD_DIR
 npm install --arch=$NPM_ARCH --build-from-source
@@ -456,37 +456,37 @@ chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 su -c 'bower install' - cryptpad
 cp config.example.js config.js
 EOF
-    chmod +x $rootdir/usr/bin/install_cryptpad
+    chmod +x "$rootdir/usr/bin/install_cryptpad"
     chroot "$rootdir" /usr/bin/install_cryptpad
 
-    if [ ! -f $rootdir$CRYPTPAD_DIR/config.js ]; then
+    if [ ! -f "$rootdir$CRYPTPAD_DIR/config.js" ]; then
         echo $'Cryptpad config file not found'
         exit 628252
     fi
 
-    rm $rootdir/usr/bin/install_cryptpad
+    rm "$rootdir/usr/bin/install_cryptpad"
 
     cryptpad_create_config mesh
 
     chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
     # daemon
-    echo '[Unit]' > $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Description=Cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'User=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Group=cryptpad' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo "WorkingDirectory=$CRYPTPAD_DIR" >> $rootdir/etc/systemd/system/cryptpad.service
-    echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Environment=NODE_ENV=production' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/cryptpad.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/cryptpad.service
+    { echo '[Unit]';
+      echo 'Description=Cryptpad';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=cryptpad';
+      echo 'Group=cryptpad';
+      echo "WorkingDirectory=$CRYPTPAD_DIR";
+      echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
+      echo 'Environment=PATH=/usr/bin:/usr/local/bin';
+      echo 'Environment=NODE_ENV=production';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
     chroot "$rootdir" systemctl enable cryptpad.service
 }
 
@@ -505,7 +505,7 @@ function install_cryptpad_main {
     if [ -d /repos/cryptpad ]; then
         mkdir $CRYPTPAD_DIR
         cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
-        cd $CRYPTPAD_DIR
+        cd $CRYPTPAD_DIR || exit 3468356385
         git pull
     else
         function_check git_clone
@@ -520,7 +520,7 @@ function install_cryptpad_main {
     # an unprivileged user to run as
     useradd -d $CRYPTPAD_DIR/ cryptpad
 
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 34683655
     git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
     set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
 
@@ -529,87 +529,87 @@ function install_cryptpad_main {
     CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
 
     cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
-    echo 'server {' > $cryptpad_nginx_site
-    echo "  listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;" >> $cryptpad_nginx_site
-    echo "  server_name $CRYPTPAD_ONION_HOSTNAME;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Logs' >> $cryptpad_nginx_site
-    echo '  access_log /dev/null;' >> $cryptpad_nginx_site
-    echo '  error_log /dev/null;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  # Root' >> $cryptpad_nginx_site
-    echo "  root $CRYPTPAD_DIR;" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  index index.html;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  if ($args ~ ver=) {' >> $cryptpad_nginx_site
-    echo '      set $cacheControl max-age=31536000;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  add_header Cache-Control $cacheControl;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> $cryptpad_nginx_site
-    echo '  add_header X-Content-Type-Options nosniff;' >> $cryptpad_nginx_site
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  if ($uri = /pad/inner.html) {' >> $cryptpad_nginx_site
-    echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
-    echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Host $host;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '    # WebSocket support (nginx 1.4)' >> $cryptpad_nginx_site
-    echo '    proxy_http_version 1.1;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $cryptpad_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
+      echo "  server_name $CRYPTPAD_ONION_HOSTNAME;";
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root $CRYPTPAD_DIR;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo "  if (\$args ~ ver=) {";
+      echo "      set \$cacheControl max-age=31536000;";
+      echo '  }';
+      echo "  add_header Cache-Control \$cacheControl;";
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '';
+      echo "  if (\$uri = /pad/inner.html) {";
+      echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
+      echo '  }';
+      echo '';
+      echo '  location = /cryptpad_websocket {';
+      echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # WebSocket support (nginx 1.4)';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '';
 
-    echo '  location ^~ /customize.dist/ {' >> $cryptpad_nginx_site
-    echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location ^~ /customize/ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^/customize/(.*)$ $1 break;' >> $cryptpad_nginx_site
-    echo '    try_files /customize/$uri /customize.dist/$uri;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '  location = /api/config {' >> $cryptpad_nginx_site
-    echo '    default_type text/javascript;' >> $cryptpad_nginx_site
-    echo '    rewrite ^.*$ /customize/api/config break;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /blob/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /login/ {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /about.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /contact.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ^~ /what-is-cryptpad.html {' >> $cryptpad_nginx_site
-    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
-    echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
-    echo '  }' >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
-    echo '  try_files /www/$uri /www/$uri/index.html /customize/$uri;' >> $cryptpad_nginx_site
-    echo '}' >> $cryptpad_nginx_site
+      echo '  location ^~ /customize.dist/ {';
+      echo '    # This is needed in order to prevent infinite recursion between /customize/ and the root';
+      echo '  }';
+      echo '  location ^~ /customize/ {';
+      echo "    rewrite ^/customize/(.*)\$ \$1 break;";
+      echo "    try_files /customize/\$uri /customize.dist/\$uri;";
+      echo '  }';
+      echo '  location = /api/config {';
+      echo '    default_type text/javascript;';
+      echo '    rewrite ^.*$ /customize/api/config break;';
+      echo '  }';
+      echo '';
+      echo '  location ^~ /blob/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /register/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /login/ {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /about.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /contact.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ^~ /what-is-cryptpad.html {';
+      echo "    try_files \$uri =404;";
+      echo '  }';
+      echo '';
+      echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
+      echo "    rewrite ^(.*)\$ \$1/ redirect;";
+      echo '  }';
+      echo '';
+      echo "  try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
+      echo '}'; } > $cryptpad_nginx_site
 
     function_check nginx_ensite
     nginx_ensite cryptpad
@@ -623,7 +623,7 @@ function install_cryptpad {
 
     install_cryptpad_main
 
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 35483548
 
     npm install
     npm install -g bower@1.8.0
@@ -639,22 +639,22 @@ function install_cryptpad {
     chown -R cryptpad:cryptpad $CRYPTPAD_DIR
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/cryptpad.service
-    echo 'Description=Cryptpad' >> /etc/systemd/system/cryptpad.service
-    echo 'After=syslog.target' >> /etc/systemd/system/cryptpad.service
-    echo 'After=network.target' >> /etc/systemd/system/cryptpad.service
-    echo '' >> /etc/systemd/system/cryptpad.service
-    echo '[Service]' >> /etc/systemd/system/cryptpad.service
-    echo 'User=cryptpad' >> /etc/systemd/system/cryptpad.service
-    echo 'Group=cryptpad' >> /etc/systemd/system/cryptpad.service
-    echo "WorkingDirectory=$CRYPTPAD_DIR" >> /etc/systemd/system/cryptpad.service
-    echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js" >> /etc/systemd/system/cryptpad.service
-    echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/cryptpad.service
-    echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/cryptpad.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/cryptpad.service
-    echo '' >> /etc/systemd/system/cryptpad.service
-    echo '[Install]' >> /etc/systemd/system/cryptpad.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/cryptpad.service
+    { echo '[Unit]';
+      echo 'Description=Cryptpad';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=cryptpad';
+      echo 'Group=cryptpad';
+      echo "WorkingDirectory=$CRYPTPAD_DIR";
+      echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
+      echo 'Environment=PATH=/usr/bin:/usr/local/bin';
+      echo 'Environment=NODE_ENV=production';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
     systemctl enable cryptpad.service
     systemctl daemon-reload
     systemctl start cryptpad.service
@@ -664,7 +664,7 @@ function install_cryptpad {
     cryptpad_generate_api_config
 
     # install again
-    cd $CRYPTPAD_DIR
+    cd $CRYPTPAD_DIR || exit 73537453
     su -c 'bower install' - cryptpad
 
     systemctl restart nginx
diff --git a/src/freedombone-app-dlna b/src/freedombone-app-dlna
index 0d44a44f..ab06378f 100755
--- a/src/freedombone-app-dlna
+++ b/src/freedombone-app-dlna
@@ -49,24 +49,27 @@ function logging_off_dlna {
 function configure_interactive_dlna {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Media Menu" \
                --radiolist $"Choose an operation:" 13 70 3 \
                1 $"Attach a drive containing playable media" off \
                2 $"Remove a drive containing playable media" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
         case $(cat $data) in
             1) attach-music;;
             2) remove-music;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -95,19 +98,19 @@ function configure_firewall_for_dlna {
     firewall_add DLNA 1900 udp
     firewall_add DLNA 8200 tcp
 
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/dlna.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/dlna.service
-    echo '<service-group>' >> /etc/avahi/services/dlna.service
-    echo '  <name replace-wildcards="yes">%h DLNA</name>' >> /etc/avahi/services/dlna.service
-    echo '  <service>' >> /etc/avahi/services/dlna.service
-    echo '    <type>_dlna._tcp</type>' >> /etc/avahi/services/dlna.service
-    echo "    <port>8200</port>" >> /etc/avahi/services/dlna.service
-    echo '  </service>' >> /etc/avahi/services/dlna.service
-    echo '  <service>' >> /etc/avahi/services/dlna.service
-    echo '    <type>_dlna._udp</type>' >> /etc/avahi/services/dlna.service
-    echo "    <port>1900</port>" >> /etc/avahi/services/dlna.service
-    echo '  </service>' >> /etc/avahi/services/dlna.service
-    echo '</service-group>' >> /etc/avahi/services/dlna.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h DLNA</name>';
+      echo '  <service>';
+      echo '    <type>_dlna._tcp</type>';
+      echo "    <port>8200</port>";
+      echo '  </service>';
+      echo '  <service>';
+      echo '    <type>_dlna._udp</type>';
+      echo "    <port>1900</port>";
+      echo '  </service>';
+      echo '</service-group>'; } > /etc/avahi/services/dlna.service
 
     systemctl restart avahi-daemon
 
@@ -125,7 +128,7 @@ function backup_local_dlna {
 
 function restore_local_dlna {
     if [ -d /var/cache/minidlna ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/dlna ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/dlna" ]; then
             echo $"Restoring DLNA cache"
             temp_restore_dir=/root/tempdlna
             function_check restore_directory_from_usb
@@ -135,6 +138,7 @@ function restore_local_dlna {
             else
                 cp -r $temp_restore_dir/* /var/cache/minidlna/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
@@ -156,7 +160,7 @@ function backup_remote_dlna {
 
 function restore_remote_dlna {
     if [ -d /var/cache/minidlna ]; then
-        if [ -d $SERVER_DIRECTORY/backup/dlna ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/dlna" ]; then
             temp_restore_dir=/root/tempdlna
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir dlna
@@ -165,6 +169,7 @@ function restore_remote_dlna {
             else
                 cp -r $temp_restore_dir/* /var/cache/minidlna/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 982
             fi
@@ -201,7 +206,7 @@ function install_dlna_main {
         exit 55
     fi
 
-    if [ ! $USB_MOUNT_DLNA ]; then
+    if [ ! "$USB_MOUNT_DLNA" ]; then
         USB_MOUNT_DLNA=/mnt/dlna
     fi
     if [ ${#USB_MOUNT_DLNA} -eq 0 ]; then
@@ -242,7 +247,7 @@ function install_dlna_main {
     systemctl reload minidlna
 
     sed -i 's/fs.inotify.max_user_watches*/fs.inotify.max_user_watches=65536/g' /etc/sysctl.conf
-    if ! grep -q "max_user_watches" $COMPLETION_FILE; then
+    if ! grep -q "max_user_watches" "$COMPLETION_FILE"; then
         echo 'fs.inotify.max_user_watches=65536' >> /etc/sysctl.conf
     fi
     /sbin/sysctl -p -q
@@ -256,37 +261,37 @@ function script_for_attaching_usb_drive {
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
-    echo '#!/bin/bash' > /usr/bin/attach-music
-    echo "source /usr/local/bin/${PROJECT_NAME}-vars" >> /usr/bin/attach-music
-    echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*" >> /usr/bin/attach-music
-    echo '' >> /usr/bin/attach-music
-    echo 'for f in $UTILS_FILES' >> /usr/bin/attach-music
-    echo 'do' >> /usr/bin/attach-music
-    echo '    source $f' >> /usr/bin/attach-music
-    echo 'done' >> /usr/bin/attach-music
-    echo '' >> /usr/bin/attach-music
-    echo 'USB_DRIVE=/dev/sda1' >> /usr/bin/attach-music
-    echo 'detect_usb_drive' >> /usr/bin/attach-music
-    echo '' >> /usr/bin/attach-music
-    echo 'remove-music' >> /usr/bin/attach-music
-    echo "if [ ! -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/attach-music
-    echo "    mkdir $USB_MOUNT_DLNA" >> /usr/bin/attach-music
-    echo 'fi' >> /usr/bin/attach-music
-    echo -n 'mount $USB_DRIVE ' >> /usr/bin/attach-music
-    echo "$USB_MOUNT_DLNA" >> /usr/bin/attach-music
-    echo "chown root:root $USB_MOUNT_DLNA" >> /usr/bin/attach-music
-    echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*" >> /usr/bin/attach-music
-    echo 'systemctl restart minidlna' >> /usr/bin/attach-music
-    echo 'minidlnad -R' >> /usr/bin/attach-music
-    echo 'exit 0' >> /usr/bin/attach-music
+    { echo '#!/bin/bash';
+      echo "source /usr/local/bin/${PROJECT_NAME}-vars";
+      echo "UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*";
+      echo '';
+      echo "for f in \$UTILS_FILES";
+      echo 'do';
+      echo "    source \$f";
+      echo 'done';
+      echo '';
+      echo 'USB_DRIVE=/dev/sda1';
+      echo 'detect_usb_drive';
+      echo '';
+      echo 'remove-music';
+      echo "if [ ! -d $USB_MOUNT_DLNA ]; then";
+      echo "    mkdir $USB_MOUNT_DLNA";
+      echo 'fi';
+      echo -n "mount \$USB_DRIVE ";
+      echo "$USB_MOUNT_DLNA";
+      echo "chown root:root $USB_MOUNT_DLNA";
+      echo "chown -R minidlna:minidlna $USB_MOUNT_DLNA/*";
+      echo 'systemctl restart minidlna';
+      echo 'minidlnad -R';
+      echo 'exit 0'; } > /usr/bin/attach-music
     chmod +x /usr/bin/attach-music
 
-    echo '#!/bin/bash' > /usr/bin/remove-music
-    echo "if [ -d $USB_MOUNT_DLNA ]; then" >> /usr/bin/remove-music
-    echo "  umount $USB_MOUNT_DLNA" >> /usr/bin/remove-music
-    echo "  rm -rf $USB_MOUNT_DLNA" >> /usr/bin/remove-music
-    echo 'fi' >> /usr/bin/remove-music
-    echo 'exit 0' >> /usr/bin/remove-music
+    { echo '#!/bin/bash';
+      echo "if [ -d $USB_MOUNT_DLNA ]; then";
+      echo "  umount $USB_MOUNT_DLNA";
+      echo "  rm -rf $USB_MOUNT_DLNA";
+      echo 'fi';
+      echo 'exit 0'; } > /usr/bin/remove-music
     chmod +x /usr/bin/remove-music
 
     mark_completed "${FUNCNAME[0]}"
diff --git a/src/freedombone-app-dokuwiki b/src/freedombone-app-dokuwiki
index 3258cf2c..c998fbe7 100755
--- a/src/freedombone-app-dokuwiki
+++ b/src/freedombone-app-dokuwiki
@@ -75,18 +75,18 @@ function change_password_dokuwiki {
     new_user_password="$2"
 
     DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
-    if grep -q "$curr_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
+    if grep -q "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
         HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-        existing_user=$(cat /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php | grep "$curr_username:" | hean -n 1)
+        existing_user=$(grep "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" | hean -n 1)
         if [[ "$existing_user" == *":admin,"* ]]; then
             sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
         else
             sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
         fi
-        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-        ${PROJECT_NAME}-pass -u $curr_username -a dokuwiki -p "$new_user_password"
+        cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+        chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+        chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+        "${PROJECT_NAME}-pass" -u "$curr_username" -a dokuwiki -p "$new_user_password"
     fi
 }
 
@@ -96,21 +96,21 @@ function add_user_dokuwiki {
 
     DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
     HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
-    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    ${PROJECT_NAME}-pass -u "$new_username" -a dokuwiki -p "$new_user_password"
+    echo "$new_username:$HASHED_DOKUWIKI_PASSWORD:$new_username:$new_username@$HOSTNAME:user,upload" >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a dokuwiki -p "$new_user_password"
 }
 
 function remove_user_dokuwiki {
     remove_username="$1"
 
     read_config_param "DOKUWIKI_DOMAIN_NAME"
-    if grep -q "$remove_username:" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php; then
-        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-        sed -i "/$remove_username:/d" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-        ${PROJECT_NAME}-pass -u "$remove_username" --rmapp dokuwiki
+    if grep -q "$remove_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"; then
+        sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+        sed -i "/$remove_username:/d" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+        "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp dokuwiki
     fi
 }
 
@@ -120,7 +120,7 @@ function reconfigure_dokuwiki {
 
 function upgrade_dokuwiki {
     function_check set_repo_commit
-    set_repo_commit /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
+    set_repo_commit "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" "dokuwiki commit" "$DOKUWIKI_COMMIT" $DOKUWIKI_REPO
 }
 
 function backup_local_dokuwiki {
@@ -129,18 +129,18 @@ function backup_local_dokuwiki {
     function_check backup_directory_to_usb
 
     # backup the data
-    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
+    if [ -d "$source_directory" ]; then
         dest_directory=dokuwikidat
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
     fi
 
     # backup the users
-    source_directory=/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl"
+    if [ -d "$source_directory" ]; then
         dest_directory=dokuwikiacl
-        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        backup_directory_to_usb $source_directory $dest_directory
+        cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        backup_directory_to_usb "$source_directory" "$dest_directory"
     fi
 }
 
@@ -153,11 +153,12 @@ function restore_local_dokuwiki {
     temp_restore_dir=/root/tempdokuwikidat
     function_check restore_directory_from_usb
     restore_directory_from_usb ${temp_restore_dir} dokuwikidat
-    if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data ]; then
-        cp -r ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+    if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data" ]; then
+        cp -r "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
     else
-        cp -r ${temp_restore_dir}/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+        cp -r "${temp_restore_dir}/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         function_check restore_directory_from_usb
         set_user_permissions
@@ -172,13 +173,14 @@ function restore_local_dokuwiki {
     temp_restore_dir=/root/tempdokuwikiacl
     function_check restore_directory_from_usb
     restore_directory_from_usb ${temp_restore_dir} dokuwikiacl
-    if [ -d ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl ]; then
-        cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        cp ${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
+    if [ -d "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl" ]; then
+        cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        cp "${temp_restore_dir}/var/www/${DOKUWIKI_DOMAIN_NAME}/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
     else
-        cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        cp ${temp_restore_dir}/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/
+        cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        cp "${temp_restore_dir}/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/"
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         function_check restore_directory_from_usb
         set_user_permissions
@@ -189,21 +191,21 @@ function restore_local_dokuwiki {
     fi
     rm -rf ${temp_restore_dir}
 
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
-    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
+    chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
     echo $"Restore of Dokuwiki complete"
 }
 
 function backup_remote_dokuwiki {
     DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")
-    if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then
+    if [ -d "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" ]; then
         echo $"Backing up dokuwiki"
-        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data dokuwikidat
-        cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
-        backup_directory_to_friend /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl dokuwikiacl
+        backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" dokuwikidat
+        cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users*.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
+        backup_directory_to_friend "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" dokuwikiacl
     fi
 }
 
@@ -212,15 +214,16 @@ function restore_remote_dokuwiki {
     function_check get_completion_param
     function_check restore_directory_from_friend
 
-    if [ -d $SERVER_DIRECTORY/backup/dokuwikidat ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/dokuwikidat" ]; then
         echo $"Restoring Dokuwiki data for $DOKUWIKI_DOMAIN_NAME"
         temp_restore_dir=/root/tempdokuwikidat
         restore_directory_from_friend $temp_restore_dir dokuwikidat
-        if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data ]; then
-            cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
+        if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data" ]; then
+            cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
         else
-            cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/
+            cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 92634
         fi
@@ -229,15 +232,16 @@ function restore_remote_dokuwiki {
         echo $"Restore of Dokuwiki data complete"
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/dokuwikiacl ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/dokuwikiacl" ]; then
         echo $"Restoring Dokuwiki users for $DOKUWIKI_DOMAIN_NAME"
         temp_restore_dir=/root/tempdokuwikiacl
         restore_directory_from_friend $temp_restore_dir dokuwikiacl
-        if [ -d $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl ]; then
-            cp -r $temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
+        if [ -d "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl" ]; then
+            cp -r "$temp_restore_dir/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/*" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
         else
-            cp -r $temp_restore_dir/* /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/
+            cp -r $temp_restore_dir/* "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 735287
         fi
@@ -246,11 +250,11 @@ function restore_remote_dokuwiki {
         echo $"Restore of Dokuwiki users complete"
     fi
 
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib
-    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/data"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data/lib"
+    chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
 }
 
 function remove_dokuwiki {
@@ -259,13 +263,13 @@ function remove_dokuwiki {
     fi
     function_check remove_onion_service
     remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT}
-    nginx_dissite $DOKUWIKI_DOMAIN_NAME
-    remove_certs $DOKUWIKI_DOMAIN_NAME
-    if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_dissite "$DOKUWIKI_DOMAIN_NAME"
+    remove_certs "$DOKUWIKI_DOMAIN_NAME"
+    if [ -f "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
-        rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME
+    if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$DOKUWIKI_DOMAIN_NAME"
     fi
     if [ -d /var/lib/dokuwiki ]; then
         rm -rf /var/lib/dokuwiki
@@ -278,14 +282,14 @@ function remove_dokuwiki {
     fi
     remove_completion_param "install_dokuwiki"
     remove_completion_param "dokuwiki domain"
-    sed -i '/dokuwiki/d' $COMPLETION_FILE
+    sed -i '/dokuwiki/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $DOKUWIKI_DOMAIN_NAME
+    remove_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
 }
 
 function install_dokuwiki {
-    if [ ! $DOKUWIKI_DOMAIN_NAME ]; then
+    if [ ! "$DOKUWIKI_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -293,25 +297,25 @@ function install_dokuwiki {
     apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
     apt-get -yq install php-memcached memcached
 
-    if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then
-        mkdir /var/www/$DOKUWIKI_DOMAIN_NAME
+    if [ ! -d "/var/www/$DOKUWIKI_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME"
     fi
 
-    if [ ! -f /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php ]; then
-        cd /var/www/$DOKUWIKI_DOMAIN_NAME
+    if [ ! -f "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/install.php" ]; then
+        cd "/var/www/$DOKUWIKI_DOMAIN_NAME" || exit 23468246824
 
         if [ -d /repos/dokuwiki ]; then
-            mkdir /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-            cp -r -p /repos/dokuwiki/. /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-            cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/dokuwiki/. "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
+            cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 24687462
             git pull
         else
             function_check git_clone
-            git_clone $DOKUWIKI_REPO /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
+            git_clone "$DOKUWIKI_REPO" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
         fi
 
-        cd /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-        git checkout $DOKUWIKI_COMMIT -b $DOKUWIKI_COMMIT
+        cd "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs" || exit 38368832
+        git checkout "$DOKUWIKI_COMMIT" -b "$DOKUWIKI_COMMIT"
         set_completion_param "dokuwiki commit" "$DOKUWIKI_COMMIT"
 
     fi
@@ -322,40 +326,40 @@ function install_dokuwiki {
         echo $'Removed Apache installation after Dokuwiki install'
     fi
 
-    echo '<?php' > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['title'] = '${DOKUWIKI_TITLE}';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['lang'] = 'en';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['license'] = 'cc-by-sa';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['useacl'] = 1;" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['superuser'] = '@admin';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    echo "\$conf['disableactions'] = 'register';" >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    ln -s /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php
+    { echo '<?php';
+      echo "\$conf['title'] = '${DOKUWIKI_TITLE}';";
+      echo "\$conf['lang'] = 'en';";
+      echo "\$conf['license'] = 'cc-by-sa';";
+      echo "\$conf['useacl'] = 1;";
+      echo "\$conf['superuser'] = '@admin';";
+      echo "\$conf['disableactions'] = 'register';"; } > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
+    ln -s "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/local.php"
 
-    chmod 600 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php
-    chown -R www-data:www-data /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib
-    chmod -R 755 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data
+    chmod 600 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/local.php"
+    chown -R www-data:www-data "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib"
+    chmod -R 755 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/data"
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        DOKUWIKI_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $DOKUWIKI_ADMIN_PASSWORD ]; then
-            DOKUWIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$DOKUWIKI_ADMIN_PASSWORD" ]; then
+            DOKUWIKI_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
     HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
-    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
-    cp /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php
-    chmod 640 /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+    echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
+    cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
+    chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
 
-    if ! grep -q "video/ogg" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'ogv     video/ogg' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
+    if ! grep -q "video/ogg" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
+        echo 'ogv     video/ogg' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
     fi
-    if ! grep -q "video/mp4" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'mp4     video/mp4' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
+    if ! grep -q "video/mp4" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
+        echo 'mp4     video/mp4' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
     fi
-    if ! grep -q "video/webm" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf; then
-        echo 'webm    video/webm' >> /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf
+    if ! grep -q "video/webm" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"; then
+        echo 'webm    video/webm' >> "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/mime.conf"
     fi
 
     DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})
@@ -363,178 +367,178 @@ function install_dokuwiki {
 
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $DOKUWIKI_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    server_name $DOKUWIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_http_redirect "$DOKUWIKI_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
+          echo "    server_name $DOKUWIKI_DOMAIN_NAME;";
+          echo '    access_log /dev/null;';
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $DOKUWIKI_DOMAIN_NAME
+        nginx_ssl "$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security "max-age=0;";';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $DOKUWIKI_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $DOKUWIKI_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '      deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        fastcgi_read_timeout 30;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    #deny access to store';
+          echo '    location ~ /store {';
+          echo '        deny all;';
+          echo '    }';
+          echo '    location ~ /(data|conf|bin|inc)/ {';
+          echo '      deny all;';
+          echo '    }';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     else
-        echo -n '' > /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    server_name $DOKUWIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;";
+      echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;";
+      echo "    server_name $DOKUWIKI_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.php;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $DOKUWIKI_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+    { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+      echo '    }';
+      echo '';
+      echo '    # statically serve these file types when possible';
+      echo '    # otherwise fall back to front controller';
+      echo '    # allow browser to cache them';
+      echo '    # added .htm for advanced source code editor library';
+      echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+      echo '        expires 30d;';
+      echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+      echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $DOKUWIKI_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
+    nginx_limits "$DOKUWIKI_DOMAIN_NAME"
+    { echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.php;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_index index.php;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
 
     function_check create_site_certificate
-    create_site_certificate $DOKUWIKI_DOMAIN_NAME 'yes'
+    create_site_certificate "$DOKUWIKI_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
 
-    nginx_ensite $DOKUWIKI_DOMAIN_NAME
+    nginx_ensite "$DOKUWIKI_DOMAIN_NAME"
 
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
     function_check add_ddns_domain
-    add_ddns_domain $DOKUWIKI_DOMAIN_NAME
+    add_ddns_domain "$DOKUWIKI_DOMAIN_NAME"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a dokuwiki -p "$DOKUWIKI_ADMIN_PASSWORD"
 
     APP_INSTALLED=1
 }
diff --git a/src/freedombone-app-edith b/src/freedombone-app-edith
index 89b4e829..7abd6cbb 100755
--- a/src/freedombone-app-edith
+++ b/src/freedombone-app-edith
@@ -50,12 +50,12 @@ edith_variables=(MY_USERNAME
 function remove_bad_links_edith {
     read_config_param EDITH_DOMAIN_NAME
 
-    edith_dir=/var/www/$EDITH_DOMAIN_NAME/htdocs
+    edith_dir="/var/www/$EDITH_DOMAIN_NAME/htdocs"
 
     # copy jquery locally
     jquery_version='1.12.4'
     if [ ! -f $edith_dir/jquery-${jquery_version}.js ]; then
-        cd $edith_dir
+        cd $edith_dir || exit 246824628
         wget https://code.jquery.com/jquery-${jquery_version}.js
         if [ -f $edith_dir/jquery-${jquery_version}.js ]; then
             jquery_hash=$(sha256sum $edith_dir/jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
@@ -79,9 +79,9 @@ function change_password_edith {
     new_user_password="$2"
 
     sed -i "/${curr_username}:/d" /etc/nginx/.edithpasswd
-    echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd ${curr_username}
+    echo -n "$new_user_password" | htpasswd -i -s -c /etc/nginx/.edithpasswd "${curr_username}"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a ${curr_username} -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a "${curr_username}" -p "$new_user_password"
 }
 
 function logging_on_edith {
@@ -102,21 +102,20 @@ function edith_enable_login {
     dialog --title $"Enable Edith login" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nDo you want to add a login so that random web users can't access your notes?" 10 60
+           --yesno $"\\nDo you want to add a login so that random web users can't access your notes?" 10 60
     sel=$?
     case $sel in
-        0) if grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then
-               sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
+        0) if grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
+               sed -i 's|#auth_basic|auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
                systemctl restart nginx
            fi
-           read_config_param $MY_USERNAME
-           EDITH_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a edith)
+           read_config_param "$MY_USERNAME"
+           EDITH_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith)
            dialog --title $"Enable Edith login" \
                   --msgbox $"Edith logins are now enabled with the password $EDITH_PASSWORD" 6 65
-           EDITH__PASSWORD=
            ;;
-        1) if ! grep -q '#auth_basic' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME; then
-               sed -i 's|auth_basic|#auth_basic|g' /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
+        1) if ! grep -q '#auth_basic' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"; then
+               sed -i 's|auth_basic|#auth_basic|g' "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
                systemctl restart nginx
            fi
            dialog --title $"Disable Edith login" \
@@ -127,31 +126,34 @@ function edith_enable_login {
 
 function edith_browse {
     read_config_param EDITH_DOMAIN_NAME
-    cd /var/www/$EDITH_DOMAIN_NAME/htdocs/data
-    editor /var/www/$EDITH_DOMAIN_NAME/htdocs/data
+    cd "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" || exit 24682642
+    editor "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
 }
 
 function configure_interactive_edith {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Edith" \
                --radiolist $"Choose an operation:" 10 50 3 \
                1 $"Enable login" off \
                2 $"Browse notes" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) edith_enable_login;;
             2) edith_browse;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -165,24 +167,24 @@ function upgrade_edith {
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$EDITH_DOMAIN_NAME/htdocs "edith commit" "$EDITH_COMMIT" $EDITH_REPO
+    set_repo_commit "/var/www/$EDITH_DOMAIN_NAME/htdocs" "edith commit" "$EDITH_COMMIT" "$EDITH_REPO"
 
     remove_bad_links_edith
-    chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data
+    chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
 }
 
 function backup_local_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     function_check suspend_site
-    suspend_site ${EDITH_DOMAIN_NAME}
+    suspend_site "${EDITH_DOMAIN_NAME}"
 
-    source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check backup_directory_to_usb
     dest_directory=edith
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
@@ -192,12 +194,12 @@ function restore_local_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     temp_restore_dir=/root/tempedith
-    edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check restore_directory_from_usb
     restore_directory_from_usb $temp_restore_dir edith
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$edith_dir ]; then
+        if [ -d $temp_restore_dir$edith_dir ]; then
             cp -rp $temp_restore_dir$edith_dir $edith_dir/
         else
             if [ ! -d $edith_dir ]; then
@@ -215,13 +217,13 @@ function backup_remote_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     function_check suspend_site
-    suspend_site ${EDITH_DOMAIN_NAME}
+    suspend_site "${EDITH_DOMAIN_NAME}"
 
-    source_directory=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check backup_directory_to_friend
     dest_directory=edith
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
@@ -231,12 +233,12 @@ function restore_remote_edith {
     read_config_param EDITH_DOMAIN_NAME
 
     temp_restore_dir=/root/tempedith
-    edith_dir=/var/www/${EDITH_DOMAIN_NAME}/htdocs/data
+    edith_dir="/var/www/${EDITH_DOMAIN_NAME}/htdocs/data"
 
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir edith
     if [ -d $temp_restore_dir ]; then
-        if [ -d cp $temp_restore_dir$edith_dir ]; then
+        if [ -d $temp_restore_dir$edith_dir ]; then
             cp -rp $temp_restore_dir$edith_dir $edith_dir/
         else
             if [ ! -d $edith_dir ]; then
@@ -253,17 +255,17 @@ function restore_remote_edith {
 function remove_edith {
     nginx_dissite $EDITH_DOMAIN_NAME
 
-    if [ -f /etc/nginx/sites-available/$EDITH_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$EDITH_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
     fi
 
-    if [ -d /var/www/$EDITH_DOMAIN_NAME ]; then
-        rm -rf /var/www/$EDITH_DOMAIN_NAME
+    if [ -d "/var/www/$EDITH_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$EDITH_DOMAIN_NAME"
     fi
 
     function_check remove_onion_service
     remove_onion_service edith ${EDITH_ONION_PORT}
-    sed -i '/edith/d' $COMPLETION_FILE
+    sed -i '/edith/d' "$COMPLETION_FILE"
 
     if [ -f /etc/nginx/.edithpasswd ]; then
         rm /etc/nginx/.edithpasswd
@@ -286,26 +288,26 @@ function install_edith {
     function_check install_nodejs
     install_nodejs edith
 
-    if [ ! ${EDITH_PASSWORD} ]; then
-        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-            EDITH_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "${EDITH_PASSWORD}" ]; then
+        if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+            EDITH_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            EDITH_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            EDITH_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
-    if [ -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
-        rm -rf /var/www/$EDITH_DOMAIN_NAME/htdocs
+    if [ -d "/var/www/$EDITH_DOMAIN_NAME/htdocs" ]; then
+        rm -rf "/var/www/$EDITH_DOMAIN_NAME/htdocs"
     fi
 
     if [ -d /repos/edith ]; then
-        mkdir /var/www/$EDITH_DOMAIN_NAME/htdocs
-        cp -r -p /repos/edith/. /var/www/$EDITH_DOMAIN_NAME/htdocs
-        cd /var/www/$EDITH_DOMAIN_NAME/htdocs
+        mkdir "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+        cp -r -p /repos/edith/. "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+        cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 24682462
         git pull
     else
         function_check git_clone
-        git_clone $EDITH_REPO /var/www/$EDITH_DOMAIN_NAME/htdocs
+        git_clone "$EDITH_REPO" "/var/www/$EDITH_DOMAIN_NAME/htdocs"
     fi
 
     if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs ]; then
@@ -313,102 +315,102 @@ function install_edith {
         exit 537593569
     fi
 
-    cd /var/www/$EDITH_DOMAIN_NAME/htdocs
-    git checkout $EDITH_COMMIT -b $EDITH_COMMIT
+    cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 2648248
+    git checkout "$EDITH_COMMIT" -b "$EDITH_COMMIT"
     set_completion_param "edith commit" "$EDITH_COMMIT"
 
-    if [ ! -d /var/www/$EDITH_DOMAIN_NAME/htdocs/data ]; then
-        mkdir -p /var/www/$EDITH_DOMAIN_NAME/htdocs/data
+    if [ ! -d "/var/www/$EDITH_DOMAIN_NAME/htdocs/data" ]; then
+        mkdir -p "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
     fi
 
     EDITH_ONION_HOSTNAME=$(add_onion_service edith 80 ${EDITH_ONION_PORT})
 
-    edith_nginx_site=/etc/nginx/sites-available/$EDITH_DOMAIN_NAME
-    if [[ $ONION_ONLY == "no" ]]; then
+    edith_nginx_site="/etc/nginx/sites-available/$EDITH_DOMAIN_NAME"
+    if [[ "$ONION_ONLY" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $EDITH_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $edith_nginx_site
-        echo '  listen 443 ssl;' >> $edith_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $edith_nginx_site
-        echo "  server_name $EDITH_DOMAIN_NAME;" >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
+        nginx_http_redirect "$EDITH_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $EDITH_DOMAIN_NAME;";
+          echo ''; } >> "$edith_nginx_site"
         function_check nginx_compress
-        nginx_compress $EDITH_DOMAIN_NAME
-        echo '' >> $edith_nginx_site
-        echo '  # Security' >> $edith_nginx_site
+        nginx_compress "$EDITH_DOMAIN_NAME"
+        echo '' >> "$edith_nginx_site"
+        echo '  # Security' >> "$edith_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $EDITH_DOMAIN_NAME
+        nginx_ssl "$EDITH_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $EDITH_DOMAIN_NAME
+        nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  access_log /dev/null;' >> $edith_nginx_site
-        echo '  error_log /dev/null;' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  index index.php;' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  # PHP' >> $edith_nginx_site
-        echo '  location ~ \.php {' >> $edith_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $edith_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $edith_nginx_site
-        echo '  }' >> $edith_nginx_site
-        echo '' >> $edith_nginx_site
-        echo '  # Location' >> $edith_nginx_site
-        echo '  location / {' >> $edith_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$edith_nginx_site"
         function_check nginx_limits
-        nginx_limits $EDITH_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site
-        echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site
-        echo '    auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site
-        echo '  }' >> $edith_nginx_site
-        echo '}' >> $edith_nginx_site
+        nginx_limits "$EDITH_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ /index.php?\$args;";
+          echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";";
+          echo '    auth_basic_user_file /etc/nginx/.edithpasswd;';
+          echo '  }';
+          echo '}'; } >> "$edith_nginx_site"
     else
-        echo -n '' > $edith_nginx_site
+        echo -n '' > "$edith_nginx_site"
     fi
-    echo 'server {' >> $edith_nginx_site
-    echo "    listen 127.0.0.1:$EDITH_ONION_PORT default_server;" >> $edith_nginx_site
-    echo "    server_name $EDITH_ONION_HOSTNAME;" >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$EDITH_ONION_PORT default_server;";
+      echo "    server_name $EDITH_ONION_HOSTNAME;";
+      echo ''; } >> "$edith_nginx_site"
     function_check nginx_compress
-    nginx_compress $EDITH_DOMAIN_NAME
-    echo '' >> $edith_nginx_site
+    nginx_compress "$EDITH_DOMAIN_NAME"
+    echo '' >> "$edith_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $EDITH_DOMAIN_NAME
-    echo '' >> $edith_nginx_site
-    echo '  access_log /dev/null;' >> $edith_nginx_site
-    echo '  error_log /dev/null;' >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;" >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo '  index index.php;' >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo '  # PHP' >> $edith_nginx_site
-    echo '  location ~ \.php {' >> $edith_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $edith_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $edith_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $edith_nginx_site
-    echo '  }' >> $edith_nginx_site
-    echo '' >> $edith_nginx_site
-    echo '  # Location' >> $edith_nginx_site
-    echo '  location / {' >> $edith_nginx_site
+    nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
+    { echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$EDITH_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$edith_nginx_site"
     function_check nginx_limits
     nginx_limits $EDITH_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ /index.php?$args;' >> $edith_nginx_site
-    echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";" >> $edith_nginx_site
-    echo '    auth_basic_user_file /etc/nginx/.edithpasswd;' >> $edith_nginx_site
-    echo '  }' >> $edith_nginx_site
-    echo '}' >> $edith_nginx_site
+    { echo "    try_files \$uri \$uri/ /index.php?\$args;";
+      echo "    auth_basic \"${EDITH_LOGIN_TEXT}\";";
+      echo '    auth_basic_user_file /etc/nginx/.edithpasswd;';
+      echo '  }';
+      echo '}'; } >> "$edith_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $EDITH_DOMAIN_NAME 'yes'
+    create_site_certificate "$EDITH_DOMAIN_NAME" 'yes'
 
     # create a password for users
     if [ ! -f /etc/nginx/.edithpasswd ]; then
@@ -417,24 +419,23 @@ function install_edith {
     if grep -q "$MY_USERNAME:" /etc/nginx/.edithpasswd; then
         sed -i "/$MY_USERNAME:/d" /etc/nginx/.edithpasswd
     fi
-    echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd $MY_USERNAME
+    echo -n "$EDITH_PASSWORD" | htpasswd -i -s -c /etc/nginx/.edithpasswd "$MY_USERNAME"
     if [ ! -f /etc/nginx/.edithpasswd ]; then
         echo $'/etc/nginx/.edithpasswd not found'
         exit 6537683563
     fi
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a edith -p "$EDITH_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a edith -p "$EDITH_PASSWORD"
 
-    cp /var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example /var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess
-    cd /var/www/$EDITH_DOMAIN_NAME/htdocs
+    cp "/var/www/$EDITH_DOMAIN_NAME/htdocs/htaccess.example" "/var/www/$EDITH_DOMAIN_NAME/htdocs/.htaccess"
+    cd "/var/www/$EDITH_DOMAIN_NAME/htdocs" || exit 26482468
     npm install -g coffeescript uglify-js
-    cake build
-    if [ ! "$?" = "0" ]; then
+    if ! cake build; then
         echo $'Unable to build Edith'
         exit 7396483635
     fi
     cp config.example.php config.php
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'https://$EDITH_DOMAIN_NAME');|g" config.php
     else
         sed -i "s|define('EDITH_URI'.*|define('EDITH_URI', 'http://$EDITH_ONION_HOSTNAME');|g" config.php
@@ -445,20 +446,20 @@ function install_edith {
 
     remove_bad_links_edith
 
-    chown -R www-data:www-data /var/www/$EDITH_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$EDITH_DOMAIN_NAME/htdocs/data
-    nginx_ensite $EDITH_DAEMON_NAME
+    chown -R www-data:www-data "/var/www/$EDITH_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$EDITH_DOMAIN_NAME/htdocs/data"
+    nginx_ensite "$EDITH_DAEMON_NAME"
     systemctl restart nginx
 
     APP_INSTALLED=1
 }
 
 function install_interactive_edith {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         GHOST_DOMAIN_NAME='edith.local'
         write_config_param "EDITH_DOMAIN_NAME" "$EDITH_DOMAIN_NAME"
     else
diff --git a/src/freedombone-app-emacs b/src/freedombone-app-emacs
index 8bb7207a..1056c3e3 100755
--- a/src/freedombone-app-emacs
+++ b/src/freedombone-app-emacs
@@ -57,13 +57,13 @@ function backup_local_emacs {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
                 function_check backup_directory_to_usb
-                backup_directory_to_usb /home/$USERNAME/.emacs.d emacs/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
             fi
         fi
     done
@@ -71,24 +71,25 @@ function backup_local_emacs {
 
 function restore_local_emacs {
     temp_restore_dir=/root/tempemacs
-    if [ -d $USB_MOUNT/backup/emacs ]; then
+    if [ -d "$USB_MOUNT/backup/emacs" ]; then
         for d in $USB_MOUNT/backup/emacs/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Emacs config for $USERNAME"
                 function_check restore_directory_from_usb
-                restore_directory_from_usb $temp_restore_dir emacs/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
+                restore_directory_from_usb "$temp_restore_dir" "emacs/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.emacs.d ]; then
-                        mkdir /home/$USERNAME/.emacs.d
+                    if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
+                        mkdir "/home/$USERNAME/.emacs.d"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -97,10 +98,10 @@ function restore_local_emacs {
                     backup_unmount_drive
                     exit 664
                 fi
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
                 else
-                    cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs
+                    cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
                 fi
                 rm -rf $temp_restore_dir
             fi
@@ -112,13 +113,13 @@ function backup_remote_emacs {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
                 function_check backup_directory_to_friend
-                backup_directory_to_friend /home/$USERNAME/.emacs.d emacs/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.emacs.d" "emacs/$USERNAME"
             fi
         fi
     done
@@ -126,24 +127,25 @@ function backup_remote_emacs {
 
 function restore_remote_emacs {
     temp_restore_dir=/root/tempemacs
-    if [ -d $USB_MOUNT/backup/emacs ]; then
+    if [ -d "$USB_MOUNT/backup/emacs" ]; then
         for d in $USB_MOUNT/backup/emacs/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Emacs config for $USERNAME"
                 function_check restore_directory_from_friend
-                restore_directory_from_friend $temp_restore_dir emacs/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.emacs.d /home/$USERNAME/
+                restore_directory_from_friend "$temp_restore_dir" "emacs/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.emacs.d" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.emacs.d ]; then
-                        mkdir /home/$USERNAME/.emacs.d
+                    if [ ! -d "/home/$USERNAME/.emacs.d" ]; then
+                        mkdir "/home/$USERNAME/.emacs.d"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.emacs.d/*
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.emacs.d/*"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -152,10 +154,10 @@ function restore_remote_emacs {
                     backup_unmount_drive
                     exit 664
                 fi
-                if [ -d $temp_restore_dir/home/$USERNAME/.emacs.d ]; then
-                    cp -f $temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs /home/$USERNAME/.emacs
+                if [ -d "$temp_restore_dir/home/$USERNAME/.emacs.d" ]; then
+                    cp -f "$temp_restore_dir/home/$USERNAME/.emacs.d/dotemacs" "/home/$USERNAME/.emacs"
                 else
-                    cp -f $temp_restore_dir/dotemacs /home/$USERNAME/.emacs
+                    cp -f "$temp_restore_dir/dotemacs" "/home/$USERNAME/.emacs"
                 fi
                 rm -rf $temp_restore_dir
             fi
@@ -166,7 +168,7 @@ function restore_remote_emacs {
 function remove_emacs {
     apt-get -yq remove --purge emacs
     update-alternatives --set editor /usr/bin/nano
-    sed -i '/install_emacs/d' $COMPLETION_FILE
+    sed -i '/install_emacs/d' "$COMPLETION_FILE"
 
     # remove emacs as the mutt email editor
     if [ -f /etc/Muttrc ]; then
@@ -176,9 +178,9 @@ function remove_emacs {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        sed -i '/set editor=/d' /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
                     fi
                 fi
             fi
@@ -194,74 +196,74 @@ function install_emacs {
     #echo -n "(add-to-list 'load-path " > /home/$MY_USERNAME/.emacs
     #echo '"~/.emacs.d/")' >> /home/$MY_USERNAME/.emacs
     #echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Remove trailing whitepace ======================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; Goto a line number with CTRL-l' >> /home/$MY_USERNAME/.emacs
-    echo -n '(global-set-key "\C-l" ' >> /home/$MY_USERNAME/.emacs
-    echo "'goto-line)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Show line numbers ==============================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable line wrapping in org-mode ===============================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo " (add-hook 'org-mode-hook" >> /home/$MY_USERNAME/.emacs
-    echo "           '(lambda ()" >> /home/$MY_USERNAME/.emacs
-    echo "              (visual-line-mode 1)))" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable shift select in org mode ================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq org-support-shift-select t)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Set standard indent to 4 rather that 4 =========================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq standard-indent 4)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq-default tab-width 4)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq c-basic-offset 4)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Support Wheel Mouse Scrolling ==================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(mouse-wheel-mode t)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Place Backup Files in Specific Directory =======================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq make-backup-files t)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq version-control t)' >> /home/$MY_USERNAME/.emacs
-    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Make Text mode the default mode for new buffers ================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(setq default-major-mode 'text-mode)" >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Line length ====================================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq-default fill-column 72)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable Line and Column Numbering ===============================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(line-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '(column-number-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of' >> /home/$MY_USERNAME/.emacs
-    echo ';; newlines when the cursor goes over the column limit.' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo ';; This should actually turn on auto-fill-mode by default in all major' >> /home/$MY_USERNAME/.emacs
-    echo ';; modes. The other way to do this is to turn on the fill for specific modes' >> /home/$MY_USERNAME/.emacs
-    echo ';; via hooks.' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo '(setq auto-fill-mode 1)' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo $';; ===== Enable GPG encryption =========================================' >> /home/$MY_USERNAME/.emacs
-    echo '' >> /home/$MY_USERNAME/.emacs
-    echo "(require 'epa)" >> /home/$MY_USERNAME/.emacs
-    echo '(epa-file-enable)' >> /home/$MY_USERNAME/.emacs
-    cp /home/$MY_USERNAME/.emacs /root/.emacs
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.emacs
+    { echo $';; ===== Remove trailing whitepace ======================================';
+      echo '';
+      echo ";;(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+      echo '';
+      echo ';; Goto a line number with CTRL-l';
+      echo -n '(global-set-key "\C-l" ';
+      echo "'goto-line)";
+      echo '';
+      echo $';; ===== Show line numbers ==============================================';
+      echo '';
+      echo "(add-hook 'find-file-hook (lambda () (linum-mode 1)))";
+      echo '';
+      echo $';; ===== Enable line wrapping in org-mode ===============================';
+      echo '';
+      echo " (add-hook 'org-mode-hook";
+      echo "           '(lambda ()";
+      echo "              (visual-line-mode 1)))";
+      echo '';
+      echo $';; ===== Enable shift select in org mode ================================';
+      echo '';
+      echo '(setq org-support-shift-select t)';
+      echo '';
+      echo $';; ===== Set standard indent to 4 rather that 4 =========================';
+      echo '';
+      echo '(setq standard-indent 4)';
+      echo '(setq-default tab-width 4)';
+      echo '(setq c-basic-offset 4)';
+      echo '';
+      echo $';; ===== Support Wheel Mouse Scrolling ==================================';
+      echo '';
+      echo '(mouse-wheel-mode t)';
+      echo '';
+      echo $';; ===== Place Backup Files in Specific Directory =======================';
+      echo '';
+      echo '(setq make-backup-files t)';
+      echo '(setq version-control t)';
+      echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+      echo '';
+      echo $';; ===== Make Text mode the default mode for new buffers ================';
+      echo '';
+      echo "(setq default-major-mode 'text-mode)";
+      echo '';
+      echo $';; ===== Line length ====================================================';
+      echo '';
+      echo '(setq-default fill-column 72)';
+      echo '';
+      echo $';; ===== Enable Line and Column Numbering ===============================';
+      echo '';
+      echo '(line-number-mode 1)';
+      echo '(column-number-mode 1)';
+      echo '';
+      echo $';; ===== Turn on Auto Fill mode automatically in all modes ==============';
+      echo '';
+      echo ';; Auto-fill-mode the the automatic wrapping of lines and insertion of';
+      echo ';; newlines when the cursor goes over the column limit.';
+      echo '';
+      echo ';; This should actually turn on auto-fill-mode by default in all major';
+      echo ';; modes. The other way to do this is to turn on the fill for specific modes';
+      echo ';; via hooks.';
+      echo '';
+      echo '(setq auto-fill-mode 1)';
+      echo '';
+      echo $';; ===== Enable GPG encryption =========================================';
+      echo '';
+      echo "(require 'epa)";
+      echo '(epa-file-enable)'; } >> "/home/$MY_USERNAME/.emacs"
+    cp "/home/$MY_USERNAME/.emacs" /root/.emacs
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.emacs"
 
     # add a mutt entry to use emacs to compose emails
     if [ -f /etc/Muttrc ]; then
@@ -273,92 +275,92 @@ function install_emacs {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        echo 'set editor="emacs -q --load ~/.emacs-mutt"' >> "/home/$USERNAME/.muttrc"
                     else
-                        sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' /home/$USERNAME/.muttrc
+                        sed -i 's|set editor=.*|set editor="emacs -q --load ~/.emacs-mutt"|g' "/home/$USERNAME/.muttrc"
                     fi
                 fi
 
                 # create an Emacs configuration specifically for use with Mutt, which
                 # has word wrap and spell checking on by default
-                if [ ! -f /home/$USERNAME/.emacs-mutt ]; then
-                    echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > /home/$USERNAME/.emacs-mutt
-                    echo '(setq org-support-shift-select t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq standard-indent 4)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq-default tab-width 4)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq c-basic-offset 4)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(mouse-wheel-mode t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq make-backup-files t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq version-control t)' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> /home/$USERNAME/.emacs-mutt
-                    echo "(setq default-major-mode 'text-mode)" >> /home/$USERNAME/.emacs-mutt
-                    echo "(dolist (hook '(text-mode-hook))" >> /home/$USERNAME/.emacs-mutt
-                    echo '    (add-hook hook (lambda () (flyspell-mode 1))))' >> /home/$USERNAME/.emacs-mutt
-                    echo '(setq-default fill-column 72)' >> /home/$USERNAME/.emacs-mutt
+                if [ ! -f "/home/$USERNAME/.emacs-mutt" ]; then
+                    { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+                    echo '(setq org-support-shift-select t)';
+                    echo '(setq standard-indent 4)';
+                    echo '(setq-default tab-width 4)';
+                    echo '(setq c-basic-offset 4)';
+                    echo '(mouse-wheel-mode t)';
+                    echo '(setq make-backup-files t)';
+                    echo '(setq version-control t)';
+                    echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+                    echo "(setq default-major-mode 'text-mode)";
+                    echo "(dolist (hook '(text-mode-hook))";
+                    echo '    (add-hook hook (lambda () (flyspell-mode 1))))';
+                    echo '(setq-default fill-column 72)'; } > "/home/$USERNAME/.emacs-mutt"
                     if [[ $DEFAULT_LANGUAGE == 'en_US'* ]]; then
-                        echo '(setq ispell-dictionary "american")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "american")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'en_GB'* ]]; then
-                        echo '(setq ispell-dictionary "british")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "british")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'fr_FR'* ]]; then
-                        echo '(setq ispell-dictionary "french")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "french")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'it_IT'* ]]; then
-                        echo '(setq ispell-dictionary "italian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "italian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'cs_CZ'* ]]; then
-                        echo '(setq ispell-dictionary "czech")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "czech")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'da_DK'* ]]; then
-                        echo '(setq ispell-dictionary "danish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "danish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'nl_NL'* ]]; then
-                        echo '(setq ispell-dictionary "dutch")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "dutch")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'ru_RU'* ]]; then
-                        echo '(setq ispell-dictionary "russian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "russian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'es_ES'* ]]; then
-                        echo '(setq ispell-dictionary "spanish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "spanish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'sv_SE'* ]]; then
-                        echo '(setq ispell-dictionary "swedish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "swedish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'no_NO'* ]]; then
-                        echo '(setq ispell-dictionary "norwegian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "norwegian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'de_DE'* ]]; then
-                        echo '(setq ispell-dictionary "ngerman")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "ngerman")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'bg_BG'* ]]; then
-                        echo '(setq ispell-dictionary "bulgarian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "bulgarian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'pl'* ]]; then
-                        echo '(setq ispell-dictionary "polish")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "polish")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'et_EE'* ]]; then
-                        echo '(setq ispell-dictionary "estonian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "estonian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'lt_LT'* ]]; then
-                        echo '(setq ispell-dictionary "lithuanian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "lithuanian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'uk_UA'* ]]; then
-                        echo '(setq ispell-dictionary "ukranian")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "ukranian")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
                     if [[ $DEFAULT_LANGUAGE == 'ca_ES'* ]]; then
-                        echo '(setq ispell-dictionary "catalan")' >> /home/$USERNAME/.emacs-mutt
+                        echo '(setq ispell-dictionary "catalan")' >> "/home/$USERNAME/.emacs-mutt"
                     fi
-                    echo '(setq auto-fill-mode 0)' >> /home/$USERNAME/.emacs-mutt
-                    echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> /home/$USERNAME/.emacs-mutt
-                    echo "(setq-default auto-fill-function 'do-auto-fill)" >> /home/$USERNAME/.emacs-mutt
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.emacs-mutt
+                    { echo '(setq auto-fill-mode 0)';
+                      echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
+                      echo "(setq-default auto-fill-function 'do-auto-fill)"; } >> "/home/$USERNAME/.emacs-mutt"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.emacs-mutt"
 
                     # add the emacs mutt configuration to the user profile skeleton
                     if [ ! -f /etc/skel/.emacs-mutt ]; then
-                        cp /home/$USERNAME/.emacs-mutt /etc/skel/.emacs-mutt
+                        cp "/home/$USERNAME/.emacs-mutt" /etc/skel/.emacs-mutt
                         chown root:root /etc/skel/.emacs-mutt
                     fi
                 fi
diff --git a/src/freedombone-utils-go b/src/freedombone-utils-go
index 4f673f71..8e032764 100755
--- a/src/freedombone-utils-go
+++ b/src/freedombone-utils-go
@@ -51,7 +51,7 @@ function select_go_version {
     else
         sed -i "s|export GVM_ROOT=.*|export GVM_ROOT=$GVM_ROOT|g" ~/.bashrc
     fi
-    cd $GVM_ROOT/bin
+    cd "$GVM_ROOT/bin" || exit 3873658
     [[ -s "$GVM_ROOT/scripts/gvm" ]] && source "$GVM_ROOT/scripts/gvm"
     gvm use go${GO_VERSION} --default
 
@@ -60,21 +60,21 @@ function select_go_version {
         exit 629825
     fi
 
-    systemctl set-environment GOPATH=$GOPATH
+    systemctl set-environment GOPATH="$GOPATH"
 }
 
 function mesh_upgrade_golang_from_source {
     chroot "$rootdir" adduser --disabled-login --gecos 'go' ipfs
 
-    git clone $GO_REPO $rootdir/home/go/go${GO_VERSION}
-    cd $rootdir/home/go/go${GO_VERSION}
-    git checkout go${GO_VERSION} -b go${GO_VERSION}
+    git clone "$GO_REPO" "$rootdir/home/go/go${GO_VERSION}"
+    cd "$rootdir/home/go/go${GO_VERSION}" || exit 3463635
+    git checkout "go${GO_VERSION}" -b "go${GO_VERSION}"
 
-    git clone $GO_REPO $rootdir/home/go/go${GO_INTERMEDIATE_VERSION}
-    cd $rootdir/home/go/go${GO_INTERMEDIATE_VERSION}
+    git clone "$GO_REPO" "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}"
+    cd "$rootdir/home/go/go${GO_INTERMEDIATE_VERSION}" || exit 672845624
     git checkout go${GO_INTERMEDIATE_VERSION} -b go${GO_INTERMEDIATE_VERSION}
 
-    cat <<EOF > ${rootdir}/root/upgrade_golang.sh
+    cat <<EOF > "${rootdir}/root/upgrade_golang.sh"
 #!/bin/bash
 
 apt-get -yq install build-essential libc6-dev
@@ -119,20 +119,20 @@ systemctl set-environment GOROOT=\$GOROOT
 
 exit 0
 EOF
-    chroot ${rootdir} chmod +x /root/upgrade_golang.sh
-    chroot ${rootdir} /root/upgrade_golang.sh
-    if [ ! -f ${rootdir}/home/go/go${GO_VERSION}/bin/go ]; then
+    chroot "${rootdir}" chmod +x /root/upgrade_golang.sh
+    chroot "${rootdir}" /root/upgrade_golang.sh
+    if [ ! -f "${rootdir}/home/go/go${GO_VERSION}/bin/go" ]; then
         echo $'Failed to upgrade golang'
-        cat ${rootdir}/root/upgrade_golang.sh
-        rm -f ${rootdir}/root/upgrade_golang.sh
+        cat "${rootdir}/root/upgrade_golang.sh"
+        rm -f "${rootdir}/root/upgrade_golang.sh"
         exit 836535
     fi
-    rm -f ${rootdir}/root/upgrade_golang.sh
+    rm -f "${rootdir}/root/upgrade_golang.sh"
 }
 
 function mesh_upgrade_golang {
     prefix=
-    if [ $rootdir ]; then
+    if [ "$rootdir" ]; then
         prefix="chroot $rootdir"
     fi
     $prefix adduser --disabled-login --gecos 'go' go
@@ -177,43 +177,43 @@ function mesh_upgrade_golang {
     fi
     GO_SOURCE=https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GOARCH}.tar.gz
 
-    if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
-        chroot "$rootdir" mkdir -p ${INSTALL_DIR}
+    if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+        chroot "$rootdir" mkdir -p "${INSTALL_DIR}"
     fi
-    cd ${rootdir}${INSTALL_DIR}
-    if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then
+    cd "${rootdir}${INSTALL_DIR}" || exit 236487365
+    if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then
         wget ${GO_SOURCE}
     fi
-    if [ ! -f ${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then
+    if [ ! -f "${rootdir}${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then
         exit 26524
     fi
-    $prefix tar -C /home/go -xzf ${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz
-    if [ ! -d ${rootdir}/home/go/go/bin ]; then
+    $prefix tar -C /home/go -xzf "${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz"
+    if [ ! -d "${rootdir}/home/go/go/bin" ]; then
         echo 'Go binary not installed'
         exit 763562
     fi
-    mv ${rootdir}/home/go/go ${rootdir}/home/go/go${GO_VERSION}
-    echo "export GOROOT=/home/go" >> ${rootdir}/root/.bashrc
-    echo "export GOROOT=/home/go" >> ${rootdir}/etc/skel/.bashrc
-    echo "export GOROOT=/home/go" >> ${rootdir}/home/$MY_USERNAME/.bashrc
-    echo "export GOROOT=/home/go" >> ${rootdir}/home/go/.bashrc
+    mv "${rootdir}/home/go/go" "${rootdir}/home/go/go${GO_VERSION}"
+    echo "export GOROOT=/home/go" >> "${rootdir}/root/.bashrc"
+    echo "export GOROOT=/home/go" >> "${rootdir}/etc/skel/.bashrc"
+    echo "export GOROOT=/home/go" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
+    echo "export GOROOT=/home/go" >> "${rootdir}/home/go/.bashrc"
 
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/root/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/etc/skel/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/$MY_USERNAME/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/go/.bashrc
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/root/.bashrc"
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/etc/skel/.bashrc"
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/go/.bashrc"
 
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/root/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/etc/skel/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/$MY_USERNAME/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/go/.bashrc
-    $prefix chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/root/.bashrc"
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/etc/skel/.bashrc"
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/$MY_USERNAME/.bashrc"
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/go/.bashrc"
+    $prefix chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME"
     $prefix chown -R go:go /home/go
-    cp ${rootdir}/home/go/go${GO_VERSION}/bin/* ${rootdir}/usr/bin
+    cp "${rootdir}/home/go/go${GO_VERSION}/bin/*" "${rootdir}/usr/bin"
 }
 
 function upgrade_golang {
-    if grep -Fxq "upgrade_golang:$GO_VERSION" $COMPLETION_FILE; then
+    if grep -Fxq "upgrade_golang:$GO_VERSION" "$COMPLETION_FILE"; then
         return
     fi
 
diff --git a/src/freedombone-utils-gpg b/src/freedombone-utils-gpg
index e5790582..fc02cd3a 100755
--- a/src/freedombone-utils-gpg
+++ b/src/freedombone-utils-gpg
@@ -29,57 +29,57 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 function gpg_update_mutt {
-    key_username=$1
+    key_username="$1"
 
-    if [ ! -f /home/$key_username/.muttrc ]; then
+    if [ ! -f "/home/$key_username/.muttrc" ]; then
         return
     fi
 
     CURR_EMAIL_ADDRESS=$key_username@$HOSTNAME
-    CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
+    CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
 
     # If the default key is specified within gpg.conf
-    if [ -f /home/$key_username/gpg.conf ]; then
-        if grep -q "default-key" /home/$key_username/gpg.conf; then
-            default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key")
+    if [ -f "/home/$key_username/gpg.conf" ]; then
+        if grep -q "default-key" "/home/$key_username/gpg.conf"; then
+            default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf")
             if [[ "$default_gpg_key" != *'#'* ]]; then
-                default_gpg_key=$(cat /home/$key_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+                default_gpg_key=$(grep "default-key" "/home/$key_username/gpg.conf" | awk -F ' ' '{print $2}')
                 if [ ${#default_gpg_key} -gt 3 ]; then
-                    CURR_GPG_ID=$(gpg --homedir=/home/$key_username/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
+                    CURR_GPG_ID=$(gpg --homedir="/home/$key_username/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
                 fi
             fi
         fi
     fi
 
-    sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc
-    sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" /home/$key_username/.muttrc
+    sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc"
+    sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $CURR_GPG_ID -- -r %r -- %f\"|g" "/home/$key_username/.muttrc"
 
-    chown $key_username:$key_username /home/$key_username/.muttrc
+    chown "$key_username":"$key_username" "/home/$key_username/.muttrc"
 }
 
 function gpg_import_public_key {
-    key_username=$1
-    key_filename=$2
+    key_username="$1"
+    key_filename="$2"
 
-    gpg --homedir=/home/$key_username/.gnupg --import $key_filename
-    gpg_set_permissions $key_username
+    gpg --homedir="/home/$key_username/.gnupg" --import "$key_filename"
+    gpg_set_permissions "$key_username"
 }
 
 function gpg_import_private_key {
-    key_username=$1
-    key_filename=$2
+    key_username="$1"
+    key_filename="$2"
 
-    gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $key_filename
-    gpg_set_permissions $key_username
+    gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$key_filename"
+    gpg_set_permissions "$key_username"
 }
 
 function gpg_export_public_key {
-    key_username=$1
-    key_id=$2
-    key_filename=$3
+    key_username="$1"
+    key_id="$2"
+    key_filename="$3"
 
-    chown -R $key_username:$key_username /home/$key_username/.gnupg
-    su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - $key_username
+    chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
+    su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - "$key_username"
 }
 
 function gpg_export_private_key {
@@ -87,68 +87,68 @@ function gpg_export_private_key {
     key_id=$2
     key_filename=$3
 
-    chown -R $key_username:$key_username /home/$key_username/.gnupg
-    su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - $key_username
+    chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
+    su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - "$key_username"
 }
 
 function gpg_create_key {
-    key_username=$1
-    key_passphrase=$2
+    key_username="$1"
+    key_passphrase="$2"
 
-    gpg_dir=/home/$key_username/.gnupg
+    gpg_dir="/home/$key_username/.gnupg"
 
-    echo 'Key-Type: eddsa' > /home/$key_username/gpg-genkey.conf
-    echo 'Key-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
-    echo 'Subkey-Type: eddsa' >> /home/$key_username/gpg-genkey.conf
-    echo 'Subkey-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
-    echo "Name-Real:  $MY_NAME" >> /home/$key_username/gpg-genkey.conf
-    echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$key_username/gpg-genkey.conf
-    echo 'Expire-Date: 0' >> /home/$key_username/gpg-genkey.conf
-    cat /home/$key_username/gpg-genkey.conf
-    if [ $key_passphrase ]; then
-        echo "Passphrase: $key_passphrase" >> /home/$key_username/gpg-genkey.conf
+    { echo 'Key-Type: eddsa';
+      echo 'Key-Curve: Ed25519';
+      echo 'Subkey-Type: eddsa';
+      echo 'Subkey-Curve: Ed25519';
+      echo "Name-Real:  $MY_NAME";
+      echo "Name-Email: $MY_EMAIL_ADDRESS";
+      echo 'Expire-Date: 0'; } > "/home/$key_username/gpg-genkey.conf"
+    cat "/home/$key_username/gpg-genkey.conf"
+    if [ "$key_passphrase" ]; then
+        echo "Passphrase: $key_passphrase" >> "/home/$key_username/gpg-genkey.conf"
     else
-        echo "Passphrase: $PROJECT_NAME" >> /home/$key_username/gpg-genkey.conf
+        echo "Passphrase: $PROJECT_NAME" >> "/home/$key_username/gpg-genkey.conf"
     fi
-    chown $key_username:$key_username /home/$key_username/gpg-genkey.conf
+    chown "$key_username":"$key_username" "/home/$key_username/gpg-genkey.conf"
 
     echo $'Generating a new GPG key'
-    su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - $key_username
-    chown -R $key_username:$key_username /home/$key_username/.gnupg
+    su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - "$key_username"
+    chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
     KEY_EXISTS=$(gpg_key_exists "$key_username" "$MY_EMAIL_ADDRESS")
     if [[ $KEY_EXISTS == "no" ]]; then
         echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
         exit 63621
     fi
-    shred -zu /home/$key_username/gpg-genkey.conf
+    shred -zu "/home/$key_username/gpg-genkey.conf"
     CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "$MY_EMAIL_ADDRESS")
     if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
         echo $"GPG public key ID could not be obtained for $MY_EMAIL_ADDRESS"
         exit 825292
     fi
-    gpg_set_permissions $key_username
+    gpg_set_permissions "$key_username"
 }
 
 function gpg_delete_key {
-    key_username=$1
-    key_id=$2
+    key_username="$1"
+    key_id="$2"
 
-    chown -R $key_username:$key_username /home/$key_username/.gnupg
-    su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - $key_username
-    su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - $key_username
+    chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
+    su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-secret-key $key_id" - "$key_username"
+    su -c "gpg --batch --quiet --homedir=/home/$key_username/.gnupg --delete-key $key_id" - "$key_username"
 }
 
 function gpg_set_permissions {
     key_username=$1
 
     if [[ "$key_username" != 'root' ]]; then
-        chmod 700 /home/$key_username/.gnupg
-        chmod -R 600 /home/$key_username/.gnupg/*
-        printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$key_username/.gnupg/S.dirmngr
-        if [ -d /home/$key_username/.gnupg/crls.d ]; then
-            chmod +x /home/$key_username/.gnupg/crls.d
+        chmod 700 "/home/$key_username/.gnupg"
+        chmod -R 600 "/home/$key_username/.gnupg/*"
+        printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$key_username/.gnupg/S.dirmngr"
+        if [ -d "/home/$key_username/.gnupg/crls.d" ]; then
+            chmod +x "/home/$key_username/.gnupg/crls.d"
         fi
-        chown -R $key_username:$key_username /home/$key_username/.gnupg
+        chown -R "$key_username":"$key_username" "/home/$key_username/.gnupg"
     else
         chmod 700 /root/.gnupg
         chmod -R 600 /root/.gnupg/*
@@ -156,7 +156,7 @@ function gpg_set_permissions {
         if [ -d /root/.gnupg/crls.d ]; then
             chmod +x /root/.gnupg/crls.d
         fi
-        chown -R $key_username:$key_username /root/.gnupg
+        chown -R "$key_username":"$key_username" /root/.gnupg
     fi
 }
 
@@ -164,22 +164,22 @@ function gpg_reconstruct_key {
     key_username=$1
     key_interactive=$2
 
-    if [ ! -d /home/$key_username/.gnupg_fragments ]; then
+    if [ ! -d "/home/$key_username/.gnupg_fragments" ]; then
         return
     fi
-    cd /home/$key_username/.gnupg_fragments
+    cd "/home/$key_username/.gnupg_fragments" || exit 3468346
+    # shellcheck disable=SC2012
     no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
     if (( no_of_shares < 4 )); then
-        if [ $key_interactive ]; then
+        if [ "$key_interactive" ]; then
             dialog --title $"Recover Encryption Keys" --msgbox $'Not enough fragments to reconstruct the key' 6 70
         else
             echo $'Not enough fragments to reconstruct the key'
         fi
         exit 7348
     fi
-    gfcombine /home/$key_username/.gnupg_fragments/keyshare*
-    if [ ! "$?" = "0" ]; then
-        if [ $key_interactive ]; then
+    if ! gfcombine "/home/$key_username/.gnupg_fragments/keyshare*"; then
+        if [ "$key_interactive" ]; then
             dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
         else
             echo $'Unable to reconstruct the key'
@@ -188,8 +188,8 @@ function gpg_reconstruct_key {
     fi
 
     KEYS_FILE=/home/$key_username/.gnupg_fragments/keyshare.asc
-    if [ ! -f $KEYS_FILE ]; then
-        if [ $key_interactive ]; then
+    if [ ! -f "$KEYS_FILE" ]; then
+        if [ "$key_interactive" ]; then
             dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
         else
             echo $'Unable to reconstruct the key'
@@ -197,22 +197,21 @@ function gpg_reconstruct_key {
         exit 52852
     fi
 
-    gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $KEYS_FILE
-    if [ ! "$?" = "0" ]; then
-        shred -zu $KEYS_FILE
-        rm -rf /home/$key_username/.tempgnupg
-        if [ $key_interactive ]; then
+    if ! gpg --homedir="/home/$key_username/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
+        shred -zu "$KEYS_FILE"
+        rm -rf "/home/$key_username/.tempgnupg"
+        if [ "$key_interactive" ]; then
             dialog --title $"Recover Encryption Keys" --msgbox $'Unable to import gpg key' 6 70
         else
             echo $'Unable to import gpg key'
         fi
         exit 96547
     fi
-    shred -zu $KEYS_FILE
+    shred -zu "$KEYS_FILE"
 
-    gpg_set_permissions $key_username
+    gpg_set_permissions "$key_username"
 
-    if [ $key_interactive ]; then
+    if [ "$key_interactive" ]; then
         dialog --title $"Recover Encryption Keys" --msgbox $'Key has been reconstructed' 6 70
     else
         echo $'Key has been reconstructed'
@@ -224,9 +223,9 @@ function gpg_agent_setup {
 
     if [[ $gpg_username == 'root' ]]; then
         if ! grep -q 'GPG_TTY' /root/.bashrc; then
-            echo '' >> /root/.bashrc
-            echo 'GPG_TTY=$(tty)' >> /root/.bashrc
-            echo 'export GPG_TTY' >> /root/.bashrc
+            { echo '';
+              echo "GPG_TTY=\$(tty)";
+              echo 'export GPG_TTY'; } >> /root/.bashrc
         fi
         if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
             sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
@@ -234,37 +233,37 @@ function gpg_agent_setup {
         if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
             echo 'use-agent' >> /root/.gnupg/gpg.conf
         fi
-        echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf
-        echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf
-        echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        { echo 'default-cache-ttl 300';
+          echo 'max-cache-ttl 999999';
+          echo 'allow-loopback-pinentry'; } > /root/.gnupg/gpg-agent.conf
         if [ -f /root/.gnupg/S.dirmngr ]; then
             rm /root/.gnupg/S.dirmngr
         fi
         echo RELOADAGENT | gpg-connect-agent
     else
-        if ! grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
-            echo '' >> /home/$gpg_username/.bashrc
-            echo 'GPG_TTY=$(tty)' >> /home/$gpg_username/.bashrc
-            echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
-            chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
+        if ! grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then
+            { echo '';
+              echo "GPG_TTY=\$(tty)";
+              echo 'export GPG_TTY'; } >> "/home/$gpg_username/.bashrc"
+            chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc"
         fi
-        if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
-            sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf
+        if grep -q '# use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
+            sed -i 's|# use-agent|use-agent|g' "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
-            echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
+        if ! grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
+            echo 'use-agent' >> "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
-            echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
+        if ! grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then
+            echo 'pinentry-mode loopback' >> "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf
-        echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf
-        echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
-        if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then
-            rm /home/$gpg_username/.gnupg/S.dirmngr
+        echo 'default-cache-ttl 300' > "/home/$gpg_username/.gnupg/gpg-agent.conf"
+        echo 'max-cache-ttl 999999' >> "/home/$gpg_username/.gnupg/gpg-agent.conf"
+        echo 'allow-loopback-pinentry' >> "/home/$gpg_username/.gnupg/gpg-agent.conf"
+        if [ -f "/home/$gpg_username/.gnupg/S.dirmngr" ]; then
+            rm "/home/$gpg_username/.gnupg/S.dirmngr"
         fi
         if [[ "$gpg_username" != "$USER" ]]; then
-            su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
+            su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username"
         else
             echo RELOADAGENT | gpg-connect-agent
         fi
@@ -277,21 +276,21 @@ function gpg_agent_enable {
     if [[ $gpg_username == 'root' ]]; then
         return
     else
-        if grep -q 'GPG_TTY' /home/$gpg_username/.bashrc; then
-            sed -i '/GPG_TTY/d' /home/$gpg_username/.bashrc
-            chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
+        if grep -q 'GPG_TTY' "/home/$gpg_username/.bashrc"; then
+            sed -i '/GPG_TTY/d' "/home/$gpg_username/.bashrc"
+            chown "$gpg_username":"$gpg_username" "/home/$gpg_username/.bashrc"
         fi
-        if grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
-           sed -i '/use-agent/d' /home/$gpg_username/.gnupg/gpg.conf
+        if grep -q 'use-agent' "/home/$gpg_username/.gnupg/gpg.conf"; then
+           sed -i '/use-agent/d' "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        if grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
-            sed -i '/pinentry-mode loopback/d' /home/$gpg_username/.gnupg/gpg.conf
+        if grep -q 'pinentry-mode loopback' "/home/$gpg_username/.gnupg/gpg.conf"; then
+            sed -i '/pinentry-mode loopback/d' "/home/$gpg_username/.gnupg/gpg.conf"
         fi
-        if [ -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
-            rm /home/$gpg_username/.gnupg/gpg-agent.conf
+        if [ -f "/home/$gpg_username/.gnupg/gpg-agent.conf" ]; then
+            rm "/home/$gpg_username/.gnupg/gpg-agent.conf"
         fi
         if [[ "$gpg_username" != "$USER" ]]; then
-            su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
+            su -c "echo RELOADAGENT | gpg-connect-agent" - "$gpg_username"
         else
             echo RELOADAGENT | gpg-connect-agent
         fi
@@ -303,46 +302,46 @@ function gpg_pubkey_from_email {
     key_email_address=$2
     key_id=
     if [[ $key_owner_username != "root" ]]; then
-        key_id=$(su -c "gpg --list-keys $key_email_address" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//')
+        key_id=$(su -c "gpg --list-keys $key_email_address" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//')
 
         # If the default key is specified within gpg.conf
-        if [ -f /home/$key_owner_username/gpg.conf ]; then
-            if grep -q "default-key" /home/$key_owner_username/gpg.conf; then
-                default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key")
+        if [ -f "/home/$key_owner_username/gpg.conf" ]; then
+            if grep -q "default-key" "/home/$key_owner_username/gpg.conf"; then
+                default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf")
                 if [[ "$default_gpg_key" != *'#'* ]]; then
-                    default_gpg_key=$(cat /home/$key_owner_username/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+                    default_gpg_key=$(grep "default-key" "/home/$key_owner_username/gpg.conf" | awk -F ' ' '{print $2}')
                     if [ ${#default_gpg_key} -gt 3 ]; then
-                        key_id=$(su -c "gpg --list-keys $default_gpg_key" - $key_owner_username | sed -n '2p' | sed 's/^[ \t]*//')
+                        key_id=$(su -c "gpg --list-keys $default_gpg_key" - "$key_owner_username" | sed -n '2p' | sed 's/^[ \t]*//')
                     fi
                 fi
             fi
         fi
     else
-        key_id=$(gpg --list-keys $key_email_address | sed -n '2p' | sed 's/^[ \t]*//')
+        key_id=$(gpg --list-keys "$key_email_address" | sed -n '2p' | sed 's/^[ \t]*//')
 
         # If the default key is specified within gpg.conf
         if [ -f /root/gpg.conf ]; then
             if grep -q "default-key" /root/gpg.conf; then
-                default_gpg_key=$(cat /root/gpg.conf | grep "default-key")
+                default_gpg_key=$(grep "default-key" /root/gpg.conf)
                 if [[ "$default_gpg_key" != *'#'* ]]; then
-                    default_gpg_key=$(cat /root/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+                    default_gpg_key=$(grep "default-key" /root/gpg.conf | awk -F ' ' '{print $2}')
                     if [ ${#default_gpg_key} -gt 3 ]; then
-                        key_id=$(gpg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
+                        key_id=$(gpg --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
                     fi
                 fi
             fi
         fi
     fi
-    echo $key_id
+    echo "$key_id"
 }
 
 function enable_email_encryption_at_rest {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then
-                sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc
-                sed -i 's|#:0 f|:0 f|g' /home/$USERNAME/.procmailrc
+            if grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then
+                sed -i 's@#| /usr/bin/gpgit.pl@| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc"
+                sed -i 's|#:0 f|:0 f|g' "/home/$USERNAME/.procmailrc"
             fi
         fi
     done
@@ -357,9 +356,9 @@ function disable_email_encryption_at_rest {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if ! grep -q '#| /usr/bin/gpgit.pl' /home/$USERNAME/.procmailrc; then
-                sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' /home/$USERNAME/.procmailrc
-                sed -i 's|:0 f|#:0 f|g' /home/$USERNAME/.procmailrc
+            if ! grep -q '#| /usr/bin/gpgit.pl' "/home/$USERNAME/.procmailrc"; then
+                sed -i 's@| /usr/bin/gpgit.pl@#| /usr/bin/gpgit.pl@g' "/home/$USERNAME/.procmailrc"
+                sed -i 's|:0 f|#:0 f|g' "/home/$USERNAME/.procmailrc"
             fi
         fi
     done
diff --git a/src/freedombone-utils-guile b/src/freedombone-utils-guile
index 51a25cf9..1974e10e 100755
--- a/src/freedombone-utils-guile
+++ b/src/freedombone-utils-guile
@@ -37,14 +37,14 @@ EIGHTSYNC_COMMIT='8cbb7f22227c0afdd3b0bd758ebec0efba2fa1e1'
 function install_8sync {
     apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 67832456
 
-    git_clone $EIGHTSYNC_REPO $INSTALL_DIR/eightsync
-    cd $INSTALL_DIR/eightsync
-    git checkout ${EIGHTSYNC_COMMIT} -b ${EIGHTSYNC_COMMIT}
+    git_clone "$EIGHTSYNC_REPO" "$INSTALL_DIR/eightsync"
+    cd "$INSTALL_DIR/eightsync" || exit 23468346
+    git checkout "${EIGHTSYNC_COMMIT}" -b "${EIGHTSYNC_COMMIT}"
 
     export GUILE_BASE_PATH=/opt/guile-${GUILE_VERSION}
     export GUILE_CFLAGS="-I${GUILE_BASE_PATH}/include"
@@ -67,31 +67,31 @@ function install_guile {
 
     apt-get -qy install flex libunistring-dev libgc-dev autoconf texinfo lzip wget
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 4298497
 
-    if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then
-        wget https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz
+    if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then
+        wget "https://ftp.gnu.org/gnu/guile/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz"
     fi
-    if [ ! -f guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz ]; then
+    if [ ! -f "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" ]; then
         echo 'Unable to download guile pack'
         exit 6735238
     fi
-    CURR_GUILE_HASH=$(sha256sum guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz | awk -F ' ' '{print $1}')
+    CURR_GUILE_HASH=$(sha256sum "guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz" | awk -F ' ' '{print $1}')
     if [[ "$CURR_GUILE_HASH" != "$GUILE_HASH" ]]; then
         echo 'Guile hash does not match'
         exit 7237625
     fi
-    cd /
-    tar xvf $INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz
-    if [ ! -d /opt/guile-${GUILE_VERSION}/bin ]; then
+    cd / || exit 73563635
+    tar xvf "$INSTALL_DIR/guile-${GUILE_VERSION}-pack-${GUILE_ARCH}-linux-gnu.tar.lz"
+    if [ ! -d "/opt/guile-${GUILE_VERSION}/bin" ]; then
         echo 'Guile was not installed'
         exit 825269
     fi
     echo "export GUILE_PATH=/opt/guile-${GUILE_VERSION}/bin" >> ~/.bashrc
-    echo 'export PATH=$PATH:$GUILE_PATH' >> ~/.bashrc
+    echo "export PATH=\$PATH:\$GUILE_PATH" >> ~/.bashrc
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-i2p b/src/freedombone-utils-i2p
index d3693660..0925eeff 100755
--- a/src/freedombone-utils-i2p
+++ b/src/freedombone-utils-i2p
@@ -34,12 +34,12 @@
 I2P_DOMAIN='deb.i2p2.de'
 
 function install_i2p {
-    if [ ! -d $INSTALL_DIR ]; then
-       mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+       mkdir -p "$INSTALL_DIR"
     fi
 
     # install the gpg key
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 346735
     if [ -f i2p-debian-repo.key.asc ]; then
         rm i2p-debian-repo.key.asc
     fi
@@ -121,3 +121,5 @@ function i2p_enable_sam {
     sed -i 's|clientApp.1.startOnLoad=.*|clientApp.1.startOnLoad=true|g' /var/lib/i2p/i2p-config/clients.config
     systemctl restart i2p
 }
+
+# NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-interactive b/src/freedombone-utils-interactive
index dfbd4314..65378e37 100755
--- a/src/freedombone-utils-interactive
+++ b/src/freedombone-utils-interactive
@@ -32,14 +32,13 @@ function interactive_configuration_remote_backups {
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
         return
     fi
-    if [ ! -f /usr/local/bin/${PROJECT_NAME}-remote ]; then
-        if [ ! -f /usr/bin/${PROJECT_NAME}-remote ]; then
+    if [ ! -f "/usr/local/bin/${PROJECT_NAME}-remote" ]; then
+        if [ ! -f "/usr/bin/${PROJECT_NAME}-remote" ]; then
             echo $"The command ${PROJECT_NAME}-remote was not found"
             exit 87354
         fi
     fi
-    ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$FRIENDS_SERVERS_LIST" -m "$MINIMUM_PASSWORD_LENGTH" -r yes; then
         echo $'Command failed:'
         echo ''
         echo $"  ${PROJECT_NAME}-remote -u $MY_USERNAME -l $FRIENDS_SERVERS_LIST -m $MINIMUM_PASSWORD_LENGTH -r yes"
@@ -49,8 +48,8 @@ function interactive_configuration_remote_backups {
 }
 
 function interactive_configuration {
-    if [ ! -f /usr/local/bin/${PROJECT_NAME}-config ]; then
-        if [ ! -f /usr/bin/${PROJECT_NAME}-config ]; then
+    if [ ! -f "/usr/local/bin/${PROJECT_NAME}-config" ]; then
+        if [ ! -f "/usr/bin/${PROJECT_NAME}-config" ]; then
             echo $"The command ${PROJECT_NAME}-config was not found"
             exit 63935
         fi
@@ -59,32 +58,32 @@ function interactive_configuration {
         rm -f /tmp/meshuserdevice
     fi
 
-    if [ $SOCIALINSTANCE ]; then
-        ${PROJECT_NAME}-config \
-                       -f $CONFIGURATION_FILE \
-                       -w $PROJECT_WEBSITE \
-                       -m $MINIMUM_PASSWORD_LENGTH \
+    if [ "$SOCIALINSTANCE" ]; then
+        "${PROJECT_NAME}-config" \
+                       -f "$CONFIGURATION_FILE" \
+                       -w "$PROJECT_WEBSITE" \
+                       -m "$MINIMUM_PASSWORD_LENGTH" \
                        --minimal "yes" \
-                       --social $SOCIALINSTANCE
+                       --social "$SOCIALINSTANCE"
     else
         if [[ $ONION_ONLY == "no" ]]; then
             if [[ $MINIMAL_INSTALL == "no" ]]; then
-                ${PROJECT_NAME}-config \
-                               -f $CONFIGURATION_FILE \
-                               -w $PROJECT_WEBSITE \
-                               -m $MINIMUM_PASSWORD_LENGTH
+                "${PROJECT_NAME}-config" \
+                               -f "$CONFIGURATION_FILE" \
+                               -w "$PROJECT_WEBSITE" \
+                               -m "$MINIMUM_PASSWORD_LENGTH"
             else
-                ${PROJECT_NAME}-config \
-                               -f $CONFIGURATION_FILE \
-                               -w $PROJECT_WEBSITE \
-                               -m $MINIMUM_PASSWORD_LENGTH \
+                "${PROJECT_NAME}-config" \
+                               -f "$CONFIGURATION_FILE" \
+                               -w "$PROJECT_WEBSITE" \
+                               -m "$MINIMUM_PASSWORD_LENGTH" \
                                --minimal "yes"
             fi
         else
-            ${PROJECT_NAME}-config \
-                           -f $CONFIGURATION_FILE \
-                           -w $PROJECT_WEBSITE \
-                           -m $MINIMUM_PASSWORD_LENGTH \
+            "${PROJECT_NAME}-config" \
+                           -f "$CONFIGURATION_FILE" \
+                           -w "$PROJECT_WEBSITE" \
+                           -m "$MINIMUM_PASSWORD_LENGTH" \
                            --onion "yes"
         fi
     fi
@@ -93,6 +92,7 @@ function interactive_configuration {
         rm -f /tmp/meshuserdevice
         exit 0
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         echo $'Command failed:'
         echo ''
@@ -107,7 +107,7 @@ function interactive_configuration {
         dialog --title $"Encrypted backup to other servers" \
                --backtitle $"${PROJECT_NAME} Configuration" \
                --defaultno \
-               --yesno $"\nDo you wish to configure some remote backup locations?" 7 60
+               --yesno $"\\nDo you wish to configure some remote backup locations?" 7 60
         sel=$?
         case $sel in
             0) interactive_configuration_remote_backups;;
@@ -121,53 +121,55 @@ function interactive_site_details {
 
     SITE_BACKTITLE=$"Freedombone Configuration"
     SITE_CONFIG_TITLE=$"${site_name^} Configuration"
-    SITE_FORM_TEXT=$"\nPlease enter your ${site_name^} details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:"
+    SITE_FORM_TEXT=$"\\nPlease enter your ${site_name^} details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:"
     SITE_DOMAIN_NAME=
     SITE_CODE=
     SITE_DETAILS_COMPLETE=
     while [ ! $SITE_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
             dialog --backtitle "$SITE_BACKTITLE" \
                    --title "$SITE_CONFIG_TITLE" \
                    --form "$SITE_FORM_TEXT" 14 55 3 \
-                   $"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
-                   $"Code:" 2 1 "$(grep '${site_name_upper}_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \
-                   2> $data
+                   $"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
+                   $"Code:" 2 1 "$(grep "${site_name_upper}_CODE" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 255 \
+                   2> "$data"
         else
             dialog --backtitle "$SITE_BACKTITLE" \
                    --title "$SITE_CONFIG_TITLE" \
                    --form "$SITE_FORM_TEXT" 11 55 3 \
-                   $"Domain:" 1 1 "$(grep '${site_name_upper}_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
-                   2> $data
+                   $"Domain:" 1 1 "$(grep "${site_name_upper}_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
+                   2> "$data"
         fi
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        SITE_DOMAIN_NAME=$(cat $data | sed -n 1p)
-        if [ $SITE_DOMAIN_NAME ]; then
+        SITE_DOMAIN_NAME=$(sed -n 1p < "$data")
+        if [ "$SITE_DOMAIN_NAME" ]; then
             TEST_DOMAIN_NAME=$SITE_DOMAIN_NAME
             validate_domain_name
-            if [[ $TEST_DOMAIN_NAME != $SITE_DOMAIN_NAME ]]; then
+            if [[ "$TEST_DOMAIN_NAME" != "$SITE_DOMAIN_NAME" ]]; then
                 SITE_DOMAIN_NAME=
                 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
             else
-                if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                    SITE_CODE=$(cat $data | sed -n 2p)
+                if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then
+                    SITE_CODE=$(sed -n 2p < "$data")
                     validate_freedns_code "$SITE_CODE"
-                    if [ ! $VALID_CODE ]; then
+                    if [ ! "$VALID_CODE" ]; then
                         SITE_DOMAIN_NAME=
                     fi
                 fi
             fi
         fi
-        if [ $SITE_DOMAIN_NAME ]; then
+        if [ "$SITE_DOMAIN_NAME" ]; then
             SITE_DETAILS_COMPLETE="yes"
         fi
+        rm -f "$data"
     done
 
     # save the results in the config file
@@ -192,31 +194,31 @@ function interactive_site_details_with_title {
     SITE_DETAILS_COMPLETE=
     while [ ! $SITE_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title "$SITE_BACKTITLE" \
                        --form "$SITE_FORM_TEXT" 14 55 4 \
-                       $"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
-                       $"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
-                       $"Code:" 3 1 "$(grep '$SITE_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \
-                       2> $data
+                       $"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
+                       $"Code:" 3 1 "$(grep "$SITE_CODE" temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \
+                       2> "$data"
         else
             dialog --backtitle "$SITE_BACKTITLE" \
                    --title "$SITE_CONFIG_TITLE" \
                    --form "$SITE_FORM_TEXT" 11 55 3 \
-                   $"Title:" 1 1 "$(grep '$SITE_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
-                   $"Domain:" 2 1 "$(grep '$SITE_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
-                   2> $data
+                   $"Title:" 1 1 "$(grep "$SITE_TITLE" temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \
+                   $"Domain:" 2 1 "$(grep "$SITE_DOMAIN_NAME" temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \
+                   2> "$data"
         fi
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        SITE_TITLE=$(cat $data | sed -n 1p)
-        SITE_DOMAIN_NAME=$(cat $data | sed -n 2p)
+        SITE_TITLE=$(sed -n 1p < "$data")
+        SITE_DOMAIN_NAME=$(sed -n 2p < "$data")
         site_domain_name_str="$SITE_DOMAIN_NAME"
         if [ ${#site_domain_name_str} -gt 1 ]; then
             TEST_DOMAIN_NAME="$SITE_DOMAIN_NAME"
@@ -225,10 +227,10 @@ function interactive_site_details_with_title {
                 SITE_DOMAIN_NAME=
                 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
             else
-                if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                    SITE_CODE=$(cat $data | sed -n 3p)
+                if [[ "$DDNS_PROVIDER" == "default@freedns.afraid.org" ]]; then
+                    SITE_CODE=$(sed -n 3p < "$data")
                     validate_freedns_code "${SITE_CODE}"
-                    if [ ! $VALID_CODE ]; then
+                    if [ ! "$VALID_CODE" ]; then
                         SITE_DOMAIN_NAME=
                     fi
                 fi
@@ -240,6 +242,7 @@ function interactive_site_details_with_title {
                 SITE_DETAILS_COMPLETE="yes"
             fi
         fi
+        rm -f "$data"
     done
 
     # save the results in the config file
diff --git a/src/freedombone-utils-keys b/src/freedombone-utils-keys
index 42201cb4..9bd19f21 100755
--- a/src/freedombone-utils-keys
+++ b/src/freedombone-utils-keys
@@ -41,137 +41,137 @@ function interactive_gpg_from_usb {
     do
         detect_usb_drive
 
-        if [ ! -b $USB_DRIVE ]; then
+        if [ ! -b "$USB_DRIVE" ]; then
             if (( GPG_CTR > 0 )); then
-                gpg_reconstruct_key $MY_USERNAME interactive
-                gpg_update_mutt $MY_USERNAME
+                gpg_reconstruct_key "$MY_USERNAME" interactive
+                gpg_update_mutt "$MY_USERNAME"
                 return 0
             fi
             dialog --title $"Recover Encryption Keys" --msgbox $'No USB drive found' 6 30
             exit 739836
         fi
 
-        backup_mount_drive ${USB_DRIVE} ${MY_USERNAME}
+        backup_mount_drive "${USB_DRIVE}" "${MY_USERNAME}"
 
-        if [ ! -d $USB_MOUNT ]; then
+        if [ ! -d "$USB_MOUNT" ]; then
             if (( GPG_CTR > 0 )); then
-                backup_unmount_drive ${USB_DRIVE}
-                gpg_reconstruct_key $MY_USERNAME interactive
+                backup_unmount_drive "${USB_DRIVE}"
+                gpg_reconstruct_key "$MY_USERNAME" interactive
                 return 0
             fi
             dialog --title $"Recover Encryption Keys" \
                    --msgbox $"There was a problem mounting the USB drive $USB_DRIVE to $USB_MOUNT" 6 70
-            backup_unmount_drive ${USB_DRIVE}
+            backup_unmount_drive "${USB_DRIVE}"
             exit 74393
         fi
 
-        if [ ! -d $USB_MOUNT/.gnupg ]; then
-            if [ ! -d $USB_MOUNT/.gnupg_fragments ]; then
+        if [ ! -d "$USB_MOUNT/.gnupg" ]; then
+            if [ ! -d "$USB_MOUNT/.gnupg_fragments" ]; then
                 if (( GPG_CTR > 0 )); then
-                    backup_unmount_drive ${USB_DRIVE}
-                    gpg_reconstruct_key $MY_USERNAME interactive
-                    gpg_update_mutt $MY_USERNAME
+                    backup_unmount_drive "${USB_DRIVE}"
+                    gpg_reconstruct_key "$MY_USERNAME" interactive
+                    gpg_update_mutt "$MY_USERNAME"
                     return 0
                 fi
                 dialog --title $"Recover Encryption Keys" \
                        --msgbox $"The directory $USB_MOUNT/.gnupg or $USB_MOUNT/.gnupg_fragments was not found" 6 70
-                backup_unmount_drive ${USB_DRIVE}
+                backup_unmount_drive "${USB_DRIVE}"
                 exit 723814
             fi
         fi
 
-        if [ -d $USB_MOUNT/letsencrypt ]; then
+        if [ -d "$USB_MOUNT/letsencrypt" ]; then
             if [ ! -d /etc/letsencrypt ]; then
                 mkdir /etc/letsencrypt
             fi
             echo $'Recovering LetsEncrypt keys'
-            cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt
+            cp -r "$USB_MOUNT/letsencrypt/*" /etc/letsencrypt
             addgroup ssl-cert
             chown -R root:ssl-cert /etc/letsencrypt
         fi
 
-        if [ -f $USB_MOUNT/.mastergpgkey ]; then
+        if [ -f "$USB_MOUNT/.mastergpgkey" ]; then
             # Recovering keys from file rather than just copying the gnupg
             # directory may help to avoid problems during upgrades/reinstalls
-            if [ ! -f $USB_MOUNT/.backupgpgkey ]; then
+            if [ ! -f "$USB_MOUNT/.backupgpgkey" ]; then
                 echo $'No backup key file found on USB drive'
                 exit 725729
             fi
             CURR_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-            CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $CURR_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
-            CURR_GPG_BACKUP_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
+            CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$CURR_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
+            CURR_GPG_BACKUP_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
 
             # If the default key is specified within gpg.conf
-            if [ -f $HOME_DIR/gpg.conf ]; then
-                if grep -q "default-key" $HOME_DIR/gpg.conf; then
-                    default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key")
+            if [ -f "$HOME_DIR/gpg.conf" ]; then
+                if grep -q "default-key" "$HOME_DIR/gpg.conf"; then
+                    default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf")
                     if [[ "$default_gpg_key" != *'#'* ]]; then
-                        default_gpg_key=$(cat $HOME_DIR/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+                        default_gpg_key=$(grep "default-key" "$HOME_DIR/gpg.conf" | awk -F ' ' '{print $2}')
                         if [ ${#default_gpg_key} -gt 3 ]; then
-                            CURR_GPG_ID=$(gpg --homedir=$HOME_DIR/.gnupg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
+                            CURR_GPG_ID=$(gpg --homedir="$HOME_DIR/.gnupg" --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
                         fi
                     fi
                 fi
             fi
 
             echo $'Making backup copy of existing gpg keys'
-            if [ -d $HOME_DIR/.gnupg ]; then
-                if [ -d $HOME_DIR/.gnupg_old ]; then
-                    rm -rf $HOME_DIR/.gnupg_old
+            if [ -d "$HOME_DIR/.gnupg" ]; then
+                if [ -d "$HOME_DIR/.gnupg_old" ]; then
+                    rm -rf "$HOME_DIR/.gnupg_old"
                 fi
-                cp -r $HOME_DIR/.gnupg $HOME_DIR/.gnupg_old
-                chmod 700 $HOME_DIR/.gnupg_old
-                chmod -R 600 $HOME_DIR/.gnupg_old/*
-                chown -R $MY_USERNAME:$MY_USERNAME $HOME_DIR/.gnupg_old
+                cp -r "$HOME_DIR/.gnupg $HOME_DIR/.gnupg_old"
+                chmod 700 "$HOME_DIR/.gnupg_old"
+                chmod -R 600 "$HOME_DIR/.gnupg_old/*"
+                chown -R "$MY_USERNAME":"$MY_USERNAME" "$HOME_DIR/.gnupg_old"
             fi
             echo $'Removing old gpg keys'
-            gpg_delete_key $MY_USERNAME $CURR_GPG_BACKUP_ID
-            gpg_delete_key $MY_USERNAME $CURR_GPG_ID
+            gpg_delete_key "$MY_USERNAME" "$CURR_GPG_BACKUP_ID"
+            gpg_delete_key "$MY_USERNAME" "$CURR_GPG_ID"
             echo $'Importing master keys'
-            gpg --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.mastergpgkey
-            echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=$HOME_DIR/.gnupg --allow-secret-key-import --import $USB_MOUNT/.backupgpgkey
-            if [ -d $HOME_DIR/.gnupg ]; then
+            gpg --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.mastergpgkey"
+            echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="$HOME_DIR/.gnupg" --allow-secret-key-import --import "$USB_MOUNT/.backupgpgkey"
+            if [ -d "$HOME_DIR/.gnupg" ]; then
                 echo $'Setting permissions'
-                gpg_set_permissions $MY_USERNAME
+                gpg_set_permissions "$MY_USERNAME"
                 echo $"Updating muttrc for $MY_USERNAME"
-                gpg_update_mutt $MY_USERNAME
+                gpg_update_mutt "$MY_USERNAME"
             fi
             GPG_LOADING="no"
             dialog --title $"Recover Encryption Keys" \
                    --msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70
         else
-            if [ -d $USB_MOUNT/.gnupg ]; then
-                if [ ! -d $HOME_DIR/.gnupg ]; then
-                    mkdir $HOME_DIR/.gnupg
+            if [ -d "$USB_MOUNT/.gnupg" ]; then
+                if [ ! -d "$HOME_DIR/.gnupg" ]; then
+                    mkdir "$HOME_DIR/.gnupg"
                 fi
                 echo $'Recovering GPG keys'
-                cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
+                cp -r "$USB_MOUNT/.gnupg/*" "$HOME_DIR/.gnupg"
                 GPG_LOADING="no"
                 dialog --title $"Recover Encryption Keys" \
                        --msgbox $"GPG Keyring directory loaded to $HOME_DIR" 6 70
             else
                 # Collect fragments from the USB drive
-                if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
-                    mkdir $HOME_DIR/.gnupg_fragments
+                if [ ! -d "$HOME_DIR/.gnupg_fragments" ]; then
+                    mkdir "$HOME_DIR/.gnupg_fragments"
                 fi
-                cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
+                cp -r "$USB_MOUNT/.gnupg_fragments/*" "$HOME_DIR/.gnupg_fragments"
             fi
         fi
 
-        if [[ $SSH_IMPORTED == "no" ]]; then
-            if [ -d $USB_MOUNT/.ssh ]; then
-                if [ ! -d $HOME_DIR/.ssh ]; then
-                    mkdir $HOME_DIR/.ssh
+        if [[ "$SSH_IMPORTED" == "no" ]]; then
+            if [ -d "$USB_MOUNT/.ssh" ]; then
+                if [ ! -d "$HOME_DIR/.ssh" ]; then
+                    mkdir "$HOME_DIR/.ssh"
                 fi
-                cp $USB_MOUNT/.ssh/* $HOME_DIR/.ssh
+                cp "$USB_MOUNT/.ssh/*" "$HOME_DIR/.ssh"
                 dialog --title $"Recover Encryption Keys" \
                        --msgbox $"ssh keys imported" 6 70
                 SSH_IMPORTED="yes"
             fi
         fi
 
-        if [ -d $USB_MOUNT ]; then
-            backup_unmount_drive ${USB_DRIVE}
+        if [ -d "$USB_MOUNT" ]; then
+            backup_unmount_drive "${USB_DRIVE}"
         fi
         if [[ $GPG_LOADING == "yes" ]]; then
             dialog --title $"Recover Encryption Keys" \
@@ -185,15 +185,15 @@ function interactive_gpg_from_remote {
     REMOTE_SERVERS_LIST=/home/$MY_USERNAME/keyshareservers.txt
 
     # get a list of remote servers
-    ${PROJECT_NAME}-remote -u $MY_USERNAME -l $REMOTE_SERVERS_LIST -t "Remote server"
+    "${PROJECT_NAME}-remote" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST" -t "Remote server"
 
-    if [ ! -f $REMOTE_SERVERS_LIST ]; then
+    if [ ! -f "$REMOTE_SERVERS_LIST" ]; then
         dialog --title $"Encryption Keys Recovery" --msgbox $'Error obtaining server list' 6 70
         return 1
     fi
 
     # check the number of entries in the file
-    no_of_servers=$(cat $REMOTE_SERVERS_LIST | wc -l)
+    no_of_servers=$(wc -l < "$REMOTE_SERVERS_LIST")
     if (( no_of_servers < 3 )); then
         dialog --title $"Encryption Keys Recovery" \
                --msgbox $'There must be at least three servers to recover the key' 6 70
@@ -201,8 +201,7 @@ function interactive_gpg_from_remote {
     fi
 
     # try to recover the key from the servers
-    ${PROJECT_NAME}-recoverkey -u $MY_USERNAME -l $REMOTE_SERVERS_LIST
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME" -l "$REMOTE_SERVERS_LIST"; then
         dialog --title $"Encryption Keys Recovery" --msgbox $'Your key could not be recovered' 6 70
         return 3
     fi
@@ -217,36 +216,36 @@ function interactive_gpg {
     while [[ $GPG_CONFIGURED != "yes" ]]
     do
         GPG_CONFIGURED="yes"
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
                --radiolist $"GPG/PGP keys for your system:" 13 70 3 \
                1 $"Generate new keys (new user)" on \
                2 $"Import keys from USB drive/s" off \
-               3 $"Retrieve keys from friends servers" off 2> $data
+               3 $"Retrieve keys from friends servers" off 2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 2;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 2;;
         esac
-        case $(cat $data) in
-            1) if [ -d /home/${MY_USERNAME}/.gnupg ]; then
-                   rm -rf /home/${MY_USERNAME}/.gnupg
+        case $(cat "$data") in
+            1) if [ -d "/home/${MY_USERNAME}/.gnupg" ]; then
+                   rm -rf "/home/${MY_USERNAME}/.gnupg"
                fi
                break;;
             2) interactive_gpg_from_usb
                break;;
-            3) interactive_gpg_from_remote
-               if [ ! "$?" = "0" ]; then
+            3) if ! interactive_gpg_from_remote; then
                    GPG_CONFIGURED="no"
                fi;;
         esac
+        rm -f "$data"
     done
 }
 
 function interactive_key_recovery {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
 
     dialog --title $"Encryption Keys Recovery" \
            --backtitle $"Freedombone Configuration" \
@@ -254,14 +253,16 @@ function interactive_key_recovery {
            --yesno $"Do you wish to recover your previous encryption keys from a USB master keydrive?" 7 60
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
     clear
     apt-get -yq install cryptsetup
-    ${PROJECT_NAME}-recoverkey -u $MY_USERNAME
-    if [ -d /home/$MY_USERNAME/.gnupg ]; then
-        cp -rf /home/$MY_USERNAME/.gnupg /root
+    "${PROJECT_NAME}-recoverkey" -u "$MY_USERNAME"
+    if [ -d "/home/$MY_USERNAME/.gnupg" ]; then
+        cp -rf "/home/$MY_USERNAME/.gnupg" /root
         chmod 700 /root/.gnupg
         chmod 600 /root/.gnupg/*
         printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr
@@ -269,6 +270,7 @@ function interactive_key_recovery {
             chmod +x /root/.gnupg/crls.d
         fi
     fi
+    rm -f "$data"
 }
 
 function set_password_for_all_users {
@@ -278,7 +280,7 @@ function set_password_for_all_users {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            ${PROJECT_NAME}-pass -u "${USERNAME}" -a "${app_name}" -p "${change_password}"
+            "${PROJECT_NAME}-pass" -u "${USERNAME}" -a "${app_name}" -p "${change_password}"
         fi
     done
 }
diff --git a/src/freedombone-utils-login b/src/freedombone-utils-login
index 32cf290a..397c7f1a 100755
--- a/src/freedombone-utils-login
+++ b/src/freedombone-utils-login
@@ -38,14 +38,13 @@ function change_login_message {
         rm -f /etc/init.d/motd
     fi
 
-    echo '' > /etc/motd
-    echo ".---.                  .              .                   " >> /etc/motd
-    echo "|                      |              |                   " >> /etc/motd
-    echo "|--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-. " >> /etc/motd
-    echo "|    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-' " >> /etc/motd
-    echo "'    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'" >> /etc/motd
-    echo $'                  Freedom in the Cloud' >> /etc/motd
-    echo '' >> /etc/motd
+    { echo ".---.                  .              .                   ";
+      echo "|                      |              |                   ";
+      echo "|--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-. ";
+      echo "|    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-' ";
+      echo "'    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'";
+      echo $'                  Freedom in the Cloud';
+      echo ''; } > /etc/motd
     mark_completed "${FUNCNAME[0]}"
 }
 
diff --git a/src/freedombone-utils-mesh b/src/freedombone-utils-mesh
index 84742a41..6b1ddcc9 100755
--- a/src/freedombone-utils-mesh
+++ b/src/freedombone-utils-mesh
@@ -35,11 +35,11 @@ MESH_DEFAULT_PROTOCOL=/root/.mesh_protocol_default
 function mesh_generate_ipv6_address {
     network=fd66:66:66
 
-    if [ $1 ]; then
-        search_ipv6=$(ifconfig $1 | grep $network)
-        if [ $search_ipv6 ]; then
-            result=$(ifconfig $1 | grep $network | awk -F ' ' '{print $2}')
-            ip -6 addr add ${result}/128 dev $1
+    if [ "$1" ]; then
+        search_ipv6=$(ifconfig "$1" | grep "$network")
+        if [ "$search_ipv6" ]; then
+            result=$(ifconfig "$1" | grep "$network" | awk -F ' ' '{print $2}')
+            ip -6 addr add "${result}/128" dev "$1"
             return
         fi
     fi
@@ -51,7 +51,7 @@ function mesh_generate_ipv6_address {
     d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}
     e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}
     result=$network:$a:$b:$c:$d:$e
-    ip -6 addr add ${result}/128 dev $1
+    ip -6 addr add "${result}/128" dev "$1"
 }
 
 function mesh_protocol_init {
@@ -67,21 +67,21 @@ function mesh_protocol_init {
 
     # Mesh definition
     WIFI_SSID='mesh'
-    if [ -f $COMPLETION_FILE ]; then
-        if grep -q "WIFI_SSID:" $COMPLETION_FILE; then
-            WIFI_SSID=$(cat $COMPLETION_FILE | grep "WIFI_SSID:" | awk -F ':' '{print $2}')
+    if [ -f "$COMPLETION_FILE" ]; then
+        if grep -q "WIFI_SSID:" "$COMPLETION_FILE"; then
+            WIFI_SSID=$(grep "WIFI_SSID:" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
         fi
-        sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" $COMPLETION_FILE
+        sed -i "s|WIFI_SSID:.*|WIFI_SSID:${WIFI_SSID}|g" "$COMPLETION_FILE"
     fi
     CELLID='any'
 
     CHANNEL=2
     HOTSPOT_CHANNEL=6
-    if [ -f $COMPLETION_FILE ]; then
-        if grep -q "Wifi channel:" $COMPLETION_FILE; then
-            CHANNEL=$(cat $COMPLETION_FILE | grep "Wifi channel:" | awk -F ':' '{print $2}')
+    if [ -f "$COMPLETION_FILE" ]; then
+        if grep -q "Wifi channel:" "$COMPLETION_FILE"; then
+            CHANNEL=$(grep "Wifi channel:" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
         fi
-        sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" $COMPLETION_FILE
+        sed -i "s|Wifi channel:.*|Wifi channel:${CHANNEL}|g" "$COMPLETION_FILE"
     fi
 
     ZERONET_PORT=15441
@@ -101,18 +101,18 @@ function mesh_protocol_init {
     EIFACE=eth0
     WLAN_ADAPTORS=$(count_wlan)
 
-    if [ $WLAN_ADAPTORS -eq 0 ]; then
+    if [ "$WLAN_ADAPTORS" -eq 0 ]; then
         echo $'No wlan adaptors found'
         exit 0
     fi
 }
 
 function get_ipv6_wlan {
-    echo $(ifconfig ${IFACE} | grep inet6 | awk -F ' ' '{print $2}')
+    ifconfig "${IFACE}" | grep inet6 | awk -F ' ' '{print $2}'
 }
 
 function mesh_hotspot_ip_address {
-    echo $(ifconfig ${BRIDGE} | grep inet6 | awk -F ' ' '{print $2}')
+    ifconfig "${BRIDGE}" | grep inet6 | awk -F ' ' '{print $2}'
 }
 
 function global_rate_limit {
@@ -129,7 +129,7 @@ function global_rate_limit {
 function assign_peer_address {
     for i in {1..6}; do
         number=$RANDOM
-        let "number %= 255"
+        (( "number %= 255" ))
         octet=$(echo "obase=16;$number" | bc)
         if [ ${#octet} -lt 2 ]; then
             octet="0${octet}"
@@ -142,7 +142,7 @@ function assign_peer_address {
 }
 
 function mesh_create_app_downloads_page {
-    if [ ! -d /root/$PROJECT_NAME/image_build/mesh_apps ]; then
+    if [ ! -d "/root/$PROJECT_NAME/image_build/mesh_apps" ]; then
         return
     fi
     if [ ! -d /var/www/html ]; then
@@ -163,27 +163,27 @@ function mesh_create_app_downloads_page {
         mv /home/fbone/Desktop/cryptpad.desktop /home/fbone/.cryptpad.desktop
     fi
 
-    cp /root/$PROJECT_NAME/website/EN/meshindex.html /var/www/html/index.html
+    cp "/root/$PROJECT_NAME/website/EN/meshindex.html" /var/www/html/index.html
     if [ ! -f /var/www/html/ssb.apk ]; then
-        cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk
+        cp "/root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk" /var/www/html/ssb.apk
     fi
     if [ ! -f /var/www/html/trifa.apk ]; then
-        cp /root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk /var/www/html/trifa.apk
+        cp "/root/$PROJECT_NAME/image_build/mesh_apps/trifa.apk" /var/www/html/trifa.apk
     fi
     if [ ! -d /var/www/html/images ]; then
         mkdir /var/www/html/images
     fi
     if [ ! -f /var/www/html/images/logo.png ]; then
-        cp /root/$PROJECT_NAME/img/logo.png /var/www/html/images/logo.png
+        cp "/root/$PROJECT_NAME/img/logo.png" /var/www/html/images/logo.png
     fi
     if [ ! -f /var/www/html/images/ssb.png ]; then
-        cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png
+        cp "/root/$PROJECT_NAME/img/icon_patchwork.png" /var/www/html/images/ssb.png
     fi
     if [ ! -f /var/www/html/images/trifa.png ]; then
-        cp /root/$PROJECT_NAME/img/trifa.png /var/www/html/images/trifa.png
+        cp "/root/$PROJECT_NAME/img/trifa.png" /var/www/html/images/trifa.png
     fi
     if [ ! -f /var/www/html/freedombone.css ]; then
-        cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css
+        cp "/root/$PROJECT_NAME/website/freedombone.css" /var/www/html/freedombone.css
     fi
     chown -R www-data:www-data /var/www/html/*
 }
@@ -191,8 +191,8 @@ function mesh_create_app_downloads_page {
 function enable_mesh_firewall {
     iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
     iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
-    iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
-    iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
+    iptables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
     iptables -A INPUT -p udp --dport 6240 -j ACCEPT
     iptables -A INPUT -p tcp --dport 6240 -j ACCEPT
     iptables -A INPUT -p tcp --dport 80 -j ACCEPT
@@ -203,16 +203,16 @@ function enable_mesh_firewall {
     iptables -A INPUT -p udp --dport 5353 -j ACCEPT
     iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
     iptables -A INPUT -p udp --dport 5354 -j ACCEPT
-    iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
-    iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
-    iptables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
-    iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
-    iptables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
+    iptables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
+    iptables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    iptables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
     # SSB/Scuttlebot/Patchwork
-    iptables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
+    iptables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
     iptables -A INPUT -p udp --dport 8008 -j ACCEPT
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
@@ -227,8 +227,8 @@ function enable_mesh_firewall {
 
     ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
     ip6tables -A OUTPUT -p ipv6-icmp -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
-    ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
+    ip6tables -A INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
     ip6tables -A INPUT -p udp --dport 6240 -j ACCEPT
     ip6tables -A INPUT -p tcp --dport 6240 -j ACCEPT
     ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
@@ -239,16 +239,16 @@ function enable_mesh_firewall {
     ip6tables -A INPUT -p udp --dport 5353 -j ACCEPT
     ip6tables -A INPUT -p tcp --dport 5354 -j ACCEPT
     ip6tables -A INPUT -p udp --dport 5354 -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
-    ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
-    ip6tables -A INPUT -p udp --dport $TOX_PORT -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
-    ip6tables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
-    ip6tables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
+    ip6tables -A INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
+    ip6tables -A INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    ip6tables -A INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
     # SSB/Scuttlebot/Patchwork
-    ip6tables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
+    ip6tables -A INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
     ip6tables -A INPUT -p udp --dport 8008 -j ACCEPT
     ip6tables -A INPUT -p tcp --dport 8008 -j ACCEPT
     ip6tables -A INPUT -p udp --dport 8010 -j ACCEPT
@@ -266,12 +266,12 @@ function enable_mesh_firewall {
     # to discover local peers
     iptables -A INPUT -p tcp --dport 653 -j ACCEPT
     iptables -A INPUT -p udp --dport 653 -j ACCEPT
-    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
+    iptables -A INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -A INPUT -i tun+ -j ACCEPT
     iptables -A FORWARD -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
+    iptables -A FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -A FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE
     iptables -A OUTPUT -o tun+ -j ACCEPT
     echo 1 > /proc/sys/net/ipv4/ip_forward
     sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
@@ -280,8 +280,8 @@ function enable_mesh_firewall {
 }
 
 function disable_mesh_firewall {
-    iptables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
     iptables -D INPUT -p udp --dport 6240 -j ACCEPT
     iptables -D INPUT -p tcp --dport 6240 -j ACCEPT
     iptables -D INPUT -p tcp --dport 80 -j ACCEPT
@@ -292,17 +292,17 @@ function disable_mesh_firewall {
     iptables -D INPUT -p udp --dport 5353 -j ACCEPT
     iptables -D INPUT -p tcp --dport 5354 -j ACCEPT
     iptables -D INPUT -p udp --dport 5354 -j ACCEPT
-    iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
-    iptables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
-    iptables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    iptables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
     # SSB/Scuttlebot/Patchwork
-    iptables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
+    iptables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
     iptables -D INPUT -p udp --dport 8008 -j ACCEPT
     iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -D INPUT -p udp --dport 8010 -j ACCEPT
@@ -315,8 +315,8 @@ function disable_mesh_firewall {
     ip6tables -D INPUT -p udp --dport 6696 -j ACCEPT
 
 
-    ip6tables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$TRACKER_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$TRACKER_PORT" -j ACCEPT
     ip6tables -D INPUT -p udp --dport 6240 -j ACCEPT
     ip6tables -D INPUT -p tcp --dport 6240 -j ACCEPT
     ip6tables -D INPUT -p tcp --dport 80 -j ACCEPT
@@ -327,17 +327,17 @@ function disable_mesh_firewall {
     ip6tables -D INPUT -p udp --dport 5353 -j ACCEPT
     ip6tables -D INPUT -p tcp --dport 5354 -j ACCEPT
     ip6tables -D INPUT -p udp --dport 5354 -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $IPFS_PORT -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $TOX_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $TOX_PORT -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
-    ip6tables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
-    ip6tables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$ZERONET_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$ZERONET_PORT" -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$IPFS_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$IPFS_PORT" -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$TOX_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$TOX_PORT" -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    ip6tables -D INPUT -p udp --dport "$LIBREVAULT_PORT" -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$TAHOELAFS_PORT" -j ACCEPT
     # SSB/Scuttlebot/Patchwork
-    ip6tables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
+    ip6tables -D INPUT -p tcp --dport "$GIT_SSB_PORT" -j ACCEPT
     ip6tables -D INPUT -p udp --dport 8008 -j ACCEPT
     ip6tables -D INPUT -p tcp --dport 8008 -j ACCEPT
     ip6tables -D INPUT -p udp --dport 8010 -j ACCEPT
@@ -352,12 +352,12 @@ function disable_mesh_firewall {
     # vpn over the internet
     iptables -D INPUT -p tcp --dport 653 -j ACCEPT
     iptables -D INPUT -p udp --dport 653 -j ACCEPT
-    iptables -D INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
+    iptables -D INPUT -i "${EIFACE}" -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -D INPUT -i tun+ -j ACCEPT
     iptables -D FORWARD -i tun+ -j ACCEPT
-    iptables -D FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -D FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
+    iptables -D FORWARD -i tun+ -o "${EIFACE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -D FORWARD -i "${EIFACE}" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o "${EIFACE}" -j MASQUERADE
     iptables -D OUTPUT -o tun+ -j ACCEPT
 
     echo 0 > /proc/sys/net/ipv4/ip_forward
@@ -401,25 +401,25 @@ function enable_mesh_tor {
 }
 
 function enable_mesh_seconary_wifi {
-    if [ $secondary_wifi_available ]; then
+    if [ "$secondary_wifi_available" ]; then
         sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
 
         mesh_hotspot_address=$(mesh_hotspot_ip_address)
         if [[ "$mesh_hotspot_address" == *'.'* ]]; then
-            echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
-            echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
-            echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
-            echo "country_code=UK" >> /etc/hostapd/hostapd.conf
-            echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}" >> /etc/hostapd/hostapd.conf
-            echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
-            echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
-            echo 'wpa=2' >> /etc/hostapd/hostapd.conf
-            echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
-            echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
-            echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
-            echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
-            echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
-            echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
+            { echo "interface=${IFACE_SECONDARY}";
+              echo "bridge=${BRIDGE}";
+              echo 'driver=nl80211';
+              echo "country_code=UK";
+              echo "ssid=${WIFI_SSID}-${mesh_hotspot_address}";
+              echo 'hw_mode=g';
+              echo "channel=${HOTSPOT_CHANNEL}";
+              echo 'wpa=2';
+              echo "wpa_passphrase=$HOTSPOT_PASSPHRASE";
+              echo 'wpa_key_mgmt=WPA-PSK';
+              echo 'wpa_pairwise=TKIP';
+              echo 'rsn_pairwise=CCMP';
+              echo 'auth_algs=1';
+              echo 'macaddr_acl=0'; } > /etc/hostapd/hostapd.conf
 
             sed -i "s|#interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
             sed -i "s|interface=.*|interface=${IFACE_SECONDARY}|g" /etc/dnsmasq.conf
@@ -437,7 +437,7 @@ function enable_mesh_seconary_wifi {
         fi
     fi
 
-    if [ ! $secondary_wifi_available ]; then
+    if [ ! "$secondary_wifi_available" ]; then
         systemctl stop hostapd
         systemctl disable hostapd
 
diff --git a/src/freedombone-utils-meteor b/src/freedombone-utils-meteor
index d60d6def..5caa5b50 100755
--- a/src/freedombone-utils-meteor
+++ b/src/freedombone-utils-meteor
@@ -41,14 +41,14 @@ function meteor_cleanUp {
 }
 
 function install_meteor_script {
-    meteor_dir=$1
+    meteor_dir="$1"
 
-    if [ ! $meteor_dir ]; then
+    if [ ! "$meteor_dir" ]; then
         echo $'No meteor install directory specified'
         exit 692025
     fi
 
-    if [ ! -d $meteor_dir ]; then
+    if [ ! -d "$meteor_dir" ]; then
         echo $'Meteor install directory not found'
         exit 845382
     fi
@@ -67,19 +67,19 @@ function install_meteor_script {
 
     DIR_PREFIX="/usr/local"
 
-    TARBALL_URL="$https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz"
+    TARBALL_URL="https://meteorinstall-4168.kxcdn.com/packages-bootstrap/${RELEASE}/meteor-bootstrap-${PLATFORM}.tar.gz"
     INSTALL_TMPDIR="$meteor_dir/.meteor-install-tmp"
     TARBALL_FILE="$meteor_dir/.meteor-tarball-tmp"
 
     # Remove temporary files now in case they exist.
     meteor_cleanUp
 
-    if [ -d $INSTALL_TMPDIR ]; then
-        rm -rf $INSTALL_TMPDIR
+    if [ -d "$INSTALL_TMPDIR" ]; then
+        rm -rf "$INSTALL_TMPDIR"
     fi
     mkdir "$INSTALL_TMPDIR"
 
-    if [ ! -f ${TARBALL_FILE} ]; then
+    if [ ! -f "${TARBALL_FILE}" ]; then
         echo "Downloading Meteor distribution"
         # keep trying to curl the file until it works (resuming where possible)
         MAX_ATTEMPTS=10
@@ -90,11 +90,8 @@ function install_meteor_script {
         do
             ATTEMPTS=$((ATTEMPTS + 1))
 
-            curl --progress-bar --fail --continue-at - \
-                 "$TARBALL_URL" --output "$TARBALL_FILE"
-
-            if [ $? -eq 0 ]
-            then
+            if curl --progress-bar --fail --continue-at - \
+                    "$TARBALL_URL" --output "$TARBALL_FILE"; then
                 break
             fi
 
@@ -103,14 +100,14 @@ function install_meteor_script {
         done
     fi
 
-    if [ ! -f ${TARBALL_FILE} ]; then
+    if [ ! -f "${TARBALL_FILE}" ]; then
         echo $'meteor tarball could not be downloaded'
         exit 7272452
     fi
 
     tar -xzf "$TARBALL_FILE" -C "$INSTALL_TMPDIR" -o
 
-    if [ ! -f ${INSTALL_TMPDIR}/.meteor/meteor ]; then
+    if [ ! -f "${INSTALL_TMPDIR}/.meteor/meteor" ]; then
         echo $'tarball not extracted'
         exit 693252
     fi
@@ -201,10 +198,10 @@ EOF
 
 function install_meteor {
     apt-get -yq install curl
-    if [ ! -d $INSTALL_DIR/meteor ]; then
-        mkdir $INSTALL_DIR/meteor
+    if [ ! -d "$INSTALL_DIR/meteor" ]; then
+        mkdir "$INSTALL_DIR/meteor"
     fi
-    cd $INSTALL_DIR/meteor
+    cd "$INSTALL_DIR/meteor" || exit 72345274
     install_meteor_script
 }
 
diff --git a/src/freedombone-utils-mongodb b/src/freedombone-utils-mongodb
index b19e37b4..255408ee 100755
--- a/src/freedombone-utils-mongodb
+++ b/src/freedombone-utils-mongodb
@@ -35,14 +35,14 @@ MONGODB_APPS_FILE=$HOME/.mongodbapps
 function store_original_mongodb_password {
     if [ ! -f /root/.mongodboriginal ]; then
         echo $'Storing original mongodb password'
-        ORIGINAL_MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
+        ORIGINAL_MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb)
         # We can store this in plaintext because it will soon be of historical interest only
         echo -n "$ORIGINAL_MONGODB_PASSWORD" > /root/.mongodboriginal
     fi
 }
 
 function get_mongodb_password {
-    MONGODB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mongodb)
+    MONGODB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mongodb)
     if [[ "$MONGODB_PASSWORD" == *'failed'* ]]; then
         echo $'Could not obtain mongodb password'
         exit 7835272
@@ -63,14 +63,14 @@ function install_mongodb {
 
     function_check get_mongodb_password
     get_mongodb_password
-    if [ ! $MONGODB_PASSWORD ]; then
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
-            MONGODB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "$MONGODB_PASSWORD" ]; then
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+            MONGODB_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            MONGODB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
+            MONGODB_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    ${PROJECT_NAME}-pass -u root -a mongodb -p "$MONGODB_PASSWORD"
+    "${PROJECT_NAME}-pass" -u root -a mongodb -p "$MONGODB_PASSWORD"
 
     apt-get -yq install mongodb mongo-tools
     apt-get -yq remove --purge apache2-bin*
@@ -84,9 +84,9 @@ function install_mongodb {
         exit 78352
     fi
 
-    if [ $app_name ]; then
-        if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
-           echo "$app_name" >> $MONGODB_APPS_FILE
+    if [ "$app_name" ]; then
+        if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then
+           echo "$app_name" >> "$MONGODB_APPS_FILE"
         fi
     fi
 
@@ -96,14 +96,14 @@ function install_mongodb {
 function remove_mongodb {
     app_name=$1
 
-    if [ ! $app_name ]; then
+    if [ ! "$app_name" ]; then
         return
     fi
 
     removemongo=
-    if [ -f $MONGODB_APPS_FILE ]; then
-        sed -i "/$app_name/d" $MONGODB_APPS_FILE
-        if [ ! -s $MONGODB_APPS_FILE ]; then
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        sed -i "/$app_name/d" "$MONGODB_APPS_FILE"
+        if [ ! -s "$MONGODB_APPS_FILE" ]; then
             removemongo=1
         fi
     else
@@ -125,7 +125,7 @@ function remove_mongodb {
         if [ -f /etc/init.d/mongodb ]; then
             rm /etc/init.d/mongodb
         fi
-        sed -i '/install_mongodb/d' $COMPLETION_FILE
+        sed -i '/install_mongodb/d' "$COMPLETION_FILE"
     fi
 }
 
@@ -146,10 +146,10 @@ function drop_database_mongodb {
     if [[ "$database_name" == 'admin' ]]; then
         return
     fi
-    mongo $database_name --eval "db.runCommand( { dropDatabase: 1 } )"
-    if [ $app_name ]; then
-        if grep -q "$app_name" $MONGODB_APPS_FILE; then
-            sed -i "/$app_name/d" $MONGODB_APPS_FILE
+    mongo "$database_name" --eval "db.runCommand( { dropDatabase: 1 } )"
+    if [ "$app_name" ]; then
+        if grep -q "$app_name" "$MONGODB_APPS_FILE"; then
+            sed -i "/$app_name/d" "$MONGODB_APPS_FILE"
         fi
     fi
 }
@@ -157,8 +157,7 @@ function drop_database_mongodb {
 function initialise_database_mongodb {
     database_name=$1
     database_file=$2
-    mongorestore $database_file
-    if [ ! "$?" = "0" ]; then
+    if ! mongorestore "$database_file"; then
         exit 8358365
     fi
 }
@@ -166,11 +165,13 @@ function initialise_database_mongodb {
 function create_database_mongodb {
     app_name="$1"
     app_admin_password="$2"
-    app_admin_username=$3
+    app_admin_username="$3"
     mongo admin --eval "db.createUser({user: '$app_admin_username', pwd: '$app_admin_password', roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ] })"
-    if [ $app_name ]; then
-        if ! grep -q "$app_name" $MONGODB_APPS_FILE; then
-           echo "$app_name" >> $MONGODB_APPS_FILE
+    if [ "$app_name" ]; then
+        if ! grep -q "$app_name" "$MONGODB_APPS_FILE"; then
+           echo "$app_name" >> "$MONGODB_APPS_FILE"
         fi
     fi
 }
+
+# NOTE: deliberately there is no "exit 0"
diff --git a/src/freedombone-utils-monkeysphere b/src/freedombone-utils-monkeysphere
index 1ca49684..d1883571 100755
--- a/src/freedombone-utils-monkeysphere
+++ b/src/freedombone-utils-monkeysphere
@@ -34,22 +34,22 @@ function install_monkeysphere {
     fi
     apt-get -yq install monkeysphere msva-perl
     #su -c "monkeysphere gen-subkey $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
-    mkdir /home/$MY_USERNAME/.monkeysphere
-    chmod 755 /home/$MY_USERNAME/.monkeysphere
-    echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
-    chmod 644 /home/$MY_USERNAME/.monkeysphere/authorized_user_ids
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.monkeysphere
+    mkdir "/home/$MY_USERNAME/.monkeysphere"
+    chmod 755 "/home/$MY_USERNAME/.monkeysphere"
+    echo "$MY_NAME <${MY_EMAIL_ADDRESS}>" > "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids"
+    chmod 644 "/home/$MY_USERNAME/.monkeysphere/authorized_user_ids"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.monkeysphere"
     monkeysphere-authentication update-users
 
     if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
         echo $'monkeysphere import: ssh host key not found'
         exit 76295
     fi
-    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME
+    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$DEFAULT_DOMAIN_NAME"
     SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
-    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
+    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$SSH_ONION_HOSTNAME"
 
-    if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
+    if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$HOSTNAME")
         if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
             echo $"monkeysphere unable to get GPG key ID for user $MY_USERNAME@$HOSTNAME"
@@ -57,8 +57,8 @@ function install_monkeysphere {
         fi
     fi
     # The admin user is the identity certifier
-    fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-    monkeysphere-authentication add-identity-certifier $fpr
+    fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+    monkeysphere-authentication add-identity-certifier "$fpr"
 
     mark_completed "${FUNCNAME[0]}"
 }
diff --git a/src/freedombone-utils-network b/src/freedombone-utils-network
index 7b9a5df4..95d6ba89 100755
--- a/src/freedombone-utils-network
+++ b/src/freedombone-utils-network
@@ -62,11 +62,11 @@ function install_static_network {
     echo '# and how to activate them. For more information, see interfaces(5).' >> /etc/network/interfaces
     echo 'source /etc/network/interfaces.d/*' >> /etc/network/interfaces
 
-    echo 'auto eth0' > /etc/network/interfaces.d/static
-    echo 'iface eth0 inet static' >> /etc/network/interfaces.d/static
-    echo "    address $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/network/interfaces.d/static
-    echo '    netmask 255.255.255.0' >> /etc/network/interfaces.d/static
-    echo "    gateway $ROUTER_IP_ADDRESS" >> /etc/network/interfaces.d/static
+    { echo 'auto eth0';
+      echo 'iface eth0 inet static';
+      echo "    address $LOCAL_NETWORK_STATIC_IP_ADDRESS";
+      echo '    netmask 255.255.255.0';
+      echo "    gateway $ROUTER_IP_ADDRESS"; } > /etc/network/interfaces.d/static
 
     mark_completed "${FUNCNAME[0]}"
 }
@@ -77,23 +77,23 @@ function get_external_ipv4_address {
 
 function get_ipv4_address {
     IPv4dev=$(ip route get $IPV4_ADDRESS_TEST_DESTINATION | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
-    echo $(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
+    ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}'
 }
 
 function get_ipv6_address {
     retval=$(ip -6 route get $IPV6_ADDRESS_TEST_DESTINATION 2> /dev/null)
-    echo $(echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
+    echo "$retval" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }'
 }
 
 function update_external_ip {
     ip_update_script=/usr/bin/externalipupdate
-    echo '#!/bin/bash' >> $ip_update_script
-    echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'" >> $ip_update_script
-    echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')" >> $ip_update_script
-    echo 'if [[ "$curr_ip" != "$existing_ip" ]]; then' >> $ip_update_script
-    echo "  sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE" >> $ip_update_script
-    echo "  echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt" >> $ip_update_script
-    echo 'fi' >> $ip_update_script
+    { echo '#!/bin/bash';
+      echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'";
+      echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')";
+      echo "if [[ \"\$curr_ip\" != \"\$existing_ip\" ]]; then";
+      echo "  sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE";
+      echo "  echo \"\$(date)\" >> ~/${PROJECT_NAME}-external-ip-changes.txt";
+      echo 'fi'; } > $ip_update_script
 
     cron_add_mins 10 $ip_update_script
 }

From 5479d49dc9fc604d9b915520e8e9761aa62cb133 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 27 Feb 2018 14:11:56 +0000
Subject: [PATCH 17/67] More tidying

---
 src/freedombone-app-etherpad  | 463 ++++++++++++++--------------
 src/freedombone-app-fedwiki   | 241 ++++++++-------
 src/freedombone-app-friendica | 498 +++++++++++++++---------------
 src/freedombone-app-ghost     | 380 +++++++++++------------
 src/freedombone-app-gnusocial | 564 +++++++++++++++++-----------------
 src/freedombone-app-gogs      | 435 +++++++++++++-------------
 src/freedombone-app-htmly     | 545 ++++++++++++++++----------------
 src/freedombone-app-hubzilla  | 510 +++++++++++++++---------------
 src/freedombone-app-icecast   | 436 +++++++++++++-------------
 src/freedombone-app-ipfs      | 284 ++++++++---------
 src/freedombone-app-irc       | 403 ++++++++++++------------
 src/freedombone-app-jitsi     | 167 +++++-----
 src/freedombone-app-kanboard  | 391 ++++++++++++-----------
 src/freedombone-app-keyserver | 401 ++++++++++++------------
 src/freedombone-app-koel      | 493 ++++++++++++++---------------
 src/freedombone-app-lychee    | 368 +++++++++++-----------
 src/freedombone-app-mailpile  | 172 +++++------
 src/freedombone-app-matrix    | 324 +++++++++----------
 18 files changed, 3558 insertions(+), 3517 deletions(-)

diff --git a/src/freedombone-app-etherpad b/src/freedombone-app-etherpad
index 3082e6fd..330de307 100755
--- a/src/freedombone-app-etherpad
+++ b/src/freedombone-app-etherpad
@@ -41,7 +41,7 @@ ETHERPAD_REPO="https://github.com/ether/etherpad-lite"
 ETHERPAD_COMMIT='454f539561a8d9de51ed107a29d974eb79198bc6'
 ETHERPAD_ADMIN_PASSWORD=
 ETHERPAD_TITLE=$'Freedombone Docs'
-ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
+ETHERPAD_WELCOME_MESSAGE=$"Welcome to ${ETHERPAD_TITLE}!\\n\\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!"
 
 etherpad_variables=(ONION_ONLY
                     DEFAULT_DOMAIN_NAME
@@ -67,109 +67,109 @@ function change_password_etherpad {
     read_config_param ETHERPAD_DOMAIN_NAME
 
     if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
-        user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
+        user_line=$(grep "\"$change_username\": {" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json")
         if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": true }|g" "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
         else
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
         fi
-        ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
+        "${PROJECT_NAME}-pass" -u "$change_username" -a etherpad -p "$2"
         systemctl restart etherpad
     fi
 }
 
 function etherpad_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
-            ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
+            ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
+    if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database etherpad "$ETHERPAD_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function create_etherpad_settings {
-    settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
-    echo '{' > $settings_file
-    echo "  \"title\": \"${ETHERPAD_TITLE}\"," >> $settings_file
-    echo '  "favicon": "favicon.ico",' >> $settings_file
+    settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
+    { echo '{';
+      echo "  \"title\": \"${ETHERPAD_TITLE}\",";
+      echo '  "favicon": "favicon.ico",';
 
-    echo '  "ip": "127.0.0.1",' >> $settings_file
-    echo "  \"port\" : ${ETHERPAD_PORT}," >> $settings_file
+      echo '  "ip": "127.0.0.1",';
+      echo "  \"port\" : ${ETHERPAD_PORT},";
 
-    echo '  "showSettingsInAdminPage" : true,' >> $settings_file
-    echo '   "dbType" : "mysql",' >> $settings_file
-    echo '   "dbSettings" : {' >> $settings_file
-    echo '                    "user"    : "root",' >> $settings_file
-    echo '                    "host"    : "localhost",' >> $settings_file
-    echo "                    \"password\": \"${MARIADB_PASSWORD}\"," >> $settings_file
-    echo '                    "database": "etherpad",' >> $settings_file
-    echo '                    "charset" : "utf8mb4"' >> $settings_file
-    echo '                  },' >> $settings_file
+      echo '  "showSettingsInAdminPage" : true,';
+      echo '   "dbType" : "mysql",';
+      echo '   "dbSettings" : {';
+      echo '                    "user"    : "root",';
+      echo '                    "host"    : "localhost",';
+      echo "                    \"password\": \"${MARIADB_PASSWORD}\",";
+      echo '                    "database": "etherpad",';
+      echo '                    "charset" : "utf8mb4"';
+      echo '                  },';
 
-    echo "  \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"," >> $settings_file
+      echo "  \"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\",";
 
-    echo '  "padOptions": {' >> $settings_file
-    echo '    "noColors": false,' >> $settings_file
-    echo '    "showControls": true,' >> $settings_file
-    echo '    "showChat": true,' >> $settings_file
-    echo '    "showLineNumbers": false,' >> $settings_file
-    echo '    "useMonospaceFont": false,' >> $settings_file
-    echo '    "userName": false,' >> $settings_file
-    echo '    "userColor": true,' >> $settings_file
-    echo '    "rtl": false,' >> $settings_file
-    echo '    "alwaysShowChat": true,' >> $settings_file
-    echo '    "chatAndUsers": true,' >> $settings_file
-    echo '    "lang": "en-gb"' >> $settings_file
-    echo '  },' >> $settings_file
+      echo '  "padOptions": {';
+      echo '    "noColors": false,';
+      echo '    "showControls": true,';
+      echo '    "showChat": true,';
+      echo '    "showLineNumbers": false,';
+      echo '    "useMonospaceFont": false,';
+      echo '    "userName": false,';
+      echo '    "userColor": true,';
+      echo '    "rtl": false,';
+      echo '    "alwaysShowChat": true,';
+      echo '    "chatAndUsers": true,';
+      echo '    "lang": "en-gb"';
+      echo '  },';
 
-    echo '  "suppressErrorsInPadText" : true,' >> $settings_file
-    echo '  "requireSession" : false,' >> $settings_file
-    echo '  "editOnly" : false,' >> $settings_file
-    echo '  "sessionNoPassword" : false,' >> $settings_file
-    echo '  "minify" : true,' >> $settings_file
-    echo '  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours' >> $settings_file
-    echo '  "abiword" : null,' >> $settings_file
-    echo '  "soffice" : null,' >> $settings_file
-    echo '  "tidyHtml" : null,' >> $settings_file
-    echo '  "allowUnknownFileEnds" : false,' >> $settings_file
-    echo '  "requireAuthentication" : true,' >> $settings_file
-    echo '  "requireAuthorization" : true,' >> $settings_file
-    echo '  "trustProxy" : false,' >> $settings_file
-    echo '  "disableIPlogging" : true,' >> $settings_file
+      echo '  "suppressErrorsInPadText" : true,';
+      echo '  "requireSession" : false,';
+      echo '  "editOnly" : false,';
+      echo '  "sessionNoPassword" : false,';
+      echo '  "minify" : true,';
+      echo '  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours';
+      echo '  "abiword" : null,';
+      echo '  "soffice" : null,';
+      echo '  "tidyHtml" : null,';
+      echo '  "allowUnknownFileEnds" : false,';
+      echo '  "requireAuthentication" : true,';
+      echo '  "requireAuthorization" : true,';
+      echo '  "trustProxy" : false,';
+      echo '  "disableIPlogging" : true,';
 
-    echo '  "users": {' >> $settings_file
-    echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
-    echo '  },' >> $settings_file
+      echo '  "users": {';
+      echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }";
+      echo '  },';
 
-    echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
-    echo '  "loadTest": false,' >> $settings_file
-    echo '  "indentationOnNewLine": false,' >> $settings_file
+      echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],';
+      echo '  "loadTest": false,';
+      echo '  "indentationOnNewLine": false,';
 
-    echo '  "toolbar": {' >> $settings_file
-    echo '    "left": [' >> $settings_file
-    echo '      ["bold", "italic", "underline", "strikethrough"],' >> $settings_file
-    echo '      ["orderedlist", "unorderedlist", "indent", "outdent"],' >> $settings_file
-    echo '      ["undo", "redo"],' >> $settings_file
-    echo '      ["clearauthorship"]' >> $settings_file
-    echo '    ],' >> $settings_file
-    echo '    "right": [' >> $settings_file
-    echo '      ["importexport", "timeslider", "savedrevision"],' >> $settings_file
-    echo '      ["settings", "embed"],' >> $settings_file
-    echo '      ["showusers"]' >> $settings_file
-    echo '    ],' >> $settings_file
-    echo '    "timeslider": [' >> $settings_file
-    echo '      ["timeslider_export", "timeslider_returnToPad"]' >> $settings_file
-    echo '    ]' >> $settings_file
-    echo '  },' >> $settings_file
-    echo '  "loglevel": "INFO"' >> $settings_file
-    echo '}' >> $settings_file
+      echo '  "toolbar": {';
+      echo '    "left": [';
+      echo '      ["bold", "italic", "underline", "strikethrough"],';
+      echo '      ["orderedlist", "unorderedlist", "indent", "outdent"],';
+      echo '      ["undo", "redo"],';
+      echo '      ["clearauthorship"]';
+      echo '    ],';
+      echo '    "right": [';
+      echo '      ["importexport", "timeslider", "savedrevision"],';
+      echo '      ["settings", "embed"],';
+      echo '      ["showusers"]';
+      echo '    ],';
+      echo '    "timeslider": [';
+      echo '      ["timeslider_export", "timeslider_returnToPad"]';
+      echo '    ]';
+      echo '  },';
+      echo '  "loglevel": "INFO"';
+      echo '}'; } > $settings_file
     chmod 600 $settings_file
 }
 
@@ -177,7 +177,7 @@ function remove_user_etherpad {
     remove_username="$1"
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp etherpad
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp etherpad
 
     if grep -q "\"$remove_username\": {" $settings_file; then
         sed -i "/\"$remove_username\": {/d" $settings_file
@@ -191,7 +191,7 @@ function add_user_etherpad {
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 
     if ! grep -q "\"$new_username\": {" $settings_file; then
-        ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
+        "${PROJECT_NAME}-pass" -u "$new_username" -a etherpad -p "$2"
         sed -i "/\"users\": {/a    \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
         if grep -q "\"$new_username\": {" $settings_file; then
             systemctl restart etherpad
@@ -204,11 +204,11 @@ function add_user_etherpad {
 }
 
 function install_interactive_etherpad {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         ETHERPAD_DOMAIN_NAME='etherpad.local'
         write_config_param "ETHERPAD_DOMAIN_NAME" "$ETHERPAD_DOMAIN_NAME"
     else
@@ -220,18 +220,17 @@ function install_interactive_etherpad {
 
 function etherpad_set_title {
     read_config_param "ETHERPAD_TITLE"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Etherpad Title" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>$data
+           --inputbox $'Set a title for your etherpad system' 10 60 "$ETHERPAD_TITLE" 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_title=$(<$data)
+            temp_title=$(<"$data")
             if [ ${#temp_title} -gt 0 ]; then
                 ETHERPAD_TITLE="$temp_title"
-                settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json
+                settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
 
                 write_config_param "ETHERPAD_TITLE" "$ETHERPAD_TITLE"
                 sed -i "s|\"title\":.*|\"title\": \"${ETHERPAD_TITLE}\"|g" $settings_file
@@ -241,22 +240,22 @@ function etherpad_set_title {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function etherpad_set_welcome_message {
     read_config_param "ETHERPAD_WELCOME_MESSAGE"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Etherpad Welcome Message" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>$data
+           --inputbox $'Set a welcome message, which can include html formatting' 10 60 "$ETHERPAD_WELCOME_MESSAGE" 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_welcome=$(<$data)
+            temp_welcome=$(<"$data")
             if [ ${#temp_welcome} -gt 0 ]; then
                 ETHERPAD_WELCOME_MESSAGE="$temp_welcome"
-                settings_file=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json
+                settings_file="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/settings.json"
 
                 write_config_param "ETHERPAD_WELCOME_MESSAGE" "$ETHERPAD_WELCOME_MESSAGE"
                 sed -i "s|\"defaultPadText\" :.*|\"defaultPadText\" : \"${ETHERPAD_WELCOME_MESSAGE}\"|g" $settings_file
@@ -266,29 +265,33 @@ function etherpad_set_welcome_message {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_etherpad {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Etherpad Settings" \
                --radiolist $"Choose an operation:" 12 70 3 \
                1 $"Set Title" off \
                2 $"Set a welcome message" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) etherpad_set_title;;
             2) etherpad_set_welcome_message;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -311,18 +314,18 @@ function upgrade_etherpad {
 
 function backup_local_etherpad {
     ETHERPAD_DOMAIN_NAME='etherpad'
-    if grep -q "etherpad domain" $COMPLETION_FILE; then
+    if grep -q "etherpad domain" "$COMPLETION_FILE"; then
         ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
     fi
 
     source_directory=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    if [ -d "$source_directory" ]; then
         dest_directory=etherpad
         function_check suspend_site
-        suspend_site ${ETHERPAD_DOMAIN_NAME}
+        suspend_site "${ETHERPAD_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb etherpad
@@ -333,50 +336,50 @@ function backup_local_etherpad {
 }
 
 function restore_local_etherpad {
-    if ! grep -q "etherpad domain" $COMPLETION_FILE; then
+    if ! grep -q "etherpad domain" "$COMPLETION_FILE"; then
         return
     fi
     ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
-    if [ $ETHERPAD_DOMAIN_NAME ]; then
+    if [ "$ETHERPAD_DOMAIN_NAME" ]; then
         temp_restore_dir=/root/tempetherpad
-        etherpad_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
+        #etherpad_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
 
         function_check etherpad_create_database
         etherpad_create_database
 
-        restore_database etherpad ${ETHERPAD_DOMAIN_NAME}
+        restore_database etherpad "${ETHERPAD_DOMAIN_NAME}"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-        if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
-            chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+        chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
+        if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
+            chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
         fi
-        if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
-            chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
+        if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
+            chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
-        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
+        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
         MARIADB_PASSWORD=
     fi
 }
 
 function backup_remote_etherpad {
-    if grep -q "etherpad domain" $COMPLETION_FILE; then
+    if grep -q "etherpad domain" "$COMPLETION_FILE"; then
         ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
-        temp_backup_dir=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        temp_backup_dir="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
+        if [ -d "$temp_backup_dir" ]; then
             function_check suspend_site
-            suspend_site ${ETHERPAD_DOMAIN_NAME}
+            suspend_site "${ETHERPAD_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend etherpad
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir etherpad
+            backup_directory_to_friend "$temp_backup_dir" etherpad
 
             function_check restart_site
             restart_site
@@ -387,29 +390,29 @@ function backup_remote_etherpad {
 }
 
 function restore_remote_etherpad {
-    if grep -q "etherpad domain" $COMPLETION_FILE; then
+    if grep -q "etherpad domain" "$COMPLETION_FILE"; then
         ETHERPAD_DOMAIN_NAME=$(get_completion_param "etherpad domain")
 
         function_check etherpad_create_database
         etherpad_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend etherpad ${ETHERPAD_DOMAIN_NAME}
+        restore_database_from_friend etherpad "${ETHERPAD_DOMAIN_NAME}"
         if [ -d /root/tempetherpad ]; then
             rm -rf /root/tempetherpad
         fi
 
-        chown -R etherpad: /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs
-        if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
-            chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+        chown -R etherpad: "/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs"
+        if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
+            chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
         fi
-        if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
-            chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
+        if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
+            chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
-        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" $settings_file
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        settings_file="/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json"
+        sed -i "s|\"password\":.*|\"password\": \"${MARIADB_PASSWORD}\",|g" "$settings_file"
         MARIADB_PASSWORD=
     fi
 }
@@ -427,13 +430,13 @@ function remove_etherpad {
         rm /etc/systemd/system/etherpad.service
     fi
     systemctl daemon-reload
-    nginx_dissite $ETHERPAD_DOMAIN_NAME
-    remove_certs $ETHERPAD_DOMAIN_NAME
-    if [ -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$ETHERPAD_DOMAIN_NAME
+    nginx_dissite "$ETHERPAD_DOMAIN_NAME"
+    remove_certs "$ETHERPAD_DOMAIN_NAME"
+    if [ -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$ETHERPAD_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database etherpad
@@ -441,7 +444,7 @@ function remove_etherpad {
     remove_onion_service etherpad ${ETHERPAD_ONION_PORT}
     remove_app etherpad
     remove_completion_param install_etherpad
-    sed -i '/etherpad/d' $COMPLETION_FILE
+    sed -i '/etherpad/d' "$COMPLETION_FILE"
     remove_backup_database_local etherpad
     remove_nodejs etherpad
 
@@ -449,22 +452,22 @@ function remove_etherpad {
     userdel -r etherpad
 
     function_check remove_ddns_domain
-    remove_ddns_domain $ETHERPAD_DOMAIN_NAME
+    remove_ddns_domain "$ETHERPAD_DOMAIN_NAME"
 }
 
 function install_etherpad {
-    if [ ! $ETHERPAD_DOMAIN_NAME ]; then
+    if [ ! "$ETHERPAD_DOMAIN_NAME" ]; then
         echo $'No domain name was given for etherpad'
         exit 7359
     fi
 
     check_ram_availability 2000
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        ETHERPAD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        ETHERPAD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $ETHERPAD_ADMIN_PASSWORD ]; then
-            ETHERPAD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$ETHERPAD_ADMIN_PASSWORD" ]; then
+            ETHERPAD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -484,133 +487,133 @@ function install_etherpad {
     function_check install_nodejs
     install_nodejs etherpad
 
-    if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME ]; then
-        mkdir /var/www/$ETHERPAD_DOMAIN_NAME
+    if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$ETHERPAD_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/etherpad ]; then
-            mkdir /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/etherpad/. /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-            cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/etherpad/. "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 32468346
             git pull
         else
             function_check git_clone
-            git_clone $ETHERPAD_REPO /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+            git_clone "$ETHERPAD_REPO" "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$ETHERPAD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone etherpad repo'
             exit 56382
         fi
     fi
 
-    cd /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-    git checkout $ETHERPAD_COMMIT -b $ETHERPAD_COMMIT
+    cd "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" || exit 24654824
+    git checkout "$ETHERPAD_COMMIT" -b "$ETHERPAD_COMMIT"
     set_completion_param "etherpad commit" "$ETHERPAD_COMMIT"
 
-    chmod a+w /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
-    chown www-data:www-data /var/www/$ETHERPAD_DOMAIN_NAME/htdocs
+    chmod a+w "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
+    chown www-data:www-data "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs"
 
     function_check etherpad_create_database
     etherpad_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $ETHERPAD_DOMAIN_NAME
+    add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
 
     create_etherpad_settings
 
-    adduser --system --home=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/ --group etherpad
-    chown -R etherpad: /var/www/$ETHERPAD_DOMAIN_NAME/htdocs/
+    adduser --system --home="/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/" --group etherpad
+    chown -R etherpad: "/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/"
 
-    echo '[Unit]' > /etc/systemd/system/etherpad.service
-    echo 'Description=etherpad-lite (real-time collaborative document editing)' >> /etc/systemd/system/etherpad.service
-    echo 'After=syslog.target network.target' >> /etc/systemd/system/etherpad.service
-    echo '' >> /etc/systemd/system/etherpad.service
-    echo '[Service]' >> /etc/systemd/system/etherpad.service
-    echo 'Type=simple' >> /etc/systemd/system/etherpad.service
-    echo 'User=etherpad' >> /etc/systemd/system/etherpad.service
-    echo 'Group=etherpad' >> /etc/systemd/system/etherpad.service
-    echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs" >> /etc/systemd/system/etherpad.service
-    echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh" >> /etc/systemd/system/etherpad.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/etherpad.service
-    echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/etherpad.service
-    echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/etherpad.service
-    echo '' >> /etc/systemd/system/etherpad.service
-    echo '[Install]' >> /etc/systemd/system/etherpad.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/etherpad.service
+    { echo '[Unit]';
+      echo 'Description=etherpad-lite (real-time collaborative document editing)';
+      echo 'After=syslog.target network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=etherpad';
+      echo 'Group=etherpad';
+      echo "WorkingDirectory=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs";
+      echo "ExecStart=/var/www/$ETHERPAD_DOMAIN_NAME/htdocs/bin/run.sh";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/etherpad.service
     chmod +x /etc/systemd/system/etherpad.service
 
     etherpad_nginx_site=/etc/nginx/sites-available/$ETHERPAD_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $ETHERPAD_DOMAIN_NAME
-        echo 'server {' >> $etherpad_nginx_site
-        echo '  listen 443 ssl;' >> $etherpad_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $etherpad_nginx_site
-        echo "  server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  # Security' >> $etherpad_nginx_site
+        nginx_http_redirect "$ETHERPAD_DOMAIN_NAME"
+        { echo 'server {';
+        echo '  listen 443 ssl;';
+        echo '  #listen [::]:443 ssl;';
+        echo "  server_name $ETHERPAD_DOMAIN_NAME;";
+        echo '';
+        echo '  # Security'; } >> "$etherpad_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $ETHERPAD_DOMAIN_NAME
+        nginx_ssl "$ETHERPAD_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME
+        nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  # Logs' >> $etherpad_nginx_site
-        echo '  access_log /dev/null;' >> $etherpad_nginx_site
-        echo '  error_log /dev/null;' >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  # Root' >> $etherpad_nginx_site
-        echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        echo '  location / {' >> $etherpad_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+        echo '';
+        echo '  # Logs';
+        echo '  access_log /dev/null;';
+        echo '  error_log /dev/null;';
+        echo '';
+        echo '  # Root';
+        echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
+        echo '';
+        echo '  location / {'; } >> "$etherpad_nginx_site"
         function_check nginx_limits
-        nginx_limits $ETHERPAD_DOMAIN_NAME '15m'
-        echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site
-        echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
-        echo '    proxy_buffering   off;' >> $etherpad_nginx_site
-        echo '  }' >> $etherpad_nginx_site
-        echo '}' >> $etherpad_nginx_site
+        nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
+        { echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;";
+          echo "    proxy_set_header  Host \$host;";
+          echo '    proxy_buffering   off;';
+          echo '  }';
+          echo '}'; } >> "$etherpad_nginx_site"
     else
-        echo -n '' > $etherpad_nginx_site
+        echo -n '' > "$etherpad_nginx_site"
     fi
-    echo 'server {' >> $etherpad_nginx_site
-    echo "    listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;" >> $etherpad_nginx_site
-    echo "    server_name $ETHERPAD_DOMAIN_NAME;" >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;";
+      echo "    server_name $ETHERPAD_ONION_HOSTNAME;";
+      echo ''; } >> "$etherpad_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $ETHERPAD_DOMAIN_NAME
-    echo '' >> $etherpad_nginx_site
-    echo '  # Logs' >> $etherpad_nginx_site
-    echo '  access_log /dev/null;' >> $etherpad_nginx_site
-    echo '  error_log /dev/null;' >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
-    echo '  # Root' >> $etherpad_nginx_site
-    echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;" >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
-    echo '  location / {' >> $etherpad_nginx_site
+    nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$ETHERPAD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  location / {'; } >> "$etherpad_nginx_site"
     function_check nginx_limits
-    nginx_limits $ETHERPAD_DOMAIN_NAME '15m'
-    echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;" >> $etherpad_nginx_site
-    echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
-    echo '    proxy_buffering   off;' >> $etherpad_nginx_site
-    echo '  }' >> $etherpad_nginx_site
-    echo '}' >> $etherpad_nginx_site
+    nginx_limits "$ETHERPAD_DOMAIN_NAME" '15m'
+    { echo "    proxy_pass        http://localhost:${ETHERPAD_PORT}/;";
+      echo "    proxy_set_header  Host \$host;";
+      echo '    proxy_buffering   off;';
+      echo '  }';
+      echo '}'; } >> "$etherpad_nginx_site"
 
     function_check create_site_certificate
-    create_site_certificate $ETHERPAD_DOMAIN_NAME 'yes'
+    create_site_certificate "$ETHERPAD_DOMAIN_NAME" 'yes'
 
-    if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt ]; then
-        mv /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+    if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" ]; then
+        mv "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.crt" "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
     fi
-    if [ -f /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem ]; then
-        chown etherpad: /etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem
+    if [ -f "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem" ]; then
+        chown etherpad: "/etc/ssl/certs/${ETHERPAD_DOMAIN_NAME}.pem"
     fi
-    if [ -f /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key ]; then
-        chown etherpad: /etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key
+    if [ -f "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key" ]; then
+        chown etherpad: "/etc/ssl/private/${ETHERPAD_DOMAIN_NAME}.key"
     fi
     usermod -a -G ssl-cert etherpad
 
@@ -623,14 +626,14 @@ function install_etherpad {
     backup_database_local etherpad
 
     function_check nginx_ensite
-    nginx_ensite $ETHERPAD_DOMAIN_NAME
+    nginx_ensite "$ETHERPAD_DOMAIN_NAME"
 
     ETHERPAD_ONION_HOSTNAME=$(add_onion_service etherpad 80 ${ETHERPAD_ONION_PORT})
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a etherpad -p "$ETHERPAD_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $ETHERPAD_DOMAIN_NAME
+    add_ddns_domain "$ETHERPAD_DOMAIN_NAME"
 
     set_completion_param "etherpad domain" "$ETHERPAD_DOMAIN_NAME"
 
diff --git a/src/freedombone-app-fedwiki b/src/freedombone-app-fedwiki
index d8b27591..8197e49a 100755
--- a/src/freedombone-app-fedwiki
+++ b/src/freedombone-app-fedwiki
@@ -127,7 +127,7 @@ function add_user_fedwiki {
 }
 
 function install_interactive_fedwiki {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -148,7 +148,7 @@ function change_password_fedwiki {
         echo $'Fedwiki password is too short'
         return
     fi
-    ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
     sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
     sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json
     systemctl daemon-reload
@@ -177,12 +177,12 @@ function upgrade_fedwiki {
 
 function backup_local_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
 
     systemctl stop fedwiki
-    suspend_site ${FEDWIKI_DOMAIN_NAME}
+    suspend_site "${FEDWIKI_DOMAIN_NAME}"
 
     fedwiki_path=$FEDWIKI_DATA
     if [ -d $fedwiki_path ]; then
@@ -195,11 +195,11 @@ function backup_local_fedwiki {
 
 function restore_local_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
-    if [ $FEDWIKI_DOMAIN_NAME ]; then
-        suspend_site ${FEDWIKI_DOMAIN_NAME}
+    if [ "$FEDWIKI_DOMAIN_NAME" ]; then
+        suspend_site "${FEDWIKI_DOMAIN_NAME}"
         systemctl stop fedwiki
 
         temp_restore_dir=/root/tempfedwiki
@@ -215,8 +215,8 @@ function restore_local_fedwiki {
             rm -rf $temp_restore_dir
         fi
 
-        FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
-        ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
+        FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
+        "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
         sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
         write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
         systemctl daemon-reload
@@ -227,12 +227,12 @@ function restore_local_fedwiki {
 
 function backup_remote_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
 
     systemctl stop fedwiki
-    suspend_site ${FEDWIKI_DOMAIN_NAME}
+    suspend_site "${FEDWIKI_DOMAIN_NAME}"
 
     temp_backup_dir=$FEDWIKI_DATA
     if [ -d $temp_backup_dir ]; then
@@ -248,12 +248,12 @@ function backup_remote_fedwiki {
 
 function restore_remote_fedwiki {
     FEDWIKI_DOMAIN_NAME='fedwiki.local'
-    if grep -q "fedwiki domain" $COMPLETION_FILE; then
+    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
         FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
     fi
 
     systemctl stop fedwiki
-    suspend_site ${FEDWIKI_DOMAIN_NAME}
+    suspend_site "${FEDWIKI_DOMAIN_NAME}"
 
     temp_restore_dir=/root/tempfedwiki
     function_check restore_directory_from_friend
@@ -268,8 +268,8 @@ function restore_remote_fedwiki {
         rm -rf $temp_restore_dir
     fi
 
-    FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
-    ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
+    FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
+    "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
     sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
     write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
     systemctl daemon-reload
@@ -294,20 +294,20 @@ function remove_fedwiki {
     remove_nodejs fedwiki
 
     read_config_param "FEDWIKI_DOMAIN_NAME"
-    nginx_dissite $FEDWIKI_DOMAIN_NAME
-    remove_certs ${FEDWIKI_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME
+    nginx_dissite "$FEDWIKI_DOMAIN_NAME"
+    remove_certs "${FEDWIKI_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$FEDWIKI_DOMAIN_NAME ]; then
-        rm -rf /var/www/$FEDWIKI_DOMAIN_NAME
+    if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME"
     fi
     remove_config_param FEDWIKI_DOMAIN_NAME
     remove_config_param FEDWIKI_CODE
     function_check remove_onion_service
     remove_onion_service fedwiki ${FEDWIKI_ONION_PORT}
     remove_completion_param "install_fedwiki"
-    sed -i '/fedwiki/d' $COMPLETION_FILE
+    sed -i '/fedwiki/d' "$COMPLETION_FILE"
 
     groupdel -f fedwiki
     userdel -r fedwiki
@@ -317,101 +317,102 @@ function remove_fedwiki {
     fi
 
     function_check remove_ddns_domain
-    remove_ddns_domain $FEDWIKI_DOMAIN_NAME
+    remove_ddns_domain "$FEDWIKI_DOMAIN_NAME"
 }
 
 function fedwiki_setup_web {
-    fedwiki_nginx_file=/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME
+    fedwiki_nginx_file="/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
 
-    if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $fedwiki_nginx_file
-        echo '  listen 80;' >> $fedwiki_nginx_file
-        echo '  listen [::]:80;' >> $fedwiki_nginx_file
-        echo "  server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
-        echo '  rewrite ^ https://$server_name$request_uri? permanent;' >> $fedwiki_nginx_file
-        echo '}' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
-        echo 'server {' >> $fedwiki_nginx_file
-        echo '  listen 443 ssl;' >> $fedwiki_nginx_file
-        echo '  #listen [::]:443 ssl;' >> $fedwiki_nginx_file
-        echo "  server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        { echo 'server {';
+        echo '  listen 80;';
+        echo '  listen [::]:80;';
+        echo "  server_name $FEDWIKI_DOMAIN_NAME;";
+        echo "  rewrite ^ https://\$server_name\$request_uri? permanent;";
+        echo '}';
+        echo '';
+        echo 'server {';
+        echo '  listen 443 ssl;';
+        echo '  #listen [::]:443 ssl;';
+        echo "  server_name $FEDWIKI_DOMAIN_NAME;";
+        echo ''; } > "$fedwiki_nginx_file"
         function_check nginx_ssl
-        nginx_ssl $FEDWIKI_DOMAIN_NAME mobile
+        nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile
 
-        sed -i '/Content-Security-Policy/d' $fedwiki_nginx_file
-        sed -i '/X-XSS-Protection/d' $fedwiki_nginx_file
-        sed -i '/X-Robots-Tag/d' $fedwiki_nginx_file
-        sed -i '/X-Download-Options/d' $fedwiki_nginx_file
-        sed -i '/X-Permitted-Cross-Domain-Policies/d' $fedwiki_nginx_file
+        sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
+        sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
+        sed -i '/X-Robots-Tag/d' "$fedwiki_nginx_file"
+        sed -i '/X-Download-Options/d' "$fedwiki_nginx_file"
+        sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
 
-        echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
-        echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
-        echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
-        echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
-        echo '  location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
-        echo '    alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
-        echo '  }' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
-        echo '  location / {' >> $fedwiki_nginx_file
-        echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
-        echo '    proxy_set_header Host $host;' >> $fedwiki_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
-        echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
-        echo '  }' >> $fedwiki_nginx_file
-        echo '}' >> $fedwiki_nginx_file
-        echo '' >> $fedwiki_nginx_file
+        { echo '  add_header X-Robots-Tag none;';
+          echo '  add_header X-Download-Options noopen;';
+          echo '  add_header X-Frame-Options DENY;';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  location /fonts-font-awesome/ {';
+          echo '    alias /usr/share/fonts-font-awesome/;';
+          echo '  }';
+          echo '';
+          echo '  location / {';
+          echo "    proxy_pass http://localhost:${FEDWIKI_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    client_max_body_size 1M;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> "$fedwiki_nginx_file"
     else
-        echo -n '' > $fedwiki_nginx_file
+        echo -n '' > "$fedwiki_nginx_file"
     fi
-    echo 'server {' >> $fedwiki_nginx_file
-    echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file
-    echo "  server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file
-    echo '' >> $fedwiki_nginx_file
-    echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
-    echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
-    echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
-    echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
-    echo '' >> $fedwiki_nginx_file
-    echo '  location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
-    echo '    alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
-    echo '  }' >> $fedwiki_nginx_file
-    echo '' >> $fedwiki_nginx_file
-    echo '  location / {' >> $fedwiki_nginx_file
-    echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
-    echo '    proxy_set_header Host $host;' >> $fedwiki_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
-    echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
-    echo '  }' >> $fedwiki_nginx_file
-    echo '}' >> $fedwiki_nginx_file
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
+      echo "  server_name $FEDWIKI_ONION_HOSTNAME;";
+      echo '';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Frame-Options DENY;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '';
+      echo '  location /fonts-font-awesome/ {';
+      echo '    alias /usr/share/fonts-font-awesome/;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${FEDWIKI_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    client_max_body_size 1M;';
+      echo '  }';
+      echo '}'; } >> "$fedwiki_nginx_file"
 
     function_check create_site_certificate
-    create_site_certificate $FEDWIKI_DOMAIN_NAME 'yes'
+    create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $FEDWIKI_DOMAIN_NAME
+    nginx_ensite "$FEDWIKI_DOMAIN_NAME"
 }
 
 function install_fedwiki {
-    if [[ $VARIANT == "mesh"* ]]; then
+    # shellcheck disable=SC2153
+    if [[ "$VARIANT" == "mesh"* ]]; then
         return
     fi
 
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [ ! $FEDWIKI_DOMAIN_NAME ]; then
+    if [ ! "$FEDWIKI_DOMAIN_NAME" ]; then
         echo $'The fedwiki domain name was not specified'
         exit 893635
     fi
 
-    if [ ! -d /var/www/$FEDWIKI_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$FEDWIKI_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs"
     fi
 
     if [ ! -d $FEDWIKI_DATA ]; then
@@ -429,14 +430,12 @@ function install_fedwiki {
 
     apt-get -yq install fonts-font-awesome
 
-    npm install -g wiki@$FEDWIKI_VERSION
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g wiki@$FEDWIKI_VERSION; then
         echo $'Failed to install fedwiki'
         exit 6293523
     fi
 
-    npm install -g wiki-security-friends@0.1.0
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g wiki-security-friends@0.1.0; then
         echo $'Failed to install wiki-security-friends'
         exit 783533
     fi
@@ -457,44 +456,44 @@ function install_fedwiki {
         FEDWIKI_COOKIE="$(create_password 20)"
     fi
 
-    echo '[Unit]' > /etc/systemd/system/fedwiki.service
-    echo 'Description=Fedwiki federated wiki' >> /etc/systemd/system/fedwiki.service
-    echo 'After=syslog.target' >> /etc/systemd/system/fedwiki.service
-    echo 'After=network.target' >> /etc/systemd/system/fedwiki.service
-    echo '' >> /etc/systemd/system/fedwiki.service
-    echo '[Service]' >> /etc/systemd/system/fedwiki.service
-    echo 'User=fedwiki' >> /etc/systemd/system/fedwiki.service
-    echo 'Group=fedwiki' >> /etc/systemd/system/fedwiki.service
-    echo "WorkingDirectory=/usr/local/lib/node_modules/wiki" >> /etc/systemd/system/fedwiki.service
-    echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'" >> /etc/systemd/system/fedwiki.service
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/fedwiki.service
-    echo 'StandardError=syslog' >> /etc/systemd/system/fedwiki.service
-    echo 'SyslogIdentifier=fedwiki' >> /etc/systemd/system/fedwiki.service
-    echo 'Restart=always' >> /etc/systemd/system/fedwiki.service
-    echo "Environment=NODE_ENV=production" >> /etc/systemd/system/fedwiki.service
-    echo '' >> /etc/systemd/system/fedwiki.service
-    echo '[Install]' >> /etc/systemd/system/fedwiki.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/fedwiki.service
+    { echo '[Unit]';
+      echo 'Description=Fedwiki federated wiki';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=fedwiki';
+      echo 'Group=fedwiki';
+      echo "WorkingDirectory=/usr/local/lib/node_modules/wiki";
+      echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=fedwiki';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/fedwiki.service
 
     if [ ! -d ${FEDWIKI_DATA}/status ]; then
         mkdir -p ${FEDWIKI_DATA}/status
     fi
     fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
-    echo '{' > $fedwiki_auth_file
-    echo "  \"name\": \"${MY_USERNAME}\"," >> $fedwiki_auth_file
-    echo '  "friend": {' >> $fedwiki_auth_file
-    echo "    \"secret\": \"${FEDWIKI_COOKIE}\"" >> $fedwiki_auth_file
-    echo '  }' >> $fedwiki_auth_file
-    echo '}' >> $fedwiki_auth_file
+    { echo '{';
+      echo "  \"name\": \"${MY_USERNAME}\",";
+      echo '  "friend": {';
+      echo "    \"secret\": \"${FEDWIKI_COOKIE}\"";
+      echo '  }';
+      echo '}'; } > $fedwiki_auth_file
 
     chown -R fedwiki:fedwiki $FEDWIKI_DATA
 
     fedwiki_setup_web
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a fedwiki -p "$FEDWIKI_COOKIE"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a fedwiki -p "$FEDWIKI_COOKIE"
 
     function_check add_ddns_domain
-    add_ddns_domain $FEDWIKI_DOMAIN_NAME
+    add_ddns_domain "$FEDWIKI_DOMAIN_NAME"
 
     fedwiki_remove_bad_links
 
diff --git a/src/freedombone-app-friendica b/src/freedombone-app-friendica
index db1ad7bc..7eee5abe 100755
--- a/src/freedombone-app-friendica
+++ b/src/freedombone-app-friendica
@@ -60,7 +60,7 @@ function logging_off_friendica {
 
 function remove_user_friendica {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp friendica
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp friendica
 }
 
 function add_user_friendica {
@@ -71,27 +71,26 @@ function add_user_friendica {
 
     new_username="$1"
     new_user_password="$2"
-    ${PROJECT_NAME}-pass -u $new_username -a friendica -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a friendica -p "$new_user_password"
     echo '0'
 }
 
 function friendica_renew_cert {
     dialog --title $"Renew SSL certificate" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
+           --yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
     FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
-    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Renew SSL certificate" \
                --msgbox $"Friendica install directory not found" 6 40
         return
     fi
-    ${PROJECT_NAME}-renew-cert -h $FRIENDICA_DOMAIN_NAME -p 'letsencrypt'
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-renew-cert" -h "$FRIENDICA_DOMAIN_NAME" -p 'letsencrypt'; then
         any_key
     else
         dialog --title $"Renew SSL certificate" \
@@ -100,52 +99,54 @@ function friendica_renew_cert {
 }
 
 function friendica_channel_directory_server {
-    if ! grep -q "friendica domain" $COMPLETION_FILE; then
+    if ! grep -q "friendica domain" "$COMPLETION_FILE"; then
         dialog --title $"Friendica channel directory server" \
                --msgbox $"Friendica is not installed on this system" 6 40
         return
     fi
     FRIENDICA_DOMAIN_NAME=$(get_completion_param "friendica domain")
-    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Friendica channel directory server" \
                --msgbox $"Friendica install directory not found" 6 40
         return
     fi
 
-    CURR_DIR_SERVER=$(cat /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php | grep directory | awk -F "'" '{print $6}')
+    CURR_DIR_SERVER=$(grep directory "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php" | awk -F "'" '{print $6}')
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Friendica channel directory server" \
            --backtitle $"Freedombone Control Panel" \
            --inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>$data
     sel=$?
     case $sel in
         0)
-            friendica_domain_server=$(<$data)
+            friendica_domain_server=$(<"$data")
             if [[ "$friendica_domain_server" != *"."* ]]; then
+                rm -f "$data"
                 return
             fi
             if [[ "$friendica_domain_server" != "http"* ]]; then
                 dialog --title $"Friendica channel directory server" \
                        --msgbox $"Invalid domain - include the https://" 6 40
+                rm -f "$data"
                 return
             fi
-            sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
+            sed -i "s|\['directory'\] = .*|\['directory'\] = \'$friendica_domain_server\';|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
             dialog --title $"Friendica channel directory server" \
                    --msgbox $"Domain channel directory server changed to $friendica_domain_server" 6 40
             ;;
     esac
+    rm -f "$data"
 }
 
 function friendica_close_registrations {
-    sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
+    sed -i "s|REGISTER_OPEN|REGISTER_CLOSED|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
     dialog --title $"Friendica Account Registrations" \
            --msgbox $"New registrations are now closed" 6 40
 }
 
 function friendica_allow_registrations {
-    sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" /var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php
+    sed -i "s|REGISTER_CLOSED|REGISTER_OPEN|g" "/var/www/$FRIENDICA_DOMAIN_NAME/htdocs/.htconfig.php"
     dialog --title $"Friendica Account Registrations" \
            --msgbox $"New registrations are permitted" 6 40
 }
@@ -153,8 +154,7 @@ function friendica_allow_registrations {
 function configure_interactive_friendica {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Friendica" \
                --radiolist $"Choose an operation:" 15 70 6 \
@@ -162,19 +162,21 @@ function configure_interactive_friendica {
                2 $"Renew SSL certificate" off \
                3 $"Close new account registrations" off \
                4 $"Allow new account registrations" off \
-               5 $"Back to main menu" on 2> $data
+               5 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
             1) break;;
             255) break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) friendica_channel_directory_server;;
             2) friendica_renew_cert;;
             3) friendica_close_registrations;;
             4) friendica_allow_registrations;;
-            5) break;;
+            5) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -190,7 +192,7 @@ function install_interactive_friendica {
 }
 
 function change_password_friendica {
-    FRIENDICA_USERNAME="$1"
+    #FRIENDICA_USERNAME="$1"
     FRIENDICA_PASSWORD="$2"
     if [ ${#FRIENDICA_PASSWORD} -lt 8 ]; then
         echo $'Friendica password is too short'
@@ -201,14 +203,14 @@ function change_password_friendica {
 }
 
 function friendica_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        FRIENDICA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        FRIENDICA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     fi
-    if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then
-        FRIENDICA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
+        FRIENDICA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a friendica -p "$FRIENDICA_ADMIN_PASSWORD"
-    if [ ! $FRIENDICA_ADMIN_PASSWORD ]; then
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a friendica -p "$FRIENDICA_ADMIN_PASSWORD"
+    if [ ! "$FRIENDICA_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -229,17 +231,17 @@ function upgrade_friendica {
     FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
 
     function_check set_repo_commit
-    set_repo_commit $FRIENDICA_PATH "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO
-    set_repo_commit $FRIENDICA_PATH/addon "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO
+    set_repo_commit "$FRIENDICA_PATH" "friendica commit" "$FRIENDICA_COMMIT" $FRIENDICA_REPO
+    set_repo_commit "$FRIENDICA_PATH/addon" "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT" $FRIENDICA_ADDONS_REPO
 }
 
 function backup_local_friendica {
-    friendica_path=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs
-    if [ -d $friendica_path ]; then
+    friendica_path="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
+    if [ -d "$friendica_path" ]; then
         function_check backup_database_to_usb
         backup_database_to_usb friendica
 
-        backup_directory_to_usb $friendica_path friendica
+        backup_directory_to_usb "$friendica_path" friendica
     fi
 }
 
@@ -250,31 +252,31 @@ function restore_local_friendica {
     function_check friendica_create_database
     friendica_create_database
 
-    restore_database friendica ${FRIENDICA_DOMAIN_NAME}
-    if [ -d $USB_MOUNT/backup/friendica ]; then
-        if [ ! -d $friendica_dir/store/[data]/smarty3 ]; then
-            mkdir -p $friendica_dir/store/[data]/smarty3
+    restore_database friendica "${FRIENDICA_DOMAIN_NAME}"
+    if [ -d "$USB_MOUNT/backup/friendica" ]; then
+        if [ ! -d "$friendica_dir/store/[data]/smarty3" ]; then
+            mkdir -p "$friendica_dir/store/[data]/smarty3"
         fi
-        chmod 1777 $friendica_dir/store/[data]/smarty3
-        chown -R www-data:www-data $friendica_dir/*
+        chmod 1777 "$friendica_dir/store/[data]/smarty3"
+        chown -R www-data:www-data "$friendica_dir/*"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
-        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
+        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
         MARIADB_PASSWORD=
     fi
 }
 
 function backup_remote_friendica {
-    temp_backup_dir=/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs
-    if [ -d $temp_backup_dir ]; then
-        suspend_site ${FRIENDICA_DOMAIN_NAME}
+    temp_backup_dir="/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs"
+    if [ -d "$temp_backup_dir" ]; then
+        suspend_site "${FRIENDICA_DOMAIN_NAME}"
         backup_database_to_friend friendica
         echo "Backing up Friendica installation"
-        backup_directory_to_friend $temp_backup_dir friendica
+        backup_directory_to_friend "$temp_backup_dir" friendica
         restart_site
         echo "Backup of Friendica complete"
     else
@@ -289,21 +291,21 @@ function restore_remote_friendica {
     function_check friendica_create_database
     friendica_create_database
 
-    restore_database_from_friend friendica ${FRIENDICA_DOMAIN_NAME}
-    if [ -d $SERVER_DIRECTORY/backup/friendica ]; then
-        if [ ! -d /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
-            mkdir -p /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
+    restore_database_from_friend friendica "${FRIENDICA_DOMAIN_NAME}"
+    if [ -d "$SERVER_DIRECTORY/backup/friendica" ]; then
+        if [ ! -d "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
+            mkdir -p "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
         fi
-        chmod 1777 /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
-        chown -R www-data:www-data /var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*
+        chmod 1777 "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
+        chown -R www-data:www-data "/var/www/${FRIENDICA_DOMAIN_NAME}/htdocs/*"
     fi
     if [ -d /root/tempfriendica ]; then
         rm -rf /root/tempfriendica
     fi
 
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-    FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
-    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $FRIENDICA_PATH/.htconfig.php
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+    FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
+    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$FRIENDICA_PATH/.htconfig.php"
     MARIADB_PASSWORD=
 }
 
@@ -311,35 +313,35 @@ function remove_friendica {
     if [ ${#FRIENDICA_DOMAIN_NAME} -eq 0 ]; then
         return
     fi
-    nginx_dissite $FRIENDICA_DOMAIN_NAME
-    remove_certs ${FRIENDICA_DOMAIN_NAME}
-    if [ -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
-        rm -rf /var/www/$FRIENDICA_DOMAIN_NAME
+    nginx_dissite "$FRIENDICA_DOMAIN_NAME"
+    remove_certs "${FRIENDICA_DOMAIN_NAME}"
+    if [ -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$FRIENDICA_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database friendica
     function_check remove_onion_service
     remove_onion_service friendica ${FRIENDICA_ONION_PORT}
-    sed -i '/friendica/d' $COMPLETION_FILE
+    sed -i '/friendica/d' "$COMPLETION_FILE"
     sed -i '/poller.php/d' /etc/crontab
 
     function_check remove_ddns_domain
-    remove_ddns_domain $FRIENDICA_DOMAIN_NAME
+    remove_ddns_domain "$FRIENDICA_DOMAIN_NAME"
 }
 
 function install_friendica {
-    if [ ! $FRIENDICA_DOMAIN_NAME ]; then
+    if [ ! "$FRIENDICA_DOMAIN_NAME" ]; then
         return
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         return
     fi
 
-    FRIENDICA_PATH=/var/www/$FRIENDICA_DOMAIN_NAME/htdocs
+    FRIENDICA_PATH="/var/www/$FRIENDICA_DOMAIN_NAME/htdocs"
 
     function_check install_mariadb
     install_mariadb
@@ -354,38 +356,38 @@ function install_friendica {
     apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
     apt-get -yq install php-memcached
 
-    if [ ! -d /var/www/$FRIENDICA_DOMAIN_NAME ]; then
-        mkdir /var/www/$FRIENDICA_DOMAIN_NAME
+    if [ ! -d "/var/www/$FRIENDICA_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$FRIENDICA_DOMAIN_NAME"
     fi
-    if [ ! -d $FRIENDICA_PATH ]; then
-        mkdir $FRIENDICA_PATH
+    if [ ! -d "$FRIENDICA_PATH" ]; then
+        mkdir "$FRIENDICA_PATH"
     fi
 
-    if [ ! -f $FRIENDICA_PATH/index.php ]; then
-        cd $INSTALL_DIR
+    if [ ! -f "$FRIENDICA_PATH/index.php" ]; then
+        cd "$INSTALL_DIR" || exit 2346824864
 
         if [ -d /repos/friendica ]; then
             mkdir friendica
             cp -r -p /repos/friendica/. friendica
-            cd friendica
+            cd friendica || exit 24682462
             git pull
         else
             function_check git_clone
-            git_clone $FRIENDICA_REPO friendica
+            git_clone "$FRIENDICA_REPO" friendica
         fi
 
         git checkout $FRIENDICA_COMMIT -b $FRIENDICA_COMMIT
         set_completion_param "friendica commit" "$FRIENDICA_COMMIT"
 
-        rm -rf $FRIENDICA_PATH
-        mv friendica $FRIENDICA_PATH
+        rm -rf "$FRIENDICA_PATH"
+        mv friendica "$FRIENDICA_PATH"
 
-        git_clone $FRIENDICA_ADDONS_REPO $FRIENDICA_PATH/addon
-        cd $FRIENDICA_PATH/addon
-        git checkout $FRIENDICA_ADDONS_COMMIT -b $FRIENDICA_ADDONS_COMMIT
+        git_clone "$FRIENDICA_ADDONS_REPO" "$FRIENDICA_PATH/addon"
+        cd "$FRIENDICA_PATH/addon" || exit 34835685
+        git checkout "$FRIENDICA_ADDONS_COMMIT" -b "$FRIENDICA_ADDONS_COMMIT"
         set_completion_param "friendica addons commit" "$FRIENDICA_ADDONS_COMMIT"
 
-        chown -R www-data:www-data $FRIENDICA_PATH
+        chown -R www-data:www-data "$FRIENDICA_PATH"
     fi
 
     FRIENDICA_ONION_HOSTNAME=
@@ -400,158 +402,158 @@ function install_friendica {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $FRIENDICA_DOMAIN_NAME
+    add_ddns_domain "$FRIENDICA_DOMAIN_NAME"
 
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $FRIENDICA_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    server_name $FRIENDICA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_http_redirect "$FRIENDICA_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root $FRIENDICA_PATH;";
+          echo "    server_name $FRIENDICA_DOMAIN_NAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $FRIENDICA_DOMAIN_NAME
+        nginx_ssl "$FRIENDICA_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_read_timeout 30;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
     else
-        echo 'server {' > /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    root $FRIENDICA_PATH;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    server_name $FRIENDICA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        nginx_limits $FRIENDICA_DOMAIN_NAME
-        nginx_disable_sniffing $FRIENDICA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
+        { echo 'server {';
+          echo "    listen 127.0.0.1:${FRIENDICA_ONION_PORT} default_server;";
+          echo "    root $FRIENDICA_PATH;";
+          echo "    server_name $FRIENDICA_ONION_HOSTNAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;';
+          echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } > "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
+        nginx_limits "$FRIENDICA_DOMAIN_NAME"
+        nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo '        try_files $uri $uri/ /index.php;';
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_read_timeout 30;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
     fi
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $FRIENDICA_DOMAIN_NAME 'yes'
+    create_site_certificate "$FRIENDICA_DOMAIN_NAME" 'yes'
 
-    if [ ! -d $FRIENDICA_PATH/view/tpl/smarty3 ]; then
-        mkdir $FRIENDICA_PATH/view/tpl/smarty3
+    if [ ! -d "$FRIENDICA_PATH/view/tpl/smarty3" ]; then
+        mkdir "$FRIENDICA_PATH/view/tpl/smarty3"
     fi
     if [ ! -d "$FRIENDICA_PATH/store" ]; then
         mkdir "$FRIENDICA_PATH/store"
@@ -563,9 +565,9 @@ function install_friendica {
         mkdir "$FRIENDICA_PATH/store/[data]/smarty3"
         chmod 1777 "$FRIENDICA_PATH/store/[data]/smarty3"
     fi
-    chmod 1777 $FRIENDICA_PATH/view/tpl
+    chmod 1777 "$FRIENDICA_PATH/view/tpl"
     chown -R www-data:www-data "$FRIENDICA_PATH/store"
-    chmod 1777 $FRIENDICA_PATH/view/tpl/smarty3
+    chmod 1777 "$FRIENDICA_PATH/view/tpl/smarty3"
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -575,55 +577,55 @@ function install_friendica {
     function_check backup_database_local
     backup_database_local friendica
 
-    chown -R www-data:www-data $FRIENDICA_PATH
+    chown -R www-data:www-data "$FRIENDICA_PATH"
 
     function_check nginx_ensite
-    nginx_ensite $FRIENDICA_DOMAIN_NAME
+    nginx_ensite "$FRIENDICA_DOMAIN_NAME"
 
     # initialize the database
-    if [ ! -f $FRIENDICA_PATH/database.sql ]; then
+    if [ ! -f "$FRIENDICA_PATH/database.sql" ]; then
         echo $'No database schema found for friendica'
         exit 252782
     fi
     function_check initialise_database
-    initialise_database friendica $FRIENDICA_PATH/database.sql
+    initialise_database friendica "$FRIENDICA_PATH/database.sql"
 
     # create the config file
-    echo '<?php' > $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_host = 'localhost';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_user = 'root';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$db_data = 'friendica';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$default_timezone = 'Europe/London';" >> $FRIENDICA_PATH/.htconfig.php
+    { echo '<?php';
+      echo "\$db_host = 'localhost';";
+      echo "\$db_user = 'root';";
+      echo "\$db_pass = '${MARIADB_PASSWORD}';";
+      echo "\$db_data = 'friendica';";
+      echo "\$default_timezone = 'Europe/London';"; } > "$FRIENDICA_PATH/.htconfig.php"
     if [[ $ONION_ONLY == 'no' ]]; then
-        echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> $FRIENDICA_PATH/.htconfig.php
+        echo "\$a->config['system']['baseurl'] = 'https://${FRIENDICA_DOMAIN_NAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
     else
-        echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> $FRIENDICA_PATH/.htconfig.php
+        echo "\$a->config['system']['baseurl'] = 'http://${FRIENDICA_ONION_HOSTNAME}';" >> "$FRIENDICA_PATH/.htconfig.php"
     fi
-    echo "\$a->config['sitename'] = \"Friendica\";" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['register_policy'] = REGISTER_OPEN;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['register_text'] = '';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['no_regfullname'] = true;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['max_import_size'] = 200000;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['maximagesize'] = 800000;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['php_path'] = '/usr/bin/php';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['theme'] = 'vier';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['huburl'] = '[internal]';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['language'] = 'en';" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['rino_encrypt'] = 2;" >> $FRIENDICA_PATH/.htconfig.php
-    echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');" >> $FRIENDICA_PATH/.htconfig.php
-    chown www-data:www-data $FRIENDICA_PATH/.htconfig.php
-    chmod 755 $FRIENDICA_PATH/.htconfig.php
+    { echo "\$a->config['sitename'] = \"Friendica\";";
+      echo "\$a->config['register_policy'] = REGISTER_OPEN;";
+      echo "\$a->config['register_text'] = '';";
+      echo "\$a->config['admin_email'] = '${MY_EMAIL_ADDRESS}';";
+      echo "\$a->config['system']['no_regfullname'] = true;";
+      echo "\$a->config['max_import_size'] = 200000;";
+      echo "\$a->config['system']['maximagesize'] = 800000;";
+      echo "\$a->config['php_path'] = '/usr/bin/php';";
+      echo "\$a->config['system']['directory'] = 'http://dir.friendi.ca';";
+      echo "\$a->config['system']['allowed_themes'] = 'quattro,vier,duepuntozero,smoothly';";
+      echo "\$a->config['system']['theme'] = 'vier';";
+      echo "\$a->config['system']['huburl'] = '[internal]';";
+      echo "\$a->config['system']['language'] = 'en';";
+      echo "\$a->config['system']['rino_encrypt'] = 2;";
+      echo "\$a->config['system']['allowed_link_protocols'] = array('mailto', 'cid');"; } >> "$FRIENDICA_PATH/.htconfig.php"
+    chown www-data:www-data "$FRIENDICA_PATH/.htconfig.php"
+    chmod 755 "$FRIENDICA_PATH/.htconfig.php"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
     systemctl restart cron
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$FRIENDICA_DOMAIN_NAME" -g friendica --public no
 
     set_completion_param "friendica domain" "${FRIENDICA_DOMAIN_NAME}"
     APP_INSTALLED=1
diff --git a/src/freedombone-app-ghost b/src/freedombone-app-ghost
index fa5fb464..e5008d93 100755
--- a/src/freedombone-app-ghost
+++ b/src/freedombone-app-ghost
@@ -48,14 +48,14 @@ ghost_variables=(GHOST_DOMAIN_NAME
 
 function ghost_bust {
     # kill the started ghost process
-    kill_pid=$(ps aux | grep "ghost run" | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "ghost run" | head -n 1)
+    kill -9 "$kill_pid"
 
-    kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "ghost" | head -n 1)
+    kill -9 "$kill_pid"
 
-    kill_pid=$(ps aux | grep "ghost" | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "ghost" | head -n 1)
+    kill -9 "$kill_pid"
 }
 
 function logging_on_ghost {
@@ -77,9 +77,9 @@ function ghost_replace_jquery {
     sed -i "s|http://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
     sed -i "s|https://code.jquery.com/jquery.js|$curr_domain/jquery-${jquery_version}.js|g" current/node_modules/jsdom/README.md
 
-    cd /var/www/${GHOST_DOMAIN_NAME}/htdocs/current
-    find ./ -type f -exec sed -i -e 's|https://code.jquery.com|$curr_domain|g' {} \;
-    find ./ -type f -exec sed -i -e 's|http://code.jquery.com|$curr_domain|g' {} \;
+    cd "/var/www/${GHOST_DOMAIN_NAME}/htdocs/current" || exit 3468368
+    find ./ -type f -exec sed -i -e "s|https://code.jquery.com|$curr_domain|g" {} \;
+    find ./ -type f -exec sed -i -e "s|http://code.jquery.com|$curr_domain|g" {} \;
 }
 
 function ghost_rss_button {
@@ -98,14 +98,14 @@ function ghost_remove_offsite_links {
     ghost_rss_button
 
     # remove google font links
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current
-    find ./ -type f -exec sed -i -e 's/fonts.googleapis.com/$curr_domain/g' {} \;
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 246872424
+    find ./ -type f -exec sed -i -e "s/fonts.googleapis.com/$curr_domain/g" {} \;
 
     # copy jquery locally
     previous_jquery_version='1.12.0'
     jquery_version='1.12.4'
     if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/jquery-${jquery_version}.js ]; then
-        cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+        cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468746824
         wget https://code.jquery.com/jquery-${jquery_version}.js
         jquery_hash=$(sha256sum jquery-${jquery_version}.js | awk -F ' ' '{print $1}')
         if [[ "$jquery_hash" != '430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575' ]]; then
@@ -119,27 +119,27 @@ function ghost_remove_offsite_links {
 }
 
 function ghost_replace_proprietary_services {
-    replace_file=$1
+    replace_file="$1"
 
-    sed -i 's|Twitter Profile|GNU Social Profile|g' $replace_file
-    sed -i 's|Twitter profile|GNU Social Profile|g' $replace_file
-    sed -i 's|Twitter Username|GNU Social Username|g' $replace_file
-    sed -i 's|twitter.com|quitter.se|g' $replace_file
-    sed -i 's|Facebook Page|Hubzilla Channel|g' $replace_file
-    sed -i 's|Facebook Profile|Hubzilla Channel|g' $replace_file
-    sed -i 's|Facebook profile|Hubzilla Channel|g' $replace_file
-    sed -i 's|www.facebook.com/username|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/test|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' $replace_file
-    sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' $replace_file
-    sed -i 's|Facebook Username|Hubzilla Channel|g' $replace_file
-    sed -i 's|www.facebook.com|hubzilladomain|g' $replace_file
-    sed -i 's|facebook value|hubzilla value|g' $replace_file
+    sed -i 's|Twitter Profile|GNU Social Profile|g' "$replace_file"
+    sed -i 's|Twitter profile|GNU Social Profile|g' "$replace_file"
+    sed -i 's|Twitter Username|GNU Social Username|g' "$replace_file"
+    sed -i 's|twitter.com|quitter.se|g' "$replace_file"
+    sed -i 's|Facebook Page|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|Facebook Profile|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|Facebook profile|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|www.facebook.com/username|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/ghost|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/testuser|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/testing|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/test|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/yourUsername|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|www.facebook.com/yourPage|hubzilladomain/username|g' "$replace_file"
+    sed -i 's|Facebook Username|Hubzilla Channel|g' "$replace_file"
+    sed -i 's|www.facebook.com|hubzilladomain|g' "$replace_file"
+    sed -i 's|facebook value|hubzilla value|g' "$replace_file"
 
-    sed -i '/<section class="share">/,/<\/section>/d' $replace_file
+    sed -i '/<section class="share">/,/<\/section>/d' "$replace_file"
 }
 
 function ghost_replace_services {
@@ -163,7 +163,7 @@ function add_user_ghost {
 }
 
 function install_interactive_ghost {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -178,13 +178,13 @@ function install_interactive_ghost {
 }
 
 function change_password_ghost {
-    GHOST_USERNAME="$1"
+    #GHOST_USERNAME="$1"
     GHOST_PASSWORD="$2"
     if [ ${#GHOST_PASSWORD} -lt 8 ]; then
         echo $'Ghost password is too short'
         return
     fi
-    #${PROJECT_NAME}-pass -u $GHOST_USERNAME -a ghost -p "$GHOST_PASSWORD"
+    #"${PROJECT_NAME}-pass" -u "$GHOST_USERNAME" -a ghost -p "$GHOST_PASSWORD"
 }
 
 function reconfigure_ghost {
@@ -206,7 +206,7 @@ function upgrade_ghost {
     systemctl stop ghost
     ghost_bust
 
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 3468463
 
     npm i -g ghost-cli
     /usr/local/bin/ghost update &
@@ -220,26 +220,26 @@ function upgrade_ghost {
     chown -R root:root /usr/local/lib
     chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
     systemctl restart ghost
-    sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE}
+    sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
 }
 
 function backup_local_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
-    suspend_site ${GHOST_DOMAIN_NAME}
+    suspend_site "${GHOST_DOMAIN_NAME}"
     systemctl stop ghost
 
     ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
-    if [ -d $ghost_path ]; then
-        backup_directory_to_usb $ghost_path ghostcontent
+    if [ -d "$ghost_path" ]; then
+        backup_directory_to_usb "$ghost_path" ghostcontent
     fi
 
     ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
-    if [ -d $ghost_path ]; then
-        backup_directory_to_usb $ghost_path ghostcurrent
+    if [ -d "$ghost_path" ]; then
+        backup_directory_to_usb "$ghost_path" ghostcurrent
     fi
 
     systemctl start ghost
@@ -248,26 +248,26 @@ function backup_local_ghost {
 
 function restore_local_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
-    if [ $GHOST_DOMAIN_NAME ]; then
-        suspend_site ${GHOST_DOMAIN_NAME}
+    if [ "$GHOST_DOMAIN_NAME" ]; then
+        suspend_site "${GHOST_DOMAIN_NAME}"
         systemctl stop ghost
 
         temp_restore_dir=/root/tempghostcontent
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir ghostcontent
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-                cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+            if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+                cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
             else
-                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-                    mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+                if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+                    mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
                 fi
-                cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+                cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
             fi
-            chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+            chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
             rm -rf $temp_restore_dir
         fi
 
@@ -275,15 +275,15 @@ function restore_local_ghost {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir ghostcurrent
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-                cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+                cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
             else
-                if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-                    mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+                if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+                    mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
                 fi
-                cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+                cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
             fi
-            chown -R ghost:ghost /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            chown -R ghost:ghost "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
             rm -rf $temp_restore_dir
         fi
 
@@ -294,15 +294,15 @@ function restore_local_ghost {
 
 function backup_remote_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
 
-    suspend_site ${GHOST_DOMAIN_NAME}
+    suspend_site "${GHOST_DOMAIN_NAME}"
 
     temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/content
-    if [ -d $temp_backup_dir ]; then
-        backup_directory_to_friend $temp_backup_dir ghostcontent
+    if [ -d "$temp_backup_dir" ]; then
+        backup_directory_to_friend "$temp_backup_dir" ghostcontent
     else
         restart_site
         echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
@@ -310,8 +310,8 @@ function backup_remote_ghost {
     fi
 
     temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs/current/content
-    if [ -d $temp_backup_dir ]; then
-        backup_directory_to_friend $temp_backup_dir ghostcurrent
+    if [ -d "$temp_backup_dir" ]; then
+        backup_directory_to_friend "$temp_backup_dir" ghostcurrent
     else
         restart_site
         echo $"Ghost domain specified but not found in $temp_backup_dir"
@@ -323,10 +323,10 @@ function backup_remote_ghost {
 
 function restore_remote_ghost {
     GHOST_DOMAIN_NAME='ghost.local'
-    if grep -q "ghost domain" $COMPLETION_FILE; then
+    if grep -q "ghost domain" "$COMPLETION_FILE"; then
         GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
     fi
-    suspend_site ${GHOST_DOMAIN_NAME}
+    suspend_site "${GHOST_DOMAIN_NAME}"
 
     systemctl stop ghost
 
@@ -334,15 +334,15 @@ function restore_remote_ghost {
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir ghostcontent
     if [ -d $temp_restore_dir ]; then
-        if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-            cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+        if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+            cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
         else
-            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
-                mkdir /var/www/$GHOST_DOMAIN_NAME/htdocs/content
+            if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
+                mkdir "/var/www/$GHOST_DOMAIN_NAME/htdocs/content"
             fi
-            cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/content/
+            cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/content/"
         fi
-        chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
+        chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
         rm -rf $temp_restore_dir
     fi
 
@@ -350,15 +350,15 @@ function restore_remote_ghost {
     function_check restore_directory_from_friend
     restore_directory_from_friend $temp_restore_dir ghostcurrent
     if [ -d $temp_restore_dir ]; then
-        if [ -d $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-            cp -r $temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+        if [ -d "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+            cp -r "$temp_restore_dir/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/*" "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
         else
-            if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content ]; then
-                mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content
+            if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content" ]; then
+                mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content"
             fi
-            cp -r $temp_restore_dir/* /var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/
+            cp -r $temp_restore_dir/* "/var/www/$GHOST_DOMAIN_NAME/htdocs/current/content/"
         fi
-        chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
+        chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
         rm -rf $temp_restore_dir
     fi
 
@@ -382,27 +382,27 @@ function remove_ghost {
     remove_nodejs ghost
 
     read_config_param "GHOST_DOMAIN_NAME"
-    nginx_dissite $GHOST_DOMAIN_NAME
-    remove_certs ${GHOST_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME
+    nginx_dissite "$GHOST_DOMAIN_NAME"
+    remove_certs "${GHOST_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$GHOST_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$GHOST_DOMAIN_NAME ]; then
-        rm -rf /var/www/$GHOST_DOMAIN_NAME
+    if [ -d "/var/www/$GHOST_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$GHOST_DOMAIN_NAME"
     fi
     remove_config_param GHOST_DOMAIN_NAME
     remove_config_param GHOST_CODE
     function_check remove_onion_service
     remove_onion_service ghost ${GHOST_ONION_PORT}
     remove_completion_param "install_ghost"
-    sed -i '/Ghost/d' $COMPLETION_FILE
-    sed -i '/ghost/d' $COMPLETION_FILE
+    sed -i '/Ghost/d' "$COMPLETION_FILE"
+    sed -i '/ghost/d' "$COMPLETION_FILE"
 
     groupdel -f ghost
     userdel -r ghost
 
     function_check remove_ddns_domain
-    remove_ddns_domain $GHOST_DOMAIN_NAME
+    remove_ddns_domain "$GHOST_DOMAIN_NAME"
 }
 
 function install_ghost {
@@ -412,7 +412,7 @@ function install_ghost {
         ONION_ONLY='no'
     fi
 
-    if [ ! $GHOST_DOMAIN_NAME ]; then
+    if [ ! "$GHOST_DOMAIN_NAME" ]; then
         echo $'The ghost domain name was not specified'
         exit 5062
     fi
@@ -420,10 +420,10 @@ function install_ghost {
     # for the avatar changing command
     apt-get -yq install unzip wget
 
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$GHOST_DOMAIN_NAME/htdocs"
     fi
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs" || exit 26422842
 
     function_check install_nodejs
     install_nodejs ghost
@@ -440,66 +440,66 @@ function install_ghost {
     npm install -g yarn
     yarn install --no-emoji --no-progress
     yarn cache clean
-    adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost
-    rm -rf /var/www/$GHOST_DOMAIN_NAME/htdocs/*
+    adduser --system --home="/var/www/${GHOST_DOMAIN_NAME}/htdocs/" --group ghost
+    rm -rf "/var/www/$GHOST_DOMAIN_NAME/htdocs/*"
     printf 'y' | ghost install ${GHOST_VERSION} --user ghost --db=sqlite3 --port ${GHOST_PORT} --verbose
 
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/versions ]; then
+    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions" ]; then
         echo $'versions directory was not found'
         exit 782523462
     fi
-    if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs/content ]; then
+    if [ ! -d "/var/www/$GHOST_DOMAIN_NAME/htdocs/content" ]; then
         echo $'content directory was not found'
         exit 68352682
     fi
 
     npm install -g knex-migrator
-    if [ ! -f /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js ]; then
+    if [ ! -f "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" ]; then
         echo $'MigratorConfig.js was not found'
         exit 62783538
     fi
-    cp /var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js /var/www/$GHOST_DOMAIN_NAME/htdocs
-    chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs
-    cd /var/www/$GHOST_DOMAIN_NAME/htdocs/current
+    cp "/var/www/$GHOST_DOMAIN_NAME/htdocs/versions/${GHOST_VERSION}/MigratorConfig.js" "/var/www/$GHOST_DOMAIN_NAME/htdocs"
+    chown -R ghost: "/var/www/$GHOST_DOMAIN_NAME/htdocs"
+    cd "/var/www/$GHOST_DOMAIN_NAME/htdocs/current" || exit 783452464
     knex-migrator init
 
     ghost_bust
 
-    echo '{' > /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+    echo '{' > "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
     if [[ "$ONION_ONLY" == 'no' ]]; then
         # NOTE: url must be http, not https
-        echo "  \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+        echo "  \"url\": \"http://${GHOST_DOMAIN_NAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
     else
-        echo "  \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+        echo "  \"url\": \"http://${GHOST_ONION_HOSTNAME}\"," >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
     fi
-    echo '    "paths": {' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
-    echo "        \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"" >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
-    echo '    }' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
-    echo '}' >> /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json
+    { echo '    "paths": {';
+      echo "        \"contentPath\": \"/var/www/${GHOST_DOMAIN_NAME}/htdocs/content\"";
+      echo '    }';
+      echo '}'; } >> "/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.development.json"
 
-    echo '[Unit]' > /etc/systemd/system/ghost.service
-    echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service
-    echo 'After=syslog.target' >> /etc/systemd/system/ghost.service
-    echo 'After=network.target' >> /etc/systemd/system/ghost.service
-    echo '' >> /etc/systemd/system/ghost.service
-    echo '[Service]' >> /etc/systemd/system/ghost.service
-    echo 'Type=simple' >> /etc/systemd/system/ghost.service
-    echo 'User=ghost' >> /etc/systemd/system/ghost.service
-    echo 'Group=ghost' >> /etc/systemd/system/ghost.service
-    echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs" >> /etc/systemd/system/ghost.service
-    echo "ExecStart=/usr/local/bin/ghost run -D" >> /etc/systemd/system/ghost.service
-    echo "ExecStop=/usr/local/bin/ghost stop" >> /etc/systemd/system/ghost.service
-    echo "ExecRestart=/usr/local/bin/ghost restart" >> /etc/systemd/system/ghost.service
-    echo 'Restart=always' >> /etc/systemd/system/ghost.service
-    echo 'RestartSec=60' >> /etc/systemd/system/ghost.service
-    echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}" >> /etc/systemd/system/ghost.service
-    echo '' >> /etc/systemd/system/ghost.service
-    echo '[Install]' >> /etc/systemd/system/ghost.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ghost.service
+    { echo '[Unit]';
+      echo 'Description=Ghost Blog';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=ghost';
+      echo 'Group=ghost';
+      echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs";
+      echo "ExecStart=/usr/local/bin/ghost run -D";
+      echo "ExecStop=/usr/local/bin/ghost stop";
+      echo "ExecRestart=/usr/local/bin/ghost restart";
+      echo 'Restart=always';
+      echo 'RestartSec=60';
+      echo "Environment=NODE_ENV=development PORT=${GHOST_PORT}";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ghost.service
 
     ghost_remove_offsite_links
 
-    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
+    chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
 
     systemctl enable ghost
     systemctl daemon-reload
@@ -507,94 +507,94 @@ function install_ghost {
 
     if [[ ${ONION_ONLY} == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect ${GHOST_DOMAIN_NAME}
-        echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    root /var/www/${GHOST_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    server_name ${GHOST_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_http_redirect "${GHOST_DOMAIN_NAME}"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root /var/www/${GHOST_DOMAIN_NAME}/htdocs;";
+          echo "    server_name ${GHOST_DOMAIN_NAME};";
+          echo '    access_log /dev/null;';
+          echo "    error_log /dev/null;";
+          echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
         function_check nginx_ssl
-        nginx_ssl ${GHOST_DOMAIN_NAME}
+        nginx_ssl "${GHOST_DOMAIN_NAME}"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
-        echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
+        { echo '    add_header Strict-Transport-Security max-age=0;';
+          echo '';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
         function_check nginx_limits
-        nginx_limits ${GHOST_DOMAIN_NAME} '10G'
-        echo "        proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
+        { echo "        proxy_pass http://localhost:${GHOST_PORT};";
+          echo '    }';
+          echo '';
+          echo '    fastcgi_buffers 64 4K;';
+          echo '';
+          echo '    error_page 403 /core/templates/403.php;';
+          echo '    error_page 404 /core/templates/404.php;';
+          echo '';
+          echo '    location = /robots.txt {';
+          echo '        allow all;';
+          echo '        log_not_found off;';
+          echo '        access_log /dev/null;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     else
-        echo -n '' > /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+        echo -n '' > "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    listen 127.0.0.1:${GHOST_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    root /var/www/$GHOST_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    server_name $GHOST_ONION_HOSTNAME;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${GHOST_ONION_PORT} default_server;";
+      echo "    root /var/www/$GHOST_DOMAIN_NAME/htdocs;";
+      echo "    server_name $GHOST_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
+    { echo '    add_header Strict-Transport-Security max-age=0;';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
     function_check nginx_limits
-    nginx_limits ${GHOST_DOMAIN_NAME} '10G'
-    echo "        proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
+    nginx_limits "${GHOST_DOMAIN_NAME}" '10G'
+    { echo "        proxy_pass http://localhost:${GHOST_PORT};";
+      echo '    }';
+      echo '';
+      echo '    fastcgi_buffers 64 4K;';
+      echo '';
+      echo '    error_page 403 /core/templates/403.php;';
+      echo '    error_page 404 /core/templates/404.php;';
+      echo '';
+      echo '    location = /robots.txt {';
+      echo '        allow all;';
+      echo '        log_not_found off;';
+      echo '        access_log /dev/null;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
 
     function_check create_site_certificate
-    create_site_certificate $GHOST_DOMAIN_NAME 'yes'
+    create_site_certificate "$GHOST_DOMAIN_NAME" 'yes'
 
     ghost_replace_services
 
     function_check nginx_ensite
-    nginx_ensite $GHOST_DOMAIN_NAME
+    nginx_ensite "$GHOST_DOMAIN_NAME"
 
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a ghost -p "$GHOST_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a ghost -p "$GHOST_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $GHOST_DOMAIN_NAME
+    add_ddns_domain "$GHOST_DOMAIN_NAME"
 
     chown root:root /usr/local/bin/ghost
     chown -R root:root /usr/local/lib
-    chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs
+    chown -R ghost: "/var/www/${GHOST_DOMAIN_NAME}/htdocs"
     set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
-    if ! grep -q "ghost version:" ${COMPLETION_FILE}; then
-        echo "ghost version:${GHOST_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "ghost version:" "${COMPLETION_FILE}"; then
+        echo "ghost version:${GHOST_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|ghost version.*|ghost version:${GHOST_VERSION}|g" "${COMPLETION_FILE}"
     fi
 
     APP_INSTALLED=1
diff --git a/src/freedombone-app-gnusocial b/src/freedombone-app-gnusocial
index 765313ad..87dbbf4a 100755
--- a/src/freedombone-app-gnusocial
+++ b/src/freedombone-app-gnusocial
@@ -68,19 +68,19 @@ function logging_off_gnusocial {
 function gnusocial_fix_endless_reloads {
     # This fixes a bug introduced with commit 5f7032dfee1fd202c14e76a9f8b37af35d584901
     # and which causes OrFox to endlessly reload the page
-    sed -i 's| && common_local_referer()||g' /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/lib/apiauthaction.php
+    sed -i 's| && common_local_referer()||g' "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/lib/apiauthaction.php"
 }
 
 function remove_user_gnusocial {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp gnusocial
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp gnusocial
 
     function_check get_completion_param
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-    if [ -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
-        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-        php scripts/deleteprofile.php -n $remove_username -y
+    if [ -d "/var/www/$GNUSOCIAL_DOMAIN_NAME" ]; then
+        cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 236482468
+        php scripts/deleteprofile.php -n "$remove_username" -y
     fi
 }
 
@@ -88,13 +88,13 @@ function add_user_gnusocial {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a gnusocial -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a gnusocial -p "$new_user_password"
 
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs ]; then
-        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-        php scripts/registeruser.php -n $new_username -w "$new_user_password" -e "$new_username@$HOSTNAME"
-        ${PROJECT_NAME}-addemail -u $new_username -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
+    if [ -d "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs" ]; then
+        cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 27462842
+        php scripts/registeruser.php -n "$new_username" -w "$new_user_password" -e "$new_username@$HOSTNAME"
+        "${PROJECT_NAME}-addemail" -u "$new_username" -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
         echo '0'
     else
         echo '1'
@@ -102,7 +102,7 @@ function add_user_gnusocial {
 }
 
 function install_interactive_gnusocial {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -112,54 +112,55 @@ function install_interactive_gnusocial {
         GNUSOCIAL_DETAILS_COMPLETE=
         while [ ! $GNUSOCIAL_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"GNU Social Configuration" \
-                       --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'GNUSOCIAL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$GNUSOCIAL_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$GNUSOCIAL_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       $"Title:" 2 1 "$(grep "$GNUSOCIAL_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$GNUSOCIAL_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
                        $"Code:" 4 1 "$(grep 'GNUSOCIAL_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"GNU Social Configuration" \
-                       --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'GNUSOCIAL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$GNUSOCIAL_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$GNUSOCIAL_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
-                       2> $data
+                       $"Title:" 2 1 "$(grep "$GNUSOCIAL_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$GNUSOCIAL_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            GNUSOCIAL_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            title=$(cat $data | sed -n 2p)
+            GNUSOCIAL_DOMAIN_NAME=$(sed -n 1p < "$data")
+            title=$(sed -n 2p < "$data")
             if [ ${#title} -gt 1 ]; then
-                GNUSOCIAL_TITLE=$welcome_msg
+                GNUSOCIAL_TITLE="$title"
             fi
-            img_url=$(cat $data | sed -n 3p)
+            img_url=$(sed -n 3p < "$data")
             if [ ${#img_url} -gt 1 ]; then
                 GNUSOCIAL_BACKGROUND_IMAGE_URL=$img_url
             fi
-            if [ $GNUSOCIAL_DOMAIN_NAME ]; then
-                if [[ $GNUSOCIAL_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            if [ "$GNUSOCIAL_DOMAIN_NAME" ]; then
+                if [[ "$GNUSOCIAL_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     GNUSOCIAL_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$GNUSOCIAL_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $GNUSOCIAL_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$GNUSOCIAL_DOMAIN_NAME" ]]; then
                     GNUSOCIAL_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        GNUSOCIAL_CODE=$(cat $data | sed -n 4p)
+                        GNUSOCIAL_CODE=$(sed -n 4p < "$data")
                         validate_freedns_code "$GNUSOCIAL_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             GNUSOCIAL_DOMAIN_NAME=
                         fi
                     fi
@@ -168,11 +169,12 @@ function install_interactive_gnusocial {
             if [ $GNUSOCIAL_DOMAIN_NAME ]; then
                 GNUSOCIAL_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # remove any invalid characters
         if [ ${#GNUSOCIAL_TITLE} -gt 0 ]; then
-            new_title=$(echo "$GNUSOCIAL_TITLE" | sed "s|'||g")
+            new_title=${GNUSOCIAL_TITLE//\'/}
             GNUSOCIAL_TITLE="$new_title"
         fi
 
@@ -191,26 +193,26 @@ function change_password_gnusocial {
 
     read_config_param 'GNUSOCIAL_DOMAIN_NAME'
 
-    cd /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/scripts
+    cd "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/scripts" || exit 246824642
     php setpassword.php "$curr_username" "$new_user_password"
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a gnusocial -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a gnusocial -p "$new_user_password"
 }
 
 function gnusocial_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        GNUSOCIAL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        GNUSOCIAL_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $GNUSOCIAL_ADMIN_PASSWORD ]; then
-            GNUSOCIAL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$GNUSOCIAL_ADMIN_PASSWORD" ]; then
+            GNUSOCIAL_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $GNUSOCIAL_ADMIN_PASSWORD ]; then
+    if [ ! "$GNUSOCIAL_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database gnusocial "$GNUSOCIAL_ADMIN_PASSWORD" $MY_USERNAME
+    create_database gnusocial "$GNUSOCIAL_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_gnusocial {
@@ -220,71 +222,72 @@ function reconfigure_gnusocial {
 function gnusocial_set_background_image {
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"GNU Social" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a background image URL' 10 60 2>$data
+           --inputbox $'Set a background image URL' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_background=$(<$data)
+            temp_background=$(<"$data")
             if [ ${#temp_background} -gt 0 ]; then
                 GNUSOCIAL_BACKGROUND_IMAGE_URL="$temp_background"
                 write_config_param "GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_BACKGROUND_IMAGE_URL"
-                if [[ $(pleroma_set_background_image_from_url /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE" | tail -n 1) == "0" ]]; then
+                if [[ $(pleroma_set_background_image_from_url "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE" | tail -n 1) == "0" ]]; then
                     dialog --title $"Set GNU Social login background" \
                            --msgbox $"The background image has been set" 6 60
                 fi
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function gnusocial_set_title {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"GNU Social" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a title' 10 60 2>$data
+           --inputbox $'Set a title' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_title=$(<$data)
+            new_title=$(<"$data")
             if [ ${#new_title} -gt 0 ]; then
                 GNUSOCIAL_TITLE="$new_title"
                 GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
                 write_config_param "GNUSOCIAL_TITLE" "$GNUSOCIAL_TITLE"
-                cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/static
+                cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/static" || exit 246824242
                 sed -i "s|\"name\":.*|\"name\": \"${GNUSOCIAL_TITLE}\",|g" config.json
                 dialog --title $"Set GNU Social title" \
                        --msgbox $"The title has been set" 6 60
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function gnusocial_set_expire_months {
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     read_config_param "GNUSOCIAL_EXPIRE_MONTHS"
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"GNU Social" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$GNUSOCIAL_EXPIRE_MONTHS" 2>$data
+           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$GNUSOCIAL_EXPIRE_MONTHS" 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_expiry_months=$(<$data)
+            new_expiry_months=$(<"$data")
             if [ ${#new_expiry_months} -gt 0 ]; then
                 # should contain no spaces
                 if [[ "$new_expiry_months" == *" "* ]]; then
+                    rm -f "$data"
                     return
                 fi
                 # should be a number
                 re='^[0-9]+$'
                 if ! [[ $new_expiry_months =~ $re ]] ; then
+                    rm -f "$data"
                     return
                 fi
                 # set the new value
@@ -296,14 +299,14 @@ function gnusocial_set_expire_months {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_gnusocial {
     read_config_param GNUSOCIAL_EXPIRE_MONTHS
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"GNU Social" \
                --radiolist $"Choose an operation:" 16 70 7 \
@@ -313,13 +316,15 @@ function configure_interactive_gnusocial {
                4 $"Select Qvitter user interface" off \
                5 $"Select Pleroma user interface" off \
                6 $"Select Classic user interface" off \
-               7 $"Exit" on 2> $data
+               7 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) gnusocial_set_background_image;;
             2) gnusocial_set_title;;
             3) gnusocial_set_expire_months;;
@@ -328,6 +333,7 @@ function configure_interactive_gnusocial {
             6) gnusocial_use_classic gnusocial;;
             7) break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -337,67 +343,67 @@ function upgrade_gnusocial {
         return
     fi
 
-    if grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs "gnusocial commit" "$GNUSOCIAL_COMMIT" $GNUSOCIAL_REPO
+    set_repo_commit "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" "gnusocial commit" "$GNUSOCIAL_COMMIT" "$GNUSOCIAL_REPO"
 
     gnusocial_fix_endless_reloads
 
     # Ensure that installation script is removed
-    if [ -f /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/install.php ]; then
-        rm /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/install.php
+    if [ -f "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/install.php" ]; then
+        rm "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/install.php"
     fi
 
-    if [ -f /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index_qvitter.php ]; then
-        if [ -f /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index.php ]; then
-            mv /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index.php /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index_qvitter.php
+    if [ -f "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index_qvitter.php" ]; then
+        if [ -f "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index.php" ]; then
+            mv "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index.php" "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/index_qvitter.php"
         fi
     fi
 
     gnusocial_block_user_script
-    gnusocial_block_domain_script gnusocial $GNUSOCIAL_DOMAIN_NAME
+    gnusocial_block_domain_script gnusocial "$GNUSOCIAL_DOMAIN_NAME"
 
-    gnusocial_hourly_script gnusocial $GNUSOCIAL_DOMAIN_NAME
-    if [ -d $INSTALL_DIR/pleroma ]; then
+    gnusocial_hourly_script gnusocial "$GNUSOCIAL_DOMAIN_NAME"
+    if [ -d "$INSTALL_DIR/pleroma" ]; then
         upgrade_pleroma_frontend "$GNUSOCIAL_DOMAIN_NAME" "gnusocial" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
     fi
     install_gnusocial_default_background "gnusocial" "$GNUSOCIAL_DOMAIN_NAME"
-    chown -R www-data:www-data /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_gnusocial {
     GNUSOCIAL_DOMAIN_NAME='gnusocial'
-    if grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     fi
 
     # don't backup more data than we need to
     /etc/cron.daily/gnusocial-expire
 
-    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    source_directory="/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup"
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static" "$source_directory"
     fi
 
     function_check suspend_site
-    suspend_site ${GNUSOCIAL_DOMAIN_NAME}
+    suspend_site "${GNUSOCIAL_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=gnusocialconfig
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
-    source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
+    source_directory="/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file"
     dest_directory=gnusocialfile
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check backup_database_to_usb
     backup_database_to_usb gnusocial
@@ -407,16 +413,16 @@ function backup_local_gnusocial {
 }
 
 function restore_local_gnusocial {
-    if ! grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if ! grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         return
     fi
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-    if [ $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ "$GNUSOCIAL_DOMAIN_NAME" ]; then
         echo $"Restoring gnusocial"
         temp_restore_dir=/root/tempgnusocial
-        gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
+        gnusocial_dir="/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs"
         # stop the daemons
-        cd $gnusocial_dir
+        cd "$gnusocial_dir" || exit 24627248428
         scripts/stopdaemons.sh
 
         function_check gnusocial_create_database
@@ -430,36 +436,36 @@ function restore_local_gnusocial {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir gnusocialconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$gnusocial_dir ]; then
-                cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
-                cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
+            if [ -d "$temp_restore_dir$gnusocial_dir" ]; then
+                cp "$temp_restore_dir$gnusocial_dir/backup/config.php" "$gnusocial_dir/"
+                cp -rp "$temp_restore_dir$gnusocial_dir/static" "$gnusocial_dir/"
             else
-                cp $temp_restore_dir/backup/config.php $gnusocial_dir/
-                if [ ! -d $gnusocial_dir/static ]; then
-                    mkdir $gnusocial_dir/static
+                cp "$temp_restore_dir/backup/config.php" "$gnusocial_dir/"
+                if [ ! -d "$gnusocial_dir/static" ]; then
+                    mkdir "$gnusocial_dir/static"
                 fi
-                cp -rp $temp_restore_dir/static/* $gnusocial_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$gnusocial_dir/static/"
             fi
-            chown www-data:www-data $gnusocial_dir/config.php
-            chown -R www-data:www-data $gnusocial_dir/static
+            chown www-data:www-data "$gnusocial_dir/config.php"
+            chown -R www-data:www-data "$gnusocial_dir/static"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_usb $temp_restore_dir gnusocialfile
-        if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$gnusocial_dir/file ]; then
-                cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
+        if [ -d "$temp_restore_dir" ]; then
+            if [ -d "$temp_restore_dir$gnusocial_dir/file" ]; then
+                cp -rp "$temp_restore_dir$gnusocial_dir/file" "$gnusocial_dir/"
             else
-                if [ ! -d $gnusocial_dir/file ]; then
-                    mkdir $gnusocial_dir/file
+                if [ ! -d "$gnusocial_dir/file" ]; then
+                    mkdir "$gnusocial_dir/file"
                 fi
-                cp -rp $temp_restore_dir/* $gnusocial_dir/file
+                cp -rp "$temp_restore_dir/*" "$gnusocial_dir/file"
             fi
-            chown -R www-data:www-data $gnusocial_dir/file
-            rm -rf $temp_restore_dir
+            chown -R www-data:www-data "$gnusocial_dir/file"
+            rm -rf "$temp_restore_dir"
         fi
 
-        gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
+        gnusocial_update_after_restore gnusocial "${GNUSOCIAL_DOMAIN_NAME}"
 
         echo $"Restore of gnusocial complete"
     fi
@@ -467,7 +473,7 @@ function restore_local_gnusocial {
 
 function backup_remote_gnusocial {
     GNUSOCIAL_DOMAIN_NAME='gnusocial'
-    if grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
     fi
 
@@ -475,24 +481,24 @@ function backup_remote_gnusocial {
     /etc/cron.daily/gnusocial-expire
 
     source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static" "$source_directory"
     fi
 
     function_check suspend_site
-    suspend_site ${GNUSOCIAL_DOMAIN_NAME}
+    suspend_site "${GNUSOCIAL_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=gnusocialconfig
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/file
     dest_directory=gnusocialfile
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check backup_database_to_friend
     backup_database_to_friend gnusocial
@@ -502,16 +508,16 @@ function backup_remote_gnusocial {
 }
 
 function restore_remote_gnusocial {
-    if ! grep -q "gnusocial domain" $COMPLETION_FILE; then
+    if ! grep -q "gnusocial domain" "$COMPLETION_FILE"; then
         return
     fi
     GNUSOCIAL_DOMAIN_NAME=$(get_completion_param "gnusocial domain")
-    if [ $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ "$GNUSOCIAL_DOMAIN_NAME" ]; then
         echo $"Restoring gnusocial"
         temp_restore_dir=/root/tempgnusocial
         gnusocial_dir=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd $gnusocial_dir
+        cd "$gnusocial_dir" || exit 2468246824
         scripts/stopdaemons.sh
 
         function_check gnusocial_create_database
@@ -526,36 +532,36 @@ function restore_remote_gnusocial {
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir gnusocialconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$gnusocial_dir ]; then
-                cp $temp_restore_dir$gnusocial_dir/backup/config.php $gnusocial_dir/
-                cp -rp $temp_restore_dir$gnusocial_dir/static $gnusocial_dir/
+            if [ -d "$temp_restore_dir$gnusocial_dir" ]; then
+                cp "$temp_restore_dir$gnusocial_dir/backup/config.php" "$gnusocial_dir/"
+                cp -rp "$temp_restore_dir$gnusocial_dir/static" "$gnusocial_dir/"
             else
-                cp $temp_restore_dir/backup/config.php $gnusocial_dir/
-                if [ ! -d $gnusocial_dir/static ]; then
-                    mkdir $gnusocial_dir/static
+                cp "$temp_restore_dir/backup/config.php" "$gnusocial_dir/"
+                if [ ! -d "$gnusocial_dir/static" ]; then
+                    mkdir "$gnusocial_dir/static"
                 fi
-                cp -rp $temp_restore_dir/static/* $gnusocial_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$gnusocial_dir/static/"
             fi
-            chown www-data:www-data $gnusocial_dir/config.php
-            chown -R www-data:www-data $gnusocial_dir/static
+            chown www-data:www-data "$gnusocial_dir/config.php"
+            chown -R www-data:www-data "$gnusocial_dir/static"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_friend $temp_restore_dir gnusocialfile
         if [ -d $temp_restore_dir ]; then
-            if [ ! -d $temp_restore_dir$gnusocial_dir/file ]; then
-                cp -rp $temp_restore_dir$gnusocial_dir/file $gnusocial_dir/
+            if [ ! -d "$temp_restore_dir$gnusocial_dir/file" ]; then
+                cp -rp "$temp_restore_dir$gnusocial_dir/file" "$gnusocial_dir/"
             else
-                if [ ! -d $gnusocial_dir/file ]; then
-                    mkdir $gnusocial_dir/file
+                if [ ! -d "$gnusocial_dir/file" ]; then
+                    mkdir "$gnusocial_dir/file"
                 fi
-                cp -rp $temp_restore_dir/* $gnusocial_dir/file/
+                cp -rp "$temp_restore_dir/*" "$gnusocial_dir/file/"
             fi
-            chown -R www-data:www-data $gnusocial_dir/file
+            chown -R www-data:www-data "$gnusocial_dir/file"
             rm -rf $temp_restore_dir
         fi
 
-        gnusocial_update_after_restore gnusocial ${GNUSOCIAL_DOMAIN_NAME}
+        gnusocial_update_after_restore gnusocial "${GNUSOCIAL_DOMAIN_NAME}"
 
         echo $"Restore of gnusocial complete"
     fi
@@ -571,23 +577,23 @@ function remove_gnusocial {
     read_config_param "GNUSOCIAL_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $GNUSOCIAL_DOMAIN_NAME"
-    nginx_dissite $GNUSOCIAL_DOMAIN_NAME
-    remove_certs $GNUSOCIAL_DOMAIN_NAME
+    nginx_dissite "$GNUSOCIAL_DOMAIN_NAME"
+    remove_certs "$GNUSOCIAL_DOMAIN_NAME"
     if [ -f /etc/cron.hourly/gnusocial-daemons ]; then
         rm /etc/cron.hourly/gnusocial-daemons
     fi
-    if [ -f /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
-        cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+    if [ -f "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh" ]; then
+        cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 2648244287
         scripts/stopdaemons.sh
     fi
-    kill_pid=$(ps aux | grep /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
+    kill -9 "$kill_pid"
 
-    if [ -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
-        rm -rf /var/www/$GNUSOCIAL_DOMAIN_NAME
+    if [ -d "/var/www/$GNUSOCIAL_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$GNUSOCIAL_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database gnusocial
@@ -598,7 +604,7 @@ function remove_gnusocial {
     fi
     remove_app gnusocial
     remove_completion_param install_gnusocial
-    sed -i '/gnusocial/d' $COMPLETION_FILE
+    sed -i '/gnusocial/d' "$COMPLETION_FILE"
     remove_backup_database_local gnusocial
 
     if grep -q 'gnusocial-firewall' /etc/crontab; then
@@ -606,11 +612,11 @@ function remove_gnusocial {
     fi
 
     function_check remove_ddns_domain
-    remove_ddns_domain $GNUSOCIAL_DOMAIN_NAME
+    remove_ddns_domain "$GNUSOCIAL_DOMAIN_NAME"
 }
 
 function install_gnusocial_main {
-    if [ ! $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ ! "$GNUSOCIAL_DOMAIN_NAME" ]; then
         echo $'No domain name was given for gnusocial'
         exit 7359
     fi
@@ -619,7 +625,7 @@ function install_gnusocial_main {
         return
     fi
 
-    gnusocial_hourly_script gnusocial $GNUSOCIAL_DOMAIN_NAME
+    gnusocial_hourly_script gnusocial "$GNUSOCIAL_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -633,38 +639,38 @@ function install_gnusocial_main {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME ]; then
-        mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME
+    if [ ! -d "/var/www/$GNUSOCIAL_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$GNUSOCIAL_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/gnusocial ]; then
-            mkdir /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-            cp -r -p /repos/gnusocial/. /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-            cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/gnusocial/. "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
+            cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 24682628424
             git pull
         else
             function_check git_clone
-            git_clone $GNUSOCIAL_REPO /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
+            git_clone "$GNUSOCIAL_REPO" "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone gnusocial repo'
             exit 87525
         fi
     fi
 
-    cd /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-    git checkout $GNUSOCIAL_COMMIT -b $GNUSOCIAL_COMMIT
+    cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 26482468482
+    git checkout "$GNUSOCIAL_COMMIT" -b "$GNUSOCIAL_COMMIT"
     set_completion_param "gnusocial commit" "$GNUSOCIAL_COMMIT"
 
     gnusocial_fix_endless_reloads
 
-    chmod g+w /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/avatar
-    chmod a+w /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/file
-    chown -R www-data:www-data /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs
-    chmod +x /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/maildaemon.php
+    chmod g+w "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/avatar"
+    chmod a+w "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/file"
+    chown -R www-data:www-data "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs"
+    chmod +x "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/maildaemon.php"
 
     function_check gnusocial_create_database
     gnusocial_create_database
@@ -680,118 +686,118 @@ function install_gnusocial_main {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $GNUSOCIAL_DOMAIN_NAME
+    add_ddns_domain "$GNUSOCIAL_DOMAIN_NAME"
 
     GNUSOCIAL_ONION_HOSTNAME=$(add_onion_service gnusocial 80 ${GNUSOCIAL_ONION_PORT})
 
     gnusocial_nginx_site=/etc/nginx/sites-available/$GNUSOCIAL_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $GNUSOCIAL_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $gnusocial_nginx_site
-        echo '  listen 443 ssl;' >> $gnusocial_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $gnusocial_nginx_site
-        echo "  server_name $GNUSOCIAL_DOMAIN_NAME;" >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
+        nginx_http_redirect "$GNUSOCIAL_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $GNUSOCIAL_DOMAIN_NAME;";
+          echo ''; } >> "$gnusocial_nginx_site"
         function_check nginx_compress
-        nginx_compress $GNUSOCIAL_DOMAIN_NAME
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Security' >> $gnusocial_nginx_site
+        nginx_compress "$GNUSOCIAL_DOMAIN_NAME"
+        echo '' >> "$gnusocial_nginx_site"
+        echo '  # Security' >> "$gnusocial_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $GNUSOCIAL_DOMAIN_NAME
+        nginx_ssl "$GNUSOCIAL_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $GNUSOCIAL_DOMAIN_NAME
+        nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Logs' >> $gnusocial_nginx_site
-        echo '  access_log /dev/null;' >> $gnusocial_nginx_site
-        echo '  error_log /dev/null;' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Root' >> $gnusocial_nginx_site
-        echo "  root /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs;" >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Index' >> $gnusocial_nginx_site
-        echo '  index index.php;' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # PHP' >> $gnusocial_nginx_site
-        echo '  location ~ \.php {' >> $gnusocial_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
-        echo '  }' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Location' >> $gnusocial_nginx_site
-        echo '  location / {' >> $gnusocial_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$gnusocial_nginx_site"
         function_check nginx_limits
-        nginx_limits $GNUSOCIAL_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @gnusocial;' >> $gnusocial_nginx_site
-        echo '  }' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Fancy URLs' >> $gnusocial_nginx_site
-        echo '  location @gnusocial {' >> $gnusocial_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $gnusocial_nginx_site
-        echo '  }' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $gnusocial_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
-        echo '    deny all;' >> $gnusocial_nginx_site
-        echo '  }' >> $gnusocial_nginx_site
-        echo '}' >> $gnusocial_nginx_site
+        nginx_limits "$GNUSOCIAL_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @gnusocial;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @gnusocial {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}'; } >> "$gnusocial_nginx_site"
     else
-        echo -n '' > $gnusocial_nginx_site
+        echo -n '' > "$gnusocial_nginx_site"
     fi
-    echo 'server {' >> $gnusocial_nginx_site
-    echo "    listen 127.0.0.1:$GNUSOCIAL_ONION_PORT default_server;" >> $gnusocial_nginx_site
-    echo "    server_name $GNUSOCIAL_ONION_HOSTNAME;" >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$GNUSOCIAL_ONION_PORT default_server;";
+      echo "    server_name $GNUSOCIAL_ONION_HOSTNAME;";
+      echo ''; } >> "$gnusocial_nginx_site"
     function_check nginx_compress
-    nginx_compress $GNUSOCIAL_DOMAIN_NAME
-    echo '' >> $gnusocial_nginx_site
+    nginx_compress "$GNUSOCIAL_DOMAIN_NAME"
+    echo '' >> "$gnusocial_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $GNUSOCIAL_DOMAIN_NAME
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Logs' >> $gnusocial_nginx_site
-    echo '  access_log /dev/null;' >> $gnusocial_nginx_site
-    echo '  error_log /dev/null;' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Root' >> $gnusocial_nginx_site
-    echo "  root /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs;" >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Index' >> $gnusocial_nginx_site
-    echo '  index index.php;' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # PHP' >> $gnusocial_nginx_site
-    echo '  location ~ \.php {' >> $gnusocial_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $gnusocial_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $gnusocial_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $gnusocial_nginx_site
-    echo '  }' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Location' >> $gnusocial_nginx_site
-    echo '  location / {' >> $gnusocial_nginx_site
+    nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$gnusocial_nginx_site"
     function_check nginx_limits
-    nginx_limits $GNUSOCIAL_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @gnusocial;' >> $gnusocial_nginx_site
-    echo '  }' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Fancy URLs' >> $gnusocial_nginx_site
-    echo '  location @gnusocial {' >> $gnusocial_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $gnusocial_nginx_site
-    echo '  }' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $gnusocial_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
-    echo '    deny all;' >> $gnusocial_nginx_site
-    echo '  }' >> $gnusocial_nginx_site
-    echo '}' >> $gnusocial_nginx_site
+    nginx_limits "$GNUSOCIAL_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @gnusocial;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @gnusocial {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$gnusocial_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $GNUSOCIAL_DOMAIN_NAME 'yes'
+    create_site_certificate "$GNUSOCIAL_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -802,7 +808,7 @@ function install_gnusocial_main {
     backup_database_local gnusocial
 
     function_check nginx_ensite
-    nginx_ensite $GNUSOCIAL_DOMAIN_NAME
+    nginx_ensite "$GNUSOCIAL_DOMAIN_NAME"
 
     # NOTE: For the typical case always enable SSL and only
     # disable it if in onion only mode. This is due to complexities
@@ -818,9 +824,9 @@ function install_gnusocial_main {
     fi
 
     # Create the configuration
-    gnusocial_installer=/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/scripts/install_cli.php
-    if [ ! -f $gnusocial_installer ]; then
-        rm -rf /var/www/$GNUSOCIAL_DOMAIN_NAME
+    gnusocial_installer="/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/scripts/install_cli.php"
+    if [ ! -f "$gnusocial_installer" ]; then
+        rm -rf "/var/www/$GNUSOCIAL_DOMAIN_NAME"
         echo $'No gnusocial commandline installer found'
         exit 53026
     fi
@@ -841,42 +847,42 @@ function install_gnusocial_main {
     #fi
 
     # check gnusocial has a config file
-    gnusocial_config_file=/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php
-    if [ ! -f $gnusocial_config_file ]; then
+    gnusocial_config_file="/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/config.php"
+    if [ ! -f "$gnusocial_config_file" ]; then
         drop_database gnusocial
-        rm -rf /var/www/$GNUSOCIAL_DOMAIN_NAME
+        rm -rf "/var/www/$GNUSOCIAL_DOMAIN_NAME"
         echo $'Gnusocial config.php not found'
         exit 87586
     fi
 
     # Some useful settings
-    if ! grep -q "Recommended GNU social settings" $gnusocial_config_file; then
-        echo "" >> $gnusocial_config_file
-        echo "// Recommended GNU social settings" >> $gnusocial_config_file
-        echo "\$config['thumbnail']['maxsize'] = 3000;" >> $gnusocial_config_file
-        echo "\$config['profile']['delete'] = true;" >> $gnusocial_config_file
-        echo "\$config['profile']['changenick'] = true;" >> $gnusocial_config_file
-        echo "\$config['public']['localonly'] = false;" >> $gnusocial_config_file
-        echo "addPlugin('StoreRemoteMedia');" >> $gnusocial_config_file
-        echo "\$config['queue']['enabled'] = true;" >> $gnusocial_config_file
-        echo "\$config['queue']['daemon'] = true;" >> $gnusocial_config_file
-        echo "\$config['ostatus']['hub_retries'] = 3;" >> $gnusocial_config_file
+    if ! grep -q "Recommended GNU social settings" "$gnusocial_config_file"; then
+        { echo "";
+          echo "// Recommended GNU social settings";
+          echo "\$config['thumbnail']['maxsize'] = 3000;";
+          echo "\$config['profile']['delete'] = true;";
+          echo "\$config['profile']['changenick'] = true;";
+          echo "\$config['public']['localonly'] = false;";
+          echo "addPlugin('StoreRemoteMedia');";
+          echo "\$config['queue']['enabled'] = true;";
+          echo "\$config['queue']['daemon'] = true;";
+          echo "\$config['ostatus']['hub_retries'] = 3;"; } >> "$gnusocial_config_file"
     fi
 
     # turn off logging
-    echo "\$config['site']['logfile'] = '/dev/null';" >> $gnusocial_config_file
-    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> $gnusocial_config_file
+    echo "\$config['site']['logfile'] = '/dev/null';" >> "$gnusocial_config_file"
+    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> "$gnusocial_config_file"
 
     # This improves performance
-    sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $gnusocial_config_file
+    sed -i "s|//\$config\\['db'\\]\\['schemacheck'\\].*|\$config\\['db'\\]\\['schemacheck'\\] = 'script';|g" "$gnusocial_config_file"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$GNUSOCIAL_DOMAIN_NAME" -g gnusocial --public no
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a gnusocial -p "$GNUSOCIAL_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a gnusocial -p "$GNUSOCIAL_ADMIN_PASSWORD"
     gnusocial_block_user_script
     gnusocial_block_domain_script gnusocial "$GNUSOCIAL_DOMAIN_NAME"
 
@@ -886,7 +892,7 @@ function install_gnusocial_main {
 }
 
 function install_gnusocial {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -907,7 +913,7 @@ function install_gnusocial {
         install_nodejs pleroma-gnusocial
         install_pleroma_front_end "gnusocial" "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
         install_gnusocial_default_background "gnusocial" "$GNUSOCIAL_DOMAIN_NAME"
-        sed -i 's|"theme":.*|"theme": "base16-apathy.css",|g' /var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static/config.json
+        sed -i 's|"theme":.*|"theme": "base16-apathy.css",|g' "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static/config.json"
     fi
 
     # unleash the daemons!
@@ -919,8 +925,8 @@ function install_gnusocial {
     # And doesn't forget logins
     gnusocial_use_qvitter gnusocial
 
-    if [ $GNUSOCIAL_BACKGROUND_IMAGE_URL ]; then
-        pleroma_set_background_image_from_url /var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
+    if [ "$GNUSOCIAL_BACKGROUND_IMAGE_URL" ]; then
+        pleroma_set_background_image_from_url "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" "$GNUSOCIAL_DOMAIN_NAME" "$GNUSOCIAL_BACKGROUND_IMAGE_URL" "$GNUSOCIAL_TITLE"
     fi
 
     APP_INSTALLED=1
diff --git a/src/freedombone-app-gogs b/src/freedombone-app-gogs
index 63a130a8..cdd0ac1b 100755
--- a/src/freedombone-app-gogs
+++ b/src/freedombone-app-gogs
@@ -127,14 +127,14 @@ function gogs_parameters {
 }
 
 function gogs_create_database {
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+        GIT_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! ${GIT_ADMIN_PASSWORD} ]; then
-            GIT_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "${GIT_ADMIN_PASSWORD}" ]; then
+            GIT_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $GIT_ADMIN_PASSWORD ]; then
+    if [ ! "$GIT_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -147,7 +147,7 @@ function reconfigure_gogs {
 }
 
 function upgrade_gogs {
-    if ! grep -q 'gogs version:' $COMPLETION_FILE; then
+    if ! grep -q 'gogs version:' "$COMPLETION_FILE"; then
         return
     fi
 
@@ -160,24 +160,24 @@ function upgrade_gogs {
 
     GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
     GOGS_CONFIG_FILE=$GOGS_CONFIG_PATH/app.ini
-    cp $GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini
+    cp "$GOGS_CONFIG_FILE $INSTALL_DIR/gogs_config.ini"
 
-    if [ -d $INSTALL_DIR/gogs-repositories ]; then
-        rm -rf $INSTALL_DIR/gogs-repositories
+    if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
+        rm -rf "$INSTALL_DIR/gogs-repositories"
     fi
     if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
-        mv /home/${GOGS_USERNAME}/gogs-repositories $INSTALL_DIR
+        mv "/home/${GOGS_USERNAME}/gogs-repositories" "$INSTALL_DIR"
     fi
 
     gogs_parameters
     echo "gogs binary upgrade: ${GOGS_BIN}"
 
-    if [ ! -d ${INSTALL_DIR} ]; then
-        mkdir -p ${INSTALL_DIR}
+    if [ ! -d "${INSTALL_DIR}" ]; then
+        mkdir -p "${INSTALL_DIR}"
     fi
-    cd ${INSTALL_DIR}
-    if [ -d ${INSTALL_DIR}/gogs ]; then
-        rm -rf ${INSTALL_DIR}/gogs
+    cd "${INSTALL_DIR}" || exit 26784427
+    if [ -d "${INSTALL_DIR}/gogs" ]; then
+        rm -rf "${INSTALL_DIR}/gogs"
     fi
     GOGS_FILE=linux_${CURR_ARCH}.tar.gz
     if [ ! -f ${GOGS_FILE} ]; then
@@ -196,13 +196,13 @@ function upgrade_gogs {
             unzip -o ${GOGS_FILE}
         fi
     else
-        tar -xzf ${INSTALL_DIR}/${GOGS_FILE}
+        tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
     fi
-    if [ ! -d ${INSTALL_DIR}/gogs ]; then
+    if [ ! -d "${INSTALL_DIR}/gogs" ]; then
         exit 37823
     fi
-    rm -rf /home/${GOGS_USERNAME}/*
-    cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME}
+    rm -rf "/home/${GOGS_USERNAME:?}/"*
+    cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
     if [ -f ${GOGS_FILE} ]; then
         rm ${GOGS_FILE}
     fi
@@ -211,31 +211,31 @@ function upgrade_gogs {
         mkdir -p ${GOGS_CONFIG_PATH}
     fi
 
-    cp $INSTALL_DIR/gogs_config.ini $GOGS_CONFIG_FILE
+    cp "$INSTALL_DIR/gogs_config.ini" "$GOGS_CONFIG_FILE"
     if [ ! -f $GOGS_CONFIG_FILE ]; then
         echo $'Gogs ini file not upgraded'
         exit 873535
     fi
-    rm $INSTALL_DIR/gogs_config.ini
+    rm "$INSTALL_DIR/gogs_config.ini"
     if [ -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
         rm -rf /home/${GOGS_USERNAME}/gogs-repositories
     fi
-    if [ -d $INSTALL_DIR/gogs-repositories ]; then
-        mv $INSTALL_DIR/gogs-repositories /home/${GOGS_USERNAME}/gogs-repositories
+    if [ -d "$INSTALL_DIR/gogs-repositories" ]; then
+        mv "$INSTALL_DIR/gogs-repositories" "/home/${GOGS_USERNAME}/gogs-repositories"
     fi
-    chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
+    chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
 
-    sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|gogs version.*|gogs version:$GOGS_VERSION|g" "${COMPLETION_FILE}"
     systemctl restart mariadb
     systemctl restart gogs
 }
 
 function backup_local_gogs {
-    if ! grep -q "gogs domain" ${COMPLETION_FILE}; then
+    if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
         return
     fi
 
-    if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
+    if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
         return
     fi
 
@@ -245,15 +245,15 @@ function backup_local_gogs {
     backup_database_to_usb gogs
 
     function_check backup_directory_to_usb
-    backup_directory_to_usb /home/${GOGS_USERNAME}/custom gogs
-    backup_directory_to_usb /home/${GOGS_USERNAME}/gogs-repositories gogsrepos
-    backup_directory_to_usb /home/${GOGS_USERNAME}/.ssh gogsssh
+    backup_directory_to_usb "/home/${GOGS_USERNAME}/custom" gogs
+    backup_directory_to_usb "/home/${GOGS_USERNAME}/gogs-repositories" gogsrepos
+    backup_directory_to_usb "/home/${GOGS_USERNAME}/.ssh" gogsssh
 
     echo $"Gogs backup complete"
 }
 
 function restore_local_gogs {
-    if ! grep -q "gogs domain" ${COMPLETION_FILE}; then
+    if ! grep -q "gogs domain" "${COMPLETION_FILE}"; then
         return
     fi
 
@@ -261,22 +261,23 @@ function restore_local_gogs {
         function_check gogs_create_database
         gogs_create_database
 
-        GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
-        GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
+        GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
+        GOGS_CONFIG_FILE="${GOGS_CONFIG_PATH}/app.ini"
 
         function_check restore_database
-        restore_database gogs ${GIT_DOMAIN_NAME}
+        restore_database gogs "${GIT_DOMAIN_NAME}"
         temp_restore_dir=/root/tempgogs
-        if [ -d ${USB_MOUNT}/backup/gogs ]; then
+        if [ -d "${USB_MOUNT}/backup/gogs" ]; then
             echo $"Restoring Gogs settings"
             if [ ! -d $GOGS_CONFIG_PATH ]; then
                 mkdir -p $GOGS_CONFIG_PATH
             fi
-            if [ -d /root/tempgogs/home/${GOGS_USERNAME}/custom ]; then
-                cp -r /root/tempgogs/home/${GOGS_USERNAME}/custom/* /home/${GOGS_USERNAME}/custom/
+            if [ -d "/root/tempgogs/home/${GOGS_USERNAME}/custom" ]; then
+                cp -r "/root/tempgogs/home/${GOGS_USERNAME}/custom/*" "/home/${GOGS_USERNAME}/custom/"
             else
-                cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
+                cp -r "/root/tempgogs/*" "/home/${GOGS_USERNAME}/custom/"
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -286,15 +287,16 @@ function restore_local_gogs {
             fi
             echo $"Restoring Gogs repos"
             function_check restore_directory_from_usb
-            restore_directory_from_usb ${temp_restore_dir}repos gogsrepos
-            if [ ! -d /home/${GOGS_USERNAME}/gogs-repositories ]; then
-                mkdir /home/${GOGS_USERNAME}/gogs-repositories
+            restore_directory_from_usb "${temp_restore_dir}repos" gogsrepos
+            if [ ! -d "/home/${GOGS_USERNAME}/gogs-repositories" ]; then
+                mkdir "/home/${GOGS_USERNAME}/gogs-repositories"
             fi
-            if [ -d ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories ]; then
-                cp -r ${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/* /home/${GOGS_USERNAME}/gogs-repositories/
+            if [ -d "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories" ]; then
+                cp -r "${temp_restore_dir}repos/home/${GOGS_USERNAME}/gogs-repositories/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
             else
-                cp -r ${temp_restore_dir}repos/* /home/${GOGS_USERNAME}/gogs-repositories/
+                cp -r "${temp_restore_dir}repos/*" "/home/${GOGS_USERNAME}/gogs-repositories/"
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -313,6 +315,7 @@ function restore_local_gogs {
             else
                 cp -r ${temp_restore_dir}/* /home/${GOGS_USERNAME}/.ssh/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -326,7 +329,7 @@ function restore_local_gogs {
             chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
         MARIADB_PASSWORD=
         systemctl restart gogs
@@ -363,7 +366,7 @@ function backup_remote_gogs {
 }
 
 function restore_remote_gogs {
-    if grep -q "gogs domain" $COMPLETION_FILE; then
+    if grep -q "gogs domain" "$COMPLETION_FILE"; then
         GIT_DOMAIN_NAME=$(get_completion_param "gogs domain")
 
         function_check gogs_create_database
@@ -373,8 +376,8 @@ function restore_remote_gogs {
         GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
 
         function_check restore_database_from_friend
-        restore_database_from_friend gogs ${GIT_DOMAIN_NAME}
-        if [ -d ${SERVER_DIRECTORY}/backup/gogs ]; then
+        restore_database_from_friend gogs "${GIT_DOMAIN_NAME}"
+        if [ -d "${SERVER_DIRECTORY}/backup/gogs" ]; then
             if [ ! -d $GOGS_CONFIG_PATH ]; then
                 mkdir -p $GOGS_CONFIG_PATH
             fi
@@ -383,6 +386,7 @@ function restore_remote_gogs {
             else
                 cp -r /root/tempgogs/* /home/${GOGS_USERNAME}/custom/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 58852
             fi
@@ -396,6 +400,7 @@ function restore_remote_gogs {
             else
                 cp -r /root/tempgogsrepos/* /home/${GOGS_USERNAME}/gogs-repositories/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 7649
             fi
@@ -409,6 +414,7 @@ function restore_remote_gogs {
             else
                 cp -r /root/tempgogsssh/* /home/${GOGS_USERNAME}/.ssh/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 74239
             fi
@@ -419,7 +425,7 @@ function restore_remote_gogs {
             echo $"Restore of Gogs complete"
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         sed -i "s|PASSWD =.*|PASSWD = $MARIADB_PASSWORD|g" ${GOGS_CONFIG_FILE}
         MARIADB_PASSWORD=
         systemctl restart gogs
@@ -433,33 +439,33 @@ function remove_gogs {
     systemctl stop gogs
     systemctl disable gogs
 
-    nginx_dissite ${GIT_DOMAIN_NAME}
-    remove_certs ${GIT_DOMAIN_NAME}
-    if [ -d /var/www/${GIT_DOMAIN_NAME} ]; then
-        rm -rf /var/www/${GIT_DOMAIN_NAME}
+    nginx_dissite "${GIT_DOMAIN_NAME}"
+    remove_certs "${GIT_DOMAIN_NAME}"
+    if [ -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
+        rm -rf "/var/www/${GIT_DOMAIN_NAME}"
     fi
-    if [ -f /etc/nginx/sites-available/${GIT_DOMAIN_NAME} ]; then
-        rm /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    if [ -f "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}" ]; then
+        rm "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     fi
     function_check drop_database
     drop_database gogs
     rm /etc/systemd/system/gogs.service
     systemctl daemon-reload
-    rm -rf /home/${GOGS_USERNAME}/*
+    rm -rf "/home/${GOGS_USERNAME:?}/"*
     remove_onion_service gogs ${GIT_ONION_PORT} 9418
     remove_completion_param "install_gogs"
-    sed -i '/gogs /d' $COMPLETION_FILE
+    sed -i '/gogs /d' "$COMPLETION_FILE"
     remove_backup_database_local gogs
 
     groupdel -f gogs
     userdel -r gogs
 
     function_check remove_ddns_domain
-    remove_ddns_domain $GIT_DOMAIN_NAME
+    remove_ddns_domain "$GIT_DOMAIN_NAME"
 }
 
 function install_gogs {
-    if [ ! $GIT_DOMAIN_NAME ]; then
+    if [ ! "$GIT_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -474,14 +480,14 @@ function install_gogs {
 
     gogs_parameters
 
-    if [ ! -d ${INSTALL_DIR} ]; then
-        mkdir -p ${INSTALL_DIR}
+    if [ ! -d "${INSTALL_DIR}" ]; then
+        mkdir -p "${INSTALL_DIR}"
     fi
-    cd ${INSTALL_DIR}
-    if [ -d $INSTALL_DIR/gogs ]; then
-        rm -rf $INSTALL_DIR/gogs
+    cd "${INSTALL_DIR}" || exit 24682467284
+    if [ -d "$INSTALL_DIR/gogs" ]; then
+        rm -rf "$INSTALL_DIR/gogs"
     fi
-    GOGS_FILE=linux_${CURR_ARCH}.tar.gz
+    GOGS_FILE="linux_${CURR_ARCH}.tar.gz"
     if [ ! -f ${GOGS_FILE} ]; then
         wget ${GOGS_BIN}
     fi
@@ -496,13 +502,13 @@ function install_gogs {
             unzip -o ${GOGS_FILE}
         fi
     else
-        tar -xzf ${INSTALL_DIR}/${GOGS_FILE}
+        tar -xzf "${INSTALL_DIR}/${GOGS_FILE}"
     fi
-    if [ ! -d ${INSTALL_DIR}/gogs ]; then
+    if [ ! -d "${INSTALL_DIR}/gogs" ]; then
         exit 37823
     fi
-    rm -rf /home/${GOGS_USERNAME}/*
-    cp -r ${INSTALL_DIR}/gogs/* /home/${GOGS_USERNAME}
+    rm -rf "/home/${GOGS_USERNAME:?}/"*
+    cp -r "${INSTALL_DIR}/gogs/*" "/home/${GOGS_USERNAME}"
     if [ -f ${GOGS_FILE} ]; then
         rm ${GOGS_FILE}
     fi
@@ -512,9 +518,10 @@ function install_gogs {
         exit 345562
     fi
 
-    echo "export GOROOT=/home/go" >> /home/${GOGS_USERNAME}/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> /home/${GOGS_USERNAME}/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> /home/${GOGS_USERNAME}/.bashrc
+    { echo "export GOROOT=/home/go";
+      # shellcheck disable=SC2153
+      echo "export GOPATH=\${GOROOT}/go${GO_VERSION}/bin";
+      echo "export PATH=\$PATH:\$GOPATH"; } >> "/home/${GOGS_USERNAME}/.bashrc"
     chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
 
     function_check install_mariadb
@@ -536,122 +543,122 @@ function install_gogs {
 
     chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
 
-    echo '[Unit]' > /etc/systemd/system/gogs.service
-    echo 'Description=Gogs (Go Git Service)' >> /etc/systemd/system/gogs.service
-    echo 'After=syslog.target' >> /etc/systemd/system/gogs.service
-    echo 'After=network.target' >> /etc/systemd/system/gogs.service
-    echo 'After=mysqld.service' >> /etc/systemd/system/gogs.service
-    echo '' >> /etc/systemd/system/gogs.service
-    echo '[Service]' >> /etc/systemd/system/gogs.service
-    echo '#LimitMEMLOCK=infinity' >> /etc/systemd/system/gogs.service
-    echo '#LimitNOFILE=65535' >> /etc/systemd/system/gogs.service
-    echo 'Type=simple' >> /etc/systemd/system/gogs.service
-    echo 'User=gogs' >> /etc/systemd/system/gogs.service
-    echo 'Group=gogs' >> /etc/systemd/system/gogs.service
-    echo "WorkingDirectory=/home/${GOGS_USERNAME}" >> /etc/systemd/system/gogs.service
-    echo "ExecStart=/home/${GOGS_USERNAME}/gogs web" >> /etc/systemd/system/gogs.service
-    echo 'Restart=always' >> /etc/systemd/system/gogs.service
-    echo 'RestartSec=10' >> /etc/systemd/system/gogs.service
-    echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"" >> /etc/systemd/system/gogs.service
-    echo '' >> /etc/systemd/system/gogs.service
-    echo '[Install]' >> /etc/systemd/system/gogs.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/gogs.service
+    { echo '[Unit]';
+      echo 'Description=Gogs (Go Git Service)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=mysqld.service';
+      echo '';
+      echo '[Service]';
+      echo '#LimitMEMLOCK=infinity';
+      echo '#LimitNOFILE=65535';
+      echo 'Type=simple';
+      echo 'User=gogs';
+      echo 'Group=gogs';
+      echo "WorkingDirectory=/home/${GOGS_USERNAME}";
+      echo "ExecStart=/home/${GOGS_USERNAME}/gogs web";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo "Environment=\"USER=${GOGS_USERNAME}\" \"HOME=/home/${GOGS_USERNAME}\" \"GOPATH=/home/go/go${GO_VERSION}\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/gogs.service
 
     systemctl enable gogs
     systemctl daemon-reload
     systemctl start gogs
 
-    if [ ! -d /var/www/${GIT_DOMAIN_NAME} ]; then
-        mkdir /var/www/${GIT_DOMAIN_NAME}
+    if [ ! -d "/var/www/${GIT_DOMAIN_NAME}" ]; then
+        mkdir "/var/www/${GIT_DOMAIN_NAME}"
     fi
-    if [ -d /var/www/${GIT_DOMAIN_NAME}/htdocs ]; then
-        rm -rf /var/www/${GIT_DOMAIN_NAME}/htdocs
+    if [ -d "/var/www/${GIT_DOMAIN_NAME}/htdocs" ]; then
+        rm -rf "/var/www/${GIT_DOMAIN_NAME}/htdocs"
     fi
 
-    if [[ ${ONION_ONLY} == "no" ]]; then
+    if [[ "${ONION_ONLY}" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect ${GIT_DOMAIN_NAME}
-        echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    root /var/www/${GIT_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    server_name ${GIT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_http_redirect "${GIT_DOMAIN_NAME}"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root /var/www/${GIT_DOMAIN_NAME}/htdocs;";
+          echo "    server_name ${GIT_DOMAIN_NAME};";
+          echo '    access_log /dev/null;';
+          echo "    error_log /dev/null;";
+          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
         function_check nginx_ssl
-        nginx_ssl ${GIT_DOMAIN_NAME}
+        nginx_ssl "${GIT_DOMAIN_NAME}"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${GIT_DOMAIN_NAME}
-        echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
+        { echo '    add_header Strict-Transport-Security max-age=0;';
+          echo '';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
         function_check nginx_limits
-        nginx_limits ${GIT_DOMAIN_NAME} '10G'
-        echo '        proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        nginx_limits "${GIT_DOMAIN_NAME}" '10G'
+        { echo '        proxy_pass http://localhost:3000;';
+          echo '    }';
+          echo '';
+          echo '    fastcgi_buffers 64 4K;';
+          echo '';
+          echo '    error_page 403 /core/templates/403.php;';
+          echo '    error_page 404 /core/templates/404.php;';
+          echo '';
+          echo '    location = /robots.txt {';
+          echo '        allow all;';
+          echo '        log_not_found off;';
+          echo '        access_log /dev/null;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     else
-        echo -n '' > /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+        echo -n '' > "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    listen 127.0.0.1:${GIT_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    root /var/www/$GIT_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${GIT_ONION_PORT} default_server;";
+      echo "    root /var/www/$GIT_DOMAIN_NAME/htdocs;";
+      echo "    server_name $GIT_DOMAIN_NAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing ${GIT_DOMAIN_NAME}
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    location / {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
+    { echo '    add_header Strict-Transport-Security max-age=0;';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
     function_check nginx_limits
-    nginx_limits ${GIT_DOMAIN_NAME} '10G'
-    echo '        proxy_pass http://localhost:3000;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
+    nginx_limits "${GIT_DOMAIN_NAME}" '10G'
+    { echo '        proxy_pass http://localhost:3000;';
+      echo '    }';
+      echo '';
+      echo '    fastcgi_buffers 64 4K;';
+      echo '';
+      echo '    error_page 403 /core/templates/403.php;';
+      echo '    error_page 404 /core/templates/404.php;';
+      echo '';
+      echo '    location = /robots.txt {';
+      echo '        allow all;';
+      echo '        log_not_found off;';
+      echo '        access_log /dev/null;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate ${GIT_DOMAIN_NAME} 'yes'
+    create_site_certificate "${GIT_DOMAIN_NAME}" 'yes'
 
-    nginx_ensite ${GIT_DOMAIN_NAME}
+    nginx_ensite "${GIT_DOMAIN_NAME}"
 
     if [ ! -d /var/lib/tor ]; then
         echo $'No Tor installation found. Gogs onion site cannot be configured.'
         exit 877367
     fi
     if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
-        echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/' >> /etc/tor/torrc
-        echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
-        echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}" >> /etc/tor/torrc
-        echo "HiddenServicePort 9418 127.0.0.1:9418" >> /etc/tor/torrc
+        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
+          echo 'HiddenServiceVersion 3';
+          echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
+          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> /etc/tor/torrc
         echo $'Added onion site for Gogs'
     fi
 
@@ -670,34 +677,34 @@ function install_gogs {
     set_completion_param "gogs onion domain" "$GIT_ONION_HOSTNAME"
 
     function_check add_ddns_domain
-    add_ddns_domain ${GIT_DOMAIN_NAME}
+    add_ddns_domain "${GIT_DOMAIN_NAME}"
 
     # obtain the secret key
-    GOGS_SECRET_KEY="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a gogs -p "*"
+    GOGS_SECRET_KEY="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a gogs -p "*"
 
     # create the configuration
-    GOGS_CONFIG_PATH=/home/${GOGS_USERNAME}/custom/conf
+    GOGS_CONFIG_PATH="/home/${GOGS_USERNAME}/custom/conf"
     if [ ! -d ${GOGS_CONFIG_PATH} ]; then
         mkdir -p ${GOGS_CONFIG_PATH}
     fi
     GOGS_CONFIG_FILE=${GOGS_CONFIG_PATH}/app.ini
-    echo "RUN_USER = $GOGS_USERNAME" > ${GOGS_CONFIG_FILE}
-    echo 'RUN_MODE = prod' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[database]' >> ${GOGS_CONFIG_FILE}
-    echo 'DB_TYPE = mysql' >> ${GOGS_CONFIG_FILE}
-    echo 'HOST = 127.0.0.1:3306' >> ${GOGS_CONFIG_FILE}
-    echo 'NAME = gogs' >> ${GOGS_CONFIG_FILE}
-    echo 'USER = root' >> ${GOGS_CONFIG_FILE}
-    echo "PASSWD = $MARIADB_PASSWORD" >> ${GOGS_CONFIG_FILE}
-    echo 'SSL_MODE = disable' >> ${GOGS_CONFIG_FILE}
-    echo 'PATH = data/gogs.db' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[repository]' >> ${GOGS_CONFIG_FILE}
-    echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories" >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[server]' >> ${GOGS_CONFIG_FILE}
+    { echo "RUN_USER = $GOGS_USERNAME";
+      echo 'RUN_MODE = prod';
+      echo '';
+      echo '[database]';
+      echo 'DB_TYPE = mysql';
+      echo 'HOST = 127.0.0.1:3306';
+      echo 'NAME = gogs';
+      echo 'USER = root';
+      echo "PASSWD = $MARIADB_PASSWORD";
+      echo 'SSL_MODE = disable';
+      echo 'PATH = data/gogs.db';
+      echo '';
+      echo '[repository]';
+      echo "ROOT = /home/$GOGS_USERNAME/gogs-repositories";
+      echo '';
+      echo '[server]'; } >> ${GOGS_CONFIG_FILE}
     if [[ ${ONION_ONLY} == 'no' ]]; then
         echo "DOMAIN = ${GIT_DOMAIN_NAME}" >> ${GOGS_CONFIG_FILE}
         echo "ROOT_URL = https://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
@@ -705,51 +712,51 @@ function install_gogs {
         echo "DOMAIN = ${GIT_ONION_HOSTNAME}" >> ${GOGS_CONFIG_FILE}
         echo "ROOT_URL = http://$GIT_DOMAIN_NAME/" >> ${GOGS_CONFIG_FILE}
     fi
-    echo 'HTTP_PORT = 3000' >> ${GOGS_CONFIG_FILE}
-    echo "SSH_PORT = $SSH_PORT" >> ${GOGS_CONFIG_FILE}
-    echo 'SSH_DOMAIN = %(DOMAIN)s' >> ${GOGS_CONFIG_FILE}
-    echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem" >> ${GOGS_CONFIG_FILE}
-    echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key" >> ${GOGS_CONFIG_FILE}
-    echo 'DISABLE_ROUTER_LOG = true' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[session]' >> ${GOGS_CONFIG_FILE}
-    echo 'PROVIDER = file' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[log]' >> ${GOGS_CONFIG_FILE}
-    echo 'MODE = file' >> ${GOGS_CONFIG_FILE}
-    echo 'LEVEL = Info' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[security]' >> ${GOGS_CONFIG_FILE}
-    echo 'INSTALL_LOCK = true' >> ${GOGS_CONFIG_FILE}
-    echo "SECRET_KEY = $GOGS_SECRET_KEY" >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[service]' >> ${GOGS_CONFIG_FILE}
-    echo 'DISABLE_REGISTRATION = false' >> ${GOGS_CONFIG_FILE}
-    echo 'SHOW_REGISTRATION_BUTTON = true' >> ${GOGS_CONFIG_FILE}
-    echo 'REQUIRE_SIGNIN_VIEW = false' >> ${GOGS_CONFIG_FILE}
-    echo 'ENABLE_CAPTCHA = false' >> ${GOGS_CONFIG_FILE}
-    echo '' >> ${GOGS_CONFIG_FILE}
-    echo '[other]' >> ${GOGS_CONFIG_FILE}
-    echo 'SHOW_FOOTER_BRANDING = false' >> ${GOGS_CONFIG_FILE}
-    echo 'SHOW_FOOTER_VERSION = false' >> ${GOGS_CONFIG_FILE}
+    { echo 'HTTP_PORT = 3000';
+      echo "SSH_PORT = $SSH_PORT";
+      echo 'SSH_DOMAIN = %(DOMAIN)s';
+      echo "CERT_FILE = /etc/ssl/certs/${GIT_DOMAIN_NAME}.pem";
+      echo "KEY_FILE = /etc/ssl/private/${GIT_DOMAIN_NAME}.key";
+      echo 'DISABLE_ROUTER_LOG = true';
+      echo '';
+      echo '[session]';
+      echo 'PROVIDER = file';
+      echo '';
+      echo '[log]';
+      echo 'MODE = file';
+      echo 'LEVEL = Info';
+      echo '';
+      echo '[security]';
+      echo 'INSTALL_LOCK = true';
+      echo "SECRET_KEY = $GOGS_SECRET_KEY";
+      echo '';
+      echo '[service]';
+      echo 'DISABLE_REGISTRATION = false';
+      echo 'SHOW_REGISTRATION_BUTTON = true';
+      echo 'REQUIRE_SIGNIN_VIEW = false';
+      echo 'ENABLE_CAPTCHA = false';
+      echo '';
+      echo '[other]';
+      echo 'SHOW_FOOTER_BRANDING = false';
+      echo 'SHOW_FOOTER_VERSION = false'; } >> ${GOGS_CONFIG_FILE}
 
     chmod 750 ${GOGS_CONFIG_FILE}
-    chown -R ${GOGS_USERNAME}:${GOGS_USERNAME} /home/${GOGS_USERNAME}
+    chown -R "${GOGS_USERNAME}":"${GOGS_USERNAME}" "/home/${GOGS_USERNAME}"
 
     systemctl restart gogs
 
-    if ! grep -q "gogs domain:" ${COMPLETION_FILE}; then
-        echo "gogs domain:${GIT_DOMAIN_NAME}" >> ${COMPLETION_FILE}
+    if ! grep -q "gogs domain:" "${COMPLETION_FILE}"; then
+        echo "gogs domain:${GIT_DOMAIN_NAME}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" ${COMPLETION_FILE}
+        sed -i "s|gogs domain.*|gogs domain:${GIT_DOMAIN_NAME}|g" "${COMPLETION_FILE}"
     fi
 
     function_check configure_firewall_for_git
     configure_firewall_for_git
-    if ! grep -q "gogs version:" ${COMPLETION_FILE}; then
-        echo "gogs version:${GOGS_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "gogs version:" "${COMPLETION_FILE}"; then
+        echo "gogs version:${GOGS_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|gogs version.*|gogs version:${GOGS_VERSION}|g" "${COMPLETION_FILE}"
     fi
     APP_INSTALLED=1
 }
diff --git a/src/freedombone-app-htmly b/src/freedombone-app-htmly
index 5f281e05..5b130d73 100755
--- a/src/freedombone-app-htmly
+++ b/src/freedombone-app-htmly
@@ -69,18 +69,18 @@ function set_avatar_from_url {
     fi
 
     # download the image
-    cd $BASE_DIR/customimages
+    cd "$BASE_DIR/customimages" || exit 2468246
     # convert to png
-    wget $AVATAR -O avatar
-    if [[ $AVATAR == *".gif" ]]; then
+    wget "$AVATAR" -O avatar
+    if [[ "$AVATAR" == *".gif" ]]; then
         mv avatar avatar.gif
         mogrify -format png avatar.gif
     fi
-    if [[ $AVATAR == *".jpg" ]]; then
+    if [[ "$AVATAR" == *".jpg" ]]; then
         mv avatar avatar.jpg
         mogrify -format png avatar.jpg
     fi
-    if [[ $AVATAR == *".jpeg" ]]; then
+    if [[ "$AVATAR" == *".jpeg" ]]; then
         mv avatar avatar.jpeg
         mogrify -format png avatar.jpeg
     fi
@@ -101,10 +101,10 @@ function set_avatar_from_url {
 function remove_user_htmly {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp htmly
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp htmly
 
-    if [ -f /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini ]; then
-        rm /var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini
+    if [ -f "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini" ]; then
+        rm "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini"
     fi
 }
 
@@ -117,39 +117,38 @@ function add_user_htmly {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a htmly -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a htmly -p "$new_user_password"
 
     if [ ! -d /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users ]; then
         echo '2'
         return
     fi
-    NEW_USER_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$new_user_password")
+    NEW_USER_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$new_user_password")
     if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then
         echo '3'
         return
     fi
-    echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
-    echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini
+    { echo ';Password';
+      echo "password = $NEW_USER_PASSWORD_HASH";
+      echo 'encryption = password_hash';
+      echo ';Role';
+      echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini"
     echo '0'
 }
 
 function configure_interactive_htmly {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change htmly avatar" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data
+           --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>"$data"
     sel=$?
     case $sel in
         0)
-            IMAGE_URL=$(<$data)
+            IMAGE_URL=$(<"$data")
             if [ ${#IMAGE_URL} -gt 5 ]; then
                 clear
                 AVATAR_SET=
-                set_avatar_from_url $IMAGE_URL
+                set_avatar_from_url "$IMAGE_URL"
                 if [ $AVATAR_SET ]; then
                     dialog --title $"Change htmly avatar" \
                            --msgbox $"Your htmly avatar has been changed" 6 40
@@ -157,10 +156,11 @@ function configure_interactive_htmly {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function install_interactive_htmly {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -186,13 +186,13 @@ function change_password_htmly {
         echo $'Htmly password is too short'
         return
     fi
-    ${PROJECT_NAME}-pass -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD"
-    HTMLY_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_PASSWORD")
+    "${PROJECT_NAME}-pass" -u "$HTMLY_USERNAME" -a htmly -p "$HTMLY_PASSWORD"
+    HTMLY_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_PASSWORD")
     if [ ${#HTMLY_PASSWORD_HASH} -lt 8 ]; then
         echo $'Htmly admin password could not be hashed'
         exit 625728
     fi
-    sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini
+    sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini"
 }
 
 function reconfigure_htmly {
@@ -208,23 +208,23 @@ function upgrade_htmly {
     read_config_param "HTMLY_DOMAIN_NAME"
 
     function_check set_repo_commit
-    set_repo_commit /var/www/$HTMLY_DOMAIN_NAME/htdocs "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
+    set_repo_commit "/var/www/$HTMLY_DOMAIN_NAME/htdocs" "htmly commit" "$HTMLY_COMMIT" $HTMLY_REPO
 }
 
 function backup_local_htmly {
     HTMLY_DOMAIN_NAME='htmly.local'
-    if grep -q "htmly domain" $COMPLETION_FILE; then
+    if grep -q "htmly domain" "$COMPLETION_FILE"; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
     fi
 
-    source_directory=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
         dest_directory=htmly
         function_check suspend_site
-        suspend_site ${HTMLY_DOMAIN_NAME}
+        suspend_site "${HTMLY_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check restart_site
         restart_site
@@ -233,73 +233,74 @@ function backup_local_htmly {
 
 function restore_local_htmly {
     HTMLY_DOMAIN_NAME='htmly.local'
-    if grep -q "htmly domain" $COMPLETION_FILE; then
+    if grep -q "htmly domain" "$COMPLETION_FILE"; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
     fi
-    if [ $HTMLY_DOMAIN_NAME ]; then
+    if [ "$HTMLY_DOMAIN_NAME" ]; then
         temp_restore_dir=/root/temphtmly
-        if [ -d $USB_MOUNT/backup/htmly ]; then
+        if [ -d "$USB_MOUNT/backup/htmly" ]; then
             restore_directory_from_usb $temp_restore_dir htmly
         else
             restore_directory_from_usb $temp_restore_dir blog
         fi
-        if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous
+        if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
             fi
-            mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous
+            mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
         fi
-        if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
+        if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
             temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
-            cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/
+            cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
         else
-            if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-                mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+                mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
-            cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/
+            cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
             set_user_permissions
             backup_unmount_drive
             exit 54675
         fi
         rm -rf ${temp_restore_dir}
-        if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
+        if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
             echo $"No content directory found after restoring htmly"
             set_user_permissions
             backup_unmount_drive
             exit 34578
         fi
-        chown -R www-data:www-data /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+        chown -R www-data:www-data "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
         # Ensure that the bundled SSL cert is being used
-        if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
-            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
+        if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
+            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
         fi
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
-                    mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
+                if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
+                    mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
                 fi
             fi
         done
-        if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
+        if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
         fi
     fi
 }
 
 function backup_remote_htmly {
-    if grep -q "htmly domain" $COMPLETION_FILE; then
+    if grep -q "htmly domain" "$COMPLETION_FILE"; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
         temp_backup_dir=/var/www/${HTMLY_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             echo $"Backing up htmly"
-            backup_directory_to_friend $temp_backup_dir htmly
+            backup_directory_to_friend "$temp_backup_dir" htmly
             echo $"Backup of htmly complete"
         else
             echo $"Htmly domain specified but not found in $temp_backup_dir"
@@ -309,56 +310,57 @@ function backup_remote_htmly {
 }
 
 function restore_remote_htmly {
-    if [ -d $SERVER_DIRECTORY/backup/htmly ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/htmly" ]; then
         HTMLY_DOMAIN_NAME=$(get_completion_param "htmly domain")
         echo $"Restoring htmly installation $HTMLY_DOMAIN_NAME"
         temp_restore_dir=/root/temphtmly
         mkdir $temp_restore_dir
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir htmly
-        if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                rm -rf /var/www/${HTMLY_DOMAIN_NAME}/previous
+        if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                rm -rf "/var/www/${HTMLY_DOMAIN_NAME}/previous"
             fi
-            mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs /var/www/${HTMLY_DOMAIN_NAME}/previous
+            mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" "/var/www/${HTMLY_DOMAIN_NAME}/previous"
         fi
 
-        if [ -d ${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
+        if [ -d "${temp_restore_dir}/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
             temp_source_dir=$(find ${temp_restore_dir} -name htdocs)
-            cp -r ${temp_source_dir} /var/www/${HTMLY_DOMAIN_NAME}/
+            cp -r "${temp_source_dir}" "/var/www/${HTMLY_DOMAIN_NAME}/"
         else
-            if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs ]; then
-                mkdir /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs" ]; then
+                mkdir "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
-            cp -r ${temp_restore_dir}/* /var/www/${HTMLY_DOMAIN_NAME}/htdocs/
+            cp -r "${temp_restore_dir}/*" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/"
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
-            if [ -d /var/www/${HTMLY_DOMAIN_NAME}/previous ]; then
-                mv /var/www/${HTMLY_DOMAIN_NAME}/previous /var/www/${HTMLY_DOMAIN_NAME}/htdocs
+            if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/previous" ]; then
+                mv "/var/www/${HTMLY_DOMAIN_NAME}/previous" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs"
             fi
             exit 593
         fi
         rm -rf ${temp_restore_dir}
-        if [ ! -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content ]; then
+        if [ ! -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content" ]; then
             echo $"No content directory found after restoring htmly"
             exit 287
         fi
         # Ensure that the bundled SSL cert is being used
-        if [ -f /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt ]; then
-            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}
+        if [ -f "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.bundle.crt" ]; then
+            sed -i "s|${HTMLY_DOMAIN_NAME}.crt|${HTMLY_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${HTMLY_DOMAIN_NAME}"
         fi
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then
-                    mv /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post
+                if [ -d "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post" ]; then
+                    mv "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md" "/var/www/${HTMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post"
                 fi
             fi
         done
-        if [ -d /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME} ]; then
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HTMLY_DOMAIN_NAME}.key
-            ln -s /etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem
+        if [ -d "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}" ]; then
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${HTMLY_DOMAIN_NAME}.key"
+            ln -s "/etc/letsencrypt/live/${HTMLY_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${HTMLY_DOMAIN_NAME}.pem"
         fi
         echo $"Restore of htmly complete"
     fi
@@ -370,258 +372,264 @@ function remove_htmly {
     fi
 
     read_config_param "HTMLY_DOMAIN_NAME"
-    nginx_dissite $HTMLY_DOMAIN_NAME
-    remove_certs ${HTMLY_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_dissite "$HTMLY_DOMAIN_NAME"
+    remove_certs "${HTMLY_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$HTMLY_DOMAIN_NAME ]; then
-        rm -rf /var/www/$HTMLY_DOMAIN_NAME
+    if [ -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$HTMLY_DOMAIN_NAME"
     fi
     remove_config_param HTMLY_DOMAIN_NAME
     remove_config_param HTMLY_CODE
     function_check remove_onion_service
     remove_onion_service htmly ${HTMLY_ONION_PORT}
     remove_completion_param "install_htmly"
-    sed -i '/Htmly/d' $COMPLETION_FILE
-    sed -i '/htmly/d' $COMPLETION_FILE
+    sed -i '/Htmly/d' "$COMPLETION_FILE"
+    sed -i '/htmly/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $HTMLY_DOMAIN_NAME
+    remove_ddns_domain "$HTMLY_DOMAIN_NAME"
 }
 
 function install_htmly_social_networks {
     # set social networks
-    if grep -q "social.hubzilla" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
-        sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-        sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    if grep -q "social.hubzilla" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
+        sed -i "s|;social.hubzilla|social.hubzilla|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+        sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
     fi
-    if grep -q "social.gnusocial" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini; then
-        sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-        sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    if grep -q "social.gnusocial" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"; then
+        sed -i "s|;social.gnusocial|social.gnusocial|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+        sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
     fi
 
     # clear proprietary social network strings
-    sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|social.google.*|social.google = ""|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    sed -i 's|social.facebook.*|social.facebook = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i 's|social.twitter.*|social.twitter = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i 's|social.google.*|social.google = ""|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
 }
 
 function install_htmly_user {
     # create a user password
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        HTMLY_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        HTMLY_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        HTMLY_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        HTMLY_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
 
     # create a user
-    HTMLY_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_ADMIN_PASSWORD")
+    HTMLY_ADMIN_PASSWORD_HASH=$("${PROJECT_NAME}-sec" --htmlyhash "$HTMLY_ADMIN_PASSWORD")
     if [ ${#HTMLY_ADMIN_PASSWORD_HASH} -lt 8 ]; then
         echo $'Htmly admin password could not be hashed'
         exit 625728
     fi
-    echo ';Password' > /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo "password = $HTMLY_ADMIN_PASSWORD_HASH" >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo 'encryption = password_hash' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo ';Role' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
-    echo 'role = admin' >> /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini
+    { echo ';Password';
+      echo "password = $HTMLY_ADMIN_PASSWORD_HASH";
+      echo 'encryption = password_hash';
+      echo ';Role';
+      echo 'role = admin'; } > "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini"
 }
 
 function install_htmly_settings {
-    cp /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|site.url.*|site.url = '/'|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
-    sed -i "s|Your name|$MY_NAME|g" /var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini
+    cp "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini.example" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|site.url.*|site.url = '/'|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|blog.title.*|blog.title = \"$HTMLY_TITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|blog.tagline.*|blog.tagline = \"$HTMLY_SUBTITLE\"|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i 's|timezone.*|timezone = "Europe/London"|g' "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
+    sed -i "s|Your name|$MY_NAME|g" "/var/www/$HTMLY_DOMAIN_NAME/htdocs/config/config.ini"
 }
 
 function install_htmly_website {
     function_check nginx_http_redirect
-    nginx_http_redirect $HTMLY_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_http_redirect "$HTMLY_DOMAIN_NAME"
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;";
+      echo "    server_name $HTMLY_DOMAIN_NAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.php;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_ssl
-    nginx_ssl $HTMLY_DOMAIN_NAME
+    nginx_ssl "$HTMLY_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $HTMLY_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $HTMLY_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_limits "$HTMLY_DOMAIN_NAME"
+    { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+      echo '    }';
+      echo '';
+      echo '    # statically serve these file types when possible';
+      echo '    # otherwise fall back to front controller';
+      echo '    # allow browser to cache them';
+      echo '    # added .htm for advanced source code editor library';
+      echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+      echo '        expires 30d;';
+      echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+      echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {';
+      echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.php;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.php;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
 }
 
 function install_htmly_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    server_name $HTMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;";
+      echo "    root /var/www/$HTMLY_DOMAIN_NAME/htdocs;"; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
+
+    if [[ "$ONION_ONLY" != 'yes' ]]; then
+        echo "    server_name $HTMLY_DOMAIN_NAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
+    else
+        echo "    server_name $HTMLY_ONION_HOSTNAME;" >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
+    fi
+
+    { echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.php;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $HTMLY_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $HTMLY_DOMAIN_NAME
-    echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        expires 30d;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_limits "$HTMLY_DOMAIN_NAME"
+    { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+      echo '    }';
+      echo '';
+      echo '    # statically serve these file types when possible';
+      echo '    # otherwise fall back to front controller';
+      echo '    # allow browser to cache them';
+      echo '    # added .htm for advanced source code editor library';
+      echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+      echo '        expires 30d;';
+      echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+      echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $HTMLY_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+    nginx_limits "$HTMLY_DOMAIN_NAME"
+    { echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.php;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.php;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
 }
 
 function install_htmly_from_repo {
-    if [ ! -d /var/www/$HTMLY_DOMAIN_NAME ]; then
-        mkdir /var/www/$HTMLY_DOMAIN_NAME
+    if [ ! -d "/var/www/$HTMLY_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$HTMLY_DOMAIN_NAME"
     fi
 
-    cd /var/www/$HTMLY_DOMAIN_NAME
+    cd "/var/www/$HTMLY_DOMAIN_NAME" || exit 34684682
 
     if [ -d /repos/htmly ]; then
         mkdir htdocs
         cp -r -p /repos/htmly/. htdocs
-        cd htdocs
+        cd htdocs || exit 3468735
         git pull
     else
         git_clone $HTMLY_REPO htdocs
     fi
 
-    cd htdocs
+    cd htdocs || exit 3479835
     git checkout $HTMLY_COMMIT -b $HTMLY_COMMIT
     set_completion_param "htmly commit" "$HTMLY_COMMIT"
 }
 
 function install_htmly {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [ ! $HTMLY_DOMAIN_NAME ]; then
+    if [ ! "$HTMLY_DOMAIN_NAME" ]; then
         echo $'The htmly domain name was not specified'
         exit 5062
     fi
@@ -636,13 +644,14 @@ function install_htmly {
         function_check install_htmly_website
         install_htmly_website
     else
-        echo -n '' > /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
     fi
+    HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
     function_check install_htmly_website_onion
     install_htmly_website_onion
 
     function_check create_site_certificate
-    create_site_certificate $HTMLY_DOMAIN_NAME 'yes'
+    create_site_certificate "$HTMLY_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
@@ -656,20 +665,18 @@ function install_htmly {
     function_check install_htmly_user
     install_htmly_user
 
-    chown -R www-data:www-data /var/www/$HTMLY_DOMAIN_NAME/htdocs
-
-    HTMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HTMLY_ONION_PORT})
+    chown -R www-data:www-data "/var/www/$HTMLY_DOMAIN_NAME/htdocs"
 
     function_check nginx_ensite
-    nginx_ensite $HTMLY_DOMAIN_NAME
+    nginx_ensite "$HTMLY_DOMAIN_NAME"
 
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a htmly -p "$HTMLY_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a htmly -p "$HTMLY_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $HTMLY_DOMAIN_NAME
+    add_ddns_domain "$HTMLY_DOMAIN_NAME"
 
     set_completion_param "htmly domain" "$HTMLY_DOMAIN_NAME"
     APP_INSTALLED=1
diff --git a/src/freedombone-app-hubzilla b/src/freedombone-app-hubzilla
index d873eee6..af245261 100755
--- a/src/freedombone-app-hubzilla
+++ b/src/freedombone-app-hubzilla
@@ -60,7 +60,7 @@ function logging_off_hubzilla {
 
 function remove_user_hubzilla {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp hubzilla
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp hubzilla
 }
 
 function add_user_hubzilla {
@@ -71,27 +71,26 @@ function add_user_hubzilla {
 
     new_username="$1"
     new_user_password="$2"
-    ${PROJECT_NAME}-pass -u $new_username -a hubzilla -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a hubzilla -p "$new_user_password"
     echo '0'
 }
 
 function hubzilla_renew_cert {
     dialog --title $"Renew SSL certificate" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
+           --yesno $"\\nThis will renew a letsencrypt certificate. Select 'yes' to continue" 16 60
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
     HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
-    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Renew SSL certificate" \
                --msgbox $"Hubzilla install directory not found" 6 40
         return
     fi
-    ${PROJECT_NAME}-renew-cert -h $HUBZILLA_DOMAIN_NAME -p 'letsencrypt'
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-renew-cert" -h "$HUBZILLA_DOMAIN_NAME" -p 'letsencrypt'; then
         any_key
     else
         dialog --title $"Renew SSL certificate" \
@@ -100,68 +99,71 @@ function hubzilla_renew_cert {
 }
 
 function hubzilla_channel_directory_server {
-    if ! grep -q "hubzilla domain" $COMPLETION_FILE; then
+    if ! grep -q "hubzilla domain" "$COMPLETION_FILE"; then
         dialog --title $"Hubzilla channel directory server" \
                --msgbox $"Hubzilla is not installed on this system" 6 40
         return
     fi
     HUBZILLA_DOMAIN_NAME=$(get_completion_param "hubzilla domain")
-    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME/htdocs" ]; then
         dialog --title $"Hubzilla channel directory server" \
                --msgbox $"Hubzilla install directory not found" 6 40
         return
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Hubzilla channel directory server" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>$data
+           --inputbox $"When you click on 'channel directory' this is where Hubzilla will obtain its list from" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            hubzilla_domain_server=$(<$data)
+            hubzilla_domain_server=$(<"$data")
             if [[ $hubzilla_domain_server != *"."* ]]; then
+                rm -f "$data"
                 return
             fi
             if [[ $hubzilla_domain_server != "https"* ]]; then
                 dialog --title $"Hubzilla channel directory server" \
-                       --msgbox $"\nInvalid domain - include the https://" 7 60
+                       --msgbox $"\\nInvalid domain - include the https://" 7 60
+                rm -f "$data"
                 return
             fi
-            ./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config system directory_server $hubzilla_domain_server
+            "./var/www/$HUBZILLA_DOMAIN_NAME/htdocs/util/config" system directory_server "$hubzilla_domain_server"
             dialog --title $"Hubzilla channel directory server" \
-                   --msgbox $"\nDomain channel directory server changed to\n\n  $hubzilla_domain_server" 10 60
+                   --msgbox $"\\nDomain channel directory server changed to\\n\\n  $hubzilla_domain_server" 10 60
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_hubzilla {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Hubzilla" \
                --radiolist $"Choose an operation:" 13 70 4 \
                1 $"Set channel directory server" off \
                2 $"Renew SSL certificate" off \
-               3 $"Back to main menu" on 2> $data
+               3 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
             1) break;;
             255) break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) hubzilla_channel_directory_server;;
             2) hubzilla_renew_cert;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function install_interactive_hubzilla {
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         return
     fi
 
@@ -172,7 +174,7 @@ function install_interactive_hubzilla {
 }
 
 function change_password_hubzilla {
-    HUBZILLA_USERNAME="$1"
+#    HUBZILLA_USERNAME="$1"
     HUBZILLA_PASSWORD="$2"
     if [ ${#HUBZILLA_PASSWORD} -lt 8 ]; then
         echo $'Hubzilla password is too short'
@@ -183,14 +185,14 @@ function change_password_hubzilla {
 }
 
 function hubzilla_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        HUBZILLA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        HUBZILLA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     fi
-    if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
-        HUBZILLA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
+        HUBZILLA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD"
-    if [ ! $HUBZILLA_ADMIN_PASSWORD ]; then
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a hubzilla -p "$HUBZILLA_ADMIN_PASSWORD"
+    if [ ! "$HUBZILLA_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -211,25 +213,25 @@ function upgrade_hubzilla {
     HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
 
     function_check set_repo_commit
-    set_repo_commit $HUBZILLA_PATH "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
-    set_repo_commit $HUBZILLA_PATH/addon "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
-    if [ -d $HUBZILLA_PATH/redmatrix-themes1 ]; then
-        cd $HUBZILLA_PATH/redmatrix-themes1
+    set_repo_commit "$HUBZILLA_PATH" "hubzilla commit" "$HUBZILLA_COMMIT" $HUBZILLA_REPO
+    set_repo_commit "$HUBZILLA_PATH/addon" "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT" $HUBZILLA_ADDONS_REPO
+    if [ -d "$HUBZILLA_PATH/redmatrix-themes1" ]; then
+        cd "$HUBZILLA_PATH/redmatrix-themes1" || exit 246782456
         git merge --abort
         git stash
         git pull
-        cp -r $HUBZILLA_PATH/redmatrix-themes1/* $HUBZILLA_PATH/view/theme/
-        chown -R www-data:www-data $HUBZILLA_PATH
+        cp -r "$HUBZILLA_PATH/redmatrix-themes1/*" "$HUBZILLA_PATH/view/theme/"
+        chown -R www-data:www-data "$HUBZILLA_PATH"
     fi
 }
 
 function backup_local_hubzilla {
     hubzilla_path=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
-    if [ -d $hubzilla_path ]; then
+    if [ -d "$hubzilla_path" ]; then
         function_check backup_database_to_usb
         backup_database_to_usb hubzilla
 
-        backup_directory_to_usb $hubzilla_path hubzilla
+        backup_directory_to_usb "$hubzilla_path" hubzilla
     fi
 }
 
@@ -240,31 +242,31 @@ function restore_local_hubzilla {
     function_check hubzilla_create_database
     hubzilla_create_database
 
-    restore_database hubzilla ${HUBZILLA_DOMAIN_NAME}
-    if [ -d $USB_MOUNT/backup/hubzilla ]; then
-        if [ ! -d $hubzilla_dir/store/[data]/smarty3 ]; then
-            mkdir -p $hubzilla_dir/store/[data]/smarty3
+    restore_database hubzilla "${HUBZILLA_DOMAIN_NAME}"
+    if [ -d "$USB_MOUNT/backup/hubzilla" ]; then
+        if [ ! -d "$hubzilla_dir/store/[data]/smarty3" ]; then
+            mkdir -p "$hubzilla_dir/store/[data]/smarty3"
         fi
-        chmod 1777 $hubzilla_dir/store/[data]/smarty3
-        chown -R www-data:www-data $hubzilla_dir/*
+        chmod 1777 "$hubzilla_dir/store/[data]/smarty3"
+        chown -R www-data:www-data "$hubzilla_dir/*"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
-        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
+        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
         MARIADB_PASSWORD=
     fi
 }
 
 function backup_remote_hubzilla {
-    temp_backup_dir=/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs
-    if [ -d $temp_backup_dir ]; then
-        suspend_site ${HUBZILLA_DOMAIN_NAME}
+    temp_backup_dir="/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs"
+    if [ -d "$temp_backup_dir" ]; then
+        suspend_site "${HUBZILLA_DOMAIN_NAME}"
         backup_database_to_friend hubzilla
         echo "Backing up Hubzilla installation"
-        backup_directory_to_friend $temp_backup_dir hubzilla
+        backup_directory_to_friend "$temp_backup_dir" hubzilla
         restart_site
         echo "Backup of Hubzilla complete"
     else
@@ -279,21 +281,21 @@ function restore_remote_hubzilla {
     function_check hubzilla_create_database
     hubzilla_create_database
 
-    restore_database_from_friend hubzilla ${HUBZILLA_DOMAIN_NAME}
-    if [ -d $SERVER_DIRECTORY/backup/hubzilla ]; then
-        if [ ! -d /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3 ]; then
-            mkdir -p /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
+    restore_database_from_friend hubzilla "${HUBZILLA_DOMAIN_NAME}"
+    if [ -d "$SERVER_DIRECTORY/backup/hubzilla" ]; then
+        if [ ! -d "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3" ]; then
+            mkdir -p "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
         fi
-        chmod 1777 /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3
-        chown -R www-data:www-data /var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*
+        chmod 1777 "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/store/[data]/smarty3"
+        chown -R www-data:www-data "/var/www/${HUBZILLA_DOMAIN_NAME}/htdocs/*"
     fi
     if [ -d /root/temphubzilla ]; then
         rm -rf /root/temphubzilla
     fi
 
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
     HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
-    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" $HUBZILLA_PATH/.htconfig.php
+    sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$HUBZILLA_PATH/.htconfig.php"
     MARIADB_PASSWORD=
 }
 
@@ -301,41 +303,41 @@ function remove_hubzilla {
     if [ ${#HUBZILLA_DOMAIN_NAME} -eq 0 ]; then
         return
     fi
-    nginx_dissite $HUBZILLA_DOMAIN_NAME
-    remove_certs ${HUBZILLA_DOMAIN_NAME}
-    if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
-        rm -rf /var/www/$HUBZILLA_DOMAIN_NAME
+    nginx_dissite "$HUBZILLA_DOMAIN_NAME"
+    remove_certs "${HUBZILLA_DOMAIN_NAME}"
+    if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$HUBZILLA_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database hubzilla
     function_check remove_onion_service
     remove_onion_service hubzilla ${HUBZILLA_ONION_PORT}
-    sed -i '/hubzilla/d' $COMPLETION_FILE
+    sed -i '/hubzilla/d' "$COMPLETION_FILE"
     sed -i '/poller.php/d' /etc/crontab
 
     function_check remove_ddns_domain
-    remove_ddns_domain $HUBZILLA_DOMAIN_NAME
+    remove_ddns_domain "$HUBZILLA_DOMAIN_NAME"
 }
 
 function install_hubzilla {
-    if [ ! $HUBZILLA_DOMAIN_NAME ]; then
+    if [ ! "$HUBZILLA_DOMAIN_NAME" ]; then
         return
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         echo $"Hubzilla won't work on an onion address"
         exit 529925
     fi
 
-    HUBZILLA_PATH=/var/www/$HUBZILLA_DOMAIN_NAME/htdocs
+    HUBZILLA_PATH="/var/www/$HUBZILLA_DOMAIN_NAME/htdocs"
 
     function_check install_mariadb
     install_mariadb
 
-    if [ -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
+    if [ -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
         remove_hubzilla
     fi
 
@@ -349,44 +351,44 @@ function install_hubzilla {
     apt-get -yq install php-dev imagemagick php-imagick libfcgi0ldbl
     apt-get -yq install php-memcached memcached
 
-    if [ ! -d /var/www/$HUBZILLA_DOMAIN_NAME ]; then
-        mkdir /var/www/$HUBZILLA_DOMAIN_NAME
+    if [ ! -d "/var/www/$HUBZILLA_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$HUBZILLA_DOMAIN_NAME"
     fi
-    if [ ! -d $HUBZILLA_PATH ]; then
-        mkdir -p $HUBZILLA_PATH
+    if [ ! -d "$HUBZILLA_PATH" ]; then
+        mkdir -p "$HUBZILLA_PATH"
     fi
 
-    if [ ! -f $HUBZILLA_PATH/index.php ]; then
+    if [ ! -f "$HUBZILLA_PATH/index.php" ]; then
         if [ -d /repos/hubzilla ]; then
-            mkdir $HUBZILLA_PATH
-            cp -r -p /repos/hubzilla/. $HUBZILLA_PATH
-            cd $HUBZILLA_PATH
+            mkdir "$HUBZILLA_PATH"
+            cp -r -p /repos/hubzilla/. "$HUBZILLA_PATH"
+            cd "$HUBZILLA_PATH" || exit 245672478
             git pull
         else
             function_check git_clone
-            git_clone $HUBZILLA_REPO $HUBZILLA_PATH
+            git_clone "$HUBZILLA_REPO" "$HUBZILLA_PATH"
         fi
 
-        git checkout $HUBZILLA_COMMIT -b $HUBZILLA_COMMIT
+        git checkout "$HUBZILLA_COMMIT" -b "$HUBZILLA_COMMIT"
         set_completion_param "hubzilla commit" "$HUBZILLA_COMMIT"
 
         if [ -d /repos/hubzilla-addons ]; then
-            mkdir $HUBZILLA_PATH/addon
-            cp -r -p /repos/hubzilla-addons/. $HUBZILLA_PATH/addon
-            cd $HUBZILLA_PATH/addon
+            mkdir "$HUBZILLA_PATH/addon"
+            cp -r -p /repos/hubzilla-addons/. "$HUBZILLA_PATH/addon"
+            cd "$HUBZILLA_PATH/addon" || exit 24682464
             git pull
         else
-            git_clone $HUBZILLA_ADDONS_REPO $HUBZILLA_PATH/addon
+            git_clone "$HUBZILLA_ADDONS_REPO" "$HUBZILLA_PATH/addon"
         fi
 
-        cd $HUBZILLA_PATH/addon
-        git checkout $HUBZILLA_ADDONS_COMMIT -b $HUBZILLA_ADDONS_COMMIT
+        cd "$HUBZILLA_PATH/addon" || exit 24982468
+        git checkout "$HUBZILLA_ADDONS_COMMIT" -b "$HUBZILLA_ADDONS_COMMIT"
         set_completion_param "hubzilla addons commit" "$HUBZILLA_ADDONS_COMMIT"
 
-        chown -R www-data:www-data $HUBZILLA_PATH
+        chown -R www-data:www-data "$HUBZILLA_PATH"
     fi
 
-    if [ ! -f $HUBZILLA_PATH/install/schema_mysql.sql ]; then
+    if [ ! -f "$HUBZILLA_PATH/install/schema_mysql.sql" ]; then
         echo $'No database schema found for hubzilla'
         exit 252782
     fi
@@ -403,156 +405,156 @@ function install_hubzilla {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $HUBZILLA_DOMAIN_NAME
+    add_ddns_domain "$HUBZILLA_DOMAIN_NAME"
 
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $HUBZILLA_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    server_name $HUBZILLA_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_http_redirect "$HUBZILLA_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root $HUBZILLA_PATH;";
+          echo "    server_name $HUBZILLA_DOMAIN_NAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $HUBZILLA_DOMAIN_NAME
+        nginx_ssl "$HUBZILLA_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
     else
-        echo 'server {' > /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    root $HUBZILLA_PATH;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    server_name $HUBZILLA_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    charset utf-8;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-        echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        expires 30d;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # block these file types' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # or a unix socket' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        nginx_limits $HUBZILLA_DOMAIN_NAME
-        nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
-        echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        # With php-fpm:' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\. {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '        deny all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '      deny  all;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
+        { echo 'server {';
+        echo "    listen 127.0.0.1:${HUBZILLA_ONION_PORT} default_server;";
+        echo "    root $HUBZILLA_PATH;";
+        echo "    server_name $HUBZILLA_ONION_HOSTNAME;";
+        echo "    error_log /dev/null;";
+        echo '    index index.php;';
+        echo '    charset utf-8;';
+        echo '    access_log /dev/null;';
+        echo '    add_header Strict-Transport-Security max-age=15768000;';
+        echo '';
+        echo '    # rewrite to front controller as default rule';
+        echo '    location / {'; } > "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
+        nginx_limits "$HUBZILLA_DOMAIN_NAME"
+        nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
     fi
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $HUBZILLA_DOMAIN_NAME 'yes'
+    create_site_certificate "$HUBZILLA_DOMAIN_NAME" 'yes'
 
-    if [ ! -d $HUBZILLA_PATH/view/tpl/smarty3 ]; then
-        mkdir $HUBZILLA_PATH/view/tpl/smarty3
+    if [ ! -d "$HUBZILLA_PATH/view/tpl/smarty3" ]; then
+        mkdir "$HUBZILLA_PATH/view/tpl/smarty3"
     fi
     if [ ! -d "$HUBZILLA_PATH/store" ]; then
         mkdir "$HUBZILLA_PATH/store"
@@ -564,9 +566,9 @@ function install_hubzilla {
         mkdir "$HUBZILLA_PATH/store/[data]/smarty3"
         chmod 1777 "$HUBZILLA_PATH/store/[data]/smarty3"
     fi
-    chmod 1777 $HUBZILLA_PATH/view/tpl
+    chmod 1777 "$HUBZILLA_PATH/view/tpl"
     chown -R www-data:www-data "$HUBZILLA_PATH/store"
-    chmod 1777 $HUBZILLA_PATH/view/tpl/smarty3
+    chmod 1777 "$HUBZILLA_PATH/view/tpl/smarty3"
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -576,50 +578,50 @@ function install_hubzilla {
     function_check backup_database_local
     backup_database_local hubzilla
 
-    chown -R www-data:www-data $HUBZILLA_PATH
+    chown -R www-data:www-data "$HUBZILLA_PATH"
 
     function_check nginx_ensite
-    nginx_ensite $HUBZILLA_DOMAIN_NAME
+    nginx_ensite "$HUBZILLA_DOMAIN_NAME"
 
     function_check initialise_database
-    initialise_database hubzilla $HUBZILLA_PATH/install/schema_mysql.sql
+    initialise_database hubzilla "$HUBZILLA_PATH/install/schema_mysql.sql"
 
     # create the config file
-    echo '<?php' > $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_host = 'localhost';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_port = '0';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_user = 'root';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_pass = '${MARIADB_PASSWORD}';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_data = 'hubzilla';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$db_type = '0';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$default_timezone = 'Europe/London';" >> $HUBZILLA_PATH/.htconfig.php
-    if [[ $ONION_ONLY == 'no' ]]; then
-        echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> $HUBZILLA_PATH/.htconfig.php
+    { echo '<?php';
+      echo "\$db_host = 'localhost';";
+      echo "\$db_port = '0';";
+      echo "\$db_user = 'root';";
+      echo "\$db_pass = '${MARIADB_PASSWORD}';";
+      echo "\$db_data = 'hubzilla';";
+      echo "\$db_type = '0';";
+      echo "\$default_timezone = 'Europe/London';"; } > "$HUBZILLA_PATH/.htconfig.php"
+    if [[ "$ONION_ONLY" == 'no' ]]; then
+        echo "\$a->config['system']['baseurl'] = 'https://${HUBZILLA_DOMAIN_NAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
     else
-        echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> $HUBZILLA_PATH/.htconfig.php
+        echo "\$a->config['system']['baseurl'] = 'http://${HUBZILLA_ONION_HOSTNAME}';" >> "$HUBZILLA_PATH/.htconfig.php"
     fi
-    echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> $HUBZILLA_PATH/.htconfig.php
+    echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> "$HUBZILLA_PATH/.htconfig.php"
     HUBZILLA_LOCATION_HASH="$(create_password 30)"
-    echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['register_text'] = '';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['verify_email'] = 1;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['sellpage'] = '';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['max_import_size'] = 200000;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['php_path'] = '/usr/bin/php';" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;" >> $HUBZILLA_PATH/.htconfig.php
-    echo "\$a->config['system']['theme'] = 'redbasic';" >> $HUBZILLA_PATH/.htconfig.php
-    chown www-data:www-data $HUBZILLA_PATH/.htconfig.php
-    chmod 755 $HUBZILLA_PATH/.htconfig.php
+    { echo "\$a->config['system']['location_hash'] = '${HUBZILLA_LOCATION_HASH}';";
+      echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;";
+      echo "\$a->config['system']['register_text'] = '';";
+      echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';";
+      echo "\$a->config['system']['verify_email'] = 1;";
+      echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;";
+      echo "\$a->config['system']['sellpage'] = '';";
+      echo "\$a->config['system']['max_import_size'] = 200000;";
+      echo "\$a->config['system']['php_path'] = '/usr/bin/php';";
+      echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;";
+      echo "\$a->config['system']['theme'] = 'redbasic';"; } >> "$HUBZILLA_PATH/.htconfig.php"
+    chown www-data:www-data "$HUBZILLA_PATH/.htconfig.php"
+    chmod 755 "$HUBZILLA_PATH/.htconfig.php"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
     systemctl restart cron
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$HUBZILLA_DOMAIN_NAME" -g hubzilla --public no
 
     set_completion_param "hubzilla domain" "${HUBZILLA_DOMAIN_NAME}"
     APP_INSTALLED=1
diff --git a/src/freedombone-app-icecast b/src/freedombone-app-icecast
index 05f6e43f..28d99b02 100755
--- a/src/freedombone-app-icecast
+++ b/src/freedombone-app-icecast
@@ -68,36 +68,36 @@ function icecast_update_daemon {
         rm /etc/init.d/icecast2
     fi
 
-    echo '#!/bin/sh' > /usr/bin/stop_icecast
-    echo 'kill $(pidof ices2)' >> /usr/bin/stop_icecast
-    echo 'systemctl stop icecast2' >> /usr/bin/stop_icecast
+    { echo '#!/bin/sh';
+      echo "kill \$(pidof ices2)";
+      echo 'systemctl stop icecast2'; } > /usr/bin/stop_icecast
     chmod +x /usr/bin/stop_icecast
 
     # Note that the sleep here actually is important
-    echo '#!/bin/bash' > /usr/bin/start_icecast
-    echo 'isrunning=$(ps aux | grep ices2)' >> /usr/bin/start_icecast
-    echo 'if [[ "$isrunning" != *"ices-playlist"* ]]; then' >> /usr/bin/start_icecast
-    echo '    systemctl start icecast2' >> /usr/bin/start_icecast
-    echo '    sleep 3' >> /usr/bin/start_icecast
-    echo '    cd /etc/ices2' >> /usr/bin/start_icecast
-    echo '    ices2 ices-playlist.xml' >> /usr/bin/start_icecast
-    echo 'fi' >> /usr/bin/start_icecast
+    { echo '#!/bin/bash';
+      echo "isrunning=\$(ps aux | grep ices2)";
+      echo "if [[ \"\$isrunning\" != *\"ices-playlist\"* ]]; then";
+      echo '    systemctl start icecast2';
+      echo '    sleep 3';
+      echo '    cd /etc/ices2';
+      echo '    ices2 ices-playlist.xml';
+      echo 'fi'; } > /usr/bin/start_icecast
     chmod +x /usr/bin/start_icecast
 
-    echo '[Unit]' > /etc/systemd/system/icecast2.service
-    echo 'Description=Icecast' >> /etc/systemd/system/icecast2.service
-    echo 'After=network.target' >> /etc/systemd/system/icecast2.service
-    echo 'After=tor.service' >> /etc/systemd/system/icecast2.service
-    echo '' >> /etc/systemd/system/icecast2.service
-    echo '[Service]' >> /etc/systemd/system/icecast2.service
-    echo 'User=icecast2' >> /etc/systemd/system/icecast2.service
-    echo 'Group=icecast' >> /etc/systemd/system/icecast2.service
-    echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml' >> /etc/systemd/system/icecast2.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/icecast2.service
-    echo 'RestartSec=10' >> /etc/systemd/system/icecast2.service
-    echo '' >> /etc/systemd/system/icecast2.service
-    echo '[Install]' >> /etc/systemd/system/icecast2.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/icecast2.service
+    { echo '[Unit]';
+      echo 'Description=Icecast';
+      echo 'After=network.target';
+      echo 'After=tor.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=icecast2';
+      echo 'Group=icecast';
+      echo 'ExecStart=/usr/bin/icecast2 -c /etc/icecast2/icecast.xml';
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/icecast2.service
 
     chown -R icecast2:icecast /etc/ices2
     chown -R icecast2:icecast /etc/icecast2
@@ -121,7 +121,7 @@ function change_password_icecast {
         /etc/icecast2/icecast.xml
     sed -i "s|<password>.*|<password>${new_user_password}</password>|g" /etc/ices2/ices-playlist.xml
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a icecast -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a icecast -p "$new_user_password"
     start_icecast
 }
 
@@ -139,7 +139,7 @@ function reconfigure_icecast {
 
 function icecast_convert_files {
     clear
-    cd ${1}
+    cd "${1}" || exit 2346824648
 
     echo $'Converting any mp3 files to ogg format'
     find . -type f -name '*.mp3' -exec bash -c 'ffmpeg -i "$0" -c:a libvorbis -q:a 4 "${0/%mp3/ogg}"' '{}' \;
@@ -153,20 +153,20 @@ function icecast_convert_files {
 }
 
 function icecast_add_file_to_playlist {
-    files_dir=${1}
-    if [ ! -d $files_dir ]; then
+    files_dir="${1}"
+    if [ ! -d "$files_dir" ]; then
         return
     fi
 
     echo $'Adding ogg files to playlist'
-    find $files_dir -type f -name '*.ogg' -print0 | while read -d $'\0' file; do
+    find "$files_dir" -type f -name '*.ogg' -print0 | while read -r -d $'\0' file; do
         if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
             echo "$file" >> $ICECAST_PLAYLIST_FILE
         fi
     done
 
     echo $'Adding ogv files to playlist'
-    find $files_dir -type f -name '*.ogv' -print0 | while read -d $'\0' file; do
+    find "$files_dir" -type f -name '*.ogv' -print0 | while read -r -d $'\0' file; do
         if ! grep -q "$file" $ICECAST_PLAYLIST_FILE; then
             echo "$file" >> $ICECAST_PLAYLIST_FILE
         fi
@@ -178,14 +178,14 @@ function icecast_add_file_to_playlist {
 }
 
 function icecast_import_from_directory {
-    data=$(tempfile 2>/dev/null)
-    dialog --title "Choose a directory containing stream files" --dselect /home/$MY_USERNAME/ 30 60 2> $data
-    selected_dir=$(cat $data)
-    rm $data
+    data=$(mktemp 2>/dev/null)
+    dialog --title "Choose a directory containing stream files" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
+    selected_dir=$(cat "$data")
+    rm -f "$data"
     if [[ "$selected_dir" == "$ICECAST_DIR" ]]; then
         return
     fi
-    if [ ! -d $selected_dir ]; then
+    if [ ! -d "$selected_dir" ]; then
         return
     fi
     if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@@ -201,7 +201,7 @@ function icecast_import_from_directory {
     dialog --title $"Import stream files directory into Icecast" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nImport the directory:\n\n  $selected_dir" 12 75
+           --yesno $"\\nImport the directory:\\n\\n  $selected_dir" 12 75
     sel=$?
     case $sel in
         1) return;;
@@ -215,8 +215,8 @@ function icecast_import_from_directory {
     dest_dir=$(basename "$selected_dir")
     mv "$selected_dir" $ICECAST_DIR
 
-    icecast_convert_files $ICECAST_DIR/$dest_dir
-    icecast_add_file_to_playlist $ICECAST_DIR/$dest_dir
+    icecast_convert_files "$ICECAST_DIR/$dest_dir"
+    icecast_add_file_to_playlist "$ICECAST_DIR/$dest_dir"
 
     dialog --title $"Import stream files directory into Icecast" \
            --msgbox $"Import success" 6 40
@@ -226,18 +226,18 @@ function icecast_import_from_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Import stream files from USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
         dialog --title $"Import stream files from USB drive" --msgbox $'No stream files directory found on USB drive' 6 50
-        backup_unmount_drive ${USB_DRIVE}
+        backup_unmount_drive "${USB_DRIVE}"
     fi
-    cp -ru $USB_MOUNT$ICECAST_DIR/* $ICECAST_DIR
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru "$USB_MOUNT$ICECAST_DIR/*" $ICECAST_DIR
+    backup_unmount_drive "${USB_DRIVE}"
     icecast_convert_files $ICECAST_DIR
     dialog --title $"Import stream files from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
 }
@@ -246,40 +246,41 @@ function icecast_export_to_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Export stream files to USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT$ICECAST_DIR ]; then
-        mkdir -p $USB_MOUNT$ICECAST_DIR
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT$ICECAST_DIR" ]; then
+        mkdir -p "$USB_MOUNT$ICECAST_DIR"
     fi
-    cp -ru $ICECAST_DIR/* $USB_MOUNT$ICECAST_DIR
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru "$ICECAST_DIR/*" "$USB_MOUNT$ICECAST_DIR"
+    backup_unmount_drive "${USB_DRIVE}"
     dialog --title $"Export stream files to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
 }
 
 function icecast_format_drive {
     detect_usb_drive
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Format USB drive $USB_DRIVE for stream file storage" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to format drive\n\n    ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
+           --yesno $"\\nPlease confirm that you wish to format drive\\n\\n    ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1)  rm -f "$data"
+            return;;
+        255) rm -f "$data"
+             return;;
     esac
-    rm $data
+    rm -f "$data"
 
     clear
     echo ''
     echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
     echo ''
-    ${PROJECT_NAME}-format $USB_DRIVE
+    "${PROJECT_NAME}-format" "$USB_DRIVE"
     dialog --title $"Format USB drive $USB_DRIVE for stream file storage" --msgbox $'Format complete. You may now export stream files or remove the USB drive' 6 50
 }
 
@@ -290,42 +291,41 @@ function icecast_edit_playlist {
 }
 
 function icecast_change_login {
-    read_config_param $MY_USERNAME
-    ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser)
+    read_config_param "$MY_USERNAME"
+    ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change Icecast stream visitor login" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>$data
+           --inputbox $"Enter the new login password for stream visitors" 8 60 "$ICECAST_USER_PASSWORD" 2>"$data"
     sel=$?
     case $sel in
-        0)  ICECAST_USER_PASSWORD=$(<$data)
+        0)  ICECAST_USER_PASSWORD=$(<"$data")
             if [[ "$ICECAST_USER_PASSWORD" != *' '* ]]; then
                 if [ ${#ICECAST_USER_PASSWORD} -gt 8 ]; then
-                    ${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p $ICECAST_USER_PASSWORD
+                    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
                     dialog --title $"Change Icecast stream visitor login" \
                            --msgbox $"Password changed to $ICECAST_USER_PASSWORD" 6 75
                 fi
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function icecast_enable_login {
     dialog --title $"Enable Icecast login" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nDo you want to add a login so that random web users can't access your stream?" 10 60
+           --yesno $"\\nDo you want to add a login so that random web users can't access your stream?" 10 60
     sel=$?
     case $sel in
         0) if grep -q '#auth_basic' /etc/nginx/sites-available/icecast; then
                sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/icecast
                systemctl restart nginx
            fi
-           read_config_param $MY_USERNAME
-           ICECAST_USER_PASSWORD=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser)
+           read_config_param "$MY_USERNAME"
+           ICECAST_USER_PASSWORD=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser)
            dialog --title $"Enable Icecast login" \
                   --msgbox $"Icecast logins are now enabled with the password $ICECAST_USER_PASSWORD" 6 65
            ICECAST_USER_PASSWORD=
@@ -341,23 +341,24 @@ function icecast_enable_login {
 }
 
 function icecast_set_stream_name {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Change Icecast stream details" \
-           --form "\n" 8 60 4 \
+           --form "\\n" 8 60 4 \
            $"Stream name:" 1 1 "Example stream name" 1 18 40 1000 \
            $"Description:" 2 1 "A short description of your stream" 2 18 40 1000 \
            $"Genre:" 3 1 "Example genre" 3 18 40 1000 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    stream_name=$(cat $data | sed -n 1p)
-    stream_description=$(cat $data | sed -n 2p)
-    stream_genre=$(cat $data | sed -n 3p)
+    stream_name=$(sed -n 1p < "$data")
+    stream_description=$(sed -n 2p < "$data")
+    stream_genre=$(sed -n 3p < "$data")
     if [ ${#stream_name} -gt 2 ]; then
         sed -i "s|<name>.*|<name>${stream_name}</name>|g" /etc/ices2/ices-playlist.xml
     fi
@@ -367,42 +368,41 @@ function icecast_set_stream_name {
     if [ ${#stream_genre} -gt 2 ]; then
         sed -i "s|<genre>.*|<genre>${stream_genre}</genre>|g" /etc/ices2/ices-playlist.xml
     fi
-    rm $data
+    rm -f "$data"
     stop_icecast
     start_icecast
 }
 
 function icecast_set_maximum_streams {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Set the maximum clients" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Maximum number of clients" 8 40 "10" 2>$data
+           --inputbox $"Maximum number of clients" 8 40 "10" 2>"$data"
     sel=$?
     case $sel in
         0)
-            max_clients=$(<$data)
+            max_clients=$(<"$data")
             if [ ${#max_clients} -gt 0 ]; then
                 if [[ "$max_clients" != *' '* ]]; then
-                    if [[ $max_clients =~ '^[0-9]+$' ]] ; then
+                    # shellcheck disable=SC2076
+                    if [[ "$max_clients" =~ '^[0-9]+$' ]] ; then
                         sed -i "s|<clients>.*|<clients>${max_clients}</clients>|g" /etc/icecast2/icecast.xml
                         stop_icecast
                         start_icecast
                         dialog --title $"Set the maximum clients" \
-                               --msgbox $"\nMaximum Icecast clients was set to ${max_clients}" 8 50
+                               --msgbox $"\\nMaximum Icecast clients was set to ${max_clients}" 8 50
                     fi
                 fi
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function configure_interactive_icecast {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Icecast" \
                --radiolist $"Choose an operation:" 19 70 12 \
@@ -417,13 +417,15 @@ function configure_interactive_icecast {
                9 $"Restart stream" off \
                10 $"Set Stream Name/Description/Genre" off \
                11 $"Set maximum number of clients/streams" off \
-               12 $"Exit" on 2> $data
+               12 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) icecast_import_from_directory;;
             2) icecast_import_from_usb;;
             3) icecast_format_drive;;
@@ -440,8 +442,10 @@ function configure_interactive_icecast {
                start_icecast;;
             10) icecast_set_stream_name;;
             11) icecast_set_maximum_streams;;
-            12) break;;
+            12) rm -f "$data"
+                break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -556,7 +560,7 @@ function remove_icecast {
     fi
     function_check remove_onion_service
     remove_onion_service icecast ${ICECAST_ONION_PORT}
-    sed -i '/icecast/d' $COMPLETION_FILE
+    sed -i '/icecast/d' "$COMPLETION_FILE"
 }
 
 function install_icecast {
@@ -572,11 +576,11 @@ function install_icecast {
         exit 7923528
     fi
 
-    if [ ! ${ICECAST_PASSWORD} ]; then
-        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-            ICECAST_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "${ICECAST_PASSWORD}" ]; then
+        if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+            ICECAST_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            ICECAST_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            ICECAST_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -600,22 +604,22 @@ function install_icecast {
     fi
 
     icecast_nginx_site=/etc/nginx/sites-available/icecast
-    echo 'server {' > $icecast_nginx_site
-    echo "    listen 127.0.0.1:$ICECAST_ONION_PORT default_server;" >> $icecast_nginx_site
-    echo "    server_name $ICECAST_ONION_HOSTNAME;" >> $icecast_nginx_site
-    echo '' >> $icecast_nginx_site
-    echo '  # Logs' >> $icecast_nginx_site
-    echo '  access_log /dev/null;' >> $icecast_nginx_site
-    echo '  error_log /dev/null;' >> $icecast_nginx_site
-    echo '' >> $icecast_nginx_site
-    echo '  location / {' >> $icecast_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$ICECAST_ONION_PORT default_server;";
+      echo "    server_name $ICECAST_ONION_HOSTNAME;";
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  location / {'; } > $icecast_nginx_site
     function_check nginx_limits
-    nginx_limits $ICECAST_ONION_HOSTNAME '15m'
-    echo "      proxy_pass http://localhost:$ICECAST_PORT;" >> $icecast_nginx_site
-    echo "      #auth_basic \"${ICECAST_LOGIN_TEXT}\";" >> $icecast_nginx_site
-    echo '      #auth_basic_user_file /etc/nginx/.icepasswd;' >> $icecast_nginx_site
-    echo '  }' >> $icecast_nginx_site
-    echo '}' >> $icecast_nginx_site
+    nginx_limits "$ICECAST_ONION_HOSTNAME" '15m'
+    { echo "      proxy_pass http://localhost:$ICECAST_PORT;";
+      echo "      #auth_basic \"${ICECAST_LOGIN_TEXT}\";";
+      echo '      #auth_basic_user_file /etc/nginx/.icepasswd;';
+      echo '  }';
+      echo '}'; } >> $icecast_nginx_site
 
     if [ ! -d /var/log/ices ]; then
         mkdir -p /var/log/ices
@@ -624,105 +628,105 @@ function install_icecast {
         mkdir -p /etc/ices2
     fi
 
-    echo '<?xml version="1.0"?>' > /etc/ices2/ices-playlist.xml
-    echo '<ices>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- run in background -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <background>1</background>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- where logs, etc go. -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <logpath>/var/log/ices</logpath>' >> /etc/ices2/ices-playlist.xml
-    echo '    <logfile>ices.log</logfile>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- 1=error,2=warn,3=info,4=debug -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <loglevel>1</loglevel>' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- set this to 1 to log to the console instead of to the file above -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <consolelog>0</consolelog>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- optional filename to write process id to -->' >> /etc/ices2/ices-playlist.xml
-    echo '    <!-- <pidfile>/home/ices/ices.pid</pidfile> -->' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '    <stream>' >> /etc/ices2/ices-playlist.xml
-    echo '        <!-- metadata used for stream listing (not currently used) -->' >> /etc/ices2/ices-playlist.xml
-    echo '        <metadata>' >> /etc/ices2/ices-playlist.xml
-    echo '            <name>Example stream name</name>' >> /etc/ices2/ices-playlist.xml
-    echo '            <genre>Example genre</genre>' >> /etc/ices2/ices-playlist.xml
-    echo '            <description>A short description of your stream</description>' >> /etc/ices2/ices-playlist.xml
-    echo '        </metadata>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '        <!-- input module' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            The module used here is the playlist module - it has ' >> /etc/ices2/ices-playlist.xml
-    echo '            "submodules" for different types of playlist. There are' >> /etc/ices2/ices-playlist.xml
-    echo '            two currently implemented, "basic", which is a simple' >> /etc/ices2/ices-playlist.xml
-    echo '            file-based playlist, and "script" which invokes a command' >> /etc/ices2/ices-playlist.xml
-    echo '            to returns a filename to start playing. -->' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '        <input>' >> /etc/ices2/ices-playlist.xml
-    echo '            <module>playlist</module>' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="type">basic</param>' >> /etc/ices2/ices-playlist.xml
-    echo "            <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>" >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- random play -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="random">0</param>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- if the playlist get updated that start at the beginning -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="restart-after-reread">0</param>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- if set to 1 , plays once through, then exits. -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <param name="once">0</param>' >> /etc/ices2/ices-playlist.xml
-    echo '        </input>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Stream instance' >> /etc/ices2/ices-playlist.xml
-    echo '            You may have one or more instances here. This allows you to ' >> /etc/ices2/ices-playlist.xml
-    echo '            send the same input data to one or more servers (or to different' >> /etc/ices2/ices-playlist.xml
-    echo '            mountpoints on the same server). Each of them can have different' >> /etc/ices2/ices-playlist.xml
-    echo '            parameters. This is primarily useful for a) relaying to multiple' >> /etc/ices2/ices-playlist.xml
-    echo '            independent servers, and b) encoding/reencoding to multiple' >> /etc/ices2/ices-playlist.xml
-    echo '            bitrates.' >> /etc/ices2/ices-playlist.xml
-    echo '            If one instance fails (for example, the associated server goes' >> /etc/ices2/ices-playlist.xml
-    echo '            down, etc), the others will continue to function correctly.' >> /etc/ices2/ices-playlist.xml
-    echo '            This example defines two instances as two mountpoints on the' >> /etc/ices2/ices-playlist.xml
-    echo '            same server.  -->' >> /etc/ices2/ices-playlist.xml
-    echo '        <instance>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Server details:' >> /etc/ices2/ices-playlist.xml
-    echo '                You define hostname and port for the server here, along with' >> /etc/ices2/ices-playlist.xml
-    echo '                the source password and mountpoint.  -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <hostname>localhost</hostname>' >> /etc/ices2/ices-playlist.xml
-    echo "            <port>$ICECAST_PORT</port>" >> /etc/ices2/ices-playlist.xml
-    echo "            <password>$ICECAST_PASSWORD</password>" >> /etc/ices2/ices-playlist.xml
-    echo '            <mount>/example1.ogg</mount>' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Reconnect parameters:' >> /etc/ices2/ices-playlist.xml
-    echo '                When something goes wrong (e.g. the server crashes, or the' >> /etc/ices2/ices-playlist.xml
-    echo '                network drops) and ices disconnects from the server, these' >> /etc/ices2/ices-playlist.xml
-    echo '                control how often it tries to reconnect, and how many times' >> /etc/ices2/ices-playlist.xml
-    echo '                it tries to reconnect. Delay is in seconds.' >> /etc/ices2/ices-playlist.xml
-    echo '                If you set reconnectattempts to -1, it will continue ' >> /etc/ices2/ices-playlist.xml
-    echo '                indefinately. Suggest setting reconnectdelay to a large value' >> /etc/ices2/ices-playlist.xml
-    echo '                if you do this.' >> /etc/ices2/ices-playlist.xml
-    echo '            -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <reconnectdelay>2</reconnectdelay>' >> /etc/ices2/ices-playlist.xml
-    echo '            <reconnectattempts>5</reconnectattempts> ' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- maxqueuelength:' >> /etc/ices2/ices-playlist.xml
-    echo '                This describes how long the internal data queues may be. This' >> /etc/ices2/ices-playlist.xml
-    echo '                basically lets you control how much data gets buffered before' >> /etc/ices2/ices-playlist.xml
-    echo '                ices decides it cant send to the server fast enough, and ' >> /etc/ices2/ices-playlist.xml
-    echo '                either shuts down or flushes the queue (dropping the data)' >> /etc/ices2/ices-playlist.xml
-    echo '                and continues. ' >> /etc/ices2/ices-playlist.xml
-    echo '                For advanced users only.' >> /etc/ices2/ices-playlist.xml
-    echo '            -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <maxqueuelength>80</maxqueuelength>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '            <!-- Live encoding/reencoding:' >> /etc/ices2/ices-playlist.xml
-    echo '                Currrently, the parameters given here for encoding MUST' >> /etc/ices2/ices-playlist.xml
-    echo '                match the input data for channels and sample rate. That ' >> /etc/ices2/ices-playlist.xml
-    echo '                restriction will be relaxed in the future.' >> /etc/ices2/ices-playlist.xml
-    echo '                Remove this section if you dont want your files getting reencoded.' >> /etc/ices2/ices-playlist.xml
-    echo '            -->' >> /etc/ices2/ices-playlist.xml
-    echo '            <encode>  ' >> /etc/ices2/ices-playlist.xml
-    echo '                <nominal-bitrate>64000</nominal-bitrate>' >> /etc/ices2/ices-playlist.xml
-    echo '                <samplerate>22050</samplerate>' >> /etc/ices2/ices-playlist.xml
-    echo '                <channels>1</channels>' >> /etc/ices2/ices-playlist.xml
-    echo '            </encode>' >> /etc/ices2/ices-playlist.xml
-    echo '        </instance>' >> /etc/ices2/ices-playlist.xml
-    echo '' >> /etc/ices2/ices-playlist.xml
-    echo '        </stream>' >> /etc/ices2/ices-playlist.xml
-    echo '</ices>' >> /etc/ices2/ices-playlist.xml
+    { echo '<?xml version="1.0"?>';
+      echo '<ices>';
+      echo '    <!-- run in background -->';
+      echo '    <background>1</background>';
+      echo '    <!-- where logs, etc go. -->';
+      echo '    <logpath>/var/log/ices</logpath>';
+      echo '    <logfile>ices.log</logfile>';
+      echo '    <!-- 1=error,2=warn,3=info,4=debug -->';
+      echo '    <loglevel>1</loglevel>';
+      echo '    <!-- set this to 1 to log to the console instead of to the file above -->';
+      echo '    <consolelog>0</consolelog>';
+      echo '';
+      echo '    <!-- optional filename to write process id to -->';
+      echo '    <!-- <pidfile>/home/ices/ices.pid</pidfile> -->';
+      echo '';
+      echo '    <stream>';
+      echo '        <!-- metadata used for stream listing (not currently used) -->';
+      echo '        <metadata>';
+      echo '            <name>Example stream name</name>';
+      echo '            <genre>Example genre</genre>';
+      echo '            <description>A short description of your stream</description>';
+      echo '        </metadata>';
+      echo '';
+      echo '        <!-- input module';
+      echo '';
+      echo '            The module used here is the playlist module - it has ';
+      echo '            "submodules" for different types of playlist. There are';
+      echo '            two currently implemented, "basic", which is a simple';
+      echo '            file-based playlist, and "script" which invokes a command';
+      echo '            to returns a filename to start playing. -->';
+      echo '';
+      echo '        <input>';
+      echo '            <module>playlist</module>';
+      echo '            <param name="type">basic</param>';
+      echo "            <param name=\"file\">$ICECAST_PLAYLIST_FILE</param>";
+      echo '            <!-- random play -->';
+      echo '            <param name="random">0</param>';
+      echo '            <!-- if the playlist get updated that start at the beginning -->';
+      echo '            <param name="restart-after-reread">0</param>';
+      echo '            <!-- if set to 1 , plays once through, then exits. -->';
+      echo '            <param name="once">0</param>';
+      echo '        </input>';
+      echo '';
+      echo '            <!-- Stream instance';
+      echo '            You may have one or more instances here. This allows you to ';
+      echo '            send the same input data to one or more servers (or to different';
+      echo '            mountpoints on the same server). Each of them can have different';
+      echo '            parameters. This is primarily useful for a) relaying to multiple';
+      echo '            independent servers, and b) encoding/reencoding to multiple';
+      echo '            bitrates.';
+      echo '            If one instance fails (for example, the associated server goes';
+      echo '            down, etc), the others will continue to function correctly.';
+      echo '            This example defines two instances as two mountpoints on the';
+      echo '            same server.  -->';
+      echo '        <instance>';
+      echo '            <!-- Server details:';
+      echo '                You define hostname and port for the server here, along with';
+      echo '                the source password and mountpoint.  -->';
+      echo '            <hostname>localhost</hostname>';
+      echo "            <port>$ICECAST_PORT</port>";
+      echo "            <password>$ICECAST_PASSWORD</password>";
+      echo '            <mount>/example1.ogg</mount>';
+      echo '            <!-- Reconnect parameters:';
+      echo '                When something goes wrong (e.g. the server crashes, or the';
+      echo '                network drops) and ices disconnects from the server, these';
+      echo '                control how often it tries to reconnect, and how many times';
+      echo '                it tries to reconnect. Delay is in seconds.';
+      echo '                If you set reconnectattempts to -1, it will continue ';
+      echo '                indefinately. Suggest setting reconnectdelay to a large value';
+      echo '                if you do this.';
+      echo '            -->';
+      echo '            <reconnectdelay>2</reconnectdelay>';
+      echo '            <reconnectattempts>5</reconnectattempts> ';
+      echo '';
+      echo '            <!-- maxqueuelength:';
+      echo '                This describes how long the internal data queues may be. This';
+      echo '                basically lets you control how much data gets buffered before';
+      echo '                ices decides it cant send to the server fast enough, and ';
+      echo '                either shuts down or flushes the queue (dropping the data)';
+      echo '                and continues. ';
+      echo '                For advanced users only.';
+      echo '            -->';
+      echo '            <maxqueuelength>80</maxqueuelength>';
+      echo '';
+      echo '            <!-- Live encoding/reencoding:';
+      echo '                Currrently, the parameters given here for encoding MUST';
+      echo '                match the input data for channels and sample rate. That ';
+      echo '                restriction will be relaxed in the future.';
+      echo '                Remove this section if you dont want your files getting reencoded.';
+      echo '            -->';
+      echo '            <encode>  ';
+      echo '                <nominal-bitrate>64000</nominal-bitrate>';
+      echo '                <samplerate>22050</samplerate>';
+      echo '                <channels>1</channels>';
+      echo '            </encode>';
+      echo '        </instance>';
+      echo '';
+      echo '        </stream>';
+      echo '</ices>'; } > /etc/ices2/ices-playlist.xml
 
     sed -i 's|ENABLE=.*|ENABLE=true|g' /etc/default/icecast2
 
@@ -733,18 +737,18 @@ function install_icecast {
 
 
     # create a password for users
-    ICECAST_USER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    ICECAST_USER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     if grep -q "$MY_USERNAME:" /etc/nginx/.icepasswd; then
         sed -i "/$MY_USERNAME:/d" /etc/nginx/.icepasswd
     fi
-    echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd $MY_USERNAME
+    echo "$ICECAST_USER_PASSWORD" | htpasswd -i -s -c /etc/nginx/.icepasswd "$MY_USERNAME"
     if [ ! -f /etc/nginx/.icepasswd ]; then
         echo $'/etc/nginx/.icepasswd not found'
         exit 73528235
     fi
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a icecast -p "$ICECAST_PASSWORD"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a icecastuser -p "$ICECAST_USER_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecast -p "$ICECAST_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a icecastuser -p "$ICECAST_USER_PASSWORD"
 
     groupadd icecast
     useradd -c "Icecast system account" -d /etc/icecast2 -m -r -g icecast icecast2
diff --git a/src/freedombone-app-ipfs b/src/freedombone-app-ipfs
index 09d9bb5a..d5859ae0 100755
--- a/src/freedombone-app-ipfs
+++ b/src/freedombone-app-ipfs
@@ -76,7 +76,7 @@ function upgrade_ipfs_go {
     fi
 
     function_check set_repo_commit
-    set_repo_commit $GOPATH/src/github.com/ipfs/go-ipfs "ipfs commit" "$IPFS_COMMIT" $IPFS_REPO
+    set_repo_commit "$GOPATH/src/github.com/ipfs/go-ipfs" "ipfs commit" "$IPFS_COMMIT" "$IPFS_REPO"
 }
 
 function upgrade_ipfs_js {
@@ -97,33 +97,34 @@ function upgrade_ipfs {
 }
 
 function backup_local_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
+    if ! grep -q "Admin user" "$COMPLETION_FILE"; then
         return
     fi
     ADMIN_USERNAME=$(get_completion_param "Admin user")
-    source_directory=/home/$ADMIN_USERNAME/.ipfs
-    if [ -d $source_directory ]; then
+    source_directory="/home/$ADMIN_USERNAME/.ipfs"
+    if [ -d "$source_directory" ]; then
         dest_directory=ipfs
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
     fi
 }
 
 function restore_local_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
+    if ! grep -q "Admin user" "$COMPLETION_FILE"; then
         return
     fi
-    if [ -d $USB_MOUNT/backup/ipfs ]; then
+    if [ -d "$USB_MOUNT/backup/ipfs" ]; then
         echo $"Restoring IPFS"
         temp_restore_dir=/root/tempipfs
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir ipfs
         ADMIN_USERNAME=$(get_completion_param "Admin user")
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then
-            cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
+            cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
         else
-            cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs
+            cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             function_check set_user_permissions
@@ -138,28 +139,29 @@ function restore_local_ipfs {
 }
 
 function backup_remote_ipfs {
-    if ! grep -q "Admin user" $COMPLETION_FILE; then
+    if ! grep -q "Admin user" "$COMPLETION_FILE"; then
         return
     fi
     ADMIN_USERNAME=$(get_completion_param "Admin user")
-    if [ -d /home/$ADMIN_USERNAME/.ipfs ]; then
+    if [ -d "/home/$ADMIN_USERNAME/.ipfs" ]; then
         echo $"Backing up IPFS"
-        backup_directory_to_friend /home/$ADMIN_USERNAME/.ipfs ipfs
+        backup_directory_to_friend "/home/$ADMIN_USERNAME/.ipfs" ipfs
         echo $"Backup of IPFS complete"
     fi
 }
 
 function restore_remote_ipfs {
-    if [ -d $SERVER_DIRECTORY/backup/ipfs ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/ipfs" ]; then
         echo $"Restoring IPFS"
         temp_restore_dir=/root/tempipfs
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir ipfs
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs ]; then
-            cp -rf $temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/* /home/$ADMIN_USERNAME/.ipfs
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs" ]; then
+            cp -rf "$temp_restore_dir/home/$ADMIN_USERNAME/.ipfs/*" "/home/$ADMIN_USERNAME/.ipfs"
         else
-            cp -rf $temp_restore_dir/* /home/$ADMIN_USERNAME/.ipfs
+            cp -rf "$temp_restore_dir/*" "/home/$ADMIN_USERNAME/.ipfs"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check set_user_permissions
             set_user_permissions
@@ -177,11 +179,11 @@ function remove_ipfs_go {
     systemctl daemon-reload
     rm /etc/systemd/system/ipfs.service
     systemctl daemon-reload
-    rm -rf $GOPATH/src/github.com/ipfs
+    rm -rf "$GOPATH/src/github.com/ipfs"
     firewall_remove $IPFS_PORT tcp
     remove_completion_param install_ipfs
     remove_completion_param configure_firewall_for_ipfs
-    sed -i '/ipfs/d' $COMPLETION_FILE
+    sed -i '/ipfs/d' "$COMPLETION_FILE"
 }
 
 function remove_ipfs_js {
@@ -194,9 +196,9 @@ function remove_ipfs_js {
     npm uninstall ronin --global
 
     firewall_remove $IPFS_PORT tcp
-    sed -i '/install_ipfs/d' $COMPLETION_FILE
-    sed -i '/ipfs/d' $COMPLETION_FILE
-    sed -i '/configure_firewall_for_ipfs/d' $COMPLETION_FILE
+    sed -i '/install_ipfs/d' "$COMPLETION_FILE"
+    sed -i '/ipfs/d' "$COMPLETION_FILE"
+    sed -i '/configure_firewall_for_ipfs/d' "$COMPLETION_FILE"
 }
 
 function remove_ipfs {
@@ -221,14 +223,15 @@ function mesh_install_ipfs_js {
         return
     fi
 
-    chroot ${rootdir} apt-get -yq install libpam0g-dev fuse
+    # shellcheck disable=SC2154
+    chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse
 
-    if [ ! -f ${rootdir}/usr/bin/nodejs ]; then
+    if [ ! -f "${rootdir}/usr/bin/nodejs" ]; then
         echo $'nodejs was not installed'
         exit 63962
     fi
 
-    cat <<EOF > ${rootdir}/root/install-ipfs.sh
+    cat <<EOF > "${rootdir}/root/install-ipfs.sh"
 #!/bin/bash
 PATH="/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/bin"
 NODE_PATH="/usr/lib/node_modules"
@@ -241,57 +244,57 @@ npm install -g ronin@${IPFS_JS_RONIN_VERSION} --save
 npm install -g ipfs@${IPFS_JS_VERSION} --save
 exit 0
 EOF
-    chroot ${rootdir} /bin/chmod +x /root/install-ipfs.sh
-    chroot ${rootdir} /root/install-ipfs.sh
-    rm -f ${rootdir}/root/install-ipfs.sh
+    chroot "${rootdir}" /bin/chmod +x /root/install-ipfs.sh
+    chroot "${rootdir}" /root/install-ipfs.sh
+    rm -f "${rootdir}/root/install-ipfs.sh"
 
     IPFS_PATH=/usr/bin
 
-    if [ ! -f ${rootdir}$IPFS_PATH/jsipfs ]; then
+    if [ ! -f "${rootdir}$IPFS_PATH/jsipfs" ]; then
         exit 637292
     fi
 
     # directories to mount to
-    if [ ! -d ${rootdir}/ipfs ]; then
-        chroot ${rootdir} /bin/mkdir /ipfs
-        chroot ${rootdir} /bin/mkdir /ipns
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipfs
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /ipns
+    if [ ! -d "${rootdir}/ipfs" ]; then
+        chroot "${rootdir}" /bin/mkdir /ipfs
+        chroot "${rootdir}" /bin/mkdir /ipns
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /ipns
     fi
 
-    if [ -f ${rootdir}/etc/fuse.conf ]; then
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+    if [ -f "${rootdir}/etc/fuse.conf" ]; then
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
     fi
-    if [ -f ${rootdir}/dev/fuse ]; then
-        chroot ${rootdir} /bin/chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+    if [ -f "${rootdir}/dev/fuse" ]; then
+        chroot "${rootdir}" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
     fi
 
     IPFS_DAEMON_NAME=ipfs
     IPFS_DAEMON_FILE=${rootdir}/etc/systemd/system/${IPFS_DAEMON_NAME}.service
-    echo '[Unit]' > $IPFS_DAEMON_FILE
-    echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE
-    echo 'After=syslog.target' >> $IPFS_DAEMON_FILE
-    echo 'After=network.target' >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Service]' >> $IPFS_DAEMON_FILE
-    echo 'Type=simple' >> $IPFS_DAEMON_FILE
-    echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE
-    echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Install]' >> $IPFS_DAEMON_FILE
-    echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE
+    { echo '[Unit]';
+      echo 'Description=IPFS javascript daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=$MY_USERNAME";
+      echo "Group=$MY_USERNAME";
+      echo "WorkingDirectory=/home/$MY_USERNAME";
+      echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
+      echo 'Restart=on-failure';
+      echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$IPFS_DAEMON_FILE"
 
-    chroot ${rootdir} systemctl enable ${IPFS_DAEMON_NAME}
+    chroot "${rootdir}" systemctl enable ${IPFS_DAEMON_NAME}
 
     mark_completed "${FUNCNAME[0]}"
 }
 
 function install_ipfs_js {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_ipfs_js
         return
     fi
@@ -321,8 +324,8 @@ function install_ipfs_js {
     fi
 
     # initialise
-    su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - $MY_USERNAME
-    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
+    su -c "$IPFS_PATH/jsipfs init -b $IPFS_KEY_LENGTH" - "$MY_USERNAME"
+    if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
         echo "IPFS could not be initialised for user $MY_USERNAME"
         exit 7358
     fi
@@ -331,35 +334,35 @@ function install_ipfs_js {
     if [ ! -d /ipfs ]; then
         mkdir /ipfs
         mkdir /ipns
-        chown $MY_USERNAME:$MY_USERNAME /ipfs
-        chown $MY_USERNAME:$MY_USERNAME /ipns
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipns
     fi
 
     if [ -f /etc/fuse.conf ]; then
-        chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+        chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
     fi
     if [ -f /dev/fuse ]; then
-        chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+        chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
     fi
 
     IPFS_DAEMON_NAME=ipfs
     IPFS_DAEMON_FILE=/etc/systemd/system/${IPFS_DAEMON_NAME}.service
-    echo '[Unit]' > $IPFS_DAEMON_FILE
-    echo 'Description=IPFS javascript daemon' >> $IPFS_DAEMON_FILE
-    echo 'After=syslog.target' >> $IPFS_DAEMON_FILE
-    echo 'After=network.target' >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Service]' >> $IPFS_DAEMON_FILE
-    echo 'Type=simple' >> $IPFS_DAEMON_FILE
-    echo "User=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "Group=$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> $IPFS_DAEMON_FILE
-    echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount" >> $IPFS_DAEMON_FILE
-    echo 'Restart=on-failure' >> $IPFS_DAEMON_FILE
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"" >> $IPFS_DAEMON_FILE
-    echo '' >> $IPFS_DAEMON_FILE
-    echo '[Install]' >> $IPFS_DAEMON_FILE
-    echo 'WantedBy=multi-user.target' >> $IPFS_DAEMON_FILE
+    { echo '[Unit]';
+      echo 'Description=IPFS javascript daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=$MY_USERNAME";
+      echo "Group=$MY_USERNAME";
+      echo "WorkingDirectory=/home/$MY_USERNAME";
+      echo "ExecStart=${IPFS_PATH}/jsipfs daemon --mount";
+      echo 'Restart=on-failure';
+      echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $IPFS_DAEMON_FILE
 
     systemctl enable ${IPFS_DAEMON_NAME}
     systemctl daemon-reload
@@ -387,17 +390,17 @@ function install_ipfs_js {
 }
 
 function mesh_install_ipfs_go {
-    chroot ${rootdir} apt-get -yq install libpam0g-dev fuse wget
+    chroot "${rootdir}" apt-get -yq install libpam0g-dev fuse wget
 
     mesh_upgrade_golang
 
     IPFS_ARCH=
     IPFS_PATH=/usr/bin
 
-    if [ ! -d $rootdir$INSTALL_DIR/ipfs ]; then
-        mkdir -p $rootdir$INSTALL_DIR/ipfs
+    if [ ! -d "$rootdir$INSTALL_DIR/ipfs" ]; then
+        mkdir -p "$rootdir$INSTALL_DIR/ipfs"
     fi
-    cd $rootdir$INSTALL_DIR/ipfs
+    cd "$rootdir$INSTALL_DIR/ipfs" || exit 23468264
 
     if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then
         IPFS_ARCH=386
@@ -431,42 +434,42 @@ function mesh_install_ipfs_go {
 
     IPFS_FILE=go-ipfs_v${IPFS_GO_VERSION}_linux-${IPFS_ARCH}.tar.gz
     wget https://ipfs.io/ipns/dist.ipfs.io/go-ipfs/v${IPFS_GO_VERSION}/${IPFS_FILE}
-    if [ ! -f $rootdir$INSTALL_DIR/ipfs/${IPFS_FILE} ]; then
+    if [ ! -f "$rootdir$INSTALL_DIR/ipfs/${IPFS_FILE}" ]; then
         echo $'IPFS package could not be downloaded'
         exit 63725
     fi
     tar -xzvf ${IPFS_FILE}
-    if [ ! -f $rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs ]; then
+    if [ ! -f "$rootdir$INSTALL_DIR/ipfs/go-ipfs/ipfs" ]; then
         echo $"ipfs was not found in downloaded package"
         exit 638235
     fi
-    chroot "$rootdir" /bin/cp $INSTALL_DIR/ipfs/go-ipfs/ipfs $IPFS_PATH
-    if [ ! -f $rootdir$IPFS_PATH/ipfs ]; then
+    chroot "$rootdir" /bin/cp "$INSTALL_DIR/ipfs/go-ipfs/ipfs" $IPFS_PATH
+    if [ ! -f "$rootdir$IPFS_PATH/ipfs" ]; then
         echo $'IPFS was not installed'
         exit 63722
     fi
 
     IPFS_USER_DAEMON=${rootdir}/home/${MY_USERNAME}/.config/systemd/user/ipfs.service
-    mkdir -p ${rootdir}/home/${MY_USERNAME}/.config/systemd/user
+    mkdir -p "${rootdir}/home/${MY_USERNAME}/.config/systemd/user"
 
-    echo '[Unit]' > $IPFS_USER_DAEMON
-    echo 'Description=IPFS go daemon' >> $IPFS_USER_DAEMON
-    echo 'After=syslog.target' >> $IPFS_USER_DAEMON
-    echo 'After=network.target' >> $IPFS_USER_DAEMON
-    echo '' >> $IPFS_USER_DAEMON
-    echo '[Service]' >> $IPFS_USER_DAEMON
-    echo 'Type=simple' >> $IPFS_USER_DAEMON
-    echo "ExecStart=$IPFS_PATH/ipfs daemon" >> $IPFS_USER_DAEMON
-    echo 'Restart=on-failure' >> $IPFS_USER_DAEMON
-    echo 'RestartSec=60' >> $IPFS_USER_DAEMON
-    echo '' >> $IPFS_USER_DAEMON
-    echo '[Install]' >> $IPFS_USER_DAEMON
-    echo 'WantedBy=default.target' >> $IPFS_USER_DAEMON
-    chroot ${rootdir} /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/${MY_USERNAME}/.config
+    { echo '[Unit]';
+      echo 'Description=IPFS go daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "ExecStart=$IPFS_PATH/ipfs daemon";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=60';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=default.target'; } > "$IPFS_USER_DAEMON"
+    chroot "${rootdir}" /bin/chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/${MY_USERNAME}/.config"
 }
 
 function install_ipfs_go {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_ipfs_go
         return
     fi
@@ -490,61 +493,58 @@ function install_ipfs_go {
         else
             sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" ~/.bashrc
         fi
-        systemctl set-environment GOPATH=$GOPATH
+        systemctl set-environment GOPATH="$GOPATH"
         if ! grep -q "systemctl set-environment GOPATH=" ~/.bashrc; then
             echo "systemctl set-environment GOPATH=$GOPATH" >> ~/.bashrc
         else
             sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
         fi
-        if [ ! -d $GOPATH ]; then
-            mkdir -p $GOPATH
+        if [ ! -d "$GOPATH" ]; then
+            mkdir -p "$GOPATH"
         fi
     fi
 
     IPFS_PATH=$GOPATH/bin
     export PATH="$GOPATH/bin:$PATH:"
     if ! grep -q 'GOPATH/bin' ~/.bashrc; then
-        echo 'export PATH="$GOPATH/bin:$PATH:";' >> ~/.bashrc
+        echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> ~/.bashrc
     else
         sed -i "s|systemctl set-environment GOPATH=.*|systemctl set-environment GOPATH=$GOPATH|g" ~/.bashrc
     fi
 
     # set gopath for the user
-    if ! grep -q "GOPATH=" /home/$MY_USERNAME/.bashrc; then
-        echo "export GOPATH=$GOPATH" >> /home/$MY_USERNAME/.bashrc
-        echo 'export PATH="$GOPATH/bin:$PATH:";' >> /home/$MY_USERNAME/.bashrc
+    if ! grep -q "GOPATH=" "/home/$MY_USERNAME/.bashrc"; then
+        echo "export GOPATH=$GOPATH" >> "/home/$MY_USERNAME/.bashrc"
+        echo "export PATH=\"\$GOPATH/bin:\$PATH:\";" >> "/home/$MY_USERNAME/.bashrc"
     else
-        sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" /home/$MY_USERNAME/.bashrc
+        sed -i "s|export GOPATH=.*|export GOPATH=$GOPATH|g" "/home/$MY_USERNAME/.bashrc"
     fi
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.bashrc
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.bashrc"
 
-    go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs
-    if [ ! "$?" = "0" ]; then
+    if ! go get -u ${IPFS_GO_REPO_BASE}/cmd/ipfs; then
         exit 8242
     fi
 
-    if [ ! -d $GOPATH/src/$IPFS_GO_REPO_BASE ]; then
+    if [ ! -d "$GOPATH/src/$IPFS_GO_REPO_BASE" ]; then
         echo $'go get failed to get ipfs'
         exit 63923
     fi
 
-    cd $GOPATH/src/$IPFS_GO_REPO_BASE
-    git checkout $IPFS_COMMIT -b $IPFS_COMMIT
-    if [ ! "$?" = "0" ]; then
+    cd "$GOPATH/src/$IPFS_GO_REPO_BASE" || exit 346824
+    if ! git checkout $IPFS_COMMIT -b $IPFS_COMMIT; then
         exit 735639
     fi
 
     set_completion_param "ipfs commit" "$IPFS_COMMIT"
 
-    make install
-    if [ ! "$?" = "0" ]; then
+    if ! make install; then
         exit 547242
     fi
 
     # initialise
-    chmod 755 $IPFS_PATH/ipfs
-    su -c "$IPFS_PATH/ipfs init -b 2048" - $MY_USERNAME
-    if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
+    chmod 755 "$IPFS_PATH/ipfs"
+    su -c "$IPFS_PATH/ipfs init -b 2048" - "$MY_USERNAME"
+    if [ ! -d "/home/$MY_USERNAME/.ipfs" ]; then
         echo "IPFS could not be initialised for user $MY_USERNAME"
         exit 7358
     fi
@@ -553,33 +553,33 @@ function install_ipfs_go {
     if [ ! -d /ipfs ]; then
         mkdir /ipfs
         mkdir /ipns
-        chown $MY_USERNAME:$MY_USERNAME /ipfs
-        chown $MY_USERNAME:$MY_USERNAME /ipns
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipfs
+        chown "$MY_USERNAME":"$MY_USERNAME" /ipns
     fi
 
     if [ -f /etc/fuse.conf ]; then
-        chown $MY_USERNAME:$MY_USERNAME /etc/fuse.conf
+        chown "$MY_USERNAME":"$MY_USERNAME" /etc/fuse.conf
     fi
     if [ -f /dev/fuse ]; then
-        chown $MY_USERNAME:$MY_USERNAME /dev/fuse
+        chown "$MY_USERNAME":"$MY_USERNAME" /dev/fuse
     fi
 
-    echo '[Unit]' > /etc/systemd/system/ipfs.service
-    echo 'Description=IPFS go daemon' >> /etc/systemd/system/ipfs.service
-    echo 'After=syslog.target' >> /etc/systemd/system/ipfs.service
-    echo 'After=network.target' >> /etc/systemd/system/ipfs.service
-    echo '' >> /etc/systemd/system/ipfs.service
-    echo '[Service]' >> /etc/systemd/system/ipfs.service
-    echo 'Type=simple' >> /etc/systemd/system/ipfs.service
-    echo "User=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "Group=$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "WorkingDirectory=/home/$MY_USERNAME" >> /etc/systemd/system/ipfs.service
-    echo "ExecStart=$IPFS_PATH/ipfs daemon --mount" >> /etc/systemd/system/ipfs.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/ipfs.service
-    echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"" >> /etc/systemd/system/ipfs.service
-    echo '' >> /etc/systemd/system/ipfs.service
-    echo '[Install]' >> /etc/systemd/system/ipfs.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ipfs.service
+    { echo '[Unit]';
+      echo 'Description=IPFS go daemon';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=$MY_USERNAME";
+      echo "Group=$MY_USERNAME";
+      echo "WorkingDirectory=/home/$MY_USERNAME";
+      echo "ExecStart=$IPFS_PATH/ipfs daemon --mount";
+      echo 'Restart=on-failure';
+      echo "Environment=\"USER=$MY_USERNAME\" \"HOME=/home/$MY_USERNAME\" \"GOPATH=$GOPATH\" \"GVM_ROOT=$GVM_HOME\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ipfs.service
 
     systemctl enable ipfs
     systemctl daemon-reload
diff --git a/src/freedombone-app-irc b/src/freedombone-app-irc
index 90883700..5e4e56df 100755
--- a/src/freedombone-app-irc
+++ b/src/freedombone-app-irc
@@ -63,7 +63,7 @@ function logging_off_irc {
 }
 
 function irc_get_global_password {
-    echo $(cat /etc/ngircd/ngircd.conf | grep "Password =" | head -n 1 | awk -F '=' '{print $2}')
+    grep "Password =" /etc/ngircd/ngircd.conf | head -n 1 | awk -F '=' '{print $2}'
 }
 
 function start_irc_bouncer {
@@ -93,70 +93,70 @@ function create_irssi_config {
         new_name="$new_username"
     fi
 
-    echo 'servers = (' > /home/${new_username}/.irssi/config
-    echo '  {' >> /home/${new_username}/.irssi/config
-    echo '    address = "chat.freenode.net";' >> /home/${new_username}/.irssi/config
-    echo '    chatnet = "Freenode";' >> /home/${new_username}/.irssi/config
-    echo '    port = "6667";' >> /home/${new_username}/.irssi/config
-    echo '    autoconnect = "no";' >> /home/${new_username}/.irssi/config
-    echo '  },' >> /home/${new_username}/.irssi/config
-    echo '  {' >> /home/${new_username}/.irssi/config
-    echo '    address = "irc.oftc.net";' >> /home/${new_username}/.irssi/config
-    echo '    chatnet = "OFTC";' >> /home/${new_username}/.irssi/config
-    echo '    port = "6667";' >> /home/${new_username}/.irssi/config
-    echo '    autoconnect = "no";' >> /home/${new_username}/.irssi/config
-    echo '  },' >> /home/${new_username}/.irssi/config
-    echo '  {' >> /home/${new_username}/.irssi/config
-    echo "    address = \"127.0.0.1\";" >> /home/${new_username}/.irssi/config
-    echo '    ssl_verify = "no";' >> /home/${new_username}/.irssi/config
+    { echo 'servers = (';
+      echo '  {';
+      echo '    address = "chat.freenode.net";';
+      echo '    chatnet = "Freenode";';
+      echo '    port = "6667";';
+      echo '    autoconnect = "no";';
+      echo '  },';
+      echo '  {';
+      echo '    address = "irc.oftc.net";';
+      echo '    chatnet = "OFTC";';
+      echo '    port = "6667";';
+      echo '    autoconnect = "no";';
+      echo '  },';
+      echo '  {';
+      echo "    address = \"127.0.0.1\";";
+      echo '    ssl_verify = "no";'; } > "/home/${new_username}/.irssi/config"
     if [[ ${ONION_ONLY} == 'no' ]]; then
-        echo '    use_ssl = "yes";' >> /home/${new_username}/.irssi/config
-        echo "    port = \"${IRC_BOUNCER_PORT}\";" >> /home/${new_username}/.irssi/config
+        echo '    use_ssl = "yes";' >> "/home/${new_username}/.irssi/config"
+        echo "    port = \"${IRC_BOUNCER_PORT}\";" >> "/home/${new_username}/.irssi/config"
     else
-        echo '    use_ssl = "no";' >> /home/${new_username}/.irssi/config
-        IRC_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep "irc onion domain" | head -n 1 | awk -F ':' '{print $2}')
-        echo "    port = \"${IRC_ONION_PORT}\";" >> /home/${new_username}/.irssi/config
+        echo '    use_ssl = "no";' >> "/home/${new_username}/.irssi/config"
+        IRC_ONION_HOSTNAME=$(grep "irc onion domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}')
+        echo "    port = \"${IRC_ONION_PORT}\";" >> "/home/${new_username}/.irssi/config"
     fi
-    echo '    chatnet = "Freedombone";' >> /home/${new_username}/.irssi/config
-    echo '    autoconnect = "yes";' >> /home/${new_username}/.irssi/config
-    if [ ${IRC_PASSWORD} ]; then
-        echo "    password = \"${IRC_PASSWORD}\";" >> /home/${new_username}/.irssi/config
+    echo '    chatnet = "Freedombone";' >> "/home/${new_username}/.irssi/config"
+    echo '    autoconnect = "yes";' >> "/home/${new_username}/.irssi/config"
+    if [ "${IRC_PASSWORD}" ]; then
+        echo "    password = \"${IRC_PASSWORD}\";" >> "/home/${new_username}/.irssi/config"
     fi
-    echo '  }' >> /home/${new_username}/.irssi/config
-    echo ');' >> /home/${new_username}/.irssi/config
-    echo '' >> /home/${new_username}/.irssi/config
-    echo 'chatnets = {' >> /home/${new_username}/.irssi/config
-    echo '  Freedombone = {' >> /home/${new_username}/.irssi/config
-    echo '    type = "IRC";' >> /home/${new_username}/.irssi/config
-    echo '    max_kicks = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_msgs = "4";' >> /home/${new_username}/.irssi/config
-    echo '    max_whois = "1";' >> /home/${new_username}/.irssi/config
-    echo '  };' >> /home/${new_username}/.irssi/config
-    echo '  Freenode = {' >> /home/${new_username}/.irssi/config
-    echo '    type = "IRC";' >> /home/${new_username}/.irssi/config
-    echo '    max_kicks = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_msgs = "4";' >> /home/${new_username}/.irssi/config
-    echo '    max_whois = "1";' >> /home/${new_username}/.irssi/config
-    echo '  };' >> /home/${new_username}/.irssi/config
-    echo '  OFTC = {' >> /home/${new_username}/.irssi/config
-    echo '    type = "IRC";' >> /home/${new_username}/.irssi/config
-    echo '    max_kicks = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_msgs = "1";' >> /home/${new_username}/.irssi/config
-    echo '    max_whois = "1";' >> /home/${new_username}/.irssi/config
-    echo '  };' >> /home/${new_username}/.irssi/config
-    echo '};' >> /home/${new_username}/.irssi/config
-    echo '' >> /home/${new_username}/.irssi/config
-    echo 'channels = (' >> /home/${new_username}/.irssi/config
-    echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/${new_username}/.irssi/config
-    echo ');' >> /home/${new_username}/.irssi/config
-    echo '' >> /home/${new_username}/.irssi/config
-    echo 'settings = {' >> /home/${new_username}/.irssi/config
-    echo "  core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };" >> /home/${new_username}/.irssi/config
-    echo '  "fe-text" = { actlist_sort = "refnum"; };' >> /home/${new_username}/.irssi/config
-    echo '};' >> /home/${new_username}/.irssi/config
-    echo 'ignores = ( { level = "CTCPS"; } );' >> /home/${new_username}/.irssi/config
+    { echo '  }';
+      echo ');';
+      echo '';
+      echo 'chatnets = {';
+      echo '  Freedombone = {';
+      echo '    type = "IRC";';
+      echo '    max_kicks = "1";';
+      echo '    max_msgs = "4";';
+      echo '    max_whois = "1";';
+      echo '  };';
+      echo '  Freenode = {';
+      echo '    type = "IRC";';
+      echo '    max_kicks = "1";';
+      echo '    max_msgs = "4";';
+      echo '    max_whois = "1";';
+      echo '  };';
+      echo '  OFTC = {';
+      echo '    type = "IRC";';
+      echo '    max_kicks = "1";';
+      echo '    max_msgs = "1";';
+      echo '    max_whois = "1";';
+      echo '  };';
+      echo '};';
+      echo '';
+      echo 'channels = (';
+      echo '  { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },';
+      echo ');';
+      echo '';
+      echo 'settings = {';
+      echo "  core = { real_name = \"$new_name\"; user_name = \"$new_username\"; nick = \"$new_username\"; };";
+      echo '  "fe-text" = { actlist_sort = "refnum"; };';
+      echo '};';
+      echo 'ignores = ( { level = "CTCPS"; } );'; } >> "/home/${new_username}/.irssi/config"
 
-    chown -R ${new_username}:${new_username} /home/${new_username}/.irssi
+    chown -R "${new_username}":"${new_username}" "/home/${new_username}/.irssi"
 }
 
 function remove_user_irc_bouncer {
@@ -172,14 +172,14 @@ function remove_user_irc_bouncer {
 function remove_user_irc {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp irc
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp irc
 
-    remove_user_irc_bouncer ${remove_username}
-    if [ -d /home/${remove_username}/.irssi ]; then
-        rm -rf /home/${remove_username}/.irssi
+    remove_user_irc_bouncer "${remove_username}"
+    if [ -d "/home/${remove_username}/.irssi" ]; then
+        rm -rf "/home/${remove_username}/.irssi"
     fi
-    if [ -d /home/${remove_username}/irclogs ]; then
-        rm -rf /home/${remove_username}/irclogs
+    if [ -d "/home/${remove_username}/irclogs" ]; then
+        rm -rf "/home/${remove_username}/irclogs"
     fi
 }
 
@@ -192,9 +192,9 @@ function irc_set_global_password_base {
     for d in /home/*/ ; do
         IRC_USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$IRC_USERNAME") == "1" ]]; then
-            if [ -f /home/${IRC_USERNAME}/.irssi/config ]; then
-                sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" /home/${IRC_USERNAME}/.irssi/config
-                chown -R ${IRC_USERNAME}:${IRC_USERNAME} /home/${IRC_USERNAME}/.irssi
+            if [ -f "/home/${IRC_USERNAME}/.irssi/config" ]; then
+                sed -i "s|$EXISTING_IRC_PASSWORD|$NEW_IRC_PASSWORD|g" "/home/${IRC_USERNAME}/.irssi/config"
+                chown -R "${IRC_USERNAME}":"${IRC_USERNAME}" "/home/${IRC_USERNAME}/.irssi"
             fi
         fi
     done
@@ -217,11 +217,11 @@ function irc_set_global_password_base {
     sed -i "s|Server     = 127.0.0.1.*|Server     = 127.0.0.1 ${IRC_PORT} ${NEW_IRC_PASSWORD}|g" /home/znc/.znc/configs/znc.conf
 
     # Update the password
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a irc -p "$NEW_IRC_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a irc -p "$NEW_IRC_PASSWORD"
 
     # matrix bridge to irc
-    if [ -f $INSTALL_DIR/matrix_irc_bridge/config.yaml ]; then
-        sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" $INSTALL_DIR/matrix_irc_bridge/config.yaml
+    if [ -f "$INSTALL_DIR/matrix_irc_bridge/config.yaml" ]; then
+        sed -i "s|password: .*|password: \"$NEW_IRC_PASSWORD\"|g" "$INSTALL_DIR/matrix_irc_bridge/config.yaml"
         systemctl restart matrix_irc_bridge
     fi
 
@@ -244,7 +244,7 @@ function add_user_irc_bouncer {
     new_user_password=$(irc_get_global_password)
     IRC_PASSWORD="$new_user_password"
     is_admin='true'
-    if [ ! $3 ]; then
+    if [ ! "$3" ]; then
         is_admin='false'
     fi
 
@@ -255,7 +255,7 @@ function add_user_irc_bouncer {
     read_config_param IRC_PORT
     read_config_param DEFAULT_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $new_username -a irc -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a irc -p "$new_user_password"
 
     stop_irc_bouncer
 
@@ -269,73 +269,73 @@ function add_user_irc_bouncer {
         return
     fi
 
-    echo "<User ${new_username}>" >> /home/znc/.znc/configs/znc.conf
-    echo "    Admin      = ${is_admin}" >> /home/znc/.znc/configs/znc.conf
-    echo "    AltNick = ${new_username}_" >> /home/znc/.znc/configs/znc.conf
-    echo '    AppendTimestamp = false' >> /home/znc/.znc/configs/znc.conf
-    echo '    AutoClearChanBuffer = true' >> /home/znc/.znc/configs/znc.conf
-    echo '    AutoClearQueryBuffer = true' >> /home/znc/.znc/configs/znc.conf
-    echo "    Buffer = ${IRC_BUFFER_LENGTH}" >> /home/znc/.znc/configs/znc.conf
-    echo '    DenyLoadMod = false' >> /home/znc/.znc/configs/znc.conf
-    echo '    DenySetBindHost = false' >> /home/znc/.znc/configs/znc.conf
-    echo "    Ident = ${new_username}" >> /home/znc/.znc/configs/znc.conf
-    echo '    JoinTries = 10' >> /home/znc/.znc/configs/znc.conf
-    echo '    LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '    LoadModule = controlpanel' >> /home/znc/.znc/configs/znc.conf
-    echo '    MaxJoins = 10' >> /home/znc/.znc/configs/znc.conf
-    echo '    MaxNetworks = 10' >> /home/znc/.znc/configs/znc.conf
-    echo '    MaxQueryBuffers = 50' >> /home/znc/.znc/configs/znc.conf
-    echo '    MultiClients = true' >> /home/znc/.znc/configs/znc.conf
-    echo "    Nick = ${new_username}" >> /home/znc/.znc/configs/znc.conf
-    echo '    PrependTimestamp = true' >> /home/znc/.znc/configs/znc.conf
-    echo '    QuitMsg = Bye' >> /home/znc/.znc/configs/znc.conf
-    echo "    RealName = ${new_username}" >> /home/znc/.znc/configs/znc.conf
-    echo '    StatusPrefix = *' >> /home/znc/.znc/configs/znc.conf
-    echo '    TimestampFormat = [%H:%M:%S]' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo "    <Network ${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo "        Server     = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}" >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo "        <Chan #${PROJECT_NAME}>" >> /home/znc/.znc/configs/znc.conf
-    echo '        </Chan>' >> /home/znc/.znc/configs/znc.conf
-    echo '    </Network>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '    <Network oftc>' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf
-    echo '        IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf
-    echo '        Server = irc.oftc.net 6697' >> /home/znc/.znc/configs/znc.conf
-    echo '    </Network>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '    <Network freenode>' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = chansaver' >> /home/znc/.znc/configs/znc.conf
-    echo '        LoadModule = simple_away' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodBurst = 4' >> /home/znc/.znc/configs/znc.conf
-    echo '        FloodRate = 1.00' >> /home/znc/.znc/configs/znc.conf
-    echo '        IRCConnectEnabled = true' >> /home/znc/.znc/configs/znc.conf
-    echo '        Server = irc.freenode.net 6697' >> /home/znc/.znc/configs/znc.conf
-    echo '    </Network>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '    <Pass password>' >> /home/znc/.znc/configs/znc.conf
-    echo "        Hash = ${new_user_hash}" >> /home/znc/.znc/configs/znc.conf
-    echo '        Method = sha256' >> /home/znc/.znc/configs/znc.conf
-    echo "        Salt = ${ZNC_SALT}" >> /home/znc/.znc/configs/znc.conf
-    echo '    </Pass>' >> /home/znc/.znc/configs/znc.conf
-    echo '</User>' >> /home/znc/.znc/configs/znc.conf
+    { echo "<User ${new_username}>";
+      echo "    Admin      = ${is_admin}";
+      echo "    AltNick = ${new_username}_";
+      echo '    AppendTimestamp = false';
+      echo '    AutoClearChanBuffer = true';
+      echo '    AutoClearQueryBuffer = true';
+      echo "    Buffer = ${IRC_BUFFER_LENGTH}";
+      echo '    DenyLoadMod = false';
+      echo '    DenySetBindHost = false';
+      echo "    Ident = ${new_username}";
+      echo '    JoinTries = 10';
+      echo '    LoadModule = chansaver';
+      echo '    LoadModule = controlpanel';
+      echo '    MaxJoins = 10';
+      echo '    MaxNetworks = 10';
+      echo '    MaxQueryBuffers = 50';
+      echo '    MultiClients = true';
+      echo "    Nick = ${new_username}";
+      echo '    PrependTimestamp = true';
+      echo '    QuitMsg = Bye';
+      echo "    RealName = ${new_username}";
+      echo '    StatusPrefix = *';
+      echo '    TimestampFormat = [%H:%M:%S]';
+      echo '';
+      echo "    <Network ${PROJECT_NAME}>";
+      echo '        LoadModule = chansaver';
+      echo '        LoadModule = simple_away';
+      echo '';
+      echo "        Server     = 127.0.0.1 ${IRC_PORT} ${IRC_PASSWORD}";
+      echo '';
+      echo "        <Chan #${PROJECT_NAME}>";
+      echo '        </Chan>';
+      echo '    </Network>';
+      echo '';
+      echo '    <Network oftc>';
+      echo '        LoadModule = chansaver';
+      echo '        LoadModule = simple_away';
+      echo '        FloodBurst = 4';
+      echo '        FloodRate = 1.00';
+      echo '        IRCConnectEnabled = true';
+      echo '        Server = irc.oftc.net 6697';
+      echo '    </Network>';
+      echo '';
+      echo '    <Network freenode>';
+      echo '        LoadModule = chansaver';
+      echo '        LoadModule = simple_away';
+      echo '        FloodBurst = 4';
+      echo '        FloodRate = 1.00';
+      echo '        IRCConnectEnabled = true';
+      echo '        Server = irc.freenode.net 6697';
+      echo '    </Network>';
+      echo '';
+      echo '    <Pass password>';
+      echo "        Hash = ${new_user_hash}";
+      echo '        Method = sha256';
+      echo "        Salt = ${ZNC_SALT}";
+      echo '    </Pass>';
+      echo '</User>'; } >> /home/znc/.znc/configs/znc.conf
 
-    mkdir -p /home/znc/.znc/users/${new_username}/moddata
-    mkdir -p /home/znc/.znc/users/${new_username}/networks
-    mkdir /home/znc/.znc/users/${new_username}/moddata/chanserver
-    mkdir /home/znc/.znc/users/${new_username}/moddata/controlpanel
-    mkdir /home/znc/.znc/users/${new_username}/moddata/perform
-    mkdir /home/znc/.znc/users/${new_username}/moddata/webadmin
-    mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver
-    mkdir -p /home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away
+    mkdir -p "/home/znc/.znc/users/${new_username}/moddata"
+    mkdir -p "/home/znc/.znc/users/${new_username}/networks"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/chanserver"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/controlpanel"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/perform"
+    mkdir "/home/znc/.znc/users/${new_username}/moddata/webadmin"
+    mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/chansaver"
+    mkdir -p "/home/znc/.znc/users/${new_username}/networks/${PROJECT_NAME}/moddata/simple_away"
 
     mkdir -p /home/znc/.znc/moddata/webadmin
 
@@ -353,8 +353,8 @@ function add_user_irc {
         IRC_PASSWORD=
     fi
 
-    if [ ! -d /home/${new_username}/.irssi ]; then
-        mkdir /home/${new_username}/.irssi
+    if [ ! -d "/home/${new_username}/.irssi" ]; then
+        mkdir "/home/${new_username}/.irssi"
     fi
 
     create_irssi_config "${new_username}"
@@ -374,19 +374,21 @@ function irc_show_password {
 
 function irc_set_global_password {
     EXISTING_IRC_PASSWORD=$(irc_get_global_password)
+    data=$(mktemp 2>/dev/null)
     dialog --title $"IRC Password" \
            --clear \
            --backtitle $"Freedombone Control Panel" \
-           --passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> $data
+           --passwordbox $"Password for all IRC users, or press Enter for no password" 10 60 "$EXISTING_IRC_PASSWORD" 2> "$data"
     sel=$?
     case $sel in
         0)
-            NEW_IRC_PASSWORD=$(<$data)
+            NEW_IRC_PASSWORD=$(<"$data")
             irc_set_global_password_base "$NEW_IRC_PASSWORD"
             dialog --title $"IRC Password" \
                    --msgbox $"The IRC password was changed" 6 40
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_irc {
@@ -398,24 +400,26 @@ function configure_interactive_irc {
 
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"IRC Menu" \
                --radiolist $"Choose an operation:" 14 70 4 \
                1 $"Set a password for all IRC users" off \
                2 $"Show current IRC login password" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) irc_set_global_password;;
             2) irc_show_password;;
             3) break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -466,7 +470,7 @@ function remove_irc {
     remove_onion_service irc ${IRC_ONION_PORT}
     remove_completion_param install_irc
     remove_completion_param configure_firewall_for_irc
-    sed -i '/IRC /d' ${COMPLETION_FILE}
+    sed -i '/IRC /d' "${COMPLETION_FILE}"
     sed -i '/znc 2> /d' /etc/crontab
     stop_irc_bouncer
     if [ -d /home/znc ]; then
@@ -496,7 +500,7 @@ function configure_firewall_for_irc {
     save_firewall_settings
 
     firewall_add IRC ${IRC_BOUNCER_PORT} tcp
-    echo 'configure_firewall_for_irc' >> ${COMPLETION_FILE}
+    echo 'configure_firewall_for_irc' >> "${COMPLETION_FILE}"
 }
 
 function install_irc_server {
@@ -511,29 +515,29 @@ function install_irc_server {
     fi
 
     # obtain a cert for the default domain
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+    if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
         echo $'Obtaining certificate for the main domain'
-        create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
+        create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
     fi
 
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "0" ]]; then
-        ${PROJECT_NAME}-addcert -h ngircd --dhkey ${DH_KEYLENGTH}
+    if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}")" == "0" ]]; then
+        "${PROJECT_NAME}-addcert" -h ngircd --dhkey "${DH_KEYLENGTH}"
         function_check check_certificates
         check_certificates ngircd
     fi
 
     DEFAULTDOMAIN=${DEFAULT_DOMAIN_NAME}
 
-    IRC_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    IRC_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
 
     set_password_for_all_users irc "$IRC_PASSWORD"
 
 
-    echo '**************************************************' > /etc/ngircd/motd
-    echo $'*           F R E E D O M B O N E   I R C        *' >> /etc/ngircd/motd
-    echo '*                                                *' >> /etc/ngircd/motd
-    echo $'*               Freedom in the Cloud             *' >> /etc/ngircd/motd
-    echo '**************************************************' >> /etc/ngircd/motd
+    { echo '**************************************************';
+      echo $'*           F R E E D O M B O N E   I R C        *';
+      echo '*                                                *';
+      echo $'*               Freedom in the Cloud             *';
+      echo '**************************************************'; } > /etc/ngircd/motd
     sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
     sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
     sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
@@ -541,7 +545,7 @@ function install_irc_server {
     sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
     sed -i "s/;Ports =.*/Ports = ${IRC_PORT}/g" /etc/ngircd/ngircd.conf
     if [[ $ONION_ONLY == 'no' ]]; then
-        if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
             sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/ngircd/ngircd.conf
         else
             sed -i "s|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/ngircd/ngircd.conf
@@ -562,10 +566,10 @@ function install_irc_server {
     sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
     sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
     IRC_SALT="$(create_password 30)"
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+        IRC_OPERATOR_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        IRC_OPERATOR_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        IRC_OPERATOR_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
     sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
     sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
@@ -574,7 +578,7 @@ function install_irc_server {
     sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
     sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
     sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
-    if [ ${IRC_PASSWORD} ]; then
+    if [ "${IRC_PASSWORD}" ]; then
         sed -i "0,/RE/s/Password =.*/Password =$IRC_PASSWORD/" /etc/ngircd/ngircd.conf
     fi
     # upgrade a cypher
@@ -585,7 +589,8 @@ function install_irc_server {
     touch /var/run/ngircd/ngircd.pid
     chown -R irc:irc /var/run/ngircd
 
-    IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_BOUNCER_PORT} ${IRC_ONION_PORT})
+    # shellcheck disable=SC2034
+    IRC_ONION_HOSTNAME=$(add_onion_service irc "${IRC_BOUNCER_PORT}" "${IRC_ONION_PORT}")
 
     if [ ! -d /var/run/ircd ]; then
         mkdir /var/run/ircd
@@ -608,8 +613,8 @@ function install_irc_client {
     fi
     apt-get -yq install irssi
 
-    if [ ! -d /home/${MY_USERNAME}/.irssi ]; then
-        mkdir /home/${MY_USERNAME}/.irssi
+    if [ ! -d "/home/${MY_USERNAME}/.irssi" ]; then
+        mkdir "/home/${MY_USERNAME}/.irssi"
     fi
 
     create_irssi_config "${MY_USERNAME}" "$MY_NAME"
@@ -632,41 +637,41 @@ function install_irc_bouncer {
     mkdir -p /home/znc/.znc/configs
     mkdir -p /home/znc/.znc/users
 
-    echo 'AnonIPLimit = 10' > /home/znc/.znc/configs/znc.conf
-    echo 'ConnectDelay = 5' >> /home/znc/.znc/configs/znc.conf
-    echo 'HideVersion = false' >> /home/znc/.znc/configs/znc.conf
-    echo 'MaxBufferSize = 500' >> /home/znc/.znc/configs/znc.conf
-    echo 'ProtectWebSessions = true' >> /home/znc/.znc/configs/znc.conf
-    echo 'SSLCertFile = /home/znc/.znc/znc.pem' >> /home/znc/.znc/configs/znc.conf
-    echo 'ServerThrottle = 30' >> /home/znc/.znc/configs/znc.conf
-    echo 'Version = 1.6.2' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
-    echo '<Listener listener0>' >> /home/znc/.znc/configs/znc.conf
-    echo '  AllowIRC = true' >> /home/znc/.znc/configs/znc.conf
-    echo '  AllowWeb = false' >> /home/znc/.znc/configs/znc.conf
-    echo '  IPv4 = true' >> /home/znc/.znc/configs/znc.conf
-    echo '  IPv6 = true' >> /home/znc/.znc/configs/znc.conf
-    echo '  Port = 6697' >> /home/znc/.znc/configs/znc.conf
-    if [[ ${ONION_ONLY} == 'no' ]]; then
+    { echo 'AnonIPLimit = 10';
+      echo 'ConnectDelay = 5';
+      echo 'HideVersion = false';
+      echo 'MaxBufferSize = 500';
+      echo 'ProtectWebSessions = true';
+      echo 'SSLCertFile = /home/znc/.znc/znc.pem';
+      echo 'ServerThrottle = 30';
+      echo 'Version = 1.6.2';
+      echo '';
+      echo '<Listener listener0>';
+      echo '  AllowIRC = true';
+      echo '  AllowWeb = false';
+      echo '  IPv4 = true';
+      echo '  IPv6 = true';
+      echo '  Port = 6697'; } > /home/znc/.znc/configs/znc.conf
+    if [[ "${ONION_ONLY}" == 'no' ]]; then
         echo '  SSL = true' >> /home/znc/.znc/configs/znc.conf
     else
         echo '  SSL = false' >> /home/znc/.znc/configs/znc.conf
     fi
-    echo '  URIPrefix = /' >> /home/znc/.znc/configs/znc.conf
-    echo '</Listener>' >> /home/znc/.znc/configs/znc.conf
-    echo '' >> /home/znc/.znc/configs/znc.conf
+    { echo '  URIPrefix = /';
+      echo '</Listener>';
+      echo ''; } >> /home/znc/.znc/configs/znc.conf
 
     if [ $IRC_PORT -ne $IRC_ONION_PORT ]; then
-        echo '<Listener listener1>' >> /home/znc/.znc/configs/znc.conf
-        echo '  AllowIRC = true' >> /home/znc/.znc/configs/znc.conf
-        echo '  AllowWeb = false' >> /home/znc/.znc/configs/znc.conf
-        echo '  IPv4 = true' >> /home/znc/.znc/configs/znc.conf
-        echo '  IPv6 = true' >> /home/znc/.znc/configs/znc.conf
-        echo "  Port = ${IRC_ONION_PORT}" >> /home/znc/.znc/configs/znc.conf
-        echo '  SSL = false' >> /home/znc/.znc/configs/znc.conf
-        echo '  URIPrefix = /' >> /home/znc/.znc/configs/znc.conf
-        echo '</Listener>' >> /home/znc/.znc/configs/znc.conf
-        echo '' >> /home/znc/.znc/configs/znc.conf
+        { echo '<Listener listener1>';
+          echo '  AllowIRC = true';
+          echo '  AllowWeb = false';
+          echo '  IPv4 = true';
+          echo '  IPv6 = true';
+          echo "  Port = ${IRC_ONION_PORT}";
+          echo '  SSL = false';
+          echo '  URIPrefix = /';
+          echo '</Listener>';
+          echo ''; } >> /home/znc/.znc/configs/znc.conf
     fi
 
     chown -R znc:znc /home/znc/.znc
diff --git a/src/freedombone-app-jitsi b/src/freedombone-app-jitsi
index 162ffef3..0a87e522 100755
--- a/src/freedombone-app-jitsi
+++ b/src/freedombone-app-jitsi
@@ -105,7 +105,7 @@ function add_user_jitsi {
 }
 
 function install_interactive_jitsi {
-    if [ ! ${ONION_ONLY} ]; then
+    if [ ! "${ONION_ONLY}" ]; then
         ONION_ONLY='no'
     fi
 
@@ -202,7 +202,7 @@ function remove_jitsi {
 
     remove_app jitsi
     remove_completion_param install_jitsi
-    sed -i '/jitsi/d' ${COMPLETION_FILE}
+    sed -i '/jitsi/d' "${COMPLETION_FILE}"
 
     function_check remove_ddns_domain
     remove_ddns_domain $JITSI_DOMAIN_NAME
@@ -233,8 +233,7 @@ function install_jitsi {
     jitsi_deb_repo=unstable #binary
     apt-get -yq install wget debconf-utils default-jre
     install_nodejs jitsi
-    npm install -g browserify@13.1.1
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g browserify@13.1.1; then
         remove_nodejs jitsi
         exit 638352
     fi
@@ -272,17 +271,17 @@ function install_jitsi {
 
     echo 'server_names_hash_bucket_size 64;' > $jitsi_nginx_site
     if [[ $ONION_ONLY == "no" ]]; then
-        echo '' >> $jitsi_nginx_site
-        echo 'server {' >> $jitsi_nginx_site
-        echo '    listen 80;' >> $jitsi_nginx_site
-        echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
-        echo '    return 301 https://$host$request_uri;' >> $jitsi_nginx_site
-        echo '}' >> $jitsi_nginx_site
-        echo 'server {' >> $jitsi_nginx_site
-        echo '    listen 443 ssl;' >> $jitsi_nginx_site
-        echo '    #listen [::]:443 ssl;' >> $jitsi_nginx_site
-        echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
+        { echo '';
+          echo 'server {';
+          echo '    listen 80;';
+          echo "    server_name ${JITSI_DOMAIN_NAME};";
+          echo "    return 301 https://\$host\$request_uri;";
+          echo '}';
+          echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    server_name ${JITSI_DOMAIN_NAME};";
+          echo ''; } >> $jitsi_nginx_site
 
         function_check nginx_ssl
         nginx_ssl ${JITSI_DOMAIN_NAME}
@@ -290,80 +289,80 @@ function install_jitsi {
         function_check nginx_disable_sniffing
         nginx_disable_sniffing ${JITSI_DOMAIN_NAME}
 
-        echo '    add_header Strict-Transport-Security max-age=15768000;' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
-        echo '    index index.html index.htm;' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    location /config.js {' >> $jitsi_nginx_site
-        echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
-        echo '        rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    location / {' >> $jitsi_nginx_site
-        echo '        ssi on;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    # Backward compatibility' >> $jitsi_nginx_site
-        echo '    location ~ /external_api.* {' >> $jitsi_nginx_site
-        echo '        root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    # Logs' >> $jitsi_nginx_site
-        echo '    access_log /dev/null;' >> $jitsi_nginx_site
-        echo '    error_log /dev/null;' >> $jitsi_nginx_site
-        echo '' >> $jitsi_nginx_site
-        echo '    # BOSH' >> $jitsi_nginx_site
-        echo '    location /http-bind {' >> $jitsi_nginx_site
-        echo '        proxy_pass      http://localhost:5280/http-bind;' >> $jitsi_nginx_site
-        echo '        proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
-        echo '        proxy_set_header Host $http_host;' >> $jitsi_nginx_site
-        echo '    }' >> $jitsi_nginx_site
-        echo '}' >> $jitsi_nginx_site
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    root /usr/share/jitsi-meet;';
+          echo '    index index.html index.htm;';
+          echo '';
+          echo '    location /config.js {';
+          echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
+          echo '    }';
+          echo '';
+          echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {';
+          echo '        rewrite ^/(.*)$ / break;';
+          echo '    }';
+          echo '';
+          echo '    location / {';
+          echo '        ssi on;';
+          echo '    }';
+          echo '';
+          echo '    # Backward compatibility';
+          echo '    location ~ /external_api.* {';
+          echo '        root /usr/share/jitsi-meet/libs;';
+          echo '    }';
+          echo '';
+          echo '    # Logs';
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+          echo '    # BOSH';
+          echo '    location /http-bind {';
+          echo '        proxy_pass      http://localhost:5280/http-bind;';
+          echo "        proxy_set_header X-Forwarded-For \$remote_addr;";
+          echo "        proxy_set_header Host \$http_host;";
+          echo '    }';
+          echo '}'; } >> $jitsi_nginx_site
     fi
-    echo '' >> $jitsi_nginx_site
-    echo 'server {' >> $jitsi_nginx_site
-    echo "    listen 127.0.0.1:$JITSI_ONION_PORT default_server;" >> $jitsi_nginx_site
+    { echo '';
+      echo 'server {';
+      echo "    listen 127.0.0.1:$JITSI_ONION_PORT default_server;"; } >> $jitsi_nginx_site
     if [[ $ONION_ONLY == 'no' ]]; then
         echo "    server_name ${JITSI_DOMAIN_NAME};" >> $jitsi_nginx_site
     else
         echo "    server_name ${JITSI_ONION_HOSTNAME};" >> $jitsi_nginx_site
     fi
-    echo '' >> $jitsi_nginx_site
-    echo '    root /usr/share/jitsi-meet;' >> $jitsi_nginx_site
-    echo '    index index.html index.htm;' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    location /config.js {' >> $jitsi_nginx_site
-    echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;" >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {' >> $jitsi_nginx_site
-    echo '        rewrite ^/(.*)$ / break;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    location / {' >> $jitsi_nginx_site
-    echo '        ssi off;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    # Backward compatibility' >> $jitsi_nginx_site
-    echo '    location ~ /external_api.* {' >> $jitsi_nginx_site
-    echo '        root /usr/share/jitsi-meet/libs;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    # Logs' >> $jitsi_nginx_site
-    echo '    access_log /dev/null;' >> $jitsi_nginx_site
-    echo '    error_log /dev/null;' >> $jitsi_nginx_site
-    echo '' >> $jitsi_nginx_site
-    echo '    # BOSH' >> $jitsi_nginx_site
-    echo '    location /http-bind {' >> $jitsi_nginx_site
-    echo '        proxy_pass      http://localhost:5280/http-bind;' >> $jitsi_nginx_site
-    echo '        proxy_set_header X-Forwarded-For $remote_addr;' >> $jitsi_nginx_site
-    echo '        proxy_set_header Host $http_host;' >> $jitsi_nginx_site
-    echo '    }' >> $jitsi_nginx_site
-    echo '}' >> $jitsi_nginx_site
+    { echo '';
+      echo '    root /usr/share/jitsi-meet;';
+      echo '    index index.html index.htm;';
+      echo '';
+      echo '    location /config.js {';
+      echo "        alias /etc/jitsi/meet/${JITSI_DOMAIN_NAME}-config.js;";
+      echo '    }';
+      echo '';
+      echo '    location ~ ^/([a-zA-Z0-9=\?]+)$ {';
+      echo '        rewrite ^/(.*)$ / break;';
+      echo '    }';
+      echo '';
+      echo '    location / {';
+      echo '        ssi off;';
+      echo '    }';
+      echo '';
+      echo '    # Backward compatibility';
+      echo '    location ~ /external_api.* {';
+      echo '        root /usr/share/jitsi-meet/libs;';
+      echo '    }';
+      echo '';
+      echo '    # Logs';
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
+      echo '    # BOSH';
+      echo '    location /http-bind {';
+      echo '        proxy_pass      http://localhost:5280/http-bind;';
+      echo "        proxy_set_header X-Forwarded-For \$remote_addr;";
+      echo "        proxy_set_header Host \$http_host;";
+      echo '    }';
+      echo '}'; } >> $jitsi_nginx_site
 
     sed -i "s|/var/www/${JITSI_DOMAIN_NAME}/htdocs|/usr/share/jitsi-meet|g" $jitsi_nginx_site
 
@@ -376,7 +375,7 @@ function install_jitsi {
         fi
         function_check create_site_certificate
         create_site_certificate ${JITSI_DOMAIN_NAME} 'yes'
-        if [[ $ONION_ONLY == "no" ]]; then
+        if [[ "$ONION_ONLY" == "no" ]]; then
             if [ ! -f /etc/ssl/certs/${JITSI_DOMAIN_NAME}.pem ]; then
                 exit 678363
             fi
diff --git a/src/freedombone-app-kanboard b/src/freedombone-app-kanboard
index 100352a6..210f9a01 100755
--- a/src/freedombone-app-kanboard
+++ b/src/freedombone-app-kanboard
@@ -70,19 +70,19 @@ function logging_off_kanboard {
 function remove_user_kanboard {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp kanboard
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp kanboard
 }
 
 function add_user_kanboard {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a kanboard -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a kanboard -p "$new_user_password"
     echo '0'
 }
 
 function install_interactive_kanboard {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -92,42 +92,43 @@ function install_interactive_kanboard {
         KANBOARD_DETAILS_COMPLETE=
         while [ ! $KANBOARD_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"KanBoard Configuration" \
-                       --form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
+                       --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
                        $"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
                        $"Code:" 2 1 "$(grep 'KANBOARD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"KanBoard Configuration" \
-                       --form $"\nPlease enter your KanBoard details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
+                       --form $"\\nPlease enter your KanBoard details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt." 13 55 2 \
                        $"Domain:" 1 1 "$(grep 'KANBOARD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            KANBOARD_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $KANBOARD_DOMAIN_NAME ]; then
+            KANBOARD_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$KANBOARD_DOMAIN_NAME" ]; then
                 if [[ $KANBOARD_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     KANBOARD_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$KANBOARD_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $KANBOARD_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$KANBOARD_DOMAIN_NAME" ]]; then
                     KANBOARD_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        KANBOARD_CODE=$(cat $data | sed -n 2p)
+                        KANBOARD_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$KANBOARD_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             KANBOARD_DOMAIN_NAME=
                         fi
                     fi
@@ -136,6 +137,7 @@ function install_interactive_kanboard {
             if [ $KANBOARD_DOMAIN_NAME ]; then
                 KANBOARD_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -151,23 +153,23 @@ function change_password_kanboard {
 
     read_config_param 'KANBOARD_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a kanboard -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a kanboard -p "$new_user_password"
 }
 
 function kanboard_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        KANBOARD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        KANBOARD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $KANBOARD_ADMIN_PASSWORD ]; then
-            KANBOARD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
+            KANBOARD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $KANBOARD_ADMIN_PASSWORD ]; then
+    if [ ! "$KANBOARD_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database kanboard "$KANBOARD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database kanboard "$KANBOARD_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_kanboard {
@@ -180,40 +182,40 @@ function upgrade_kanboard {
         return
     fi
 
-    if grep -q "kanboard domain" $COMPLETION_FILE; then
+    if grep -q "kanboard domain" "$COMPLETION_FILE"; then
         KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$KANBOARD_DOMAIN_NAME/htdocs "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO
+    set_repo_commit "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" "kanboard commit" "$KANBOARD_COMMIT" $KANBOARD_REPO
 
-    chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_kanboard {
     KANBOARD_DOMAIN_NAME='kanboard'
-    if grep -q "kanboard domain" $COMPLETION_FILE; then
+    if grep -q "kanboard domain" "$COMPLETION_FILE"; then
         KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
     fi
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory
+    cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
 
     function_check suspend_site
-    suspend_site ${KANBOARD_DOMAIN_NAME}
+    suspend_site "${KANBOARD_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=kanboardconfig
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
     dest_directory=kanboardfile
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check backup_database_to_usb
     backup_database_to_usb kanboard
@@ -223,11 +225,11 @@ function backup_local_kanboard {
 }
 
 function restore_local_kanboard {
-    if ! grep -q "kanboard domain" $COMPLETION_FILE; then
+    if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
         return
     fi
     KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
-    if [ $KANBOARD_DOMAIN_NAME ]; then
+    if [ "$KANBOARD_DOMAIN_NAME" ]; then
         echo $"Restoring kanboard"
         temp_restore_dir=/root/tempkanboard
         kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@@ -243,30 +245,30 @@ function restore_local_kanboard {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir kanboardconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/backup ]; then
-                cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
+                cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
             else
-                cp $temp_restore_dir/config.php $kanboard_dir/
+                cp "$temp_restore_dir/config.php" "$kanboard_dir/"
             fi
-            chown www-data:www-data $kanboard_dir/config.php
+            chown www-data:www-data "$kanboard_dir/config.php"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_usb $temp_restore_dir kanboardfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/data ]; then
-                cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
+                cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
             else
-                if [ ! -d $kanboard_dir/data ]; then
-                    mkdir $kanboard_dir/data
+                if [ ! -d "$kanboard_dir/data" ]; then
+                    mkdir "$kanboard_dir/data"
                 fi
-                cp -rp $temp_restore_dir/* $kanboard_dir/data/
+                cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
             fi
-            chown -R www-data:www-data $kanboard_dir/data
+            chown -R www-data:www-data "$kanboard_dir/data"
             rm -rf $temp_restore_dir
         fi
 
-        kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME}
+        kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
 
         echo $"Restore of kanboard complete"
     fi
@@ -274,26 +276,26 @@ function restore_local_kanboard {
 
 function backup_remote_kanboard {
     KANBOARD_DOMAIN_NAME='kanboard'
-    if grep -q "kanboard domain" $COMPLETION_FILE; then
+    if grep -q "kanboard domain" "$COMPLETION_FILE"; then
         KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
     fi
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php $source_directory
+    cp -p "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
 
     function_check suspend_site
-    suspend_site ${KANBOARD_DOMAIN_NAME}
+    suspend_site "${KANBOARD_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=kanboardconfig
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/data
     dest_directory=kanboardfile
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check backup_database_to_friend
     backup_database_to_friend kanboard
@@ -303,11 +305,11 @@ function backup_remote_kanboard {
 }
 
 function restore_remote_kanboard {
-    if ! grep -q "kanboard domain" $COMPLETION_FILE; then
+    if ! grep -q "kanboard domain" "$COMPLETION_FILE"; then
         return
     fi
     KANBOARD_DOMAIN_NAME=$(get_completion_param "kanboard domain")
-    if [ $KANBOARD_DOMAIN_NAME ]; then
+    if [ "$KANBOARD_DOMAIN_NAME" ]; then
         echo $"Restoring kanboard"
         temp_restore_dir=/root/tempkanboard
         kanboard_dir=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs
@@ -324,30 +326,30 @@ function restore_remote_kanboard {
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir kanboardconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/backup ]; then
-                cp $temp_restore_dir$kanboard_dir/backup/config.php $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/backup" ]; then
+                cp "$temp_restore_dir$kanboard_dir/backup/config.php" "$kanboard_dir/"
             else
-                cp $temp_restore_dir/config.php $kanboard_dir/
+                cp "$temp_restore_dir/config.php" "$kanboard_dir/"
             fi
-            chown www-data:www-data $kanboard_dir/config.php
+            chown www-data:www-data "$kanboard_dir/config.php"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_friend $temp_restore_dir kanboardfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$kanboard_dir/data ]; then
-                cp -rp $temp_restore_dir$kanboard_dir/data $kanboard_dir/
+            if [ -d "$temp_restore_dir$kanboard_dir/data" ]; then
+                cp -rp "$temp_restore_dir$kanboard_dir/data" "$kanboard_dir/"
             else
-                if [ ! -d $kanboard_dir/data ]; then
-                    mkdir $kanboard_dir/data
+                if [ ! -d "$kanboard_dir/data" ]; then
+                    mkdir "$kanboard_dir/data"
                 fi
-                cp -rp $temp_restore_dir/* $kanboard_dir/data/
+                cp -rp "$temp_restore_dir/*" "$kanboard_dir/data/"
             fi
-            chown -R www-data:www-data $kanboard_dir/data
+            chown -R www-data:www-data "$kanboard_dir/data"
             rm -rf $temp_restore_dir
         fi
 
-        kanboard_update_after_restore kanboard ${KANBOARD_DOMAIN_NAME}
+        kanboard_update_after_restore kanboard "${KANBOARD_DOMAIN_NAME}"
 
         echo $"Restore of kanboard complete"
     fi
@@ -360,14 +362,14 @@ function remove_kanboard {
     read_config_param "KANBOARD_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $KANBOARD_DOMAIN_NAME"
-    nginx_dissite $KANBOARD_DOMAIN_NAME
-    remove_certs $KANBOARD_DOMAIN_NAME
+    nginx_dissite "$KANBOARD_DOMAIN_NAME"
+    remove_certs "$KANBOARD_DOMAIN_NAME"
 
-    if [ -d /var/www/$KANBOARD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$KANBOARD_DOMAIN_NAME
+    if [ -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$KANBOARD_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database kanboard
@@ -375,11 +377,11 @@ function remove_kanboard {
     remove_onion_service kanboard ${KANBOARD_ONION_PORT}
     remove_app kanboard
     remove_completion_param install_kanboard
-    sed -i '/kanboard/d' $COMPLETION_FILE
+    sed -i '/kanboard/d' "$COMPLETION_FILE"
     remove_backup_database_local kanboard
 
     function_check remove_ddns_domain
-    remove_ddns_domain $KANBOARD_DOMAIN_NAME
+    remove_ddns_domain "$KANBOARD_DOMAIN_NAME"
 }
 
 function install_kanboard {
@@ -387,12 +389,12 @@ function install_kanboard {
         ONION_ONLY='no'
     fi
 
-    if [ ! $KANBOARD_DOMAIN_NAME ]; then
+    if [ ! "$KANBOARD_DOMAIN_NAME" ]; then
         echo $'No domain name was given for kanboard'
         exit 73478
     fi
 
-    kanboard_hourly_script kanboard $KANBOARD_DOMAIN_NAME
+    kanboard_hourly_script kanboard "$KANBOARD_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -406,34 +408,34 @@ function install_kanboard {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME ]; then
-        mkdir /var/www/$KANBOARD_DOMAIN_NAME
+    if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$KANBOARD_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/kanboard ]; then
-            mkdir /var/www/$KANBOARD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/kanboard/. /var/www/$KANBOARD_DOMAIN_NAME/htdocs
-            cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/kanboard/. "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 2468274
             git pull
         else
             function_check git_clone
-            git_clone $KANBOARD_REPO /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+            git_clone "$KANBOARD_REPO" "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$KANBOARD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone kanboard repo'
             exit 89365
         fi
     fi
 
-    cd /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+    cd "/var/www/$KANBOARD_DOMAIN_NAME/htdocs" || exit 234682642
     git checkout $KANBOARD_COMMIT -b $KANBOARD_COMMIT
     set_completion_param "kanboard commit" "$KANBOARD_COMMIT"
 
-    chmod g+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$KANBOARD_DOMAIN_NAME/htdocs/data
-    chown -R www-data:www-data /var/www/$KANBOARD_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$KANBOARD_DOMAIN_NAME/htdocs/data"
+    chown -R www-data:www-data "/var/www/$KANBOARD_DOMAIN_NAME/htdocs"
 
     function_check kanboard_create_database
     kanboard_create_database
@@ -446,118 +448,118 @@ function install_kanboard {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $KANBOARD_DOMAIN_NAME
+    add_ddns_domain "$KANBOARD_DOMAIN_NAME"
 
     KANBOARD_ONION_HOSTNAME=$(add_onion_service kanboard 80 ${KANBOARD_ONION_PORT})
 
     kanboard_nginx_site=/etc/nginx/sites-available/$KANBOARD_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $KANBOARD_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $kanboard_nginx_site
-        echo '  listen 443 ssl;' >> $kanboard_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $kanboard_nginx_site
-        echo "  server_name $KANBOARD_DOMAIN_NAME;" >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
+        nginx_http_redirect "$KANBOARD_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $KANBOARD_DOMAIN_NAME;";
+          echo ''; } >> "$kanboard_nginx_site"
         function_check nginx_compress
-        nginx_compress $KANBOARD_DOMAIN_NAME
-        echo '' >> $kanboard_nginx_site
-        echo '  # Security' >> $kanboard_nginx_site
+        nginx_compress "$KANBOARD_DOMAIN_NAME"
+        echo '' >> "$kanboard_nginx_site"
+        echo '  # Security' >> "$kanboard_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $KANBOARD_DOMAIN_NAME
+        nginx_ssl "$KANBOARD_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $KANBOARD_DOMAIN_NAME
+        nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Logs' >> $kanboard_nginx_site
-        echo '  access_log /dev/null;' >> $kanboard_nginx_site
-        echo '  error_log /dev/null;' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Root' >> $kanboard_nginx_site
-        echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Index' >> $kanboard_nginx_site
-        echo '  index index.php;' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # PHP' >> $kanboard_nginx_site
-        echo '  location ~ \.php {' >> $kanboard_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Location' >> $kanboard_nginx_site
-        echo '  location / {' >> $kanboard_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$kanboard_nginx_site"
         function_check nginx_limits
-        nginx_limits $KANBOARD_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Fancy URLs' >> $kanboard_nginx_site
-        echo '  location @kanboard {' >> $kanboard_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $kanboard_nginx_site
-        echo '    deny all;' >> $kanboard_nginx_site
-        echo '  }' >> $kanboard_nginx_site
-        echo '}' >> $kanboard_nginx_site
+        nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @kanboard;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @kanboard {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}'; } >> "$kanboard_nginx_site"
     else
-        echo -n '' > $kanboard_nginx_site
+        echo -n '' > "$kanboard_nginx_site"
     fi
-    echo 'server {' >> $kanboard_nginx_site
-    echo "    listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;" >> $kanboard_nginx_site
-    echo "    server_name $KANBOARD_ONION_HOSTNAME;" >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$KANBOARD_ONION_PORT default_server;";
+      echo "    server_name $KANBOARD_ONION_HOSTNAME;";
+      echo ''; } >> "$kanboard_nginx_site"
     function_check nginx_compress
-    nginx_compress $KANBOARD_DOMAIN_NAME
-    echo '' >> $kanboard_nginx_site
+    nginx_compress "$KANBOARD_DOMAIN_NAME"
+    echo '' >> "$kanboard_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $KANBOARD_DOMAIN_NAME
-    echo '' >> $kanboard_nginx_site
-    echo '  # Logs' >> $kanboard_nginx_site
-    echo '  access_log /dev/null;' >> $kanboard_nginx_site
-    echo '  error_log /dev/null;' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Root' >> $kanboard_nginx_site
-    echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;" >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Index' >> $kanboard_nginx_site
-    echo '  index index.php;' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # PHP' >> $kanboard_nginx_site
-    echo '  location ~ \.php {' >> $kanboard_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $kanboard_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $kanboard_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Location' >> $kanboard_nginx_site
-    echo '  location / {' >> $kanboard_nginx_site
+    nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$KANBOARD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$kanboard_nginx_site"
     function_check nginx_limits
-    nginx_limits $KANBOARD_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @kanboard;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Fancy URLs' >> $kanboard_nginx_site
-    echo '  location @kanboard {' >> $kanboard_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $kanboard_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $kanboard_nginx_site
-    echo '    deny all;' >> $kanboard_nginx_site
-    echo '  }' >> $kanboard_nginx_site
-    echo '}' >> $kanboard_nginx_site
+    nginx_limits "$KANBOARD_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @kanboard;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @kanboard {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$kanboard_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $KANBOARD_DOMAIN_NAME 'yes'
+    create_site_certificate "$KANBOARD_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -568,36 +570,31 @@ function install_kanboard {
     backup_database_local kanboard
 
     function_check nginx_ensite
-    nginx_ensite $KANBOARD_DOMAIN_NAME
-
-    KANBOARD_SERVER=${KANBOARD_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        KANBOARD_SERVER=${KANBOARD_ONION_HOSTNAME}
-    fi
+    nginx_ensite "$KANBOARD_DOMAIN_NAME"
 
     # Create the configuration
-    kanboard_configfile=/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php
-    cp /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php $kanboard_configfile
-    sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" $kanboard_configfile
-    sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" $kanboard_configfile
-    sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" $kanboard_configfile
-    sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" $kanboard_configfile
-    sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" $kanboard_configfile
-    sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" $kanboard_configfile
-    sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" $kanboard_configfile
+    kanboard_configfile="/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.php"
+    cp "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/config.default.php" "$kanboard_configfile"
+    sed -i "s|define('MAIL_FROM'.*|define('MAIL_FROM', '$MY_EMAIL_ADDRESS');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_DRIVER'.*|define('DB_DRIVER', 'mysql');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_USERNAME'.*|define('DB_USERNAME', 'root');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_PASSWORD'.*|define('DB_PASSWORD', '$MARIADB_PASSWORD');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_HOSTNAME'.*|define('DB_HOSTNAME', 'localhost');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_NAME'.*|define('DB_NAME', 'kanboard');|g" "$kanboard_configfile"
+    sed -i "s|define('DB_PORT'.*|define('DB_PORT', null);|g" "$kanboard_configfile"
     logging_off_kanboard
 
-    initialise_database kanboard /var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql
-    chown -R www-data:www-data /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
+    initialise_database kanboard "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs/app/Schema/Sql/mysql.sql"
+    chown -R www-data:www-data "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs"
 
-    cd /var/www/${KANBOARD_DOMAIN_NAME}/htdocs
+    cd "/var/www/${KANBOARD_DOMAIN_NAME}/htdocs" || exit 24582468
     install_composer
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a kanboard -p "$KANBOARD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a kanboard -p "$KANBOARD_ADMIN_PASSWORD"
 
     set_completion_param "kanboard domain" "$KANBOARD_DOMAIN_NAME"
 
diff --git a/src/freedombone-app-keyserver b/src/freedombone-app-keyserver
index ca56349e..ecb9998c 100755
--- a/src/freedombone-app-keyserver
+++ b/src/freedombone-app-keyserver
@@ -49,7 +49,7 @@ keyserver_variables=(ONION_ONLY
 function check_keyserver_directory_size {
     dirsize=$(du /var/lib/sks/DB | awk -F ' ' '{print $1}')
     # 500M
-    if [ $dirsize -gt 500000 ]; then
+    if [ "$dirsize" -gt 500000 ]; then
         echo "1"
         return
     fi
@@ -57,7 +57,7 @@ function check_keyserver_directory_size {
 }
 
 function keyserver_watchdog {
-    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+    ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
     keyserver_size_warning=$"The SKS keyserver database is getting large. Check that you aren't being spammed"
     keyserver_disabled_warning=$"The SKS keyserver has been disabled because it is getting too large. This is to prevent flooding attacks from crashing the server. You may need to restore the keyserver from backup."
@@ -67,19 +67,19 @@ function keyserver_watchdog {
 
     # check database size hourly
     keyserver_watchdog_script=/tmp/keyserver-watchdog
-    echo '#!/bin/bash' > $keyserver_watchdog_script
-    echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script
-    echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script
+    { echo '#!/bin/bash';
+      echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')";
+      echo "if [ \$dirsize -gt 450000 ]; then";
 
-    echo "  echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
+      echo "  echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS";
 
-    echo '  if [ $dirsize -gt 500000 ]; then' >> $keyserver_watchdog_script
-    echo "    nginx_dissite $KEYSERVER_DOMAIN_NAME" >> $keyserver_watchdog_script
-    echo '    systemctl stop sks' >> $keyserver_watchdog_script
-    echo '    systemctl disable sks' >> $keyserver_watchdog_script
-    echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
-    echo '  fi' >> $keyserver_watchdog_script
-    echo 'fi' >> $keyserver_watchdog_script
+      echo "  if [ \$dirsize -gt 500000 ]; then";
+      echo "    nginx_dissite $KEYSERVER_DOMAIN_NAME";
+      echo '    systemctl stop sks';
+      echo '    systemctl disable sks';
+      echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS";
+      echo '  fi';
+      echo 'fi'; } > $keyserver_watchdog_script
     chmod +x $keyserver_watchdog_script
 
     if [ ! -f /etc/cron.hourly/keyserver-watchdog ]; then
@@ -134,18 +134,18 @@ function upgrade_keyserver {
         return
     fi
 
-    if grep -q "keyserver domain" $COMPLETION_FILE; then
+    if grep -q "keyserver domain" "$COMPLETION_FILE"; then
         KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$KEYSERVER_DOMAIN_NAME/htdocs "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
+    set_repo_commit "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
 
     read_config_param MY_USERNAME
-    USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-    if [ ! $GPG_ID ]; then
+    USER_EMAIL_ADDRESS="$MY_USERNAME@$HOSTNAME"
+    GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
+    if [ ! "$GPG_ID" ]; then
         echo $'No GPG ID for admin user'
         exit 846336
     fi
@@ -157,17 +157,17 @@ function upgrade_keyserver {
         echo $'GPG ID not retrieved for admin user due to error'
         exit 74825
     fi
-    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
-    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
-    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
-    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
+    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
+    sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
+    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html"
+    sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html"
 
-    chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs"
 }
 
 function backup_local_keyserver {
     # remove any unused log files
-    cd /var/lib/sks/DB
+    cd /var/lib/sks/DB || exit 2468245
     db_archive -d
 
     source_directory=/etc/sks
@@ -223,6 +223,7 @@ function restore_local_keyserver {
         fi
         cp -r $temp_restore_dir/* /var/lib/sks/DB
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         # restore the old database
         rm -rf /var/lib/sks/DB
@@ -243,12 +244,12 @@ function restore_local_keyserver {
 
     systemctl enable sks
     systemctl start sks
-    nginx_ensite $KEYSERVER_DOMAIN_NAME
+    nginx_ensite "$KEYSERVER_DOMAIN_NAME"
 }
 
 function backup_remote_keyserver {
     # remove any unused log files
-    cd /var/lib/sks/DB
+    cd /var/lib/sks/DB || exit 734624
     db_archive -d
 
     source_directory=/etc/sks
@@ -304,6 +305,7 @@ function restore_remote_keyserver {
         fi
         cp -r $temp_restore_dir/* /var/lib/sks/DB
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         # restore the old database
         rm -rf /var/lib/sks/DB
@@ -322,7 +324,7 @@ function restore_remote_keyserver {
 
     systemctl enable sks
     systemctl start sks
-    nginx_ensite $KEYSERVER_DOMAIN_NAME
+    nginx_ensite "$KEYSERVER_DOMAIN_NAME"
 }
 
 function remove_keyserver {
@@ -333,21 +335,21 @@ function remove_keyserver {
     apt-get -qy remove sks dirmngr
 
     read_config_param "KEYSERVER_DOMAIN_NAME"
-    nginx_dissite $KEYSERVER_DOMAIN_NAME
-    remove_certs ${KEYSERVER_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME
+    nginx_dissite "$KEYSERVER_DOMAIN_NAME"
+    remove_certs "${KEYSERVER_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
-        rm -rf /var/www/$KEYSERVER_DOMAIN_NAME
+    if [ -d "/var/www/$KEYSERVER_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$KEYSERVER_DOMAIN_NAME"
     fi
     function_check remove_ddns_domain
-    remove_ddns_domain $KEYSERVER_DOMAIN_NAME
+    remove_ddns_domain "$KEYSERVER_DOMAIN_NAME"
 
     remove_config_param KEYSERVER_DOMAIN_NAME
     remove_config_param KEYSERVER_CODE
     function_check remove_onion_service
-    remove_onion_service keyserver ${KEYSERVER_ONION_PORT}
+    remove_onion_service keyserver "${KEYSERVER_ONION_PORT}"
     remove_onion_service sks 11370 11371 11372
     remove_completion_param "install_keyserver"
 
@@ -355,15 +357,15 @@ function remove_keyserver {
     firewall_remove 11371 tcp
     firewall_remove 11372 tcp
 
-    sed -i '/keyserver/d' $COMPLETION_FILE
-    sed -i '/sks onion/d' $COMPLETION_FILE
+    sed -i '/keyserver/d' "$COMPLETION_FILE"
+    sed -i '/sks onion/d' "$COMPLETION_FILE"
     if [ -d /var/lib/sks ]; then
         rm -rf /var/lib/sks
     fi
 }
 
 function install_interactive_keyserver {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -388,12 +390,12 @@ function keyserver_create_membership {
         return
     fi
     systemctl stop sks
-    echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with." > /etc/sks/membership
-    echo '#' >> /etc/sks/membership
-    echo $"# Don't add major keyservers here, because it will take an" >> /etc/sks/membership
-    echo $'# Infeasible amount of time to sync and backups will become' >> /etc/sks/membership
-    echo $'# absurdly long and probably break your system. You have been warned.' >> /etc/sks/membership
-    echo '' >> /etc/sks/membership
+    { echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with.";
+      echo '#';
+      echo $"# Don't add major keyservers here, because it will take an";
+      echo $'# Infeasible amount of time to sync and backups will become';
+      echo $'# absurdly long and probably break your system. You have been warned.';
+      echo ''; } > /etc/sks/membership
     chown -Rc debian-sks: /etc/sks/membership
     systemctl start sks
 }
@@ -403,7 +405,7 @@ function keyserver_import_keys {
     dialog --title $"Import public keys database" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\n\nContinue?" 10 60
+           --yesno $"\\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\\n\\nContinue?" 10 60
     sel=$?
     case $sel in
         1) return;;
@@ -412,36 +414,38 @@ function keyserver_import_keys {
     if [ ! -d /var/lib/sks/dump ]; then
         mkdir -p /var/lib/sks/dump
     fi
-    cd /var/lib/sks/dump
+    cd /var/lib/sks/dump || exit 59242684
     echo $'Getting keyserver dump. This may take a few days or longer, so be patient.'
     rm -rf /var/lib/sks/dump/*
     KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/$(date +%F)/"
     wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \
-         -A pgp,txt $KEYSERVER_DUMP_URL
+         -A pgp,txt "$KEYSERVER_DUMP_URL"
 
-    cd /var/lib/sks
+    cd /var/lib/sks || exit 936572424
     echo $'Building the keyserver database from the downloaded dump'
     keyserver_reset_database
 }
 
 function keyserver_sync {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Sync with other keyserver" \
            --form $"\nEnter details for the other server. Please be aware that it's not a good idea to sync with major keyservers which have exceptionally large databases. This is intended to sync with other $PROJECT_NAME systems each having a small database for a particular community." 16 60 3 \
            $"Domain:" 1 1 "" 1 25 32 64 \
            $"Port:" 2 1 "11370" 2 25 6 6 \
            $"Sync Email (optional):" 3 1 "pgp-public-keys@" 3 25 32 64 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    other_keyserver_domain=$(cat $data | sed -n 1p)
-    other_keyserver_port=$(cat $data | sed -n 2p)
-    other_keyserver_email=$(cat $data | sed -n 3p)
+    other_keyserver_domain=$(sed -n 1p < "$data")
+    other_keyserver_port=$(sed -n 2p < "$data")
+    other_keyserver_email=$(sed -n 3p < "$data")
+    rm -f "$data"
     if [[ "$other_keyserver_domain" != *'.'* ]]; then
         return
     fi
@@ -464,7 +468,7 @@ function keyserver_sync {
     # Warn if trying to sync
     if [[ "$other_keyserver_domain" == *"sks-keyservers.net" || "$other_keyserver_domain" == *"gnupg.net" || "$other_keyserver_domain" == *"pgp.com" || "$other_keyserver_domain" == *"pgp.mit.edu" || "$other_keyserver_domain" == *"the.earth.li" || "$other_keyserver_domain" == *"mayfirst.org" || "$other_keyserver_domain" == *"ubuntu.com" ]]; then
         dialog --title $"Sync with other keyserver" \
-               --msgbox $"\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60
+               --msgbox $"\\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60
         return
     fi
 
@@ -508,47 +512,50 @@ function keyserver_edit {
 }
 
 function keyserver_remove_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove a key" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>$data
+           --inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            remove_key_id=$(<$data)
+            remove_key_id=$(<"$data")
             if [ ${#remove_key_id} -gt 8 ]; then
-                sks drop $remove_key_id
+                sks drop "$remove_key_id"
                 dialog --title $"Remove a key" \
                        --msgbox $"The key was removed" 6 40
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_keyserver {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"SKS Keyserver" \
                --radiolist $"Choose an operation:" 12 70 4 \
                1 $"Remove a key" off \
                2 $"Sync with other keyserver" off \
                3 $"Edit sync keyservers" off \
-               4 $"Exit" on 2> $data
+               4 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) keyserver_remove_key;;
             2) keyserver_sync;;
             3) keyserver_edit;;
-            4) break;;
+            4) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -563,7 +570,7 @@ function install_keyserver {
         mkdir /var/www/$KEYSERVER_DOMAIN_NAME
     fi
 
-    cd /var/www/$KEYSERVER_DOMAIN_NAME
+    cd "/var/www/$KEYSERVER_DOMAIN_NAME" || exit 25427642847
     if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
         rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
     fi
@@ -571,7 +578,7 @@ function install_keyserver {
     if [ -d /repos/keyserverweb ]; then
         mkdir htdocs
         cp -r -p /repos/keyserverweb/. htdocs
-        cd htdocs
+        cd htdocs || exit 379584659
         git pull
     else
         git_clone $KEYSERVER_WEB_REPO htdocs
@@ -581,14 +588,14 @@ function install_keyserver {
         exit 6539230
     fi
 
-    cd /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
+    cd "/var/www/$KEYSERVER_DOMAIN_NAME/htdocs" || exit 264824528
     git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT
     set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT"
 
 
     USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-    if [ ! $GPG_ID ]; then
+    GPG_ID=$(su -m root -c "gpg --list-keys \"$USER_EMAIL_ADDRESS\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
+    if [ ! "$GPG_ID" ]; then
         echo $'No GPG ID for admin user'
         exit 846336
     fi
@@ -659,11 +666,11 @@ function install_keyserver {
     chown debian-sks: $sksconf_file
 
     if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
-        echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc
-        echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
-        echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc
-        echo "HiddenServicePort 11373 127.0.0.1:11371" >> /etc/tor/torrc
-        echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc
+        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/';
+          echo 'HiddenServiceVersion 3';
+          echo "HiddenServicePort 11370 127.0.0.1:11370";
+          echo "HiddenServicePort 11373 127.0.0.1:11371";
+          echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> /etc/tor/torrc
         echo $'Added onion site for sks'
     fi
 
@@ -682,141 +689,141 @@ function install_keyserver {
     if [[ $ONION_ONLY == "no" ]]; then
         # NOTE: without http active on port 80 the keyserver doesn't work
         #       from the commandline
-        echo 'server {' > $keyserver_nginx_site
-        echo '  listen 80;' >> $keyserver_nginx_site
-        echo '  listen 0.0.0.0:11371;' >> $keyserver_nginx_site
-        echo '  listen [::]:80;' >> $keyserver_nginx_site
-        echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Logs' >> $keyserver_nginx_site
-        echo '  access_log /dev/null;' >> $keyserver_nginx_site
-        echo '  error_log /dev/null;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Root' >> $keyserver_nginx_site
-        echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
-        echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location / {' >> $keyserver_nginx_site
+        { echo 'server {';
+          echo '  listen 80;';
+          echo '  listen 0.0.0.0:11371;';
+          echo '  listen [::]:80;';
+          echo "  server_name $KEYSERVER_DOMAIN_NAME;";
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  rewrite ^/stats /pks/lookup?op=stats;';
+          echo "  rewrite ^/s/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/search/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo "  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo '';
+          echo '  location / {'; } > $keyserver_nginx_site
         function_check nginx_limits
-        nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
-        echo '  }' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location /pks {' >> $keyserver_nginx_site
-        echo '    proxy_pass         http://127.0.0.1:11373;' >> $keyserver_nginx_site
-        echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
-        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";" >> $keyserver_nginx_site
-        echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
-        echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
-        echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site
-        echo '  }' >> $keyserver_nginx_site
-        echo '}' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo 'server {' >> $keyserver_nginx_site
-        echo '  listen 443 ssl;' >> $keyserver_nginx_site
-        echo '  listen 0.0.0.0:11372 ssl;' >> $keyserver_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $keyserver_nginx_site
-        echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  error_page 404 /404.html;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
-        echo '    deny all;' >> $keyserver_nginx_site
-        echo '    return 404;' >> $keyserver_nginx_site
-        echo '  }' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Security' >> $keyserver_nginx_site
+        nginx_limits "$KEYSERVER_DOMAIN_NAME" '128k'
+        { echo '  }';
+          echo '';
+          echo '  location /pks {';
+          echo '    proxy_pass         http://127.0.0.1:11373;';
+          echo '    proxy_pass_header  Server;';
+          echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";";
+          echo '    proxy_ignore_client_abort on;';
+          echo '    client_max_body_size 8m;';
+          echo '    client_body_buffer_size 128k;';
+          echo '  }';
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  listen 0.0.0.0:11372 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $KEYSERVER_DOMAIN_NAME;";
+          echo '';
+          echo '  error_page 404 /404.html;';
+          echo '';
+          echo '  location ~ (.git|LICENSE|readme.md) {';
+          echo '    deny all;';
+          echo '    return 404;';
+          echo '  }';
+          echo '';
+          echo '  # Security'; } >> $keyserver_nginx_site
         function_check nginx_ssl
         nginx_ssl $KEYSERVER_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Logs' >> $keyserver_nginx_site
-        echo '  access_log /dev/null;' >> $keyserver_nginx_site
-        echo '  error_log /dev/null;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  # Root' >> $keyserver_nginx_site
-        echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;";
+          echo '';
 
-        echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
-        echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location / {' >> $keyserver_nginx_site
+          echo '  rewrite ^/stats /pks/lookup?op=stats;';
+          echo "  rewrite ^/s/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/search/(.*) /pks/lookup?search=\$1;";
+          echo "  rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
+          echo "  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo "  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+          echo '';
+          echo '  location / {'; } >> $keyserver_nginx_site
         function_check nginx_limits
         nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
-        echo '  }' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
-        echo '  location /pks {' >> $keyserver_nginx_site
-        echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
-        echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
-        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";" >> $keyserver_nginx_site
-        echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
-        echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
-        echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site
-        echo '  }' >> $keyserver_nginx_site
-        echo '}' >> $keyserver_nginx_site
-        echo '' >> $keyserver_nginx_site
+        { echo '  }';
+          echo '';
+          echo '  location /pks {';
+          echo "    proxy_pass         http://127.0.0.1:11373;";
+          echo '    proxy_pass_header  Server;';
+          echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";";
+          echo '    proxy_ignore_client_abort on;';
+          echo '    client_max_body_size 8m;';
+          echo '    client_body_buffer_size 128k;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> $keyserver_nginx_site
     else
         echo -n '' > $keyserver_nginx_site
     fi
-    echo 'server {' >> $keyserver_nginx_site
-    echo "  listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
-    echo "  server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  error_page 404 /404.html;' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
-    echo '    deny all;' >> $keyserver_nginx_site
-    echo '    return 404;' >> $keyserver_nginx_site
-    echo '  }' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;";
+      echo "  server_name $KEYSERVER_ONION_HOSTNAME;";
+      echo '';
+      echo '  error_page 404 /404.html;';
+      echo '';
+      echo '  location ~ (.git|LICENSE|readme.md) {';
+      echo '    deny all;';
+      echo '    return 404;';
+      echo '  }';
+      echo ''; } >> $keyserver_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
-    echo '' >> $keyserver_nginx_site
-    echo '  # Logs' >> $keyserver_nginx_site
-    echo '  access_log /dev/null;' >> $keyserver_nginx_site
-    echo '  error_log /dev/null;' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  # Root' >> $keyserver_nginx_site
-    echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/mail;" >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
-    echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-    echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  location / {' >> $keyserver_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/mail;";
+      echo '';
+      echo '  rewrite ^/stats /pks/lookup?op=stats;';
+      echo "  rewrite ^/s/(.*) /pks/lookup?search=\$1;";
+      echo "  rewrite ^/search/(.*) /pks/lookup?search=\$1;";
+      echo "  rewrite ^/g/(.*) /pks/lookup?op=get&search=\$1;";
+      echo "  rewrite ^/get/(.*) /pks/lookup?op=get&search=\$1;";
+      echo "  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+      echo "  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=\$1;";
+      echo '';
+      echo '  location / {'; } >> $keyserver_nginx_site
     function_check nginx_limits
     nginx_limits $KEYSERVER_DOMAIN_NAME '128k'
-    echo '  }' >> $keyserver_nginx_site
-    echo '' >> $keyserver_nginx_site
-    echo '  location /pks {' >> $keyserver_nginx_site
-    echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
-    echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
-    echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";" >> $keyserver_nginx_site
-    echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
-    echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
-    echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site
-    echo '  }' >> $keyserver_nginx_site
-    echo '}' >> $keyserver_nginx_site
+    { echo '  }';
+      echo '';
+      echo '  location /pks {';
+      echo "    proxy_pass         http://127.0.0.1:11373;";
+      echo '    proxy_pass_header  Server;';
+      echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";";
+      echo '    proxy_ignore_client_abort on;';
+      echo '    client_max_body_size 8m;';
+      echo '    client_body_buffer_size 128k;';
+      echo '  }';
+      echo '}'; } >> $keyserver_nginx_site
 
     function_check create_site_certificate
     if [ ! -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then
diff --git a/src/freedombone-app-koel b/src/freedombone-app-koel
index f91524d9..d4ea8ff9 100755
--- a/src/freedombone-app-koel
+++ b/src/freedombone-app-koel
@@ -58,7 +58,7 @@ function logging_off_koel {
 }
 
 function koel_remove_gravatar {
-    cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
+    cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 8345374534
     sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" node_modules/browser-sync-ui/public/js/app.js.map
     sed -i "s|www.gravatar.com|${KOEL_DOMAIN_NAME}|g" public/js/app.*.js
     if ! grep -q "//Vue.set(user, 'avatar'" resources/assets/js/stores/user.js; then
@@ -69,19 +69,19 @@ function koel_remove_gravatar {
 function remove_user_koel {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp koel
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp koel
 }
 
 function add_user_koel {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a koel -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a koel -p "$new_user_password"
     echo '0'
 }
 
 function install_interactive_koel {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -91,42 +91,43 @@ function install_interactive_koel {
         KOEL_DETAILS_COMPLETE=
         while [ ! $KOEL_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Koel Configuration" \
-                       --form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
+                       --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
                        $"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'KOEL_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Koel Configuration" \
-                       --form $"\nPlease enter your Koel details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
+                       --form $"\\nPlease enter your Koel details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 3 \
                        $"Domain:" 1 1 "$(grep 'KOEL_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            KOEL_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $KOEL_DOMAIN_NAME ]; then
-                if [[ $KOEL_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            KOEL_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$KOEL_DOMAIN_NAME" ]; then
+                if [[ "$KOEL_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     KOEL_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$KOEL_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $KOEL_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$KOEL_DOMAIN_NAME" ]]; then
                     KOEL_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        KOEL_CODE=$(cat $data | sed -n 2p)
+                        KOEL_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$KOEL_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             KOEL_DOMAIN_NAME=
                         fi
                     fi
@@ -135,6 +136,7 @@ function install_interactive_koel {
             if [ $KOEL_DOMAIN_NAME ]; then
                 KOEL_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -150,23 +152,23 @@ function change_password_koel {
 
     read_config_param 'KOEL_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a koel -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a koel -p "$new_user_password"
 }
 
 function koel_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        KOEL_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        KOEL_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $KOEL_ADMIN_PASSWORD ]; then
-            KOEL_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
+            KOEL_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $KOEL_ADMIN_PASSWORD ]; then
+    if [ ! "$KOEL_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database koel "$KOEL_ADMIN_PASSWORD" $MY_USERNAME
+    create_database koel "$KOEL_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_koel {
@@ -174,14 +176,14 @@ function reconfigure_koel {
 }
 
 function koel_import_from_directory {
-    data=$(tempfile 2>/dev/null)
-    dialog --title "Choose a directory containing music" --dselect /home/$MY_USERNAME/ 30 60 2> $data
-    selected_dir=$(cat $data)
-    rm $data
+    data=$(mktemp 2>/dev/null)
+    dialog --title "Choose a directory containing music" --dselect "/home/$MY_USERNAME/" 30 60 2> "$data"
+    selected_dir=$(cat "$data")
+    rm -f "$data"
     if [[ "$selected_dir" == '/music' ]]; then
         return
     fi
-    if [ ! -d $selected_dir ]; then
+    if [ ! -d "$selected_dir" ]; then
         return
     fi
     if [[ "$selected_dir" == "/home/$MY_USERNAME/" ]]; then
@@ -197,7 +199,7 @@ function koel_import_from_directory {
     dialog --title $"Import music directory" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nImport the directory:\n\n  $selected_dir" 12 75
+           --yesno $"\\nImport the directory:\\n\\n  $selected_dir" 12 75
     sel=$?
     case $sel in
         1) return;;
@@ -214,18 +216,18 @@ function koel_import_from_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Import music from USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT/Music ]; then
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT/Music" ]; then
         dialog --title $"Import music from USB drive" --msgbox $'No Music directory found on USB drive' 6 50
-        backup_unmount_drive ${USB_DRIVE}
+        backup_unmount_drive "${USB_DRIVE}"
     fi
-    cp -ru $USB_MOUNT/Music/* /music
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru "$USB_MOUNT/Music/*" /music
+    backup_unmount_drive "${USB_DRIVE}"
     dialog --title $"Import music from USB drive" --msgbox $'Import complete. You may now remove the USB drive' 6 50
 }
 
@@ -233,28 +235,26 @@ function koel_export_to_usb {
     clear
     detect_usb_drive
 
-    if [ ! -b $USB_DRIVE ]; then
+    if [ ! -b "$USB_DRIVE" ]; then
         dialog --title $"Export music to USB drive" --msgbox $'No USB drive found' 6 50
         return
     fi
 
-    backup_mount_drive ${USB_DRIVE}
-    if [ ! -d $USB_MOUNT/Music ]; then
-        mkdir -p $USB_MOUNT/Music
+    backup_mount_drive "${USB_DRIVE}"
+    if [ ! -d "$USB_MOUNT/Music" ]; then
+        mkdir -p "$USB_MOUNT/Music"
     fi
-    cp -ru /music/* $USB_MOUNT/Music
-    backup_unmount_drive ${USB_DRIVE}
+    cp -ru /music/* "$USB_MOUNT/Music"
+    backup_unmount_drive "${USB_DRIVE}"
     dialog --title $"Export music to USB drive" --msgbox $'Export complete. You may now remove the USB drive' 6 50
 }
 
 function format_music_drive {
     detect_usb_drive
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
     dialog --title $"Format USB drive $USB_DRIVE for music storage" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to format drive\n\n    ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
+           --yesno $"\\nPlease confirm that you wish to format drive\\n\\n    ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
     sel=$?
     case $sel in
         1) return;;
@@ -265,7 +265,7 @@ function format_music_drive {
     echo ''
     echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
     echo ''
-    ${PROJECT_NAME}-format $USB_DRIVE
+    "${PROJECT_NAME}-format" "$USB_DRIVE"
     dialog --title $"Format USB drive $USB_DRIVE for music storage" --msgbox $'Format complete. You may now export music or remove the USB drive' 6 50
 }
 
@@ -273,8 +273,7 @@ function format_music_drive {
 function configure_interactive_koel {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Koel" \
                --radiolist $"Choose an operation:" 12 70 5 \
@@ -282,24 +281,28 @@ function configure_interactive_koel {
                2 $"Import music from USB drive" off \
                3 $"Export music to USB drive" off \
                4 $"Format a USB drive for music storage" off \
-               5 $"Exit" on 2> $data
+               5 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) koel_import_from_directory;;
             2) koel_import_from_usb;;
             3) koel_export_to_usb;;
             4) format_music_drive;;
-            5) break;;
+            5) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function upgrade_koel {
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
     fi
 
@@ -312,12 +315,12 @@ function upgrade_koel {
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$KOEL_DOMAIN_NAME/htdocs "koel commit" "$KOEL_COMMIT" $KOEL_REPO
+    set_repo_commit "/var/www/$KOEL_DOMAIN_NAME/htdocs" "koel commit" "$KOEL_COMMIT" $KOEL_REPO
 
-    cd /var/www/${KOEL_DOMAIN_NAME}/htdocs
+    cd "/var/www/${KOEL_DOMAIN_NAME}/htdocs" || exit 7345346358
     php artisan koel:init
     koel_remove_gravatar
-    chown -R www-data:www-data *
+    chown -R www-data:www-data "/var/www/${KOEL_DOMAIN_NAME}/htdocs/*"
 
     systemctl start koel
 }
@@ -325,20 +328,20 @@ function upgrade_koel {
 
 function backup_local_koel {
     KOEL_DOMAIN_NAME='koel'
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
     fi
 
-    source_directory=/var/www/${KOEL_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${KOEL_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
         systemctl stop koel
 
         dest_directory=koel
         function_check suspend_site
-        suspend_site ${KOEL_DOMAIN_NAME}
+        suspend_site "${KOEL_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb koel
@@ -351,27 +354,26 @@ function backup_local_koel {
 }
 
 function restore_local_koel {
-    if ! grep -q "koel domain" $COMPLETION_FILE; then
+    if ! grep -q "koel domain" "$COMPLETION_FILE"; then
         return
     fi
     KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
-    if [ $KOEL_DOMAIN_NAME ]; then
+    if [ "$KOEL_DOMAIN_NAME" ]; then
         echo $"Restoring koel"
         systemctl stop koel
 
         temp_restore_dir=/root/tempkoel
-        koel_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
 
         function_check koel_create_database
         koel_create_database
 
-        restore_database koel ${KOEL_DOMAIN_NAME}
+        restore_database koel "${KOEL_DOMAIN_NAME}"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 274825424
         sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
         MARIADB_PASSWORD=
 
@@ -380,14 +382,14 @@ function restore_local_koel {
 }
 
 function backup_remote_koel {
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         KOEL_DOMAIN_NAME=$(get_completion_param "koel domain")
         temp_backup_dir=/var/www/${KOEL_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             systemctl stop koel
 
             function_check suspend_site
-            suspend_site ${KOEL_DOMAIN_NAME}
+            suspend_site "${KOEL_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend koel
@@ -395,7 +397,7 @@ function backup_remote_koel {
             echo $"Backing up Koel installation"
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir koel
+            backup_directory_to_friend "$temp_backup_dir" koel
 
             function_check restart_site
             restart_site
@@ -408,7 +410,7 @@ function backup_remote_koel {
 }
 
 function restore_remote_koel {
-    if grep -q "koel domain" $COMPLETION_FILE; then
+    if grep -q "koel domain" "$COMPLETION_FILE"; then
         echo $"Restoring koel"
 
         systemctl stop koel
@@ -419,13 +421,13 @@ function restore_remote_koel {
         koel_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend koel ${KOEL_DOMAIN_NAME}
+        restore_database_from_friend koel "${KOEL_DOMAIN_NAME}"
         if [ -d /root/tempkoel ]; then
             rm -rf /root/tempkoel
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 53743682
         sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=$MARIADB_PASSWORD|g" .env
         MARIADB_PASSWORD=
 
@@ -453,14 +455,14 @@ function remove_koel {
     read_config_param "KOEL_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $KOEL_DOMAIN_NAME"
-    nginx_dissite $KOEL_DOMAIN_NAME
-    remove_certs $KOEL_DOMAIN_NAME
+    nginx_dissite "$KOEL_DOMAIN_NAME"
+    remove_certs "$KOEL_DOMAIN_NAME"
 
-    if [ -d /var/www/$KOEL_DOMAIN_NAME ]; then
-        rm -rf /var/www/$KOEL_DOMAIN_NAME
+    if [ -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$KOEL_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$KOEL_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$KOEL_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$KOEL_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database koel
@@ -468,15 +470,15 @@ function remove_koel {
     remove_onion_service koel ${KOEL_ONION_PORT}
     remove_app koel
     remove_completion_param install_koel
-    sed -i '/koel/d' $COMPLETION_FILE
+    sed -i '/koel/d' "$COMPLETION_FILE"
     remove_backup_database_local koel
 
     function_check remove_ddns_domain
-    remove_ddns_domain $KOEL_DOMAIN_NAME
+    remove_ddns_domain "$KOEL_DOMAIN_NAME"
 }
 
 function install_koel_main {
-    if [ ! $KOEL_DOMAIN_NAME ]; then
+    if [ ! "$KOEL_DOMAIN_NAME" ]; then
         echo $'No domain name was given for koel'
         exit 7359
     fi
@@ -498,177 +500,186 @@ function install_koel_main {
     apt-get -yq install php-memcached php-intl exiftool libfcgi0ldbl
     apt-get -yq install ffmpeg
 
-    if [ ! -d /var/www/$KOEL_DOMAIN_NAME ]; then
-        mkdir /var/www/$KOEL_DOMAIN_NAME
+    if [ ! -d "/var/www/$KOEL_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$KOEL_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/koel ]; then
-            mkdir /var/www/$KOEL_DOMAIN_NAME/htdocs
-            cp -r -p /repos/koel/. /var/www/$KOEL_DOMAIN_NAME/htdocs
-            cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$KOEL_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/koel/. "/var/www/$KOEL_DOMAIN_NAME/htdocs"
+            cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 23924295
             git pull
         else
             function_check git_clone
-            git_clone $KOEL_REPO /var/www/$KOEL_DOMAIN_NAME/htdocs
+            git_clone "$KOEL_REPO" "/var/www/$KOEL_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$KOEL_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$KOEL_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone koel repo'
             exit 365735
         fi
     fi
 
-    cd /var/www/$KOEL_DOMAIN_NAME/htdocs
-    git checkout $KOEL_COMMIT -b $KOEL_COMMIT
+    cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 834567242
+    git checkout "$KOEL_COMMIT" -b "$KOEL_COMMIT"
     set_completion_param "koel commit" "$KOEL_COMMIT"
 
-    chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
 
     function_check koel_create_database
     koel_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $KOEL_DOMAIN_NAME
+    add_ddns_domain "$KOEL_DOMAIN_NAME"
+
+    KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
 
     koel_nginx_site=/etc/nginx/sites-available/$KOEL_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $KOEL_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $koel_nginx_site
-        echo '  listen 443 ssl;' >> $koel_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $koel_nginx_site
-        echo "  server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
+        nginx_http_redirect "$KOEL_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $KOEL_DOMAIN_NAME;";
+          echo ''; } >> "$koel_nginx_site"
         function_check nginx_compress
-        nginx_compress $KOEL_DOMAIN_NAME
-        echo '    gzip_comp_level 9;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Security' >> $koel_nginx_site
+        nginx_compress "$KOEL_DOMAIN_NAME"
+        { echo '    gzip_comp_level 9;';
+          echo '';
+          echo '  # Security'; } >> "$koel_nginx_site"
         function_check nginx_ssl mobile
-        nginx_ssl $KOEL_DOMAIN_NAME
+        nginx_ssl "$KOEL_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $KOEL_DOMAIN_NAME
+        nginx_disable_sniffing "$KOEL_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Logs' >> $koel_nginx_site
-        echo '  access_log /dev/null;' >> $koel_nginx_site
-        echo '  error_log /dev/null;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Root' >> $koel_nginx_site
-        echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Index' >> $koel_nginx_site
-        echo '  index index.php;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
-        echo '  if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
-        echo '    return 404;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  location /media/ {' >> $koel_nginx_site
-        echo '    internal;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '    # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
-        echo '    alias       $upstream_http_x_media_root;' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # PHP' >> $koel_nginx_site
-        echo '  location ~ \.php {' >> $koel_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Location' >> $koel_nginx_site
-        echo '  location / {' >> $koel_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/';
+          echo "  if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
+          echo '    return 404;';
+          echo '  }';
+          echo '';
+          echo '  location /media/ {';
+          echo '    internal;';
+          echo '';
+          echo '    # A X-Media-Root should be set to media_path settings from upstream';
+          echo "    alias       \$upstream_http_x_media_root;";
+          echo '';
+          echo '  }';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$koel_nginx_site"
         function_check nginx_limits
-        nginx_limits $KOEL_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @koel;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Fancy URLs' >> $koel_nginx_site
-        echo '  location @koel {' >> $koel_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $koel_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $koel_nginx_site
-        echo '    deny all;' >> $koel_nginx_site
-        echo '  }' >> $koel_nginx_site
-        echo '' >> $koel_nginx_site
-        echo '}' >> $koel_nginx_site
+        nginx_limits "$KOEL_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @koel;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @koel {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$koel_nginx_site"
     else
-        echo -n '' > $koel_nginx_site
+        echo -n '' > "$koel_nginx_site"
+    fi
+    if [[ "$ONION_ONLY" == 'no' ]]; then
+        { echo 'server {';
+          echo "    listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
+          echo "    server_name $KOEL_DOMAIN_NAME;";
+          echo ''; } >> "$koel_nginx_site"
+    else
+        { echo 'server {';
+          echo "    listen 127.0.0.1:$KOEL_ONION_PORT default_server;";
+          echo "    server_name $KOEL_ONION_HOSTNAME;";
+          echo ''; } >> "$koel_nginx_site"
     fi
-    echo 'server {' >> $koel_nginx_site
-    echo "    listen 127.0.0.1:$KOEL_ONION_PORT default_server;" >> $koel_nginx_site
-    echo "    server_name $KOEL_DOMAIN_NAME;" >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
     function_check nginx_compress
-    nginx_compress $KOEL_DOMAIN_NAME
-    echo '    gzip_comp_level 9;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Logs' >> $koel_nginx_site
-    echo '  access_log /dev/null;' >> $koel_nginx_site
-    echo '  error_log /dev/null;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Root' >> $koel_nginx_site
-    echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;" >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Index' >> $koel_nginx_site
-    echo '  index index.php;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/' >> $koel_nginx_site
-    echo '  if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {' >> $koel_nginx_site
-    echo '    return 404;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  location /media/ {' >> $koel_nginx_site
-    echo '    internal;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '    # A X-Media-Root should be set to media_path settings from upstream' >> $koel_nginx_site
-    echo '    alias       $upstream_http_x_media_root;' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # PHP' >> $koel_nginx_site
-    echo '  location ~ \.php {' >> $koel_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $koel_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $koel_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Location' >> $koel_nginx_site
-    echo '  location / {' >> $koel_nginx_site
+    nginx_compress "$KOEL_DOMAIN_NAME"
+    { echo '    gzip_comp_level 9;';
+      echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$KOEL_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # Whitelist only index.php, robots.txt, and those start with public/ or api/';
+      echo "  if (\$request_uri !~ ^/\$|index\\.php|robots\\.txt|api/|public/) {";
+      echo '    return 404;';
+      echo '  }';
+      echo '';
+      echo '  location /media/ {';
+      echo '    internal;';
+      echo '';
+      echo '    # A X-Media-Root should be set to media_path settings from upstream';
+      echo "    alias       \$upstream_http_x_media_root;";
+      echo '';
+      echo '  }';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$koel_nginx_site"
     function_check nginx_limits
-    nginx_limits $KOEL_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @koel;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Fancy URLs' >> $koel_nginx_site
-    echo '  location @koel {' >> $koel_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $koel_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $koel_nginx_site
-    echo '    deny all;' >> $koel_nginx_site
-    echo '  }' >> $koel_nginx_site
-    echo '' >> $koel_nginx_site
-    echo '}' >> $koel_nginx_site
+    nginx_limits "$KOEL_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @koel;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @koel {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '}'; } >> "$koel_nginx_site"
 
-    sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' $koel_nginx_site
-    sed -i 's|DENY;|SAMEORIGIN;|g' $koel_nginx_site
+    sed -i 's|gzip_types.*|gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;|g' "$koel_nginx_site"
+    sed -i 's|DENY;|SAMEORIGIN;|g' "$koel_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $KOEL_DOMAIN_NAME 'yes'
+    create_site_certificate "$KOEL_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -679,20 +690,13 @@ function install_koel_main {
     backup_database_local koel
 
     function_check nginx_ensite
-    nginx_ensite $KOEL_DOMAIN_NAME
-
-    KOEL_ONION_HOSTNAME=$(add_onion_service koel 80 ${KOEL_ONION_PORT})
-
-    KOEL_SERVER=${KOEL_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        KOEL_SERVER=${KOEL_ONION_HOSTNAME}
-    fi
+    nginx_ensite "$KOEL_DOMAIN_NAME"
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a koel -p "$KOEL_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a koel -p "$KOEL_ADMIN_PASSWORD"
 
     set_completion_param "koel domain" "$KOEL_DOMAIN_NAME"
 
@@ -709,7 +713,7 @@ function install_koel {
 
     install_koel_main
 
-    cd /var/www/$KOEL_DOMAIN_NAME/htdocs
+    cd "/var/www/$KOEL_DOMAIN_NAME/htdocs" || exit 2432848
     install_composer
 
     npm install -g yarn
@@ -731,30 +735,29 @@ function install_koel {
     sed -i 's/MAIL_PORT=.*/MAIL_PORT=25/g' .env
     sed -i 's|FFMPEG_PATH=.*|FFMPEG_PATH=/usr/bin/ffmpeg|g' .env
 
-    php artisan koel:init
-    if [ ! "$?" = "0" ]; then
+    if ! php artisan koel:init; then
         echo $"Can't install koel:init"
         exit 78362
     fi
     koel_remove_gravatar
-    chown -R www-data:www-data /var/www/$KOEL_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$KOEL_DOMAIN_NAME/htdocs"
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/koel.service
-    echo 'Description=Koel (music player)' >> /etc/systemd/system/koel.service
-    echo 'After=syslog.target' >> /etc/systemd/system/koel.service
-    echo 'After=network.target' >> /etc/systemd/system/koel.service
-    echo '' >> /etc/systemd/system/koel.service
-    echo '[Service]' >> /etc/systemd/system/koel.service
-    echo 'Type=simple' >> /etc/systemd/system/koel.service
-    echo 'User=www-data' >> /etc/systemd/system/koel.service
-    echo 'Group=www-data' >> /etc/systemd/system/koel.service
-    echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs" >> /etc/systemd/system/koel.service
-    echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT" >> /etc/systemd/system/koel.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/koel.service
-    echo '' >> /etc/systemd/system/koel.service
-    echo '[Install]' >> /etc/systemd/system/koel.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/koel.service
+    { echo '[Unit]';
+      echo 'Description=Koel (music player)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo 'Group=www-data';
+      echo "WorkingDirectory=/var/www/$KOEL_DOMAIN_NAME/htdocs";
+      echo "ExecStart=/usr/bin/php artisan serve --port=$KOEL_PORT";
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/koel.service
     systemctl enable koel.service
     systemctl daemon-reload
     systemctl start koel.service
diff --git a/src/freedombone-app-lychee b/src/freedombone-app-lychee
index ff3d8c36..18cf05e3 100755
--- a/src/freedombone-app-lychee
+++ b/src/freedombone-app-lychee
@@ -55,14 +55,14 @@ function logging_off_lychee {
 }
 
 function lychee_create_database {
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        LYCHEE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+        LYCHEE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! ${LYCHEE_ADMIN_PASSWORD} ]; then
-            LYCHEE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "${LYCHEE_ADMIN_PASSWORD}" ]; then
+            LYCHEE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $LYCHEE_ADMIN_PASSWORD ]; then
+    if [ ! "$LYCHEE_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -73,7 +73,7 @@ function lychee_create_database {
 function remove_user_lychee {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp lychee
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp lychee
 }
 
 function add_user_lychee {
@@ -85,13 +85,13 @@ function add_user_lychee {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a lychee -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a lychee -p "$new_user_password"
 
     echo '0'
 }
 
 function install_interactive_lychee {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -110,12 +110,12 @@ function configure_interactive_lychee {
     get_mariadb_password
 
     dialog --title $"Lychee Configuration" \
-           --msgbox $"\nYou can initially install the system with:\n\n  Username: root\n  Password: $MARIADB_PASSWORD" 10 70
+           --msgbox $"\\nYou can initially install the system with:\\n\\n  Username: root\\n  Password: $MARIADB_PASSWORD" 10 70
 }
 
 
 function change_password_lychee {
-    LYCHEE_USERNAME="$1"
+#    LYCHEE_USERNAME="$1"
     LYCHEE_PASSWORD="$2"
     if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then
         echo $'Lychee password is too short'
@@ -143,56 +143,56 @@ function upgrade_lychee {
 
 function backup_local_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
-    lychee_path=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
-    if [ -d $lychee_path ]; then
+    lychee_path="/var/www/${LYCHEE_DOMAIN_NAME}/htdocs"
+    if [ -d "$lychee_path" ]; then
         function_check backup_database_to_usb
         backup_database_to_usb lychee
 
-        backup_directory_to_usb $lychee_path lychee
+        backup_directory_to_usb "$lychee_path" lychee
         restart_site
     fi
 }
 
 function restore_local_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
-    if [ $LYCHEE_DOMAIN_NAME ]; then
-        suspend_site ${LYCHEE_DOMAIN_NAME}
+    if [ "$LYCHEE_DOMAIN_NAME" ]; then
+        suspend_site "${LYCHEE_DOMAIN_NAME}"
 
         function_check lychee_create_database
         lychee_create_database
 
         function_check restore_database
-        restore_database lychee ${LYCHEE_DOMAIN_NAME}
+        restore_database lychee "${LYCHEE_DOMAIN_NAME}"
 
-        if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+        if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+            sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
             MARIADB_PASSWORD=
         fi
 
         restart_site
-        chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
+        chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
     fi
 }
 
 function backup_remote_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
     temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
-    if [ -d $temp_backup_dir ]; then
-        suspend_site ${LYCHEE_DOMAIN_NAME}
+    if [ -d "$temp_backup_dir" ]; then
+        suspend_site "${LYCHEE_DOMAIN_NAME}"
         backup_database_to_friend lychee
-        backup_directory_to_friend $temp_backup_dir lychee
+        backup_directory_to_friend "$temp_backup_dir" lychee
         restart_site
     else
         echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}"
@@ -202,27 +202,27 @@ function backup_remote_lychee {
 
 function restore_remote_lychee {
     LYCHEE_DOMAIN_NAME='lychee.local'
-    if grep -q "lychee domain" $COMPLETION_FILE; then
+    if grep -q "lychee domain" "$COMPLETION_FILE"; then
         LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
     fi
 
-    suspend_site ${LYCHEE_DOMAIN_NAME}
+    suspend_site "${LYCHEE_DOMAIN_NAME}"
 
     function_check restore_database_from_friend
 
     function_check lychee_create_database
     lychee_create_database
 
-    restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
+    restore_database_from_friend lychee "${LYCHEE_DOMAIN_NAME}"
 
-    if [ -f /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php ]; then
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php
+    if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php"
         MARIADB_PASSWORD=
     fi
 
     restart_site
-    chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
+    chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/"
 }
 
 function remove_lychee {
@@ -231,181 +231,181 @@ function remove_lychee {
     fi
 
     read_config_param "LYCHEE_DOMAIN_NAME"
-    nginx_dissite $LYCHEE_DOMAIN_NAME
-    remove_certs ${LYCHEE_DOMAIN_NAME}
+    nginx_dissite "$LYCHEE_DOMAIN_NAME"
+    remove_certs "${LYCHEE_DOMAIN_NAME}"
 
     drop_database lychee
     remove_backup_database_local lychee
 
-    if [ -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$LYCHEE_DOMAIN_NAME
+    if [ -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$LYCHEE_DOMAIN_NAME"
     fi
     remove_config_param LYCHEE_DOMAIN_NAME
     remove_config_param LYCHEE_CODE
     function_check remove_onion_service
-    remove_onion_service lychee ${LYCHEE_ONION_PORT}
+    remove_onion_service lychee "${LYCHEE_ONION_PORT}"
     remove_completion_param "install_lychee"
-    sed -i '/Lychee/d' $COMPLETION_FILE
-    sed -i '/lychee/d' $COMPLETION_FILE
+    sed -i '/Lychee/d' "$COMPLETION_FILE"
+    sed -i '/lychee/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $LYCHEE_DOMAIN_NAME
+    remove_ddns_domain "$LYCHEE_DOMAIN_NAME"
 }
 
 function install_lychee_website {
     function_check nginx_http_redirect
-    nginx_http_redirect $LYCHEE_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    server_name $LYCHEE_DOMAIN_NAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_http_redirect "$LYCHEE_DOMAIN_NAME"
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
+      echo "    server_name $LYCHEE_DOMAIN_NAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_ssl
-    nginx_ssl $LYCHEE_DOMAIN_NAME
+    nginx_ssl "$LYCHEE_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_limits "$LYCHEE_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {';
+      echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.html;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.html;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
 }
 
 function install_lychee_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    server_name $LYCHEE_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;";
+      echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;";
+      echo "    server_name $LYCHEE_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;';
+      echo '    proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    # rewrite to front controller as default rule';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_limits "$LYCHEE_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+      echo '    # or a unix socket';
+      echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $LYCHEE_DOMAIN_NAME
-    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+    nginx_limits "$LYCHEE_DOMAIN_NAME"
+    { echo '        # Zero-day exploit defense.';
+      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+      echo "        # Won't work properly (404 error) if the file is not stored on this";
+      echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+      echo "        # another machine. And then cross your fingers that you won't get hacked.";
+      echo "        try_files \$uri \$uri/ /index.html;";
+      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+      echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+      echo '        # With php-cgi alone:';
+      echo '        # fastcgi_pass 127.0.0.1:9000;';
+      echo '        # With php-fpm:';
+      echo '        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '        include fastcgi_params;';
+      echo '        fastcgi_read_timeout 30;';
+      echo '        fastcgi_index index.html;';
+      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    #deny access to store';
+      echo '    location ~ /store {';
+      echo '        deny all;';
+      echo '    }';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
 }
 
 function install_lychee_from_repo {
-    if [ ! -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
-        mkdir /var/www/$LYCHEE_DOMAIN_NAME
+    if [ ! -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$LYCHEE_DOMAIN_NAME"
     fi
 
-    cd /var/www/$LYCHEE_DOMAIN_NAME
+    cd "/var/www/$LYCHEE_DOMAIN_NAME" || exit 682468246
 
     if [ -d /repos/lychee ]; then
         mkdir htdocs
         cp -r -p /repos/lychee/. htdocs
-        cd htdocs
+        cd htdocs || exit 963756345
         git pull
     else
-        git_clone $LYCHEE_REPO htdocs
+        git_clone "$LYCHEE_REPO" htdocs
     fi
 
-    cd htdocs
-    git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT
+    cd htdocs || exit 1437534858
+    git checkout "$LYCHEE_COMMIT" -b "$LYCHEE_COMMIT"
     set_completion_param "lychee commit" "$LYCHEE_COMMIT"
 }
 
@@ -414,7 +414,7 @@ function install_lychee {
         ONION_ONLY='no'
     fi
 
-    if [ ! $LYCHEE_DOMAIN_NAME ]; then
+    if [ ! "$LYCHEE_DOMAIN_NAME" ]; then
         echo $'The lychee domain name was not specified'
         exit 543672
     fi
@@ -429,7 +429,7 @@ function install_lychee {
         function_check install_lychee_website
         install_lychee_website
     else
-        echo -n '' > /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
     fi
 
     LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT})
@@ -438,23 +438,23 @@ function install_lychee {
     install_lychee_website_onion
 
     function_check create_site_certificate
-    create_site_certificate $LYCHEE_DOMAIN_NAME 'yes'
+    create_site_certificate "$LYCHEE_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
 
-    chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/
-    chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/
-    chown -R www-data:www-data /var/www/$LYCHEE_DOMAIN_NAME/htdocs
+    chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/"
+    chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/"
+    chown -R www-data:www-data "/var/www/$LYCHEE_DOMAIN_NAME/htdocs"
 
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html
-    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html"
+    chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore"
 
     function_check nginx_ensite
-    nginx_ensite $LYCHEE_DOMAIN_NAME
+    nginx_ensite "$LYCHEE_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -469,10 +469,10 @@ function install_lychee {
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a lychee -p "$LYCHEE_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $LYCHEE_DOMAIN_NAME
+    add_ddns_domain "$LYCHEE_DOMAIN_NAME"
 
     set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME"
     APP_INSTALLED=1
diff --git a/src/freedombone-app-mailpile b/src/freedombone-app-mailpile
index 5c598398..5becd87c 100755
--- a/src/freedombone-app-mailpile
+++ b/src/freedombone-app-mailpile
@@ -58,15 +58,15 @@ function logging_off_mailpile {
 
 function remove_user_mailpile {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp mailpile
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp mailpile
 }
 
 function add_user_mailpile {
-    ${PROJECT_NAME}-pass -u $1 -a mailpile -p "$2"
+    "${PROJECT_NAME}-pass" -u "$1" -a mailpile -p "$2"
 }
 
 function install_interactive_mailpile {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -93,7 +93,7 @@ function upgrade_mailpile {
     read_config_param "MAILPILE_DOMAIN_NAME"
 
     CURR_COMMIT=$MAILPILE_COMMIT
-    if grep -q "mailpile commit" $COMPLETION_FILE; then
+    if grep -q "mailpile commit" "$COMPLETION_FILE"; then
         CURR_COMMIT=$(get_completion_param "mailpile commit")
     fi
     if [[ "$CURR_COMMIT" == "$MAILPILE_COMMIT" ]]; then
@@ -103,10 +103,10 @@ function upgrade_mailpile {
     function_check set_repo_commit
     set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO
 
-    cd /var/www/$MAILPILE_DOMAIN_NAME/mail
+    cd "/var/www/$MAILPILE_DOMAIN_NAME/mail" || exit 2346836535
     pip install -r requirements.txt
 
-    chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail
+    chown -R mailpile:mailpile "/var/www/$MAILPILE_DOMAIN_NAME/mail"
 }
 
 function backup_local_mailpile {
@@ -136,16 +136,16 @@ function remove_mailpile {
     systemctl daemon-reload
 
     read_config_param "MAILPILE_DOMAIN_NAME"
-    nginx_dissite $MAILPILE_DOMAIN_NAME
-    remove_certs ${MAILPILE_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
+    nginx_dissite "$MAILPILE_DOMAIN_NAME"
+    remove_certs "${MAILPILE_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$MAILPILE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$MAILPILE_DOMAIN_NAME
+    if [ -d "/var/www/$MAILPILE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$MAILPILE_DOMAIN_NAME"
     fi
     function_check remove_ddns_domain
-    remove_ddns_domain $MAILPILE_DOMAIN_NAME
+    remove_ddns_domain "$MAILPILE_DOMAIN_NAME"
 
     groupdel -f mailpile
     userdel -r mailpile
@@ -158,8 +158,8 @@ function remove_mailpile {
 
     enable_email_encryption_at_rest
 
-    sed -i '/Mailpile/d' $COMPLETION_FILE
-    sed -i '/mailpile/d' $COMPLETION_FILE
+    sed -i '/Mailpile/d' "$COMPLETION_FILE"
+    sed -i '/mailpile/d' "$COMPLETION_FILE"
 }
 
 function install_mailpile {
@@ -178,7 +178,7 @@ function install_mailpile {
         mkdir /var/www/$MAILPILE_DOMAIN_NAME
     fi
 
-    cd /var/www/$MAILPILE_DOMAIN_NAME
+    cd "/var/www/$MAILPILE_DOMAIN_NAME" || exit 264826484
     if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then
         rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail
     fi
@@ -186,13 +186,13 @@ function install_mailpile {
     if [ -d /repos/mailpile ]; then
         mkdir mail
         cp -r -p /repos/mailpile/. mail
-        cd mail
+        cd mail || exit 245728482
         git pull
     else
         git_clone $MAILPILE_REPO mail
     fi
 
-    cd mail
+    cd mail || exit 246872468
     git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT
     set_completion_param "mailpile commit" "$MAILPILE_COMMIT"
 
@@ -206,8 +206,8 @@ function install_mailpile {
     adduser mailpile debian-tor
     adduser mailpile www-data
     adduser mailpile mail
-    adduser mailpile $MY_USERNAME
-    if [[ $ONION_ONLY == 'no' ]]; then
+    adduser mailpile "$MY_USERNAME"
+    if [[ "$ONION_ONLY" == 'no' ]]; then
         chgrp -R ssl-cert /etc/letsencrypt
         chmod -R g=rX /etc/letsencrypt
         usermod -a -G ssl-cert mailpile
@@ -219,89 +219,89 @@ function install_mailpile {
 
     MAILPILE_ONION_HOSTNAME=$(add_onion_service mailpile 80 ${MAILPILE_ONION_PORT})
 
-    echo '[Unit]' > /etc/systemd/system/mailpile.service
-    echo 'Description=Mailpile Email Client' >> /etc/systemd/system/mailpile.service
-    echo 'After=syslog.target network.target nginx.target' >> /etc/systemd/system/mailpile.service
-    echo '' >> /etc/systemd/system/mailpile.service
-    echo '[Service]' >> /etc/systemd/system/mailpile.service
-    echo 'User=mailpile' >> /etc/systemd/system/mailpile.service
-    echo 'Group=mailpile' >> /etc/systemd/system/mailpile.service
-    echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail" >> /etc/systemd/system/mailpile.service
-    echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait" >> /etc/systemd/system/mailpile.service
-    echo 'Restart=always' >> /etc/systemd/system/mailpile.service
-    echo 'RestartSec=10' >> /etc/systemd/system/mailpile.service
-    echo '' >> /etc/systemd/system/mailpile.service
-    echo '[Install]' >> /etc/systemd/system/mailpile.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mailpile.service
+    { echo '[Unit]';
+      echo 'Description=Mailpile Email Client';
+      echo 'After=syslog.target network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=mailpile';
+      echo 'Group=mailpile';
+      echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail";
+      echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mailpile.service
     chmod +x /etc/systemd/system/mailpile.service
 
     mailpile_nginx_site=/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         nginx_http_redirect $MAILPILE_DOMAIN_NAME
-        echo 'server {' >> $mailpile_nginx_site
-        echo '  listen 443 ssl;' >> $mailpile_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $mailpile_nginx_site
-        echo "  server_name $MAILPILE_DOMAIN_NAME;" >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  # Security' >> $mailpile_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $MAILPILE_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> $mailpile_nginx_site
         function_check nginx_ssl
         nginx_ssl $MAILPILE_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  # Logs' >> $mailpile_nginx_site
-        echo '  access_log /dev/null;' >> $mailpile_nginx_site
-        echo '  error_log /dev/null;' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  # Root' >> $mailpile_nginx_site
-        echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        echo '  location / {' >> $mailpile_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
+          echo '';
+          echo '  location / {'; } >> $mailpile_nginx_site
         function_check nginx_limits
         nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-        echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
-        echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
-        echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
-        echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
-        echo '    proxy_redirect off;' >> $mailpile_nginx_site
-        echo '  }' >> $mailpile_nginx_site
-        echo '}' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
+        { echo "    rewrite /(.*) /\$1 break;";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "    proxy_set_header Host \$http_host;";
+          echo '    proxy_set_header X-NginX-Proxy true;';
+          echo "    proxy_pass http://localhost:${MAILPILE_PORT};";
+          echo '    proxy_redirect off;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> $mailpile_nginx_site
     else
         echo -n '' > $mailpile_nginx_site
     fi
-    echo 'server {' >> $mailpile_nginx_site
-    echo "    listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;" >> $mailpile_nginx_site
-    echo "    server_name $MAILPILE_ONION_HOSTNAME;" >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;";
+      echo "    server_name $MAILPILE_ONION_HOSTNAME;";
+      echo ''; } >> $mailpile_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
-    echo '' >> $mailpile_nginx_site
-    echo '  # Logs' >> $mailpile_nginx_site
-    echo '  access_log /dev/null;' >> $mailpile_nginx_site
-    echo '  error_log /dev/null;' >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
-    echo '  # Root' >> $mailpile_nginx_site
-    echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
-    echo '  location / {' >> $mailpile_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$MAILPILE_DOMAIN_NAME/mail;";
+      echo '';
+      echo '  location / {'; } >> $mailpile_nginx_site
     function_check nginx_limits
     nginx_limits $MAILPILE_DOMAIN_NAME '15m'
-    echo '    rewrite /(.*) /$1 break;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
-    echo '    proxy_set_header Host $http_host;' >> $mailpile_nginx_site
-    echo '    proxy_set_header X-NginX-Proxy true;' >> $mailpile_nginx_site
-    echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
-    echo '    proxy_redirect off;' >> $mailpile_nginx_site
-    echo '  }' >> $mailpile_nginx_site
-    echo '}' >> $mailpile_nginx_site
+    { echo "    rewrite /(.*) /\$1 break;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$http_host;";
+      echo '    proxy_set_header X-NginX-Proxy true;';
+      echo "    proxy_pass http://localhost:${MAILPILE_PORT};";
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '}'; } >> $mailpile_nginx_site
 
     function_check create_site_certificate
     if [ ! -f /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem ]; then
@@ -322,7 +322,7 @@ function install_mailpile {
     function_check nginx_ensite
     nginx_ensite $MAILPILE_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a mailpile -p "*"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mailpile -p "*"
 
     function_check add_ddns_domain
     add_ddns_domain $MAILPILE_DOMAIN_NAME
@@ -336,7 +336,7 @@ function install_mailpile {
     if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg ]; then
         mv /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg_orig
     fi
-    cp -r /home/$MY_USERNAME/.gnupg /var/www/$MAILPILE_DOMAIN_NAME/mail/
+    cp -r "/home/$MY_USERNAME/.gnupg" "/var/www/$MAILPILE_DOMAIN_NAME/mail/"
     chown -R mailpile:mailpile /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
     chmod +x /var/www/$MAILPILE_DOMAIN_NAME/mail/.gnupg
 
@@ -348,8 +348,8 @@ function install_mailpile {
     sed -i 's|ssl =.*|ssl = no|g' /etc/dovecot/conf.d/10-ssl.conf
 
     # set ssl certs, just in case we want to use them later
-    if [[ $ONION_ONLY == "no" ]]; then
-        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
             sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
             sed -i "s|ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
             sed -i "s|#ssl_key =.*|ssl_key = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/dovecot/conf.d/10-ssl.conf
diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix
index 157bbd51..f53d39db 100755
--- a/src/freedombone-app-matrix
+++ b/src/freedombone-app-matrix
@@ -71,21 +71,21 @@ function matrix_expire_old_posts {
     read_config_param MATRIX_PORT
 
     matrix_remove_posts=/usr/bin/matrix-remove
-    echo '#!/bin/bash' > $matrix_remove_posts
-    echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_posts
-    echo 'ROOM=$1' >> $matrix_remove_posts
-    echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_posts
-    echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'" >> $matrix_remove_posts
-    echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")" >> $matrix_remove_posts
-    echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_posts
-    echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")" >> $matrix_remove_posts
-    echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts
+    { echo '#!/bin/bash';
+      echo "cd $MATRIX_DATA_DIR";
+      echo "ROOM=\$1";
+      echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
+      echo "TIME='$MATRIX_EXPIRE_MONTHS months ago'";
+      echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC+0\" '\"\$TIME\")";
+      echo 'BUSY="pragma busy_timeout=20000"';
+      echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select event_id from events where type='m.room.message' and received_ts<'\$UNIX_TIMESTAMP' and room_id='\$ROOM' order by received_ts desc limit 1;\")";
+      echo "EVENT_ID=\$(echo \$BUFFER|awk '{print \$2}')";
 
-    echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_posts
-    echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_posts
+      echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
+      echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
 
-    echo 'set -x' >> $matrix_remove_posts
-    echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN" >> $matrix_remove_posts
+      echo 'set -x';
+      echo "curl -v -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/purge_history/'\$ROOM'/'\$EVENT_ID'?access_token='\$TOKEN"; } > $matrix_remove_posts
 
     chmod +x $matrix_remove_posts
 }
@@ -127,109 +127,109 @@ function logging_off_matrix {
 function matrix_nginx {
     matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $matrix_nginx_site
-        echo "  listen 0.0.0.0:443;" >> $matrix_nginx_site
-        echo "  server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Security' >> $matrix_nginx_site
+        { echo 'server {';
+          echo "  listen 0.0.0.0:443;";
+          echo "  server_name ${MATRIX_DOMAIN_NAME};";
+          echo '';
+          echo '  # Security'; } > $matrix_nginx_site
         function_check nginx_ssl
         nginx_ssl ${MATRIX_DOMAIN_NAME}
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Logs' >> $matrix_nginx_site
-        echo '  access_log /dev/null;' >> $matrix_nginx_site
-        echo '  error_log /dev/null;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Index' >> $matrix_nginx_site
-        echo '  index index.html;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  location /_matrix {' >> $matrix_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  root /var/lib/matrix/media_store;';
+          echo '';
+          echo '  # Index';
+          echo '  index index.html;';
+          echo '';
+          echo '  location /_matrix {'; } >> $matrix_nginx_site
         function_check nginx_limits
         nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-        echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-        echo '  }' >> $matrix_nginx_site
-        echo '}' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo 'server {' >> $matrix_nginx_site
-        echo "  listen 0.0.0.0:${MATRIX_HTTP_PORT};" >> $matrix_nginx_site
-        echo "  server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Security' >> $matrix_nginx_site
+        { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+          echo '  }';
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo "  listen 0.0.0.0:${MATRIX_HTTP_PORT};";
+          echo "  server_name ${MATRIX_DOMAIN_NAME};";
+          echo '';
+          echo '  # Security'; } >> $matrix_nginx_site
         function_check nginx_ssl
         nginx_ssl ${MATRIX_DOMAIN_NAME}
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Logs' >> $matrix_nginx_site
-        echo '  access_log /dev/null;' >> $matrix_nginx_site
-        echo '  error_log /dev/null;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Index' >> $matrix_nginx_site
-        echo '  index index.html;' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
-        echo '  # Location' >> $matrix_nginx_site
-        echo '  location /_matrix {' >> $matrix_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  root /var/lib/matrix/media_store;';
+          echo '';
+          echo '  # Index';
+          echo '  index index.html;';
+          echo '';
+          echo '  # Location';
+          echo '  location /_matrix {'; } >> $matrix_nginx_site
         function_check nginx_limits
         nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-        echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-        echo '  }' >> $matrix_nginx_site
-        echo '}' >> $matrix_nginx_site
-        echo '' >> $matrix_nginx_site
+        { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+          echo '  }';
+          echo '}';
+          echo ''; } >> $matrix_nginx_site
     else
         echo -n '' > $matrix_nginx_site
     fi
-    echo 'server {' >> $matrix_nginx_site
-    echo "    listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;" >> $matrix_nginx_site
-    echo "    server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;";
+      echo "    server_name $MATRIX_DOMAIN_NAME;";
+      echo ''; } >> $matrix_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $MATRIX_DOMAIN_NAME
-    echo '' >> $matrix_nginx_site
-    echo '  # Logs' >> $matrix_nginx_site
-    echo '  access_log /dev/null;' >> $matrix_nginx_site
-    echo '  error_log /dev/null;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  # Location' >> $matrix_nginx_site
-    echo '  location /_matrix {' >> $matrix_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /var/lib/matrix/media_store;';
+      echo '';
+      echo '  # Location';
+      echo '  location /_matrix {'; } >> $matrix_nginx_site
     function_check nginx_limits
     nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-    echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-    echo '  }' >> $matrix_nginx_site
-    echo '}' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo 'server {' >> $matrix_nginx_site
-    echo "    listen 127.0.0.1:$MATRIX_ONION_PORT default_server;" >> $matrix_nginx_site
-    echo "    server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
+    { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+      echo '  }';
+      echo '}';
+      echo '';
+      echo 'server {';
+      echo "    listen 127.0.0.1:$MATRIX_ONION_PORT default_server;";
+      echo "    server_name $MATRIX_DOMAIN_NAME;";
+      echo ''; } >> $matrix_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $MATRIX_DOMAIN_NAME
-    echo '' >> $matrix_nginx_site
-    echo '  # Logs' >> $matrix_nginx_site
-    echo '  access_log /dev/null;' >> $matrix_nginx_site
-    echo '  error_log /dev/null;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  root /var/lib/matrix/media_store;' >> $matrix_nginx_site
-    echo '' >> $matrix_nginx_site
-    echo '  # Location' >> $matrix_nginx_site
-    echo '  location /_matrix {' >> $matrix_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /var/lib/matrix/media_store;';
+      echo '';
+      echo '  # Location';
+      echo '  location /_matrix {'; } >> $matrix_nginx_site
     function_check nginx_limits
     nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
-    echo "    proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
-    echo '  }' >> $matrix_nginx_site
-    echo '}' >> $matrix_nginx_site
+    { echo "    proxy_pass http://localhost:${MATRIX_PORT};";
+      echo '  }';
+      echo '}'; } >> $matrix_nginx_site
 
     if [ ! -d /var/www/$MATRIX_DOMAIN_NAME ]; then
         mkdir -p /var/www/$MATRIX_DOMAIN_NAME/htdocs
@@ -242,7 +242,7 @@ function matrix_nginx {
 function matrix_generate_homeserver_file {
     local filepath="${1}"
 
-    cd /etc/matrix
+    cd /etc/matrix || exit 468246824
     python -m synapse.app.homeserver \
            --config-path "${filepath}" \
            --generate-config \
@@ -251,10 +251,10 @@ function matrix_generate_homeserver_file {
 }
 
 function matrix_configure_homeserver_yaml {
-    local turnkey="${1}"
-    local filepath="${2}"
+    turnkey="${1}"
+    filepath="${2}"
 
-    local ymltemp="$(mktemp)"
+    ymltemp="$(mktemp)"
 
     awk -v TURNURIES="turn_uris: [\"turn:${MATRIX_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=tcp\"]" \
         -v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
@@ -272,7 +272,7 @@ function matrix_configure_homeserver_yaml {
         print;
         }' "${filepath}" > "${ymltemp}"
 
-    mv ${ymltemp} "${filepath}"
+    mv "${ymltemp}" "${filepath}"
 
     if [[ $ONION_ONLY == "no" ]]; then
         sed -i "s|tls_certificate_path:.*|tls_certificate_path: \"/etc/ssl/certs/${MATRIX_DOMAIN_NAME}.pem\"|g" "${filepath}"
@@ -307,9 +307,10 @@ function matrix_diff {
     REPORT_STATS="${REPORT_STATS:-no_or_yes}"
     export MATRIX_DOMAIN_NAME REPORT_STATS
 
-    matrix_generate_synapse_file $INSTALL_DIR/homeserver.synapse.yaml
-    diff -${DIFFPARAMS} $INSTALL_DIR/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml
-    rm $INSTALL_DIR/homeserver.synapse.yaml
+    matrix_generate_synapse_file "$INSTALL_DIR/homeserver.synapse.yaml"
+    # shellcheck disable=SC2086
+    diff -${DIFFPARAMS} "$INSTALL_DIR/homeserver.synapse.yaml" "${MATRIX_DATA_DIR}/homeserver.yaml"
+    rm "$INSTALL_DIR/homeserver.synapse.yaml"
 }
 
 function matrix_generate {
@@ -334,15 +335,15 @@ function create_matrix_user_removal_script {
     read_config_param MATRIX_DOMAIN_NAME
 
     matrix_remove_user=/usr/bin/matrix-remove-user
-    echo '#!/bin/bash' > $matrix_remove_user
-    echo "cd $MATRIX_DATA_DIR" >> $matrix_remove_user
-    echo 'remove_username=$1' >> $matrix_remove_user
-    echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"" >> $matrix_remove_user
-    echo 'BUSY="pragma busy_timeout=20000"' >> $matrix_remove_user
-    echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")" >> $matrix_remove_user
-    echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')" >> $matrix_remove_user
-    echo 'set -x' >> $matrix_remove_user
-    echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'" >> $matrix_remove_user
+    { echo '#!/bin/bash';
+      echo "cd $MATRIX_DATA_DIR";
+      echo "remove_username=\$1";
+      echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
+      echo 'BUSY="pragma busy_timeout=20000"';
+      echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
+      echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
+      echo 'set -x';
+      echo "curl -X POST 'https://$MATRIX_DOMAIN_NAME/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$MATRIX_DOMAIN_NAME?access_token=\$TOKEN' --data '{}'"; } > $matrix_remove_user
 
     chmod +x $matrix_remove_user
 }
@@ -351,7 +352,7 @@ function remove_user_matrix {
     remove_username="$1"
 
     create_matrix_user_removal_script
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp matrix
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp matrix
     $matrix_remove_user "$remove_username"
 }
 
@@ -362,7 +363,7 @@ function add_user_matrix {
     read_config_param MY_USERNAME
     read_config_param MATRIX_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $new_username -a matrix -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a matrix -p "$new_user_password"
 
     if [[ "$new_username" != "$MY_USERNAME" ]]; then
         echo 'no' | register_new_matrix_user -c ${MATRIX_DATA_DIR}/homeserver.yaml -u "${new_username}" -p "${new_user_password}" http://localhost:${MATRIX_PORT}
@@ -373,7 +374,7 @@ function add_user_matrix {
 }
 
 function install_interactive_matrix {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -393,7 +394,7 @@ function install_interactive_matrix {
 }
 
 function change_password_matrix {
-    curr_username="$1"
+    #curr_username="$1"
     new_user_password="$2"
 
     #${PROJECT_NAME}-pass -u "$curr_username" -a matrix -p "$new_user_password"
@@ -418,7 +419,7 @@ function upgrade_matrix {
 
     function_check set_repo_commit
     set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
-    cd /etc/matrix
+    cd /etc/matrix || exit 62476724
     pip install --upgrade --process-dependency-links .
 
     sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
@@ -467,6 +468,7 @@ function restore_local_matrix {
         else
             cp -r $temp_restore_dir/* /etc/matrix/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -482,6 +484,7 @@ function restore_local_matrix {
         else
             cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -490,7 +493,7 @@ function restore_local_matrix {
         rm -rf $temp_restore_dir
         chown -R matrix:matrix $MATRIX_DATA_DIR
 
-        if [[ $ONION_ONLY == "no" ]]; then
+        if [[ "$ONION_ONLY" == "no" ]]; then
             if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
                 chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
             fi
@@ -532,6 +535,7 @@ function restore_remote_matrix {
         else
             cp -r $temp_restore_dir/* /etc/matrix/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 38935
         fi
@@ -545,6 +549,7 @@ function restore_remote_matrix {
         else
             cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 60923
         fi
@@ -581,7 +586,7 @@ function remove_matrix {
     fi
     systemctl daemon-reload
     apt-get -y remove --purge coturn
-    cd /etc/matrix
+    cd /etc/matrix || exit 26472462
     pip uninstall .
     rm -rf $MATRIX_DATA_DIR
     rm -rf /etc/matrix
@@ -596,7 +601,7 @@ function remove_matrix {
     systemctl restart nginx
 
     remove_completion_param install_matrix
-    sed -i '/matrix/d' $COMPLETION_FILE
+    sed -i '/matrix/d' "$COMPLETION_FILE"
 
     rm /etc/avahi/services/matrix.service
     systemctl restart avahi-daemon
@@ -608,7 +613,7 @@ function install_home_server {
         if [ -d /repos/matrix ]; then
             mkdir /etc/matrix
             cp -r -p /repos/matrix/. /etc/matrix
-            cd /etc/matrix
+            cd /etc/matrix || exit 2324962946
             git pull
         else
             function_check git_clone
@@ -621,18 +626,17 @@ function install_home_server {
         fi
     fi
 
-    cd /etc/matrix
+    cd /etc/matrix || exit 7385452724
     git checkout $MATRIX_COMMIT -b $MATRIX_COMMIT
     set_completion_param "matrix commit" "$MATRIX_COMMIT"
-    if [ ! -d $INSTALL_DIR/matrix ]; then
-        mkdir -p $INSTALL_DIR/matrix
+    if [ ! -d "$INSTALL_DIR/matrix" ]; then
+        mkdir -p "$INSTALL_DIR/matrix"
     fi
     rm -rf /usr/local/lib/python2.7/dist-packages/ldap*
-    if [ -d $INSTALL_DIR/matrix ]; then
-        rm -rf $INSTALL_DIR/matrix/*
+    if [ -d "$INSTALL_DIR/matrix" ]; then
+        rm -rf "$INSTALL_DIR/matrix/*"
     fi
-    pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/matrix
-    if [ ! "$?" = "0" ]; then
+    if ! pip install --upgrade --process-dependency-links . -b "$INSTALL_DIR/matrix"; then
         echo $'Failed to install matrix home server'
         exit 782542
     fi
@@ -653,11 +657,6 @@ function install_home_server {
     function_check matrix_generate
     matrix_generate
 
-    if [[ -z ${MATRIX_DATA_DIR}/homeserver.yaml ]]; then
-        echo $'homeserver.yaml is zero size'
-        exit 783724
-    fi
-
     # Disable the web client
     sed -i 's|web_client:.*|web_client: False|g' $MATRIX_DATA_DIR/homeserver.yaml
     sed -i 's|, webclient||g' $MATRIX_DATA_DIR/homeserver.yaml
@@ -669,20 +668,20 @@ function install_home_server {
 
     sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
 
-    echo '[Unit]' > /etc/systemd/system/matrix.service
-    echo 'Description=Synapse Matrix homeserver' >> /etc/systemd/system/matrix.service
-    echo 'After=network.target nginx.target' >> /etc/systemd/system/matrix.service
-    echo '' >> /etc/systemd/system/matrix.service
-    echo '[Service]' >> /etc/systemd/system/matrix.service
-    echo 'Type=simple' >> /etc/systemd/system/matrix.service
-    echo 'User=matrix' >> /etc/systemd/system/matrix.service
-    echo "WorkingDirectory=/etc/matrix" >> /etc/systemd/system/matrix.service
-    echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml" >> /etc/systemd/system/matrix.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/matrix.service
-    echo 'RestartSec=10' >> /etc/systemd/system/matrix.service
-    echo '' >> /etc/systemd/system/matrix.service
-    echo '[Install]' >> /etc/systemd/system/matrix.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/matrix.service
+    { echo '[Unit]';
+      echo 'Description=Synapse Matrix homeserver';
+      echo 'After=network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=matrix';
+      echo "WorkingDirectory=/etc/matrix";
+      echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/matrix.service
     systemctl enable matrix
     systemctl daemon-reload
     systemctl start matrix
@@ -701,18 +700,19 @@ function install_home_server {
     fi
     chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
 
-    cd $MATRIX_DATA_DIR
+    cd "$MATRIX_DATA_DIR" || exit 365856835
     sqlite3 homeserver.db "PRAGMA auto_vacuum = FULL;"
 
-    MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
+    #MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
+    add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}
     echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
     systemctl restart tor
 
-    if [ ! ${MATRIX_PASSWORD} ]; then
-        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-            MATRIX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "${MATRIX_PASSWORD}" ]; then
+        if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
+            MATRIX_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            MATRIX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            MATRIX_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -733,8 +733,8 @@ function install_matrix {
 
     check_ram_availability 1500
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     if [[ ${ONION_ONLY} == 'no' ]]; then
@@ -806,19 +806,19 @@ function install_matrix {
     set_completion_param "matrix domain" "$MATRIX_DOMAIN_NAME"
 
     # Add avahi services
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/matrix.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/matrix.service
-    echo '<service-group>' >> /etc/avahi/services/matrix.service
-    echo '  <name replace-wildcards="yes">%h MATRIX</name>' >> /etc/avahi/services/matrix.service
-    echo '  <service>' >> /etc/avahi/services/matrix.service
-    echo '    <type>_matrix._tcp</type>' >> /etc/avahi/services/matrix.service
-    echo "    <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service
-    echo '  </service>' >> /etc/avahi/services/matrix.service
-    echo '  <service>' >> /etc/avahi/services/matrix.service
-    echo '    <type>_matrix._udp</type>' >> /etc/avahi/services/matrix.service
-    echo "    <port>$MATRIX_HTTP_PORT</port>" >> /etc/avahi/services/matrix.service
-    echo '  </service>' >> /etc/avahi/services/matrix.service
-    echo '</service-group>' >> /etc/avahi/services/matrix.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h MATRIX</name>';
+      echo '  <service>';
+      echo '    <type>_matrix._tcp</type>';
+      echo "    <port>$MATRIX_HTTP_PORT</port>";
+      echo '  </service>';
+      echo '  <service>';
+      echo '    <type>_matrix._udp</type>';
+      echo "    <port>$MATRIX_HTTP_PORT</port>";
+      echo '  </service>';
+      echo '</service-group>'; } > /etc/avahi/services/matrix.service
 
     systemctl restart avahi-daemon
 

From fa8f96bfdb9de4b373bb53491a7da66cefb04f82 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Wed, 28 Feb 2018 23:17:49 +0000
Subject: [PATCH 18/67] Tidying

---
 src/freedombone-app-mediagoblin |  332 ++++-----
 src/freedombone-app-movim       |  410 +++++------
 src/freedombone-app-mumble      |   73 +-
 src/freedombone-app-nextcloud   |  459 ++++++------
 src/freedombone-app-peertube    |  655 +++++++++--------
 src/freedombone-app-pelican     |  550 +++++++-------
 src/freedombone-app-pihole      |  102 +--
 src/freedombone-app-pleroma     |  662 +++++++++--------
 src/freedombone-app-postactiv   |  551 +++++++-------
 src/freedombone-app-privatebin  |  314 ++++----
 src/freedombone-app-profanity   |  225 +++---
 src/freedombone-app-radicale    |  308 ++++----
 src/freedombone-app-riot        |  176 ++---
 src/freedombone-app-rss         |  388 +++++-----
 src/freedombone-app-scuttlebot  |  339 ++++-----
 src/freedombone-app-searx       | 1218 +++++++++++++++----------------
 16 files changed, 3392 insertions(+), 3370 deletions(-)

diff --git a/src/freedombone-app-mediagoblin b/src/freedombone-app-mediagoblin
index 47ac104c..fe6bf33d 100755
--- a/src/freedombone-app-mediagoblin
+++ b/src/freedombone-app-mediagoblin
@@ -71,7 +71,7 @@ function mediagoblin_fix_email {
     if ! grep -q 'import os' $mgfile; then
         sed -i '/import sys/a import os' $mgfile
     fi
-    sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
+    sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \\| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
 }
 
 function install_interactive_mediagoblin {
@@ -92,7 +92,7 @@ function configure_interactive_mediagoblin {
     dialog --title $"Mediagoblin" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nAllow registration of new users?" 10 60
+           --yesno $"\\nAllow registration of new users?" 10 60
     sel=$?
     case $sel in
         0)
@@ -139,7 +139,7 @@ function reconfigure_mediagoblin {
 }
 
 function upgrade_mediagoblin {
-    CURR_MEDIAGOBLIN_COMMIT=$(cat $COMPLETION_FILE | grep "mediagoblin commit" | awk -F ':' '{print $2}')
+    CURR_MEDIAGOBLIN_COMMIT=$(grep "mediagoblin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_MEDIAGOBLIN_COMMIT" != "$MEDIAGOBLIN_COMMIT" ]]; then
         MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
         su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && git stash && git pull" - mediagoblin
@@ -182,6 +182,7 @@ function restore_local_mediagoblin {
         else
             cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check restore_directory_from_usb
             set_user_permissions
@@ -195,6 +196,7 @@ function restore_local_mediagoblin {
         else
             cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check set_user_permissions
             set_user_permissions
@@ -214,24 +216,25 @@ function backup_remote_mediagoblin {
     MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
     if [ -d /etc/mediagoblin ]; then
         echo $"Backing up mediagoblin"
-        backup_directory_to_friend $MEDIAGOBLIN_BASE_DIR mediagoblin
+        backup_directory_to_friend "$MEDIAGOBLIN_BASE_DIR" mediagoblin
         backup_directory_to_friend /var/lib/mediagoblin mediagoblindata
     fi
 }
 
 function restore_remote_mediagoblin {
     MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
-    if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/mediagoblin" ]; then
         temp_restore_dir=/root/tempmediagoblin
         function_check get_completion_param
         MEDIAGOBLIN_DOMAIN_NAME=$(get_completion_param "mediagoblin domain")
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir mediagoblin
-        if [ -d ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR ]; then
-            cp -r ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/* $MEDIAGOBLIN_BASE_DIR/
+        if [ -d "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR" ]; then
+            cp -r "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/*" "$MEDIAGOBLIN_BASE_DIR/"
         else
-            cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/
+            cp -r "${temp_restore_dir}/*" "$MEDIAGOBLIN_BASE_DIR/"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 264824
         fi
@@ -241,12 +244,13 @@ function restore_remote_mediagoblin {
         else
             cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 268492
         fi
         rm -rf ${temp_restore_dir}
         rm -rf ${temp_restore_dir}2
-        chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
+        chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
         chown -hR mediagoblin:www-data /var/lib/mediagoblin
         chmod -R g+wx /var/lib/mediagoblin
     fi
@@ -264,17 +268,17 @@ function remove_mediagoblin {
 
     function_check remove_onion_service
     remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT}
-    nginx_dissite $MEDIAGOBLIN_DOMAIN_NAME
-    remove_certs $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_dissite "$MEDIAGOBLIN_DOMAIN_NAME"
+    remove_certs "$MEDIAGOBLIN_DOMAIN_NAME"
     if [ -d /var/lib/mediagoblin ]; then
         rm -rf /var/lib/mediagoblin
     fi
-    if [ -d $MEDIAGOBLIN_BASE_DIR ]; then
-        rm -rf $MEDIAGOBLIN_BASE_DIR
+    if [ -d "$MEDIAGOBLIN_BASE_DIR" ]; then
+        rm -rf "$MEDIAGOBLIN_BASE_DIR"
     fi
     remove_completion_param "install_mediagoblin"
     remove_completion_param "mediagoblin domain"
-    sed -i '/mediagoblin/d' $COMPLETION_FILE
+    sed -i '/mediagoblin/d' "$COMPLETION_FILE"
 
     remove_nodejs mediagoblin
 
@@ -282,11 +286,11 @@ function remove_mediagoblin {
     userdel -r mediagoblin
 
     function_check remove_ddns_domain
-    remove_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+    remove_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"
 }
 
 function install_mediagoblin {
-    if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
+    if [ ! "$MEDIAGOBLIN_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -304,17 +308,17 @@ function install_mediagoblin {
     useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
     usermod --append -G mediagoblin mediagoblin
     mkdir -p /var/lib/mediagoblin
-    mkdir -p $MEDIAGOBLIN_BASE_DIR
-    chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
+    mkdir -p "$MEDIAGOBLIN_BASE_DIR"
+    chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
     chown -hR mediagoblin:www-data /var/lib/mediagoblin
     chmod -R g+wx /var/lib/mediagoblin
 
     if [ -d /repos/mediagoblin ]; then
-        mkdir -p $MEDIAGOBLIN_BASE_DIR/mediagoblin
-        cp -r -p /repos/mediagoblin/. $MEDIAGOBLIN_BASE_DIR/mediagoblin
-        cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        mkdir -p "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
+        cp -r -p /repos/mediagoblin/. "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
+        cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 347593563
         git pull
-        chown -R mediagoblin:mediagoblin $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        chown -R mediagoblin:mediagoblin "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
     else
         su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
     fi
@@ -340,7 +344,7 @@ function install_mediagoblin {
             gstreamer1.0-plugins-ugly \
             gstreamer1.0-libav \
             python-gst-1.0 python3-gst-1.0
-    cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
+    cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 76345672472
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.video]]' | tee -a mediagoblin_local.ini" - mediagoblin
 
     # Audio plugin
@@ -349,14 +353,14 @@ function install_mediagoblin {
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.audio]]' | tee -a mediagoblin_local.ini" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && bin/pip install scikits.audiolab" - mediagoblin
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MEDIAGOBLIN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MEDIAGOBLIN_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $MEDIAGOBLIN_ADMIN_PASSWORD ]; then
-            MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MEDIAGOBLIN_ADMIN_PASSWORD" ]; then
+            MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD"
 
     MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
     set_completion_param "mediagoblin domain" "${MEDIAGOBLIN_DOMAIN_NAME}"
@@ -365,157 +369,157 @@ function install_mediagoblin {
 
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    default_type  application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        nginx_http_redirect "$MEDIAGOBLIN_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo '    include /etc/nginx/mime.types;';
+          echo '';
+          echo '    autoindex off;';
+          echo '    default_type  application/octet-stream;';
+          echo '    sendfile on;';
+          echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_ssl
-        nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
+        nginx_ssl "$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+        nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
         function_check nginx_limits
-        nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "    server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
+        { echo '';
+          echo '    client_header_timeout 10m;';
+          echo '    client_body_timeout 10m;';
+          echo '    send_timeout 10m;';
+          echo '';
+          echo '    fastcgi_read_timeout 600;';
+          echo '    fastcgi_send_timeout 600;';
+          echo '';
+          echo '    gzip on;';
+          echo '    gzip_min_length 1024;';
+          echo '    gzip_buffers 4 32k;';
+          echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
+          echo '';
+          echo "    server_name $MEDIAGOBLIN_DOMAIN_NAME;";
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
 
-        echo '    location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+          echo '    location /mgoblin_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
+          echo '    }';
+          echo '';
+          echo '    location /mgoblin_media/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
+          echo '    }';
+          echo '';
+          echo '    location /theme_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
+          echo '    }';
+          echo '';
+          echo '    location /plugin_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
+          echo '    }';
+          echo '';
+          echo '    location / {';
+          echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
+          echo '        include /etc/nginx/fastcgi_params;';
+          echo "        fastcgi_param PATH_INFO \$fastcgi_script_name;";
+          echo '        fastcgi_param SCRIPT_NAME "";';
+          echo '        fastcgi_read_timeout 30;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
     else
-        echo -n '' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
     fi
-    echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    default_type  application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;";
+      echo '    include /etc/nginx/mime.types;';
+      echo '';
+      echo '    autoindex off;';
+      echo '    default_type  application/octet-stream;';
+      echo '    sendfile on;';
+      echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
+    { echo '';
+      echo '    client_header_timeout 10m;';
+      echo '    client_body_timeout 10m;';
+      echo '    send_timeout 10m;';
+      echo '';
+      echo '    fastcgi_read_timeout 600;';
+      echo '    fastcgi_send_timeout 600;';
+      echo '';
+      echo '    gzip on;';
+      echo '    gzip_min_length 1024;';
+      echo '    gzip_buffers 4 32k;';
+      echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
+      echo '';
+      echo "    server_name $MEDIAGOBLIN_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';
 
-    echo '    location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+      echo '    location /mgoblin_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
+      echo '    }';
+      echo '';
+      echo '    location /mgoblin_media/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
+      echo '    }';
+      echo '';
+      echo '    location /theme_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
+      echo '    }';
+      echo '';
+      echo '    location /plugin_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
+      echo '    }';
+      echo '';
+      echo '    location / {';
+      echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
+      echo '        include /etc/nginx/fastcgi_params;';
+      echo "        fastcgi_param PATH_INFO \$fastcgi_script_name;";
+      echo '        fastcgi_param SCRIPT_NAME "";';
+      echo '        fastcgi_read_timeout 30;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
 
-    echo '[Unit]' > /etc/systemd/system/mediagoblin.service
-    echo 'Description=Media service' >> /etc/systemd/system/mediagoblin.service
-    echo 'Requires=network.target' >> /etc/systemd/system/mediagoblin.service
-    echo 'After=network.target' >> /etc/systemd/system/mediagoblin.service
-    echo '' >> /etc/systemd/system/mediagoblin.service
-    echo '[Service]' >> /etc/systemd/system/mediagoblin.service
-    echo 'Type=simple' >> /etc/systemd/system/mediagoblin.service
-    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin.service
-    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin.service
-    echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/" >> /etc/systemd/system/mediagoblin.service
-    echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT" >> /etc/systemd/system/mediagoblin.service
-    echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true" >> /etc/systemd/system/mediagoblin.service
-    echo 'Restart=always' >> /etc/systemd/system/mediagoblin.service
-    echo 'RestartSec=10' >> /etc/systemd/system/mediagoblin.service
-    echo '' >> /etc/systemd/system/mediagoblin.service
-    echo '[Install]' >> /etc/systemd/system/mediagoblin.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin.service
+    { echo '[Unit]';
+      echo 'Description=Media service';
+      echo 'Requires=network.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=mediagoblin';
+      echo 'Group=mediagoblin';
+      echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/";
+      echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT";
+      echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mediagoblin.service
     chmod +x /etc/systemd/system/mediagoblin.service
 
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg dbupdate" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg adduser --username $MY_USERNAME --password $MY_USERNAME $MEDIAGOBLIN_ADMIN_PASSWORD" - mediagoblin
     su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg makeadmin $MY_USERNAME" - mediagoblin
 
-    sed -i 's|email_debug_mode.*|email_debug_mode = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-    sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    sed -i 's|email_debug_mode.*|email_debug_mode = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
+    sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
 
-    sed -i 's|allow_reporting.*|allow_reporting = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    sed -i 's|allow_reporting.*|allow_reporting = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
 
-    if ! grep -q '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
-        echo '[[[skip_transcode]]]' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'container_formats = Matroska, Ogg, ISO MP4/M4A' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'audio_codecs = Vorbis, MPEG-4 AAC' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'dimensions_match = false' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    if ! grep -q '[[[skip_transcode]]]' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"; then
+        { echo '[[[skip_transcode]]]';
+          echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex';
+          echo 'container_formats = Matroska, Ogg, ISO MP4/M4A';
+          echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video';
+          echo 'audio_codecs = Vorbis, MPEG-4 AAC';
+          echo 'dimensions_match = false'; } >> "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
     fi
 
     systemctl enable mediagoblin
@@ -529,18 +533,18 @@ function install_mediagoblin {
     fi
 
     function_check create_site_certificate
-    create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME 'yes'
+    create_site_certificate "$MEDIAGOBLIN_DOMAIN_NAME" 'yes'
 
     function_check configure_php
     configure_php
 
-    nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_ensite "$MEDIAGOBLIN_DOMAIN_NAME"
 
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
     function_check add_ddns_domain
-    add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+    add_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"
 
     chown -hR mediagoblin:www-data /var/lib/mediagoblin
     chmod -R g+wx /var/lib/mediagoblin
diff --git a/src/freedombone-app-movim b/src/freedombone-app-movim
index 50dcb543..ee01d9ca 100755
--- a/src/freedombone-app-movim
+++ b/src/freedombone-app-movim
@@ -58,19 +58,19 @@ function logging_off_movim {
 function remove_user_movim {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp movim
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp movim
 }
 
 function add_user_movim {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a movim -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a movim -p "$new_user_password"
     echo '0'
 }
 
 function install_interactive_movim {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -80,39 +80,38 @@ function install_interactive_movim {
         MOVIM_DETAILS_COMPLETE=
         while [ ! $MOVIM_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Movim Configuration" \
-                       --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
+                       --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
                        $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'MOVIM_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Movim Configuration" \
-                       --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
+                       --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
                        $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
                 1) exit 1;;
                 255) exit 1;;
             esac
-            MOVIM_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $MOVIM_DOMAIN_NAME ]; then
+            MOVIM_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$MOVIM_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$MOVIM_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $MOVIM_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$MOVIM_DOMAIN_NAME" ]]; then
                     MOVIM_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        MOVIM_CODE=$(cat $data | sed -n 2p)
+                        MOVIM_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$MOVIM_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             MOVIM_DOMAIN_NAME=
                         fi
                     fi
@@ -121,6 +120,7 @@ function install_interactive_movim {
             if [ $MOVIM_DOMAIN_NAME ]; then
                 MOVIM_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -136,23 +136,23 @@ function change_password_movim {
 
     read_config_param 'MOVIM_DOMAIN_NAME'
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a movim -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a movim -p "$new_user_password"
 }
 
 function movim_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MOVIM_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MOVIM_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $MOVIM_ADMIN_PASSWORD ]; then
-            MOVIM_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
+            MOVIM_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $MOVIM_ADMIN_PASSWORD ]; then
+    if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database movim "$MOVIM_ADMIN_PASSWORD" $MY_USERNAME
+    create_database movim "$MOVIM_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_movim {
@@ -165,35 +165,35 @@ function upgrade_movim {
         return
     fi
 
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$MOVIM_DOMAIN_NAME/htdocs "movim commit" "$MOVIM_COMMIT" $MOVIM_REPO
+    set_repo_commit "/var/www/$MOVIM_DOMAIN_NAME/htdocs" "movim commit" "$MOVIM_COMMIT" "$MOVIM_REPO"
 
-    cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+    cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 6734824522
     php composer.phar install
     php mud.php db --set
-    chown -R www-data:www-data /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
 }
 
 
 function backup_local_movim {
     MOVIM_DOMAIN_NAME='movim'
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
     fi
 
-    source_directory=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
         dest_directory=movim
         function_check suspend_site
-        suspend_site ${MOVIM_DOMAIN_NAME}
+        suspend_site "${MOVIM_DOMAIN_NAME}"
 
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb movim
@@ -204,28 +204,28 @@ function backup_local_movim {
 }
 
 function restore_local_movim {
-    if ! grep -q "movim domain" $COMPLETION_FILE; then
+    if ! grep -q "movim domain" "$COMPLETION_FILE"; then
         return
     fi
     MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
-    if [ $MOVIM_DOMAIN_NAME ]; then
+    if [ "$MOVIM_DOMAIN_NAME" ]; then
         echo $"Restoring movim"
         temp_restore_dir=/root/tempmovim
         movim_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd $movim_dir
+        cd "$movim_dir" || exit 7856724252
         su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
 
         function_check movim_create_database
         movim_create_database
 
-        restore_database movim ${MOVIM_DOMAIN_NAME}
+        restore_database movim "${MOVIM_DOMAIN_NAME}"
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 2468724682
         sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
         MARIADB_PASSWORD=
 
@@ -234,18 +234,18 @@ function restore_local_movim {
 }
 
 function backup_remote_movim {
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
         temp_backup_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             function_check suspend_site
-            suspend_site ${MOVIM_DOMAIN_NAME}
+            suspend_site "${MOVIM_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend movim
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir movim
+            backup_directory_to_friend "$temp_backup_dir" movim
 
             function_check restart_site
             restart_site
@@ -256,25 +256,25 @@ function backup_remote_movim {
 }
 
 function restore_remote_movim {
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
         echo $"Restoring movim"
         MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
 
         # stop the daemons
-        cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+        cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 524792846827
         su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data
 
         function_check movim_create_database
         movim_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend movim ${MOVIM_DOMAIN_NAME}
+        restore_database_from_friend movim "${MOVIM_DOMAIN_NAME}"
         if [ -d /root/tempmovim ]; then
             rm -rf /root/tempmovim
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 4242462487
         sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
         MARIADB_PASSWORD=
 
@@ -298,14 +298,14 @@ function remove_movim {
 
     read_config_param "MY_USERNAME"
     echo "Removing $MOVIM_DOMAIN_NAME"
-    nginx_dissite $MOVIM_DOMAIN_NAME
-    remove_certs $MOVIM_DOMAIN_NAME
+    nginx_dissite "$MOVIM_DOMAIN_NAME"
+    remove_certs "$MOVIM_DOMAIN_NAME"
 
-    if [ -d /var/www/$MOVIM_DOMAIN_NAME ]; then
-        rm -rf /var/www/$MOVIM_DOMAIN_NAME
+    if [ -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$MOVIM_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database movim
@@ -316,15 +316,15 @@ function remove_movim {
     fi
     remove_app movim
     remove_completion_param install_movim
-    sed -i '/movim/d' $COMPLETION_FILE
+    sed -i '/movim/d' "$COMPLETION_FILE"
     remove_backup_database_local movim
 
     function_check remove_ddns_domain
-    remove_ddns_domain $MOVIM_DOMAIN_NAME
+    remove_ddns_domain "$MOVIM_DOMAIN_NAME"
 }
 
 function install_movim {
-    if [ ! $MOVIM_DOMAIN_NAME ]; then
+    if [ ! "$MOVIM_DOMAIN_NAME" ]; then
         echo $'No domain name was given for movim'
         exit 72572
     fi
@@ -333,7 +333,7 @@ function install_movim {
         return
     fi
 
-    movim_hourly_script movim $MOVIM_DOMAIN_NAME
+    movim_hourly_script movim "$MOVIM_DOMAIN_NAME"
 
     function_check install_mariadb
     install_mariadb
@@ -347,221 +347,221 @@ function install_movim {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl
 
-    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME ]; then
-        mkdir /var/www/$MOVIM_DOMAIN_NAME
+    if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$MOVIM_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/movim ]; then
-            mkdir /var/www/$MOVIM_DOMAIN_NAME/htdocs
-            cp -r -p /repos/movim/. /var/www/$MOVIM_DOMAIN_NAME/htdocs
-            cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/movim/. "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+            cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 3768568325
             git pull
         else
             function_check git_clone
-            git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            git_clone "$MOVIM_REPO" "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone movim repo'
             exit 76285
         fi
     fi
 
-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 7345247242
     git checkout $MOVIM_COMMIT -b $MOVIM_COMMIT
     set_completion_param "movim commit" "$MOVIM_COMMIT"
 
     # default login
-    if [ ! -f /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php ]; then
+    if [ ! -f "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php" ]; then
         echo $'Unable to find Config.php'
         exit 72352
     fi
-    sed -i "s|'admin'|'${MY_USERNAME}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php
-    sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php
+    sed -i "s|'admin'|'${MY_USERNAME}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"
+    sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"
 
     # Fix typo
     sed -i 's|weksocket|websocket|g' app/widgets/AdminTest/admintest.js
 
-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 784368245224
     install_composer
 
-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 6428764224
     cp db.example.inc.php db.inc.php
     sed -i "s|'username'.*|'username'    => 'root',|g" db.inc.php
     sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
     sed -i "s|'database'.*|'database'    => 'movim'|g" db.inc.php
     php mud.php db --set
 
-    chmod u+rwx /var/www/$MOVIM_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    chmod u+rwx "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
 
     function_check movim_create_database
     movim_create_database
 
     function_check add_ddns_domain
-    add_ddns_domain $MOVIM_DOMAIN_NAME
+    add_ddns_domain "$MOVIM_DOMAIN_NAME"
 
     MOVIM_ONION_HOSTNAME=$(add_onion_service movim 80 ${MOVIM_ONION_PORT})
 
-    echo '[Unit]' > /etc/systemd/system/movim.service
-    echo 'Description=Movim daemon' >> /etc/systemd/system/movim.service
-    echo 'After=network.target nginx.target' >> /etc/systemd/system/movim.service
-    echo '' >> /etc/systemd/system/movim.service
-    echo '[Service]' >> /etc/systemd/system/movim.service
-    echo 'Type=simple' >> /etc/systemd/system/movim.service
-    echo 'User=www-data' >> /etc/systemd/system/movim.service
-    echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs" >> /etc/systemd/system/movim.service
+    { echo '[Unit]';
+      echo 'Description=Movim daemon';
+      echo 'After=network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs"; } > /etc/systemd/system/movim.service
     if [[ $ONION_ONLY == 'no' ]]; then
         echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=https://$MOVIM_DOMAIN_NAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
     else
         echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=http://$MOVIM_ONION_HOSTNAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
     fi
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/movim.service
-    echo 'SyslogIdentifier=movim' >> /etc/systemd/system/movim.service
-    echo 'PIDFile=/run/movim.pid' >> /etc/systemd/system/movim.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/movim.service
-    echo 'RestartSec=10' >> /etc/systemd/system/movim.service
-    echo '' >> /etc/systemd/system/movim.service
-    echo '[Install]' >> /etc/systemd/system/movim.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/movim.service
+    { echo 'StandardOutput=syslog';
+      echo 'SyslogIdentifier=movim';
+      echo 'PIDFile=/run/movim.pid';
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/movim.service
     systemctl enable movim
     systemctl daemon-reload
 
     movim_nginx_site=/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $MOVIM_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $movim_nginx_site
-        echo '  listen 443 ssl;' >> $movim_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $movim_nginx_site
-        echo "  server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
+        nginx_http_redirect "$MOVIM_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $MOVIM_DOMAIN_NAME;";
+          echo ''; } >> "$movim_nginx_site"
         function_check nginx_compress
-        nginx_compress $MOVIM_DOMAIN_NAME
-        echo '' >> $movim_nginx_site
-        echo '  # Security' >> $movim_nginx_site
+        nginx_compress "$MOVIM_DOMAIN_NAME"
+        echo '' >> "$movim_nginx_site"
+        echo '  # Security' >> "$movim_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $MOVIM_DOMAIN_NAME
+        nginx_ssl "$MOVIM_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $MOVIM_DOMAIN_NAME
+        nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Logs' >> $movim_nginx_site
-        echo '  access_log /dev/null;' >> $movim_nginx_site
-        echo '  error_log /dev/null;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Root' >> $movim_nginx_site
-        echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Index' >> $movim_nginx_site
-        echo '  index index.php;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # PHP' >> $movim_nginx_site
-        echo '  location ~ \.php {' >> $movim_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Location' >> $movim_nginx_site
-        echo '  location / {' >> $movim_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$movim_nginx_site"
         function_check nginx_limits
-        nginx_limits $MOVIM_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @movim;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  location /ws/ {' >> $movim_nginx_site
-        echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site
-        echo '    proxy_http_version 1.1;' >> $movim_nginx_site
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site
-        echo '    proxy_set_header Connection "Upgrade";' >> $movim_nginx_site
-        echo '    proxy_set_header Host $host;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site
-        echo '    proxy_redirect off;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Fancy URLs' >> $movim_nginx_site
-        echo '  location @movim {' >> $movim_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $movim_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $movim_nginx_site
-        echo '    deny all;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '}' >> $movim_nginx_site
+        nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @movim;";
+          echo '  }';
+          echo '';
+          echo '  location /ws/ {';
+          echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection "Upgrade";';
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_set_header X-Forwarded-Proto https;';
+          echo '    proxy_redirect off;';
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @movim {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$movim_nginx_site"
     else
-        echo -n '' > $movim_nginx_site
+        echo -n '' > "$movim_nginx_site"
     fi
-    echo 'server {' >> $movim_nginx_site
-    echo "    listen 127.0.0.1:$MOVIM_ONION_PORT default_server;" >> $movim_nginx_site
-    echo "    server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MOVIM_ONION_PORT default_server;";
+      echo "    server_name $MOVIM_DOMAIN_NAME;";
+      echo ''; } >> "$movim_nginx_site"
     function_check nginx_compress
-    nginx_compress $MOVIM_DOMAIN_NAME
-    echo '' >> $movim_nginx_site
+    nginx_compress "$MOVIM_DOMAIN_NAME"
+    echo '' >> "$movim_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MOVIM_DOMAIN_NAME
-    echo '' >> $movim_nginx_site
-    echo '  # Logs' >> $movim_nginx_site
-    echo '  access_log /dev/null;' >> $movim_nginx_site
-    echo '  error_log /dev/null;' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Root' >> $movim_nginx_site
-    echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Index' >> $movim_nginx_site
-    echo '  index index.php;' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # PHP' >> $movim_nginx_site
-    echo '  location ~ \.php {' >> $movim_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Location' >> $movim_nginx_site
-    echo '  location / {' >> $movim_nginx_site
+    nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$movim_nginx_site"
     function_check nginx_limits
-    nginx_limits $MOVIM_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @movim;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  location /ws/ {' >> $movim_nginx_site
-    echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site
-    echo '    proxy_http_version 1.1;' >> $movim_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site
-    echo '    proxy_set_header Connection "Upgrade";' >> $movim_nginx_site
-    echo '    proxy_set_header Host $host;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site
-    echo '    proxy_redirect off;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Fancy URLs' >> $movim_nginx_site
-    echo '  location @movim {' >> $movim_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $movim_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $movim_nginx_site
-    echo '    deny all;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '}' >> $movim_nginx_site
+    nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @movim;";
+      echo '  }';
+      echo '';
+      echo '  location /ws/ {';
+      echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection "Upgrade";';
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_set_header X-Forwarded-Proto https;';
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @movim {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '}'; } >> "$movim_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $MOVIM_DOMAIN_NAME 'yes'
+    create_site_certificate "$MOVIM_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -572,9 +572,9 @@ function install_movim {
     backup_database_local movim
 
     function_check nginx_ensite
-    nginx_ensite $MOVIM_DOMAIN_NAME
+    nginx_ensite "$MOVIM_DOMAIN_NAME"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a movim -p "$MOVIM_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a movim -p "$MOVIM_ADMIN_PASSWORD"
 
     set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME"
 
diff --git a/src/freedombone-app-mumble b/src/freedombone-app-mumble
index c447a308..5cde23d2 100755
--- a/src/freedombone-app-mumble
+++ b/src/freedombone-app-mumble
@@ -86,7 +86,7 @@ function upgrade_mumble {
         usermod -a -G ssl-cert mumble-server
     fi
 
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
         if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
             sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
             sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
@@ -117,17 +117,18 @@ function backup_local_mumble {
 }
 
 function restore_local_mumble {
-    if [ -d $USB_MOUNT/backup/mumble ]; then
+    if [ -d "$USB_MOUNT/backup/mumble" ]; then
         echo $"Restoring mumble settings"
         temp_restore_dir=/root/tempmumble
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir voip
         restore_directory_from_usb $temp_restore_dir mumble
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
         else
             cp -f $temp_restore_dir/mumble-server.ini /etc/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             function_check set_user_permissions
@@ -136,11 +137,12 @@ function restore_local_mumble {
             backup_unmount_drive
             exit 3679
         fi
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
         else
             cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             function_check set_user_permissions
@@ -171,29 +173,27 @@ function backup_remote_mumble {
 }
 
 function restore_remote_mumble {
-    if [ -d $SERVER_DIRECTORY/backup/mumble ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/mumble" ]; then
         echo $"Restoring Mumble settings"
         temp_restore_dir=/root/tempmumble
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir mumble
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
         else
             cp -f $temp_restore_dir/mumble-server.ini /etc/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 7823
         fi
-        if [ ! "$?" = "0" ]; then
-            rm -rf $temp_restore_dir
-            exit 7823
-        fi
-        if [ $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
         else
             cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 276
@@ -221,7 +221,7 @@ function remove_mumble {
     fi
     function_check remove_onion_service
     remove_onion_service mumble ${MUMBLE_PORT}
-    sed -i '/mumble/d' $COMPLETION_FILE
+    sed -i '/mumble/d' "$COMPLETION_FILE"
 }
 
 function configure_firewall_for_mumble {
@@ -238,34 +238,34 @@ function configure_firewall_for_mumble {
 function install_mumble {
     apt-get -yq install mumble-server
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MUMBLE_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MUMBLE_SERVER_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $MUMBLE_SERVER_PASSWORD ]; then
-            MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-            if [ ${#MUMBLE_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
-                MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MUMBLE_SERVER_PASSWORD" ]; then
+            MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+            if [ ${#MUMBLE_SERVER_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
+                MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
             fi
         fi
     fi
 
     if [[ ${ONION_ONLY} == 'no' ]]; then
-        if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
-            mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
+        if [ ! -d "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs" ]; then
+            mkdir "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs"
         fi
-        if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-                rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
+        if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
+                rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt"
             fi
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
-                rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" ]; then
+                rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"
             fi
             echo $'Obtaining certificate for the main domain'
             function_check create_site_certificate
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
-            chmod 755 /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
+            create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
+            chmod 755 "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"
 
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
                 echo $'Incorrect certificate generated'
                 exit 78352
             fi
@@ -276,9 +276,9 @@ function install_mumble {
 
 
     # Make an ssl cert for the server
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
         if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
-            ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
+            "${PROJECT_NAME}-addcert" -h mumble --dhkey "$DH_KEYLENGTH"
             function_check check_certificates
             check_certificates mumble
         fi
@@ -318,7 +318,7 @@ function install_mumble {
         echo 'allowping=False' >> /etc/mumble-server.ini
     fi
     sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
         sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
         sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
     else
@@ -335,7 +335,8 @@ function install_mumble {
     sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
     sed -i "s|port=.*|port=${MUMBLE_PORT}|g" /etc/mumble-server.ini
 
-    MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT})
+    #MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT})
+    add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT}
 
     # turn off logs by default
     sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
diff --git a/src/freedombone-app-nextcloud b/src/freedombone-app-nextcloud
index f52283db..719b9555 100755
--- a/src/freedombone-app-nextcloud
+++ b/src/freedombone-app-nextcloud
@@ -60,14 +60,14 @@ function logging_off_nextcloud {
 function remove_user_nextcloud {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp nextcloud
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp nextcloud
 }
 
 function add_user_nextcloud {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a nextcloud -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a nextcloud -p "$new_user_password"
     echo '0'
 }
 
@@ -76,12 +76,12 @@ function change_password_nextcloud {
 
     export OC_PASS="$2"
     su -s /bin/sh www-data -c "php occ user:resetpassword --password-from-env $curr_username"
-    ${PROJECT_NAME}-pass -u $curr_username -a nextcloud -p "$OC_PASS"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$OC_PASS"
     export OC_PASS=""
 }
 
 function install_interactive_nextcloud {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -91,42 +91,40 @@ function install_interactive_nextcloud {
         NEXTCLOUD_DETAILS_COMPLETE=
         while [ ! $NEXTCLOUD_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"NextCloud Configuration" \
-                       --form $"\nPlease enter your NextCloud details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
+                       --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
                        $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
                        $"Code:" 2 1 "$(grep 'NEXTCLOUD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"NextCloud Configuration" \
-                       --form $"\nPlease enter your NextCloud details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
+                       --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
                        $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            NEXTCLOUD_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ ${#img_url} -gt 1 ]; then
-                NEXTCLOUD_BACKGROUND_IMAGE_URL=$img_url
-            fi
-            if [ $NEXTCLOUD_DOMAIN_NAME ]; then
+            NEXTCLOUD_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$NEXTCLOUD_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $NEXTCLOUD_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$NEXTCLOUD_DOMAIN_NAME" ]]; then
                     NEXTCLOUD_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        NEXTCLOUD_CODE=$(cat $data | sed -n 2p)
+                        NEXTCLOUD_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$NEXTCLOUD_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             NEXTCLOUD_DOMAIN_NAME=
                         fi
                     fi
@@ -135,11 +133,12 @@ function install_interactive_nextcloud {
             if [ $NEXTCLOUD_DOMAIN_NAME ]; then
                 NEXTCLOUD_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # remove any invalid characters
         if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then
-            new_title=$(echo "$NEXTCLOUD_TITLE" | sed "s|'||g")
+            new_title=${"$NEXTCLOUD_TITLE"//\'//}
             NEXTCLOUD_TITLE="$new_title"
         fi
 
@@ -156,23 +155,23 @@ function change_password_nextcloud {
 
     read_config_param ${NEXTCLOUD_DOMAIN_NAME}
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a nextcloud -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$new_user_password"
 }
 
 function nextcloud_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        NEXTCLOUD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        NEXTCLOUD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then
-            NEXTCLOUD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
+            NEXTCLOUD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then
+    if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_nextcloud {
@@ -186,7 +185,7 @@ function configure_interactive_nextcloud {
 function upgrade_nextcloud_base {
     chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
     chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data
-    cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 232547985
     sudo -u www-data ./occ maintenance:repair
     sudo -u www-data ./occ files:cleanup
     sudo -u www-data ./occ files:scan --all
@@ -200,13 +199,13 @@ function upgrade_nextcloud {
         return
     fi
 
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs "nextcloud commit" "$NEXTCLOUD_COMMIT" $NEXTCLOUD_REPO
+    set_repo_commit "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" "nextcloud commit" "$NEXTCLOUD_COMMIT" "$NEXTCLOUD_REPO"
 
     upgrade_nextcloud_base
     sudo -u www-data ./occ upgrade
@@ -215,22 +214,22 @@ function upgrade_nextcloud {
 
 function backup_local_nextcloud {
     NEXTCLOUD_DOMAIN_NAME='nextcloud'
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
     fi
 
     source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-    if [ -d $source_directory ]; then
+    if [ -d "$source_directory" ]; then
         function_check suspend_site
-        suspend_site ${NEXTCLOUD_DOMAIN_NAME}
+        suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
 
         dest_directory=nextcloudfiles
         function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
         dest_directory=nextcloudconfig
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"
 
         function_check backup_database_to_usb
         backup_database_to_usb nextcloud
@@ -241,26 +240,26 @@ function backup_local_nextcloud {
 }
 
 function restore_local_nextcloud {
-    if ! grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if ! grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         return
     fi
     NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
-    if [ $NEXTCLOUD_DOMAIN_NAME ]; then
+    if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
 
         temp_restore_dir=/root/tempnextcloud
         function_check nextcloud_create_database
         nextcloud_create_database
-        restore_database nextcloud ${NEXTCLOUD_DOMAIN_NAME}
+        restore_database nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
 
         temp_restore_dir=/root/tempnextcloudfiles
         restore_directory_from_usb $temp_restore_dir nextcloudfiles
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         fi
-
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -271,12 +270,13 @@ function restore_local_nextcloud {
         temp_restore_dir=/root/tempnextcloudconfig
         restore_directory_from_usb $temp_restore_dir nextcloudconfig
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -284,9 +284,9 @@ function restore_local_nextcloud {
         fi
         rm -rf ${temp_restore_dir}
 
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        cd $nextcloud_dir
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+        cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 14893545875
         sudo -u www-data ./occ maintenance:repair
         sudo -u www-data ./occ files:cleanup
         sudo -u www-data ./occ files:scan --all
@@ -294,21 +294,21 @@ function restore_local_nextcloud {
 }
 
 function backup_remote_nextcloud {
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
         temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
             function_check suspend_site
-            suspend_site ${NEXTCLOUD_DOMAIN_NAME}
+            suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
 
             function_check backup_database_to_friend
             backup_database_to_friend nextcloud
 
             function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir nextclouddata
+            backup_directory_to_friend "$temp_backup_dir" nextclouddata
 
             temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
-            backup_directory_to_friend $temp_backup_dir nextcloudconfig
+            backup_directory_to_friend "$temp_backup_dir" nextcloudconfig
 
             function_check restart_site
             restart_site
@@ -319,7 +319,7 @@ function backup_remote_nextcloud {
 }
 
 function restore_remote_nextcloud {
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
         echo $"Restoring nextcloud"
         NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
 
@@ -327,7 +327,7 @@ function restore_remote_nextcloud {
         nextcloud_create_database
 
         function_check restore_database_from_friend
-        restore_database_from_friend nextcloud ${NEXTCLOUD_DOMAIN_NAME}
+        restore_database_from_friend nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
         if [ -d /root/tempnextcloud ]; then
             rm -rf /root/tempnextcloud
         fi
@@ -335,12 +335,12 @@ function restore_remote_nextcloud {
         temp_restore_dir=/root/tempnextcloudfiles
         restore_directory_from_friend $temp_restore_dir nextcloudfiles
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
         fi
-
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 768254
         fi
@@ -349,20 +349,21 @@ function restore_remote_nextcloud {
         temp_restore_dir=/root/tempnextcloudconfig
         restore_directory_from_friend $temp_restore_dir nextcloudconfig
 
-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
         else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 573427
         fi
         rm -rf ${temp_restore_dir}
 
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+        cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2642846824
         sudo -u www-data ./occ maintenance:repair
         sudo -u www-data ./occ files:cleanup
         sudo -u www-data ./occ files:scan --all
@@ -381,13 +382,13 @@ function remove_nextcloud {
     read_config_param "NEXTCLOUD_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $NEXTCLOUD_DOMAIN_NAME"
-    nginx_dissite $NEXTCLOUD_DOMAIN_NAME
-    remove_certs $NEXTCLOUD_DOMAIN_NAME
-    if [ -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$NEXTCLOUD_DOMAIN_NAME
+    nginx_dissite "$NEXTCLOUD_DOMAIN_NAME"
+    remove_certs "$NEXTCLOUD_DOMAIN_NAME"
+    if [ -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$NEXTCLOUD_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database nextcloud
@@ -395,17 +396,17 @@ function remove_nextcloud {
     remove_onion_service nextcloud ${NEXTCLOUD_ONION_PORT}
     remove_app nextcloud
     remove_completion_param install_nextcloud
-    sed -i '/nextcloud/d' $COMPLETION_FILE
+    sed -i '/nextcloud/d' "$COMPLETION_FILE"
     remove_backup_database_local nextcloud
 
     function_check remove_ddns_domain
-    remove_ddns_domain $NEXTCLOUD_DOMAIN_NAME
+    remove_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
     systemctl restart nginx
     systemctl restart php7.0-fpm
 }
 
 function install_nextcloud_main {
-    if [ ! $NEXTCLOUD_DOMAIN_NAME ]; then
+    if [ ! "$NEXTCLOUD_DOMAIN_NAME" ]; then
         echo $'No domain name was given for nextcloud'
         exit 7359
     fi
@@ -434,34 +435,34 @@ function install_nextcloud_main {
     fi
     sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
 
-    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
-        mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME
+    if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/nextcloud ]; then
-            mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/nextcloud/. /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-            cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/nextcloud/. "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 2783539793
             git pull
         else
             function_check git_clone
-            git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            git_clone "$NEXTCLOUD_REPO" "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone nextcloud repo'
             exit 87525
         fi
     fi
 
-    cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 3468346834
     git submodule update --init
     git checkout $NEXTCLOUD_COMMIT -b $NEXTCLOUD_COMMIT
     set_completion_param "nextcloud commit" "$NEXTCLOUD_COMMIT"
 
-    chmod g+w /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
 
     function_check nextcloud_create_database
     nextcloud_create_database
@@ -474,154 +475,154 @@ function install_nextcloud_main {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $NEXTCLOUD_DOMAIN_NAME
+    add_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
 
     nextcloud_nginx_site=/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $NEXTCLOUD_DOMAIN_NAME
-        echo 'server {' >> $nextcloud_nginx_site
-        echo '  listen 443 ssl;' >> $nextcloud_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $nextcloud_nginx_site
-        echo "  server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Security' >> $nextcloud_nginx_site
+        nginx_http_redirect "$NEXTCLOUD_DOMAIN_NAME"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $NEXTCLOUD_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> "$nextcloud_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $NEXTCLOUD_DOMAIN_NAME mobile
+        nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME
+        nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Logs' >> $nextcloud_nginx_site
-        echo '  access_log /dev/null;' >> $nextcloud_nginx_site
-        echo '  error_log /dev/null;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Root' >> $nextcloud_nginx_site
-        echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Index' >> $nextcloud_nginx_site
-        echo '  index index.php;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
 
-        # By default nextcloud advertises highly specific version information
-        # on status.php, which can obviously be used by adversaries.
-        # Blocking status.php prevents this information leak
-        echo '  location = /status.php {' >> $nextcloud_nginx_site
-        echo '    return 404;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
+          # By default nextcloud advertises highly specific version information
+          # on status.php, which can obviously be used by adversaries.
+          # Blocking status.php prevents this information leak
+          echo '  location = /status.php {';
+          echo '    return 404;';
+          echo '  }';
+          echo '';
 
-        echo '  # PHP' >> $nextcloud_nginx_site
-        echo '  location ~ \.php {' >> $nextcloud_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Location' >> $nextcloud_nginx_site
-        echo '  location / {' >> $nextcloud_nginx_site
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$nextcloud_nginx_site"
         function_check nginx_limits
-        nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Fancy URLs' >> $nextcloud_nginx_site
-        echo '  location @nextcloud {' >> $nextcloud_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $nextcloud_nginx_site
-        echo '    deny all;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  location = /.well-known/carddav {' >> $nextcloud_nginx_site
-        echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '  location = /.well-known/caldav {' >> $nextcloud_nginx_site
-        echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
-        echo '}' >> $nextcloud_nginx_site
+        nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @nextcloud;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @nextcloud {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '  location = /.well-known/carddav {';
+          echo "    return 301 \$scheme://\$host/remote.php/dav;";
+          echo '  }';
+          echo '  location = /.well-known/caldav {';
+          echo "    return 301 \$scheme://\$host/remote.php/dav;";
+          echo '  }';
+          echo '';
+          echo '  location /.well-known/acme-challenge { }';
+          echo '}'; } >> "$nextcloud_nginx_site"
     else
-        echo -n '' > $nextcloud_nginx_site
+        echo -n '' > "$nextcloud_nginx_site"
     fi
-    echo 'server {' >> $nextcloud_nginx_site
-    echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;" >> $nextcloud_nginx_site
-    echo "    server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;";
+      echo "    server_name $NEXTCLOUD_DOMAIN_NAME;";
+      echo ''; } >> "$nextcloud_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Logs' >> $nextcloud_nginx_site
-    echo '  access_log /dev/null;' >> $nextcloud_nginx_site
-    echo '  error_log /dev/null;' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Root' >> $nextcloud_nginx_site
-    echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Index' >> $nextcloud_nginx_site
-    echo '  index index.php;' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+    nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
 
-    # By default nextcloud advertises highly specific version information
-    # on status.php, which can obviously be used by adversaries.
-    # Blocking status.php prevents this information leak
-    echo '  location = /status.php {' >> $nextcloud_nginx_site
-    echo '    return 404;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+      # By default nextcloud advertises highly specific version information
+      # on status.php, which can obviously be used by adversaries.
+      # Blocking status.php prevents this information leak
+      echo '  location = /status.php {';
+      echo '    return 404;';
+      echo '  }';
+      echo '';
 
-    echo '  # PHP' >> $nextcloud_nginx_site
-    echo '  location ~ \.php {' >> $nextcloud_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Location' >> $nextcloud_nginx_site
-    echo '  location / {' >> $nextcloud_nginx_site
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$nextcloud_nginx_site"
     function_check nginx_limits
-    nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Fancy URLs' >> $nextcloud_nginx_site
-    echo '  location @nextcloud {' >> $nextcloud_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $nextcloud_nginx_site
-    echo '    deny all;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  location = /.well-known/carddav {' >> $nextcloud_nginx_site
-    echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '  location = /.well-known/caldav {' >> $nextcloud_nginx_site
-    echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
-    echo '}' >> $nextcloud_nginx_site
+    nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @nextcloud;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @nextcloud {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  location = /.well-known/carddav {';
+      echo "    return 301 \$scheme://\$host/remote.php/dav;";
+      echo '  }';
+      echo '  location = /.well-known/caldav {';
+      echo "    return 301 \$scheme://\$host/remote.php/dav;";
+      echo '  }';
+      echo '';
+      echo '  location /.well-known/acme-challenge { }';
+      echo '}'; } >> "$nextcloud_nginx_site"
 
-    sed -i 's| DENY;| SAMEORIGIN;|g' $nextcloud_nginx_site
+    sed -i 's| DENY;| SAMEORIGIN;|g' "$nextcloud_nginx_site"
 
     # NextCloud doesn't like content-security-policy at all
-    sed -i '/Content-Security-Policy/d' $nextcloud_nginx_site
+    sed -i '/Content-Security-Policy/d' "$nextcloud_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $NEXTCLOUD_DOMAIN_NAME 'yes'
+    create_site_certificate "$NEXTCLOUD_DOMAIN_NAME" 'yes'
 
-    if [[ $ONION_ONLY == "no" ]]; then
-        if [ ! -f /etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem ]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        if [ ! -f "/etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem" ]; then
             echo $'Certificate not generated for nextcloud'
             exit 725762
         fi
@@ -636,31 +637,18 @@ function install_nextcloud_main {
     backup_database_local nextcloud
 
     function_check nginx_ensite
-    nginx_ensite $NEXTCLOUD_DOMAIN_NAME
-
-    # NOTE: For the typical case always enable SSL and only
-    # disable it if in onion only mode. This is due to complexities
-    # with the way URLs are generated by nextcloud
-    nextcloud_ssl='always'
-    if [[ $ONION_ONLY != 'no' ]]; then
-        nextcloud_ssl='never'
-    fi
+    nginx_ensite "$NEXTCLOUD_DOMAIN_NAME"
 
     NEXTCLOUD_ONION_HOSTNAME=$(add_onion_service nextcloud 80 ${NEXTCLOUD_ONION_PORT})
 
-    NEXTCLOUD_SERVER=${NEXTCLOUD_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        NEXTCLOUD_SERVER=${NEXTCLOUD_ONION_HOSTNAME}
-    fi
-
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
 
-    cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+    cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2467245247
     if [ -d config ]; then
         chown -R www-data:www-data config
     fi
@@ -669,7 +657,7 @@ function install_nextcloud_main {
     fi
 
     chmod +x occ
-    ./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
+    ./occ maintenance:install --database-name nextcloud --admin-user "${MY_USERNAME}" --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
     if [ ! -d data ]; then
         echo $'Nextcloud data directory was not found. This probably means that the installation failed.'
         echo ''
@@ -683,20 +671,19 @@ function install_nextcloud_main {
     sudo -u www-data ./occ status
     sudo -u www-data ./occ app:list
     sudo -u www-data ./occ app:enable encryption
-    sudo -u www-data ./occ encryption:enable
-    if [ ! "$?" = "0" ]; then
+    if ! sudo -u www-data ./occ encryption:enable; then
         echo $'Encryption not enabled'
         exit 73527
     fi
     sudo -u www-data ./occ encryption:status
     sudo -u www-data ./occ config:system:set appstoreenabled --value=false
-    chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
-    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+    chmod g+w "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
+    chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
     chmod 0644 .htaccess
     chmod 0750 data
-    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-    sudo -u www-data ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
-    sudo -u www-data ./occ config:system:set trusted_domains 2 --value=$NEXTCLOUD_ONION_HOSTNAME
+    chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+    sudo -u www-data ./occ config:system:set trusted_domains 1 --value="$NEXTCLOUD_DOMAIN_NAME"
+    sudo -u www-data ./occ config:system:set trusted_domains 2 --value="$NEXTCLOUD_ONION_HOSTNAME"
     sudo -u www-data ./occ files:cleanup
     sudo -u www-data ./occ files:scan --all
     sudo -u www-data ./occ maintenance:repair
@@ -705,8 +692,8 @@ function install_nextcloud_main {
     systemctl restart mariadb
 
     # move the data directory
-    mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
-    sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
+    mv "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
+    sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
 
     set_completion_param "nextcloud domain" "$NEXTCLOUD_DOMAIN_NAME"
 
@@ -714,7 +701,7 @@ function install_nextcloud_main {
 }
 
 function install_nextcloud {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
diff --git a/src/freedombone-app-peertube b/src/freedombone-app-peertube
index f7ffc5af..632064f8 100755
--- a/src/freedombone-app-peertube
+++ b/src/freedombone-app-peertube
@@ -55,14 +55,14 @@ peertube_variables=(PEERTUBE_DOMAIN_NAME
                     MY_EMAIL_ADDRESS)
 
 function peertube_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        PEERTUBE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        PEERTUBE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then
-            PEERTUBE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
+            PEERTUBE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then
+    if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -82,7 +82,8 @@ function logging_off_peertube {
 }
 
 function remove_user_peertube {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_peertube {
@@ -91,14 +92,14 @@ function add_user_peertube {
         return
     fi
 
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
 
     echo '0'
 }
 
 function install_interactive_peertube {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -113,15 +114,14 @@ function install_interactive_peertube {
 }
 
 function peertube_set_admin_email {
-    read_config_param $MY_EMAIL_ADDRESS
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    read_config_param "$MY_EMAIL_ADDRESS"
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Set PeerTube administrator email address" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>$data
+           --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>"$data"
     sel=$?
     case $sel in
-        0)  peertube_email=$(<$data)
+        0)  peertube_email=$(<"$data")
             if [[ "$peertube_email" != *' '* && "$peertube_email" != *','* && "$peertube_email" != *';'* && "$peertube_email" == *'@'* && "$peertube_email" == *'.'* ]]; then
                 if [ ${#peertube_email} -gt 8 ]; then
                     sed -i "s|email:.*|email: '${peertube_email}'|g" $PEERTUBE_DIR/config/production.yaml
@@ -132,13 +132,13 @@ function peertube_set_admin_email {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function peertube_disable_signups {
     dialog --title $"Disable PeerTube signups" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nDo you wish to disable further PeerTube signups?" 8 75
+           --yesno $"\\nDo you wish to disable further PeerTube signups?" 8 75
     sel=$?
     case $sel in
         0) sed -i "0,/enabled:.*/s//enabled: false/" $PEERTUBE_DIR/config/production.yaml;;
@@ -152,35 +152,36 @@ function peertube_disable_signups {
 function configure_interactive_peertube {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"PeerTube" \
                --radiolist $"Choose an operation:" 10 70 4 \
                1 $"Set administrator email address" off \
                2 $"Disable or enable signups" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
             1) break;;
             255) break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) peertube_set_admin_email;;
             2) peertube_disable_signups;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function change_password_peertube {
-    PEERTUBE_USERNAME="$1"
+#    PEERTUBE_USERNAME="$1"
     PEERTUBE_PASSWORD="$2"
     if [ ${#PEERTUBE_PASSWORD} -lt 8 ]; then
         echo $'Peertube password is too short'
         return
     fi
-    #${PROJECT_NAME}-pass -u $PEERTUBE_USERNAME -a peertube -p "$PEERTUBE_PASSWORD"
+    #"${PROJECT_NAME}-pass" -u "$PEERTUBE_USERNAME" -a peertube -p "$PEERTUBE_PASSWORD"
 }
 
 function reconfigure_peertube {
@@ -195,7 +196,7 @@ function upgrade_peertube {
 
     read_config_param PEERTUBE_DOMAIN_NAME
     systemctl stop peertube
-    cd $PEERTUBE_DIR
+    cd "$PEERTUBE_DIR" || exit 7824552627
 
     function_check set_repo_commit
     set_repo_commit $PEERTUBE_DIR "peertube commit" "$PEERTUBE_COMMIT" $PEERTUBE_REPO
@@ -207,7 +208,7 @@ function upgrade_peertube {
 
 function backup_local_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
 
@@ -219,7 +220,7 @@ function backup_local_peertube {
 
     peertube_path=$PEERTUBE_DIR/videos
     if [ -d $peertube_path ]; then
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
         systemctl stop peertube
         backup_directory_to_usb $peertube_path peertubevideos
         systemctl start peertube
@@ -229,11 +230,11 @@ function backup_local_peertube {
 
 function restore_local_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
-    if [ $PEERTUBE_DOMAIN_NAME ]; then
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+    if [ "$PEERTUBE_DOMAIN_NAME" ]; then
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
         systemctl stop peertube
 
         USE_POSTGRESQL=1
@@ -259,7 +260,7 @@ function restore_local_peertube {
 
 function backup_remote_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
 
@@ -272,7 +273,7 @@ function backup_remote_peertube {
     temp_backup_dir=$PEERTUBE_DIR/videos
     if [ -d $temp_backup_dir ]; then
         systemctl stop peertube
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
         backup_directory_to_friend $temp_backup_dir peertubevideos
         restart_site
         systemctl start peertube
@@ -284,13 +285,14 @@ function backup_remote_peertube {
 
 function restore_remote_peertube {
     PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
         PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
     fi
-    suspend_site ${PEERTUBE_DOMAIN_NAME}
+    suspend_site "${PEERTUBE_DOMAIN_NAME}"
 
     systemctl stop peertube
 
+    # shellcheck disable=SC2034
     USE_POSTGRESQL=1
     function_check restore_database_from_friend
     restore_database_from_friend peertube
@@ -326,20 +328,20 @@ function remove_peertube {
     remove_nodejs peertube
 
     read_config_param "PEERTUBE_DOMAIN_NAME"
-    nginx_dissite $PEERTUBE_DOMAIN_NAME
-    remove_certs ${PEERTUBE_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME
+    nginx_dissite "$PEERTUBE_DOMAIN_NAME"
+    remove_certs "${PEERTUBE_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME"
     fi
-    if [ -d /var/www/$PEERTUBE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$PEERTUBE_DOMAIN_NAME
+    if [ -d "/var/www/$PEERTUBE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PEERTUBE_DOMAIN_NAME"
     fi
     remove_config_param PEERTUBE_DOMAIN_NAME
     remove_config_param PEERTUBE_CODE
     function_check remove_onion_service
     remove_onion_service peertube ${PEERTUBE_ONION_PORT}
     remove_completion_param "install_peertube"
-    sed -i '/peertube/d' $COMPLETION_FILE
+    sed -i '/peertube/d' "$COMPLETION_FILE"
 
     function_check drop_database_postgresql
     drop_database_postgresql peertube peertube
@@ -352,188 +354,189 @@ function remove_peertube {
     fi
 
     function_check remove_ddns_domain
-    remove_ddns_domain $PEERTUBE_DOMAIN_NAME
+    remove_ddns_domain "$PEERTUBE_DOMAIN_NAME"
 }
 
 function peertube_setup_web {
     peertube_nginx_file=/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME
 
     if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $peertube_nginx_file
-        echo '  listen 80;' >> $peertube_nginx_file
-        echo '  listen [::]:80;' >> $peertube_nginx_file
-        echo "  server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file
-        echo '  rewrite ^ https://$server_name$request_uri? permanent;' >> $peertube_nginx_file
-        echo '}' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo 'server {' >> $peertube_nginx_file
-        echo '  listen 443 ssl http2;' >> $peertube_nginx_file
-        echo '  #listen [::]:443 ssl http2;' >> $peertube_nginx_file
-        echo "  server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
+        { echo 'server {';
+          echo '  listen 80;';
+          echo '  listen [::]:80;';
+          echo "  server_name $PEERTUBE_DOMAIN_NAME;";
+          echo "  rewrite ^ https://\$server_name\$request_uri? permanent;";
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl http2;';
+          echo '  #listen [::]:443 ssl http2;';
+          echo "  server_name $PEERTUBE_DOMAIN_NAME;";
+          echo ''; } > "$peertube_nginx_file"
         function_check nginx_ssl
-        nginx_ssl $PEERTUBE_DOMAIN_NAME mobile
+        nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $PEERTUBE_DOMAIN_NAME
+        nginx_disable_sniffing "$PEERTUBE_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  location / {' >> $peertube_nginx_file
-        echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-        echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '    # For the video upload' >> $peertube_nginx_file
-        echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  location /static/webseed {' >> $peertube_nginx_file
-        echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-        echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-        echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-        echo '      return 204;' >> $peertube_nginx_file
-        echo '    }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-        echo '    }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  # Websocket tracker' >> $peertube_nginx_file
-        echo '  location /tracker/socket {' >> $peertube_nginx_file
-        echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-        echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-        echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-        echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-        echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-        echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-        echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '}' >> $peertube_nginx_file
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  location / {';
+          echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '';
+          echo '    # For the video upload';
+          echo '    client_max_body_size 2G;';
+          echo '  }';
+          echo '';
+          echo '  location /static/webseed {';
+          echo "    if (\$request_method = 'OPTIONS') {";
+          echo "      add_header 'Access-Control-Allow-Origin' '*';";
+          echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+          echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+          echo "      add_header 'Access-Control-Max-Age' 1728000;";
+          echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+          echo "      add_header 'Content-Length' 0;";
+          echo '      return 204;';
+          echo '    }';
+          echo '';
+          echo "    if (\$request_method = 'GET') {";
+          echo "      add_header 'Access-Control-Allow-Origin' '*';";
+          echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+          echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+          echo '    }';
+          echo '';
+          echo "    alias $PEERTUBE_DIR/videos;";
+          echo '  }';
+          echo '';
+          echo '  # Websocket tracker';
+          echo '  location /tracker/socket {';
+          echo '    # Peers send a message to the tracker every 15 minutes';
+          echo '    # Dont close the websocket before this time';
+          echo '    proxy_read_timeout 1200s;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection "upgrade";';
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+          echo '  }';
+          echo '}'; } >> "$peertube_nginx_file"
     else
-        echo -n '' > $peertube_nginx_file
+        echo -n '' > "$peertube_nginx_file"
     fi
-    echo 'server {' >> $peertube_nginx_file
-    echo "  listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;" >> $peertube_nginx_file
-    echo "  server_name $PEERTUBE_ONION_HOSTNAME;" >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location / {' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '    # For the video upload' >> $peertube_nginx_file
-    echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location /static/webseed {' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-    echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-    echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-    echo '      return 204;' >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  # Websocket tracker' >> $peertube_nginx_file
-    echo '  location /tracker/socket {' >> $peertube_nginx_file
-    echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-    echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-    echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-    echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-    echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '}' >> $peertube_nginx_file
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;";
+      echo "  server_name $PEERTUBE_ONION_HOSTNAME;";
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # For the video upload';
+      echo '    client_max_body_size 2G;';
+      echo '  }';
+      echo '';
+      echo '  location /static/webseed {';
+      echo "    if (\$request_method = 'OPTIONS') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo "      add_header 'Access-Control-Max-Age' 1728000;";
+      echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+      echo "      add_header 'Content-Length' 0;";
+      echo '      return 204;';
+      echo '    }';
+      echo '';
+      echo "    if (\$request_method = 'GET') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo '    }';
+      echo '';
+      echo "    alias $PEERTUBE_DIR/videos;";
+      echo '  }';
+      echo '';
+      echo '  # Websocket tracker';
+      echo '  location /tracker/socket {';
+      echo '    # Peers send a message to the tracker every 15 minutes';
+      echo '    # Dont close the websocket before this time';
+      echo '    proxy_read_timeout 1200s;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection "upgrade";';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo '  }';
+      echo '}'; } >> "$peertube_nginx_file"
 
     # CSP currently causes an error
-    sed -i '/Content-Security-Policy/d' $peertube_nginx_file
+    sed -i '/Content-Security-Policy/d' "$peertube_nginx_file"
 
     function_check create_site_certificate
-    create_site_certificate $PEERTUBE_DOMAIN_NAME 'yes'
+    create_site_certificate "$PEERTUBE_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $PEERTUBE_DOMAIN_NAME
+    nginx_ensite "$PEERTUBE_DOMAIN_NAME"
 }
 
 function mesh_peertube_setup_web {
+    # shellcheck disable=SC2154
     peertube_nginx_file=$rootdir/etc/nginx/sites-available/peertube
 
-    echo 'server {' >> $peertube_nginx_file
-    echo "  listen $MESH_PEERTUBE_PORT http2;" >> $peertube_nginx_file
-    echo '  listen [::]:$MESH_PEERTUBE_PORT http2;' >> $peertube_nginx_file
-    echo '  server_name $HOSTNAME;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location / {' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '    # For the video upload' >> $peertube_nginx_file
-    echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location /static/webseed {' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-    echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-    echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-    echo '      return 204;' >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  # Websocket tracker' >> $peertube_nginx_file
-    echo '  location /tracker/socket {' >> $peertube_nginx_file
-    echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-    echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-    echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-    echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-    echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '}' >> $peertube_nginx_file
+    { echo 'server {';
+      echo "  listen $MESH_PEERTUBE_PORT http2;";
+      echo "  listen [::]:\$MESH_PEERTUBE_PORT http2;";
+      echo "  server_name \$HOSTNAME;";
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # For the video upload';
+      echo '    client_max_body_size 2G;';
+      echo '  }';
+      echo '';
+      echo '  location /static/webseed {';
+      echo "    if (\$request_method = 'OPTIONS') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo "      add_header 'Access-Control-Max-Age' 1728000;";
+      echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+      echo "      add_header 'Content-Length' 0;";
+      echo '      return 204;';
+      echo '    }';
+      echo '';
+      echo "    if (\$request_method = 'GET') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo '    }';
+      echo '';
+      echo "    alias $PEERTUBE_DIR/videos;";
+      echo '  }';
+      echo '';
+      echo '  # Websocket tracker';
+      echo '  location /tracker/socket {';
+      echo '    # Peers send a message to the tracker every 15 minutes';
+      echo '    # Dont close the websocket before this time';
+      echo '    proxy_read_timeout 1200s;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo "    proxy_set_header Connection \"upgrade\";";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo '  }';
+      echo '}'; } > "$peertube_nginx_file"
 }
 
 function peertube_create_config {
@@ -541,84 +544,84 @@ function peertube_create_config {
 
     peertube_config_file=$peertube_prefix$PEERTUBE_DIR/config/production.yaml
 
-    echo 'listen:' > $peertube_config_file
-    echo "  port: $PEERTUBE_PORT" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo '# Correspond to your reverse proxy "listen" configuration' >> $peertube_config_file
-    echo 'webserver:' >> $peertube_config_file
-    if [ ! $peertube_prefix ]; then
-        if [[ $ONION_ONLY == 'no' ]]; then
-            echo '  https: true' >> $peertube_config_file
-            echo "  hostname: '$PEERTUBE_DOMAIN_NAME'" >> $peertube_config_file
-            echo '  port: 443' >> $peertube_config_file
+    { echo 'listen:';
+      echo "  port: $PEERTUBE_PORT";
+      echo '';
+      echo '# Correspond to your reverse proxy "listen" configuration';
+      echo 'webserver:'; } > "$peertube_config_file"
+    if [ ! "$peertube_prefix" ]; then
+        if [[ "$ONION_ONLY" == 'no' ]]; then
+            { echo '  https: true';
+              echo "  hostname: '$PEERTUBE_DOMAIN_NAME'";
+              echo '  port: 443'; } >> "$peertube_config_file"
         else
-            echo '  https: false' >> $peertube_config_file
-            echo "  hostname: '$PEERTUBE_ONION_HOSTNAME'" >> $peertube_config_file
-            echo '  port: 80' >> $peertube_config_file
+            { echo '  https: false';
+              echo "  hostname: '$PEERTUBE_ONION_HOSTNAME'";
+              echo '  port: 80'; } >> "$peertube_config_file"
         fi
     else
-        echo '  https: false' >> $peertube_config_file
-        echo "  hostname: ''" >> $peertube_config_file
-        echo "  port: $MESH_PEERTUBE_PORT" >> $peertube_config_file
+        { echo '  https: false';
+          echo "  hostname: ''";
+          echo "  port: $MESH_PEERTUBE_PORT"; } >> "$peertube_config_file"
     fi
-    echo '' >> $peertube_config_file
-    echo '# Your database name will be "peertube"+database.suffix' >> $peertube_config_file
-    echo 'database:' >> $peertube_config_file
-    echo "  hostname: 'localhost'" >> $peertube_config_file
-    echo '  port: 5432' >> $peertube_config_file
-    echo "  suffix: ''" >> $peertube_config_file
-    echo "  username: 'peertube'" >> $peertube_config_file
-    if [ ! $peertube_prefix ]; then
-        echo "  password: '$PEERTUBE_ADMIN_PASSWORD'" >> $peertube_config_file
+    { echo '';
+      echo '# Your database name will be "peertube"+database.suffix';
+      echo 'database:';
+      echo "  hostname: 'localhost'";
+      echo '  port: 5432';
+      echo "  suffix: ''";
+      echo "  username: 'peertube'"; } >> "$peertube_config_file"
+    if [ ! "$peertube_prefix" ]; then
+        echo "  password: '$PEERTUBE_ADMIN_PASSWORD'" >> "$peertube_config_file"
     else
-        echo "  password: ''" >> $peertube_config_file
+        echo "  password: ''" >> "$peertube_config_file"
     fi
-    echo '' >> $peertube_config_file
-    echo '# From the project root directory' >> $peertube_config_file
-    echo 'storage:' >> $peertube_config_file
-    echo "  certs: 'certs/'" >> $peertube_config_file
-    echo "  videos: 'videos/'" >> $peertube_config_file
-    echo "  logs: 'logs/'" >> $peertube_config_file
-    echo "  previews: 'previews/'" >> $peertube_config_file
-    echo "  thumbnails: 'thumbnails/'" >> $peertube_config_file
-    echo "  torrents: 'torrents/'" >> $peertube_config_file
-    echo "  cache: 'cache/'" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'cache:' >> $peertube_config_file
-    echo '  previews:' >> $peertube_config_file
-    echo '    size: 10 # Max number of previews you want to cache' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'admin:' >> $peertube_config_file
-    # This is deliberately a dummy email address
-    echo "  email: 'testuser@testdomain.net'" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'signup:' >> $peertube_config_file
-    echo '  enabled: true' >> $peertube_config_file
-    echo '  limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'user:' >> $peertube_config_file
-    echo '  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).' >> $peertube_config_file
-    echo '  # -1 == unlimited' >> $peertube_config_file
-    echo '  video_quota: -1' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag' >> $peertube_config_file
-    echo '# Uses a lot of CPU!' >> $peertube_config_file
-    echo 'transcoding:' >> $peertube_config_file
-    echo '  enabled: true' >> $peertube_config_file
-    echo '  threads: 2' >> $peertube_config_file
-    echo '  resolutions: # Only created if the original video has a higher resolution' >> $peertube_config_file
-    echo '    240p: true' >> $peertube_config_file
-    echo '    360p: false' >> $peertube_config_file
-    echo '    480p: false' >> $peertube_config_file
-    echo '    720p: false' >> $peertube_config_file
-    echo '    1080p: false' >> $peertube_config_file
+    { echo '';
+      echo '# From the project root directory';
+      echo 'storage:';
+      echo "  certs: 'certs/'";
+      echo "  videos: 'videos/'";
+      echo "  logs: 'logs/'";
+      echo "  previews: 'previews/'";
+      echo "  thumbnails: 'thumbnails/'";
+      echo "  torrents: 'torrents/'";
+      echo "  cache: 'cache/'";
+      echo '';
+      echo 'cache:';
+      echo '  previews:';
+      echo '    size: 10 # Max number of previews you want to cache';
+      echo '';
+      echo 'admin:';
+      # This is deliberately a dummy email address
+      echo "  email: 'testuser@testdomain.net'";
+      echo '';
+      echo 'signup:';
+      echo '  enabled: true';
+      echo '  limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited';
+      echo '';
+      echo 'user:';
+      echo '  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).';
+      echo '  # -1 == unlimited';
+      echo '  video_quota: -1';
+      echo '';
+      echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag';
+      echo '# Uses a lot of CPU!';
+      echo 'transcoding:';
+      echo '  enabled: true';
+      echo '  threads: 2';
+      echo '  resolutions: # Only created if the original video has a higher resolution';
+      echo '    240p: true';
+      echo '    360p: false';
+      echo '    480p: false';
+      echo '    720p: false';
+      echo '    1080p: false'; } >> "$peertube_config_file"
 }
 
 function mesh_install_peertube {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi
-    if [[ $ARCHITECTURE != 'x86_64' && $ARCHITECTURE != 'amd64' ]]; then
+    if [[ "$ARCHITECTURE" != 'x86_64' && "$ARCHITECTURE" != 'amd64' ]]; then
         return
     fi
 
@@ -627,22 +630,21 @@ function mesh_install_peertube {
     function_check install_postgresql
     install_postgresql
 
-    if [ -d $rootdir$PEERTUBE_DIR ]; then
-        rm -rf $rootdir$PEERTUBE_DIR
+    if [ -d "$rootdir$PEERTUBE_DIR" ]; then
+        rm -rf "$rootdir$PEERTUBE_DIR"
     fi
 
-    git clone $PEERTUBE_REPO $rootdir$PEERTUBE_DIR
+    git clone "$PEERTUBE_REPO" "$rootdir$PEERTUBE_DIR"
 
     chroot "$rootdir" groupadd peertube
     chroot "$rootdir" useradd -c "PeerTube system account" -d $PEERTUBE_DIR -m -r -g peertube peertube
 
-    cd $rootdir$PEERTUBE_DIR
+    cd "$rootdir$PEERTUBE_DIR" || exit 246824524
     git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
 
-
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_peertube
+    cat <<EOF > "$rootdir/usr/bin/install_peertube"
 #!/bin/bash
 cd $PEERTUBE_DIR
 curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
@@ -683,34 +685,33 @@ if [ ! "\$?" = "0" ]; then
     exit 5293593
 fi
 EOF
-    chmod +x $rootdir/usr/bin/install_peertube
-    chroot "$rootdir" /usr/bin/install_peertube
-    if [ ! "$?" = "0" ]; then
+    chmod +x "$rootdir/usr/bin/install_peertube"
+    if ! chroot "$rootdir" /usr/bin/install_peertube; then
         echo $'PeerTube install failed'
         exit 735638
     fi
 
-    echo '[Unit]' > $rootdir/etc/systemd/system/peertube.service
-    echo 'Description=PeerTube Decentralized video streaming platform' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/peertube.service
-    echo '' >> $rootdir/etc/systemd/system/peertube.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'User=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'Group=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo "WorkingDirectory=$PEERTUBE_DIR" >> $rootdir/etc/systemd/system/peertube.service
-    echo "ExecStart=/usr/local/bin/npm start" >> $rootdir/etc/systemd/system/peertube.service
-    echo "ExecStop=/usr/local/bin/npm stop" >> $rootdir/etc/systemd/system/peertube.service
-    echo 'StandardOutput=syslog' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'StandardError=syslog' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'SyslogIdentifier=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'Restart=always' >> $rootdir/etc/systemd/system/peertube.service
-    echo "Environment=NODE_ENV=production" >> $rootdir/etc/systemd/system/peertube.service
-    echo '' >> $rootdir/etc/systemd/system/peertube.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/peertube.service
+    { echo '[Unit]';
+      echo 'Description=PeerTube Decentralized video streaming platform';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=peertube';
+      echo 'Group=peertube';
+      echo "WorkingDirectory=$PEERTUBE_DIR";
+      echo "ExecStart=/usr/local/bin/npm start";
+      echo "ExecStop=/usr/local/bin/npm stop";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=peertube';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/peertube.service"
 
-    peertube_create_config $rootdir
+    peertube_create_config "$rootdir"
 
     chroot "$rootdir" chown -R peertube:peertube $PEERTUBE_DIR
 
@@ -730,7 +731,7 @@ function install_peertube {
         ONION_ONLY='no'
     fi
 
-    if [ ! $PEERTUBE_DOMAIN_NAME ]; then
+    if [ ! "$PEERTUBE_DOMAIN_NAME" ]; then
         echo $'The peertube domain name was not specified'
         exit 783523
     fi
@@ -740,8 +741,8 @@ function install_peertube {
     function_check install_postgresql
     install_postgresql
 
-    if [ ! -d /var/www/$PEERTUBE_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$PEERTUBE_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs"
     fi
 
     if [ -d $PEERTUBE_DIR ]; then
@@ -759,60 +760,56 @@ function install_peertube {
     if [ -d /repos/peertube ]; then
         mkdir -p $PEERTUBE_DIR
         cp -r -p /repos/peertube/. $PEERTUBE_DIR
-        cd $PEERTUBE_DIR
+        cd "$PEERTUBE_DIR" || exit 642874682
         git pull
     else
         function_check git_clone
         git_clone $PEERTUBE_REPO $PEERTUBE_DIR
     fi
 
-    cd $PEERTUBE_DIR
+    cd "$PEERTUBE_DIR" || exit 27492742
     git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
     set_completion_param "peertube commit" "$PEERTUBE_COMMIT"
 
-    npm install -g yarn
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g yarn; then
         echo $'Failed to install yarn'
         exit 79353234
     fi
     yarn add -D webpack --network-concurrency 1
-    yarn install
-    if [ ! "$?" = "0" ]; then
+    if ! yarn install; then
         echo $'Failed to run yarn install'
         exit 63754235
     fi
-    npm install
-    if [ ! "$?" = "0" ]; then
+    if ! npm install; then
         echo $'Failed to install peertube'
         exit 7835243
     fi
-    npm run build
-    if [ ! "$?" = "0" ]; then
+    if ! npm run build; then
         echo $'Failed to build peertube'
         exit 5293593
     fi
 
     PEERTUBE_ONION_HOSTNAME=$(add_onion_service peertube 80 ${PEERTUBE_ONION_PORT})
 
-    echo '[Unit]' > /etc/systemd/system/peertube.service
-    echo 'Description=PeerTube Decentralized video streaming platform' >> /etc/systemd/system/peertube.service
-    echo 'After=syslog.target' >> /etc/systemd/system/peertube.service
-    echo 'After=network.target' >> /etc/systemd/system/peertube.service
-    echo '' >> /etc/systemd/system/peertube.service
-    echo '[Service]' >> /etc/systemd/system/peertube.service
-    echo 'User=peertube' >> /etc/systemd/system/peertube.service
-    echo 'Group=peertube' >> /etc/systemd/system/peertube.service
-    echo "WorkingDirectory=$PEERTUBE_DIR" >> /etc/systemd/system/peertube.service
-    echo "ExecStart=/usr/local/bin/npm start" >> /etc/systemd/system/peertube.service
-    echo "ExecStop=/usr/local/bin/npm stop" >> /etc/systemd/system/peertube.service
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/peertube.service
-    echo 'StandardError=syslog' >> /etc/systemd/system/peertube.service
-    echo 'SyslogIdentifier=peertube' >> /etc/systemd/system/peertube.service
-    echo 'Restart=always' >> /etc/systemd/system/peertube.service
-    echo "Environment=NODE_ENV=production" >> /etc/systemd/system/peertube.service
-    echo '' >> /etc/systemd/system/peertube.service
-    echo '[Install]' >> /etc/systemd/system/peertube.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/peertube.service
+    { echo '[Unit]';
+      echo 'Description=PeerTube Decentralized video streaming platform';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=peertube';
+      echo 'Group=peertube';
+      echo "WorkingDirectory=$PEERTUBE_DIR";
+      echo "ExecStart=/usr/local/bin/npm start";
+      echo "ExecStop=/usr/local/bin/npm stop";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=peertube';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/peertube.service
 
     peertube_create_config
 
@@ -820,10 +817,10 @@ function install_peertube {
 
     peertube_setup_web
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a peertube -p "$PEERTUBE_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a peertube -p "$PEERTUBE_ADMIN_PASSWORD"
 
     function_check add_ddns_domain
-    add_ddns_domain $PEERTUBE_DOMAIN_NAME
+    add_ddns_domain "$PEERTUBE_DOMAIN_NAME"
 
     systemctl enable peertube
     systemctl daemon-reload
diff --git a/src/freedombone-app-pelican b/src/freedombone-app-pelican
index bcc66de1..6019b1cf 100755
--- a/src/freedombone-app-pelican
+++ b/src/freedombone-app-pelican
@@ -50,12 +50,12 @@ pelican_variables=(MY_USERNAME
                    PELICAN_BLOG_CODE)
 
 function pelican_remove_bad_blog_links {
-    find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
 }
 
 function logging_on_pelican {
@@ -73,104 +73,104 @@ function install_pelican_website {
     fi
     function_check nginx_http_redirect
     nginx_http_redirect $PELICAN_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
+      echo "    server_name ${PELICAN_DOMAIN_NAME};";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_ssl
-    nginx_ssl $PELICAN_DOMAIN_NAME
+    nginx_ssl "$PELICAN_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_limits "$PELICAN_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
 
     function_check create_site_certificate
-    create_site_certificate $PELICAN_DOMAIN_NAME 'yes'
+    create_site_certificate "$PELICAN_DOMAIN_NAME" 'yes'
 }
 
 function install_pelican_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;";
+      echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
+      echo "    server_name ${PELICAN_DOMAIN_NAME};";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
     function_check nginx_limits
-    nginx_limits $PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_limits "$PELICAN_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
 }
 
 function pelican_editor_config {
     if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican ]; then
-        echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq org-support-shift-select t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq standard-indent 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq-default tab-width 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq c-basic-offset 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(mouse-wheel-mode t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq make-backup-files t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq version-control t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(setq default-major-mode 'text-mode)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(dolist (hook '(text-mode-hook))" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '    (add-hook hook (lambda () (flyspell-mode 1))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq-default fill-column 72)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq auto-fill-mode 0)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(setq-default auto-fill-function 'do-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
+        { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+          echo '(setq org-support-shift-select t)';
+          echo '(setq standard-indent 4)';
+          echo '(setq-default tab-width 4)';
+          echo '(setq c-basic-offset 4)';
+          echo '(mouse-wheel-mode t)';
+          echo '(setq make-backup-files t)';
+          echo '(setq version-control t)';
+          echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+          echo "(setq default-major-mode 'text-mode)";
+          echo "(dolist (hook '(text-mode-hook))";
+          echo '    (add-hook hook (lambda () (flyspell-mode 1))))';
+          echo '(setq-default fill-column 72)';
+          echo '(setq auto-fill-mode 0)';
+          echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
+          echo "(setq-default auto-fill-function 'do-auto-fill)"; } > "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican"
     fi
 }
 
@@ -179,7 +179,7 @@ function pelican_regenerate_blog {
     echo ''
     echo $'Regenerating blog...'
 
-    cd $PELICAN_BLOG_INSTALL_DIR
+    cd "$PELICAN_BLOG_INSTALL_DIR" || exit 463856348
     make html
     cp -r $PELICAN_BLOG_INSTALL_DIR/output/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
     chown -R www-data:www-data /var/www/$PELICAN_DOMAIN_NAME/htdocs
@@ -189,19 +189,19 @@ function pelican_new_blog {
     DATESTR=$(date "+%Y-%m-%d %H:%M:%S")
 
     if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry ]; then
-        echo $'Title: Blog Post Title' > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $"Date: ${DATESTR}" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $"Author: $(toxid --showuser)" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Category: default' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Tags: blog, tag' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Add your text here' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo -n $'To include an image copy it into the /etc/blog/content/images directory, ' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'then link to it with:' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'![My image]({filename}images/myimage.jpg)' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
+        { echo $'Title: Blog Post Title';
+          echo $"Date: ${DATESTR}";
+          echo $"Author: $(toxid --showuser)";
+          echo $'Category: default';
+          echo $'Tags: blog, tag';
+          echo  '';
+          echo $'Add your text here';
+          echo  '';
+          echo -n $'To include an image copy it into the /etc/blog/content/images directory, ';
+          echo $'then link to it with:';
+          echo  '';
+          echo $'![My image]({filename}images/myimage.jpg)';
+          echo  ''; } > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
     fi
 
     if [ -f /usr/bin/emacs ]; then
@@ -222,7 +222,7 @@ function pelican_new_blog {
 
     # move to the content directory
     CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
-    mv $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md
+    mv "$PELICAN_BLOG_INSTALL_DIR/.new-blog-entry" "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"
 
     # increment the index
     CURRENT_INDEX=$((CURRENT_INDEX + 1))
@@ -238,14 +238,14 @@ function pelican_edit_blog {
     CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
-    if [ ! -f $LAST_BLOG_ENTRY ]; then
+    if [ ! -f "$LAST_BLOG_ENTRY" ]; then
         return
     fi
 
     if [ -f /usr/bin/emacs ]; then
-        emacs -q --load $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican $LAST_BLOG_ENTRY
+        emacs -q --load "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican" "$LAST_BLOG_ENTRY"
     else
-        editor $LAST_BLOG_ENTRY
+        editor "$LAST_BLOG_ENTRY"
     fi
 
     pelican_regenerate_blog
@@ -258,18 +258,18 @@ function pelican_delete_blog {
     CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
-    if [ ! -f $LAST_BLOG_ENTRY ]; then
+    if [ ! -f "$LAST_BLOG_ENTRY" ]; then
         return
     fi
 
     dialog --title $"Delete the previous blog entry" \
            --backtitle $"Freedombone Mesh" \
            --defaultno \
-           --yesno $"\nAre you sure that you wish to delete the previous blog entry?" 8 60
+           --yesno $"\\nAre you sure that you wish to delete the previous blog entry?" 8 60
     sel=$?
     case $sel in
-        0) rm $LAST_BLOG_ENTRY
-           if [ $CURRENT_INDEX -gt 0 ]; then
+        0) rm "$LAST_BLOG_ENTRY"
+           if [ "$CURRENT_INDEX" -gt 0 ]; then
                CURRENT_INDEX=$PREVIOUS_INDEX
                echo "$CURRENT_INDEX" > $PELICAN_CURRENT_BLOG_INDEX
            else
@@ -297,8 +297,8 @@ function pelican_change_theme {
     for a in "${THEMES[@]}"
     do
         is_selected='off'
-        if [ $curr_theme_index ]; then
-            if [ $n -eq $curr_theme_index ]; then
+        if [ "$curr_theme_index" ]; then
+            if [ $n -eq "$curr_theme_index" ]; then
                 is_selected='on'
             fi
         else
@@ -308,28 +308,30 @@ function pelican_change_theme {
         fi
 
         themelist="$themelist $n $a $is_selected"
-        n=$[n+1]
-        theme_index=$[theme_index+1]
+        n=$((n+1))
+        theme_index=$((theme_index+1))
     done
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Mesh" \
            --title $"Select Blog Theme" \
            --radiolist $'Choose:' \
-           80 40 20 $themelist 2> $data
+           80 40 20 "$themelist" 2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    CHOSEN_THEME_INDEX=$(cat $data)
+    CHOSEN_THEME_INDEX=$(cat "$data")
+    rm -f "$data"
     echo "$CHOSEN_THEME_INDEX" > $PELICAN_BLOG_INSTALL_DIR/.blog-theme-index
     CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))
 
     CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}
 
-    cd $PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME
+    cd "$PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME" || exit 2648268284
     pelican_remove_bad_blog_links
 
     if grep -q "THEME=" $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py; then
@@ -341,8 +343,7 @@ function pelican_change_theme {
 }
 
 function configure_interactive_pelican {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Pelican Blogging" \
            --radiolist $"Choose an operation:" 18 50 11 \
@@ -350,23 +351,25 @@ function configure_interactive_pelican {
            2 $"Edit the previous blog entry" off \
            3 $"Delete the previous blog entry" off \
            4 $"Change theme" off \
-           5 $"Exit" off 2> $data
+           5 $"Exit" off 2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) pelican_new_blog;;
         2) pelican_edit_blog;;
         3) pelican_delete_blog;;
         4) pelican_change_theme;;
-        5) break;;
     esac
+    rm -f "$data"
 }
 
 function install_interactive_pelican {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -376,42 +379,43 @@ function install_interactive_pelican {
         PELICAN_DETAILS_COMPLETE=
         while [ ! $PELICAN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pelican Blog Configuration" \
-                       --form $"\nPlease enter your blog details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your blog details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'PELICAN_BLOG_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pelican Blog Configuration" \
-                       --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            PELICAN_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $PELICAN_DOMAIN_NAME ]; then
+            PELICAN_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$PELICAN_DOMAIN_NAME" ]; then
                 if [[ $PELICAN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     PELICAN_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$PELICAN_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PELICAN_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$PELICAN_DOMAIN_NAME" ]]; then
                     PELICAN_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        PELICAN_BLOG_CODE=$(cat $data | sed -n 2p)
+                        PELICAN_BLOG_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$PELICAN_BLOG_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             PELICAN_DOMAIN_NAME=
                         fi
                     fi
@@ -420,6 +424,7 @@ function install_interactive_pelican {
             if [ $PELICAN_DOMAIN_NAME ]; then
                 PELICAN_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -454,7 +459,7 @@ function backup_local_pelican {
 
 function restore_local_pelican {
     if [ -d /etc/blog ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/pelican ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/pelican" ]; then
             temp_restore_dir=/root/temppelican
             function_check restore_directory_from_usb
             restore_directory_from_usb $temp_restore_dir pelican
@@ -463,6 +468,7 @@ function restore_local_pelican {
             else
                 cp -r $temp_restore_dir/* /etc/blog/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
@@ -475,7 +481,7 @@ function restore_local_pelican {
         fi
     fi
     if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/pelican-site ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/pelican-site" ]; then
             temp_restore_dir=/root/temppelican-site
             function_check restore_directory_from_usb
             restore_directory_from_usb $temp_restore_dir pelican-site
@@ -484,6 +490,7 @@ function restore_local_pelican {
             else
                 cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
@@ -508,7 +515,7 @@ function backup_remote_pelican {
 
 function restore_remote_pelican {
     if [ -d /etc/blog ]; then
-        if [ -d $SERVER_DIRECTORY/backup/pelican ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/pelican" ]; then
             temp_restore_dir=/root/temppelican
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir pelican
@@ -517,6 +524,7 @@ function restore_remote_pelican {
             else
                 cp -r $temp_restore_dir/* /etc/blog/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 782352
             fi
@@ -524,7 +532,7 @@ function restore_remote_pelican {
         fi
     fi
     if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
-        if [ -d $SERVER_DIRECTORY/backup/pelican-site ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/pelican-site" ]; then
             temp_restore_dir=/root/temppelican-site
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir pelican-site
@@ -533,6 +541,7 @@ function restore_remote_pelican {
             else
                 cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 76382562
             fi
@@ -561,112 +570,112 @@ function remove_pelican {
 }
 
 function create_pelican_conf {
-    STATIC_BLOG_FILE=$1
+    STATIC_BLOG_FILE="$1"
 
-    echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE
-    echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE
-    echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "AUTHOR=u\"$MY_USERNAME\"" >> $STATIC_BLOG_FILE
-    echo "SITENAME=u'$DEFAULT_BLOG_TITLE'" >> $STATIC_BLOG_FILE
-    echo "SITEURL=''" >> $STATIC_BLOG_FILE
-    echo "PATH='content'" >> $STATIC_BLOG_FILE
-    echo 'TIMEZONE=u"Europe/London"' >> $STATIC_BLOG_FILE
-    echo "DEFAULT_LANG=u'en'" >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'FEED_ALL_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'CATEGORY_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'TRANSLATION_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'AUTHOR_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'AUTHOR_FEED_RSS=None' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DEFAULT_PAGINATION=False' >> $STATIC_BLOG_FILE
-    echo 'RELATIVE_URLS=True' >> $STATIC_BLOG_FILE
-    echo "THEME='themes/nice-blog'" >> $STATIC_BLOG_FILE
+    { echo '#!/usr/bin/env python';
+      echo '# -*- coding: utf-8 -*- #';
+      echo 'from __future__ import unicode_literals';
+      echo '';
+      echo "AUTHOR=u\"$MY_USERNAME\"";
+      echo "SITENAME=u'$DEFAULT_BLOG_TITLE'";
+      echo "SITEURL=''";
+      echo "PATH='content'";
+      echo 'TIMEZONE=u"Europe/London"';
+      echo "DEFAULT_LANG=u'en'";
+      echo '';
+      echo 'FEED_ALL_ATOM=None';
+      echo 'CATEGORY_FEED_ATOM=None';
+      echo 'TRANSLATION_FEED_ATOM=None';
+      echo 'AUTHOR_FEED_ATOM=None';
+      echo 'AUTHOR_FEED_RSS=None';
+      echo '';
+      echo 'DEFAULT_PAGINATION=False';
+      echo 'RELATIVE_URLS=True';
+      echo "THEME='themes/nice-blog'"; } > "$STATIC_BLOG_FILE"
 }
 
 function create_pelican_makefile {
-    STATIC_BLOG_FILE=$1
+    STATIC_BLOG_FILE="$1"
 
-    echo 'PY?=python' > $STATIC_BLOG_FILE
-    echo 'PELICAN?=pelican' >> $STATIC_BLOG_FILE
-    echo 'PELICANOPTS=' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'BASEDIR=$(CURDIR)' >> $STATIC_BLOG_FILE
-    echo 'INPUTDIR=$(BASEDIR)/content' >> $STATIC_BLOG_FILE
-    echo "OUTPUTDIR=$PELICAN_BLOG_PATH" >> $STATIC_BLOG_FILE
-    echo 'CONFFILE=$(BASEDIR)/pelicanconf.py' >> $STATIC_BLOG_FILE
-    echo 'PUBLISHCONF=$(BASEDIR)/publishconf.py' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DEBUG ?= 0' >> $STATIC_BLOG_FILE
-    echo 'ifeq ($(DEBUG), 1)' >> $STATIC_BLOG_FILE
-    echo -e '\tPELICANOPTS += -D' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'RELATIVE ?= 0' >> $STATIC_BLOG_FILE
-    echo 'ifeq ($(RELATIVE), 1)' >> $STATIC_BLOG_FILE
-    echo -e '\tPELICANOPTS += --relative-urls' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'html:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'clean:' >> $STATIC_BLOG_FILE
-    echo -e '\t[ ! -d $(OUTPUTDIR) ] || rm -rf $(OUTPUTDIR)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'regenerate:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) -r $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'serve:' >> $STATIC_BLOG_FILE
-    echo 'ifdef PORT' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server $(PORT)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'serve-global:' >> $STATIC_BLOG_FILE
-    echo 'ifdef SERVER' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 $(SERVER)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 0.0.0.0' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'devserver:' >> $STATIC_BLOG_FILE
-    echo 'ifdef PORT' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh restart $(PORT)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh restart' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'stopserver:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh stop' >> $STATIC_BLOG_FILE
-    echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'publish:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(PUBLISHCONF) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo '.PHONY: html clean regenerate serve serve-global devserver publish' >> $STATIC_BLOG_FILE
+    { echo 'PY?=python';
+      echo 'PELICAN?=pelican';
+      echo 'PELICANOPTS=';
+      echo '';
+      echo "BASEDIR=\$(CURDIR)";
+      echo "INPUTDIR=\$(BASEDIR)/content";
+      echo "OUTPUTDIR=$PELICAN_BLOG_PATH";
+      echo "CONFFILE=\$(BASEDIR)/pelicanconf.py";
+      echo "PUBLISHCONF=\$(BASEDIR)/publishconf.py";
+      echo '';
+      echo 'DEBUG ?= 0';
+      echo "ifeq (\$(DEBUG), 1)";
+      echo -e '\tPELICANOPTS += -D';
+      echo 'endif';
+      echo '';
+      echo 'RELATIVE ?= 0';
+      echo "ifeq (\$(RELATIVE), 1)";
+      echo -e '\tPELICANOPTS += --relative-urls';
+      echo 'endif';
+      echo '';
+      echo 'html:';
+      echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
+      echo '';
+      echo 'clean:';
+      echo -e "\\t[ ! -d \$(OUTPUTDIR) ] || rm -rf \$(OUTPUTDIR)";
+      echo '';
+      echo 'regenerate:';
+      echo -e "\\t\$(PELICAN) -r \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
+      echo '';
+      echo 'serve:';
+      echo 'ifdef PORT';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server \$(PORT)";
+      echo 'else';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server";
+      echo 'endif';
+      echo '';
+      echo 'serve-global:';
+      echo 'ifdef SERVER';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 \$(SERVER)";
+      echo 'else';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 0.0.0.0";
+      echo 'endif';
+      echo '';
+      echo 'devserver:';
+      echo 'ifdef PORT';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh restart \$(PORT)";
+      echo 'else';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh restart";
+      echo 'endif';
+      echo '';
+      echo 'stopserver:';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh stop";
+      echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."';
+      echo '';
+      echo 'publish:';
+      echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(PUBLISHCONF) \$(PELICANOPTS)";
+      echo '';
+      echo '.PHONY: html clean regenerate serve serve-global devserver publish'; } > "$STATIC_BLOG_FILE"
 }
 
 function create_pelican_publish_conf {
     STATIC_BLOG_FILE=$1
 
-    echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE
-    echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE
-    echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'import os' >> $STATIC_BLOG_FILE
-    echo 'import sys' >> $STATIC_BLOG_FILE
-    echo 'sys.path.append(os.curdir)' >> $STATIC_BLOG_FILE
-    echo 'from pelicanconf import *' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "SITEURL = ''" >> $STATIC_BLOG_FILE
-    echo 'RELATIVE_URLS = True' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'" >> $STATIC_BLOG_FILE
-    echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'" >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DELETE_OUTPUT_DIRECTORY = True' >> $STATIC_BLOG_FILE
+    { echo '#!/usr/bin/env python';
+      echo '# -*- coding: utf-8 -*- #';
+      echo 'from __future__ import unicode_literals';
+      echo '';
+      echo 'import os';
+      echo 'import sys';
+      echo 'sys.path.append(os.curdir)';
+      echo 'from pelicanconf import *';
+      echo '';
+      echo "SITEURL = ''";
+      echo 'RELATIVE_URLS = True';
+      echo '';
+      echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'";
+      echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'";
+      echo '';
+      echo 'DELETE_OUTPUT_DIRECTORY = True'; } > "$STATIC_BLOG_FILE"
 }
 
 function pelican_themes {
@@ -747,10 +756,11 @@ function pelican_themes {
 }
 
 function mesh_install_pelican {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" && "$VARIANT" != "usb" ]]; then
         return
     fi
 
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install python-pip
     chroot "$rootdir" pip install ipython
     chroot "$rootdir" pip install Markdown
@@ -760,34 +770,34 @@ function mesh_install_pelican {
     PELICAN_BLOG_INSTALL_DIR=/home/$MY_USERNAME/CreateBlog
     PELICAN_BLOG_PATH=/home/$MY_USERNAME/Public/Blog
 
-    if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR
+    if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR"
     fi
 
-    if [ ! -d $rootdir$PELICAN_BLOG_PATH ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_PATH
+    if [ ! -d "$rootdir$PELICAN_BLOG_PATH" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_PATH"
     fi
 
-    if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images
+    if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images"
     fi
 
-    create_pelican_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py
-    create_pelican_makefile $rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile
-    create_pelican_publish_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py
+    create_pelican_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
+    create_pelican_makefile "$rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile"
+    create_pelican_publish_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py"
 
-    mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/themes
-    cd $rootdir$PELICAN_BLOG_INSTALL_DIR/themes
+    mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes"
+    cd "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes" || exit 74624524
     pelican_themes
 
     #git clone --recursive $PELICAN_PLUGINS_REPO $rootdir$PELICAN_BLOG_INSTALL_DIR/plugins
 
-    chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR
-    chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Public
+    chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
+    chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Public"
 }
 
 function install_pelican {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_pelican
         return
     fi
@@ -800,29 +810,29 @@ function install_pelican {
 
     PELICAN_BLOG_PATH=/var/www/$PELICAN_DOMAIN_NAME/htdocs
 
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR ]; then
-        mkdir -p $PELICAN_BLOG_INSTALL_DIR
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR" ]; then
+        mkdir -p "$PELICAN_BLOG_INSTALL_DIR"
     fi
 
     if [ ! -d $PELICAN_BLOG_PATH ]; then
         mkdir -p $PELICAN_BLOG_PATH
     fi
 
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR/content ]; then
-        mkdir -p $PELICAN_BLOG_INSTALL_DIR/content
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/content" ]; then
+        mkdir -p "$PELICAN_BLOG_INSTALL_DIR/content"
     fi
 
-    create_pelican_conf $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py
-    create_pelican_makefile $PELICAN_BLOG_INSTALL_DIR/Makefile
-    create_pelican_publish_conf $PELICAN_BLOG_INSTALL_DIR/publishconf.py
+    create_pelican_conf "$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
+    create_pelican_makefile "$PELICAN_BLOG_INSTALL_DIR/Makefile"
+    create_pelican_publish_conf "$PELICAN_BLOG_INSTALL_DIR/publishconf.py"
 
-    mkdir -p $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes
-    cd $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes
+    mkdir -p "$PELICAN_THEMES_REPO" "$PELICAN_BLOG_INSTALL_DIR/themes"
+    cd "$PELICAN_BLOG_INSTALL_DIR/themes" || exit 45357282883
     pelican_themes
 
     #git clone --recursive $PELICAN_PLUGINS_REPO $PELICAN_BLOG_INSTALL_DIR/plugins
 
-    chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
     chown -R www-data:www-data $PELICAN_BLOG_PATH
 
     pelican_editor_config
@@ -834,7 +844,7 @@ function install_pelican {
     install_pelican_website_onion
 
     pelican_regenerate_blog
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR/output ]; then
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/output" ]; then
         echo $'Failed to generate pelican blog'
         exit 521892
     fi
diff --git a/src/freedombone-app-pihole b/src/freedombone-app-pihole
index 121909dc..e2bc6f58 100755
--- a/src/freedombone-app-pihole
+++ b/src/freedombone-app-pihole
@@ -66,17 +66,17 @@ function pihole_copy_files {
     if [ ! -d /etc/.pihole ]; then
         mkdir /etc/.pihole
     fi
-    cp $INSTALL_DIR/pihole/adlists.default /etc/.pihole/adlists.default
-    cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default
+    cp "$INSTALL_DIR/pihole/adlists.default" /etc/.pihole/adlists.default
+    cp "$INSTALL_DIR/pihole/adlists.default" $piholeDir/adlists.default
     if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then
-        cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_CUSTOM_ADLIST
+        cp "$INSTALL_DIR/pihole/adlists.default" $PIHOLE_CUSTOM_ADLIST
     fi
-    cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
+    cp "$INSTALL_DIR/pihole/advanced/Scripts/*" /opt/$piholeBasename
     if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then
         rm /etc/dnsmasq.d/01-pihole.conf
     fi
-    cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
-    cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
+    cp "$INSTALL_DIR/pihole/advanced/pihole.cron" /etc/cron.d/pihole
+    cp "$INSTALL_DIR/pihole/gravity.sh" /opt/$piholeBasename
     chmod +x /opt/pihole/*.sh
 }
 
@@ -95,7 +95,7 @@ function pihole_update {
         return
     fi
 
-    if [ ! -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then
+    if [ ! -f "$HOME/${PROJECT_NAME}-wifi.cfg" ]; then
         PIHOLE_IFACE=eth0
     else
         read_config_param WIFI_INTERFACE
@@ -114,13 +114,13 @@ function pihole_update {
     echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
     echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}
 
-    echo 'domain-needed' > /etc/dnsmasq.conf
-    echo 'bogus-priv' >> /etc/dnsmasq.conf
-    echo 'no-resolv' >> /etc/dnsmasq.conf
-    echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf
-    echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
-    echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
-    echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
+    { echo 'domain-needed';
+      echo 'bogus-priv';
+      echo 'no-resolv';
+      echo "server=${PIHOLE_DNS1}";
+      echo "server=${PIHOLE_DNS2}";
+      echo "interface=${PIHOLE_IFACE}";
+      echo 'listen-address=127.0.0.1'; } > /etc/dnsmasq.conf
 
     pihole -g
     systemctl restart dnsmasq
@@ -132,8 +132,7 @@ function pihole_update {
 }
 
 function pihole_change_upstream_dns {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Ad Blocker Upstream DNS" \
            --radiolist $"Pick a domain name service (DNS):" 28 50 19 \
            1 $"Digital Courage" on \
@@ -154,13 +153,15 @@ function pihole_change_upstream_dns {
            16 $"DNS.Watch" off \
            17 $"uncensoreddns.org" off \
            18 $"Lorraine Data Network" off \
-           19 $"Google" off 2> $data
+           19 $"Google" off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) PIHOLE_DNS1='85.214.73.63'
            PIHOLE_DNS2='213.73.91.35'
            ;;
@@ -218,10 +219,12 @@ function pihole_change_upstream_dns {
         19) PIHOLE_DNS1='8.8.8.8'
             PIHOLE_DNS2='4.4.4.4'
             dialog --title $"WARNING" \
-                   --msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
+                   --msgbox $"\\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\\n\\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
             ;;
-        255) exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
+    rm -f "$data"
     write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
     write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
 }
@@ -252,8 +255,7 @@ function pihole_resume {
 function configure_interactive_pihole {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Ad Blocker" \
                --radiolist $"Choose an operation:" 16 70 7 \
@@ -263,13 +265,15 @@ function configure_interactive_pihole {
                4 $"Change upstream DNS servers" off \
                5 $"Pause blocker" off \
                6 $"Resume blocker" off \
-               7 $"Exit" on 2> $data
+               7 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) editor $PIHOLE_CUSTOM_ADLIST
                update_pihole_interactive
                ;;
@@ -286,8 +290,10 @@ function configure_interactive_pihole {
                ;;
             6) pihole_resume
                ;;
-            7) break;;
+            7) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -306,7 +312,7 @@ function upgrade_pihole {
     fi
 
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
+    set_repo_commit "$INSTALL_DIR/pihole" "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
 
     pihole_copy_files
     pihole_update
@@ -367,8 +373,8 @@ function remove_pihole {
         rm /etc/cron.d/pihole
     fi
 
-    if [ -d $INSTALL_DIR/pihole ]; then
-        rm -rf $INSTALL_DIR/pihole
+    if [ -d "$INSTALL_DIR/pihole" ]; then
+        rm -rf "$INSTALL_DIR/pihole"
     fi
 
     firewall_remove 53
@@ -391,27 +397,27 @@ function install_pihole {
 
     systemctl enable dnsmasq
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
-    if [ ! -d $INSTALL_DIR/pihole ]; then
-        cd $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR/pihole" ]; then
+        cd "$INSTALL_DIR" || exit 78245624527
 
         if [ -d /repos/pihole ]; then
             mkdir pihole
             cp -r -p /repos/pihole/. pihole
-            cd pihole
+            cd pihole || exit 24572424684
             git pull
         else
             git_clone $PIHOLE_REPO pihole
         fi
 
-        if [ ! -d $INSTALL_DIR/pihole ]; then
+        if [ ! -d "$INSTALL_DIR/pihole" ]; then
             exit 523925
         fi
-        cd $INSTALL_DIR/pihole
-        git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT
+        cd "$INSTALL_DIR/pihole" || exit 2682468242
+        git checkout "$PIHOLE_COMMIT" -b "$PIHOLE_COMMIT"
         set_completion_param "pihole commit" "$PIHOLE_COMMIT"
     fi
 
@@ -420,21 +426,21 @@ function install_pihole {
     fi
 
     # blank file which takes the place of ads
-    echo '<html>' > /var/www/pihole/htdocs/index.html
-    echo '<body>' >> /var/www/pihole/htdocs/index.html
-    echo '</body>' >> /var/www/pihole/htdocs/index.html
-    echo '</html>' >> /var/www/pihole/htdocs/index.html
+    { echo '<html>';
+      echo '<body>';
+      echo '</body>';
+      echo '</html>'; } > /var/www/pihole/htdocs/index.html
 
-    if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then
+    if [ ! -f "$INSTALL_DIR/pihole/gravity.sh" ]; then
         exit 26738
     fi
-    cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh
+    cp "$INSTALL_DIR/pihole/gravity.sh" /usr/local/bin/gravity.sh
     chmod 755 /usr/local/bin/gravity.sh
 
-    if [ ! -f $INSTALL_DIR/pihole/pihole ]; then
+    if [ ! -f "$INSTALL_DIR/pihole/pihole" ]; then
         exit 52935
     fi
-    cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole
+    cp "$INSTALL_DIR/pihole/pihole" /usr/local/bin/pihole
     chmod 755 /usr/local/bin/pihole
 
     if [ ! -d $piholeDir ]; then
diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 778af9d6..8cf2135c 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -73,56 +73,56 @@ pleroma_variables=(ONION_ONLY
                    MY_USERNAME)
 
 function create_pleroma_blocklist {
-    echo '#!/bin/bash' > $blocking_script_file
-    echo "if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then" >> $blocking_script_file
-    echo '    exit 0' >> $blocking_script_file
-    echo 'fi' >> $blocking_script_file
-    echo 'if [ -f /tmp/pleroma-blocking.lock ]; then' >> $blocking_script_file
-    echo '    cd /tmp' >> $blocking_script_file
-    echo '    find ./pleroma*.lock -type f -mmin +5 -exec rm {} \;' >> $blocking_script_file
-    echo '    if [ -f /tmp/pleroma-blocking.lock ]; then' >> $blocking_script_file
-    echo '        exit 0' >> $blocking_script_file
-    echo '    fi' >> $blocking_script_file
-    echo 'fi' >> $blocking_script_file
-    echo 'touch /tmp/pleroma-blocking.lock' >> $blocking_script_file
-    echo 'objects_query="DELETE FROM objects WHERE"' >> $blocking_script_file
-    echo 'objects_updated=' >> $blocking_script_file
-    echo 'users_query="DELETE FROM users WHERE"' >> $blocking_script_file
-    echo 'websub_server_subscriptions_query="DELETE FROM websub_server_subscriptions WHERE"' >> $blocking_script_file
-    echo 'websub_server_subscriptions_updated=' >> $blocking_script_file
-    echo 'while read blocked; do' >> $blocking_script_file
-    echo '    if [[ "$blocked" == *"."* || "$blocked" == *"@"* ]]; then' >> $blocking_script_file
-    echo '        if [ ${#blocked} -gt 4 ]; then' >> $blocking_script_file
-    echo '            if [ $objects_updated ]; then' >> $blocking_script_file
-    echo '                objects_query="${objects_query} or"' >> $blocking_script_file
-    echo '                users_query="${users_query} or"' >> $blocking_script_file
-    echo '            fi' >> $blocking_script_file
-    echo "            objects_query=\"\${objects_query} data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"" >> $blocking_script_file
-    echo "            users_query=\"\${users_query} nickname ilike '%\${blocked}%'\"" >> $blocking_script_file
-    echo '            objects_updated=1' >> $blocking_script_file
-    echo '            if [[ "$blocked" != *"@"* ]]; then' >> $blocking_script_file
-    echo '                if ! grep -q "127.0.0.1  $blocked" /etc/hosts; then' >> $blocking_script_file
-    echo '                    echo "127.0.0.1  $blocked" >> /etc/hosts' >> $blocking_script_file
-    echo '                fi' >> $blocking_script_file
-    echo '                if [ $websub_server_subscriptions_updated ]; then' >> $blocking_script_file
-    echo '                    websub_server_subscriptions_query="${websub_server_subscriptions_query} or"' >> $blocking_script_file
-    echo '                fi' >> $blocking_script_file
-    echo "                websub_server_subscriptions_query=\"\${websub_server_subscriptions_query} callback like '%\${blocked}%'\"" >> $blocking_script_file
-    echo '                websub_server_subscriptions_updated=1' >> $blocking_script_file
-    echo '            fi' >> $blocking_script_file
-    echo '        fi' >> $blocking_script_file
-    echo '    fi' >> $blocking_script_file
-    echo 'done </root/freedombone-firewall-domains.cfg' >> $blocking_script_file
-    echo '' >> $blocking_script_file
-    echo 'cd /etc/postgresql' >> $blocking_script_file
-    echo 'if [ $objects_updated ]; then' >> $blocking_script_file
-    echo '    sudo -u postgres psql -d pleroma -c "$objects_query"' >> $blocking_script_file
-    echo '    sudo -u postgres psql -d pleroma -c "$users_query"' >> $blocking_script_file
-    echo 'fi' >> $blocking_script_file
-    echo 'if [ $websub_server_subscriptions_updated ]; then' >> $blocking_script_file
-    echo '    sudo -u postgres psql -d pleroma -c "$websub_server_subscriptions_query"' >> $blocking_script_file
-    echo 'fi' >> $blocking_script_file
-    echo 'rm /tmp/pleroma-blocking.lock' >> $blocking_script_file
+    { echo '#!/bin/bash';
+      echo "if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then";
+      echo '    exit 0';
+      echo 'fi';
+      echo 'if [ -f /tmp/pleroma-blocking.lock ]; then';
+      echo '    cd /tmp';
+      echo '    find ./pleroma*.lock -type f -mmin +5 -exec rm {} \;';
+      echo '    if [ -f /tmp/pleroma-blocking.lock ]; then';
+      echo '        exit 0';
+      echo '    fi';
+      echo 'fi';
+      echo 'touch /tmp/pleroma-blocking.lock';
+      echo 'objects_query="DELETE FROM objects WHERE"';
+      echo 'objects_updated=';
+      echo 'users_query="DELETE FROM users WHERE"';
+      echo 'websub_server_subscriptions_query="DELETE FROM websub_server_subscriptions WHERE"';
+      echo 'websub_server_subscriptions_updated=';
+      echo 'while read blocked; do';
+      echo "    if [[ \"\$blocked\" == *\".\"* || \"\$blocked\" == *\"@\"* ]]; then";
+      echo "        if [ \${#blocked} -gt 4 ]; then";
+      echo "            if [ \$objects_updated ]; then";
+      echo "                objects_query=\"\${objects_query} or\"";
+      echo "                users_query=\"\${users_query} or\"";
+      echo '            fi';
+      echo "            objects_query=\"\${objects_query} data->>'content' ilike '%\${blocked}%' or data->>'actor' ilike '%\${blocked}%' or data->>'to' ilike '%\${blocked}%' or data->>'id' ilike '%\${blocked}%' or data->>'external_url' ilike '%\${blocked}%'\"";
+      echo "            users_query=\"\${users_query} nickname ilike '%\${blocked}%'\"";
+      echo '            objects_updated=1';
+      echo "            if [[ \"\$blocked\" != *\"@\"* ]]; then";
+      echo "                if ! grep -q \"127.0.0.1  \$blocked\" /etc/hosts; then";
+      echo "                    echo \"127.0.0.1  \$blocked\" >> /etc/hosts";
+      echo '                fi';
+      echo "                if [ \$websub_server_subscriptions_updated ]; then";
+      echo "                    websub_server_subscriptions_query=\"\${websub_server_subscriptions_query} or\"";
+      echo '                fi';
+      echo "                websub_server_subscriptions_query=\"\${websub_server_subscriptions_query} callback like '%\${blocked}%'\"";
+      echo '                websub_server_subscriptions_updated=1';
+      echo '            fi';
+      echo '        fi';
+      echo '    fi';
+      echo 'done </root/freedombone-firewall-domains.cfg';
+      echo '';
+      echo 'cd /etc/postgresql';
+      echo "if [ \$objects_updated ]; then";
+      echo "    sudo -u postgres psql -d pleroma -c \"\$objects_query\"";
+      echo "    sudo -u postgres psql -d pleroma -c \"\$users_query\"";
+      echo 'fi';
+      echo "if [ \$websub_server_subscriptions_updated ]; then";
+      echo "    sudo -u postgres psql -d pleroma -c \"\$websub_server_subscriptions_query\"";
+      echo 'fi';
+      echo 'rm /tmp/pleroma-blocking.lock'; } > $blocking_script_file
 
     chmod +x $blocking_script_file
 
@@ -135,11 +135,11 @@ function expire_pleroma_posts {
     domain_name=$1
     expire_months=$3
 
-    if [ ! $expire_months ]; then
+    if [ ! "$expire_months" ]; then
         expire_months=3
     fi
 
-    expire_days=$((expire_months * 30))
+    #expire_days=$((expire_months * 30))
 
     # files are what take up most of the backup time, so don't keep them for very long
     expire_days_files=7
@@ -150,86 +150,86 @@ function expire_pleroma_posts {
         return
     fi
 
-    echo '#!/bin/bash' > $pleroma_expire_posts_script
-    echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\"" >> $pleroma_expire_posts_script
-    echo 'if [ ${#plmonths} -eq 0 ]; then' >> $pleroma_expire_posts_script
-    echo '    exit 1' >> $pleroma_expire_posts_script
-    echo 'fi' >> $pleroma_expire_posts_script
-    echo 'if [[ "$plmonths" == "0" ]]; then' >> $pleroma_expire_posts_script
-    echo '    exit 2' >> $pleroma_expire_posts_script
-    echo 'fi' >> $pleroma_expire_posts_script
-    echo 'oldate=$(date +%Y-%m-%d --date="$plmonths months ago")' >> $pleroma_expire_posts_script
-    echo 'cd /etc/postgresql' >> $pleroma_expire_posts_script
-    echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
-    echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\"" >> $pleroma_expire_posts_script
+    { echo '#!/bin/bash';
+      echo "plmonths=\"$PLEROMA_EXPIRE_MONTHS\"";
+      echo "if [ \${#plmonths} -eq 0 ]; then";
+      echo '    exit 1';
+      echo 'fi';
+      echo "if [[ \"\$plmonths\" == \"0\" ]]; then";
+      echo '    exit 2';
+      echo 'fi';
+      echo "oldate=\$(date +%Y-%m-%d --date=\"\$plmonths months ago\")";
+      echo 'cd /etc/postgresql';
+      echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM notifications WHERE inserted_at <= '\$oldate 01:01:01'\"";
+      echo "sudo -u postgres psql -d pleroma -c \"DELETE FROM objects WHERE inserted_at <= '\$oldate 01:01:01'\""; } > $pleroma_expire_posts_script
     chmod +x $pleroma_expire_posts_script
 
     pleroma_expire_script=/etc/cron.daily/pleroma-expire
-    expire_days_files_threshold=$(($expire_days_files - 1))
-    echo '#!/bin/bash' > $pleroma_expire_script
-    echo 'cd /etc/postgresql' >> $pleroma_expire_script
-    echo 'if [ -d /etc/pleroma/tempfiles ]; then' >> $pleroma_expire_script
-    echo '    rm -rf /etc/pleroma/tempfiles' >> $pleroma_expire_script
-    echo 'fi' >> $pleroma_expire_script
-    echo '' >> $pleroma_expire_script
-    echo '# make directory to temporarily store local avatars' >> $pleroma_expire_script
-    echo 'mkdir /etc/pleroma/tempfiles' >> $pleroma_expire_script
-    echo '' >> $pleroma_expire_script
-    echo '# get the local avatar files' >> $pleroma_expire_script
-    echo "avatars=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'url' from users where avatar->>'url' like '%${domain_name}%'\")" >> $pleroma_expire_script
-    echo '' >> $pleroma_expire_script
-    echo '# copy the avatar files to a temporary directory' >> $pleroma_expire_script
-    echo 'arr=( $avatars )' >> $pleroma_expire_script
-    echo 'for i in "${arr[@]}"; do' >> $pleroma_expire_script
-    echo '    if [[ "$i" == *'/media/'* ]]; then' >> $pleroma_expire_script
-    echo "        imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');" >> $pleroma_expire_script
-    echo '        if [ -f $imagefile ]; then' >> $pleroma_expire_script
-    echo "            imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')" >> $pleroma_expire_script
-    echo '            nowdate=$(date +%s)' >> $pleroma_expire_script
-    echo '            sinceepoch=$(date +%s -r $imagefile)' >> $pleroma_expire_script
-    echo '            daysold=$((($nowdate - $sinceepoch) / 86400))' >> $pleroma_expire_script
-    echo "            if [ \$daysold -ge ${expire_days_files_threshold} ]; then" >> $pleroma_expire_script
-    echo '                if [ ! -d $imagedir ]; then' >> $pleroma_expire_script
-    echo '                    mkdir $imagedir' >> $pleroma_expire_script
-    echo '                fi' >> $pleroma_expire_script
-    echo '                cp -rp $imagefile $imagedir' >> $pleroma_expire_script
-    echo '            fi' >> $pleroma_expire_script
-    echo '        fi' >> $pleroma_expire_script
-    echo '    fi' >> $pleroma_expire_script
-    echo 'done' >> $pleroma_expire_script
-    echo '' >> $pleroma_expire_script
-    echo '# get the local banner files' >> $pleroma_expire_script
-    echo "banners=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'banner' from users where avatar->>'url' like '%${domain_name}%'\")" >> $pleroma_expire_script
-    echo '' >> $pleroma_expire_script
-    echo '# copy the banner files to a temporary directory' >> $pleroma_expire_script
-    echo 'arr=( $banners )' >> $pleroma_expire_script
-    echo 'for i in "${arr[@]}"; do' >> $pleroma_expire_script
-    echo '    if [[ "$i" == *'/media/'* ]]; then' >> $pleroma_expire_script
-    echo "        imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');" >> $pleroma_expire_script
-    echo '        if [ -f $imagefile ]; then' >> $pleroma_expire_script
-    echo "            imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')" >> $pleroma_expire_script
-    echo '            nowdate=$(date +%s)' >> $pleroma_expire_script
-    echo '            sinceepoch=$(date +%s -r $imagefile)' >> $pleroma_expire_script
-    echo '            daysold=$((($nowdate - $sinceepoch) / 86400))' >> $pleroma_expire_script
-    echo "            if [ \$daysold -ge ${expire_days_files_threshold} ]; then" >> $pleroma_expire_script
-    echo '                if [ ! -d $imagedir ]; then' >> $pleroma_expire_script
-    echo '                    mkdir $imagedir' >> $pleroma_expire_script
-    echo '                fi' >> $pleroma_expire_script
-    echo '                cp -rp $imagefile $imagedir' >> $pleroma_expire_script
-    echo '            fi' >> $pleroma_expire_script
-    echo '        fi' >> $pleroma_expire_script
-    echo '    fi' >> $pleroma_expire_script
-    echo 'done' >> $pleroma_expire_script
-    echo '' >> $pleroma_expire_script
-    echo '# delete old files' >> $pleroma_expire_script
-    echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +" >> $pleroma_expire_script
-    echo '' >> $pleroma_expire_script
-    echo '# move avatar files back to uploads' >> $pleroma_expire_script
-    echo 'chown -R pleroma:pleroma /etc/pleroma/tempfiles' >> $pleroma_expire_script
-    echo 'mv /etc/pleroma/tempfiles/* /etc/pleroma/uploads' >> $pleroma_expire_script
-    echo 'rm -rf /etc/pleroma/tempfiles' >> $pleroma_expire_script
-    echo '' >> $pleroma_expire_script
-    echo '/usr/bin/pleroma-expire-posts 2> /dev/null' >> $pleroma_expire_script
+    expire_days_files_threshold=$((expire_days_files - 1))
+    { echo '#!/bin/bash';
+      echo 'cd /etc/postgresql';
+      echo 'if [ -d /etc/pleroma/tempfiles ]; then';
+      echo '    rm -rf /etc/pleroma/tempfiles';
+      echo 'fi';
+      echo '';
+      echo '# make directory to temporarily store local avatars';
+      echo 'mkdir /etc/pleroma/tempfiles';
+      echo '';
+      echo '# get the local avatar files';
+      echo "avatars=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'url' from users where avatar->>'url' like '%${domain_name}%'\")";
+      echo '';
+      echo '# copy the avatar files to a temporary directory';
+      echo "arr=( \$avatars )";
+      echo "for i in \"\${arr[@]}\"; do";
+      echo "    if [[ \"\$i\" == *'/media/'* ]]; then";
+      echo "        imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');";
+      echo "        if [ -f \$imagefile ]; then";
+      echo "            imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')";
+      echo "            nowdate=\$(date +%s)";
+      echo "            sinceepoch=\$(date +%s -r \$imagefile)";
+      echo "            daysold=\$(((\$nowdate - \$sinceepoch) / 86400))";
+      echo "            if [ \$daysold -ge ${expire_days_files_threshold} ]; then";
+      echo "                if [ ! -d \$imagedir ]; then";
+      echo "                    mkdir \$imagedir";
+      echo '                fi';
+      echo "                cp -rp \$imagefile \$imagedir";
+      echo '            fi';
+      echo '        fi';
+      echo '    fi';
+      echo 'done';
+      echo '';
+      echo '# get the local banner files';
+      echo "banners=\$(sudo -u postgres psql -d pleroma -c \"select avatar->>'banner' from users where avatar->>'url' like '%${domain_name}%'\")";
+      echo '';
+      echo '# copy the banner files to a temporary directory';
+      echo "arr=( \$banners )";
+      echo "for i in \"\${arr[@]}\"; do";
+      echo "    if [[ \"\$i\" == *'/media/'* ]]; then";
+      echo "        imagefile=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}');";
+      echo "        if [ -f \$imagefile ]; then";
+      echo "            imagedir=/etc/pleroma/uploads/\$(echo \$i | sed 's|\"||g' | sed 's|,||g' | awk -F '/media/' '{print \$2}' | awk -F '/' '{print \$1}')";
+      echo "            nowdate=\$(date +%s)";
+      echo "            sinceepoch=\$(date +%s -r \$imagefile)";
+      echo "            daysold=\$(((\$nowdate - \$sinceepoch) / 86400))";
+      echo "            if [ \$daysold -ge ${expire_days_files_threshold} ]; then";
+      echo "                if [ ! -d \$imagedir ]; then";
+      echo "                    mkdir \$imagedir";
+      echo '                fi';
+      echo "                cp -rp \$imagefile \$imagedir";
+      echo '            fi';
+      echo '        fi';
+      echo '    fi';
+      echo 'done';
+      echo '';
+      echo '# delete old files';
+      echo "find /etc/pleroma/uploads/* -mtime +${expire_days_files} -exec rm -rf {} +";
+      echo '';
+      echo '# move avatar files back to uploads';
+      echo 'chown -R pleroma:pleroma /etc/pleroma/tempfiles';
+      echo 'mv /etc/pleroma/tempfiles/* /etc/pleroma/uploads';
+      echo 'rm -rf /etc/pleroma/tempfiles';
+      echo '';
+      echo '/usr/bin/pleroma-expire-posts 2> /dev/null'; } > $pleroma_expire_script
     chmod +x $pleroma_expire_script
 
     # remove any old cron job
@@ -268,7 +268,7 @@ function logging_off_pleroma {
 function remove_user_pleroma {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp pleroma
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp pleroma
 }
 
 function add_user_pleroma {
@@ -281,7 +281,7 @@ function add_user_pleroma {
 }
 
 function install_interactive_pleroma {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -291,17 +291,16 @@ function install_interactive_pleroma {
         PLEROMA_DETAILS_COMPLETE=
         while [ ! $PLEROMA_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pleroma Configuration" \
-                       --form $"\nPlease enter your Pleroma details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your Pleroma details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'PLEROMA_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$PLEROMA_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$PLEROMA_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       $"Title:" 2 1 "$(grep "$PLEROMA_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$PLEROMA_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
                        $"Code:" 4 1 "$(grep 'PLEROMA_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pleroma Configuration" \
@@ -309,36 +308,38 @@ function install_interactive_pleroma {
                        $"Domain:" 1 1 "$(grep 'PLEROMA_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Title:" 2 1 "$(grep '$PLEROMA_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
                        $"Background image URL:" 3 1 "$(grep '$PLEROMA_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            PLEROMA_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            title=$(cat $data | sed -n 2p)
+            PLEROMA_DOMAIN_NAME=$(sed -n 1p < "$data")
+            title=$(sed -n 2p < "$data")
             if [ ${#title} -gt 1 ]; then
-                PLEROMA_TITLE=$welcome_msg
+                PLEROMA_TITLE="$title"
             fi
-            img_url=$(cat $data | sed -n 3p)
+            img_url=$(sed -n 3p < "$data")
             if [ ${#img_url} -gt 1 ]; then
                 PLEROMA_BACKGROUND_IMAGE_URL=$img_url
             fi
-            if [ $PLEROMA_DOMAIN_NAME ]; then
+            if [ "$PLEROMA_DOMAIN_NAME" ]; then
                 if [[ $PLEROMA_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     PLEROMA_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$PLEROMA_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PLEROMA_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$PLEROMA_DOMAIN_NAME" ]]; then
                     PLEROMA_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        PLEROMA_CODE=$(cat $data | sed -n 4p)
+                        PLEROMA_CODE=$(sed -n 4p < "$data")
                         validate_freedns_code "$PLEROMA_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             PLEROMA_DOMAIN_NAME=
                         fi
                     fi
@@ -347,11 +348,12 @@ function install_interactive_pleroma {
             if [ $PLEROMA_DOMAIN_NAME ]; then
                 PLEROMA_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # remove any invalid characters
         if [ ${#PLEROMA_TITLE} -gt 0 ]; then
-            new_title=$(echo "$PLEROMA_TITLE" | sed "s|'||g")
+            new_title=${"$PLEROMA_TITLE"//\'//}
             PLEROMA_TITLE="$new_title"
         fi
 
@@ -365,7 +367,7 @@ function install_interactive_pleroma {
 }
 
 function change_password_pleroma {
-    curr_username="$1"
+#    curr_username="$1"
     new_user_password="$2"
 
     #${PROJECT_NAME}-pass -u "$curr_username" -a pleroma -p "$new_user_password"
@@ -377,14 +379,14 @@ function pleroma_create_database_failed {
 }
 
 function pleroma_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        PLEROMA_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        PLEROMA_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $PLEROMA_ADMIN_PASSWORD ]; then
-            PLEROMA_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$PLEROMA_ADMIN_PASSWORD" ]; then
+            PLEROMA_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $PLEROMA_ADMIN_PASSWORD ]; then
+    if [ ! "$PLEROMA_ADMIN_PASSWORD" ]; then
         return
     fi
 
@@ -441,10 +443,9 @@ function pleroma_create_database {
     fi
     sed -i 's|import_config|# import_config|g' $pleroma_secret
 
-    cd $PLEROMA_DIR
+    cd "$PLEROMA_DIR" || exit 678245245724
     chown -R pleroma:pleroma $PLEROMA_DIR/*
-    sudo -u pleroma mix local.rebar --force
-    if [ ! "$?" = "0" ]; then
+    if ! sudo -u pleroma mix local.rebar --force; then
         pleroma_create_database_failed
         echo $'mix local.rebar failed'
         exit 73528562
@@ -452,14 +453,12 @@ function pleroma_create_database {
     sudo -u pleroma mix local.hex --force
     sudo -u pleroma mix deps.compile mimerl
     systemctl restart postgresql
-    sudo -u pleroma mix ecto.create --force
-    if [ ! "$?" = "0" ]; then
+    if ! sudo -u pleroma mix ecto.create --force; then
         pleroma_create_database_failed
         echo $'mix ecto.create failed'
         exit 83653582
     fi
-    sudo -u pleroma mix ecto.migrate --force
-    if [ ! "$?" = "0" ]; then
+    if ! sudo -u pleroma mix ecto.migrate --force; then
         pleroma_create_database_failed
         echo $'mix ecto.migrate failed'
         exit 73752573
@@ -477,15 +476,14 @@ function reconfigure_pleroma {
 function pleroma_set_background_image {
     PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Pleroma" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a background image URL' 10 60 2>$data
+           --inputbox $'Set a background image URL' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_background=$(<$data)
+            temp_background=$(<"$data")
             if [ ${#temp_background} -gt 0 ]; then
                 PLEROMA_BACKGROUND_IMAGE_URL="$temp_background"
                 write_config_param "PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_BACKGROUND_IMAGE_URL"
@@ -498,19 +496,18 @@ function pleroma_set_background_image {
             fi
            ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function pleroma_set_title {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Pleroma" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a title' 10 60 2>$data
+           --inputbox $'Set a title' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_title=$(<$data)
+            new_title=$(<"$data")
             if [ ${#new_title} -gt 0 ]; then
                 PLEROMA_TITLE="$new_title"
                 PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
@@ -524,7 +521,7 @@ function pleroma_set_title {
             fi
            ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function pleroma_set_expire_months {
@@ -532,30 +529,31 @@ function pleroma_set_expire_months {
     read_config_param "PLEROMA_DOMAIN_NAME"
     read_config_param "PLEROMA_EXPIRE_MONTHS"
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Pleroma" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$PLEROMA_EXPIRE_MONTHS" 2>$data
+           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$PLEROMA_EXPIRE_MONTHS" 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_expiry_months=$(<$data)
+            new_expiry_months=$(<"$data")
             if [ ${#new_expiry_months} -gt 0 ]; then
                 # should contain no spaces
                 if [[ "$new_expiry_months" == *" "* ]]; then
+                    rm -f "$data"
                     return
                 fi
                 # should be a number
                 re='^[0-9]+$'
                 if ! [[ $new_expiry_months =~ $re ]] ; then
+                    rm -f "$data"
                     return
                 fi
                 # set the new value
                 PLEROMA_EXPIRE_MONTHS=$new_expiry_months
                 write_config_param "PLEROMA_EXPIRE_MONTHS" "$PLEROMA_EXPIRE_MONTHS"
 
-                expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
+                expire_pleroma_posts "$PLEROMA_DOMAIN_NAME" "$PLEROMA_EXPIRE_MONTHS"
                 create_pleroma_blocklist
 
                 dialog --title $"Set Pleroma post expiry period" \
@@ -563,13 +561,13 @@ function pleroma_set_expire_months {
             fi
            ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function pleroma_disable_registrations {
     dialog --title $"Disable new Pleroma user registrations" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nDo you wish to disable new registrations?" 10 60
+           --yesno $"\\nDo you wish to disable new registrations?" 10 60
     sel=$?
     case $sel in
         0) sed -i 's|registrations_open:.*|registrations_open: false,|g' $PLEROMA_DIR/config/config.exs
@@ -586,22 +584,23 @@ function pleroma_disable_registrations {
 function pleroma_add_emoji {
     emoji_resolution='128x128'
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Add Custom Emoji" \
-           --form "\n" 8 75 2 \
+           --form "\\n" 8 75 2 \
            $"Shortcode:" 1 1 "" 1 18 16 15 \
            $"ImageURL:" 2 1 "" 2 18 512 10000 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    shortcode=$(cat $data | sed -n 1p)
-    image_url=$(cat $data | sed -n 2p)
-    rm $data
+    shortcode=$(sed -n 1p < "$data")
+    image_url=$(sed -n 2p < "$data")
+    rm -f "$data"
     if [ ${#shortcode} -lt 2 ]; then
         return
     fi
@@ -635,28 +634,28 @@ function pleroma_add_emoji {
     fi
 
     image_filename=$PLEROMA_DIR/priv/static/emoji/${shortcode}.${image_extension}
-    wget "$image_url" -O $image_filename
-    if [ ! -f $image_filename ]; then
+    wget "$image_url" -O "$image_filename"
+    if [ ! -f "$image_filename" ]; then
         dialog --title $"Add Custom Emoji" \
                --msgbox $"Unable to download the image" 6 60
         return
     fi
 
     if [[ "$image_url" == *'.jpg' || "$image_url" == *'.jpeg' || "$image_url" == *'.gif' ]]; then
-        convert $image_filename -resize $emoji_resolution $PLEROMA_DIR/priv/static/emoji/${shortcode}.png
-        if [ ! -f $PLEROMA_DIR/priv/static/emoji/${shortcode}.png ]; then
+        convert "$image_filename" -resize "$emoji_resolution" "$PLEROMA_DIR/priv/static/emoji/${shortcode}.png"
+        if [ ! -f "$PLEROMA_DIR/priv/static/emoji/${shortcode}.png" ]; then
             dialog --title $"Add Custom Emoji" \
                    --msgbox $"Unable to convert empji image to png format" 6 60
             return
         fi
 
         # remove the original
-        rm $image_filename
+        rm "$image_filename"
 
         image_extension='png'
         image_filename=$PLEROMA_DIR/priv/static/emoji/${shortcode}.${image_extension}
     else
-        convert $image_filename -resize $emoji_resolution $image_filename
+        convert "$image_filename" -resize "$emoji_resolution" "$image_filename"
     fi
 
     if ! grep -q "${shortcode}," $PLEROMA_DIR/config/emoji.txt; then
@@ -681,8 +680,7 @@ function configure_interactive_pleroma {
     read_config_param PLEROMA_EXPIRE_MONTHS
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Pleroma" \
                --radiolist $"Choose an operation:" 15 70 6 \
@@ -691,21 +689,24 @@ function configure_interactive_pleroma {
                3 $"Disable new account registrations" off \
                4 $"Add a custom emoji" off \
                5 $"Set post expiry period (currently $PLEROMA_EXPIRE_MONTHS months)" off \
-               6 $"Exit" on 2> $data
+               6 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) pleroma_set_background_image;;
             2) pleroma_set_title;;
             3) pleroma_disable_registrations;;
             4) pleroma_add_emoji;;
             5) pleroma_set_expire_months;;
-            6) break;;
+            6) rm -f "$data"
+               break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
@@ -717,7 +718,7 @@ function upgrade_pleroma {
         rm $pleroma_expire_posts_script
     fi
     if [ ! -f $pleroma_expire_posts_script ]; then
-        expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
+        expire_pleroma_posts "$PLEROMA_DOMAIN_NAME" "$PLEROMA_EXPIRE_MONTHS"
     fi
     if [ ! -f $blocking_script_file ]; then
         create_pleroma_blocklist
@@ -756,7 +757,7 @@ function upgrade_pleroma {
     sudo -u pleroma mix deps.get
     pleroma_recompile
 
-    expire_pleroma_posts $PLEROMA_DOMAIN_NAME $PLEROMA_EXPIRE_MONTHS
+    expire_pleroma_posts "$PLEROMA_DOMAIN_NAME" "$PLEROMA_EXPIRE_MONTHS"
     create_pleroma_blocklist
 
     systemctl restart pleroma
@@ -764,14 +765,14 @@ function upgrade_pleroma {
 
 function backup_local_pleroma {
     PLEROMA_DOMAIN_NAME='pleroma'
-    if grep -q "pleroma domain" $COMPLETION_FILE; then
+    if grep -q "pleroma domain" "$COMPLETION_FILE"; then
         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
     fi
 
     systemctl stop pleroma
 
     function_check suspend_site
-    suspend_site ${PLEROMA_DOMAIN_NAME}
+    suspend_site "${PLEROMA_DOMAIN_NAME}"
 
     source_directory=$PLEROMA_DIR
     dest_directory=pleroma
@@ -788,11 +789,11 @@ function backup_local_pleroma {
 }
 
 function restore_local_pleroma {
-    if ! grep -q "pleroma domain" $COMPLETION_FILE; then
+    if ! grep -q "pleroma domain" "$COMPLETION_FILE"; then
         return
     fi
     PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
-    if [ $PLEROMA_DOMAIN_NAME ]; then
+    if [ "$PLEROMA_DOMAIN_NAME" ]; then
         echo $"Restoring pleroma"
         temp_restore_dir=/root/temppleroma
         pleroma_dir=$PLEROMA_DIR
@@ -823,14 +824,14 @@ function restore_local_pleroma {
 
 function backup_remote_pleroma {
     PLEROMA_DOMAIN_NAME='pleroma'
-    if grep -q "pleroma domain" $COMPLETION_FILE; then
+    if grep -q "pleroma domain" "$COMPLETION_FILE"; then
         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
     fi
 
     systemctl stop pleroma
 
     function_check suspend_site
-    suspend_site ${PLEROMA_DOMAIN_NAME}
+    suspend_site "${PLEROMA_DOMAIN_NAME}"
 
     source_directory=$PLEROMA_DIR
     dest_directory=pleroma
@@ -847,11 +848,11 @@ function backup_remote_pleroma {
 }
 
 function restore_remote_pleroma {
-    if ! grep -q "pleroma domain" $COMPLETION_FILE; then
+    if ! grep -q "pleroma domain" "$COMPLETION_FILE"; then
         return
     fi
     PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
-    if [ $PLEROMA_DOMAIN_NAME ]; then
+    if [ "$PLEROMA_DOMAIN_NAME" ]; then
         echo $"Restoring pleroma"
         temp_restore_dir=/root/temppleroma
         pleroma_dir=$PLEROMA_DIR
@@ -862,6 +863,7 @@ function restore_remote_pleroma {
         function_check pleroma_create_database
         pleroma_create_database
 
+        # shellcheck disable=SC2034
         USE_POSTGRESQL=1
         function_check restore_database_from_friend
         restore_database_from_friend pleroma
@@ -899,14 +901,14 @@ function remove_pleroma {
     read_config_param "PLEROMA_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $PLEROMA_DOMAIN_NAME"
-    nginx_dissite $PLEROMA_DOMAIN_NAME
-    remove_certs $PLEROMA_DOMAIN_NAME
+    nginx_dissite "$PLEROMA_DOMAIN_NAME"
+    remove_certs "$PLEROMA_DOMAIN_NAME"
 
-    if [ -d /var/www/$PLEROMA_DOMAIN_NAME ]; then
-        rm -rf /var/www/$PLEROMA_DOMAIN_NAME
+    if [ -d "/var/www/$PLEROMA_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PLEROMA_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME"
     fi
     if [ -d $PLEROMA_DIR ]; then
         rm -rf $PLEROMA_DIR
@@ -917,25 +919,25 @@ function remove_pleroma {
     remove_onion_service pleroma ${PLEROMA_ONION_PORT}
     remove_app pleroma
     remove_completion_param install_pleroma
-    sed -i '/pleroma domain/d' $COMPLETION_FILE
-    sed -i '/pleroma commit/d' $COMPLETION_FILE
+    sed -i '/pleroma domain/d' "$COMPLETION_FILE"
+    sed -i '/pleroma commit/d' "$COMPLETION_FILE"
     sed -i "/$blocking_script_file/d" /etc/crontab
 
     function_check remove_ddns_domain
-    remove_ddns_domain $PLEROMA_DOMAIN_NAME
+    remove_ddns_domain "$PLEROMA_DOMAIN_NAME"
 }
 
 function install_elixir {
     apt-get -yq install wget build-essential
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 768345274
     erlang_package=erlang-solutions_1.0_all.deb
     wget https://packages.erlang-solutions.com/$erlang_package
-    if [ ! -f $INSTALL_DIR/$erlang_package ]; then
+    if [ ! -f "$INSTALL_DIR/$erlang_package" ]; then
         exit 72853
     fi
     dpkg -i $erlang_package
@@ -963,8 +965,8 @@ function install_pleroma {
     install_nodejs pleroma-backend
     install_postgresql
 
-    if [ ! -d /var/www/${PLEROMA_DOMAIN_NAME}/htdocs ]; then
-        mkdir -p /var/www/${PLEROMA_DOMAIN_NAME}/htdocs
+    if [ ! -d "/var/www/${PLEROMA_DOMAIN_NAME}/htdocs" ]; then
+        mkdir -p "/var/www/${PLEROMA_DOMAIN_NAME}/htdocs"
     fi
     if [ -d $PLEROMA_DIR ]; then
         rm -rf $PLEROMA_DIR
@@ -978,7 +980,7 @@ function install_pleroma {
     if [ -d /repos/pleroma ]; then
         mkdir -p $PLEROMA_DIR
         cp -r -p /repos/pleroma/. $PLEROMA_DIR
-        cd $PLEROMA_DIR
+        cd "$PLEROMA_DIR" || exit 834537453
         git pull
     else
         function_check git_clone
@@ -996,7 +998,7 @@ function install_pleroma {
 
 
     # checkout the commit
-    cd $PLEROMA_DIR
+    cd "$PLEROMA_DIR" || exit 62452428
     git checkout $PLEROMA_COMMIT -b $PLEROMA_COMMIT
     set_completion_param "pleroma commit" "$PLEROMA_COMMIT"
     chown -R pleroma:pleroma $PLEROMA_DIR
@@ -1004,108 +1006,105 @@ function install_pleroma {
 
     # web config
     function_check add_ddns_domain
-    add_ddns_domain $PLEROMA_DOMAIN_NAME
+    add_ddns_domain "$PLEROMA_DOMAIN_NAME"
 
     PLEROMA_ONION_HOSTNAME=$(add_onion_service pleroma 80 ${PLEROMA_ONION_PORT})
 
     pleroma_nginx_site=/etc/nginx/sites-available/$PLEROMA_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $PLEROMA_DOMAIN_NAME "index index.html"
-        echo '' >> $pleroma_nginx_site
-        echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;' >> $pleroma_nginx_site
-        echo '' >> $pleroma_nginx_site
-        echo 'server {' >> $pleroma_nginx_site
-        echo '  listen 443 ssl;' >> $pleroma_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $pleroma_nginx_site
-        echo "  server_name $PLEROMA_DOMAIN_NAME;" >> $pleroma_nginx_site
-        echo '' >> $pleroma_nginx_site
+        nginx_http_redirect "$PLEROMA_DOMAIN_NAME" "index index.html"
+        { echo '';
+        echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;';
+        echo '';
+        echo 'server {';
+        echo '  listen 443 ssl;';
+        echo '  #listen [::]:443 ssl;';
+        echo "  server_name $PLEROMA_DOMAIN_NAME;";
+        echo ''; } >> "$pleroma_nginx_site"
         function_check nginx_compress
-        nginx_compress $PLEROMA_DOMAIN_NAME
-        echo '' >> $pleroma_nginx_site
-        echo '  # Security' >> $pleroma_nginx_site
+        nginx_compress "$PLEROMA_DOMAIN_NAME"
+        echo '' >> "$pleroma_nginx_site"
+        echo '  # Security' >> "$pleroma_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $PLEROMA_DOMAIN_NAME
+        nginx_ssl "$PLEROMA_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $PLEROMA_DOMAIN_NAME
+        nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $pleroma_nginx_site
-        echo '' >> $pleroma_nginx_site
-        echo '  # Logs' >> $pleroma_nginx_site
-        echo '  access_log /dev/null;' >> $pleroma_nginx_site
-        echo '  error_log /dev/null;' >> $pleroma_nginx_site
-        echo '' >> $pleroma_nginx_site
-        echo "  root $PLEROMA_DIR;" >> $pleroma_nginx_site
-        echo '' >> $pleroma_nginx_site
-        echo '  index index.html;' >> $pleroma_nginx_site
-        echo '  location / {' >> $pleroma_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root $PLEROMA_DIR;";
+          echo '';
+          echo '  index index.html;';
+          echo '  location / {'; } >> "$pleroma_nginx_site"
         function_check nginx_limits
-        nginx_limits $PLEROMA_DOMAIN_NAME '15m'
-        echo '    proxy_http_version 1.1;' >> $pleroma_nginx_site
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $pleroma_nginx_site
-        echo '    proxy_set_header Connection "upgrade";' >> $pleroma_nginx_site
-        echo "    proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site
-        echo '  }' >> $pleroma_nginx_site
-        echo '' >> $pleroma_nginx_site
-        echo '  location /proxy {' >> $pleroma_nginx_site
-        nginx_limits $PLEROMA_DOMAIN_NAME '15m'
-        echo '    proxy_cache pleroma_media_cache;' >> $pleroma_nginx_site
-        echo '    proxy_cache_lock on;' >> $pleroma_nginx_site
-        echo "    proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site
-        echo '  }' >> $pleroma_nginx_site
-        echo '  # include snippets/well-known.conf;' >> $pleroma_nginx_site
-        echo '}' >> $pleroma_nginx_site
+        nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
+        { echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection "upgrade";';
+          echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
+          echo '  }';
+          echo '';
+          echo '  location /proxy {'; } >> "$pleroma_nginx_site"
+        nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
+        { echo '    proxy_cache pleroma_media_cache;';
+          echo '    proxy_cache_lock on;';
+          echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
+          echo '  }';
+          echo '  # include snippets/well-known.conf;';
+          echo '}'; } >> "$pleroma_nginx_site"
     else
-        echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;' > $pleroma_nginx_site
-        echo '' >> $pleroma_nginx_site
+        echo 'proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=100m inactive=80m use_temp_path=off;' > "$pleroma_nginx_site"
+        echo '' >> "$pleroma_nginx_site"
     fi
-    echo 'server {' >> $pleroma_nginx_site
-    echo "    listen 127.0.0.1:$PLEROMA_ONION_PORT default_server;" >> $pleroma_nginx_site
-    echo "    server_name $PLEROMA_ONION_HOSTNAME;" >> $pleroma_nginx_site
-    echo '' >> $pleroma_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$PLEROMA_ONION_PORT default_server;";
+      echo "    server_name $PLEROMA_ONION_HOSTNAME;";
+      echo ''; } >> "$pleroma_nginx_site"
     function_check nginx_compress
-    nginx_compress $PLEROMA_DOMAIN_NAME
-    echo '' >> $pleroma_nginx_site
+    nginx_compress "$PLEROMA_DOMAIN_NAME"
+    echo '' >> "$pleroma_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PLEROMA_DOMAIN_NAME
-    echo '' >> $pleroma_nginx_site
-    echo '  # Logs' >> $pleroma_nginx_site
-    echo '  access_log /dev/null;' >> $pleroma_nginx_site
-    echo '  error_log /dev/null;' >> $pleroma_nginx_site
-    echo '' >> $pleroma_nginx_site
-    echo "  root $PLEROMA_DIR;" >> $pleroma_nginx_site
-    echo '' >> $pleroma_nginx_site
-    echo '  index index.html;' >> $pleroma_nginx_site
-    echo '  location / {' >> $pleroma_nginx_site
+    nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root $PLEROMA_DIR;";
+      echo '';
+      echo '  index index.html;';
+      echo '  location / {'; } >> "$pleroma_nginx_site"
     function_check nginx_limits
-    nginx_limits $PLEROMA_DOMAIN_NAME '15m'
-    echo '      proxy_http_version 1.1;' >> $pleroma_nginx_site
-    echo '      proxy_set_header Upgrade $http_upgrade;' >> $pleroma_nginx_site
-    echo '      proxy_set_header Connection "upgrade";' >> $pleroma_nginx_site
-    echo "      proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site
-    echo '  }' >> $pleroma_nginx_site
-    echo '' >> $pleroma_nginx_site
-    echo '  location /proxy {' >> $pleroma_nginx_site
-    nginx_limits $PLEROMA_DOMAIN_NAME '15m'
-    echo '    proxy_cache pleroma_media_cache;' >> $pleroma_nginx_site
-    echo '    proxy_cache_lock on;' >> $pleroma_nginx_site
-    echo "    proxy_pass http://localhost:$PLEROMA_PORT;" >> $pleroma_nginx_site
-    echo '  }' >> $pleroma_nginx_site
-    echo '  # include snippets/well-known.conf;' >> $pleroma_nginx_site
-    echo '}' >> $pleroma_nginx_site
-
+    nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
+    { echo '      proxy_http_version 1.1;';
+      echo "      proxy_set_header Upgrade \$http_upgrade;";
+      echo '      proxy_set_header Connection "upgrade";';
+      echo "      proxy_pass http://localhost:$PLEROMA_PORT;";
+      echo '  }';
+      echo '';
+      echo '  location /proxy {'; } >> "$pleroma_nginx_site"
+    nginx_limits "$PLEROMA_DOMAIN_NAME" '15m'
+    { echo '    proxy_cache pleroma_media_cache;';
+      echo '    proxy_cache_lock on;';
+      echo "    proxy_pass http://localhost:$PLEROMA_PORT;";
+      echo '  }';
+      echo '  # include snippets/well-known.conf;';
+      echo '}'; } >> "$pleroma_nginx_site"
 
     # back end
-    cd $PLEROMA_DIR
-    chown -R pleroma:pleroma *
-    sudo -u pleroma mix local.hex --force
-    if [ ! "$?" = "0" ]; then
+    cd "$PLEROMA_DIR" || exit 246824684
+    chown -R pleroma:pleroma "$PLEROMA_DIR/*"
+    if ! sudo -u pleroma mix local.hex --force; then
         echo $'mix local.hex failed'
         exit 1745673
     fi
-    sudo -u pleroma mix deps.get --force
-    if [ ! "$?" = "0" ]; then
+    if ! sudo -u pleroma mix deps.get --force; then
         echo $'mix deps.get failed'
         exit 7325733
     fi
@@ -1113,29 +1112,28 @@ function install_pleroma {
     function_check pleroma_create_database
     pleroma_create_database
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a pleroma -p "$PLEROMA_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a pleroma -p "$PLEROMA_ADMIN_PASSWORD"
 
     # NOTE: we don't need to install the frontend separately,
     # since the backend contains a precompiled version of it
 
     install_gnusocial_default_background "pleroma" "$PLEROMA_DOMAIN_NAME"
-    if [ ! -f $PLEROMA_DIR/priv/static/static/config.json ]; then
+    if [ ! -f "$PLEROMA_DIR/priv/static/static/config.json" ]; then
         echo $"$PLEROMA_DIR/priv/static/static/config.json file missing"
         exit 323689
     fi
-    sed -i 's|"theme":.*|"theme": "base16-summerfruit-dark.css",|g' $PLEROMA_DIR/priv/static/static/config.json
+    sed -i 's|"theme":.*|"theme": "base16-summerfruit-dark.css",|g' "$PLEROMA_DIR/priv/static/static/config.json"
 
-    if [ $PLEROMA_BACKGROUND_IMAGE_URL ]; then
+    if [ "$PLEROMA_BACKGROUND_IMAGE_URL" ]; then
         pleroma_set_background_image_from_url $PLEROMA_DIR/priv/static "$PLEROMA_DOMAIN_NAME" "$PLEROMA_BACKGROUND_IMAGE_URL" "$PLEROMA_TITLE"
     fi
 
-
     # Get certificate
     function_check create_site_certificate
-    create_site_certificate $PLEROMA_DOMAIN_NAME 'yes'
+    create_site_certificate "$PLEROMA_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $PLEROMA_DOMAIN_NAME
+    nginx_ensite "$PLEROMA_DOMAIN_NAME"
 
     systemctl restart postgresql
     systemctl restart nginx
@@ -1159,22 +1157,22 @@ function install_pleroma {
     create_pleroma_blocklist
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/pleroma.service
-    echo 'Description=Pleroma social network' >> /etc/systemd/system/pleroma.service
-    echo 'After=network.target postgresql.service' >> /etc/systemd/system/pleroma.service
-    echo '' >> /etc/systemd/system/pleroma.service
-    echo '[Service]' >> /etc/systemd/system/pleroma.service
-    echo 'User=pleroma' >> /etc/systemd/system/pleroma.service
-    echo "WorkingDirectory=$PLEROMA_DIR" >> /etc/systemd/system/pleroma.service
-    echo "Environment=\"HOME=$PLEROMA_DIR\"" >> /etc/systemd/system/pleroma.service
-    echo 'ExecStart=/usr/local/bin/mix phx.server' >> /etc/systemd/system/pleroma.service
-    echo 'ExecReload=/bin/kill $MAINPID' >> /etc/systemd/system/pleroma.service
-    echo 'KillMode=process' >> /etc/systemd/system/pleroma.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/pleroma.service
-    echo '' >> /etc/systemd/system/pleroma.service
-    echo '[Install]' >> /etc/systemd/system/pleroma.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/pleroma.service
-    echo 'Alias=pleroma.service' >> /etc/systemd/system/pleroma.service
+    { echo '[Unit]';
+      echo 'Description=Pleroma social network';
+      echo 'After=network.target postgresql.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=pleroma';
+      echo "WorkingDirectory=$PLEROMA_DIR";
+      echo "Environment=\"HOME=$PLEROMA_DIR\"";
+      echo 'ExecStart=/usr/local/bin/mix phx.server';
+      echo "ExecReload=/bin/kill \$MAINPID";
+      echo 'KillMode=process';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target';
+      echo 'Alias=pleroma.service'; } > /etc/systemd/system/pleroma.service
     systemctl daemon-reload
     systemctl enable pleroma
     systemctl start pleroma
diff --git a/src/freedombone-app-postactiv b/src/freedombone-app-postactiv
index 86663842..a0addb23 100755
--- a/src/freedombone-app-postactiv
+++ b/src/freedombone-app-postactiv
@@ -66,12 +66,12 @@ function logging_off_postactiv {
 function postactiv_customise_logo {
     domain_name=$1
 
-    if [ -f /var/www/${domain_name}/htdocs/static/logo.png ]; then
+    if [ -f "/var/www/${domain_name}/htdocs/static/logo.png" ]; then
         if [ -f ~/freedombone/img/postactiv.png ]; then
-            cp ~/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png
+            cp ~/freedombone/img/postactiv.png "/var/www/${domain_name}/htdocs/static/logo.png"
         else
-            if [ -f /home/$MY_USERNAME/freedombone/img/postactiv.png ]; then
-                cp /home/$MY_USERNAME/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png
+            if [ -f "/home/$MY_USERNAME/freedombone/img/postactiv.png" ]; then
+                cp "/home/$MY_USERNAME/freedombone/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
             fi
         fi
     fi
@@ -80,13 +80,13 @@ function postactiv_customise_logo {
 function remove_user_postactiv {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp postactiv
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp postactiv
 
     function_check get_completion_param
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-        php scripts/deleteprofile.php -n $remove_username -y
+    if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
+        cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 3658254254
+        php scripts/deleteprofile.php -n "$remove_username" -y
     fi
 }
 
@@ -94,13 +94,13 @@ function add_user_postactiv {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a postactiv -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a postactiv -p "$new_user_password"
 
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-        php scripts/registeruser.php -n $new_username -w "$new_user_password" -e "$new_username@$HOSTNAME"
-        ${PROJECT_NAME}-addemail -u $new_username -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
+    if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs" ]; then
+        cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 346846834
+        php scripts/registeruser.php -n "$new_username" -w "$new_user_password" -e "$new_username@$HOSTNAME"
+        "${PROJECT_NAME}-addemail" -u "$new_username" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
         echo '0'
     else
         echo '1'
@@ -108,7 +108,7 @@ function add_user_postactiv {
 }
 
 function install_interactive_postactiv {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -118,54 +118,54 @@ function install_interactive_postactiv {
         POSTACTIV_DETAILS_COMPLETE=
         while [ ! $POSTACTIV_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
+            data=$(mktemp 2>/dev/null)
             trap "rm -f $data" 0 1 2 5 15
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PostActiv Configuration" \
-                       --form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
                        $"Code:" 4 1 "$(grep 'POSTACTIV_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PostActiv Configuration" \
-                       --form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
-                       2> $data
+                       $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       2> "$data"
             fi
             sel=$?
             case $sel in
                 1) exit 1;;
                 255) exit 1;;
             esac
-            POSTACTIV_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            title=$(cat $data | sed -n 2p)
+            POSTACTIV_DOMAIN_NAME=$(sed -n 1p < "$data")
+            title=$(sed -n 2p < "$data")
             if [ ${#title} -gt 1 ]; then
-                POSTACTIV_TITLE=$welcome_msg
+                POSTACTIV_TITLE=$title
             fi
-            img_url=$(cat $data | sed -n 3p)
+            img_url=$(sed -n 3p < "$data")
             if [ ${#img_url} -gt 1 ]; then
                 POSTACTIV_BACKGROUND_IMAGE_URL=$img_url
             fi
-            if [ $POSTACTIV_DOMAIN_NAME ]; then
-                if [[ $POSTACTIV_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            if [ "$POSTACTIV_DOMAIN_NAME" ]; then
+                if [[ "$POSTACTIV_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     POSTACTIV_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$POSTACTIV_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $POSTACTIV_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$POSTACTIV_DOMAIN_NAME" ]]; then
                     POSTACTIV_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        POSTACTIV_CODE=$(cat $data | sed -n 4p)
+                        POSTACTIV_CODE=$(sed -n 4p < "$data")
                         validate_freedns_code "$POSTACTIV_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             POSTACTIV_DOMAIN_NAME=
                         fi
                     fi
@@ -178,7 +178,7 @@ function install_interactive_postactiv {
 
         # remove any invalid characters
         if [ ${#POSTACTIV_TITLE} -gt 0 ]; then
-            new_title=$(echo "$POSTACTIV_TITLE" | sed "s|'||g")
+            new_title=${"$POSTACTIV_TITLE"//\'//}
             POSTACTIV_TITLE="$new_title"
         fi
 
@@ -197,26 +197,26 @@ function change_password_postactiv {
 
     read_config_param 'POSTACTIV_DOMAIN_NAME'
 
-    cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts
+    cd "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts" || exit 246824682
     php setpassword.php "$curr_username" "$new_user_password"
 
-    ${PROJECT_NAME}-pass -u "$curr_username" -a postactiv -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a postactiv -p "$new_user_password"
 }
 
 function postactiv_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        POSTACTIV_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        POSTACTIV_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then
-            POSTACTIV_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then
+            POSTACTIV_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then
+    if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" $MY_USERNAME
+    create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function postactiv_running_script {
@@ -235,64 +235,63 @@ function reconfigure_postactiv {
 function postactiv_set_background_image {
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"PostActiv" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a background image URL' 10 60 2>$data
+           --inputbox $'Set a background image URL' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_background=$(<$data)
+            temp_background=$(<"$data")
             if [ ${#temp_background} -gt 0 ]; then
                 POSTACTIV_BACKGROUND_IMAGE_URL="$temp_background"
                 write_config_param "POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_BACKGROUND_IMAGE_URL"
 
-                if [[ $(pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then
+                if [[ $(pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then
                     dialog --title $"Set PostActiv background" \
                            --msgbox $"The background image has been set" 6 60
                 fi
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function postactiv_set_title {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"PostActiv" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a title' 10 60 2>$data
+           --inputbox $'Set a title' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_title=$(<$data)
+            new_title=$(<"$data")
             if [ ${#new_title} -gt 0 ]; then
                 POSTACTIV_TITLE="$new_title"
                 POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
                 write_config_param "POSTACTIV_TITLE" "$POSTACTIV_TITLE"
-                cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static
+                cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static" || exit 782452452
                 sed -i "s|\"name\":.*|\"name\": \"${POSTACTIV_TITLE}\",|g" config.json
                 dialog --title $"Set PostActiv title" \
                        --msgbox $"The title has been set" 6 60
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function postactiv_set_expire_months {
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     read_config_param "POSTACTIV_EXPIRE_MONTHS"
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"PostActiv" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>$data
+           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_expiry_months=$(<$data)
+            new_expiry_months=$(<"$data")
             if [ ${#new_expiry_months} -gt 0 ]; then
                 # should contain no spaces
                 if [[ "$new_expiry_months" == *" "* ]]; then
@@ -312,14 +311,14 @@ function postactiv_set_expire_months {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_postactiv {
     read_config_param "POSTACTIV_EXPIRE_MONTHS"
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"PostActiv" \
                --radiolist $"Choose an operation:" 16 70 7 \
@@ -329,21 +328,25 @@ function configure_interactive_postactiv {
                4 $"Select Qvitter user interface" off \
                5 $"Select Pleroma user interface" off \
                6 $"Select Classic user interface" off \
-               7 $"Exit" on 2> $data
+               7 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) postactiv_set_background_image;;
             2) postactiv_set_title;;
             3) postactiv_set_expire_months;;
             4) gnusocial_use_qvitter postactiv;;
             5) gnusocial_use_pleroma postactiv;;
             6) gnusocial_use_classic postactiv;;
-            7) break;;
+            7) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -353,22 +356,22 @@ function upgrade_postactiv {
         return
     fi
 
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if grep -q "postactiv domain" "$COMPLETION_FILE"; then
         POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO
+    set_repo_commit "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO
 
     # Ensure that installation script is removed
-    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then
-        rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php
+    if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then
+        rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php"
     fi
 
-    if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php ]; then
-        if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php ]; then
-            mv /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php
+    if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php" ]; then
+        if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" ]; then
+            mv "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php"
         fi
     fi
 
@@ -379,16 +382,16 @@ function upgrade_postactiv {
     gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME"
 
     upgrade_pleroma_frontend "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
-    postactiv_customise_logo
+    postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME"
     install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
-    chown -R www-data:www-data /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs"
     systemctl restart mariadb
 }
 
 
 function backup_local_postactiv {
     POSTACTIV_DOMAIN_NAME='postactiv'
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if grep -q "postactiv domain" "$COMPLETION_FILE"; then
         POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     fi
 
@@ -396,24 +399,24 @@ function backup_local_postactiv {
     /etc/cron.daily/postactiv-expire
 
     source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory"
     fi
 
     function_check suspend_site
-    suspend_site ${POSTACTIV_DOMAIN_NAME}
+    suspend_site "${POSTACTIV_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=postactivconfig
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
     dest_directory=postactivfile
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check backup_database_to_usb
     backup_database_to_usb postactiv
@@ -423,16 +426,16 @@ function backup_local_postactiv {
 }
 
 function restore_local_postactiv {
-    if ! grep -q "postactiv domain" $COMPLETION_FILE; then
+    if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then
         return
     fi
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ $POSTACTIV_DOMAIN_NAME ]; then
+    if [ "$POSTACTIV_DOMAIN_NAME" ]; then
         echo $"Restoring postactiv"
         temp_restore_dir=/root/temppostactiv
         postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd $postactiv_dir
+        cd "$postactiv_dir" || exit 468246242
         scripts/stopdaemons.sh
 
         function_check postactiv_create_database
@@ -446,36 +449,36 @@ function restore_local_postactiv {
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir postactivconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir ]; then
-                cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
-                cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir" ]; then
+                cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/"
+                cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/"
             else
-                cp $temp_restore_dir/backup/config.php $postactiv_dir/
-                if [ ! -d $postactiv_dir/static ]; then
-                    mkdir $postactiv_dir/static
+                cp "$temp_restore_dir/backup/config.php" "$postactiv_dir/"
+                if [ ! -d "$postactiv_dir/static" ]; then
+                    mkdir "$postactiv_dir/static"
                 fi
-                cp -rp $temp_restore_dir/static/* $postactiv_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/"
             fi
-            chown www-data:www-data $postactiv_dir/config.php
-            chown -R www-data:www-data $postactiv_dir/static
+            chown www-data:www-data "$postactiv_dir/config.php"
+            chown -R www-data:www-data "$postactiv_dir/static"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_usb $temp_restore_dir postactivfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir/file ]; then
-                cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then
+                cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/"
             else
-                if [ ! -d $postactiv_dir/file ]; then
-                    mkdir $postactiv_dir/file
+                if [ ! -d "$postactiv_dir/file" ]; then
+                    mkdir "$postactiv_dir/file"
                 fi
-                cp -rp $temp_restore_dir/* $postactiv_dir/file/
+                cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/"
             fi
-            chown -R www-data:www-data $postactiv_dir/file
+            chown -R www-data:www-data "$postactiv_dir/file"
             rm -rf $temp_restore_dir
         fi
 
-        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
+        gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}"
 
         echo $"Restore of postactiv complete"
     fi
@@ -483,7 +486,7 @@ function restore_local_postactiv {
 
 function backup_remote_postactiv {
     POSTACTIV_DOMAIN_NAME='postactiv'
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if grep -q "postactiv domain" "$COMPLETION_FILE"; then
         POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
     fi
 
@@ -491,24 +494,24 @@ function backup_remote_postactiv {
     /etc/cron.daily/postactiv-expire
 
     source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
     fi
-    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory"
     fi
 
     function_check suspend_site
-    suspend_site ${POSTACTIV_DOMAIN_NAME}
+    suspend_site "${POSTACTIV_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=postactivconfig
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
     dest_directory=postactivfile
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check backup_database_to_friend
     backup_database_to_friend postactiv
@@ -518,16 +521,16 @@ function backup_remote_postactiv {
 }
 
 function restore_remote_postactiv {
-    if ! grep -q "postactiv domain" $COMPLETION_FILE; then
+    if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then
         return
     fi
     POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ $POSTACTIV_DOMAIN_NAME ]; then
+    if [ "$POSTACTIV_DOMAIN_NAME" ]; then
         echo $"Restoring postactiv"
         temp_restore_dir=/root/temppostactiv
         postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
         # stop the daemons
-        cd $postactiv_dir
+        cd "$postactiv_dir" || exit 24682464
         scripts/stopdaemons.sh
 
         function_check postactiv_create_database
@@ -542,36 +545,36 @@ function restore_remote_postactiv {
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir postactivconfig
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir ]; then
-                cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
-                cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir" ]; then
+                cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/"
+                cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/"
             else
-                cp $temp_restore_dir/config.php $postactiv_dir/
-                if [ ! -d $postactiv_dir/static ]; then
-                    mkdir $postactiv_dir/static
+                cp "$temp_restore_dir/config.php" "$postactiv_dir/"
+                if [ ! -d "$postactiv_dir/static" ]; then
+                    mkdir "$postactiv_dir/static"
                 fi
-                cp -rp $temp_restore_dir/static/* $postactiv_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/"
             fi
-            chown www-data:www-data $postactiv_dir/config.php
-            chown -R www-data:www-data $postactiv_dir/static
+            chown www-data:www-data "$postactiv_dir/config.php"
+            chown -R www-data:www-data "$postactiv_dir/static"
             rm -rf $temp_restore_dir
         fi
 
         restore_directory_from_friend $temp_restore_dir postactivfile
         if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir/file ]; then
-                cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then
+                cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/"
             else
-                if [ ! -d $postactiv_dir/file ]; then
-                    mkdir $postactiv_dir/file
+                if [ ! -d "$postactiv_dir/file" ]; then
+                    mkdir "$postactiv_dir/file"
                 fi
-                cp -rp $temp_restore_dir/* $postactiv_dir/file/
+                cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/"
             fi
-            chown -R www-data:www-data $postactiv_dir/file
+            chown -R www-data:www-data "$postactiv_dir/file"
             rm -rf $temp_restore_dir
         fi
 
-        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
+        gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}"
 
         echo $"Restore of postactiv complete"
     fi
@@ -587,23 +590,23 @@ function remove_postactiv {
     read_config_param "POSTACTIV_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $POSTACTIV_DOMAIN_NAME"
-    nginx_dissite $POSTACTIV_DOMAIN_NAME
-    remove_certs $POSTACTIV_DOMAIN_NAME
+    nginx_dissite "$POSTACTIV_DOMAIN_NAME"
+    remove_certs "$POSTACTIV_DOMAIN_NAME"
     if [ -f /etc/cron.hourly/postactiv-daemons ]; then
         rm /etc/cron.hourly/postactiv-daemons
     fi
-    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+    if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh" ]; then
+        cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 2467245248
         scripts/stopdaemons.sh
     fi
-    kill_pid=$(ps aux | grep /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
+    kill -9 "$kill_pid"
 
-    if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
-        rm -rf /var/www/$POSTACTIV_DOMAIN_NAME
+    if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME"
     fi
     function_check drop_database
     drop_database postactiv
@@ -614,17 +617,17 @@ function remove_postactiv {
     fi
     remove_app postactiv
     remove_completion_param install_postactiv
-    sed -i '/postactiv/d' $COMPLETION_FILE
+    sed -i '/postactiv/d' "$COMPLETION_FILE"
     remove_backup_database_local postactiv
 
     sed -i '/postactiv-firewall/d' /etc/crontab
 
     function_check remove_ddns_domain
-    remove_ddns_domain $POSTACTIV_DOMAIN_NAME
+    remove_ddns_domain "$POSTACTIV_DOMAIN_NAME"
 }
 
 function install_postactiv_main {
-    if [ ! $POSTACTIV_DOMAIN_NAME ]; then
+    if [ ! "$POSTACTIV_DOMAIN_NAME" ]; then
         echo $'No domain name was given for postactiv'
         exit 7359
     fi
@@ -648,38 +651,38 @@ function install_postactiv_main {
     apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
 
-    if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
-        mkdir /var/www/$POSTACTIV_DOMAIN_NAME
+    if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$POSTACTIV_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/postactiv ]; then
-            mkdir /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-            cp -r -p /repos/postactiv/. /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-            cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/postactiv/. "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+            cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46824682682
             git pull
         else
             function_check git_clone
-            git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+            git_clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone postactiv repo'
             exit 87525
         fi
     fi
 
-    cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+    cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46287462828
     git checkout $POSTACTIV_COMMIT -b $POSTACTIV_COMMIT
     set_completion_param "postactiv commit" "$POSTACTIV_COMMIT"
 
-    chmod g+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar
-    chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file
-    chown -R www-data:www-data /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-    chmod +x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php
-    chmod 755 /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
-    chmod -x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
+    chmod g+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar"
+    chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file"
+    chown -R www-data:www-data "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+    chmod +x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php"
+    chmod 755 "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php"
+    chmod -x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php"
 
     function_check postactiv_create_database
     postactiv_create_database
@@ -695,118 +698,118 @@ function install_postactiv_main {
     fi
 
     function_check add_ddns_domain
-    add_ddns_domain $POSTACTIV_DOMAIN_NAME
+    add_ddns_domain "$POSTACTIV_DOMAIN_NAME"
 
     POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})
 
     postactiv_nginx_site=/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $POSTACTIV_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $postactiv_nginx_site
-        echo '  listen 443 ssl;' >> $postactiv_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $postactiv_nginx_site
-        echo "  server_name $POSTACTIV_DOMAIN_NAME;" >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
+        nginx_http_redirect "$POSTACTIV_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $POSTACTIV_DOMAIN_NAME;";
+          echo ''; } >> "$postactiv_nginx_site"
         function_check nginx_compress
-        nginx_compress $POSTACTIV_DOMAIN_NAME
-        echo '' >> $postactiv_nginx_site
-        echo '  # Security' >> $postactiv_nginx_site
+        nginx_compress "$POSTACTIV_DOMAIN_NAME"
+        echo '' >> "$postactiv_nginx_site"
+        echo '  # Security' >> "$postactiv_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $POSTACTIV_DOMAIN_NAME
+        nginx_ssl "$POSTACTIV_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME
+        nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Logs' >> $postactiv_nginx_site
-        echo '  access_log /dev/null;' >> $postactiv_nginx_site
-        echo '  error_log /dev/null;' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Root' >> $postactiv_nginx_site
-        echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Index' >> $postactiv_nginx_site
-        echo '  index index.php;' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # PHP' >> $postactiv_nginx_site
-        echo '  location ~ \.php {' >> $postactiv_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Location' >> $postactiv_nginx_site
-        echo '  location / {' >> $postactiv_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$postactiv_nginx_site"
         function_check nginx_limits
-        nginx_limits $POSTACTIV_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Fancy URLs' >> $postactiv_nginx_site
-        echo '  location @postactiv {' >> $postactiv_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
-        echo '    deny all;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '}' >> $postactiv_nginx_site
+        nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @postactiv;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @postactiv {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}'; } >> "$postactiv_nginx_site"
     else
-        echo -n '' > $postactiv_nginx_site
+        echo -n '' > "$postactiv_nginx_site"
     fi
-    echo 'server {' >> $postactiv_nginx_site
-    echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;" >> $postactiv_nginx_site
-    echo "    server_name $POSTACTIV_ONION_HOSTNAME;" >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;";
+      echo "    server_name $POSTACTIV_ONION_HOSTNAME;";
+      echo ''; } >> "$postactiv_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME
-    echo '' >> $postactiv_nginx_site
+    nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
+    echo '' >> "$postactiv_nginx_site"
     function_check nginx_compress
-    nginx_compress $POSTACTIV_DOMAIN_NAME
-    echo '' >> $postactiv_nginx_site
-    echo '  # Logs' >> $postactiv_nginx_site
-    echo '  access_log /dev/null;' >> $postactiv_nginx_site
-    echo '  error_log /dev/null;' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Root' >> $postactiv_nginx_site
-    echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Index' >> $postactiv_nginx_site
-    echo '  index index.php;' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # PHP' >> $postactiv_nginx_site
-    echo '  location ~ \.php {' >> $postactiv_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Location' >> $postactiv_nginx_site
-    echo '  location / {' >> $postactiv_nginx_site
+    nginx_compress "$POSTACTIV_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$postactiv_nginx_site"
     function_check nginx_limits
-    nginx_limits $POSTACTIV_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Fancy URLs' >> $postactiv_nginx_site
-    echo '  location @postactiv {' >> $postactiv_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
-    echo '    deny all;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '}' >> $postactiv_nginx_site
+    nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @postactiv;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @postactiv {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$postactiv_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $POSTACTIV_DOMAIN_NAME 'yes'
+    create_site_certificate "$POSTACTIV_DOMAIN_NAME" 'yes'
 
     # Ensure that the database gets backed up locally, if remote
     # backups are not being used
@@ -817,7 +820,7 @@ function install_postactiv_main {
     backup_database_local postactiv
 
     function_check nginx_ensite
-    nginx_ensite $POSTACTIV_DOMAIN_NAME
+    nginx_ensite "$POSTACTIV_DOMAIN_NAME"
 
     # NOTE: For the typical case always enable SSL and only
     # disable it if in onion only mode. This is due to complexities
@@ -834,8 +837,8 @@ function install_postactiv_main {
 
     # Create the configuration
     postactiv_installer=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts/install_cli.php
-    if [ ! -f $postactiv_installer ]; then
-        rm -rf /var/www/$POSTACTIV_DOMAIN_NAME
+    if [ ! -f "$postactiv_installer" ]; then
+        rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
         echo $'No postactiv commandline installer found'
         exit 53026
     fi
@@ -856,45 +859,45 @@ function install_postactiv_main {
     #fi
 
     # check postactiv has a config file
-    postactiv_config_file=/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php
-    if [ ! -f $postactiv_config_file ]; then
+    postactiv_config_file="/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php"
+    if [ ! -f "$postactiv_config_file" ]; then
         drop_database postactiv
-        rm -rf /var/www/$POSTACTIV_DOMAIN_NAME
+        rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
         echo $'Postactiv config.php not found'
         exit 87586
     fi
 
     # Some useful settings
-    if ! grep -q "Recommended postactiv settings" $postactiv_config_file; then
-        echo "" >> $postactiv_config_file
-        echo "// Recommended postactiv settings" >> $postactiv_config_file
-        echo "\$config['thumbnail']['maxsize'] = 3000;" >> $postactiv_config_file
-        echo "\$config['profile']['delete'] = true;" >> $postactiv_config_file
-        echo "\$config['profile']['changenick'] = true;" >> $postactiv_config_file
-        echo "\$config['public']['localonly'] = false;" >> $postactiv_config_file
-        echo "addPlugin('StoreRemoteMedia');" >> $postactiv_config_file
-        echo "\$config['queue']['enabled'] = true;" >> $postactiv_config_file
-        echo "\$config['queue']['daemon'] = true;" >> $postactiv_config_file
-        echo "\$config['ostatus']['hub_retries'] = 3;" >> $postactiv_config_file
+    if ! grep -q "Recommended postactiv settings" "$postactiv_config_file"; then
+        { echo "";
+          echo "// Recommended postactiv settings";
+          echo "\$config['thumbnail']['maxsize'] = 3000;";
+          echo "\$config['profile']['delete'] = true;";
+          echo "\$config['profile']['changenick'] = true;";
+          echo "\$config['public']['localonly'] = false;";
+          echo "addPlugin('StoreRemoteMedia');";
+          echo "\$config['queue']['enabled'] = true;";
+          echo "\$config['queue']['daemon'] = true;";
+          echo "\$config['ostatus']['hub_retries'] = 3;"; } >> "$postactiv_config_file"
     fi
 
-    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> $postactiv_config_file
+    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> "$postactiv_config_file"
 
     # This improves performance
-    sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $postactiv_config_file
+    sed -i "s|//\$config\\['db'\\]\\['schemacheck'\\].*|\$config\\['db'\\]\\['schemacheck'\\] = 'script';|g" "$postactiv_config_file"
 
     # remove the install script
-    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then
-        rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php
+    if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then
+        rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php"
     fi
 
     systemctl restart mariadb
     systemctl restart php7.0-fpm
     systemctl restart nginx
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD"
 
     gnusocial_block_user_script
     gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME"
@@ -905,7 +908,7 @@ function install_postactiv_main {
 }
 
 function install_postactiv {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -925,8 +928,8 @@ function install_postactiv {
         install_nodejs pleroma-gnusocial
         install_pleroma_front_end "postactiv" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
         install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
-        postactiv_customise_logo
-        sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json
+        postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME"
+        sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json"
     fi
 
     expire_gnusocial_posts "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_EXPIRE_MONTHS"
@@ -940,8 +943,8 @@ function install_postactiv {
     # And doesn't forget logins
     gnusocial_use_qvitter postactiv
 
-    if [ $POSTACTIV_BACKGROUND_IMAGE_URL ]; then
-        pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
+    if [ "$POSTACTIV_BACKGROUND_IMAGE_URL" ]; then
+        pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
     fi
 
     APP_INSTALLED=1
diff --git a/src/freedombone-app-privatebin b/src/freedombone-app-privatebin
index 48d122aa..0667cd84 100755
--- a/src/freedombone-app-privatebin
+++ b/src/freedombone-app-privatebin
@@ -56,7 +56,7 @@ function secure_privatebin {
     find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550
 
     chown -R ${rootuser}:${htgroup} "${pbpath}/"
-    chown -R www-data:www-data ${pbdata}
+    chown -R www-data:www-data "${pbdata}"
 }
 
 function logging_on_privatebin {
@@ -68,63 +68,65 @@ function logging_off_privatebin {
 }
 
 function remove_user_privatebin {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_privatebin {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
 
     echo '0'
 }
 
 function install_interactive_privatebin {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         PRIVATEBIN_DOMAIN_NAME='privatebin.local'
     else
         PRIVATEBIN_DETAILS_COMPLETE=
         while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PrivateBin Configuration" \
-                       --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
                        $"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PrivateBin Configuration" \
-                       --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                        $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            PRIVATEBIN_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $PRIVATEBIN_DOMAIN_NAME ]; then
-                if [[ $PRIVATEBIN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            PRIVATEBIN_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
+                if [[ "$PRIVATEBIN_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                     PRIVATEBIN_DOMAIN_NAME=""
                 fi
                 TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PRIVATEBIN_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$PRIVATEBIN_DOMAIN_NAME" ]]; then
                     PRIVATEBIN_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        PRIVATEBIN_CODE=$(cat $data | sed -n 2p)
+                        PRIVATEBIN_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$PRIVATEBIN_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             PRIVATEBIN_DOMAIN_NAME=
                         fi
                     fi
@@ -133,6 +135,7 @@ function install_interactive_privatebin {
             if [ $PRIVATEBIN_DOMAIN_NAME ]; then
                 PRIVATEBIN_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE"
@@ -142,8 +145,9 @@ function install_interactive_privatebin {
 }
 
 function change_password_privatebin {
-    curr_username="$1"
-    new_user_password="$2"
+#    curr_username="$1"
+#    new_user_password="$2"
+    echo -n ''
 }
 
 function reconfigure_privatebin {
@@ -156,13 +160,13 @@ function upgrade_privatebin {
         return
     fi
 
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
         PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs "privatebin commit" "$PRIVATEBIN_COMMIT" $PRIVATEBIN_REPO
+    set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO"
 
     secure_privatebin
 }
@@ -170,40 +174,40 @@ function upgrade_privatebin {
 
 function backup_local_privatebin {
     PRIVATEBIN_DOMAIN_NAME='privatebin'
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
         PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
     fi
 
-    source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
 
     function_check suspend_site
-    suspend_site ${PRIVATEBIN_DOMAIN_NAME}
+    suspend_site "${PRIVATEBIN_DOMAIN_NAME}"
 
     function_check backup_directory_to_usb
     dest_directory=privatebin
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
 }
 
 function restore_local_privatebin {
-    if ! grep -q "privatebin domain" $COMPLETION_FILE; then
+    if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
         return
     fi
     PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    if [ $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
         echo $"Restoring privatebin"
         temp_restore_dir=/root/tempprivatebin
-        privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+        privatebin_dir="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
 
         function_check restore_directory_from_usb
         restore_directory_from_usb $temp_restore_dir privatebin
         if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$privatebin_dir ]; then
-                cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
+            if [ -d "$temp_restore_dir$privatebin_dir" ]; then
+                cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
             else
-                cp -rp $temp_restore_dir/* $privatebin_dir/
+                cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
             fi
             secure_privatebin
             rm -rf $temp_restore_dir
@@ -215,39 +219,39 @@ function restore_local_privatebin {
 
 function backup_remote_privatebin {
     PRIVATEBIN_DOMAIN_NAME='privatebin'
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
         PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
     fi
 
-    source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"
 
     function_check suspend_site
-    suspend_site ${PRIVATEBIN_DOMAIN_NAME}
+    suspend_site "${PRIVATEBIN_DOMAIN_NAME}"
 
     function_check backup_directory_to_friend
     dest_directory=privatebin
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"
 
     function_check restart_site
     restart_site
 }
 
 function restore_remote_privatebin {
-    if ! grep -q "privatebin domain" $COMPLETION_FILE; then
+    if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
         return
     fi
     PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    if [ $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
         temp_restore_dir=/root/tempprivatebin
         privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
 
         function_check restore_directory_from_friend
         restore_directory_from_friend $temp_restore_dir privatebin
         if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$privatebin_dir ]; then
-                cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
+            if [ -d "$temp_restore_dir$privatebin_dir" ]; then
+                cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
             else
-                cp -rp $temp_restore_dir/* $privatebin_dir/
+                cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
             fi
             secure_privatebin
             rm -rf $temp_restore_dir
@@ -262,14 +266,14 @@ function remove_privatebin {
     read_config_param "PRIVATEBIN_DOMAIN_NAME"
     read_config_param "MY_USERNAME"
     echo "Removing $PRIVATEBIN_DOMAIN_NAME"
-    nginx_dissite $PRIVATEBIN_DOMAIN_NAME
-    remove_certs $PRIVATEBIN_DOMAIN_NAME
+    nginx_dissite "$PRIVATEBIN_DOMAIN_NAME"
+    remove_certs "$PRIVATEBIN_DOMAIN_NAME"
 
-    if [ -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
-        rm -rf /var/www/$PRIVATEBIN_DOMAIN_NAME
+    if [ -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PRIVATEBIN_DOMAIN_NAME"
     fi
-    if [ -f /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME"
     fi
     function_check remove_onion_service
     remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT}
@@ -278,18 +282,18 @@ function remove_privatebin {
     fi
     remove_app privatebin
     remove_completion_param install_privatebin
-    sed -i '/privatebin/d' $COMPLETION_FILE
+    sed -i '/privatebin/d' "$COMPLETION_FILE"
 
     function_check remove_ddns_domain
-    remove_ddns_domain $PRIVATEBIN_DOMAIN_NAME
+    remove_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"
 }
 
 function install_privatebin {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
-    if [ ! $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ ! "$PRIVATEBIN_DOMAIN_NAME" ]; then
         echo $'No domain name was given for privatebin'
         exit 7359
     fi
@@ -298,153 +302,153 @@ function install_privatebin {
     apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
     apt-get -yq install php-libsodium libsodium18 php-mcrypt
 
-    if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
-        mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME
+    if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME"
     fi
-    if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then
 
         if [ -d /repos/privatebin ]; then
-            mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-            cp -r -p /repos/privatebin/. /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-            cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/privatebin/. "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+            cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 3468246824
             git pull
         else
             function_check git_clone
-            git_clone $PRIVATEBIN_REPO /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+            git_clone "$PRIVATEBIN_REPO" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
         fi
 
-        if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then
             echo $'Unable to clone privatebin repo'
             exit 63763873
         fi
     fi
 
-    cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-    git checkout $PRIVATEBIN_COMMIT -b $PRIVATEBIN_COMMIT
+    cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 24682462
+    git checkout "$PRIVATEBIN_COMMIT" -b "$PRIVATEBIN_COMMIT"
     set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT"
 
-    chmod g+w /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
 
     function_check add_ddns_domain
-    add_ddns_domain $PRIVATEBIN_DOMAIN_NAME
+    add_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"
 
     PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT})
 
     privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
-        nginx_http_redirect $PRIVATEBIN_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $privatebin_nginx_site
-        echo '  listen 443 ssl;' >> $privatebin_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $privatebin_nginx_site
-        echo "  server_name $PRIVATEBIN_DOMAIN_NAME;" >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
+        nginx_http_redirect "$PRIVATEBIN_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $PRIVATEBIN_DOMAIN_NAME;";
+          echo ''; } >> "$privatebin_nginx_site"
         function_check nginx_compress
-        nginx_compress $PRIVATEBIN_DOMAIN_NAME
-        echo '' >> $privatebin_nginx_site
-        echo '  # Security' >> $privatebin_nginx_site
+        nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
+        echo '' >> "$privatebin_nginx_site"
+        echo '  # Security' >> "$privatebin_nginx_site"
         function_check nginx_ssl
-        nginx_ssl $PRIVATEBIN_DOMAIN_NAME
+        nginx_ssl "$PRIVATEBIN_DOMAIN_NAME"
 
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
+        nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Logs' >> $privatebin_nginx_site
-        echo '  access_log /dev/null;' >> $privatebin_nginx_site
-        echo '  error_log /dev/null;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  index index.php;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  location ~ \.php {' >> $privatebin_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Location' >> $privatebin_nginx_site
-        echo '  location / {' >> $privatebin_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$privatebin_nginx_site"
         function_check nginx_limits
-        nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $privatebin_nginx_site
-        echo '    deny all;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '}' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
+        nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
+        { echo '    try_files $uri $uri/ @privatebin;';
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> "$privatebin_nginx_site"
     else
-        echo -n '' > $privatebin_nginx_site
+        echo -n '' > "$privatebin_nginx_site"
     fi
-    echo 'server {' >> $privatebin_nginx_site
-    echo "    listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;" >> $privatebin_nginx_site
-    echo "    server_name $PRIVATEBIN_ONION_HOSTNAME;" >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;";
+      echo "    server_name $PRIVATEBIN_ONION_HOSTNAME;";
+      echo ''; } >> "$privatebin_nginx_site"
     function_check nginx_compress
-    nginx_compress $PRIVATEBIN_DOMAIN_NAME
-    echo '' >> $privatebin_nginx_site
+    nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
+    echo '' >> "$privatebin_nginx_site"
     function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
-    echo '' >> $privatebin_nginx_site
-    echo '  # Logs' >> $privatebin_nginx_site
-    echo '  access_log /dev/null;' >> $privatebin_nginx_site
-    echo '  error_log /dev/null;' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  index index.php;' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  location ~ \.php {' >> $privatebin_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  # Location' >> $privatebin_nginx_site
-    echo '  location / {' >> $privatebin_nginx_site
+    nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$privatebin_nginx_site"
     function_check nginx_limits
-    nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $privatebin_nginx_site
-    echo '    deny all;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '}' >> $privatebin_nginx_site
+    nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
+    { echo '    try_files $uri $uri/ @privatebin;';
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$privatebin_nginx_site"
 
     function_check configure_php
     configure_php
 
     function_check create_site_certificate
-    create_site_certificate $PRIVATEBIN_DOMAIN_NAME 'yes'
+    create_site_certificate "$PRIVATEBIN_DOMAIN_NAME" 'yes'
 
     function_check nginx_ensite
-    nginx_ensite $PRIVATEBIN_DOMAIN_NAME
+    nginx_ensite "$PRIVATEBIN_DOMAIN_NAME"
 
-    cp /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
+    cp "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
 
     # Change some defaults
-    sed -i 's|; qrcode|qrcode|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|default =.*|default = "1day"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|languagedefault =.*|languagedefault = "en"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1week =|; 1week =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1month =|; 1month =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1year =|; 1year =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|never =|; never =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|limit = 10|limit = 30|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|limit = 300|limit = 0|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|batchsize =.*|batchsize = 100|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|sizelimit =.*|sizelimit = 32768|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
+    sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1week =|; 1week =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1month =|; 1month =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|limit = 300|limit = 0|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|batchsize =.*|batchsize = 100|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|sizelimit =.*|sizelimit = 32768|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
 
-    mkdir -p /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data
+    mkdir -p "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"
 
     secure_privatebin
 
diff --git a/src/freedombone-app-profanity b/src/freedombone-app-profanity
index d602aa50..604d388f 100755
--- a/src/freedombone-app-profanity
+++ b/src/freedombone-app-profanity
@@ -57,12 +57,13 @@ function logging_off_profanity {
 }
 
 function remove_user_profanity {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_profanity {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
 
     echo '0'
 }
@@ -82,19 +83,19 @@ function change_password_profanity {
 
     read_config_param DEFAULT_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a xmpp -p "$new_user_password"
 
     # TODO: this is currently interactive. Really there needs to be a
     # non-interactive password change option for prosodyctl
     clear
     echo ''
     echo $'Currently Prosody requires password changes to be done interactively'
-    prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME}
+    prosodyctl passwd "${curr_username}@${DEFAULT_DOMAIN_NAME}"
 
     XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
     XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-    if [ -f $XMPP_CLIENT_ACCOUNTS ]; then
-        sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS
+    if [ -f "$XMPP_CLIENT_ACCOUNTS" ]; then
+        sed -i "s|password=.*|password=$new_user_password|g" "$XMPP_CLIENT_ACCOUNTS"
     fi
 }
 
@@ -110,11 +111,11 @@ function upgrade_profanity {
 
     rm -rf /tmp/*
 
-    CURR_LIBMESODE_COMMIT=$(cat $COMPLETION_FILE | grep "libmesode commit" | awk -F ':' '{print $2}')
+    CURR_LIBMESODE_COMMIT=$(grep "libmesode commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_LIBMESODE_COMMIT" != "$LIBMESODE_COMMIT" ]]; then
         function_check set_repo_commit
-        set_repo_commit $INSTALL_DIR/libmesode "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO
-        cd $INSTALL_DIR/libmesode
+        set_repo_commit "$INSTALL_DIR/libmesode" "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO
+        cd "$INSTALL_DIR/libmesode" || exit 42682682
         ./bootstrap.sh
         ./configure
         make
@@ -124,42 +125,42 @@ function upgrade_profanity {
 
     rm -rf /tmp/*
 
-    CURR_PROFANITY_COMMIT=$(cat $COMPLETION_FILE | grep "profanity commit" | awk -F ':' '{print $2}')
+    CURR_PROFANITY_COMMIT=$(grep "profanity commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_PROFANITY_COMMIT" != "$PROFANITY_COMMIT" ]]; then
         function_check set_repo_commit
-        set_repo_commit $INSTALL_DIR/profanity "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO
-        cd $INSTALL_DIR/profanity
+        set_repo_commit "$INSTALL_DIR/profanity" "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO
+        cd "$INSTALL_DIR/profanity" || exit 248242684
         ./bootstrap.sh
         ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
         make
         make install
     fi
 
-    CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(cat $COMPLETION_FILE | grep "profanity omemo plugin commit" | awk -F ':' '{print $2}')
+    CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(grep "profanity omemo plugin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$CURR_PROFANITY_OMEMO_PLUGIN_COMMIT" != "$PROFANITY_OMEMO_PLUGIN_COMMIT" ]]; then
         # upgrade omemo plugins for all users
-        set_repo_commit $INSTALL_DIR/profanity-omemo-plugin "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO
-        cd $INSTALL_DIR/profanity-omemo-plugin
-        sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh
+        set_repo_commit "$INSTALL_DIR/profanity-omemo-plugin" "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO
+        cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 2468246284
+        sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
         pip uninstall -y profanity-omemo-plugin
         ./install.sh
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME/.local/share/profanity/plugins ]; then
-                    mkdir -p /home/$USERNAME/.local/share/profanity/plugins
+                if [ ! -d "/home/$USERNAME/.local/share/profanity/plugins" ]; then
+                    mkdir -p "/home/$USERNAME/.local/share/profanity/plugins"
                 fi
-                if [ -f $INSTALL_DIR/profanity-omemo-plugin/omemo.py ]; then
-                    rm $INSTALL_DIR/profanity-omemo-plugin/omemo.*
+                if [ -f "$INSTALL_DIR/profanity-omemo-plugin/omemo.py" ]; then
+                    rm "$INSTALL_DIR/profanity-omemo-plugin/omemo.*"
                 fi
-                cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$USERNAME/.local/share/profanity/plugins
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/.local
+                cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/home/$USERNAME/.local/share/profanity/plugins"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.local"
             fi
         done
         if [ -f /etc/skel/.local/share/profanity/plugins/omemo.py ]; then
             rm /etc/skel/.local/share/profanity/plugins/omemo.*
         fi
-        cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins
+        cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/etc/skel/.local/share/profanity/plugins"
     fi
 
     chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
@@ -183,11 +184,11 @@ function restore_remote_profanity {
 
 function remove_profanity {
     if [ -f /usr/local/bin/profanity ]; then
-        cd $INSTALL_DIR/profanity
+        cd "$INSTALL_DIR/profanity" || exit 4628462848
         make uninstall
 
         remove_completion_param install_profanity
-        sed -i '/profanity/d' $COMPLETION_FILE
+        sed -i '/profanity/d' "$COMPLETION_FILE"
     fi
 }
 
@@ -197,8 +198,8 @@ function install_profanity {
         return
     fi
     # install profanity from source in order to get OMEMO support
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     apt-get -yq install automake autoconf autoconf-archive libtool build-essential
@@ -207,15 +208,15 @@ function install_profanity {
 
     # dependency for profanity not available in debian
     if [ -d /repos/libmesode ]; then
-        mkdir $INSTALL_DIR/libmesode
-        cp -r -p /repos/libmesode/. $INSTALL_DIR/libmesode
-        cd $INSTALL_DIR/libmesode
+        mkdir "$INSTALL_DIR/libmesode"
+        cp -r -p /repos/libmesode/. "$INSTALL_DIR/libmesode"
+        cd "$INSTALL_DIR/libmesode" || exit 46287642846872
         git pull
     else
-        git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
+        git_clone "$LIBMESODE_REPO" "$INSTALL_DIR/libmesode"
     fi
 
-    cd $INSTALL_DIR/libmesode
+    cd "$INSTALL_DIR/libmesode" || exit 2468246284
     git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT
     ./bootstrap.sh
     ./configure
@@ -225,15 +226,15 @@ function install_profanity {
 
     # build profanity
     if [ -d /repos/profanity ]; then
-        mkdir $INSTALL_DIR/profanity
-        cp -r -p /repos/profanity/. $INSTALL_DIR/profanity
-        cd $INSTALL_DIR/profanity
+        mkdir "$INSTALL_DIR/profanity"
+        cp -r -p /repos/profanity/. "$INSTALL_DIR/profanity"
+        cd "$INSTALL_DIR/profanity" || exit 2468246824
         git pull
     else
-        git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
+        git_clone "$PROFANITY_REPO" "$INSTALL_DIR/profanity"
     fi
 
-    cd $INSTALL_DIR/profanity
+    cd "$INSTALL_DIR/profanity" || exit 54287452858
     git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT
     ./bootstrap.sh
     ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
@@ -249,116 +250,116 @@ function install_profanity {
     apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev
 
     if [ -d /repos/profanity-omemo ]; then
-        mkdir $INSTALL_DIR/profanity-omemo-plugin
-        cp -r -p /repos/profanity-omemo/. $INSTALL_DIR/profanity-omemo-plugin
-        cd $INSTALL_DIR/profanity-omemo-plugin
+        mkdir "$INSTALL_DIR/profanity-omemo-plugin"
+        cp -r -p /repos/profanity-omemo/. "$INSTALL_DIR/profanity-omemo-plugin"
+        cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 24682462842
         git pull
     else
-        git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
+        git_clone "$PROFANITY_OMEMO_PLUGIN_REPO" "$INSTALL_DIR/profanity-omemo-plugin"
     fi
 
-    cd $INSTALL_DIR/profanity-omemo-plugin
+    cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 6428468248
     git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT
-    if [ ! -f $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py ]; then
+    if [ ! -f "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" ]; then
         echo $'prof_omemo_plugin.py not found'
         exit 389225
     fi
-    sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh
+    sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
     ./install.sh
 
     mkdir -p /etc/skel/.local/share/profanity/plugins
-    cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins
-    cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$MY_USERNAME/.local/share/profanity/plugins
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
+    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /etc/skel/.local/share/profanity/plugins
+    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /home/$MY_USERNAME/.local/share/profanity/plugins
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
 
     XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
     XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-    if [ ! -d $XMPP_CLIENT_DIR ]; then
-        mkdir -p $XMPP_CLIENT_DIR
+    if [ ! -d "$XMPP_CLIENT_DIR" ]; then
+        mkdir -p "$XMPP_CLIENT_DIR"
     fi
 
     XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
-    MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME")
+    #MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME")
 
     if [[ $ONION_ONLY == 'no' ]]; then
-        echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
-        echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-        echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
-        # There is a bug where profanity doesn't refresh the screen
-        # after gpg-agent has asked for a password, so for now
-        # don't set the gpg key by default
-        #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
-        echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+        { echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]";
+          echo 'enabled=true';
+          echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}";
+          echo "server=$XMPP_ONION_HOSTNAME";
+          # There is a bug where profanity doesn't refresh the screen
+          # after gpg-agent has asked for a password, so for now
+          # don't set the gpg key by default
+          #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
+          echo "pgp.keyid=";
+          echo 'resource=profanity';
+          echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}";
+          echo "muc.nick=${MY_USERNAME}";
+          echo 'presence.last=online';
+          echo 'presence.login=online';
+          echo 'priority.online=0';
+          echo 'priority.chat=0';
+          echo 'priority.away=0';
+          echo 'priority.xa=0';
+          echo 'priority.dnd=0'; } > "$XMPP_CLIENT_ACCOUNTS"
         if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-            echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+            echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
         fi
     fi
 
     if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
-        echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
+        echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> "$XMPP_CLIENT_ACCOUNTS"
         if [[ $ONION_ONLY == 'no' ]]; then
-            echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
+            echo 'enabled=false' >> "$XMPP_CLIENT_ACCOUNTS"
         else
-            echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+            echo 'enabled=true' >> "$XMPP_CLIENT_ACCOUNTS"
         fi
-        echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
-        # There is a bug where profanity doesn't refresh the screen
-        # after gpg-agent has asked for a password, so for now
-        # don't set the gpg key by default
-        #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
-        echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.service=${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+        { echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}";
+          echo "server=$XMPP_ONION_HOSTNAME";
+          # There is a bug where profanity doesn't refresh the screen
+          # after gpg-agent has asked for a password, so for now
+          # don't set the gpg key by default
+          #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
+          echo "pgp.keyid=";
+          echo 'resource=profanity';
+          echo "muc.service=${XMPP_ONION_HOSTNAME}";
+          echo "muc.nick=${MY_USERNAME}";
+          echo 'presence.last=online';
+          echo 'presence.login=online';
+          echo 'priority.online=0';
+          echo 'priority.chat=0';
+          echo 'priority.away=0';
+          echo 'priority.xa=0';
+          echo 'priority.dnd=0'; } >> "$XMPP_CLIENT_ACCOUNTS"
         if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-            echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+            echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
         fi
     fi
 
-    if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
-        mkdir -p /home/$MY_USERNAME/.config/profanity
+    if [ ! -d "/home/$MY_USERNAME/.config/profanity" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/profanity"
     fi
-    echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
+    echo '[connection]' > "/home/$MY_USERNAME/.config/profanity/profrc"
     if [[ $ONION_ONLY == 'no' ]]; then
-        echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+        echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
     else
-        echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+        echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
     fi
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[plugins]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'load=prof_omemo_plugin.py;' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[otr]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'policy=opportunistic' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[pgp]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[ui]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'enc.warn=true' >> /home/$MY_USERNAME/.config/profanity/profrc
+    { echo '';
+      echo '[plugins]';
+      echo 'load=prof_omemo_plugin.py;';
+      echo '';
+      echo '[otr]';
+      echo 'policy=opportunistic';
+      echo 'log=off';
+      echo '';
+      echo '[pgp]';
+      echo 'log=off';
+      echo '';
+      echo '[ui]';
+      echo 'enc.warn=true'; } >> "/home/$MY_USERNAME/.config/profanity/profrc"
 
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
 
     chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
     APP_INSTALLED=1
diff --git a/src/freedombone-app-radicale b/src/freedombone-app-radicale
index 7e925801..6d37c502 100755
--- a/src/freedombone-app-radicale
+++ b/src/freedombone-app-radicale
@@ -61,15 +61,15 @@ function logging_off_radicale {
 function remove_user_radicale {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp radicale
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp radicale
 
     if grep -q "${remove_username}:" ${RADICALE_USERS}; then
         sed -i "/${remove_username}:/d" ${RADICALE_USERS}
-        if [ -d /var/www/radicale/collections/${remove_username} ]; then
-            rm -rf /var/www/radicale/collections/${remove_username}
+        if [ -d "/var/www/radicale/collections/${remove_username}" ]; then
+            rm -rf "/var/www/radicale/collections/${remove_username}"
         fi
-        if [ -f /var/www/radicale/collections/${remove_username}.props ]; then
-            rm /var/www/radicale/collections/${remove_username}.props
+        if [ -f "/var/www/radicale/collections/${remove_username}.props" ]; then
+            rm "/var/www/radicale/collections/${remove_username}.props"
         fi
         systemctl restart radicale
     fi
@@ -79,7 +79,7 @@ function add_user_radicale {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a radicale -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a radicale -p "$new_user_password"
 
     if [ ! -f ${RADICALE_USERS} ]; then
         touch ${RADICALE_USERS}
@@ -88,13 +88,13 @@ function add_user_radicale {
     if ! grep -q "$new_username:" ${RADICALE_USERS}; then
         htpasswd -bd ${RADICALE_USERS} "$new_username" "$new_user_password"
 
-        echo '{"ICAL:calendar-color": "#9e50df"}' > /var/www/radicale/collections/${new_username}.props
-        mkdir /var/www/radicale/collections/${new_username}
-        echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > /var/www/radicale/collections/${new_username}/calendar.props
-        echo 'BEGIN:VCALENDAR' > /var/www/radicale/collections/${new_username}/calendar
-        echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN' >> /var/www/radicale/collections/${new_username}/calendar
-        echo 'VERSION:2.0' >> /var/www/radicale/collections/${new_username}/calendar
-        echo 'END:VCALENDAR' >> /var/www/radicale/collections/${new_username}/calendar
+        echo '{"ICAL:calendar-color": "#9e50df"}' > "/var/www/radicale/collections/${new_username}.props"
+        mkdir "/var/www/radicale/collections/${new_username}"
+        echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > "/var/www/radicale/collections/${new_username}/calendar.props"
+        { echo 'BEGIN:VCALENDAR';
+          echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN';
+          echo 'VERSION:2.0';
+          echo 'END:VCALENDAR'; } >> "/var/www/radicale/collections/${new_username}/calendar"
 
         chown -R www-data:www-data /var/www/radicale
         chmod -R 755 /var/www/radicale/*
@@ -107,7 +107,7 @@ function change_password_radicale {
     existing_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $existing_username -a radicale -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$existing_username" -a radicale -p "$new_user_password"
 
     if grep -q "${existing_username}:" ${RADICALE_USERS}; then
         sed -i "/${existing_username}:/d" ${RADICALE_USERS}
@@ -127,14 +127,14 @@ function reconfigure_radicale {
     rm -rf /var/log/radicale/*
 
     # create an admin password
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
     fi
     add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
 
     touch /var/log/radicale/radicale.log
     chown -R www-data:www-data /var/log/radicale
@@ -145,7 +145,7 @@ function upgrade_radicale {
         return
     fi
 
-    if ! grep -q "radicale version:" $COMPLETION_FILE; then
+    if ! grep -q "radicale version:" "$COMPLETION_FILE"; then
         return
     fi
 
@@ -155,7 +155,7 @@ function upgrade_radicale {
     fi
 
     # get the source
-    cd /var/www/radicale
+    cd /var/www/radicale || exit 62784628468
     wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
 
     # check the hash
@@ -170,7 +170,7 @@ function upgrade_radicale {
         exit 73529
     fi
     rm Radicale-${RADICALE_VERSION}.tar.gz
-    cd Radicale-${RADICALE_VERSION}
+    cd "Radicale-${RADICALE_VERSION}" || exit 264824684
 
     # move the old command
     mv /usr/local/bin/radicale /usr/local/bin/radicale_previous
@@ -186,9 +186,9 @@ function upgrade_radicale {
     fi
 
     # remove the old source
-    rm -rf Radicale-${CURR_RADICALE_VERSION}
+    rm -rf "Radicale-${CURR_RADICALE_VERSION}" || exit 6842684282
 
-    sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" "${COMPLETION_FILE}"
     chown -R www-data:www-data /var/www/radicale
     systemctl restart radicale
     systemctl restart nginx
@@ -219,6 +219,7 @@ function restore_local_radicale {
         else
             cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -233,6 +234,7 @@ function restore_local_radicale {
         else
             cp -r $temp_restore_dir/* /var/www/radicale/*
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check backup_unmount_drive
             backup_unmount_drive
@@ -264,6 +266,7 @@ function restore_remote_radicale {
         else
             cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 236746
         fi
@@ -276,6 +279,7 @@ function restore_remote_radicale {
         else
             cp -r $temp_restore_dir/* /var/www/radicale
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 3674284
         fi
@@ -332,17 +336,17 @@ function remove_radicale {
     fi
 
     remove_completion_param install_radicale
-    sed -i '/radicale/d' $COMPLETION_FILE
-    sed -i '/# Start radicale/,/# End radicale/d' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+    sed -i '/radicale/d' "$COMPLETION_FILE"
+    sed -i '/# Start radicale/,/# End radicale/d' "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
     systemctl restart nginx
 }
 
 function install_radicale {
     if [[ $ONION_ONLY == 'no' ]]; then
         # obtain a cert for the default domain
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+        if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
             echo $'Obtaining certificate for the main domain'
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
+            create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
         fi
     fi
 
@@ -368,7 +372,7 @@ function install_radicale {
     fi
 
     # get the source
-    cd /var/www/radicale
+    cd /var/www/radicale || exit 462874628
     wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz
 
     # check the hash
@@ -383,7 +387,7 @@ function install_radicale {
         exit 623252
     fi
     rm Radicale-${RADICALE_VERSION}.tar.gz
-    cd Radicale-${RADICALE_VERSION}
+    cd "Radicale-${RADICALE_VERSION}" || exit 872462842
     python setup.py install
     if [ ! -f /usr/local/bin/radicale ]; then
         echo $'Radicale did not install'
@@ -398,52 +402,52 @@ function install_radicale {
     fi
 
     # create the configuration
-    echo '[server]' >  ${RADICALE_DIRECTORY}/config
-    echo 'hosts=localhost:52322' >> ${RADICALE_DIRECTORY}/config
-    echo 'ssl = False' >> ${RADICALE_DIRECTORY}/config
-    echo 'daemon = False' >> ${RADICALE_DIRECTORY}/config
-    echo 'base_prefix=/radicale/' >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[storage]' >> ${RADICALE_DIRECTORY}/config
-    echo 'type = filesystem' >> ${RADICALE_DIRECTORY}/config
-    echo "filesystem_folder = /var/www/radicale/collections" >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[well-known]' >> ${RADICALE_DIRECTORY}/config
-    echo "caldav = '/%(user)s/caldav/'" >> ${RADICALE_DIRECTORY}/config
-    echo "carddav = '/%(user)s/carddav/'" >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '#[auth]' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_hostname = localhost' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_port = 143' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_ssl = False' >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[logging]' >> ${RADICALE_DIRECTORY}/config
-    echo 'debug = False' >> ${RADICALE_DIRECTORY}/config
+    { echo '[server]';
+      echo 'hosts=localhost:52322';
+      echo 'ssl = False';
+      echo 'daemon = False';
+      echo 'base_prefix=/radicale/';
+      echo '';
+      echo '[storage]';
+      echo 'type = filesystem';
+      echo "filesystem_folder = /var/www/radicale/collections";
+      echo '';
+      echo '[well-known]';
+      echo "caldav = '/%(user)s/caldav/'";
+      echo "carddav = '/%(user)s/carddav/'";
+      echo '';
+      echo '#[auth]';
+      echo '#imap_hostname = localhost';
+      echo '#imap_port = 143';
+      echo '#imap_ssl = False';
+      echo '';
+      echo '[logging]';
+      echo 'debug = False'; } > "${RADICALE_DIRECTORY}/config"
 
     # create an admin password
     if [ ${#RADICALE_PASSWORD} -lt 8 ]; then
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
-            RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+            RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
     add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"
 
-    echo '[Unit]' > /etc/systemd/system/radicale.service
-    echo 'Description=Radicale CalDAV Server' >> /etc/systemd/system/radicale.service
-    echo 'After=network.target' >> /etc/systemd/system/radicale.service
-    echo '' >> /etc/systemd/system/radicale.service
-    echo '[Service]' >> /etc/systemd/system/radicale.service
-    echo 'Type=simple' >> /etc/systemd/system/radicale.service
-    echo 'User=www-data' >> /etc/systemd/system/radicale.service
-    echo 'Group=www-data' >> /etc/systemd/system/radicale.service
-    echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config" >> /etc/systemd/system/radicale.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/radicale.service
-    echo 'RestartSec=10' >> /etc/systemd/system/radicale.service
-    echo '' >> /etc/systemd/system/radicale.service
-    echo '[Install]' >> /etc/systemd/system/radicale.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/radicale.service
+    { echo '[Unit]';
+      echo 'Description=Radicale CalDAV Server';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo 'Group=www-data';
+      echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/radicale.service
 
     addresses_str=$"Addresses"
     echo "{\"tag\": \"VADDRESSBOOK\", \"D:displayname\": \"${addresses_str}\"}" > /var/www/radicale/collections/addresses.props
@@ -461,107 +465,107 @@ function install_radicale {
     systemctl enable radicale
     systemctl start radicale
 
-    if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then
+    if [ ! -f "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" ]; then
         # create a new site config
         RADICALE_ONION_HOSTNAME=$(add_onion_service radicale 80 ${RADICALE_ONION_PORT})
 
         if [[ $ONION_ONLY == 'no' ]]; then
-            echo 'server {' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    listen 443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    #listen [::]:443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            { echo 'server {';
+              echo "    listen 443 ssl;";
+              echo "    #listen [::]:443 ssl;";
+              echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
             function_check nginx_ssl
-            nginx_ssl ${DEFAULT_DOMAIN_NAME} mobile
+            nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile
             function_check nginx_disable_sniffing
-            nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    server_name ${DEFAULT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
+            { echo '';
+              echo "    server_name ${DEFAULT_DOMAIN_NAME};";
 
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+              echo '';
+              echo '    access_log /dev/null;';
+              echo '    error_log /dev/null;';
+              echo '';
+              echo '    # Start radicale';
+              echo '    location @radicale {';
+              echo '        auth_basic "Radicale";';
+              echo '        auth_basic_user_file /var/www/radicale/users;';
+              echo '        proxy_pass http://localhost:52322;';
+              echo '        proxy_buffering off;';
+              echo "        proxy_set_header Host \$host;";
+              echo "        proxy_set_header X-Real-IP \$remote_addr;";
+              echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+              echo "        proxy_set_header X-Forwarded-Proto \$scheme;";
+              echo '    }';
+              echo '';
+              echo '    location /radicale {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '';
+              echo '    location /.well-known/carddav {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '';
+              echo '    location /.well-known/caldav {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '    # End radicale';
+              echo '}';
+              echo ''; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         else
-            echo -n '' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo -n '' > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         fi
-        echo 'server {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo "    listen localhost:${RADICALE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo "    server_name ${RADICALE_ONION_HOSTNAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        { echo 'server {';
+          echo "    listen localhost:${RADICALE_ONION_PORT} default_server;";
+          echo '';
+          echo "    server_name ${RADICALE_ONION_HOSTNAME};";
+          echo '';
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+          echo '    # Start radicale';
+          echo '    location @radicale {';
+          echo '        auth_basic "Radicale";';
+          echo '        auth_basic_user_file /var/www/radicale/users;';
+          echo '        proxy_pass http://localhost:52322;';
+          echo '        proxy_buffering off;';
+          echo "        proxy_set_header Host \$host;";
+          echo "        proxy_set_header X-Real-IP \$remote_addr;";
+          echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "        proxy_set_header X-Forwarded-Proto \$scheme;";
+          echo '    }';
+          echo '';
+          echo '    location /radicale {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '';
+          echo '    location /.well-known/carddav {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '';
+          echo '    location /.well-known/caldav {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '    # End radicale';
+          echo '}'; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
 
         set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}"
     else
         # alter the existing site config
-        if ! grep -q "# Start radicale" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
-            sed -i '/]:443/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file \/var\/www\/radicale\/users;\n    proxy_pass http:\/\/localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location \/radicale {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/carddav {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/caldav {\n      try_files $uri @radicale;\n  }\n  # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            sed -i '/listen localhost/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file \/var\/www\/radicale\/users;\n    proxy_pass http:\/\/localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location \/radicale {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/carddav {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/caldav {\n      try_files $uri @radicale;\n  }\n  # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        if ! grep -q "# Start radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"; then
+            sed -i "/]:443/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host $host;\\n    proxy_set_header X-Real-IP $remote_addr;\\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto $scheme;\\n  }\\n\\n  location \\/radicale {\\n      try_files $uri @radicale;\\n  }\n\n  location \\/.well-known\\/carddav {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files $uri @radicale;\\n  }\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
+            sed -i "/listen localhost/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host $host;\\n    proxy_set_header X-Real-IP $remote_addr;\\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto $scheme;\\n  }\\n\\n  location \/radicale {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/carddav {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files $uri @radicale;\\n  }\\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         fi
     fi
 
     # create a certificate
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-            ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --dhkey ${DH_KEYLENGTH}
-            check_certificates $DEFAULT_DOMAIN_NAME
+    if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
+        if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
+            "${PROJECT_NAME}-addcert" -h "$DEFAULT_DOMAIN_NAME" --dhkey "${DH_KEYLENGTH}"
+            check_certificates "$DEFAULT_DOMAIN_NAME"
         fi
     fi
 
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         sed -i "s|radicale.crt|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
         sed -i "s|radicale.pem|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
     fi
@@ -572,13 +576,13 @@ function install_radicale {
 
     systemctl restart nginx
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"
 
     # keep track of the version so we can check for upgrades
-    if ! grep -q "radicale version:" ${COMPLETION_FILE}; then
-        echo "radicale version:${RADICALE_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "radicale version:" "${COMPLETION_FILE}"; then
+        echo "radicale version:${RADICALE_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" "${COMPLETION_FILE}"
     fi
 
     APP_INSTALLED=1
diff --git a/src/freedombone-app-riot b/src/freedombone-app-riot
index ffd7214b..13f27b4b 100755
--- a/src/freedombone-app-riot
+++ b/src/freedombone-app-riot
@@ -76,39 +76,40 @@ function install_interactive_riot {
         RIOT_DETAILS_COMPLETE=
         while [ ! $RIOT_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Riot Web user interface for Matrix" \
-                       --form $"\nPlease enter your details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
+                       --form $"\\nPlease enter your details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
                        $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
                        $"Code:" 2 1 "$(grep 'RIOT_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
-                       2> $data
+                       2> "$data"
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Riot Web user interface for Matrix" \
-                       --form $"\nPlease enter your details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
+                       --form $"\\nPlease enter your details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
                        $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
-                       2> $data
+                       2> "$data"
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            RIOT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $RIOT_DOMAIN_NAME ]; then
+            RIOT_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$RIOT_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$RIOT_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $RIOT_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$RIOT_DOMAIN_NAME" ]]; then
                     RIOT_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        RIOT_CODE=$(cat $data | sed -n 2p)
+                        RIOT_CODE=$(sed -n 2p < "$data")
                         validate_freedns_code "$RIOT_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                             RIOT_DOMAIN_NAME=
                         fi
                     fi
@@ -117,6 +118,7 @@ function install_interactive_riot {
             if [ $RIOT_DOMAIN_NAME ]; then
                 RIOT_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # save the results in the config file
@@ -132,14 +134,14 @@ function reconfigure_riot {
 
 function riot_download {
     # download
-    if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then
-        wget ${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz -O $INSTALL_DIR/${RIOT_FILENAME}.tar.gz
+    if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
+        wget "${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz" -O "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz"
     fi
-    if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then
+    if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
         echo $'Unable to download Riot Web from releases'
         exit 62836
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 2468724628
 
     # check the hash
     curr_hash=$(sha256sum ${RIOT_FILENAME}.tar.gz | awk -F ' ' '{print $1}')
@@ -149,17 +151,17 @@ function riot_download {
     fi
 
     tar -xzvf ${RIOT_FILENAME}.tar.gz
-    if [ ! -d $INSTALL_DIR/${RIOT_FILENAME} ]; then
+    if [ ! -d "$INSTALL_DIR/${RIOT_FILENAME}" ]; then
         echo $'Unable to extract Riot Web tarball'
         exit 542826
     fi
-    cp -r $INSTALL_DIR/${RIOT_FILENAME}/* /var/www/$RIOT_DOMAIN_NAME/htdocs
+    cp -r "$INSTALL_DIR/${RIOT_FILENAME}/*" "/var/www/$RIOT_DOMAIN_NAME/htdocs"
 
-    chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$RIOT_DOMAIN_NAME/htdocs"
 }
 
 function upgrade_riot {
-    if ! grep -q 'riot version:' $COMPLETION_FILE; then
+    if ! grep -q 'riot version:' "$COMPLETION_FILE"; then
         return
     fi
 
@@ -171,7 +173,7 @@ function upgrade_riot {
     fi
 
     riot_download
-    sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" "${COMPLETION_FILE}"
     riot_remove_bad_links
 
     systemctl restart nginx
@@ -207,7 +209,7 @@ function remove_riot {
     fi
 
     remove_completion_param install_riot
-    sed -i '/riot /d' $COMPLETION_FILE
+    sed -i '/riot /d' "$COMPLETION_FILE"
 }
 
 function install_riot {
@@ -216,7 +218,7 @@ function install_riot {
     fi
 
     # check that matrix has been installed
-    if [ ! $MATRIX_DOMAIN_NAME ]; then
+    if [ ! "$MATRIX_DOMAIN_NAME" ]; then
         exit 687292
     fi
     if [[ "$MATRIX_DOMAIN_NAME" != *'.'* ]]; then
@@ -235,32 +237,32 @@ function install_riot {
         mkdir -p /var/www/$RIOT_DOMAIN_NAME/htdocs
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
 
     riot_download
 
-    cd /var/www/$RIOT_DOMAIN_NAME/htdocs
+    cd "/var/www/$RIOT_DOMAIN_NAME/htdocs" || exit 4628462876
 
-    if [[ $ONION_ONLY == 'no' ]]; then
+    if [[ "$ONION_ONLY" == 'no' ]]; then
         riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
         cp config.sample.json $riot_config_file
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file
-        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
+        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," "$riot_config_file"
     else
         riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
-        cp config.sample.json $riot_config_file
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file
-        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file
+        cp config.sample.json "$riot_config_file"
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
+        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," "$riot_config_file"
     fi
-    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file
-    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file
-    sed -i 's|https://piwik.riot.im/||g' $riot_config_file
+    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" "$riot_config_file"
+    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" "$riot_config_file"
+    sed -i 's|https://piwik.riot.im/||g' "$riot_config_file"
 
     RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})
 
@@ -268,68 +270,68 @@ function install_riot {
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         nginx_http_redirect $RIOT_DOMAIN_NAME
-        echo 'server {' >> $riot_nginx_site
-        echo '  listen 443 ssl;' >> $riot_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $riot_nginx_site
-        echo "  server_name $RIOT_DOMAIN_NAME;" >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Security' >> $riot_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $RIOT_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> $riot_nginx_site
         function_check nginx_ssl
         nginx_ssl $RIOT_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $RIOT_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Logs' >> $riot_nginx_site
-        echo '  access_log /dev/null;' >> $riot_nginx_site
-        echo '  error_log /dev/null;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Root' >> $riot_nginx_site
-        echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  index index.html;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  location / {' >> $riot_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.html;';
+          echo '';
+          echo '  location / {'; } >> $riot_nginx_site
         function_check nginx_limits
         nginx_limits $RIOT_DOMAIN_NAME '15m'
-        echo '  }' >> $riot_nginx_site
-        echo '}' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
+        { echo '  }';
+          echo '}';
+          echo ''; } >> $riot_nginx_site
     else
         echo -n '' > $riot_nginx_site
     fi
-    echo 'server {' >> $riot_nginx_site
-    echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;" >> $riot_nginx_site
-    echo "    server_name $RIOT_ONION_HOSTNAME;" >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;";
+      echo "    server_name $RIOT_ONION_HOSTNAME;";
+      echo ''; } >> $riot_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $RIOT_DOMAIN_NAME
-    echo '' >> $riot_nginx_site
-    echo '  # Logs' >> $riot_nginx_site
-    echo '  access_log /dev/null;' >> $riot_nginx_site
-    echo '  error_log /dev/null;' >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  # Root' >> $riot_nginx_site
-    echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  index index.html;' >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  location / {' >> $riot_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo '  location / {'; } >> $riot_nginx_site
     function_check nginx_limits
     nginx_limits $RIOT_DOMAIN_NAME '15m'
-    echo '  }' >> $riot_nginx_site
-    echo '}' >> $riot_nginx_site
+    echo '  }' >> "$riot_nginx_site"
+    echo '}' >> "$riot_nginx_site"
 
-    sed '/Content-Security-Policy/d' $riot_nginx_site
-    sed -i 's| DENY;| SAMEORIGIN;|g' $riot_nginx_site
-    sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' $riot_nginx_site
-    sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' $riot_nginx_site
+    sed '/Content-Security-Policy/d' "$riot_nginx_site"
+    sed -i 's| DENY;| SAMEORIGIN;|g' "$riot_nginx_site"
+    sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' "$riot_nginx_site"
+    sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' "$riot_nginx_site"
 
     function_check create_site_certificate
-    if [ ! -f /etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem ]; then
-        create_site_certificate $RIOT_DOMAIN_NAME 'yes'
+    if [ ! -f "/etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem" ]; then
+        create_site_certificate "$RIOT_DOMAIN_NAME" 'yes'
     fi
 
     function_check nginx_ensite
@@ -344,10 +346,10 @@ function install_riot {
     systemctl restart nginx
 
     set_completion_param "riot domain" "$RIOT_DOMAIN_NAME"
-    if ! grep -q "riot version:" ${COMPLETION_FILE}; then
-        echo "riot version:${RIOT_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "riot version:" "${COMPLETION_FILE}"; then
+        echo "riot version:${RIOT_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" "${COMPLETION_FILE}"
     fi
     APP_INSTALLED=1
 }
diff --git a/src/freedombone-app-rss b/src/freedombone-app-rss
index 550e6209..8ee2f7ea 100755
--- a/src/freedombone-app-rss
+++ b/src/freedombone-app-rss
@@ -62,12 +62,13 @@ function logging_off_rss {
 }
 
 function remove_user_rss {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_rss {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
@@ -77,26 +78,27 @@ function install_interactive_rss {
 }
 
 function change_password_rss {
-    curr_username="$1"
-    new_user_password="$2"
+    echo -n ''
+#    curr_username="$1"
+#    new_user_password="$2"
 
     #${PROJECT_NAME}-pass -u "$curr_username" -a rss -p "$new_user_password"
 }
 
 function rss_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        RSS_READER_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
-        if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
-            RSS_READER_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
+            RSS_READER_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
+    if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
         return
     fi
 
     function_check create_database
-    create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
+    create_database ttrss "$RSS_READER_ADMIN_PASSWORD" "$MY_USERNAME"
 }
 
 function reconfigure_rss {
@@ -131,8 +133,8 @@ function upgrade_rss {
         # remove any previous install
         if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
             if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
-                sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-                sed -i '/rss mobile reader commit/d' $COMPLETION_FILE
+                sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
+                sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
                 rm -rf $RSS_READER_PATH/g2ttree-mobile
             fi
         fi
@@ -184,6 +186,7 @@ function restore_local_rss {
                 fi
                 cp -r $temp_restore_dir/* /etc/share/tt-rss/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 function_check set_user_permissions
                 set_user_permissions
@@ -207,14 +210,14 @@ function restore_local_rss {
     function_check rss_modifications
     rss_modifications
 
-    if [ -d $USB_MOUNT/backup/ttrss ]; then
+    if [ -d "$USB_MOUNT/backup/ttrss" ]; then
         chown -R www-data:www-data /etc/share/tt-rss
         if [ -d $temp_restore_dir ]; then
             rm -rf $temp_restore_dir
         fi
     fi
 
-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
     sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
     MARIADB_PASSWORD=
 }
@@ -245,7 +248,7 @@ function backup_remote_rss {
 
 function restore_remote_rss {
     temp_restore_dir=/root/tempttrss
-    if grep -q "rss reader domain" $COMPLETION_FILE; then
+    if grep -q "rss reader domain" "$COMPLETION_FILE"; then
         echo $"Restoring ttrss"
         function_check get_mariadb_password
         get_mariadb_password
@@ -263,6 +266,7 @@ function restore_remote_rss {
                 fi
                 cp -r $temp_restore_dir/* /etc/share/tt-rss/
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 exit 6391
             fi
@@ -280,14 +284,14 @@ function restore_remote_rss {
         function_check rss_modifications
         rss_modifications
 
-        if [ -d $SERVER_DIRECTORY/backup/ttrss ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/ttrss" ]; then
             chown -R www-data:www-data /etc/share/tt-rss
         fi
         if [ -d /root/tempttrss ]; then
             rm -rf /root/tempttrss
         fi
 
-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
         MARIADB_PASSWORD=
 
@@ -313,9 +317,9 @@ function remove_rss {
     function_check drop_database
     drop_database ttrss
     remove_completion_param install_rss
-    sed -i '/RSS /d' $COMPLETION_FILE
-    sed -i '/rss /d' $COMPLETION_FILE
-    sed -i '/rss_/d' $COMPLETION_FILE
+    sed -i '/RSS /d' "$COMPLETION_FILE"
+    sed -i '/rss /d' "$COMPLETION_FILE"
+    sed -i '/rss_/d' "$COMPLETION_FILE"
     remove_backup_database_local ttrss
 }
 
@@ -329,15 +333,15 @@ function rss_modifications {
 
     # ensure that socks5 proxy is used
     if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/plugins/af_unburn/init.php; then
-        sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
+        sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/plugins/af_unburn/init.php"
         rss_modified=1
     fi
     if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/include/functions.php; then
-        sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
+        sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/include/functions.php"
         rss_modified=1
     fi
     if [ $rss_modified ]; then
-        cd $RSS_READER_PATH
+        cd $RSS_READER_PATH || exit 564286428
         git commit -a -m"Modify for Tor proxying"
     fi
     chown -R www-data:www-data $RSS_READER_PATH
@@ -358,12 +362,12 @@ function install_rss_main {
     if [ ! -d /etc/share ]; then
         mkdir /etc/share
     fi
-    cd /etc/share
+    cd /etc/share || exit 46284628
 
     if [ -d /repos/rss ]; then
         mkdir tt-rss
         cp -r -p /repos/rss/. tt-rss
-        cd tt-rss
+        cd tt-rss || exit 462846822
         git pull
     else
         function_check git_clone
@@ -374,7 +378,7 @@ function install_rss_main {
         echo $'Could not clone RSS reader repo'
         exit 52925
     fi
-    cd $RSS_READER_PATH
+    cd $RSS_READER_PATH || exit 42479825792593
     git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
     set_completion_param "rss reader commit" "$RSS_READER_COMMIT"
 
@@ -397,151 +401,151 @@ function install_rss_main {
     USE_V2_ONION_ADDRESS=1
     RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT})
 
-    echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;";
+      echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;";
+      echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /etc/share/ttrss-mobile;';
+      echo '  index index.html index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    try_files \$uri \$uri/ @ttrss;";
+      echo '  }';
+      echo '  location /tt-rss {';
+      echo "    try_files \$uri \$uri/ @ttrss_base;";
+      echo '  }';
+      echo '';
+      echo '  location @ttrss {';
+      echo "    rewrite ^(.*)\$ /index.html?p=\$1 last;";
+      echo '  }';
+      echo '  location @ttrss_base {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Permitted-Cross-Domain-Policies none;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  client_max_body_size 15m;';
+      echo '}';
+      echo '';
+      echo 'server {';
+      echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;";
+      echo "  server_name $RSS_READER_ONION_HOSTNAME;";
+      echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /etc/share/tt-rss;';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo "  set \$mobile_rewrite do_not_perform;";
+      echo '';
+      echo '  ## chi http_user_agent for mobile / smart phones ##';
+      echo "  if (\$http_user_agent ~* \"(android|bb\\d+|meego).+mobile|avantgo|bada\\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino\") {";
+      echo "    set \$mobile_rewrite perform;";
+      echo '  }';
+      echo '';
+      echo "  if (\$http_user_agent ~* \"^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\\-(n|u)|c55\\/|capi|ccwa|cdm\\-|cell|chtm|cldc|cmd\\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\\-s|devi|dica|dmob|do(c|p)o|ds(12|\\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\\-|_)|g1 u|g560|gene|gf\\-5|g\\-mo|go(\\.w|od)|gr(ad|un)|haie|hcit|hd\\-(m|p|t)|hei\\-|hi(pt|ta)|hp( i|ip)|hs\\-c|ht(c(\\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\\-(20|go|ma)|i230|iac( |\\-|\\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\\/)|klon|kpt |kwc\\-|kyo(c|k)|le(no|xi)|lg( g|\\/(k|l|u)|50|54|\\-[a-w])|libw|lynx|m1\\-w|m3ga|m50\\/|ma(te|ui|xo)|mc(01|21|ca)|m\\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\\-2|po(ck|rt|se)|prox|psio|pt\\-g|qa\\-a|qc(07|12|21|32|60|\\-[2-7]|i\\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\\-|oo|p\\-)|sdk\\/|se(c(\\-|0|1)|47|mc|nd|ri)|sgh\\-|shar|sie(\\-|m)|sk\\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\\-|v\\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\\-|tdg\\-|tel(i|m)|tim\\-|t\-mo|to(pl|sh)|ts(70|m\\-|m3|m5)|tx\\-9|up(\\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\\-|your|zeto|zte\\-)\") {";
+      echo "    set \$mobile_rewrite perform;";
+      echo '  }';
+      echo '';
+      echo "  if (\$mobile_rewrite = perform) {";
+      echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;";
+      echo '    break;';
+      echo '  }';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    try_files \$uri \$uri/ @ttrss;";
+      echo '  }';
+      echo '';
+      echo '  location @ttrss {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Permitted-Cross-Domain-Policies none;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  client_max_body_size 15m;';
+      echo '}'; } > "/etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME"
 
     if [ ! -f $RSS_READER_PATH/config.php ]; then
         # generate a config file
         RSS_FEED_CRYPT_KEY="$(create_password 24)"
-        echo '<?php' > $RSS_READER_PATH/config.php
-        echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php
-        echo "  define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php
-        echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php
-        echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php
-        echo "  define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php
-        echo "  define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php
-        echo "  define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php
-        echo "  define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-        echo "  define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-        echo "  define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php
-        echo "  define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php
-        echo "  define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php
-        echo "  define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php
-        echo "  define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php
-        echo "  define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php
-        echo "  define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php
-        echo "  define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php
-        echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php
-        echo "  define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php
-        echo "  define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php
+        { echo '<?php';
+          echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');";
+          echo "  define('DB_TYPE', 'mysql');";
+          echo "  define('DB_HOST', 'localhost');";
+          echo "  define('DB_USER', 'root');";
+          echo "  define('DB_NAME', 'ttrss');";
+          echo "  define('DB_PASS', '${MARIADB_PASSWORD}');";
+          echo "  define('DB_PORT', '3306');";
+          echo "  define('MYSQL_CHARSET', 'UTF8');";
+          echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');";
+          echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');";
+          echo "  define('SINGLE_USER_MODE', false);";
+          echo "  define('SIMPLE_UPDATE_MODE', false);";
+          echo "  define('PHP_EXECUTABLE', '/usr/bin/php');";
+          echo "  define('LOCK_DIRECTORY', 'lock');";
+          echo "  define('CACHE_DIR', 'cache');";
+          echo "  define('ICONS_DIR', \"feed-icons\");";
+          echo "  define('ICONS_URL', \"feed-icons\");";
+          echo "  define('AUTH_AUTO_CREATE', true);";
+          echo "  define('AUTH_AUTO_LOGIN', true);";
+          echo "  define('FORCE_ARTICLE_PURGE', 0);";
+          echo "  define('PUBSUBHUBBUB_HUB', '');";
+          echo "  define('PUBSUBHUBBUB_ENABLED', false);";
+          echo "  define('SPHINX_SERVER', 'localhost:9312');";
+          echo "  define('SPHINX_INDEX', 'ttrss, delta');";
+          echo "  define('ENABLE_REGISTRATION', false);";
+          echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');";
+          echo "  define('REG_MAX_USERS', 10);";
+          echo "  define('SESSION_COOKIE_LIFETIME', 86400);";
+          echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');";
+          echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');";
+          echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');";
+          echo "  define('SMTP_SERVER', '');";
+          echo "  define('SMTP_LOGIN', '');";
+          echo "  define('SMTP_PASSWORD', '');";
+          echo "  define('SMTP_SECURE', '');";
+          echo "  define('CHECK_FOR_UPDATES', false);";
+          echo "  define('ENABLE_GZIP_OUTPUT', false);";
+          echo "  define('PLUGINS', 'auth_internal, note, gnusocial');";
+          echo "  define('LOG_DESTINATION', 'sql');";
+          echo "  define('CONFIG_VERSION', 26);"; } > $RSS_READER_PATH/config.php
     fi
 
     # initialize the database
@@ -569,28 +573,28 @@ function install_rss_main {
     systemctl restart nginx
 
     # daemon to update feeds
-    echo '[Unit]' > /etc/systemd/system/ttrss.service
-    echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
-    echo 'After=network.target mariadb.service' >> /etc/systemd/system/ttrss.service
-    echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
-    echo '' >> /etc/systemd/system/ttrss.service
-    echo '[Service]' >> /etc/systemd/system/ttrss.service
-    echo 'User=www-data' >> /etc/systemd/system/ttrss.service
-    echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service
-    echo '' >> /etc/systemd/system/ttrss.service
-    echo '[Install]' >> /etc/systemd/system/ttrss.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service
+    { echo '[Unit]';
+      echo 'Description=ttrss_backend';
+      echo 'After=network.target mariadb.service';
+      echo 'After=tor.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=www-data';
+      echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ttrss.service
     systemctl enable ttrss
     systemctl daemon-reload
     systemctl start ttrss
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a rss -p "$RSS_READER_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a rss -p "$RSS_READER_ADMIN_PASSWORD"
 
     install_completed rss_main
 }
 
 function install_rss_gnusocial {
-    if [ ! $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ ! "$GNUSOCIAL_DOMAIN_NAME" ]; then
         return
     fi
 
@@ -608,19 +612,19 @@ function install_rss_gnusocial {
         return
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 7246284
     function_check git_clone
     git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial
-    if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then
+    if [ ! -d "$INSTALL_DIR/ttrss-gnusocial" ]; then
         echo $'Could not clone repo for RSS reader gnusocial plugin'
         exit 52838
     fi
-    cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH
-    cd $RSS_READER_GNUSOCIAL_PATH
+    cp -r "$INSTALL_DIR/ttrss-gnusocial" $RSS_READER_GNUSOCIAL_PATH
+    cd "$RSS_READER_GNUSOCIAL_PATH" || exit 782462424
     git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
     set_completion_param "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT"
     chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
@@ -642,8 +646,8 @@ function install_rss_mobile_reader {
     # remove any previous install
     if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
         if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
-            sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-            sed -i '/rss mobile reader commit/d' $COMPLETION_FILE
+            sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
+            sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
             rm -rf $RSS_READER_PATH/g2ttree-mobile
         fi
     fi
@@ -652,12 +656,12 @@ function install_rss_mobile_reader {
         return
     fi
 
-    cd /etc/share
+    cd /etc/share || exit 7498264462
 
     if [ -d /repos/rss-mobile ]; then
         mkdir ttrss-mobile
         cp -r -p /repos/rss-mobile/. ttrss-mobile
-        cd ttrss-mobile
+        cd ttrss-mobile || exit 462846284682
         git pull
     else
         function_check git_clone
@@ -668,7 +672,7 @@ function install_rss_mobile_reader {
         echo $'Could not clone RSS mobile reader repo'
         exit 24816
     fi
-    cd $RSS_MOBILE_READER_PATH
+    cd "$RSS_MOBILE_READER_PATH" || exit 462846246824
     git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
     set_completion_param "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT"
 
diff --git a/src/freedombone-app-scuttlebot b/src/freedombone-app-scuttlebot
index 6a1972ce..f19da997 100755
--- a/src/freedombone-app-scuttlebot
+++ b/src/freedombone-app-scuttlebot
@@ -61,39 +61,44 @@ function scuttlebot_create_invite {
     invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')
 
     clear
-    echo -e '\n\nYour Scuttlebot invite code is:\n\n'${invite_string}'\n\n'
+    echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n"
+    # shellcheck disable=SC2034
     read -n1 -r -p $"Press any key to continue..." key
 }
 
 function configure_interactive_scuttlebot {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Scuttlebot" \
                --radiolist $"Choose an operation:" 10 50 2 \
                1 $"Create an invite" off \
-               2 $"Exit" on 2> $data
+               2 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) scuttlebot_create_invite;;
-            2) break;;
+            2) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function remove_user_scuttlebot {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_scuttlebot {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
@@ -109,8 +114,8 @@ function install_interactive_scuttlebot {
 }
 
 function change_password_scuttlebot {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
@@ -123,7 +128,7 @@ function reconfigure_scuttlebot {
 }
 
 function upgrade_scuttlebot {
-    if ! grep -q 'scuttlebot version:' $COMPLETION_FILE; then
+    if ! grep -q 'scuttlebot version:' $"COMPLETION_FILE"; then
         return
     fi
 
@@ -134,11 +139,10 @@ function upgrade_scuttlebot {
         return
     fi
 
-    npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save
-    if [ ! "$?" = "0" ]; then
+    if ! npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save; then
         return
     fi
-    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
+    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
 }
 
 function backup_local_scuttlebot {
@@ -218,71 +222,72 @@ function remove_scuttlebot {
     fi
 
     remove_completion_param install_scuttlebot
-    sed -i '/scuttlebot /d' $COMPLETION_FILE
+    sed -i '/scuttlebot /d' "$COMPLETION_FILE"
 }
 
 function git_ssb_script {
     if [[ "$1" == "mesh" ]]; then
+        # shellcheck disable=SC2154
         git_ssb_script_name=$rootdir/usr/bin/git-ssb-create
         git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service
     else
         git_ssb_script_name=/usr/bin/git-ssb-create
         git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service
     fi
-    echo '#!/bin/bash' > $git_ssb_script_name
-    echo 'reponame="$1"' >> $git_ssb_script_name
-    echo '' >> $git_ssb_script_name
-    echo 'if [[ "$reponame" != "" ]]; then' >> $git_ssb_script_name
-    echo '  mkdir $reponame' >> $git_ssb_script_name
-    echo '  cd $reponame' >> $git_ssb_script_name
-    echo '  git init' >> $git_ssb_script_name
-    echo '  git ssb create ssb $reponame' >> $git_ssb_script_name
-    echo '  git push --tags ssb master' >> $git_ssb_script_name
-    echo 'fi' >> $git_ssb_script_name
-    echo 'exit 0' >> $git_ssb_script_name
+    { echo '#!/bin/bash';
+      echo "reponame=\"\$1\"";
+      echo '';
+      echo "if [[ \"\$reponame\" != \"\" ]]; then";
+      echo "  mkdir \$reponame";
+      echo "  cd \$reponame";
+      echo '  git init';
+      echo "  git ssb create ssb \$reponame";
+      echo '  git push --tags ssb master';
+      echo 'fi';
+      echo 'exit 0'; } > $git_ssb_script_name
     chmod +x $git_ssb_script_name
 
-    echo '[Unit]' > $git_ssb_daemon_filename
-    echo 'Description=Git SSB (SSB git web interface)' >> $git_ssb_daemon_filename
-    echo 'After=syslog.target' >> $git_ssb_daemon_filename
-    echo 'After=network.target' >> $git_ssb_daemon_filename
-    echo 'After=scuttlebot.target' >> $git_ssb_daemon_filename
-    echo '' >> $git_ssb_daemon_filename
-    echo '[Service]' >> $git_ssb_daemon_filename
-    echo 'Type=simple' >> $git_ssb_daemon_filename
-    echo 'User=scuttlebot' >> $git_ssb_daemon_filename
-    echo 'Group=scuttlebot' >> $git_ssb_daemon_filename
-    echo "WorkingDirectory=/etc/scuttlebot" >> $git_ssb_daemon_filename
-    echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT" >> $git_ssb_daemon_filename
-    echo 'Restart=always' >> $git_ssb_daemon_filename
-    echo 'Environment="USER=scuttlebot"' >> $git_ssb_daemon_filename
-    echo '' >> $git_ssb_daemon_filename
-    echo '[Install]' >> $git_ssb_daemon_filename
-    echo 'WantedBy=multi-user.target' >> $git_ssb_daemon_filename
+    { echo '[Unit]';
+      echo 'Description=Git SSB (SSB git web interface)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=scuttlebot.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT";
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $git_ssb_daemon_filename
 }
 
 function scuttlebot_git_setup {
     if [[ "$1" == "mesh" ]]; then
-        if [ ! -d $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then
-            mkdir $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight
+        if [ ! -d "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
+            mkdir "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
         fi
-        if [ ! -f $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then
+        if [ ! -f "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
             echo $'Could not find foundation.css'
             exit 347687245
         fi
-        cp $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css
+        cp "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"
 
         git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
-        echo 'server {' > $git_ssb_nginx_site
-        echo "  listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site
-        echo "  server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
-        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
-        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
-        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
+        { echo 'server {';
+          echo "  listen $NGINX_GIT_SSB_PORT default_server;";
+          echo "  server_name P${PEER_ID}.local;";
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  add_header X-XSS-Protection "1; mode=block";';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header X-Frame-Options SAMEORIGIN;'; } > "$git_ssb_nginx_site"
     else
         if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then
             exit 7357225
@@ -300,15 +305,15 @@ function scuttlebot_git_setup {
         git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
         function_check nginx_http_redirect
         nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
-        echo 'server {' >> $git_ssb_nginx_site
-        echo '  listen 443 ssl;' >> $git_ssb_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $git_ssb_nginx_site
-        echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;";
+          echo ''; } >> $git_ssb_nginx_site
         function_check nginx_compress
         nginx_compress $SCUTTLEBOT_DOMAIN_NAME
-        echo '' >> $git_ssb_nginx_site
-        echo '  # Security' >> $git_ssb_nginx_site
+        echo '' >> "$git_ssb_nginx_site"
+        echo '  # Security' >> "$git_ssb_nginx_site"
         function_check nginx_ssl
         nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
 
@@ -316,45 +321,45 @@ function scuttlebot_git_setup {
         nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
     fi
 
-    echo '' >> $git_ssb_nginx_site
-    echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site
-    echo '' >> $git_ssb_nginx_site
-    echo '  location = / {' >> $git_ssb_nginx_site
-    echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
-    echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
-    echo '  }' >> $git_ssb_nginx_site
-    echo '}' >> $git_ssb_nginx_site
+    { echo '';
+      echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+      echo '';
+      echo '  location = / {';
+      echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '}'; } >> $git_ssb_nginx_site
 
-    if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then
-        echo '' >> $git_ssb_nginx_site
-        echo 'server {' >> $git_ssb_nginx_site
-        echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site
-        echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
-        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
-        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
-        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  location = / {' >> $git_ssb_nginx_site
-        echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
-        echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
-        echo '  }' >> $git_ssb_nginx_site
-        echo '}' >> $git_ssb_nginx_site
+    if [ "$SCUTTLEBOT_ONION_HOSTNAME" ]; then
+        { echo '';
+          echo 'server {';
+          echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;";
+          echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};";
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  add_header X-XSS-Protection "1; mode=block";';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header X-Frame-Options SAMEORIGIN;';
+          echo '';
+          echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+          echo '';
+          echo '  location = / {';
+          echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection upgrade;';
+          echo '  }';
+          echo '}'; } >> $git_ssb_nginx_site
     fi
     if [[ "$1" != "mesh" ]]; then
         nginx_ensite git_ssb
@@ -364,23 +369,23 @@ function scuttlebot_git_setup {
 function mesh_install_dat {
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_dat
+    cat <<EOF > "$rootdir/usr/bin/install_dat"
 #!/bin/bash
 npm install --arch=$NPM_ARCH -g dat
 npm install --arch=$NPM_ARCH -g @garbados/dat-boi
 npm install --arch=$NPM_ARCH -g add-to-systemd
-add-to-systemd dat-boi --user $(whoami) `which dat-boi`
+add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
 EOF
     chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat
     chroot "$rootdir" /usr/bin/install_dat
-    rm $rootdir/usr/bin/install_dat
+    rm "$rootdir/usr/bin/install_dat"
 }
 
 function install_dat {
     npm install -g dat
     npm install -g @garbados/dat-boi
     npm install -g add-to-systemd
-    add-to-systemd dat-boi --user $(whoami) `which dat-boi`
+    add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
 }
 
 function mesh_install_scuttlebot {
@@ -390,7 +395,7 @@ function mesh_install_scuttlebot {
 
     get_npm_arch
 
-    cat <<EOF > $rootdir/usr/bin/install_scuttlebot
+    cat <<EOF > "$rootdir/usr/bin/install_scuttlebot"
 #!/bin/bash
 npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION}
 npm install --arch=$NPM_ARCH -g git-ssb
@@ -398,37 +403,37 @@ npm install --arch=$NPM_ARCH -g git-remote-ssb
 EOF
     chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
     chroot "$rootdir" /usr/bin/install_scuttlebot
-    rm $rootdir/usr/bin/install_scuttlebot
+    rm "$rootdir/usr/bin/install_scuttlebot"
 
-    if [ ! -f $rootdir/usr/local/bin/sbot ]; then
+    if [ ! -f "$rootdir/usr/local/bin/sbot" ]; then
         echo $'Scuttlebot was not installed'
         exit 528253
     fi
 
-    if [ ! -d $rootdir/etc/scuttlebot ]; then
-        mkdir -p $rootdir/etc/scuttlebot
+    if [ ! -d "$rootdir/etc/scuttlebot" ]; then
+        mkdir -p "$rootdir/etc/scuttlebot"
     fi
 
     # an unprivileged user to run as
     chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot
 
     # daemon
-    echo '[Unit]' > $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Description=Scuttlebot (messaging system)' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Type=simple' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'User=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Group=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo "WorkingDirectory=/etc/scuttlebot" >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'ExecStart=/usr/local/bin/sbot server' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Restart=always' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Environment="USER=scuttlebot"' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service
+    { echo '[Unit]';
+      echo 'Description=Scuttlebot (messaging system)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/scuttlebot.service"
 
     scuttlebot_git_setup mesh
     git_ssb_script mesh
@@ -455,22 +460,22 @@ function install_scuttlebot {
     useradd -d /etc/scuttlebot/ scuttlebot
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/scuttlebot.service
-    echo 'Description=Scuttlebot (messaging system)' >> /etc/systemd/system/scuttlebot.service
-    echo 'After=syslog.target' >> /etc/systemd/system/scuttlebot.service
-    echo 'After=network.target' >> /etc/systemd/system/scuttlebot.service
-    echo '' >> /etc/systemd/system/scuttlebot.service
-    echo '[Service]' >> /etc/systemd/system/scuttlebot.service
-    echo 'Type=simple' >> /etc/systemd/system/scuttlebot.service
-    echo 'User=scuttlebot' >> /etc/systemd/system/scuttlebot.service
-    echo 'Group=scuttlebot' >> /etc/systemd/system/scuttlebot.service
-    echo "WorkingDirectory=/etc/scuttlebot" >> /etc/systemd/system/scuttlebot.service
-    echo 'ExecStart=/usr/local/bin/sbot server' >> /etc/systemd/system/scuttlebot.service
-    echo 'Restart=always' >> /etc/systemd/system/scuttlebot.service
-    echo 'Environment="USER=scuttlebot"' >> /etc/systemd/system/scuttlebot.service
-    echo '' >> /etc/systemd/system/scuttlebot.service
-    echo '[Install]' >> /etc/systemd/system/scuttlebot.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/scuttlebot.service
+    { echo '[Unit]';
+      echo 'Description=Scuttlebot (messaging system)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/scuttlebot.service
 
     chown -R scuttlebot:scuttlebot /etc/scuttlebot
 
@@ -489,24 +494,24 @@ function install_scuttlebot {
         exit 73528
     fi
 
-    echo '{' > /etc/scuttlebot/.ssb/config
-    echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\"," >> /etc/scuttlebot/.ssb/config
-    echo "  \"port\": ${SCUTTLEBOT_PORT}," >> /etc/scuttlebot/.ssb/config
-    echo '  "timeout": 30000,' >> /etc/scuttlebot/.ssb/config
-    echo '  "pub": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "local": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "friends": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "dunbar": 150,' >> /etc/scuttlebot/.ssb/config
-    echo '    "hops": 3' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "gossip": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "connections": 2' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "master": [],' >> /etc/scuttlebot/.ssb/config
-    echo '  "logging": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "level": "error"' >> /etc/scuttlebot/.ssb/config
-    echo '  }' >> /etc/scuttlebot/.ssb/config
-    echo '}' >> /etc/scuttlebot/.ssb/config
+    { echo '{';
+      echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
+      echo "  \"port\": ${SCUTTLEBOT_PORT},";
+      echo '  "timeout": 30000,';
+      echo '  "pub": true,';
+      echo '  "local": true,';
+      echo '  "friends": {';
+      echo '    "dunbar": 150,';
+      echo '    "hops": 3';
+      echo '  },';
+      echo '  "gossip": {';
+      echo '    "connections": 2';
+      echo '  },';
+      echo '  "master": [],';
+      echo '  "logging": {';
+      echo '    "level": "error"';
+      echo '  }';
+      echo '}'; } > /etc/scuttlebot/.ssb/config
     chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
     systemctl restart scuttlebot.service
 
@@ -527,10 +532,10 @@ function install_scuttlebot {
 
     systemctl restart nginx
 
-    if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then
-        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "scuttlebot version:" "${COMPLETION_FILE}"; then
+        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> "${COMPLETION_FILE}"
     else
-        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
     fi
 
     APP_INSTALLED=1
diff --git a/src/freedombone-app-searx b/src/freedombone-app-searx
index 41f4f04a..74e2c8c6 100755
--- a/src/freedombone-app-searx
+++ b/src/freedombone-app-searx
@@ -61,8 +61,8 @@ function searx_set_default_background {
         cp ~/freedombone/img/backgrounds/searx.jpg /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
         chown -R searx:searx ${SEARX_PATH}/searx
     else
-        if [ -f /home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg ]; then
-            cp /home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
+        if [ -f "/home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg" ]; then
+            cp "/home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg" "/etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg"
             chown -R searx:searx ${SEARX_PATH}/searx
         fi
     fi
@@ -91,7 +91,7 @@ function searx_set_background_image_from_url {
 
     if [ ${#ext} -gt 0 ]; then
         if [ -d /etc/searx/searx/static/themes/courgette/img ]; then
-            cd /etc/searx/searx/static/themes/courgette/img
+            cd "/etc/searx/searx/static/themes/courgette/img" || exit 37853539539
 
 
             # remove any existing image
@@ -126,15 +126,14 @@ function searx_set_background_image_from_url {
 }
 
 function searx_set_background_image {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"SearX Metasearch" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a background image URL' 10 60 2>$data
+           --inputbox $'Set a background image URL' 10 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            temp_background=$(<$data)
+            temp_background=$(<"$data")
             if [ ${#temp_background} -gt 0 ]; then
                 SEARX_BACKGROUND_IMAGE_URL="$temp_background"
                 write_config_param "SEARX_BACKGROUND_IMAGE_URL" "$SEARX_BACKGROUND_IMAGE_URL"
@@ -145,21 +144,22 @@ function searx_set_background_image {
             fi
            ;;
     esac
+    rm -f "$data"
 }
 
 function searx_enable_login {
     dialog --title $"Enable Searx login" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nDo you want to add a login so that random web users can't use your metasearch engine?" 10 60
+           --yesno $"\\nDo you want to add a login so that random web users can't use your metasearch engine?" 10 60
     sel=$?
     case $sel in
         0) if grep -q '#auth_basic' /etc/nginx/sites-available/searx; then
                sed -i 's|#auth_basic|auth_basic|g' /etc/nginx/sites-available/searx
                systemctl restart nginx
            fi
-           read_config_param $MY_USERNAME
-           SEARX_LOGIN_PASS=$(${PROJECT_NAME}-pass -u $MY_USERNAME -a searx)
+           read_config_param "$MY_USERNAME"
+           SEARX_LOGIN_PASS=$("${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a searx)
            dialog --title $"Enable Searx login" \
                   --msgbox $"Searx logins are now enabled with the password $SEARX_LOGIN_PASS" 6 65
            SEARX_LOGIN_PASS=
@@ -177,31 +177,34 @@ function searx_enable_login {
 function configure_interactive_searx {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"SearX Metasearch" \
                --radiolist $"Choose an operation:" 12 70 3 \
                1 $"Set a background image" off \
                2 $"Enable login" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) searx_set_background_image;;
             2) searx_enable_login;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function remove_user_searx {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp searx
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp searx
     if grep -q "$remove_username:" /etc/nginx/.htpasswd; then
         sed -i "/$remove_username:/d" /etc/nginx/.htpasswd
     fi
@@ -216,12 +219,12 @@ function add_user_searx {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a searx -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a searx -p "$new_user_password"
 
     if grep -q "$new_username:" /etc/nginx/.htpasswd; then
         sed -i "/$new_username:/d" /etc/nginx/.htpasswd
     fi
-    echo "$new_user_password" | htpasswd -i -s -c /etc/nginx/.htpasswd $new_username
+    echo "$new_user_password" | htpasswd -i -s -c /etc/nginx/.htpasswd "$new_username"
 
     echo '0'
 }
@@ -237,8 +240,8 @@ function change_password_searx {
 
     if grep -q "$new_username:" /etc/nginx/.htpasswd; then
         sed -i "/$new_username:/d" /etc/nginx/.htpasswd
-        echo "$new_user_password" | htpasswd -i -s -c /etc/nginx/.htpasswd $new_username
-        ${PROJECT_NAME}-pass -u $curr_username -a searx -p "$new_user_password"
+        echo "$new_user_password" | htpasswd -i -s -c /etc/nginx/.htpasswd "$new_username"
+        "${PROJECT_NAME}-pass" -u "$new_username" -a searx -p "$new_user_password"
         echo '0'
     fi
     echo '1'
@@ -254,531 +257,531 @@ function create_searx_config {
     SEARX_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_searx/hostname)
     SEARX_SECRET_KEY=$(get_completion_param "searx key")
 
-    echo 'general:' > $settings_file
-    echo '    debug : False' >> $settings_file
-    echo '    instance_name : "Freedombone Metasearch"' >> $settings_file
-    echo '' >> $settings_file
-    echo 'search:' >> $settings_file
-    echo '    safe_search : 0 # Filter results. 0: None, 1: Moderate, 2: Strict' >> $settings_file
-    echo '    autocomplete : "" # Existing autocomplete backends: "dbpedia", "duckduckgo", "startpage", "wikipedia" - leave blank to turn it off by default' >> $settings_file
-    echo '    language : "all"' >> $settings_file
-    echo '' >> $settings_file
-    echo 'server:' >> $settings_file
-    echo '    port : 8888' >> $settings_file
-    echo '    bind_address : "127.0.0.1" # address to listen on' >> $settings_file
-    echo "    secret_key : \"${SEARX_SECRET_KEY}\"" >> $settings_file
-    echo "    base_url : http://${SEARX_ONION_HOSTNAME}/" >> $settings_file
-    echo '    image_proxy : True # Proxying image results through searx' >> $settings_file
-    echo '    http_protocol_version : "1.1"  # 1.0 and 1.1 are supported' >> $settings_file
-    echo '' >> $settings_file
-    echo 'ui:' >> $settings_file
-    echo '    static_path : "" # Custom static path - leave it blank if you didnt change' >> $settings_file
-    echo '    templates_path : "" # Custom templates path - leave it blank if you didnt change' >> $settings_file
-    echo '    themes_path : "" # Custom ui themes path' >> $settings_file
-    echo '    default_theme : courgette # ui theme' >> $settings_file
-    echo '    default_locale : "" # Default interface locale - leave blank to detect from browser information or use codes from the 'locales' config section' >> $settings_file
-    echo '' >> $settings_file
-    echo 'outgoing: # communication with search engines' >> $settings_file
-    echo '    request_timeout : 10.0 # seconds' >> $settings_file
-    echo '    useragent_suffix : "" # suffix of searx_useragent, could contain informations like an email address to the administrator' >> $settings_file
-    echo '    pool_connections : 100 # Number of different hosts' >> $settings_file
-    echo '    pool_maxsize : 10 # Number of simultaneous requests by host' >> $settings_file
-    echo '    proxies :' >> $settings_file
-    echo '        http : socks5://127.0.0.1:9050' >> $settings_file
-    echo '' >> $settings_file
-    echo 'engines:' >> $settings_file
-    echo '  - name : arch linux wiki' >> $settings_file
-    echo '    engine : archlinux' >> $settings_file
-    echo '    categories : general' >> $settings_file
-    echo '    shortcut : al' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : archive is' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    search_url : https://archive.is/{query}' >> $settings_file
-    echo '    url_xpath : (//div[@class="TEXT-BLOCK"]/a)/@href' >> $settings_file
-    echo '    title_xpath : (//div[@class="TEXT-BLOCK"]/a)' >> $settings_file
-    echo '    content_xpath : //div[@class="TEXT-BLOCK"]/ul/li' >> $settings_file
-    echo '    categories : general' >> $settings_file
-    echo '    timeout : 7.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '    shortcut : ai' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : base' >> $settings_file
-    echo '    engine : base' >> $settings_file
-    echo '    shortcut : bs' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : wikipedia' >> $settings_file
-    echo '    engine : wikipedia' >> $settings_file
-    echo '    shortcut : wp' >> $settings_file
-    echo '    categories : general' >> $settings_file
-    echo '    base_url : "https://{language}.wikipedia.org/"' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : bitbucket' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    search_url : https://bitbucket.org/repo/all/{pageno}?name={query}' >> $settings_file
-    echo '    url_xpath : //article[@class="repo-summary"]//a[@class="repo-link"]/@href' >> $settings_file
-    echo '    title_xpath : //article[@class="repo-summary"]//a[@class="repo-link"]' >> $settings_file
-    echo '    content_xpath : //article[@class="repo-summary"]/p' >> $settings_file
-    echo '    categories : code' >> $settings_file
-    echo '    timeout : 4.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '    shortcut : bb' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : ccc-tv' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    paging : False' >> $settings_file
-    echo '    search_url : https://media.ccc.de/search/?q={query}' >> $settings_file
-    echo '    url_xpath : //div[@class="caption"]/h3/a/@href' >> $settings_file
-    echo '    title_xpath : //div[@class="caption"]/h3/a/text()' >> $settings_file
-    echo '    content_xpath : //div[@class="caption"]/h4/@title' >> $settings_file
-    echo '    categories : videos' >> $settings_file
-    echo '    shortcut : c3tv' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : crossref' >> $settings_file
-    echo '    engine : json_engine' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    search_url : http://search.crossref.org/dois?q={query}&page={pageno}' >> $settings_file
-    echo '    url_query : doi' >> $settings_file
-    echo '    title_query : title' >> $settings_file
-    echo '    content_query : fullCitation' >> $settings_file
-    echo '    categories : science' >> $settings_file
-    echo '    shortcut : cr' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : currency' >> $settings_file
-    echo '    engine : currency_convert' >> $settings_file
-    echo '    categories : general' >> $settings_file
-    echo '    shortcut : cc' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : deezer' >> $settings_file
-    echo '    engine : deezer' >> $settings_file
-    echo '    shortcut : dz' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : deviantart' >> $settings_file
-    echo '    engine : deviantart' >> $settings_file
-    echo '    shortcut : da' >> $settings_file
-    echo '    timeout: 3.0' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : ddg definitions' >> $settings_file
-    echo '    engine : duckduckgo_definitions' >> $settings_file
-    echo '    shortcut : ddd' >> $settings_file
-    echo '    weight : 2' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : digbt' >> $settings_file
-    echo '    engine : digbt' >> $settings_file
-    echo '    shortcut : dbt' >> $settings_file
-    echo '    timeout : 6.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : erowid' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    first_page_num : 0' >> $settings_file
-    echo '    page_size : 30' >> $settings_file
-    echo '    search_url : https://www.erowid.org/search.php?q={query}&s={pageno}' >> $settings_file
-    echo '    url_xpath : //dl[@class="results-list"]/dt[@class="result-title"]/a/@href' >> $settings_file
-    echo '    title_xpath : //dl[@class="results-list"]/dt[@class="result-title"]/a/text()' >> $settings_file
-    echo '    content_xpath : //dl[@class="results-list"]/dd[@class="result-details"]' >> $settings_file
-    echo '    categories : general' >> $settings_file
-    echo '    shortcut : ew' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : wikidata' >> $settings_file
-    echo '    engine : wikidata' >> $settings_file
-    echo '    shortcut : wd' >> $settings_file
-    echo '    weight : 2' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : duckduckgo' >> $settings_file
-    echo '    engine : duckduckgo' >> $settings_file
-    echo '    shortcut : ddg' >> $settings_file
-    echo '    categories : general' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : etymonline' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    search_url : http://etymonline.com/?search={query}&p={pageno}' >> $settings_file
-    echo '    url_xpath : //dt/a[1]/@href' >> $settings_file
-    echo '    title_xpath : //dt' >> $settings_file
-    echo '    content_xpath : //dd' >> $settings_file
-    echo '    suggestion_xpath : //a[@class="crossreference"]' >> $settings_file
-    echo '    first_page_num : 0' >> $settings_file
-    echo '    shortcut : et' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : 500px' >> $settings_file
-    echo '    engine : www500px' >> $settings_file
-    echo '    shortcut : px' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : 1x' >> $settings_file
-    echo '    engine : www1x' >> $settings_file
-    echo '    shortcut : 1x' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : fdroid' >> $settings_file
-    echo '    engine : fdroid' >> $settings_file
-    echo '    shortcut : fd' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : flickr' >> $settings_file
-    echo '    categories : images' >> $settings_file
-    echo '    shortcut : fl' >> $settings_file
-    echo '# You can use the engine using the official stable API, but you need an API key' >> $settings_file
-    echo '# See : https://www.flickr.com/services/apps/create/' >> $settings_file
-    echo '#    engine : flickr' >> $settings_file
-    echo '#    api_key: 'apikey' # required!' >> $settings_file
-    echo '# Or you can use the html non-stable engine, activated by default' >> $settings_file
-    echo '    engine : flickr_noapi' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : frinkiac' >> $settings_file
-    echo '    engine : frinkiac' >> $settings_file
-    echo '    shortcut : frk' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : gigablast' >> $settings_file
-    echo '    engine : gigablast' >> $settings_file
-    echo '    shortcut : gb' >> $settings_file
-    echo '    timeout : 3.0' >> $settings_file
-    echo '    disabled: True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : gitlab' >> $settings_file
-    echo '    engine : json_engine' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    search_url : https://gitlab.com/api/v4/projects?search={query}&page={pageno}' >> $settings_file
-    echo '    url_query : web_url' >> $settings_file
-    echo '    title_query : name_with_namespace' >> $settings_file
-    echo '    content_query : description' >> $settings_file
-    echo '    page_size : 20' >> $settings_file
-    echo '    categories : code' >> $settings_file
-    echo '    shortcut : gl' >> $settings_file
-    echo '    timeout : 10.0' >> $settings_file
-    echo '    disabled : False' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : github' >> $settings_file
-    echo '    engine : github' >> $settings_file
-    echo '    shortcut : gh' >> $settings_file
-    echo '    categories : code' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : geektimes' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    search_url : https://geektimes.ru/search/page{pageno}/?q={query}' >> $settings_file
-    echo '    url_xpath : //div[@class="search_results"]//a[@class="post__title_link"]/@href' >> $settings_file
-    echo '    title_xpath : //div[@class="search_results"]//a[@class="post__title_link"]' >> $settings_file
-    echo '    content_xpath : //div[@class="search_results"]//div[contains(@class, "content")]' >> $settings_file
-    echo '    categories : code' >> $settings_file
-    echo '    timeout : 4.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '    shortcut : gt' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : habrahabr' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    search_url : https://habrahabr.ru/search/page{pageno}/?q={query}' >> $settings_file
-    echo '    url_xpath : //div[@class="search_results"]//a[contains(@class, "post__title_link")]/@href' >> $settings_file
-    echo '    title_xpath : //div[@class="search_results"]//a[contains(@class, "post__title_link")]' >> $settings_file
-    echo '    content_xpath : //div[@class="search_results"]//div[contains(@class, "content")]' >> $settings_file
-    echo '    categories : code' >> $settings_file
-    echo '    timeout : 4.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '    shortcut : habr' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : hoogle' >> $settings_file
-    echo '    engine : json_engine' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    search_url : https://www.haskell.org/hoogle/?mode=json&hoogle={query}&start={pageno}' >> $settings_file
-    echo '    results_query : results' >> $settings_file
-    echo '    url_query : location' >> $settings_file
-    echo '    title_query : self' >> $settings_file
-    echo '    content_query : docs' >> $settings_file
-    echo '    page_size : 20' >> $settings_file
-    echo '    categories : code' >> $settings_file
-    echo '    shortcut : ho' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : ina' >> $settings_file
-    echo '    engine : ina' >> $settings_file
-    echo '    shortcut : in' >> $settings_file
-    echo '    timeout : 6.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name: kickass' >> $settings_file
-    echo '    engine : kickass' >> $settings_file
-    echo '    shortcut : kc' >> $settings_file
-    echo '    timeout : 4.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : library genesis' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    search_url : http://libgen.io/search.php?req={query}' >> $settings_file
-    echo '    url_xpath : //a[contains(@href,"bookfi.net")]/@href' >> $settings_file
-    echo '    title_xpath : //a[contains(@href,"book/")]/text()[1]' >> $settings_file
-    echo '    content_xpath : //td/a[1][contains(@href,"=author")]/text()' >> $settings_file
-    echo '    categories : general' >> $settings_file
-    echo '    timeout : 7.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '    shortcut : lg' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : lobste.rs' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    search_url : https://lobste.rs/search?utf8=%E2%9C%93&q={query}&what=stories&order=relevance' >> $settings_file
-    echo '    results_xpath : //li[contains(@class, "story")]' >> $settings_file
-    echo '    url_xpath : .//span[@class="link"]/a/@href' >> $settings_file
-    echo '    title_xpath : .//span[@class="link"]/a' >> $settings_file
-    echo '    content_xpath : .//a[@class="domain"]' >> $settings_file
-    echo '    categories : code' >> $settings_file
-    echo '    shortcut : lo' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : mixcloud' >> $settings_file
-    echo '    engine : mixcloud' >> $settings_file
-    echo '    shortcut : mc' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : nyaa' >> $settings_file
-    echo '    engine : nyaa' >> $settings_file
-    echo '    shortcut : nt' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : openstreetmap' >> $settings_file
-    echo '    engine : openstreetmap' >> $settings_file
-    echo '    shortcut : osm' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : openrepos' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    search_url : https://openrepos.net/search/node/{query}?page={pageno}' >> $settings_file
-    echo '    url_xpath : //li[@class="search-result"]//h3[@class="title"]/a/@href' >> $settings_file
-    echo '    title_xpath : //li[@class="search-result"]//h3[@class="title"]/a' >> $settings_file
-    echo '    content_xpath : //li[@class="search-result"]//div[@class="search-snippet-info"]//p[@class="search-snippet"]' >> $settings_file
-    echo '    categories : files' >> $settings_file
-    echo '    timeout : 4.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '    shortcut : or' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : pdbe' >> $settings_file
-    echo '    engine : pdbe' >> $settings_file
-    echo '    shortcut : pdb' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : photon' >> $settings_file
-    echo '    engine : photon' >> $settings_file
-    echo '    shortcut : ph' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : piratebay' >> $settings_file
-    echo '    engine : piratebay' >> $settings_file
-    echo '    shortcut : tpb' >> $settings_file
-    echo '    url: https://pirateproxy.red/' >> $settings_file
-    echo '    timeout : 3.0' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : qwant' >> $settings_file
-    echo '    engine : qwant' >> $settings_file
-    echo '    shortcut : qw' >> $settings_file
-    echo '    categories : general' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : qwant images' >> $settings_file
-    echo '    engine : qwant' >> $settings_file
-    echo '    shortcut : qwi' >> $settings_file
-    echo '    categories : images' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : qwant news' >> $settings_file
-    echo '    engine : qwant' >> $settings_file
-    echo '    shortcut : qwn' >> $settings_file
-    echo '    categories : news' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : qwant social' >> $settings_file
-    echo '    engine : qwant' >> $settings_file
-    echo '    shortcut : qws' >> $settings_file
-    echo '    categories : social media' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : reddit' >> $settings_file
-    echo '    engine : reddit' >> $settings_file
-    echo '    shortcut : re' >> $settings_file
-    echo '    page_size : 25' >> $settings_file
-    echo '    timeout : 10.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : scanr structures' >> $settings_file
-    echo '    shortcut: scs' >> $settings_file
-    echo '    engine : scanr_structures' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : soundcloud' >> $settings_file
-    echo '    engine : soundcloud' >> $settings_file
-    echo '    shortcut : sc' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : stackoverflow' >> $settings_file
-    echo '    engine : stackoverflow' >> $settings_file
-    echo '    shortcut : st' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : searchcode doc' >> $settings_file
-    echo '    engine : searchcode_doc' >> $settings_file
-    echo '    shortcut : scd' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : searchcode code' >> $settings_file
-    echo '    engine : searchcode_code' >> $settings_file
-    echo '    shortcut : scc' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : framalibre' >> $settings_file
-    echo '    engine : framalibre' >> $settings_file
-    echo '    shortcut : frl' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : semantic scholar' >> $settings_file
-    echo '    engine : xpath' >> $settings_file
-    echo '    paging : True' >> $settings_file
-    echo '    search_url : https://www.semanticscholar.org/search?q={query}&sort=relevance&page={pageno}&ae=false' >> $settings_file
-    echo '    results_xpath : //article' >> $settings_file
-    echo '    url_xpath : .//div[@class="search-result-title"]/a/@href' >> $settings_file
-    echo '    title_xpath : .//div[@class="search-result-title"]/a' >> $settings_file
-    echo '    content_xpath : .//div[@class="search-result-abstract"]' >> $settings_file
-    echo '    shortcut : se' >> $settings_file
-    echo '    categories : science' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : spotify' >> $settings_file
-    echo '    engine : spotify' >> $settings_file
-    echo '    shortcut : stf' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : subtitleseeker' >> $settings_file
-    echo '    engine : subtitleseeker' >> $settings_file
-    echo '    shortcut : ss' >> $settings_file
-    echo '# The language is an option. You can put any language written in english' >> $settings_file
-    echo '# Examples : English, French, German, Hungarian, Chinese...' >> $settings_file
-    echo '#    language : English' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : startpage' >> $settings_file
-    echo '    engine : startpage' >> $settings_file
-    echo '    shortcut : sp' >> $settings_file
-    echo '    timeout : 6.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : ixquick' >> $settings_file
-    echo '    engine : startpage' >> $settings_file
-    echo "    base_url : 'https://www.ixquick.eu/'" >> $settings_file
-    echo "    search_url : 'https://www.ixquick.eu/do/search'" >> $settings_file
-    echo '    shortcut : iq' >> $settings_file
-    echo '    timeout : 6.0' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : swisscows' >> $settings_file
-    echo '    engine : swisscows' >> $settings_file
-    echo '    shortcut : sw' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : tokyotoshokan' >> $settings_file
-    echo '    engine : tokyotoshokan' >> $settings_file
-    echo '    shortcut : tt' >> $settings_file
-    echo '    timeout : 6.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : twitter' >> $settings_file
-    echo '    engine : twitter' >> $settings_file
-    echo '    shortcut : tw' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : urbandictionary' >> $settings_file
-    echo '    engine        : xpath' >> $settings_file
-    echo '    search_url    : http://www.urbandictionary.com/define.php?term={query}' >> $settings_file
-    echo '    url_xpath     : //*[@class="word"]/@href' >> $settings_file
-    echo '    title_xpath   : //*[@class="def-header"]' >> $settings_file
-    echo '    content_xpath : //*[@class="meaning"]' >> $settings_file
-    echo '    shortcut : ud' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : yandex' >> $settings_file
-    echo '    engine : yandex' >> $settings_file
-    echo '    shortcut : yn' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : youtube' >> $settings_file
-    echo '    shortcut : yt' >> $settings_file
-    echo '    # You can use the engine using the official stable API, but you need an API key' >> $settings_file
-    echo '    # See : https://console.developers.google.com/project' >> $settings_file
-    echo '    #    engine : youtube_api' >> $settings_file
-    echo '    #    api_key: apikey # required!' >> $settings_file
-    echo '    # Or you can use the html non-stable engine, activated by default' >> $settings_file
-    echo '    engine : youtube_noapi' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : dailymotion' >> $settings_file
-    echo '    engine : dailymotion' >> $settings_file
-    echo '    shortcut : dm' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : vimeo' >> $settings_file
-    echo '    engine : vimeo' >> $settings_file
-    echo '    shortcut : vm' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : wolframalpha' >> $settings_file
-    echo '    shortcut : wa' >> $settings_file
-    echo '    # You can use the engine using the official stable API, but you need an API key' >> $settings_file
-    echo '    # See : http://products.wolframalpha.com/api/' >> $settings_file
-    echo '    # engine : wolframalpha_api' >> $settings_file
-    echo '    # api_key: '' # required!' >> $settings_file
-    echo '    engine : wolframalpha_noapi' >> $settings_file
-    echo '    timeout: 6.0' >> $settings_file
-    echo '    categories : science' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : seedpeer' >> $settings_file
-    echo '    engine : seedpeer' >> $settings_file
-    echo '    shortcut: speu'
-    echo '    categories: files, music, videos'
-    echo '    disabled: True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : dictzone' >> $settings_file
-    echo '    engine : dictzone' >> $settings_file
-    echo '    shortcut : dc' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : mymemory translated' >> $settings_file
-    echo '    engine : translated' >> $settings_file
-    echo '    shortcut : tl' >> $settings_file
-    echo '    timeout : 5.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '    # You can use without an API key, but you are limited to 1000 words/day' >> $settings_file
-    echo '    # See : http://mymemory.translated.net/doc/usagelimits.php' >> $settings_file
-    echo '    # api_key : ""' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : voat' >> $settings_file
-    echo '    engine: xpath' >> $settings_file
-    echo '    shortcut: vo' >> $settings_file
-    echo '    categories: social media' >> $settings_file
-    echo '    search_url : https://voat.co/search?q={query}' >> $settings_file
-    echo '    url_xpath : //p[contains(@class, "title")]/a/@href' >> $settings_file
-    echo '    title_xpath : //p[contains(@class, "title")]/a' >> $settings_file
-    echo '    content_xpath : //span[@class="domain"]' >> $settings_file
-    echo '    timeout : 10.0' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo '  - name : 1337x' >> $settings_file
-    echo '    engine : 1337x' >> $settings_file
-    echo '    shortcut : 1337x' >> $settings_file
-    echo '    disabled : True' >> $settings_file
-    echo '' >> $settings_file
-    echo 'locales:' >> $settings_file
-    echo '    en : English' >> $settings_file
-    echo '    bg : Български (Bulgarian)' >> $settings_file
-    echo '    cs : Čeština (Czech)' >> $settings_file
-    echo '    de : Deutsch (German)' >> $settings_file
-    echo '    de_DE : Deutsch (German_Germany)' >> $settings_file
-    echo '    el_GR : Ελληνικά (Greek_Greece)' >> $settings_file
-    echo '    eo : Esperanto (Esperanto)' >> $settings_file
-    echo '    es : Español (Spanish)' >> $settings_file
-    echo '    fi : Suomi (Finnish)' >> $settings_file
-    echo '    fr : Français (French)' >> $settings_file
-    echo '    he : עברית (Hebrew)' >> $settings_file
-    echo '    hu : Magyar (Hungarian)' >> $settings_file
-    echo '    it : Italiano (Italian)' >> $settings_file
-    echo '    ja : 日本語 (Japanese)' >> $settings_file
-    echo '    nl : Nederlands (Dutch)' >> $settings_file
-    echo '    pt : Português (Portuguese)' >> $settings_file
-    echo '    pt_BR : Português (Portuguese_Brazil)' >> $settings_file
-    echo '    ro : Română (Romanian)' >> $settings_file
-    echo '    ru : Русский (Russian)' >> $settings_file
-    echo '    sk : Slovenčina (Slovak)' >> $settings_file
-    echo '    sv : Svenska (Swedish)' >> $settings_file
-    echo '    tr : Türkçe (Turkish)' >> $settings_file
-    echo '    uk : українська мова (Ukrainian)' >> $settings_file
-    echo '    zh : 中文 (Chinese)' >> $settings_file
-    echo '' >> $settings_file
-    echo 'doi_resolvers :' >> $settings_file
-    echo "    oadoi.org : 'https://oadoi.org/'" >> $settings_file
-    echo "    doi.org : 'https://doi.org/'" >> $settings_file
-    echo "    doai.io : 'http://doai.io/'" >> $settings_file
-    echo '' >> $settings_file
-    echo "default_doi_resolver : 'oadoi.org'" >> $settings_file
+    { echo 'general:';
+      echo '    debug : False';
+      echo '    instance_name : "Freedombone Metasearch"';
+      echo '';
+      echo 'search:';
+      echo '    safe_search : 0 # Filter results. 0: None, 1: Moderate, 2: Strict';
+      echo '    autocomplete : "" # Existing autocomplete backends: "dbpedia", "duckduckgo", "startpage", "wikipedia" - leave blank to turn it off by default';
+      echo '    language : "all"';
+      echo '';
+      echo 'server:';
+      echo '    port : 8888';
+      echo '    bind_address : "127.0.0.1" # address to listen on';
+      echo "    secret_key : \"${SEARX_SECRET_KEY}\"";
+      echo "    base_url : http://${SEARX_ONION_HOSTNAME}/";
+      echo '    image_proxy : True # Proxying image results through searx';
+      echo '    http_protocol_version : "1.1"  # 1.0 and 1.1 are supported';
+      echo '';
+      echo 'ui:';
+      echo '    static_path : "" # Custom static path - leave it blank if you didnt change';
+      echo '    templates_path : "" # Custom templates path - leave it blank if you didnt change';
+      echo '    themes_path : "" # Custom ui themes path';
+      echo '    default_theme : courgette # ui theme';
+      echo '    default_locale : "" # Default interface locale - leave blank to detect from browser information or use codes from the 'locales' config section';
+      echo '';
+      echo 'outgoing: # communication with search engines';
+      echo '    request_timeout : 10.0 # seconds';
+      echo '    useragent_suffix : "" # suffix of searx_useragent, could contain informations like an email address to the administrator';
+      echo '    pool_connections : 100 # Number of different hosts';
+      echo '    pool_maxsize : 10 # Number of simultaneous requests by host';
+      echo '    proxies :';
+      echo '        http : socks5://127.0.0.1:9050';
+      echo '';
+      echo 'engines:';
+      echo '  - name : arch linux wiki';
+      echo '    engine : archlinux';
+      echo '    categories : general';
+      echo '    shortcut : al';
+      echo '';
+      echo '  - name : archive is';
+      echo '    engine : xpath';
+      echo '    search_url : https://archive.is/{query}';
+      echo '    url_xpath : (//div[@class="TEXT-BLOCK"]/a)/@href';
+      echo '    title_xpath : (//div[@class="TEXT-BLOCK"]/a)';
+      echo '    content_xpath : //div[@class="TEXT-BLOCK"]/ul/li';
+      echo '    categories : general';
+      echo '    timeout : 7.0';
+      echo '    disabled : True';
+      echo '    shortcut : ai';
+      echo '';
+      echo '  - name : base';
+      echo '    engine : base';
+      echo '    shortcut : bs';
+      echo '';
+      echo '  - name : wikipedia';
+      echo '    engine : wikipedia';
+      echo '    shortcut : wp';
+      echo '    categories : general';
+      echo '    base_url : "https://{language}.wikipedia.org/"';
+      echo '';
+      echo '  - name : bitbucket';
+      echo '    engine : xpath';
+      echo '    paging : True';
+      echo '    search_url : https://bitbucket.org/repo/all/{pageno}?name={query}';
+      echo '    url_xpath : //article[@class="repo-summary"]//a[@class="repo-link"]/@href';
+      echo '    title_xpath : //article[@class="repo-summary"]//a[@class="repo-link"]';
+      echo '    content_xpath : //article[@class="repo-summary"]/p';
+      echo '    categories : code';
+      echo '    timeout : 4.0';
+      echo '    disabled : True';
+      echo '    shortcut : bb';
+      echo '';
+      echo '  - name : ccc-tv';
+      echo '    engine : xpath';
+      echo '    paging : False';
+      echo '    search_url : https://media.ccc.de/search/?q={query}';
+      echo '    url_xpath : //div[@class="caption"]/h3/a/@href';
+      echo '    title_xpath : //div[@class="caption"]/h3/a/text()';
+      echo '    content_xpath : //div[@class="caption"]/h4/@title';
+      echo '    categories : videos';
+      echo '    shortcut : c3tv';
+      echo '';
+      echo '  - name : crossref';
+      echo '    engine : json_engine';
+      echo '    paging : True';
+      echo '    search_url : http://search.crossref.org/dois?q={query}&page={pageno}';
+      echo '    url_query : doi';
+      echo '    title_query : title';
+      echo '    content_query : fullCitation';
+      echo '    categories : science';
+      echo '    shortcut : cr';
+      echo '';
+      echo '  - name : currency';
+      echo '    engine : currency_convert';
+      echo '    categories : general';
+      echo '    shortcut : cc';
+      echo '';
+      echo '  - name : deezer';
+      echo '    engine : deezer';
+      echo '    shortcut : dz';
+      echo '';
+      echo '  - name : deviantart';
+      echo '    engine : deviantart';
+      echo '    shortcut : da';
+      echo '    timeout: 3.0';
+      echo '';
+      echo '  - name : ddg definitions';
+      echo '    engine : duckduckgo_definitions';
+      echo '    shortcut : ddd';
+      echo '    weight : 2';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : digbt';
+      echo '    engine : digbt';
+      echo '    shortcut : dbt';
+      echo '    timeout : 6.0';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : erowid';
+      echo '    engine : xpath';
+      echo '    paging : True';
+      echo '    first_page_num : 0';
+      echo '    page_size : 30';
+      echo '    search_url : https://www.erowid.org/search.php?q={query}&s={pageno}';
+      echo '    url_xpath : //dl[@class="results-list"]/dt[@class="result-title"]/a/@href';
+      echo '    title_xpath : //dl[@class="results-list"]/dt[@class="result-title"]/a/text()';
+      echo '    content_xpath : //dl[@class="results-list"]/dd[@class="result-details"]';
+      echo '    categories : general';
+      echo '    shortcut : ew';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : wikidata';
+      echo '    engine : wikidata';
+      echo '    shortcut : wd';
+      echo '    weight : 2';
+      echo '';
+      echo '  - name : duckduckgo';
+      echo '    engine : duckduckgo';
+      echo '    shortcut : ddg';
+      echo '    categories : general';
+      echo '';
+      echo '  - name : etymonline';
+      echo '    engine : xpath';
+      echo '    paging : True';
+      echo '    search_url : http://etymonline.com/?search={query}&p={pageno}';
+      echo '    url_xpath : //dt/a[1]/@href';
+      echo '    title_xpath : //dt';
+      echo '    content_xpath : //dd';
+      echo '    suggestion_xpath : //a[@class="crossreference"]';
+      echo '    first_page_num : 0';
+      echo '    shortcut : et';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : 500px';
+      echo '    engine : www500px';
+      echo '    shortcut : px';
+      echo '';
+      echo '  - name : 1x';
+      echo '    engine : www1x';
+      echo '    shortcut : 1x';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : fdroid';
+      echo '    engine : fdroid';
+      echo '    shortcut : fd';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : flickr';
+      echo '    categories : images';
+      echo '    shortcut : fl';
+      echo '# You can use the engine using the official stable API, but you need an API key';
+      echo '# See : https://www.flickr.com/services/apps/create/';
+      echo '#    engine : flickr';
+      echo "#    api_key: 'apikey' # required!";
+      echo '# Or you can use the html non-stable engine, activated by default';
+      echo '    engine : flickr_noapi';
+      echo '';
+      echo '  - name : frinkiac';
+      echo '    engine : frinkiac';
+      echo '    shortcut : frk';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : gigablast';
+      echo '    engine : gigablast';
+      echo '    shortcut : gb';
+      echo '    timeout : 3.0';
+      echo '    disabled: True';
+      echo '';
+      echo '  - name : gitlab';
+      echo '    engine : json_engine';
+      echo '    paging : True';
+      echo '    search_url : https://gitlab.com/api/v4/projects?search={query}&page={pageno}';
+      echo '    url_query : web_url';
+      echo '    title_query : name_with_namespace';
+      echo '    content_query : description';
+      echo '    page_size : 20';
+      echo '    categories : code';
+      echo '    shortcut : gl';
+      echo '    timeout : 10.0';
+      echo '    disabled : False';
+      echo '';
+      echo '  - name : github';
+      echo '    engine : github';
+      echo '    shortcut : gh';
+      echo '    categories : code';
+      echo '';
+      echo '  - name : geektimes';
+      echo '    engine : xpath';
+      echo '    paging : True';
+      echo '    search_url : https://geektimes.ru/search/page{pageno}/?q={query}';
+      echo '    url_xpath : //div[@class="search_results"]//a[@class="post__title_link"]/@href';
+      echo '    title_xpath : //div[@class="search_results"]//a[@class="post__title_link"]';
+      echo '    content_xpath : //div[@class="search_results"]//div[contains(@class, "content")]';
+      echo '    categories : code';
+      echo '    timeout : 4.0';
+      echo '    disabled : True';
+      echo '    shortcut : gt';
+      echo '';
+      echo '  - name : habrahabr';
+      echo '    engine : xpath';
+      echo '    paging : True';
+      echo '    search_url : https://habrahabr.ru/search/page{pageno}/?q={query}';
+      echo '    url_xpath : //div[@class="search_results"]//a[contains(@class, "post__title_link")]/@href';
+      echo '    title_xpath : //div[@class="search_results"]//a[contains(@class, "post__title_link")]';
+      echo '    content_xpath : //div[@class="search_results"]//div[contains(@class, "content")]';
+      echo '    categories : code';
+      echo '    timeout : 4.0';
+      echo '    disabled : True';
+      echo '    shortcut : habr';
+      echo '';
+      echo '  - name : hoogle';
+      echo '    engine : json_engine';
+      echo '    paging : True';
+      echo '    search_url : https://www.haskell.org/hoogle/?mode=json&hoogle={query}&start={pageno}';
+      echo '    results_query : results';
+      echo '    url_query : location';
+      echo '    title_query : self';
+      echo '    content_query : docs';
+      echo '    page_size : 20';
+      echo '    categories : code';
+      echo '    shortcut : ho';
+      echo '';
+      echo '  - name : ina';
+      echo '    engine : ina';
+      echo '    shortcut : in';
+      echo '    timeout : 6.0';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name: kickass';
+      echo '    engine : kickass';
+      echo '    shortcut : kc';
+      echo '    timeout : 4.0';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : library genesis';
+      echo '    engine : xpath';
+      echo '    search_url : http://libgen.io/search.php?req={query}';
+      echo '    url_xpath : //a[contains(@href,"bookfi.net")]/@href';
+      echo '    title_xpath : //a[contains(@href,"book/")]/text()[1]';
+      echo '    content_xpath : //td/a[1][contains(@href,"=author")]/text()';
+      echo '    categories : general';
+      echo '    timeout : 7.0';
+      echo '    disabled : True';
+      echo '    shortcut : lg';
+      echo '';
+      echo '  - name : lobste.rs';
+      echo '    engine : xpath';
+      echo '    search_url : https://lobste.rs/search?utf8=%E2%9C%93&q={query}&what=stories&order=relevance';
+      echo '    results_xpath : //li[contains(@class, "story")]';
+      echo '    url_xpath : .//span[@class="link"]/a/@href';
+      echo '    title_xpath : .//span[@class="link"]/a';
+      echo '    content_xpath : .//a[@class="domain"]';
+      echo '    categories : code';
+      echo '    shortcut : lo';
+      echo '';
+      echo '  - name : mixcloud';
+      echo '    engine : mixcloud';
+      echo '    shortcut : mc';
+      echo '';
+      echo '  - name : nyaa';
+      echo '    engine : nyaa';
+      echo '    shortcut : nt';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : openstreetmap';
+      echo '    engine : openstreetmap';
+      echo '    shortcut : osm';
+      echo '';
+      echo '  - name : openrepos';
+      echo '    engine : xpath';
+      echo '    paging : True';
+      echo '    search_url : https://openrepos.net/search/node/{query}?page={pageno}';
+      echo '    url_xpath : //li[@class="search-result"]//h3[@class="title"]/a/@href';
+      echo '    title_xpath : //li[@class="search-result"]//h3[@class="title"]/a';
+      echo '    content_xpath : //li[@class="search-result"]//div[@class="search-snippet-info"]//p[@class="search-snippet"]';
+      echo '    categories : files';
+      echo '    timeout : 4.0';
+      echo '    disabled : True';
+      echo '    shortcut : or';
+      echo '';
+      echo '  - name : pdbe';
+      echo '    engine : pdbe';
+      echo '    shortcut : pdb';
+      echo '';
+      echo '  - name : photon';
+      echo '    engine : photon';
+      echo '    shortcut : ph';
+      echo '';
+      echo '  - name : piratebay';
+      echo '    engine : piratebay';
+      echo '    shortcut : tpb';
+      echo '    url: https://pirateproxy.red/';
+      echo '    timeout : 3.0';
+      echo '';
+      echo '  - name : qwant';
+      echo '    engine : qwant';
+      echo '    shortcut : qw';
+      echo '    categories : general';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : qwant images';
+      echo '    engine : qwant';
+      echo '    shortcut : qwi';
+      echo '    categories : images';
+      echo '';
+      echo '  - name : qwant news';
+      echo '    engine : qwant';
+      echo '    shortcut : qwn';
+      echo '    categories : news';
+      echo '';
+      echo '  - name : qwant social';
+      echo '    engine : qwant';
+      echo '    shortcut : qws';
+      echo '    categories : social media';
+      echo '';
+      echo '  - name : reddit';
+      echo '    engine : reddit';
+      echo '    shortcut : re';
+      echo '    page_size : 25';
+      echo '    timeout : 10.0';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : scanr structures';
+      echo '    shortcut: scs';
+      echo '    engine : scanr_structures';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : soundcloud';
+      echo '    engine : soundcloud';
+      echo '    shortcut : sc';
+      echo '';
+      echo '  - name : stackoverflow';
+      echo '    engine : stackoverflow';
+      echo '    shortcut : st';
+      echo '';
+      echo '  - name : searchcode doc';
+      echo '    engine : searchcode_doc';
+      echo '    shortcut : scd';
+      echo '';
+      echo '  - name : searchcode code';
+      echo '    engine : searchcode_code';
+      echo '    shortcut : scc';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : framalibre';
+      echo '    engine : framalibre';
+      echo '    shortcut : frl';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : semantic scholar';
+      echo '    engine : xpath';
+      echo '    paging : True';
+      echo '    search_url : https://www.semanticscholar.org/search?q={query}&sort=relevance&page={pageno}&ae=false';
+      echo '    results_xpath : //article';
+      echo '    url_xpath : .//div[@class="search-result-title"]/a/@href';
+      echo '    title_xpath : .//div[@class="search-result-title"]/a';
+      echo '    content_xpath : .//div[@class="search-result-abstract"]';
+      echo '    shortcut : se';
+      echo '    categories : science';
+      echo '';
+      echo '  - name : spotify';
+      echo '    engine : spotify';
+      echo '    shortcut : stf';
+      echo '';
+      echo '  - name : subtitleseeker';
+      echo '    engine : subtitleseeker';
+      echo '    shortcut : ss';
+      echo '# The language is an option. You can put any language written in english';
+      echo '# Examples : English, French, German, Hungarian, Chinese...';
+      echo '#    language : English';
+      echo '';
+      echo '  - name : startpage';
+      echo '    engine : startpage';
+      echo '    shortcut : sp';
+      echo '    timeout : 6.0';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : ixquick';
+      echo '    engine : startpage';
+      echo "    base_url : 'https://www.ixquick.eu/'";
+      echo "    search_url : 'https://www.ixquick.eu/do/search'";
+      echo '    shortcut : iq';
+      echo '    timeout : 6.0';
+      echo '';
+      echo '  - name : swisscows';
+      echo '    engine : swisscows';
+      echo '    shortcut : sw';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : tokyotoshokan';
+      echo '    engine : tokyotoshokan';
+      echo '    shortcut : tt';
+      echo '    timeout : 6.0';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : twitter';
+      echo '    engine : twitter';
+      echo '    shortcut : tw';
+      echo '';
+      echo '  - name : urbandictionary';
+      echo '    engine        : xpath';
+      echo '    search_url    : http://www.urbandictionary.com/define.php?term={query}';
+      echo '    url_xpath     : //*[@class="word"]/@href';
+      echo '    title_xpath   : //*[@class="def-header"]';
+      echo '    content_xpath : //*[@class="meaning"]';
+      echo '    shortcut : ud';
+      echo '';
+      echo '  - name : yandex';
+      echo '    engine : yandex';
+      echo '    shortcut : yn';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : youtube';
+      echo '    shortcut : yt';
+      echo '    # You can use the engine using the official stable API, but you need an API key';
+      echo '    # See : https://console.developers.google.com/project';
+      echo '    #    engine : youtube_api';
+      echo '    #    api_key: apikey # required!';
+      echo '    # Or you can use the html non-stable engine, activated by default';
+      echo '    engine : youtube_noapi';
+      echo '';
+      echo '  - name : dailymotion';
+      echo '    engine : dailymotion';
+      echo '    shortcut : dm';
+      echo '';
+      echo '  - name : vimeo';
+      echo '    engine : vimeo';
+      echo '    shortcut : vm';
+      echo '';
+      echo '  - name : wolframalpha';
+      echo '    shortcut : wa';
+      echo '    # You can use the engine using the official stable API, but you need an API key';
+      echo '    # See : http://products.wolframalpha.com/api/';
+      echo '    # engine : wolframalpha_api';
+      echo '    # api_key: '' # required!';
+      echo '    engine : wolframalpha_noapi';
+      echo '    timeout: 6.0';
+      echo '    categories : science';
+      echo '';
+      echo '  - name : seedpeer';
+      echo '    engine : seedpeer';
+      echo '    shortcut: speu'
+      echo '    categories: files, music, videos'
+      echo '    disabled: True';
+      echo '';
+      echo '  - name : dictzone';
+      echo '    engine : dictzone';
+      echo '    shortcut : dc';
+      echo '';
+      echo '  - name : mymemory translated';
+      echo '    engine : translated';
+      echo '    shortcut : tl';
+      echo '    timeout : 5.0';
+      echo '    disabled : True';
+      echo '    # You can use without an API key, but you are limited to 1000 words/day';
+      echo '    # See : http://mymemory.translated.net/doc/usagelimits.php';
+      echo '    # api_key : ""';
+      echo '';
+      echo '  - name : voat';
+      echo '    engine: xpath';
+      echo '    shortcut: vo';
+      echo '    categories: social media';
+      echo '    search_url : https://voat.co/search?q={query}';
+      echo '    url_xpath : //p[contains(@class, "title")]/a/@href';
+      echo '    title_xpath : //p[contains(@class, "title")]/a';
+      echo '    content_xpath : //span[@class="domain"]';
+      echo '    timeout : 10.0';
+      echo '    disabled : True';
+      echo '';
+      echo '  - name : 1337x';
+      echo '    engine : 1337x';
+      echo '    shortcut : 1337x';
+      echo '    disabled : True';
+      echo '';
+      echo 'locales:';
+      echo '    en : English';
+      echo '    bg : Български (Bulgarian)';
+      echo '    cs : Čeština (Czech)';
+      echo '    de : Deutsch (German)';
+      echo '    de_DE : Deutsch (German_Germany)';
+      echo '    el_GR : Ελληνικά (Greek_Greece)';
+      echo '    eo : Esperanto (Esperanto)';
+      echo '    es : Español (Spanish)';
+      echo '    fi : Suomi (Finnish)';
+      echo '    fr : Français (French)';
+      echo '    he : עברית (Hebrew)';
+      echo '    hu : Magyar (Hungarian)';
+      echo '    it : Italiano (Italian)';
+      echo '    ja : 日本語 (Japanese)';
+      echo '    nl : Nederlands (Dutch)';
+      echo '    pt : Português (Portuguese)';
+      echo '    pt_BR : Português (Portuguese_Brazil)';
+      echo '    ro : Română (Romanian)';
+      echo '    ru : Русский (Russian)';
+      echo '    sk : Slovenčina (Slovak)';
+      echo '    sv : Svenska (Swedish)';
+      echo '    tr : Türkçe (Turkish)';
+      echo '    uk : українська мова (Ukrainian)';
+      echo '    zh : 中文 (Chinese)';
+      echo '';
+      echo 'doi_resolvers :';
+      echo "    oadoi.org : 'https://oadoi.org/'";
+      echo "    doi.org : 'https://doi.org/'";
+      echo "    doai.io : 'http://doai.io/'";
+      echo '';
+      echo "default_doi_resolver : 'oadoi.org'"; } > $settings_file
 }
 
 function upgrade_searx {
@@ -852,8 +855,8 @@ function remove_searx {
         rm -rf ${SEARX_PATH}/searx
     fi
     remove_completion_param install_searx
-    sed -i '/Search engine /d' $COMPLETION_FILE
-    sed -i '/searx /d' $COMPLETION_FILE
+    sed -i '/Search engine /d' "$COMPLETION_FILE"
+    sed -i '/searx /d' "$COMPLETION_FILE"
 }
 
 function install_searx {
@@ -876,44 +879,37 @@ function install_searx {
 
     pip install --upgrade pip
 
-    pip install certifi
-    if [ ! "$?" = "0" ]; then
+    if ! pip install certifi; then
         echo $'Failed to install certifi'
         exit 737692
     fi
 
-    pip install pyyaml
-    if [ ! "$?" = "0" ]; then
+    if ! pip install pyyaml; then
         echo $'Failed to install pyyaml'
         exit 469242
     fi
 
-    pip install flask --upgrade
-    if [ ! "$?" = "0" ]; then
+    if ! pip install flask --upgrade; then
         echo $'Failed to install flask'
         exit 888575
     fi
 
-    pip install flask_restless --upgrade
-    if [ ! "$?" = "0" ]; then
+    if ! pip install flask_restless --upgrade; then
         echo $'Failed to install flask_restless'
         exit 54835
     fi
 
-    pip install flask_babel --upgrade
-    if [ ! "$?" = "0" ]; then
+    if ! pip install flask_babel --upgrade; then
         echo $'Failed to install flask_babel'
         exit 63738
     fi
 
-    pip install requests --upgrade
-    if [ ! "$?" = "0" ]; then
+    if ! pip install requests --upgrade; then
         echo $'Failed to install requests'
         exit 357282
     fi
 
-    pip install pygments --upgrade
-    if [ ! "$?" = "0" ]; then
+    if ! pip install pygments --upgrade; then
         echo $'Failed to install pygments'
         exit 357282
     fi
@@ -923,12 +919,12 @@ function install_searx {
     fi
 
     # clone the repo
-    cd $SEARX_PATH
+    cd $SEARX_PATH || exit 26482468
 
     if [ -d /repos/searx ]; then
         mkdir searx
         cp -r -p /repos/searx/. searx
-        cd searx
+        cd searx || exit 2468246
         git pull
     else
         function_check git_clone
@@ -946,57 +942,57 @@ function install_searx {
     adduser searx debian-tor
 
     # daemon
-    echo '[Unit]' > /etc/systemd/system/searx.service
-    echo 'Description=Searx (search engine)' >> /etc/systemd/system/searx.service
-    echo 'After=syslog.target' >> /etc/systemd/system/searx.service
-    echo 'After=network.target' >> /etc/systemd/system/searx.service
-    echo '' >> /etc/systemd/system/searx.service
-    echo '[Service]' >> /etc/systemd/system/searx.service
-    echo 'Type=simple' >> /etc/systemd/system/searx.service
-    echo 'User=searx' >> /etc/systemd/system/searx.service
-    echo 'Group=searx' >> /etc/systemd/system/searx.service
-    echo "WorkingDirectory=${SEARX_PATH}/searx" >> /etc/systemd/system/searx.service
-    echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py" >> /etc/systemd/system/searx.service
-    echo 'Restart=always' >> /etc/systemd/system/searx.service
-    echo 'Environment="USER=searx"' >> /etc/systemd/system/searx.service
-    echo '' >> /etc/systemd/system/searx.service
-    echo '[Install]' >> /etc/systemd/system/searx.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/searx.service
+    { echo '[Unit]';
+      echo 'Description=Searx (search engine)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=searx';
+      echo 'Group=searx';
+      echo "WorkingDirectory=${SEARX_PATH}/searx";
+      echo "ExecStart=/usr/bin/python ${SEARX_PATH}/searx/searx/webapp.py";
+      echo 'Restart=always';
+      echo 'Environment="USER=searx"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/searx.service
 
     # create a webserver file
-    echo 'server {' > /etc/nginx/sites-available/searx
-    echo "    listen 127.0.0.1:${SEARX_ONION_PORT} default_server;" >> /etc/nginx/sites-available/searx
-    echo "    root ${SEARX_PATH}/searx;" >> /etc/nginx/sites-available/searx
-    echo "    server_name ${SEARX_ONION_HOSTNAME};" >> /etc/nginx/sites-available/searx
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/searx
-    echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${SEARX_ONION_PORT} default_server;";
+      echo "    root ${SEARX_PATH}/searx;";
+      echo "    server_name ${SEARX_ONION_HOSTNAME};";
+      echo '    access_log /dev/null;';
+      echo "    error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;";
+      echo ''; } > /etc/nginx/sites-available/searx
     function_check nginx_disable_sniffing
     nginx_disable_sniffing searx
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
-    echo '    location / {' >> /etc/nginx/sites-available/searx
+    { echo '    add_header Strict-Transport-Security max-age=0;';
+      echo '';
+      echo '    location / {'; } >> /etc/nginx/sites-available/searx
     function_check nginx_limits
     nginx_limits searx '1M'
-    echo '        proxy_pass http://localhost:8888;' >> /etc/nginx/sites-available/searx
-    echo "        #auth_basic \"${SEARX_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
-    echo '        #auth_basic_user_file /etc/nginx/.htpasswd;' >> /etc/nginx/sites-available/searx
-    echo '    }' >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/searx
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/searx
-    echo '' >> /etc/nginx/sites-available/searx
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/searx
-    echo '        allow all;' >> /etc/nginx/sites-available/searx
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/searx
-    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/searx
-    echo '    }' >> /etc/nginx/sites-available/searx
-    echo '}' >> /etc/nginx/sites-available/searx
+    { echo '        proxy_pass http://localhost:8888;';
+      echo "        #auth_basic \"${SEARX_LOGIN_TEXT}\";";
+      echo '        #auth_basic_user_file /etc/nginx/.htpasswd;';
+      echo '    }';
+      echo '';
+      echo '    fastcgi_buffers 64 4K;';
+      echo '';
+      echo '    error_page 403 /core/templates/403.php;';
+      echo '    error_page 404 /core/templates/404.php;';
+      echo '';
+      echo '    location = /robots.txt {';
+      echo '        allow all;';
+      echo '        log_not_found off;';
+      echo '        access_log /dev/null;';
+      echo '    }';
+      echo '}'; } >> /etc/nginx/sites-available/searx
 
     # replace the secret key
-    if ! grep -q "searx key" $COMPLETION_FILE; then
+    if ! grep -q "searx key" "$COMPLETION_FILE"; then
         SEARX_SECRET_KEY="$(create_password 30)"
         set_completion_param "searx key" "${SEARX_SECRET_KEY}"
     fi
@@ -1019,12 +1015,12 @@ function install_searx {
     systemctl daemon-reload
     systemctl start searx.service
 
-    SEARX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a searx -p "$SEARX_PASSWORD"
+    SEARX_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a searx -p "$SEARX_PASSWORD"
     if grep -q "$MY_USERNAME:" /etc/nginx/.htpasswd; then
         sed -i "/$MY_USERNAME:/d" /etc/nginx/.htpasswd
     fi
-    echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd $MY_USERNAME
+    echo "$SEARX_PASSWORD" | htpasswd -i -s -c /etc/nginx/.htpasswd "$MY_USERNAME"
 
     APP_INSTALLED=1
 }

From 7888f7ae6313f08465d3c1425a2eaf0af24cafd4 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 1 Mar 2018 11:45:51 +0000
Subject: [PATCH 19/67] Tidying

---
 src/freedombone-app-syncthing | 186 ++++++++--------
 src/freedombone-app-tahoelafs | 317 +++++++++++++-------------
 src/freedombone-app-tox       | 398 ++++++++++++++++-----------------
 src/freedombone-app-turtl     | 154 +++++++------
 src/freedombone-app-vim       | 122 +++++-----
 src/freedombone-app-vpn       | 408 +++++++++++++++++-----------------
 6 files changed, 807 insertions(+), 778 deletions(-)

diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing
index 1cebff14..7d46f794 100755
--- a/src/freedombone-app-syncthing
+++ b/src/freedombone-app-syncthing
@@ -66,12 +66,12 @@ function syncthing_create_ids_file {
 
     SYNCTHING_ID=$(cat ~/.syncthing-server-id)
     if [ ! -f $SYNCTHING_CONFIG_FILE ]; then
-        echo $'# Your syncthing configuration file' > $SYNCTHING_CONFIG_FILE
-        echo '#' >> $SYNCTHING_CONFIG_FILE
-        echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID" >> $SYNCTHING_CONFIG_FILE
-        echo '#' >> $SYNCTHING_CONFIG_FILE
-        echo '# Paste the IDs of your devices below' >> $SYNCTHING_CONFIG_FILE
-        echo '#' >> $SYNCTHING_CONFIG_FILE
+        { echo $'# Your syncthing configuration file';
+          echo '#';
+          echo $"# The ${PROJECT_NAME} syncthing ID is: $SYNCTHING_ID";
+          echo '#';
+          echo '# Paste the IDs of your devices below';
+          echo '#'; } > $SYNCTHING_CONFIG_FILE
     fi
 }
 
@@ -94,12 +94,13 @@ function syncthing_show_id {
     SYNCTHING_ID=$(cat ~/.syncthing-server-id)
     dialog --title $"Device ID for ${PROJECT_NAME}" \
            --backtitle $"Freedombone User Control Panel" \
-           --msgbox $"In a desktop terminal press shift and select the ID below,\nthen right click and copy.\n\nWithin Connectbot select Menu/Copy and then highlight the ID below\n\n$SYNCTHING_ID\n\nAlternatively press Enter to display a QR code which can be scanned." 13 78
+           --msgbox $"In a desktop terminal press shift and select the ID below,\\nthen right click and copy.\\n\\nWithin Connectbot select Menu/Copy and then highlight the ID below\\n\\n$SYNCTHING_ID\\n\\nAlternatively press Enter to display a QR code which can be scanned." 13 78
     clear
     echo $'Your Syncthing ID code'
     echo ''
     echo -n "$SYNCTHING_ID" | qrencode -t UTF8
     echo ''
+    # shellcheck disable=SC2034
     read -n1 -rsp $"Press any key to continue..." key
 }
 
@@ -110,21 +111,24 @@ function syncthing_add_id {
 
     syncthing_create_ids_file
 
-    data=$(tempfile 2>/dev/null)
+    data=$(mktemp 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Add a Syncthing device ID" \
            --form $"Paste the device ID for your laptop/desktop/netbook/phone/tablet below" 9 80 2 \
            $"Device ID:" 1 1 "" 1 26 80 80 \
            $"Description (optional):" 2 1 "" 2 26 80 80 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p)
-    SYNCTHING_DESCRIPTION=$(cat $data | sed -n 2p)
+    SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
+    SYNCTHING_DESCRIPTION=$(sed -n 2p < "$data")
+    rm -f "$data"
 
     if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
         return
@@ -164,19 +168,21 @@ function syncthing_remove_id {
 
     syncthing_create_ids_file
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Remove a Syncthing device ID" \
            --form $"Paste the device ID which is to be removed below" 8 80 1 \
            $"Device ID:" 1 1 "" 1 14 80 80 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    SYNCTHING_DEVICE_ID=$(cat $data | sed -n 1p)
+    SYNCTHING_DEVICE_ID=$(sed -n 1p < "$data")
+    rm -f "$data"
 
     if [ ${#SYNCTHING_DEVICE_ID} -lt 10 ]; then
         return
@@ -212,8 +218,7 @@ function run_client_syncthing {
 
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"File Synchronization" \
                --radiolist $"Choose an operation:" 12 70 6 \
@@ -221,19 +226,23 @@ function run_client_syncthing {
                2 $"Add an ID for another machine or device" off \
                3 $"Remove an ID for another machine or device" off \
                4 $"Manually edit device IDs" off \
-               5 $"Back to main menu" on 2> $data
+               5 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) break;;
-            255) break;;
+            1) rm -f "$data"
+               break;;
+            255) rm -f "$data"
+                 break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) syncthing_show_id;;
             2) syncthing_add_id;;
             3) syncthing_remove_id;;
             4) syncthing_manual_edit;;
-            5) break;;
+            5) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -260,21 +269,21 @@ function backup_local_syncthing {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
         fi
@@ -288,7 +297,7 @@ function restore_local_syncthing {
     fi
 
     temp_restore_dir=/root/tempsyncthing
-    if [ -d $USB_MOUNT/backup/syncthingconfig ]; then
+    if [ -d "$USB_MOUNT/backup/syncthingconfig" ]; then
         echo $"Restoring syncthing configuration"
         function_check restore_directory_from_usb
         restore_directory_from_usb ${temp_restore_dir}config syncthingconfig
@@ -297,9 +306,7 @@ function restore_local_syncthing {
         if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
             mkdir -p $SYNCTHING_CONFIG_PATH
         fi
-        cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/
-
-        if [ ! "$?" = "0" ]; then
+        if ! cp -r ${temp_restore_dir}config/* $SYNCTHING_CONFIG_PATH/; then
             set_user_permissions
             backup_unmount_drive
             systemctl start syncthing
@@ -309,7 +316,7 @@ function restore_local_syncthing {
         rm -rf ${temp_restore_dir}config
     fi
 
-    if [ -d $USB_MOUNT/backup/syncthingshared ]; then
+    if [ -d "$USB_MOUNT/backup/syncthingshared" ]; then
         echo $"Restoring syncthing shared files"
         restore_directory_from_usb ${temp_restore_dir}shared syncthingshared
         #cp -r ${temp_restore_dir}shared/* /
@@ -321,28 +328,29 @@ function restore_local_syncthing {
         rm -rf ${temp_restore_dir}shared
     fi
 
-    if [ -d $USB_MOUNT/backup/syncthing ]; then
+    if [ -d "$USB_MOUNT/backup/syncthing" ]; then
         for d in $USB_MOUNT/backup/syncthing/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring syncthing files for $USERNAME"
-                restore_directory_from_usb ${temp_restore_dir} syncthing/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/Sync ]; then
-                    cp -r ${temp_restore_dir}/home/$USERNAME/Sync /home/$USERNAME/
+                restore_directory_from_usb "${temp_restore_dir}" "syncthing/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/Sync" ]; then
+                    cp -r "${temp_restore_dir}/home/$USERNAME/Sync" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/Sync ]; then
-                        mkdir /home/$USERNAME/Sync
+                    if [ ! -d "/home/$USERNAME/Sync" ]; then
+                        mkdir "/home/$USERNAME/Sync"
                     fi
                     if [ -d /root/Sync ]; then
-                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        cp -r /root/Sync/* "/home/$USERNAME/Sync/"
                         rm -rf /root/Sync
                     else
-                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                        cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     set_user_permissions
@@ -354,13 +362,13 @@ function restore_local_syncthing {
                 rm -rf ${temp_restore_dir}
 
                 # restore device IDs from config settings
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
                 fi
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
                 fi
             fi
         done
@@ -389,21 +397,21 @@ function backup_remote_syncthing {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
         fi
@@ -416,7 +424,7 @@ function restore_remote_syncthing {
         systemctl stop cron
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/syncthingconfig ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/syncthingconfig" ]; then
         echo $"Restoring syncthing configuration"
         temp_restore_dir=/root/tempsyncthingconfig
         function_check restore_directory_from_friend
@@ -425,8 +433,7 @@ function restore_remote_syncthing {
         if [ ! -d $SYNCTHING_CONFIG_PATH ]; then
             mkdir -p $SYNCTHING_CONFIG_PATH
         fi
-        cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/
-        if [ ! "$?" = "0" ]; then
+        if ! cp -r ${temp_restore_dir}/* $SYNCTHING_CONFIG_PATH/; then
             systemctl start syncthing
             systemctl start cron
             exit 6833
@@ -434,7 +441,7 @@ function restore_remote_syncthing {
         rm -rf $temp_restore_dir
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/syncthingshared ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/syncthingshared" ]; then
         echo $"Restoring syncthing shared files"
         temp_restore_dir=/root/tempsyncthingshared
         function_check restore_directory_from_friend
@@ -446,30 +453,31 @@ function restore_remote_syncthing {
         rm -rf ${temp_restore_dir}
     fi
 
-    if [ -d $SERVER_DIRECTORY/backup/syncthing ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/syncthing" ]; then
         for d in $SERVER_DIRECTORY/backup/syncthing/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring syncthing files for $USERNAME"
                 temp_restore_dir=/root/tempsyncthing
                 function_check restore_directory_from_friend
-                restore_directory_from_friend $temp_restore_dir syncthing/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/Sync ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/Sync /home/$USERNAME/
+                restore_directory_from_friend "$temp_restore_dir" "syncthing/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/Sync" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/Sync" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/Sync ]; then
-                        mkdir /home/$USERNAME/Sync
+                    if [ ! -d "/home/$USERNAME/Sync" ]; then
+                        mkdir "/home/$USERNAME/Sync"
                     fi
                     if [ -d /root/Sync ]; then
-                        cp -r /root/Sync/* /home/$USERNAME/Sync/
+                        cp -r /root/Sync/* "/home/$USERNAME/Sync/"
                         rm -rf /root/Sync
                     else
-                        cp -r ${temp_restore_dir}/* /home/$USERNAME/Sync/
+                        cp -r "${temp_restore_dir}/*" "/home/$USERNAME/Sync/"
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     systemctl start syncthing
@@ -479,13 +487,13 @@ function restore_remote_syncthing {
                 rm -rf $temp_restore_dir
 
                 # restore device IDs from config settings
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthing-server-id /home/$USERNAME/.syncthing-server-id
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthing-server-id" "/home/$USERNAME/.syncthing-server-id"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
                 fi
-                if [ -f /home/$USERNAME/.config/syncthing/.syncthingids ]; then
-                    cp /home/$USERNAME/.config/syncthing/.syncthingids /home/$USERNAME/.syncthingids
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.syncthingids
+                if [ -f "/home/$USERNAME/.config/syncthing/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.config/syncthing/.syncthingids" "/home/$USERNAME/.syncthingids"
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthingids"
                 fi
                 echo $"Restore of syncthing files for $USERNAME complete"
             fi
diff --git a/src/freedombone-app-tahoelafs b/src/freedombone-app-tahoelafs
index b8b795d5..f6fcbc9b 100755
--- a/src/freedombone-app-tahoelafs
+++ b/src/freedombone-app-tahoelafs
@@ -72,52 +72,52 @@ function add_user_tahoelafs {
 
     new_username="$1"
     new_user_password="$2"
-    ${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a tahoelafs -p "$new_user_password"
     if grep -q "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "'/${new_username}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
-    echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username}
+    echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${new_username}"
     echo '0'
 }
 
 function remove_user_tahoelafs {
     remove_username="$1"
-    ${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp tahoelafs
     if grep -q "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "/${remove_username}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
 }
 
 function change_password_tahoelafs {
     change_username="$1"
     change_password="$2"
-    ${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password"
+    "${PROJECT_NAME}-pass" -u "$change_username" -a tahoelafs -p "$change_password"
     if grep -q "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "/tahoe-${change_username}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
-    echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username}
+    echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${change_username}"
 }
 
 function add_tahoelafs_storage_node_interactive {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Add Tahoe-LAFS storage node" \
-           --form $"\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
+           --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 75 5 \
            $"Hostname:" 1 1 "" 1 14 53 40 \
            $"Public Key:" 2 1 "" 2 14 53 255 \
            $"Nickname:" 3 1 "" 3 14 53 255 \
            $"FURL:" 4 1 "" 4 14 53 255 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
-    storage_hostname=$(cat $data | sed -n 1p)
-    public_key="$(cat $data | sed -n 2p)"
-    nick=$(cat $data | sed -n 3p)
-    furl=$(cat $data | sed -n 4p)
+    storage_hostname=$(sed -n 1p < "$data")
+    public_key=$(sed -n 2p < "$data")
+    nick=$(sed -n 3p < "$data")
+    furl=$(sed -n 4p < "$data")
+    rm -f "$data"
 
     if [ ${#public_key} -eq 0 ]; then
         return
@@ -142,23 +142,26 @@ function edit_tahoelafs_shares {
     read_config_param TAHOELAFS_SHARES_HAPPY
     read_config_param TAHOELAFS_SHARES_TOTAL
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Tahoe-LAFS shares" \
-           --form $"\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
+           --form $"\\nEnter the storage node details which can be found on the About screen of another server" 13 40 3 \
            $"Needed:" 1 1 "${TAHOELAFS_SHARES_NEEDED}" 1 14 4 4 \
            $"Happy:" 2 1 "${TAHOELAFS_SHARES_HAPPY}" 2 14 4 4 \
            $"Total:" 3 1 "${TAHOELAFS_SHARES_TOTAL}" 3 14 4 4 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    tl_needed="$(cat $data | sed -n 1p)"
-    tl_happy="$(cat $data | sed -n 2p)"
-    tl_total="$(cat $data | sed -n 3p)"
+    tl_needed=$(sed -n 1p < "$data")
+    tl_happy=$(sed -n 2p < "$data")
+    tl_total=$(sed -n 3p < "$data")
+    rm -f "$data"
+
     if [ ${#tl_needed} -gt 0 ]; then
         TAHOELAFS_SHARES_NEEDED=${tl_needed}
     fi
@@ -185,88 +188,90 @@ function edit_tahoelafs_shares {
 }
 
 function configure_interactive_tahoelafs {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --title $"Tahoe-LAFS" \
            --radiolist $"The least authority is always the best" 11 50 5 \
            1 "Add a storage node" off \
            2 "Manually edit storage nodes" off \
            3 "Shares settings" off \
-           4 "Back to main menu" on 2> $data
+           4 "Back to main menu" on 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) add_tahoelafs_storage_node_interactive;;
         2) edit_tahoelafs_nodes;;
         3) edit_tahoelafs_shares;;
     esac
+    rm -f "$data"
 }
 
 function tahoelafs_setup_client_config {
-    config_file=$1
+    config_file="$1"
     nick="$2"
 
-    echo '[node]' > $config_file
-    echo "nickname = $nick" >> $config_file
-    echo 'reveal-IP-address = false' >> $config_file
-    echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1" >> $config_file
-    echo 'web.static = public_html' >> $config_file
-    echo 'tub.port = disabled' >> $config_file
-    echo 'tub.location = disabled' >> $config_file
-    echo '' >> $config_file
-    echo '[client]' >> $config_file
-    echo 'introducer.furl =' >> $config_file
-    echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file
-    echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file
-    echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file
-    echo '' >> $config_file
-    echo '[storage]' >> $config_file
-    echo 'enabled = false' >> $config_file
-    echo 'reserved_space = 3G' >> $config_file
-    echo '' >> $config_file
-    echo '[helper]' >> $config_file
-    echo 'enabled = false' >> $config_file
-    echo '' >> $config_file
-    echo '[connections]' >> $config_file
-    echo 'tcp = tor' >> $config_file
+    { echo '[node]';
+      echo "nickname = $nick";
+      echo 'reveal-IP-address = false';
+      echo "web.port = tcp:${TAHOELAFS_PORT}:interface=127.0.0.1";
+      echo 'web.static = public_html';
+      echo 'tub.port = disabled';
+      echo 'tub.location = disabled';
+      echo '';
+      echo '[client]';
+      echo 'introducer.furl =';
+      echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
+      echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
+      echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
+      echo '';
+      echo '[storage]';
+      echo 'enabled = false';
+      echo 'reserved_space = 3G';
+      echo '';
+      echo '[helper]';
+      echo 'enabled = false';
+      echo '';
+      echo '[connections]';
+      echo 'tcp = tor'; } > "$config_file"
 }
 
 function tahoelafs_setup_storage_config {
-    config_file=$1
+    config_file="$1"
     nick="$2"
 
-    echo '[node]' > $config_file
-    echo "nickname = $nick" >> $config_file
-    echo 'reveal-IP-address = false' >> $config_file
-    echo 'web.port =' >> $config_file
-    echo 'web.static = public_html' >> $config_file
-    echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1" >> $config_file
-    echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}" >> $config_file
-    echo '' >> $config_file
-    echo '[client]' >> $config_file
-    echo 'introducer.furl =' >> $config_file
-    echo 'helper.furl =' >> $config_file
-    echo '' >> $config_file
-    echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}" >> $config_file
-    echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}" >> $config_file
-    echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}" >> $config_file
-    echo '' >> $config_file
-    echo '[storage]' >> $config_file
-    echo 'enabled = true' >> $config_file
-    echo 'reserved_space = 3G' >> $config_file
-    echo 'expire.enabled = true' >> $config_file
-    echo 'expire.mode = age' >> $config_file
-    echo 'expire.override_lease_duration = 3 months' >> $config_file
-    echo '' >> $config_file
-    echo '[helper]' >> $config_file
-    echo 'enabled = false' >> $config_file
-    echo '' >> $config_file
-    echo '[connections]' >> $config_file
-    echo 'tcp = tor' >> $config_file
+    { echo '[node]';
+      echo "nickname = $nick";
+      echo 'reveal-IP-address = false';
+      echo 'web.port =';
+      echo 'web.static = public_html';
+      echo "tub.port = tcp:${TAHOELAFS_STORAGE_ONION_PORT}:interface=127.0.0.1";
+      echo "tub.location = tor:${TAHOELAFS_STORAGE_ONION_HOSTNAME}:${TAHOELAFS_STORAGE_PORT}";
+      echo '';
+      echo '[client]';
+      echo 'introducer.furl =';
+      echo 'helper.furl =';
+      echo '';
+      echo "shares.needed = ${TAHOELAFS_SHARES_NEEDED}";
+      echo "shares.happy = ${TAHOELAFS_SHARES_HAPPY}";
+      echo "shares.total = ${TAHOELAFS_SHARES_TOTAL}";
+      echo '';
+      echo '[storage]';
+      echo 'enabled = true';
+      echo 'reserved_space = 3G';
+      echo 'expire.enabled = true';
+      echo 'expire.mode = age';
+      echo 'expire.override_lease_duration = 3 months';
+      echo '';
+      echo '[helper]';
+      echo 'enabled = false';
+      echo '';
+      echo '[connections]';
+      echo 'tcp = tor'; } > "$config_file"
 
     chown -R tahoelafs:debian-tor $TAHOE_DIR
 }
@@ -304,6 +309,7 @@ function restore_local_tahoelafs {
     else
         cp -r $temp_restore_dir/* $TAHOE_DIR/
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         if [ -d ${TAHOE_DIR}-old ]; then
             mv ${TAHOE_DIR}-old $TAHOE_DIR
@@ -346,14 +352,15 @@ function restore_remote_tahoelafs {
     else
         cp -r $temp_restore_dir/* $TAHOE_DIR/
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
-        if [ -d ${$TAHOE_DIR}-old ]; then
-            mv ${TAHOE_DIR}-old $TAHOE_DIR
+        if [ -d "${TAHOE_DIR}-old" ]; then
+            mv "${TAHOE_DIR}-old" $TAHOE_DIR
         fi
         exit 623925
     fi
-    if [ -d ${$TAHOE_DIR}-old ]; then
-        rm -rf ${$TAHOE_DIR}-old
+    if [ -d "${TAHOE_DIR}-old" ]; then
+        rm -rf "${TAHOE_DIR}-old"
     fi
     rm -rf $temp_restore_dir
     chown -R tahoelafs:debian-tor $TAHOE_DIR
@@ -398,7 +405,7 @@ function remove_tahoelafs {
     remove_completion_param install_tahoelafs
     function_check remove_onion_service
     remove_onion_service tahoelafs ${TAHOELAFS_ONION_PORT}
-    remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} $(get_tahoelafs_nick)
+    remove_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_ONION_PORT} "$(get_tahoelafs_nick)"
     sed -i '/HidServAuth /d' /etc/tor/torrc
 
     groupdel -f tahoelafs
@@ -437,23 +444,23 @@ function create_tahoelafs_stealth_node {
         exit 682362
     fi
 
-    if [ ! -f ${node_dir}/tahoe.cfg ]; then
+    if [ ! -f "${node_dir}/tahoe.cfg" ]; then
         su -c "mkdir ${node_dir}" - tahoelafs
         su -c "$TAHOE_COMMAND create-node -C ${node_dir} --hostname=fixme" - tahoelafs
-        tahoelafs_setup_storage_config ${node_dir}/tahoe.cfg ${node_nick}
+        tahoelafs_setup_storage_config "${node_dir}/tahoe.cfg" "${node_nick}"
     fi
 
-    if [ ! -f ${client_dir}/tahoe.cfg ]; then
+    if [ ! -f "${client_dir}/tahoe.cfg" ]; then
         su -c "mkdir ${client_dir}" - tahoelafs
         su -c "$TAHOE_COMMAND create-client -C ${client_dir}" - tahoelafs
-        tahoelafs_setup_client_config ${client_dir}/tahoe.cfg ${client_nick}
+        tahoelafs_setup_client_config "${client_dir}/tahoe.cfg" "${client_nick}"
     fi
 }
 
 function create_tahoelafs_introducer {
     introducer_dir="$1"
 
-    if [ -f ${introducer_dir}/tahoe.cfg ]; then
+    if [ -f "${introducer_dir}/tahoe.cfg" ]; then
         return
     fi
 
@@ -470,7 +477,7 @@ function create_tahoelafs_storage_node {
         return
     fi
 
-    if [ -f ${node_dir}/tahoe.cfg ]; then
+    if [ -f "${node_dir}/tahoe.cfg" ]; then
         return
     fi
 
@@ -487,15 +494,15 @@ function create_tahoelafs_client {
         return
     fi
 
-    if [ -f ${client_dir}/tahoe.cfg ]; then
+    if [ -f "${client_dir}/tahoe.cfg" ]; then
         return
     fi
 
     su -c "mkdir ${client_dir}" - tahoelafs
     su -c "$TAHOE_COMMAND create-client -C ${client_dir} --introducer=\"$furl\" --listen=tor --hide-ip --hostname=127.0.0.1" - tahoelafs
-    sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' $client_dir/tahoe.cfg
-    sed -i 's|tub.port =.*|tub.port = disabled|g' $client_dir/tahoe.cfg
-    sed -i 's|tub.location =.*|tub.location = disabled|g' $client_dir/tahoe.cfg
+    sed -i 's|reveal-IP-address =.*|reveal-IP-address = False|g' "$client_dir/tahoe.cfg"
+    sed -i 's|tub.port =.*|tub.port = disabled|g' "$client_dir/tahoe.cfg"
+    sed -i 's|tub.location =.*|tub.location = disabled|g' "$client_dir/tahoe.cfg"
 }
 
 function get_tahoelafs_furl {
@@ -510,11 +517,11 @@ function get_tahoelafs_nick {
 }
 
 function get_tahoelafs_storage_hostname {
-    echo "$(cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname)"
+    cat /var/lib/tor/hidden_service_storage-tahoelafs/hostname
 }
 
 function get_tahoelafs_public_key {
-    echo "$(cat $TAHOE_DIR/storage/node.pubkey | grep 'v0-' | sed 's|pub-||g')"
+    grep 'v0-' "$TAHOE_DIR/storage/node.pubkey" | sed 's|pub-||g'
 }
 
 function add_tahoelafs_server {
@@ -549,10 +556,10 @@ function add_tahoelafs_server {
         fi
         echo '# storage' >> ${tahoelafs_storage_file}
     fi
-    echo "  ${public_key}:" >> ${tahoelafs_storage_file}
-    echo "    ann:" >> ${tahoelafs_storage_file}
-    echo "      nickname: ${nick}" >> ${tahoelafs_storage_file}
-    echo "      anonymous-storage-FURL: ${furl}" >> ${tahoelafs_storage_file}
+    { echo "  ${public_key}:";
+      echo "    ann:";
+      echo "      nickname: ${nick}";
+      echo "      anonymous-storage-FURL: ${furl}"; } >> "${tahoelafs_storage_file}"
     chown tahoelafs:debian-tor ${tahoelafs_storage_file}
 
     if ! grep -q "HidServAuth ${storage_hostname}" /etc/tor/torrc; then
@@ -566,27 +573,27 @@ function create_tahoelafs_daemon {
     TAHOELAFS_DAEMON_FILE=/etc/systemd/system/tahoelafs-${daemon_name}.service
     echo "Creating daemon: $TAHOELAFS_DAEMON_FILE"
 
-    echo '[Unit]' > $TAHOELAFS_DAEMON_FILE
-    echo "Description=Tahoe-LAFS ${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo 'After=syslog.target' >> $TAHOELAFS_DAEMON_FILE
-    echo 'After=network.target' >> $TAHOELAFS_DAEMON_FILE
-    echo '' >> $TAHOELAFS_DAEMON_FILE
-    echo '[Service]' >> $TAHOELAFS_DAEMON_FILE
-    echo 'Type=simple' >> $TAHOELAFS_DAEMON_FILE
-    echo "User=tahoelafs" >> $TAHOELAFS_DAEMON_FILE
-    echo "Group=debian-tor" >> $TAHOELAFS_DAEMON_FILE
-    echo "WorkingDirectory=${TAHOE_DIR}" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}" >> $TAHOELAFS_DAEMON_FILE
-    echo 'Restart=on-failure' >> $TAHOELAFS_DAEMON_FILE
-    echo 'RestartSec=10' >> $TAHOELAFS_DAEMON_FILE
-    echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"" >> $TAHOELAFS_DAEMON_FILE
-    echo '' >> $TAHOELAFS_DAEMON_FILE
-    echo '[Install]' >> $TAHOELAFS_DAEMON_FILE
-    echo 'WantedBy=multi-user.target' >> $TAHOELAFS_DAEMON_FILE
-    systemctl enable tahoelafs-${daemon_name}
+    { echo '[Unit]';
+      echo "Description=Tahoe-LAFS ${daemon_name}";
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo "User=tahoelafs";
+      echo "Group=debian-tor";
+      echo "WorkingDirectory=${TAHOE_DIR}";
+      echo "ExecStart=/usr/bin/tahoe run ${TAHOE_DIR}/${daemon_name}";
+      echo "ExecStop=/usr/bin/tahoe stop ${TAHOE_DIR}/${daemon_name}";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo "Environment=\"USER=tahoelafs\" \"HOME=${TAHOE_DIR}\"";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$TAHOELAFS_DAEMON_FILE"
+    systemctl enable "tahoelafs-${daemon_name}"
     systemctl daemon-reload
-    systemctl start tahoelafs-${daemon_name}
+    systemctl start "tahoelafs-${daemon_name}"
 }
 
 function create_tahoelafs_web {
@@ -596,44 +603,44 @@ function create_tahoelafs_web {
     TAHOELAFS_LOGIN_TEXT=$'Tahoe-LAFS login'
 
     tahoelafs_nginx_site=/etc/nginx/sites-available/tahoelafs
-    echo 'server {' > $tahoelafs_nginx_site
-    echo "    listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;" >> $tahoelafs_nginx_site
-    echo "    server_name $TAHOELAFS_ONION_HOSTNAME;" >> $tahoelafs_nginx_site
-    echo '' >> $tahoelafs_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;";
+      echo "    server_name $TAHOELAFS_ONION_HOSTNAME;";
+      echo ''; } > "$tahoelafs_nginx_site"
     function_check nginx_disable_sniffing
     nginx_disable_sniffing tahoelafs
-    echo '' >> $tahoelafs_nginx_site
-    echo '  # Logs' >> $tahoelafs_nginx_site
-    echo '  access_log /dev/null;' >> $tahoelafs_nginx_site
-    echo '  error_log /dev/null;' >> $tahoelafs_nginx_site
-    echo '' >> $tahoelafs_nginx_site
-    echo '  # Root' >> $tahoelafs_nginx_site
-    echo "  root /var/www/tahoelafs/htdocs;" >> $tahoelafs_nginx_site
-    echo '' >> $tahoelafs_nginx_site
-    echo '  location / {' >> $tahoelafs_nginx_site
-    echo "    auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";" >> $tahoelafs_nginx_site
-    echo '    auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;' >> $tahoelafs_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/tahoelafs/htdocs;";
+      echo '';
+      echo '  location / {';
+      echo "    auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";";
+      echo '    auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;'; } >> "$tahoelafs_nginx_site"
     function_check nginx_limits
     nginx_limits tahoelafs '15m'
-    echo '    rewrite /(.*) /$1 break;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header Host $http_host;' >> $tahoelafs_nginx_site
-    echo '    proxy_set_header X-NginX-Proxy true;' >> $tahoelafs_nginx_site
-    echo "    proxy_pass http://localhost:${TAHOELAFS_PORT};" >> $tahoelafs_nginx_site
-    echo '    proxy_redirect off;' >> $tahoelafs_nginx_site
-    echo '  }' >> $tahoelafs_nginx_site
-    echo '}' >> $tahoelafs_nginx_site
+    { echo "    rewrite /(.*) /\$1 break;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$http_host;";
+      echo '    proxy_set_header X-NginX-Proxy true;';
+      echo "    proxy_pass http://localhost:${TAHOELAFS_PORT};";
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '}'; } >> "$tahoelafs_nginx_site"
 
-    TAHOELAFS_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
+    TAHOELAFS_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
     if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
         touch /etc/nginx/.htpasswd-tahoelafs
     fi
     if grep -q "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
-        sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs
+        sed -i "/${MY_USERNAME}:/d" /etc/nginx/.htpasswd-tahoelafs
     fi
-    echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME}
+    echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs "${MY_USERNAME}"
 
     function_check nginx_ensite
     nginx_ensite tahoelafs
@@ -641,7 +648,7 @@ function create_tahoelafs_web {
 }
 
 function install_tahoelafs {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         return
     fi
 
@@ -692,7 +699,7 @@ function install_tahoelafs {
     # create an onion address for client node
     TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})
 
-    create_tahoelafs_stealth_node $TAHOE_DIR/storage $TAHOE_DIR/client ${node_nick} ${client_nick}
+    create_tahoelafs_stealth_node "$TAHOE_DIR/storage" "$TAHOE_DIR/client" "${node_nick}" "${client_nick}"
 
     # start the storage node
     su -c "/usr/bin/python2 /usr/bin/tahoe start $TAHOE_DIR/storage" - tahoelafs
diff --git a/src/freedombone-app-tox b/src/freedombone-app-tox
index a9c30633..3763d6dd 100755
--- a/src/freedombone-app-tox
+++ b/src/freedombone-app-tox
@@ -74,12 +74,12 @@ function logging_off_tox {
 function remove_user_tox {
     remove_username="$1"
 
-    if [ -d /home/$remove_username/.config/tox ]; then
-        if [ -d /home/$remove_username/.config/tox/chatlogs ]; then
-            shred -zu /home/$remove_username/.config/tox/chatlogs/*
-            rm -rf /home/$remove_username/.config/tox/chatlogs
+    if [ -d "/home/$remove_username/.config/tox" ]; then
+        if [ -d "/home/$remove_username/.config/tox/chatlogs" ]; then
+            shred -zu "/home/$remove_username/.config/tox/chatlogs/*"
+            rm -rf "/home/$remove_username/.config/tox/chatlogs"
         fi
-        shred -zu /home/$remove_username/.config/tox/*
+        shred -zu "/home/$remove_username/.config/tox/*"
     fi
 }
 
@@ -87,27 +87,27 @@ function add_user_tox {
     new_username="$1"
 
     # Note: password isn't used
-    new_user_password="$2"
+    #new_user_password="$2"
 
     USER_TOX_FILE=/home/${new_username}/.config/tox/data.tox
-    if [ ! -f $USER_TOX_FILE ]; then
-        mkdir -p /home/${new_username}/.config/tox
-        chown -R ${new_username}:${new_username} /home/${new_username}/.config
-        su -c "toxid -u ${new_username} -n data" - $new_username
-        su -c "toxid --setuser ${new_username}" - $new_username
+    if [ ! -f "$USER_TOX_FILE" ]; then
+        mkdir -p "/home/${new_username}/.config/tox"
+        chown -R "${new_username}":"${new_username}" "/home/${new_username}/.config"
+        su -c "toxid -u ${new_username} -n data" - "$new_username"
+        su -c "toxid --setuser ${new_username}" - "$new_username"
     fi
 }
 
 function run_client_tox {
     # create a tox user
     USER_TOX_FILE=/home/${USER}/.config/tox/data.tox
-    if [ ! -f $USER_TOX_FILE ]; then
-        mkdir -p /home/${USER}/.config/tox
-        chown -R ${USER}:${USER} /home/${USER}/.config
-        toxid -u ${USER} -n data
-        toxid --setuser ${USER}
+    if [ ! -f "$USER_TOX_FILE" ]; then
+        mkdir -p "/home/${USER}/.config/tox"
+        chown -R "${USER}":"${USER}" "/home/${USER}/.config"
+        toxid -u "${USER}" -n data
+        toxid --setuser "${USER}"
     fi
-    toxic -f $USER_TOX_FILE --force-tcp --SOCKS5-proxy 127.0.0.1 9050
+    toxic -f "$USER_TOX_FILE" --force-tcp --SOCKS5-proxy 127.0.0.1 9050
 }
 
 function install_interactive_tox {
@@ -121,16 +121,17 @@ function configure_interactive_tox {
     fi
     bootstrap_id=$(cat $TOX_BOOTSTRAP_ID_FILE)
     dialog --title $"Tox Bootstrap Node ID" \
-           --msgbox $"\n$bootstrap_id\n\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
+           --msgbox $"\\n$bootstrap_id\\n\\nTo copy this hold down the shift key, select the ID and then right click and copy." 10 70
 }
 
 function mesh_tox_qtox {
-    if [ ! ${rootdir}$INSTALL_DIR ]; then
+    # shellcheck disable=SC2154
+    if [ ! "${rootdir}$INSTALL_DIR" ]; then
         INSTALL_DIR=${rootdir}/root/build
     fi
 
-    if [ ! -d ${rootdir}$INSTALL_DIR ]; then
-        mkdir -p ${rootdir}$INSTALL_DIR
+    if [ ! -d "${rootdir}$INSTALL_DIR" ]; then
+        mkdir -p "${rootdir}$INSTALL_DIR"
     fi
 
     chroot "${rootdir}" apt-get -yq install build-essential libatk1.0-0 libbz2-1.0 libc6 libcairo2 libdbus-1-3 libegl1-mesa libfontconfig1 libfreetype6 libgcc1 libgdk-pixbuf2.0-0 libgl1-mesa-glx libglib2.0-0 libgtk2.0-0 libice6 libicu57 libjpeg62-turbo libmng1 libmtdev1 libopenal1 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpng16-16 libqrencode3 libsm6 libsodium18 libsqlite3-0 libssl1.1 libstdc++6 libtiff5 libudev1 libvpx4 libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwebp6 libx11-6 libx11-xcb1 libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb1 libxext6 libxfixes3 libxi6 libxrender1 libxss1 zlib1g libopus-dev libvpx-dev
@@ -149,30 +150,30 @@ function mesh_tox_qtox {
     chroot "${rootdir}" apt-get -yq install build-essential cmake ffmpeg libexif-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk2.0-dev libopenal-dev libqrencode-dev libqt5opengl5-dev libqt5svg5-dev libsqlcipher-dev libxss-dev pkg-config qrencode qt5-default qt5-qmake qttools5-dev qttools5-dev-tools yasm
 
     if [ -d /repos/qtox ]; then
-        mkdir ${rootdir}$INSTALL_DIR/qtox
-        cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox
-        cd ${rootdir}$INSTALL_DIR/qtox
+        mkdir "${rootdir}$INSTALL_DIR/qtox"
+        cp -r -p /repos/qtox/. "${rootdir}$INSTALL_DIR/qtox"
+        cd "${rootdir}$INSTALL_DIR/qtox" || exit 264826826
         git pull
     else
-        git clone $QTOX_REPO ${rootdir}$INSTALL_DIR/qtox
+        git clone "$QTOX_REPO" "${rootdir}$INSTALL_DIR/qtox"
     fi
 
-    if [ ! -d ${rootdir}$INSTALL_DIR/qtox ]; then
+    if [ ! -d "${rootdir}$INSTALL_DIR/qtox" ]; then
         exit 72428
     fi
-    cd ${rootdir}${INSTALL_DIR}/qtox
+    cd "${rootdir}${INSTALL_DIR}/qtox" || exit 235745728
     git checkout $QTOX_COMMIT -b $QTOX_COMMIT
-    chroot ${rootdir} /bin/bash -x <<EOF
+    chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/qtox
 export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig"
 cmake .
 make
 make install
 EOF
-    if [ ! -f ${rootdir}/usr/local/bin/qtox ]; then
+    if [ ! -f "${rootdir}/usr/local/bin/qtox" ]; then
         exit 75784
     fi
-    cp ${rootdir}/usr/local/bin/qtox ${rootdir}/usr/bin/qtox
+    cp "${rootdir}/usr/local/bin/qtox" "${rootdir}/usr/bin/qtox"
 }
 
 function reconfigure_tox {
@@ -181,9 +182,9 @@ function reconfigure_tox {
 
 function upgrade_tox {
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
-    if [[ $(commit_has_changed $INSTALL_DIR/toxcore "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
-        cd $INSTALL_DIR/toxcore
+    set_repo_commit "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
+    if [[ $(commit_has_changed "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
+        cd "$INSTALL_DIR/toxcore" || exit 53683563
         sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
         autoreconf -i
         ./configure --enable-daemon
@@ -194,9 +195,9 @@ function upgrade_tox {
     fi
 
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
-    if [[ $(commit_has_changed $INSTALL_DIR/toxic "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
-        cd $INSTALL_DIR/toxic
+    set_repo_commit "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT" $TOXIC_REPO
+    if [[ $(commit_has_changed "$INSTALL_DIR/toxic" "Toxic commit" "$TOXIC_COMMIT") == "1" ]]; then
+        cd "$INSTALL_DIR/toxic" || exit 4684618
         make
         make install
     fi
@@ -221,12 +222,11 @@ function backup_local_tox {
 }
 
 function restore_local_tox {
-    if [ -d $USB_MOUNT/backup/tox ]; then
+    if [ -d "$USB_MOUNT/backup/tox" ]; then
         echo $"Restoring Tox node settings"
         function_check restore_directory_from_usb
         #restore_directory_from_usb / tox
-        restore_directory_from_usb /var/lib/tox-bootstrapd tox
-        if [ ! "$?" = "0" ]; then
+        if ! restore_directory_from_usb /var/lib/tox-bootstrapd tox; then
             function_check set_user_permissions
             set_user_permissions
             function_check backup_unmount_drive
@@ -234,8 +234,7 @@ function restore_local_tox {
             exit 6393
         fi
         cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
-        systemctl restart tox-bootstrapd.service
-        if [ ! "$?" = "0" ]; then
+        if ! systemctl restart tox-bootstrapd.service; then
             systemctl status tox-bootstrapd.service
             function_check set_user_permissions
             set_user_permissions
@@ -259,17 +258,15 @@ function backup_remote_tox {
 }
 
 function restore_remote_tox {
-    if [ -d $SERVER_DIRECTORY/backup/tox ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/tox" ]; then
         echo $"Restoring Tox node settings"
         function_check restore_directory_from_friend
         #restore_directory_from_friend / tox
-        restore_directory_from_friend /var/lib/tox-bootstrapd tox
-        if [ ! "$?" = "0" ]; then
+        if ! restore_directory_from_friend /var/lib/tox-bootstrapd tox; then
             exit 93653
         fi
         cp /var/lib/tox-bootstrapd/tox-bootstrapd.conf /etc/tox-bootstrapd.conf
-        systemctl restart tox-bootstrapd.service
-        if [ ! "$?" = "0" ]; then
+        if ! systemctl restart tox-bootstrapd.service; then
             systemctl status tox-bootstrapd.service
             exit 59369
         fi
@@ -283,8 +280,7 @@ function remove_tox_node {
     function_check remove_onion_service
     remove_onion_service tox ${TOX_PORT}
 
-    ${PROJECT_NAME}-mesh-install -f tox_node --remove yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f tox_node --remove yes; then
         echo $'Failed to remove tox node'
         exit 763836
     fi
@@ -293,21 +289,20 @@ function remove_tox_node {
 }
 
 function remove_tox_avahi {
-    cd $INSTALL_DIR/toxid
+    cd "$INSTALL_DIR/toxid" || exit 82456275
     make uninstall
-    rm -rf $INSTALL_DIR/toxid
-    sed -i '/tox_avahi/d' $COMPLETION_FILE
+    rm -rf "$INSTALL_DIR/toxid"
+    sed -i '/tox_avahi/d' "$COMPLETION_FILE"
 }
 
 function remove_tox_client {
-    ${PROJECT_NAME}-mesh-install -f tox_client --remove yes
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-mesh-install" -f tox_client --remove yes; then
         echo $'Could not remove Tox client'
         exit 737253
     fi
-    sed -i '/install_tox_client/d' $COMPLETION_FILE
-    sed -i '/Tox /d' $COMPLETION_FILE
-    sed -i '/Toxic /d' $COMPLETION_FILE
+    sed -i '/install_tox_client/d' "$COMPLETION_FILE"
+    sed -i '/Tox /d' "$COMPLETION_FILE"
+    sed -i '/Toxic /d' "$COMPLETION_FILE"
 }
 
 function remove_tox {
@@ -317,7 +312,7 @@ function remove_tox {
 }
 
 function configure_firewall_for_tox {
-    if [ ! $INSTALLING_MESH ]; then
+    if [ ! "$INSTALLING_MESH" ]; then
         if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
             return
         fi
@@ -331,16 +326,16 @@ function configure_firewall_for_tox {
         return
     fi
 
-    TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
+    TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
     if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
         TOX_PORT=$TOX_PORT_MAIN
     fi
-    if [ ! $TOX_PORT ]; then
+    if [ ! "$TOX_PORT" ]; then
         echo $'No Tox port was specified'
         exit 32856
     fi
 
-    firewall_add Tox ${TOX_PORT}
+    firewall_add Tox "${TOX_PORT}"
     mark_completed "${FUNCNAME[0]}"
 }
 
@@ -355,24 +350,23 @@ function tox_avahi {
     fi
 
     # install a command to obtain the Tox ID
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 131497953
 
     if [ -d /repos/toxid ]; then
-        mkdir $INSTALL_DIR/toxid
-        cp -r -p /repos/toxid/. $INSTALL_DIR/toxid
-        cd $INSTALL_DIR/toxid
+        mkdir "$INSTALL_DIR/toxid"
+        cp -r -p /repos/toxid/. "$INSTALL_DIR/toxid"
+        cd "$INSTALL_DIR/toxid" || exit 468276424526
         git pull
     else
         function_check git_clone
-        git_clone $TOXID_REPO $INSTALL_DIR/toxid
+        git_clone "$TOXID_REPO" "$INSTALL_DIR/toxid"
     fi
 
-    if [ ! -d $INSTALL_DIR/toxid ]; then
+    if [ ! -d "$INSTALL_DIR/toxid" ]; then
         exit 63921
     fi
-    cd $INSTALL_DIR/toxid
-    make
-    if [ ! "$?" = "0" ]; then
+    cd "$INSTALL_DIR/toxid" || exit 4782462846
+    if ! make; then
         exit 58432
     fi
     make install
@@ -399,13 +393,13 @@ function install_tox_node {
     mesh_tox_node
 
     # onion address for bootstrapping
-    TOX_ONION_HOSTNAME=$(add_onion_service tox ${TOX_PORT} ${TOX_PORT})
+    add_onion_service tox "${TOX_PORT}" "${TOX_PORT}"
 
     systemctl restart tox-bootstrapd.service
 
     sleep 3
 
-    TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
+    TOX_PUBLIC_KEY=$(grep tox /var/log/syslog | grep "Public Key" | tail -n 1 | awk -F ' ' '{print $8}')
     if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
         echo $'Could not obtain the tox node public key'
         exit 6529
@@ -435,58 +429,58 @@ function install_tox_client {
 
 function mesh_tox_node {
     # obtain commits from the main file
-    TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    TOXCORE_COMMIT_MAIN=$(grep "TOXCORE_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
         TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
     fi
-    if [ ! $TOXCORE_COMMIT ]; then
+    if [ ! "$TOXCORE_COMMIT" ]; then
         echo $'No Tox commit was specified'
         exit 76325
     fi
 
-    TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    TOXID_REPO_MAIN=$(grep "TOXID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
         TOXID_REPO=$TOXID_REPO_MAIN
     fi
-    if [ ! $TOXID_REPO ]; then
+    if [ ! "$TOXID_REPO" ]; then
         echo $'No ToxID repo was specified'
         exit 78252
     fi
 
-    TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
+    TOX_PORT_MAIN=$(grep "TOX_PORT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
     if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
         TOX_PORT=$TOX_PORT_MAIN
     fi
-    if [ ! $TOX_PORT ]; then
+    if [ ! "$TOX_PORT" ]; then
         echo $'No Tox port was specified'
         exit 32856
     fi
 
-    TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    TOXCORE_REPO_MAIN=$(grep "TOXCORE_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
         TOXCORE_REPO=$TOXCORE_REPO_MAIN
     fi
-    if [ ! $TOXCORE_REPO ]; then
+    if [ ! "$TOXCORE_REPO" ]; then
         echo $'No Tox repo was specified'
         exit 16865
     fi
 
-    if [ ! $TOXCORE_COMMIT ]; then
+    if [ ! "$TOXCORE_COMMIT" ]; then
         echo $'No Tox commit was specified'
         exit 76325
     fi
 
-    if [ ! $TOXCORE_REPO ]; then
+    if [ ! "$TOXCORE_REPO" ]; then
         echo $'No Tox repo was specified'
         exit 16865
     fi
 
-    if [ $rootdir ]; then
-        chroot ${rootdir} apt-get -yq install build-essential libtool autotools-dev
-        chroot ${rootdir} apt-get -yq install automake checkinstall check git yasm
-        chroot ${rootdir} apt-get -yq install libsodium18 libsodium-dev libcap2-bin
-        chroot ${rootdir} apt-get -yq install libconfig9 libconfig-dev autoconf
-        chroot ${rootdir} apt-get -yq install libopus-dev libvpx-dev
+    if [ "$rootdir" ]; then
+        chroot "${rootdir}" apt-get -yq install build-essential libtool autotools-dev
+        chroot "${rootdir}" apt-get -yq install automake checkinstall check git yasm
+        chroot "${rootdir}" apt-get -yq install libsodium18 libsodium-dev libcap2-bin
+        chroot "${rootdir}" apt-get -yq install libconfig9 libconfig-dev autoconf
+        chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev
     else
         apt-get -yq install build-essential libtool autotools-dev
         apt-get -yq install automake checkinstall check git yasm
@@ -495,27 +489,26 @@ function mesh_tox_node {
         apt-get -yq install libopus-dev libvpx-dev
     fi
 
-    if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
-        mkdir -p ${rootdir}${INSTALL_DIR}
+    if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+        mkdir -p "${rootdir}${INSTALL_DIR}"
     fi
-    if [ ! -d ${rootdir}${INSTALL_DIR}/toxcore ]; then
+    if [ ! -d "${rootdir}${INSTALL_DIR}/toxcore" ]; then
         if [ -d /repos/toxcore ]; then
-            mkdir ${rootdir}${INSTALL_DIR}/toxcore
-            cp -r -p /repos/toxcore/. ${rootdir}${INSTALL_DIR}/toxcore
-            cd ${rootdir}${INSTALL_DIR}/toxcore
+            mkdir "${rootdir}${INSTALL_DIR}/toxcore"
+            cp -r -p /repos/toxcore/. "${rootdir}${INSTALL_DIR}/toxcore"
+            cd "${rootdir}${INSTALL_DIR}/toxcore" || exit 2468246284
             git pull
         else
-            git clone ${TOXCORE_REPO} ${rootdir}${INSTALL_DIR}/toxcore
-            if [ ! "$?" = "0" ]; then
-                exit 429252
+            if ! git clone "${TOXCORE_REPO}" "${rootdir}${INSTALL_DIR}/toxcore"; then
+                exit 4292521
             fi
         fi
     fi
-    cd ${rootdir}$INSTALL_DIR/toxcore
-    git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT
+    cd "${rootdir}$INSTALL_DIR/toxcore" || exit 46824624
+    git checkout "$TOXCORE_COMMIT" -b "$TOXCORE_COMMIT"
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /bin/bash -x <<EOF
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxcore
 autoreconf -i
 ./configure --enable-daemon
@@ -532,28 +525,28 @@ make install
 EOF
     fi
 
-    cp $rootdir/usr/local/lib/libtoxcore* $rootdir/usr/lib/
-    cp ${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service $rootdir/etc/systemd/system/
-    sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} systemctl enable tox-bootstrapd.service
+    cp "$rootdir/usr/local/lib/libtoxcore*" "$rootdir/usr/lib/"
+    cp "${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service" "$rootdir/etc/systemd/system/"
+    sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" systemctl enable tox-bootstrapd.service
     else
         systemctl enable tox-bootstrapd.service
     fi
 
     SECONDS=0
-    if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
+    if [ ! -f "$rootdir/usr/local/bin/tox-bootstrapd" ]; then
         duration=$SECONDS
-        echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+        echo $"Toxcore compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
         echo $'Unable to make toxcore'
         exit 73835
     fi
     duration=$SECONDS
-    echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+    echo $"Toxcore compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
-        chroot ${rootdir} /bin/chmod 700 /var/lib/tox-bootstrapd
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
+        chroot "${rootdir}" /bin/chmod 700 /var/lib/tox-bootstrapd
     else
         chmod 600 /etc/shadow
         chmod 600 /etc/gshadow
@@ -564,87 +557,89 @@ EOF
     fi
 
     # remove Maildir
-    if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
-        rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
+    if [ -d "$rootdir/var/lib/tox-bootstrapd/Maildir" ]; then
+        rm -rf "$rootdir/var/lib/tox-bootstrapd/Maildir"
     fi
 
     # create configuration file
     TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
-    echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG
-    echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG
-    echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG
-    echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG
+    { echo "port = $TOX_PORT";
+      echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"';
+      echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"';
+      echo 'enable_ipv6 = true';
+      echo 'enable_ipv4_fallback = true';
+      echo 'enable_lan_discovery = true';
+      echo 'enable_tcp_relay = true';
+      echo "tcp_relay_ports = [443, 3389, $TOX_PORT]";
+      echo 'enable_motd = true';
+      echo 'motd = "tox-bootstrapd"'; } > "$TOX_BOOTSTRAP_CONFIG"
 
     if [ $TOX_NODES ]; then
-        echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG
+        echo 'bootstrap_nodes = (' >> "$TOX_BOOTSTRAP_CONFIG"
         toxcount=0
         while [ "x${TOX_NODES[toxcount]}" != "x" ]
         do
-            toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
-            toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
-            toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
-            toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
-            toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
-            echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG
+            # shellcheck disable=SC2102
+            nodes_str=$(echo $TOX_NODES[toxcount])
+            toxval_ipv4=$(awk "$nodes_str" -F ',' '{print $1}')
+            toxval_ipv6=$(awk "$nodes_str" -F ',' '{print $2}')
+            toxval_port=$(awk "$nodes_str" -F ',' '{print $3}')
+            toxval_pubkey=$(awk "$nodes_str" -F ',' '{print $4}')
+            toxval_maintainer=$(awk "$nodes_str" -F ',' '{print $5}')
+            echo "{ // $toxval_maintainer" >> "$TOX_BOOTSTRAP_CONFIG"
             if [[ $toxval_ipv6 != 'NONE' ]]; then
-                echo "  address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG
+                echo "  address = \"$toxval_ipv6\"" >> "$TOX_BOOTSTRAP_CONFIG"
             else
-                echo "  address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG
+                echo "  address = \"$toxval_ipv4\"" >> "$TOX_BOOTSTRAP_CONFIG"
             fi
-            echo "  port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG
-            echo "  public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG
-            toxcount=$(( $toxcount + 1 ))
+            echo "  port = $toxval_port" >> "$TOX_BOOTSTRAP_CONFIG"
+            echo "  public_key = \"$toxval_pubkey\"" >> "$TOX_BOOTSTRAP_CONFIG"
+            toxcount=$((toxcount + 1))
             if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
-                echo "}," >> $TOX_BOOTSTRAP_CONFIG
+                echo "}," >> "$TOX_BOOTSTRAP_CONFIG"
             else
-                echo "}" >> $TOX_BOOTSTRAP_CONFIG
+                echo "}" >> "$TOX_BOOTSTRAP_CONFIG"
             fi
         done
-        echo ')' >> $TOX_BOOTSTRAP_CONFIG
+        echo ')' >> "$TOX_BOOTSTRAP_CONFIG"
     fi
 
-    if [ -f $rootdir/var/lib/tox-bootstrapd/keys ]; then
-        chmod 700 $rootdir/var/lib/tox-bootstrapd/keys
+    if [ -f "$rootdir/var/lib/tox-bootstrapd/keys" ]; then
+        chmod 700 "$rootdir/var/lib/tox-bootstrapd/keys"
     fi
 }
 
 function mesh_tox_avahi {
-    if [ ! -d $rootdir/etc/avahi ]; then
+    if [ ! -d "$rootdir/etc/avahi" ]; then
         echo $'tox_avahi: avahi is not installed'
         exit 87359
     fi
 
-    if [ ! $TOXID_REPO ]; then
+    if [ ! "$TOXID_REPO" ]; then
         echo $'No ToxID repo was specified'
         exit 78252
     fi
 
-    if [ ! -d ${rootdir}${INSTALL_DIR} ]; then
-        mkdir -p ${rootdir}${INSTALL_DIR}
+    if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
+        mkdir -p "${rootdir}${INSTALL_DIR}"
     fi
 
     if [ -d /repos/toxid ]; then
-        mkdir ${rootdir}${INSTALL_DIR}/toxid
-        cp -r -p /repos/toxid/. ${rootdir}${INSTALL_DIR}/toxid
-        cd ${rootdir}${INSTALL_DIR}/toxid
+        mkdir "${rootdir}${INSTALL_DIR}/toxid"
+        cp -r -p /repos/toxid/. "${rootdir}${INSTALL_DIR}/toxid"
+        cd "${rootdir}${INSTALL_DIR}/toxid" || exit 2468246
         git pull
     else
-        git clone ${TOXID_REPO} ${rootdir}${INSTALL_DIR}/toxid
+        git clone "${TOXID_REPO}" "${rootdir}${INSTALL_DIR}/toxid"
     fi
 
-    if [ ! -d ${rootdir}${INSTALL_DIR}/toxid ]; then
+    if [ ! -d "${rootdir}${INSTALL_DIR}/toxid" ]; then
         echo $'Unable to clone toxid repo'
         exit 768352
     fi
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /bin/bash -x <<EOF
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxid
 make
 make install
@@ -657,45 +652,46 @@ make install
 EOF
     fi
 
-    if [ ! -f $rootdir/usr/local/bin/toxid ]; then
+    if [ ! -f "$rootdir/usr/local/bin/toxid" ]; then
         echo $'toxid not found'
         exit 74370
     fi
-    if [ ! -f $rootdir/usr/local/bin/toxavahi ]; then
+    if [ ! -f "$rootdir/usr/local/bin/toxavahi" ]; then
         exit 3621729
     fi
 
     MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
-    echo '#!/bin/bash' > $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    chmod +x $MESH_SYNC_COMMAND
+    { echo '#!/bin/bash';
+      echo '/usr/local/bin/toxavahi 2> /dev/null';
+      echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
+    chmod +x "$MESH_SYNC_COMMAND"
 
-    if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then
-        echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/cro        echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
+    if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
+        { echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null";
+          echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
+          echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
     fi
 }
 
 function mesh_tox_client {
 
-    TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+    TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
 
     # obtain commits from the main file
-    TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    TOXIC_COMMIT_MAIN=$(grep "TOXIC_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
         TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
     fi
 
-    TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    TOXIC_REPO_MAIN=$(grep "TOXIC_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
         TOXIC_REPO=$TOXIC_REPO_MAIN
     fi
 
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
-        chroot ${rootdir} apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
-        chroot ${rootdir} apt-get -yq install libqrencode-dev
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
+        chroot "${rootdir}" apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
+        chroot "${rootdir}" apt-get -yq install libqrencode-dev
     else
         apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
         apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
@@ -704,57 +700,57 @@ function mesh_tox_client {
 
     TEMP_SCRIPT_NAME=fbtmp728353.sh
     TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
-    echo '#!/bin/bash' > $TEMP_SCRIPT
-    echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
-    echo 'if [ -d /repos/toxic ]; then' >> $TEMP_SCRIPT
-    echo "    mkdir $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo "    cp -r -p /repos/toxic/. $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo "    cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo '    git pull' >> $TEMP_SCRIPT
-    echo 'else' >> $TEMP_SCRIPT
-    echo "    git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo 'fi' >> $TEMP_SCRIPT
-    echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
-    echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
-    echo 'make' >> $TEMP_SCRIPT
-    echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
-    echo '    exit 1' >> $TEMP_SCRIPT
-    echo 'fi' >> $TEMP_SCRIPT
-    echo 'make install' >> $TEMP_SCRIPT
-    echo 'exit 0' >> $TEMP_SCRIPT
+    { echo '#!/bin/bash';
+      echo "mkdir -p $INSTALL_DIR";
+      echo 'if [ -d /repos/toxic ]; then';
+      echo "    mkdir $INSTALL_DIR/toxic";
+      echo "    cp -r -p /repos/toxic/. $INSTALL_DIR/toxic";
+      echo "    cd $INSTALL_DIR/toxic";
+      echo '    git pull';
+      echo 'else';
+      echo "    git clone $TOXIC_REPO $INSTALL_DIR/toxic";
+      echo 'fi';
+      echo "cd $INSTALL_DIR/toxic";
+      echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT";
+      echo 'make';
+      echo 'if [ ! "$?" = "0" ]; then';
+      echo '    exit 1';
+      echo 'fi';
+      echo 'make install';
+      echo 'exit 0'; } > "$TEMP_SCRIPT"
     chmod +x $TEMP_SCRIPT
-    cp $TEMP_SCRIPT $rootdir/root/
+    cp "$TEMP_SCRIPT" "$rootdir/root/"
 
-    TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+    TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
 
     SECONDS=0
-    if [ ${rootdir} ]; then
-        chroot ${rootdir} /root/$TEMP_SCRIPT_NAME
+    if [ "${rootdir}" ]; then
+        chroot "${rootdir}" "/root/$TEMP_SCRIPT_NAME"
     else
         /root/$TEMP_SCRIPT_NAME
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         cat -n /root/fbtmp728353.sh
         duration=$SECONDS
-        echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+        echo $"Toxic client compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
         echo $'Unable to make tox client'
         rm $TEMP_SCRIPT
         exit 74872
     fi
     rm $TEMP_SCRIPT
-    if [ ! -f $rootdir$TOXIC_FILE ]; then
+    if [ ! -f "$rootdir$TOXIC_FILE" ]; then
         echo $"Tox client was not installed to $TOXIC_FILE"
         exit 63278
     fi
     duration=$SECONDS
-    echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
+    echo $"Toxic client compile $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
 }
 
 function enable_tox_repo {
-    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
+    echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_9.0/ /' > "$rootdir/etc/apt/sources.list.d/tox.list"
 
-
-    cat >> $rootdir/root/gettoxkey.sh <<EOF
+    cat >> "$rootdir/root/gettoxkey.sh" <<EOF
 #!/bin/bash
 wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_9.0/Release.key -O- > /root/tox.key
 apt-key add /root/tox.key
@@ -769,30 +765,30 @@ EOF
 function install_tox {
     configure_firewall_for_tox
 
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_tox_node
         mesh_tox_avahi
         mesh_tox_client
     else
         avoid_tor_restart=
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
             if [[ $ONION_ONLY != 'no' ]]; then
                 avoid_tor_restart=1
             fi
         fi
 
         if [ $avoid_tor_restart ]; then
-            ${PROJECT_NAME}-logging on --onion
+            "${PROJECT_NAME}-logging" on --onion
         else
-            ${PROJECT_NAME}-logging on
+            "${PROJECT_NAME}-logging" on
         fi
 
         install_tox_node
 
         if [ $avoid_tor_restart ]; then
-            ${PROJECT_NAME}-logging off --onion
+            "${PROJECT_NAME}-logging" off --onion
         else
-            ${PROJECT_NAME}-logging off
+            "${PROJECT_NAME}-logging" off
         fi
 
         tox_avahi
diff --git a/src/freedombone-app-turtl b/src/freedombone-app-turtl
index c55bbb7d..415d68ce 100755
--- a/src/freedombone-app-turtl
+++ b/src/freedombone-app-turtl
@@ -68,22 +68,24 @@ function logging_off_turtl {
 }
 
 function change_password_turtl {
-    change_username="$1"
-    new_user_password="$2"
+    echo -n ''
+#    change_username="$1"
+#    new_user_password="$2"
 }
 
 function remove_user_turtl {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }
 
 function add_user_turtl {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
     echo '0'
 }
 
 function install_interactive_turtl {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
         ONION_ONLY='no'
     fi
 
@@ -128,7 +130,7 @@ function configure_interactive_turtl_signups {
     dialog --title $"Allow new turtl signups" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nAllow registration of new users?" 10 60
+           --yesno $"\\nAllow registration of new users?" 10 60
     sel=$?
     case $sel in
         0)
@@ -146,15 +148,14 @@ function configure_interactive_turtl_signups {
 }
 
 function configure_interactive_turtl_storage {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change storage limit" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>$data
+           --inputbox $"Enter a storage limit in megabytes." 8 75 "$TURTL_STORAGE_LIMIT_MB" 2>"$data"
     sel=$?
     case $sel in
         0)
-            STORAGE=$(<$data)
+            STORAGE=$(<"$data")
             if [ ${#STORAGE} -gt 0 ]; then
                 TURTL_STORAGE_LIMIT_MB=$STORAGE
                 sed -i "s|defparameter *default-storage-limit*.*|defparameter *default-storage-limit* ${TURTL_STORAGE_LIMIT_MB})|g" $TURTL_BASE_DIR/api/config/config.lisp
@@ -164,27 +165,31 @@ function configure_interactive_turtl_storage {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_turtl {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"turtl app settings" \
            --radiolist $"Choose an operation:" 12 70 3 \
            1 $"Enable/disable new user registrations" off \
            2 $"Change storage limit" off \
-           3 $"Exit" on 2> $data
+           3 $"Exit" on 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) configure_interactive_turtl_signups;;
         2) configure_interactive_turtl_storage;;
-        3) return;;
+        3) rm -f "$data"
+           return;;
     esac
+    rm -f "$data"
 }
 
 function reconfigure_turtl {
@@ -255,7 +260,7 @@ function restore_local_turtl {
         else
             cp -r ${temp_restore_dir}/* /etc/turtl/
         fi
-
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -273,6 +278,7 @@ function restore_local_turtl {
             cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -318,6 +324,7 @@ function restore_remote_turtl {
             cp -r ${temp_restore_dir}/* /etc/turtl/
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             if [ -d /etc/turtl_previous ]; then
                 mv /etc/turtl_previous $TURTL_BASE_DIR
@@ -338,6 +345,7 @@ function restore_remote_turtl {
             cp -r ${temp_restore_dir}/* /var/lib/rethinkdb/
         fi
 
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             exit 26783
@@ -358,7 +366,7 @@ function remove_turtl {
     remove_rethinkdb
     remove_app turtl
     remove_completion_param install_turtl
-    sed -i '/turtl/d' $COMPLETION_FILE
+    sed -i '/turtl/d' "$COMPLETION_FILE"
     nginx_dissite $TURTL_DOMAIN_NAME
     if [ -f /etc/nginx/sites-available/$TURTL_DOMAIN_NAME ]; then
         rm /etc/nginx/sites-available/$TURTL_DOMAIN_NAME
@@ -444,18 +452,18 @@ __ENDCONFIG__
         exit 6238234
     fi
 
-    echo '[Unit]' > /etc/systemd/system/turtl.service
-    echo 'Description=Note taking service' >> /etc/systemd/system/turtl.service
-    echo 'Documentation=http://turtl.it' >> /etc/systemd/system/turtl.service
-    echo 'Requires=network.target' >> /etc/systemd/system/turtl.service
-    echo 'Requires=rethinkdb.service' >> /etc/systemd/system/turtl.service
-    echo 'After=network.target' >> /etc/systemd/system/turtl.service
-    echo 'After=rethinkdb.service' >> /etc/systemd/system/turtl.service
-    echo '' >> /etc/systemd/system/turtl.service
-    echo '[Service]' >> /etc/systemd/system/turtl.service
-    echo 'Type=simple' >> /etc/systemd/system/turtl.service
-    echo 'User=turtl' >> /etc/systemd/system/turtl.service
-    echo "WorkingDirectory=$TURTL_BASE_DIR/api/" >> /etc/systemd/system/turtl.service
+    { echo '[Unit]';
+      echo 'Description=Note taking service';
+      echo 'Documentation=http://turtl.it';
+      echo 'Requires=network.target';
+      echo 'Requires=rethinkdb.service';
+      echo 'After=network.target';
+      echo 'After=rethinkdb.service';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=turtl';
+      echo "WorkingDirectory=$TURTL_BASE_DIR/api/"; } > /etc/systemd/system/turtl.service
 
     if [[ "$check_architecture" == *"64"* && "$check_architecture" != *"arm"* ]]; then
         echo "ExecStart=$TURTL_BASE_DIR/ccl/lx86cl64 -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
@@ -466,9 +474,9 @@ __ENDCONFIG__
             echo "ExecStart=$TURTL_BASE_DIR/ccl/armcl -l $TURTL_BASE_DIR/quicklisp/setup.lisp -l launch.lisp" >> /etc/systemd/system/turtl.service
         fi
     fi
-    echo '' >> /etc/systemd/system/turtl.service
-    echo '[Install]' >> /etc/systemd/system/turtl.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turtl.service
+    { echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/turtl.service
     chmod +x /etc/systemd/system/turtl.service
 
     chown -R turtl:turtl $TURTL_BASE_DIR
@@ -484,7 +492,7 @@ function install_turtl_api {
     if [ ! -d $TURTL_BASE_DIR ]; then
         mkdir -p $TURTL_BASE_DIR
     fi
-    cd $TURTL_BASE_DIR
+    cd "$TURTL_BASE_DIR" || exit 745726542
     mkdir cd $TURTL_BASE_DIR/data
     check_architecture=$(uname -a)
 
@@ -600,21 +608,21 @@ __ENDCONFIG__
     chown -R rethinkdb:rethinkdb /var/lib/rethinkdb
 
     # install turtl API
-    cd $TURTL_BASE_DIR/
+    cd "$TURTL_BASE_DIR/" || exit 6428462
 
     if [ -d /repos/turtl ]; then
         mkdir $TURTL_BASE_DIR/api
         cp -r -p /repos/turtl/. $TURTL_BASE_DIR/api
-        cd $TURTL_BASE_DIR/api
+        cd "$TURTL_BASE_DIR/api" || exit 57141845
         git pull
     else
         git clone $TURTL_REPO $TURTL_BASE_DIR/api
     fi
 
-    cd $TURTL_BASE_DIR/api
+    cd "$TURTL_BASE_DIR/api" || exit 35814614
     git checkout $TURTL_COMMIT -b $TURTL_COMMIT
     set_completion_param "turtl commit" "$TURTL_COMMIT"
-    cd $TURTL_BASE_DIR/quicklisp/local-projects
+    cd "$TURTL_BASE_DIR/quicklisp/local-projects" || exit 43618941415
     git clone git://github.com/orthecreedence/cl-hash-util
     if [[ "$check_architecture" != *"arm"* ]]; then
         if [[ "$check_architecture" == *"64"* ]]; then
@@ -657,54 +665,54 @@ function install_turtl_nginx {
     if [[ $ONION_ONLY == "no" ]]; then
         function_check nginx_http_redirect
         nginx_http_redirect $TURTL_DOMAIN_NAME
-        echo 'server {' >> $turtl_nginx_site
-        echo '  listen 443 ssl;' >> $turtl_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $turtl_nginx_site
-        echo "  server_name ${TURTL_DOMAIN_NAME};" >> $turtl_nginx_site
-        echo '' >> $turtl_nginx_site
-        echo '  # Security' >> $turtl_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name ${TURTL_DOMAIN_NAME};";
+          echo '';
+          echo '  # Security'; } >> "$turtl_nginx_site"
         function_check nginx_ssl
         nginx_ssl $TURTL_DOMAIN_NAME
 
         function_check nginx_disable_sniffing
         nginx_disable_sniffing $TURTL_DOMAIN_NAME
 
-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $turtl_nginx_site
-        echo '' >> $turtl_nginx_site
-        echo '  # Logs' >> $turtl_nginx_site
-        echo '  access_log /dev/null;' >> $turtl_nginx_site
-        echo '  error_log /dev/null;' >> $turtl_nginx_site
-        echo '' >> $turtl_nginx_site
-        echo '  location / {' >> $turtl_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  location / {'; } >> "$turtl_nginx_site"
         function_check nginx_limits
         nginx_limits $TURTL_DOMAIN_NAME '15m'
-        echo "    proxy_pass        http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site
-        echo '    proxy_set_header  Host $host;' >> $turtl_nginx_site
-        echo '    proxy_buffering   off;' >> $turtl_nginx_site
-        echo '  }' >> $turtl_nginx_site
-        echo '}' >> $turtl_nginx_site
+        { echo "    proxy_pass        http://localhost:${TURTL_PORT}/;";
+          echo "    proxy_set_header  Host \$host;";
+          echo '    proxy_buffering   off;';
+          echo '  }';
+          echo '}'; } >> "$turtl_nginx_site"
     else
         echo -n '' > $turtl_nginx_site
     fi
-    echo 'server {' >> $turtl_nginx_site
-    echo "  listen 127.0.0.1:${TURTL_ONION_PORT};" >> $turtl_nginx_site
-    echo "  server_name ${TURTL_ONION_HOSTNAME};" >> $turtl_nginx_site
-    echo '' >> $turtl_nginx_site
+    { echo 'server {';
+      echo "  listen 127.0.0.1:${TURTL_ONION_PORT};";
+      echo "  server_name ${TURTL_ONION_HOSTNAME};";
+      echo ''; } >> $turtl_nginx_site
     function_check nginx_disable_sniffing
     nginx_disable_sniffing $TURTL_DOMAIN_NAME
-    echo '' >> $turtl_nginx_site
-    echo '  # Logs' >> $turtl_nginx_site
-    echo '  access_log /dev/null;' >> $turtl_nginx_site
-    echo '  error_log /dev/null;' >> $turtl_nginx_site
-    echo '' >> $turtl_nginx_site
-    echo '  location / {' >> $turtl_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  location / {'; } >> $turtl_nginx_site
     function_check nginx_limits
     nginx_limits $TURTL_DOMAIN_NAME '15m'
-    echo "    proxy_pass        http://localhost:${TURTL_PORT}/;" >> $turtl_nginx_site
-    echo '    proxy_set_header  Host $host;' >> $turtl_nginx_site
-    echo '    proxy_buffering   off;' >> $turtl_nginx_site
-    echo '  }' >> $turtl_nginx_site
-    echo '}' >> $turtl_nginx_site
+    { echo "    proxy_pass        http://localhost:${TURTL_PORT}/;";
+      echo "    proxy_set_header  Host \$host;";
+      echo '    proxy_buffering   off;';
+      echo '  }';
+      echo '}'; } >> $turtl_nginx_site
 
     function_check add_ddns_domain
     add_ddns_domain $TURTL_DOMAIN_NAME
diff --git a/src/freedombone-app-vim b/src/freedombone-app-vim
index 6f5958e6..8af2aa8c 100755
--- a/src/freedombone-app-vim
+++ b/src/freedombone-app-vim
@@ -62,27 +62,27 @@ function backup_local_vim {
             echo $"Backing up Vim config for $USERNAME"
 
             # create a temporary directory
-            if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                mkdir /home/$USERNAME/$VIM_TEMP_DIR
+            if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # copy config files into the directory
-            if [ -f /home/$USERNAME/.vimrc ]; then
-                cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.vimrc" ]; then
+                cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
-            if [ -f /home/$USERNAME/.viminfo ]; then
-                cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.viminfo" ]; then
+                cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # backup the directory
             function_check backup_directory_to_usb
-            backup_directory_to_usb /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME
+            backup_directory_to_usb "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
 
             # remove temporary directory
-            if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
             fi
         fi
     done
@@ -90,24 +90,25 @@ function backup_local_vim {
 
 function restore_local_vim {
     temp_restore_dir=/root/tempvim
-    if [ -d $USB_MOUNT/backup/vim ]; then
+    if [ -d "$USB_MOUNT/backup/vim" ]; then
         for d in $USB_MOUNT/backup/vim/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Vim config for $USERNAME"
                 function_check restore_directory_from_usb
-                restore_directory_from_usb $temp_restore_dir vim/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/
+                restore_directory_from_usb "$temp_restore_dir" "vim/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                        mkdir /home/$USERNAME/$VIM_TEMP_DIR
+                    if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                        mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -116,14 +117,14 @@ function restore_local_vim {
                     backup_unmount_drive
                     exit 664
                 fi
-                cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME
-                if [ -f /home/$USERNAME/.viminfo ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo
+                cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
+                if [ -f "/home/$USERNAME/.viminfo" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
                 fi
-                if [ -f /home/$USERNAME/.vimrc ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc
+                if [ -f "/home/$USERNAME/.vimrc" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
                 fi
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
                 rm -rf $temp_restore_dir
             fi
         done
@@ -137,27 +138,27 @@ function backup_remote_vim {
             echo $"Backing up Vim config for $USERNAME"
 
             # create a temporary directory
-            if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                mkdir /home/$USERNAME/$VIM_TEMP_DIR
+            if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # copy config files into the directory
-            if [ -f /home/$USERNAME/.vimrc ]; then
-                cp /home/$USERNAME/.vimrc /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.vimrc" ]; then
+                cp "/home/$USERNAME/.vimrc" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
-            if [ -f /home/$USERNAME/.viminfo ]; then
-                cp /home/$USERNAME/.viminfo /home/$USERNAME/$VIM_TEMP_DIR
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -f "/home/$USERNAME/.viminfo" ]; then
+                cp "/home/$USERNAME/.viminfo" "/home/$USERNAME/$VIM_TEMP_DIR"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/$VIM_TEMP_DIR"
             fi
 
             # backup the directory
             function_check backup_directory_to_friend
-            backup_directory_to_friend /home/$USERNAME/$VIM_TEMP_DIR vim/$USERNAME
+            backup_directory_to_friend "/home/$USERNAME/$VIM_TEMP_DIR" "vim/$USERNAME"
 
             # remove temporary directory
-            if [ -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+            if [ -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
             fi
         fi
     done
@@ -165,24 +166,25 @@ function backup_remote_vim {
 
 function restore_remote_vim {
     temp_restore_dir=/root/tempvim
-    if [ -d $USB_MOUNT/backup/vim ]; then
+    if [ -d "$USB_MOUNT/backup/vim" ]; then
         for d in $USB_MOUNT/backup/vim/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Vim config for $USERNAME"
                 function_check restore_directory_from_friend
-                restore_directory_from_friend $temp_restore_dir vim/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR /home/$USERNAME/
+                restore_directory_from_friend "$temp_restore_dir vim/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/$VIM_TEMP_DIR" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/$VIM_TEMP_DIR ]; then
-                        mkdir /home/$USERNAME/$VIM_TEMP_DIR
+                    if [ ! -d "/home/$USERNAME/$VIM_TEMP_DIR" ]; then
+                        mkdir "/home/$USERNAME/$VIM_TEMP_DIR"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/$VIM_TEMP_DIR/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/$VIM_TEMP_DIR/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     function_check set_user_permissions
@@ -191,14 +193,14 @@ function restore_remote_vim {
                     backup_unmount_drive
                     exit 664
                 fi
-                cp /home/$USERNAME/$VIM_TEMP_DIR/* /home/$USERNAME
-                if [ -f /home/$USERNAME/.viminfo ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.viminfo
+                cp "/home/$USERNAME/$VIM_TEMP_DIR/*" "/home/$USERNAME"
+                if [ -f "/home/$USERNAME/.viminfo" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.viminfo"
                 fi
-                if [ -f /home/$USERNAME/.vimrc ]; then
-                    chown $USERNAME:$USERNAME /home/$USERNAME/.vimrc
+                if [ -f "/home/$USERNAME/.vimrc" ]; then
+                    chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.vimrc"
                 fi
-                rm -rf /home/$USERNAME/$VIM_TEMP_DIR
+                rm -rf "/home/${USERNAME:?}/$VIM_TEMP_DIR"
                 rm -rf $temp_restore_dir
             fi
         done
@@ -210,7 +212,7 @@ function remove_vim {
     # This may change with Debian Stretch
     # apt-get -yq remove --purge vim
     update-alternatives --set editor /usr/bin/nano
-    sed -i '/install_vim/d' $COMPLETION_FILE
+    sed -i '/install_vim/d' "$COMPLETION_FILE"
 
     # remove Vim as the mutt email editor
     if [ -f /etc/Muttrc ]; then
@@ -220,9 +222,9 @@ function remove_vim {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        sed -i '/set editor=/d' /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        sed -i '/set editor=/d' "/home/$USERNAME/.muttrc"
                     fi
                 fi
             fi
@@ -244,11 +246,11 @@ function install_vim {
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -f /home/$USERNAME/.muttrc ]; then
-                    if ! grep -q "set editor=" /home/$USERNAME/.muttrc; then
-                        echo "set editor=\"$VIM_MUTT_EDITOR\"" >> /home/$USERNAME/.muttrc
+                if [ -f "/home/$USERNAME/.muttrc" ]; then
+                    if ! grep -q "set editor=" "/home/$USERNAME/.muttrc"; then
+                        echo "set editor=\"$VIM_MUTT_EDITOR\"" >> "/home/$USERNAME/.muttrc"
                     else
-                        sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" /home/$USERNAME/.muttrc
+                        sed -i "s|set editor=.*|set editor=\"$VIM_MUTT_EDITOR\"|g" "/home/$USERNAME/.muttrc"
                     fi
                 fi
             fi
diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn
index 1aa183f5..df241b02 100755
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@@ -82,23 +82,24 @@ function install_interactive_vpn {
     VPN_DETAILS_COMPLETE=
     while [ ! $VPN_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         currtlsport=$(grep 'VPN_TLS_PORT' temp.cfg | awk -F '=' '{print $2}')
-        if [ $currtlsport ]; then
+        if [ "$currtlsport" ]; then
             VPN_TLS_PORT=$currtlsport
         fi
         dialog --backtitle $"Freedombone Configuration" \
                --title $"VPN Configuration" \
-               --form $"\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
+               --form $"\\nPlease enter your VPN details. Changing the port to 443 will help defend against censorship but will prevent other web apps from running." 12 65 1 \
                $"TLS port:" 1 1 "$VPN_TLS_PORT" 1 12 5 5 \
-               2> $data
+               2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        tlsport=$(cat $data | sed -n 1p)
+        tlsport=$(sed -n 1p < "$data")
         if [ ${#tlsport} -gt 1 ]; then
             if [[ "$tlsport" != *' '* && "$tlsport" != *'.'* ]]; then
                 VPN_TLS_PORT="$tlsport"
@@ -106,27 +107,27 @@ function install_interactive_vpn {
                 write_config_param "VPN_TLS_PORT" "$VPN_TLS_PORT"
             fi
         fi
+        rm -f "$data"
     done
     clear
     APP_INSTALLED=1
 }
 
 function vpn_change_tls_port {
-    if ! grep -q "VPN-TLS" $FIREWALL_CONFIG; then
+    if ! grep -q "VPN-TLS" "$FIREWALL_CONFIG"; then
         EXISTING_VPN_TLS_PORT=443
     else
-        EXISTING_VPN_TLS_PORT=$(cat $FIREWALL_CONFIG | grep "VPN-TLS" | awk -F '=' '{print $2}')
+        EXISTING_VPN_TLS_PORT=$(grep "VPN-TLS" "$FIREWALL_CONFIG" | awk -F '=' '{print $2}')
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"VPN Configuration" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Change TLS port' 10 50 $EXISTING_VPN_TLS_PORT 2>$data
+           --inputbox $'Change TLS port' 10 50 "$EXISTING_VPN_TLS_PORT" 2>"$data"
     sel=$?
     case $sel in
         0)
-            tlsport=$(<$data)
+            tlsport=$(<"$data")
             if [ ${#tlsport} -gt 0 ]; then
                 if [[ "$tlsport" != "$EXISTING_VPN_TLS_PORT" ]]; then
                     clear
@@ -137,22 +138,22 @@ function vpn_change_tls_port {
 
                     for d in /home/*/ ; do
                         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-                        if [ -f /home/$USERNAME/stunnel-client.conf ]; then
-                            cp /etc/stunnel/stunnel-client.conf /home/$USERNAME/stunnel-client.conf
-                            chown $USERNAME:$USERNAME /home/$USERNAME/stunnel-client.conf
+                        if [ -f "/home/$USERNAME/stunnel-client.conf" ]; then
+                            cp "/etc/stunnel/stunnel-client.conf" "/home/$USERNAME/stunnel-client.conf"
+                            chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel-client.conf"
                         fi
                     done
 
-                    if [ $VPN_TLS_PORT -eq 443 ]; then
+                    if [ "$VPN_TLS_PORT" -eq 443 ]; then
                         if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then
-                            firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
+                            firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
                         fi
                         systemctl stop nginx
                         systemctl disable nginx
                     else
                         if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then
-                            firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
-                            firewall_add VPN-TLS ${VPN_TLS_PORT} tcp
+                            firewall_remove VPN-TLS "${EXISTING_VPN_TLS_PORT}"
+                            firewall_add VPN-TLS "${VPN_TLS_PORT}" tcp
                         fi
                         systemctl enable nginx
                         systemctl restart nginx
@@ -160,7 +161,7 @@ function vpn_change_tls_port {
 
                     systemctl restart stunnel
 
-                    if [ $VPN_TLS_PORT -eq 443 ]; then
+                    if [ "$VPN_TLS_PORT" -eq 443 ]; then
                         dialog --title $"VPN Configuration" \
                                --msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
                     else
@@ -171,52 +172,56 @@ function vpn_change_tls_port {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function vpn_regenerate_client_keys {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Regenerate VPN keys for a user" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'username' 10 50 2>$data
+           --inputbox $'username' 10 50 2>"$data"
     sel=$?
     case $sel in
         0)
-            USERNAME=$(<$data)
+            USERNAME=$(<"$data")
             if [ ${#USERNAME} -gt 0 ]; then
-                if [ -d /home/$USERNAME ]; then
+                if [ -d "/home/$USERNAME" ]; then
                     clear
-                    create_user_vpn_key $USERNAME
+                    create_user_vpn_key "$USERNAME"
                     dialog --title $"Regenerate VPN keys for a user" \
                            --msgbox $"VPN keys were regenerated for $USERNAME" 6 60
                 fi
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_vpn {
     read_config_param VPN_TLS_PORT
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"VPN Configuration" \
                --radiolist $"Choose an operation:" 13 70 3 \
                1 $"Change TLS port (currently $VPN_TLS_PORT)" off \
                2 $"Regenerate keys for a user" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) vpn_change_tls_port;;
             2) vpn_regenerate_client_keys;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
@@ -231,8 +236,8 @@ function upgrade_vpn {
 function backup_local_vpn {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
-            cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}
+        if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+            cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
         fi
     done
 
@@ -252,9 +257,9 @@ function restore_local_vpn {
 
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then
-                cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME
-                chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME
+            if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
+                cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
             fi
         done
     fi
@@ -265,13 +270,13 @@ function restore_local_vpn {
         rm -rf ${temp_restore_dir}
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /home/$USERNAME/stunnel.pem ]; then
-                cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem
+            if [ -f "/home/$USERNAME/stunnel.pem" ]; then
+                cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
             fi
-            if [ -f /home/$USERNAME/stunnel.p12 ]; then
-                cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12
+            if [ -f "/home/$USERNAME/stunnel.p12" ]; then
+                cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
             fi
         done
     fi
@@ -280,8 +285,8 @@ function restore_local_vpn {
 function backup_remote_vpn {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
-            cp /home/$USERNAME/$OPENVPN_KEY_FILENAME /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}
+        if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+            cp "/home/$USERNAME/$OPENVPN_KEY_FILENAME" "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}"
         fi
     done
 
@@ -301,9 +306,9 @@ function restore_remote_vpn {
 
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} ]; then
-                cp /etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME} /home/$USERNAME/$OPENVPN_KEY_FILENAME
-                chown $USERNAME:$USERNAME /home/$USERNAME/$OPENVPN_KEY_FILENAME
+            if [ -f "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" ]; then
+                cp "/etc/openvpn/easy-rsa/keys/${USERNAME}_${OPENVPN_KEY_FILENAME}" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
             fi
         done
     fi
@@ -314,13 +319,13 @@ function restore_remote_vpn {
         rm -rf ${temp_restore_dir}
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-            if [ -f /home/$USERNAME/stunnel.pem ]; then
-                cp /etc/stunnel/stunnel.pem /home/$USERNAME/stunnel.pem
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.pem
+            if [ -f "/home/$USERNAME/stunnel.pem" ]; then
+                cp /etc/stunnel/stunnel.pem "/home/$USERNAME/stunnel.pem"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.pem"
             fi
-            if [ -f /home/$USERNAME/stunnel.p12 ]; then
-                cp /etc/stunnel/stunnel.p12 /home/$USERNAME/stunnel.p12
-                chown $USERNAME:$USERNAME /home/$USERNAME/stunnel.p12
+            if [ -f "/home/$USERNAME/stunnel.p12" ]; then
+                cp /etc/stunnel/stunnel.p12 "/home/$USERNAME/stunnel.p12"
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME/stunnel.p12"
             fi
         done
     fi
@@ -332,8 +337,8 @@ function remove_vpn {
     rm /etc/systemd/system/stunnel.service
 
     systemctl stop openvpn
-    if [ $VPN_TLS_PORT -ne 443 ]; then
-        firewall_remove VPN-TLS $VPN_TLS_PORT
+    if [ "$VPN_TLS_PORT" -ne 443 ]; then
+        firewall_remove VPN-TLS "$VPN_TLS_PORT"
     else
         systemctl enable nginx
         systemctl restart nginx
@@ -354,10 +359,10 @@ function remove_vpn {
     # remove any client keys
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -f /home/$USERNAME/$OPENVPN_KEY_FILENAME ]; then
-            shred -zu /home/$USERNAME/$OPENVPN_KEY_FILENAME
+        if [ -f "/home/$USERNAME/$OPENVPN_KEY_FILENAME" ]; then
+            shred -zu "/home/$USERNAME/$OPENVPN_KEY_FILENAME"
         fi
-        rm /home/$USERNAME/stunnel*
+        rm "/home/$USERNAME/stunnel*"
     done
     userdel -f vpn
     groupdel -f vpn
@@ -370,107 +375,108 @@ function remove_vpn {
 function create_user_vpn_key {
     username=$1
 
-    if [ ! -d /home/$username ]; then
+    if [ ! -d "/home/$username" ]; then
         return
     fi
 
     echo $"Creating VPN key for $username"
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 4728468246
 
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.crt
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.crt"
     fi
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.key
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.key"
     fi
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.csr ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.csr
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.csr" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.csr"
     fi
 
     sed -i 's| --interact||g' build-key
     ./build-key "$username"
 
-    if [ ! -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
+    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
         echo $'VPN user cert not generated'
         exit 783528
     fi
-    user_cert=$(cat /etc/openvpn/easy-rsa/keys/$username.crt)
+    user_cert=$(cat "/etc/openvpn/easy-rsa/keys/$username.crt")
     if [ ${#user_cert} -lt 10 ]; then
-        cat /etc/openvpn/easy-rsa/keys/$username.crt
+        cat "/etc/openvpn/easy-rsa/keys/$username.crt"
         echo $'User cert generation failed'
         exit 634659
     fi
-    if [ ! -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
+    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
         echo $'VPN user key not generated'
         exit 682523
     fi
-    user_key=$(cat /etc/openvpn/easy-rsa/keys/$username.key)
+    user_key=$(cat "/etc/openvpn/easy-rsa/keys/$username.key")
     if [ ${#user_key} -lt 10 ]; then
-        cat /etc/openvpn/easy-rsa/keys/$username.key
+        cat "/etc/openvpn/easy-rsa/keys/$username.key"
         echo $'User key generation failed'
         exit 285838
     fi
 
     user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME
 
-    echo 'client' > $user_vpn_cert_file
-    echo 'dev tun' >> $user_vpn_cert_file
-    echo 'proto tcp' >> $user_vpn_cert_file
-    echo "remote localhost $STUNNEL_PORT" >> $user_vpn_cert_file
-    echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway" >> $user_vpn_cert_file
-    echo 'resolv-retry infinite' >> $user_vpn_cert_file
-    echo 'nobind' >> $user_vpn_cert_file
-    echo 'tun-mtu 1500' >> $user_vpn_cert_file
-    echo 'tun-mtu-extra 32' >> $user_vpn_cert_file
-    echo 'mssfix 1450' >> $user_vpn_cert_file
-    echo 'persist-key' >> $user_vpn_cert_file
-    echo 'persist-tun' >> $user_vpn_cert_file
-    echo 'auth-nocache' >> $user_vpn_cert_file
-    echo 'remote-cert-tls server' >> $user_vpn_cert_file
-    echo 'comp-lzo' >> $user_vpn_cert_file
-    echo 'verb 3' >> $user_vpn_cert_file
-    echo '' >> $user_vpn_cert_file
+    { echo 'client';
+      echo 'dev tun';
+      echo 'proto tcp';
+      echo "remote localhost $STUNNEL_PORT";
+      echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway";
+      echo 'resolv-retry infinite';
+      echo 'nobind';
+      echo 'tun-mtu 1500';
+      echo 'tun-mtu-extra 32';
+      echo 'mssfix 1450';
+      echo 'persist-key';
+      echo 'persist-tun';
+      echo 'auth-nocache';
+      echo 'remote-cert-tls server';
+      echo 'comp-lzo';
+      echo 'verb 3';
+      echo ''; } > "$user_vpn_cert_file"
 
-    echo '<ca>' >> $user_vpn_cert_file
-    cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
-    echo '</ca>' >> $user_vpn_cert_file
+    {
+        echo '<ca>';
+        cat /etc/openvpn/ca.crt;
+        echo '</ca>';
 
-    echo '<cert>' >> $user_vpn_cert_file
-    cat /etc/openvpn/easy-rsa/keys/$username.crt >> $user_vpn_cert_file
-    echo '</cert>' >> $user_vpn_cert_file
+        echo '<cert>';
+        cat "/etc/openvpn/easy-rsa/keys/$username.crt;"
+        echo '</cert>';
 
-    echo '<key>' >> $user_vpn_cert_file
-    cat /etc/openvpn/easy-rsa/keys/$username.key >> $user_vpn_cert_file
-    echo '</key>' >> $user_vpn_cert_file
+        echo '<key>';
+        cat "/etc/openvpn/easy-rsa/keys/$username.key;"
+        echo '</key>'; } >> "$user_vpn_cert_file"
 
-    chown $username:$username $user_vpn_cert_file
+    chown "$username":"$username" "$user_vpn_cert_file"
 
     # keep a backup
-    cp $user_vpn_cert_file /etc/openvpn/easy-rsa/keys/$username.ovpn
+    cp "$user_vpn_cert_file" "/etc/openvpn/easy-rsa/keys/$username.ovpn"
 
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
-    shred -zu /etc/openvpn/easy-rsa/keys/$username.key
+    shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
 
     echo $"VPN key created at $user_vpn_cert_file"
 }
 
 function add_user_vpn {
     new_username="$1"
-    new_user_password="$2"
+#    new_user_password="$2"
 
-    create_user_vpn_key $new_username
+    create_user_vpn_key "$new_username"
     if [ -f /etc/stunnel/stunnel.pem ]; then
-        cp /etc/stunnel/stunnel.pem /home/$new_username/stunnel.pem
-        chown $new_username:$new_username /home/$new_username/stunnel.pem
+        cp /etc/stunnel/stunnel.pem "/home/$new_username/stunnel.pem"
+        chown "$new_username":"$new_username" "/home/$new_username/stunnel.pem"
     fi
     if [ -f /etc/stunnel/stunnel.p12 ]; then
-        cp /etc/stunnel/stunnel.p12 /home/$new_username/stunnel.p12
-        chown $new_username:$new_username /home/$new_username/stunnel.p12
+        cp /etc/stunnel/stunnel.p12 "/home/$new_username/stunnel.p12"
+        chown "$new_username":"$new_username" "/home/$new_username/stunnel.p12"
     fi
-    cp /etc/stunnel/stunnel-client.conf /home/$new_username/stunnel-client.conf
-    chown $new_username:$new_username /home/$new_username/stunnel-client.conf
+    cp /etc/stunnel/stunnel-client.conf "/home/$new_username/stunnel-client.conf"
+    chown "$new_username":"$new_username" "/home/$new_username/stunnel-client.conf"
 }
 
 function remove_user_vpn {
@@ -516,15 +522,16 @@ function generate_stunnel_keys {
     fi
     chmod 640 /etc/stunnel/stunnel.p12
 
-    cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
-    cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
-    chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel*
+    cp /etc/stunnel/stunnel.pem "/home/$MY_USERNAME/stunnel.pem"
+    cp /etc/stunnel/stunnel.p12 "/home/$MY_USERNAME/stunnel.p12"
+    chown "$MY_USERNAME":"$MY_USERNAME" "$prefix/home/$MY_USERNAME/stunnel*"
 }
 
 function install_stunnel {
     prefix=
     prefixchroot=
-    if [ $rootdir ]; then
+    # shellcheck disable=SC2154
+    if [ "$rootdir" ]; then
         prefix=$rootdir
         prefixchroot="chroot $rootdir"
         VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@@ -532,53 +539,53 @@ function install_stunnel {
 
     $prefixchroot apt-get -yq install stunnel4
 
-    if [ ! $prefix ]; then
-        cd /etc/stunnel
+    if [ ! "$prefix" ]; then
+        cd /etc/stunnel || exit 46284624
         generate_stunnel_keys
     fi
 
-    echo 'chroot = /var/lib/stunnel4' > $prefix/etc/stunnel/stunnel.conf
-    echo 'pid = /stunnel4.pid' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'setuid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'setgid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'socket = l:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'socket = r:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
-    echo '[openvpn]' >> $prefix/etc/stunnel/stunnel.conf
-    echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf
-    echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
-    echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf
+    { echo 'chroot = /var/lib/stunnel4';
+      echo 'pid = /stunnel4.pid';
+      echo 'setuid = stunnel4';
+      echo 'setgid = stunnel4';
+      echo 'socket = l:TCP_NODELAY=1';
+      echo 'socket = r:TCP_NODELAY=1';
+      echo 'cert = /etc/stunnel/stunnel.pem';
+      echo '[openvpn]';
+      echo "accept = $VPN_TLS_PORT";
+      echo 'connect = localhost:1194';
+      echo 'cert = /etc/stunnel/stunnel.pem';
+      echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel.conf"
 
-    sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4
+    sed -i 's|ENABLED=.*|ENABLED=1|g' "$prefix/etc/default/stunnel4"
 
-    echo '[openvpn]' > $prefix/etc/stunnel/stunnel-client.conf
-    echo 'client = yes' >> $prefix/etc/stunnel/stunnel-client.conf
-    echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
-    echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
-    echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf
-    echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf
+    { echo '[openvpn]';
+      echo 'client = yes';
+      echo "accept = $STUNNEL_PORT";
+      echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT";
+      echo 'cert = stunnel.pem';
+      echo 'protocol = socks'; } > "$prefix/etc/stunnel/stunnel-client.conf"
 
-    echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service
-    echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'DefaultDependencies=no' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'After=network.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'After=syslog.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo '' >> $prefix/etc/systemd/system/stunnel.service
-    echo '[Install]' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'WantedBy=multi-user.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'Alias=stunnel.target' >> $prefix/etc/systemd/system/stunnel.service
-    echo '' >> $prefix/etc/systemd/system/stunnel.service
-    echo '[Service]' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'Type=forking' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'RuntimeDirectory=stunnel' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'ExecStop=/usr/bin/killall -9 stunnel' >> $prefix/etc/systemd/system/stunnel.service
-    echo 'RemainAfterExit=yes' >> $prefix/etc/systemd/system/stunnel.service
+    { echo '[Unit]';
+      echo 'Description=SSL tunnel for network daemons';
+      echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html';
+      echo 'DefaultDependencies=no';
+      echo 'After=network.target';
+      echo 'After=syslog.target';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target';
+      echo 'Alias=stunnel.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=forking';
+      echo 'RuntimeDirectory=stunnel';
+      echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf';
+      echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf';
+      echo 'ExecStop=/usr/bin/killall -9 stunnel';
+      echo 'RemainAfterExit=yes'; } > "$prefix/etc/systemd/system/stunnel.service"
 
-    if [ ! $prefix ]; then
+    if [ ! "$prefix" ]; then
         if [ $VPN_TLS_PORT -eq 443 ]; then
             systemctl stop nginx
             systemctl disable nginx
@@ -591,15 +598,15 @@ function install_stunnel {
         systemctl daemon-reload
         systemctl start stunnel
 
-        cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
+        cp /etc/stunnel/stunnel-client.conf "/home/$MY_USERNAME/stunnel-client.conf"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/stunnel*"
     fi
 }
 
 function vpn_generate_keys {
     # generate host keys
     if [ ! -f /etc/openvpn/dh2048.pem ]; then
-        ${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem
+        "${PROJECT_NAME}-dhparam" -o /etc/openvpn/dh2048.pem
     fi
     if [ ! -f /etc/openvpn/dh2048.pem ]; then
         echo $'vpn dhparams were not generated'
@@ -607,7 +614,8 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 5628756256
+    # shellcheck disable=SC1091
     . ./vars
     ./clean-all
     vpn_openssl_version='1.0.0'
@@ -651,13 +659,13 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
 
-    create_user_vpn_key ${MY_USERNAME}
+    create_user_vpn_key "${MY_USERNAME}"
 }
 
 function install_vpn {
     prefix=
     prefixchroot=
-    if [ $rootdir ]; then
+    if [ "$rootdir" ]; then
         prefix=$rootdir
         prefixchroot="chroot $rootdir"
         VPN_TLS_PORT=$VPN_MESH_TLS_PORT
@@ -668,50 +676,50 @@ function install_vpn {
     $prefixchroot useradd -r -s /bin/false -g vpn vpn
 
     # server configuration
-    echo 'port 1194' > $prefix/etc/openvpn/server.conf
-    echo 'proto tcp' >> $prefix/etc/openvpn/server.conf
-    echo 'dev tun' >> $prefix/etc/openvpn/server.conf
-    echo 'tun-mtu 1500' >> $prefix/etc/openvpn/server.conf
-    echo 'tun-mtu-extra 32' >> $prefix/etc/openvpn/server.conf
-    echo 'mssfix 1450' >> $prefix/etc/openvpn/server.conf
-    echo 'ca /etc/openvpn/ca.crt' >> $prefix/etc/openvpn/server.conf
-    echo 'cert /etc/openvpn/server.crt' >> $prefix/etc/openvpn/server.conf
-    echo 'key /etc/openvpn/server.key' >> $prefix/etc/openvpn/server.conf
-    echo 'dh /etc/openvpn/dh2048.pem' >> $prefix/etc/openvpn/server.conf
-    echo 'server 10.8.0.0 255.255.255.0' >> $prefix/etc/openvpn/server.conf
-    echo 'push "redirect-gateway def1 bypass-dhcp"' >> $prefix/etc/openvpn/server.conf
-    echo "push \"dhcp-option DNS 85.214.73.63\"" >> $prefix/etc/openvpn/server.conf
-    echo "push \"dhcp-option DNS 213.73.91.35\"" >> $prefix/etc/openvpn/server.conf
-    echo 'keepalive 5 30' >> $prefix/etc/openvpn/server.conf
-    echo 'comp-lzo' >> $prefix/etc/openvpn/server.conf
-    echo 'persist-key' >> $prefix/etc/openvpn/server.conf
-    echo 'persist-tun' >> $prefix/etc/openvpn/server.conf
-    echo 'status /dev/null' >> $prefix/etc/openvpn/server.conf
-    echo 'verb 3' >> $prefix/etc/openvpn/server.conf
-    echo '' >> $prefix/etc/openvpn/server.conf
+    { echo 'port 1194';
+      echo 'proto tcp';
+      echo 'dev tun';
+      echo 'tun-mtu 1500';
+      echo 'tun-mtu-extra 32';
+      echo 'mssfix 1450';
+      echo 'ca /etc/openvpn/ca.crt';
+      echo 'cert /etc/openvpn/server.crt';
+      echo 'key /etc/openvpn/server.key';
+      echo 'dh /etc/openvpn/dh2048.pem';
+      echo 'server 10.8.0.0 255.255.255.0';
+      echo 'push "redirect-gateway def1 bypass-dhcp"';
+      echo "push \"dhcp-option DNS 85.214.73.63\"";
+      echo "push \"dhcp-option DNS 213.73.91.35\"";
+      echo 'keepalive 5 30';
+      echo 'comp-lzo';
+      echo 'persist-key';
+      echo 'persist-tun';
+      echo 'status /dev/null';
+      echo 'verb 3';
+      echo ''; } > "$prefix/etc/openvpn/server.conf"
 
-    if [ ! $prefix ]; then
+    if [ ! "$prefix" ]; then
         echo 1 > /proc/sys/net/ipv4/ip_forward
     fi
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' $prefix/etc/sysctl.conf
+    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
+    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' "$prefix/etc/sysctl.conf"
+    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' "$prefix/etc/sysctl.conf"
 
-    cp -r $prefix/usr/share/easy-rsa/ $prefix/etc/openvpn
-    if [ ! -d $prefix/etc/openvpn/easy-rsa/keys ]; then
-        mkdir $prefix/etc/openvpn/easy-rsa/keys
+    cp -r "$prefix/usr/share/easy-rsa/" "$prefix/etc/openvpn"
+    if [ ! -d "$prefix/etc/openvpn/easy-rsa/keys" ]; then
+        mkdir "$prefix/etc/openvpn/easy-rsa/keys"
     fi
 
     # keys configuration
-    sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" $prefix/etc/openvpn/easy-rsa/vars
-    sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
+    sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
+    sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" "$prefix/etc/openvpn/easy-rsa/vars"
 
-    if [ ! $prefix ]; then
+    if [ ! "$prefix" ]; then
         vpn_generate_keys
         firewall_enable_vpn
 
@@ -724,7 +732,7 @@ function install_vpn {
 
     install_stunnel
 
-    if [ ! $prefix ]; then
+    if [ ! "$prefix" ]; then
         systemctl restart openvpn
     fi
 

From 9a1f8e6f265fb04d1676bfad4c8f4b4ef6c9c0c5 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 1 Mar 2018 11:46:35 +0000
Subject: [PATCH 20/67] Deprecate wekan

The main problem was that it has a dependency which won't run on arm
---
 src/freedombone-app-wekan | 498 --------------------------------------
 1 file changed, 498 deletions(-)
 delete mode 100755 src/freedombone-app-wekan

diff --git a/src/freedombone-app-wekan b/src/freedombone-app-wekan
deleted file mode 100755
index 98ba5fcf..00000000
--- a/src/freedombone-app-wekan
+++ /dev/null
@@ -1,498 +0,0 @@
-#!/bin/bash
-#
-# .---.                  .              .
-# |                      |              |
-# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
-# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
-# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
-#
-#                    Freedom in the Cloud
-#
-# Wekan kanban
-#
-# License
-# =======
-#
-# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-VARIANTS=''
-
-IN_DEFAULT_INSTALL=0
-SHOW_ON_ABOUT=0
-
-WEKAN_DOMAIN_NAME=
-WEKAN_CODE=
-WEKAN_PORT=8081
-WEKAN_ONION_PORT=8120
-WEKAN_REPO="https://github.com/wekan/wekan"
-WEKAN_COMMIT='dc547c38d1f5ca72729f6d8f81eb03671ca15934'
-FLOW_ROUTER_REPO="git://github.com/wekan/flow-router.git"
-FLOW_ROUTER_COMMIT='0c1f6423ed9b68eb00cfb1a19492438917a38956'
-WEKAN_DIR=/etc/wekan
-
-wekan_variables=(ONION_ONLY
-                 WEKAN_DOMAIN_NAME
-                 WEKAN_CODE
-                 DDNS_PROVIDER
-                 MY_USERNAME)
-
-function logging_on_wekan {
-    echo -n ''
-}
-
-function logging_off_wekan {
-    echo -n ''
-}
-
-function remove_user_wekan {
-    remove_username="$1"
-}
-
-function add_user_wekan {
-    new_username="$1"
-    new_user_password="$2"
-    echo '0'
-}
-
-function install_interactive_wekan {
-    if [[ $ONION_ONLY != "no" ]]; then
-        GIT_DOMAIN_NAME='wekan.local'
-        write_config_param "WEKAN_DOMAIN_NAME" "$WEKAN_DOMAIN_NAME"
-    else
-        function_check interactive_site_details
-        interactive_site_details wekan
-    fi
-    APP_INSTALLED=1
-}
-
-function change_password_wekan {
-    curr_username="$1"
-    new_user_password="$2"
-}
-
-function reconfigure_wekan {
-    echo -n ''
-}
-
-function upgrade_wekan {
-    CURR_WEKAN_COMMIT=$(get_completion_param "wekan commit")
-    if [[ "$CURR_WEKAN_COMMIT" == "$WEKAN_COMMIT" ]]; then
-        return
-    fi
-
-    systemctl stop wekan
-
-    # update to the next commit
-    function_check set_repo_commit
-    set_repo_commit $WEKAN_DIR "wekan commit" "$WEKAN_COMMIT" $WEKAN_REPO
-
-    systemctl start wekan
-}
-
-function backup_local_wekan {
-    source_directory=$WEKAN_DIR/data
-    if [ -d $source_directory ]; then
-        systemctl stop wekan
-
-        dest_directory=wekan
-        function_check suspend_site
-        suspend_site wekan
-
-        function_check backup_database_to_usb
-        backup_database_to_usb wekan
-
-        function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
-
-        function_check restart_site
-        restart_site
-
-        systemctl start wekan
-    fi
-}
-
-function restore_local_wekan {
-    if [ -d $WEKAN_DIR ]; then
-        systemctl stop wekan
-
-        function_check restore_database
-        restore_database gogs ${WEKAN_DOMAIN_NAME}
-
-        temp_restore_dir=/root/tempwekan
-        function_check restore_directory_from_usb
-        restore_directory_from_usb $temp_restore_dir wekan
-        if [ -d $temp_restore_dir$WEKAN_DIR/data ]; then
-            cp -r $temp_restore_dir$WEKAN_DIR/data/* $WEKAN_DIR/data/
-        else
-            cp -r $temp_restore_dir/* $WEKAN_DIR/data/
-        fi
-        rm -rf $temp_restore_dir
-        systemctl start wekan
-    fi
-}
-
-function backup_remote_wekan {
-    if grep -q "wekan domain" $COMPLETION_FILE; then
-        temp_backup_dir=$WEKAN_DIR/data
-        if [ -d $temp_backup_dir ]; then
-            systemctl stop wekan
-
-            function_check suspend_site
-            suspend_site wekan
-
-            echo $"Backing up Wekan installation"
-
-            function_check backup_database_to_friend
-            backup_database_to_friend wekan
-
-            function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir wekan
-
-            function_check restart_site
-            restart_site
-
-            systemctl start wekan
-        else
-            echo $"wekan domain specified but not found in ${temp_backup_dir}"
-        fi
-    fi
-}
-
-function restore_remote_wekan {
-    if [ -d $WEKAN_DIR ]; then
-        systemctl stop wekan
-
-        function_check restore_database_from_friend
-        restore_database_from_friend wekan
-
-        temp_restore_dir=/root/tempwekan
-        function_check restore_directory_from_usb
-        restore_directory_from_friend $temp_restore_dir wekan
-        if [ -d $temp_restore_dir$WEKAN_DIR/data ]; then
-            cp -r $temp_restore_dir$WEKAN_DIR/data/* $WEKAN_DIR/data/
-        else
-            cp -r $temp_restore_dir/* $WEKAN_DIR/data/
-        fi
-        rm -rf $temp_restore_dir
-        systemctl start wekan
-    fi
-}
-
-function remove_wekan {
-    systemctl stop wekan
-    systemctl disable wekan
-    if [ -f /etc/systemd/system/wekan.service ]; then
-        rm /etc/systemd/system/wekan.service
-    fi
-    systemctl daemon-reload
-
-    function_check remove_nodejs
-    remove_nodejs wekan
-
-    nginx_dissite wekan
-
-    if [ -d $WEKAN_DIR ]; then
-        rm -rf $WEKAN_DIR
-    fi
-    if [ -f /etc/nginx/sites-available/wekan ]; then
-        rm /etc/nginx/sites-available/wekan
-    fi
-    function_check drop_database
-    drop_database wekan
-    function_check remove_onion_service
-    remove_onion_service wekan ${WEKAN_ONION_PORT}
-    remove_app wekan
-    remove_completion_param install_wekan
-    sed -i '/wekan/d' $COMPLETION_FILE
-
-    groupdel -f wekan
-    userdel -r wekan
-    remove_meteor
-}
-
-function wekan_create_database {
-    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
-        WEKAN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
-    else
-        if [ ! ${GIT_ADMIN_PASSWORD} ]; then
-            WEKAN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-        fi
-    fi
-    if [ ! $WEKAN_ADMIN_PASSWORD ]; then
-        return
-    fi
-
-    function_check create_database
-    create_database gogs "$WEKAN_ADMIN_PASSWORD"
-}
-
-function install_wekan_main {
-    if [[ $(app_is_installed wekan_main) == "1" ]]; then
-        return
-    fi
-
-    if [ ! -d /var/www/wekan ]; then
-        mkdir /var/www/wekan
-    fi
-    if [ -d $WEKAN_DIR ]; then
-        rm -rf $WEKAN_DIR
-    fi
-
-    if [ -d /repos/wekan ]; then
-        mkdir -p $WEKAN_DIR
-        cp -r -p /repos/wekan/. $WEKAN_DIR
-        cd $WEKAN_DIR
-        git pull
-    else
-        function_check git_clone
-        git_clone $WEKAN_REPO $WEKAN_DIR
-    fi
-
-    if [ ! -d $WEKAN_DIR ]; then
-        echo $'Unable to clone wekan repo'
-        exit 783251
-    fi
-
-    # an unprivileged user to run as
-    groupadd wekan
-    useradd -c "Wekan account" -d $WEKAN_DIR/ -m -r -g wekan wekan
-
-    cd $WEKAN_DIR
-    git checkout $WEKAN_COMMIT -b $WEKAN_COMMIT
-    set_completion_param "wekan commit" "$WEKAN_COMMIT"
-
-    chown -R wekan:wekan $WEKAN_DIR
-
-    WEKAN_ONION_HOSTNAME=$(add_onion_service wekan 80 ${WEKAN_ONION_PORT})
-    set_completion_param "wekan onion domain" "$WEKAN_ONION_HOSTNAME"
-
-    wekan_nginx_site=/etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    if [[ ${ONION_ONLY} == "no" ]]; then
-        function_check nginx_http_redirect
-        nginx_http_redirect ${WEKAN_DOMAIN_NAME}
-        echo 'server {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo "    root /var/www/${WEKAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo "    server_name ${WEKAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        function_check nginx_ssl
-        nginx_ssl ${WEKAN_DOMAIN_NAME}
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing ${WEKAN_DOMAIN_NAME}
-        echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    location / {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        function_check nginx_limits
-        nginx_limits ${WEKAN_DOMAIN_NAME} '15m'
-        echo "        proxy_pass http://localhost:$WEKAN_PORT;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '        allow all;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '        log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    else
-        echo -n '' > /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    fi
-    echo 'server {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo "    listen 127.0.0.1:${WEKAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo "    root /var/www/$WEKAN_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo "    server_name $WEKAN_DOMAIN_NAME;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    function_check nginx_disable_sniffing
-    nginx_disable_sniffing ${WEKAN_DOMAIN_NAME}
-    echo '    add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    location / {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    function_check nginx_limits
-    nginx_limits ${WEKAN_DOMAIN_NAME} '15m'
-    echo "        proxy_pass http://localhost:$WEKAN_PORT;" >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    location = /robots.txt {' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '        allow all;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '        log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-
-    function_check nginx_ensite
-    nginx_ensite wekan
-
-    install_completed wekan_main
-}
-
-function install_wekan {
-    apt-get -qy install build-essential c++ capnproto curl
-
-    function_check install_nodejs
-    install_nodejs wekan
-
-    install_wekan_main
-    install_meteor
-
-    cd $WEKAN_DIR
-
-    su -c 'npm install babel-runtime' - wekan
-    su -c 'npm install node-gyp' - wekan
-    su -c 'npm install node-pre-gyp' - wekan
-    su -c 'npm install fibers' - wekan
-    su -c 'npm install bcrypt' - wekan
-    su -c 'npm install bson' - wekan
-    su -c 'npm install es6-promise' - wekan
-    su -c 'npm install meteor-node-stubs' - wekan
-    su -c 'npm install winston' - wekan
-    su -c 'npm install winston-zulip' - wekan
-    su -c 'npm install xss' - wekan
-
-    # Remove any directories from previous installs
-    if [ -d $WEKAN_DIR/.meteor ]; then
-        rm -rf $WEKAN_DIR/.meteor
-    fi
-    if [ -d $WEKAN_DIR/app ]; then
-        rm -rf $WEKAN_DIR/app
-    fi
-    if [ -d $WEKAN_DIR/app_build ]; then
-        rm -rf $WEKAN_DIR/app_build
-    fi
-
-    # Get additional packages
-    mkdir -p $WEKAN_DIR/.meteor/packages
-    chown wekan:wekan --recursive $WEKAN_DIR/.meteor
-    cd $WEKAN_DIR/.meteor/packages
-    if [ ! -d /repos/flowrouter ]; then
-        su -c "git clone --depth 1 -b master $FLOW_ROUTER_REPO kadira-flow-router" - wekan
-    else
-        mkdir kadira-flow-router
-        cp -r -p /repos/flowrouter/. kadira-flow-router
-        cd kadira-flow-router
-        git pull
-        cd ..
-    fi
-    cd kadira-flow-router
-    git checkout $FLOW_ROUTER_COMMIT -b $FLOW_ROUTER_COMMIT
-    cd ..
-    if [ ! -d /repos/meteoruseraccounts ]; then
-        su -c "git clone --depth 1 -b master $METEOR_USERACCOUNTS_REPO meteor-useraccounts-core" - wekan
-    else
-        mkdir meteor-useraccounts-core
-        cp -r -p /repos/meteoruseraccounts/. meteor-useraccounts-core
-        cd meteor-useraccounts-core
-        git pull
-        cd ..
-    fi
-    cd meteor-useraccounts-core
-    git checkout $METEOR_USERACCOUNTS_COMMIT -b $METEOR_USERACCOUNTS_COMMIT
-    cd ..
-    if [ ! -f $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js ]; then
-        echo $"File not found: $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js"
-        exit 7289529
-    fi
-    sed -i 's/api\.versionsFrom/\/\/api.versionsFrom/' $WEKAN_DIR/.meteor/packages/meteor-useraccounts-core/package.js
-    cd $WEKAN_DIR/.meteor
-    su -c "$WEKAN_DIR/.meteor/meteor -- help" - wekan
-
-    # Build app
-    if [ ! -d $WEKAN_DIR/app ]; then
-        echo $'No app subdirectory found'
-        exit 294569
-    fi
-    cd $WEKAN_DIR/app
-    su -c "$WEKAN_DIR/.meteor/meteor add standard-minifier-js" - wekan
-    su -c "$WEKAN_DIR/.meteor/meteor npm install" - wekan
-    su -c "$WEKAN_DIR/.meteor/meteor build --directory $WEKAN_DIR/app_build" - wekan
-    cp $WEKAN_DIR/app/fix-download-unicode/cfs_access-point.txt $WEKAN_DIR/app_build/bundle/programs/server/packages/cfs_access-point.js
-    chown wekan:wekan $WEKAN_DIR/app_build/bundle/programs/server/packages/cfs_access-point.js
-    sed -i "s|build\/Release\/bson|browser_build\/bson|g" $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/cfs_gridfs/node_modules/mongodb/node_modules/bson/ext/index.js
-    if [ ! -d $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt ]; then
-        echo $"No subdirectory found: $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt"
-        exit 479832
-    fi
-    cd $WEKAN_DIR/app_build/bundle/programs/server/npm/node_modules/meteor/npm-bcrypt
-    su -c 'rm -rf node_modules/bcrypt' - wekan
-    su -c 'npm install bcrypt' - wekan
-    cd $WEKAN_DIR/app_build/bundle/programs/server/
-    su -c 'npm install' - wekan
-    mv $WEKAN_DIR/app_build/bundle ../build
-
-    if [ ! -f $WEKAN_DIR/build/main.js ]; then
-        echo $'main.js not found'
-        exit 7828252
-    fi
-
-    # Cleanup
-    rm -R $WEKAN_DIR/.meteor
-    rm -R $WEKAN_DIR/app
-    rm -R $WEKAN_DIR/app_build
-
-    chown -R wekan:wekan $WEKAN_DIR
-
-    function_check install_mariadb
-    install_mariadb
-
-    function_check get_mariadb_password
-    get_mariadb_password
-
-    function_check wekan_create_database
-    wekan_create_database
-
-    # daemon
-    echo '[Unit]' > /etc/systemd/system/wekan.service
-    echo 'Description=Wekan' >> /etc/systemd/system/wekan.service
-    echo 'After=syslog.target' >> /etc/systemd/system/wekan.service
-    echo 'After=network.target' >> /etc/systemd/system/wekan.service
-    echo '' >> /etc/systemd/system/wekan.service
-    echo '[Service]' >> /etc/systemd/system/wekan.service
-    echo 'User=wekan' >> /etc/systemd/system/wekan.service
-    echo 'Group=wekan' >> /etc/systemd/system/wekan.service
-    echo "WorkingDirectory=$WEKAN_DIR" >> /etc/systemd/system/wekan.service
-    echo "ExecStart=/usr/local/bin/node $WEKAN_DIR/build/main.js" >> /etc/systemd/system/wekan.service
-    echo 'Environment=PATH=/usr/bin:/usr/local/bin' >> /etc/systemd/system/wekan.service
-    echo 'Environment=NODE_ENV=production' >> /etc/systemd/system/wekan.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/wekan.service
-    echo '' >> /etc/systemd/system/wekan.service
-    echo '[Install]' >> /etc/systemd/system/wekan.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wekan.service
-    systemctl enable wekan.service
-    systemctl daemon-reload
-    systemctl start wekan.service
-
-    systemctl restart nginx
-
-    set_completion_param "wekan domain" "$WEKAN_DOMAIN_NAME"
-
-    APP_INSTALLED=1
-}
-
-# NOTE: deliberately there is no "exit 0"

From 8112c240aecbfbbf1e7bb87e0eb0bd2a40fab08f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:17:02 +0000
Subject: [PATCH 21/67] Tidying

---
 src/freedombone-app-xmpp             |  656 ++++++-------
 src/freedombone-app-zeronet          |  309 +++---
 src/freedombone-archive-mail         |   16 +-
 src/freedombone-backup-local         |  121 +--
 src/freedombone-backup-remote        |  184 ++--
 src/freedombone-base-email           | 1174 +++++++++++------------
 src/freedombone-base-tripwire        |   54 +-
 src/freedombone-client               |  103 +-
 src/freedombone-clientcert           |  102 +-
 src/freedombone-config               |  303 +++---
 src/freedombone-controlpanel         |  845 ++++++++--------
 src/freedombone-controlpanel-user    |  427 ++++-----
 src/freedombone-dhparam              |   27 +-
 src/freedombone-encrypt-mail         |   16 +-
 src/freedombone-format               |   13 +-
 src/freedombone-freedns              |   15 +-
 src/freedombone-ignore               |   40 +-
 src/freedombone-image                |  149 +--
 src/freedombone-image-customise      | 1328 +++++++++++++-------------
 src/freedombone-image-hardware-setup |   44 +-
 src/freedombone-image-make           |  104 +-
 src/freedombone-image-mesh           | 1269 ++++++++++++------------
 src/freedombone-image-vmdebootstrap  |    4 +-
 src/freedombone-keydrive             |   78 +-
 src/freedombone-logging              |   32 +-
 src/freedombone-mesh-batman          |  147 +--
 src/freedombone-mesh-blog            |   95 +-
 src/freedombone-mesh-connect         |    9 +-
 src/freedombone-mesh-install         |  206 ++--
 src/freedombone-mesh-invite          |    4 +-
 src/freedombone-mesh-reset           |    6 +-
 src/freedombone-mesh-routing         |   70 +-
 src/freedombone-mesh-visit-site      |   13 +-
 src/freedombone-pass                 |   87 +-
 src/freedombone-pin-cert             |   36 +-
 src/freedombone-powerline            |   16 +-
 src/freedombone-recoverkey           |   57 +-
 src/freedombone-remote               |   64 +-
 src/freedombone-renew-cert           |    7 +-
 src/freedombone-repair-database      |   30 +-
 src/freedombone-restore-local        |  275 +++---
 src/freedombone-restore-remote       |  292 +++---
 src/freedombone-rmemail              |    6 +-
 src/freedombone-rmlist               |   12 +-
 src/freedombone-rmuser               |   50 +-
 src/freedombone-sec                  |  433 +++++----
 src/freedombone-splitkey             |   88 +-
 src/freedombone-syncthing            |  186 ++--
 src/freedombone-template             |  109 ++-
 src/freedombone-tests                |   43 +-
 src/freedombone-unignore             |   14 +-
 src/freedombone-upgrade              |   19 +-
 src/freedombone-usb-canary           |   10 +-
 src/meshavahi                        |   37 +-
 54 files changed, 4920 insertions(+), 4914 deletions(-)

diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index f6616426..d34ad4e6 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -109,21 +109,23 @@ function xmpp_add_onion_address {
 }
 
 function xmpp_add_onion_address_interactive {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Add an ICANN to Onion domain mapping" \
-           --form $"Sepecify an ICANN domain name and its equivalent onion address\n" 9 50 2 \
+           --form $"Sepecify an ICANN domain name and its equivalent onion address\\n" 9 50 2 \
            $"Domain:" 1 1 "" 1 18 26 25 \
            $"Onion address:" 2 1 "" 2 18 26 25 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    domain_name=$(cat $data | sed -n 1p)
-    onion_address=$(cat $data | sed -n 2p)
+    domain_name=$(sed -n 1p < "$data")
+    onion_address=$(sed -n 2p < "$data")
+    rm -f "$data"
     if [[ "$onion_address" != *".onion" ]]; then
         return
     fi
@@ -158,15 +160,15 @@ function xmpp_remove_onion_address {
 }
 
 function xmpp_remove_onion_address_interactive {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove ICANN to Onion domain mapping" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Enter the domain name or onion address to be removed' 8 60 2>$data
+           --inputbox $'Enter the domain name or onion address to be removed' 8 60 2>"$data"
     sel=$?
     case $sel in
-        0) domain_name=$(<$data)
+        0) domain_name=$(<"$data")
            if [[ "$domain_name" != *"."* ]]; then
+               rm -f "$data"
                return
            fi
            xmpp_remove_onion_address "$domain_name"
@@ -174,37 +176,41 @@ function xmpp_remove_onion_address_interactive {
                   --msgbox $"${domain_name} removed" 6 70
            ;;
     esac
+    rm -f "$data"
 }
 
 function configure_interactive_xmpp {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"XMPP" \
                --radiolist $"Choose an operation:" 12 70 3 \
                1 $"Add an ICANN to onion domain mapping" off \
                2 $"Remove an ICANN to onion domain mapping" off \
-               3 $"Return to administrator control panel" on 2> $data
+               3 $"Return to administrator control panel" on 2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) xmpp_add_onion_address_interactive;;
             2) xmpp_remove_onion_address_interactive;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
         esac
+        rm -f "$data"
     done
 }
 
 function remove_user_xmpp {
     remove_username="$1"
 
-    ${PROJECT_NAME}-pass -u "$remove_username" --rmapp xmpp
-    if [[ $ONION_ONLY != "no" ]]; then
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp xmpp
+    if [[ "$ONION_ONLY" != "no" ]]; then
         DOMAIN=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
     else
         DOMAIN=${HOSTNAME}
@@ -219,51 +225,51 @@ function add_user_xmpp_client {
     if [ -f /usr/local/bin/profanity ]; then
         XMPP_CLIENT_DIR=/home/$new_username/.local/share/profanity
         XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-        if [ ! -d $XMPP_CLIENT_DIR ]; then
-            mkdir -p $XMPP_CLIENT_DIR
+        if [ ! -d "$XMPP_CLIENT_DIR" ]; then
+            mkdir -p "$XMPP_CLIENT_DIR"
         fi
-        if [ ! -d /home/$new_username/.config/profanity ]; then
-            mkdir -p /home/$new_username/.config/profanity
+        if [ ! -d "/home/$new_username/.config/profanity" ]; then
+            mkdir -p "/home/$new_username/.config/profanity"
         fi
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$new_username" "$new_username@$HOSTNAME")
-        echo "[${new_username}@${HOSTNAME}]" > $XMPP_CLIENT_ACCOUNTS
-        echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-        echo "jid=${new_username}@${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
-        echo "pgp.keyid=$GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.service=conference.${HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.nick=${new_username}" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+        { echo "[${new_username}@${HOSTNAME}]";
+          echo 'enabled=true';
+          echo "jid=${new_username}@${HOSTNAME}";
+          echo "server=$XMPP_ONION_HOSTNAME";
+          echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
+          echo 'resource=profanity';
+          echo "muc.service=conference.${HOSTNAME}";
+          echo "muc.nick=${new_username}";
+          echo 'presence.last=online';
+          echo 'presence.login=online';
+          echo 'priority.online=0';
+          echo 'priority.chat=0';
+          echo 'priority.away=0';
+          echo 'priority.xa=0';
+          echo 'priority.dnd=0'; } > "$XMPP_CLIENT_ACCOUNTS"
 
-        echo '[connection]' > /home/$new_username/.config/profanity/profrc
+        echo '[connection]' > "/home/$new_username/.config/profanity/profrc"
         if [[ $ONION_ONLY != "no" ]]; then
-            echo "account=${new_username}@${XMPP_ONION_HOSTNAME}" >> /home/$new_username/.config/profanity/profrc
+            echo "account=${new_username}@${XMPP_ONION_HOSTNAME}" >> "/home/$new_username/.config/profanity/profrc"
         else
-            echo "account=${new_username}@${HOSTNAME}" >> /home/$new_username/.config/profanity/profrc
+            echo "account=${new_username}@${HOSTNAME}" >> "/home/$new_username/.config/profanity/profrc"
         fi
-        echo '' >> /home/$new_username/.config/profanity/profrc
-        echo '[plugins]' >> /home/$new_username/.config/profanity/profrc
-        echo 'load=prof_omemo_plugin.py;' >> /home/$new_username/.config/profanity/profrc
-        echo '' >> /home/$new_username/.config/profanity/profrc
-        echo '[otr]' >> /home/$new_username/.config/profanity/profrc
-        echo 'policy=opportunistic' >> /home/$new_username/.config/profanity/profrc
-        echo 'log=off' >> /home/$new_username/.config/profanity/profrc
-        echo '' >> /home/$new_username/.config/profanity/profrc
-        echo '[pgp]' >> /home/$new_username/.config/profanity/profrc
-        echo 'log=off' >> /home/$new_username/.config/profanity/profrc
-        echo '' >> /home/$new_username/.config/profanity/profrc
-        echo '[ui]' >> /home/$new_username/.config/profanity/profrc
-        echo 'enc.warn=true' >> /home/$new_username/.config/profanity/profrc
+        { echo '';
+          echo '[plugins]';
+          echo 'load=prof_omemo_plugin.py;';
+          echo '';
+          echo '[otr]';
+          echo 'policy=opportunistic';
+          echo 'log=off';
+          echo '';
+          echo '[pgp]';
+          echo 'log=off';
+          echo '';
+          echo '[ui]';
+          echo 'enc.warn=true'; } >> "/home/$new_username/.config/profanity/profrc"
 
-        chown -R $new_username:$new_username /home/$new_username/.local
-        chown -R $new_username:$new_username /home/$new_username/.config
+        chown -R "$new_username":"$new_username" "/home/$new_username/.local"
+        chown -R "$new_username":"$new_username" "/home/$new_username/.config"
     fi
 }
 
@@ -272,9 +278,9 @@ function add_user_xmpp {
     new_user_password="$2"
 
     XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
-    ${PROJECT_NAME}-pass -u "$new_username" -a xmpp -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a xmpp -p "$new_user_password"
 
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         DOMAIN_NAME=$XMPP_ONION_HOSTNAME
     else
         DOMAIN_NAME=$HOSTNAME
@@ -282,20 +288,19 @@ function add_user_xmpp {
     EMAIL_ADDRESS="$new_username@$DOMAIN_NAME"
 
     if [ ${#new_user_password} -eq 0 ]; then
-        prosodyctl adduser $EMAIL_ADDRESS
+        prosodyctl adduser "$EMAIL_ADDRESS"
     else
-        prosodyctl register "$new_username" $DOMAIN_NAME "$new_user_password"
-        if [ ! "$?" = "0" ]; then
+        if ! prosodyctl register "$new_username" "$DOMAIN_NAME" "$new_user_password"; then
             exit 653456375
         fi
     fi
 
     # add the xmpp address to email headers
-    if [ -f /home/$new_username/.muttrc ]; then
-        if ! grep -q "Jabber-ID" /home/$new_username/.muttrc; then
-            echo "my_hdr Jabber-ID: $EMAIL_ADDRESS" >> /home/$new_username/.muttrc
+    if [ -f "/home/$new_username/.muttrc" ]; then
+        if ! grep -q "Jabber-ID" "/home/$new_username/.muttrc"; then
+            echo "my_hdr Jabber-ID: $EMAIL_ADDRESS" >> "/home/$new_username/.muttrc"
         else
-            sed -i "s|my_hdr Jabber-ID.*|my_hdr Jabber-ID: $EMAIL_ADDRESS|g" /home/$new_username/.muttrc
+            sed -i "s|my_hdr Jabber-ID.*|my_hdr Jabber-ID: $EMAIL_ADDRESS|g" "/home/$new_username/.muttrc"
         fi
     fi
 
@@ -314,20 +319,20 @@ function change_password_xmpp {
 
     read_config_param DEFAULT_DOMAIN_NAME
 
-    ${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a xmpp -p "$new_user_password"
 
     # TODO: this is currently interactive. Really there needs to be a
     # non-interactive password change option for prosodyctl
     clear
     echo ''
     echo $'Currently Prosody requires password changes to be done interactively'
-    prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME}
+    prosodyctl passwd "${curr_username}@${DEFAULT_DOMAIN_NAME}"
 
     if [ -f /usr/local/bin/profanity ]; then
         XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
         XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-        if [ -f $XMPP_CLIENT_ACCOUNTS ]; then
-            sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS
+        if [ -f "$XMPP_CLIENT_ACCOUNTS" ]; then
+            sed -i "s|password=.*|password=$new_user_password|g" "$XMPP_CLIENT_ACCOUNTS"
         fi
     fi
 }
@@ -337,7 +342,7 @@ function reconfigure_xmpp {
 }
 
 function update_prosody_modules {
-    if [ ! $1 ]; then
+    if [ ! "$1" ]; then
         if [ ! -d /var/lib/prosody/prosody-modules ]; then
             return
         fi
@@ -346,37 +351,37 @@ function update_prosody_modules {
         return
     fi
 
-    if [ ! -f $INSTALL_DIR/$prosody_modules_filename ]; then
+    if [ ! -f "$INSTALL_DIR/$prosody_modules_filename" ]; then
         # Obtain the modules
         if [ -f ~/freedombone/image_build/$prosody_modules_filename ]; then
-            cp ~/freedombone/image_build/$prosody_modules_filename $INSTALL_DIR
+            cp ~/freedombone/image_build/$prosody_modules_filename "$INSTALL_DIR"
         else
-            if [ -f /home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename ]; then
-                cp /home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename $INSTALL_DIR
+            if [ -f "/home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename" ]; then
+                cp "/home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename" "$INSTALL_DIR"
             fi
         fi
 
-        if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
-            cd $INSTALL_DIR
+        if [ -f "$INSTALL_DIR/$prosody_modules_filename" ]; then
+            cd "$INSTALL_DIR" || exit 246824684
 
             # Check the hash
-            curr_hash=$(sha256sum $INSTALL_DIR/$prosody_modules_filename | awk -F ' ' '{print $1}')
+            curr_hash=$(sha256sum "$INSTALL_DIR/$prosody_modules_filename" | awk -F ' ' '{print $1}')
             if [[ "$curr_hash" != "$prosody_modules_hash" ]]; then
                 echo $'Prosody modules hash does not match'
                 exit 83562
             else
                 # Extract the modules
-                if [ -d $INSTALL_DIR/prosody-modules ]; then
-                    rm -rf $INSTALL_DIR/prosody-modules
+                if [ -d "$INSTALL_DIR/prosody-modules" ]; then
+                    rm -rf "$INSTALL_DIR/prosody-modules"
                 fi
                 tar -xzvf $prosody_modules_filename
-                if [ -d $INSTALL_DIR/prosody-modules ]; then
+                if [ -d "$INSTALL_DIR/prosody-modules" ]; then
                     systemctl stop prosody
                     if [ ! -d /var/lib/prosody/prosody-modules ]; then
                         mkdir -p /var/lib/prosody/prosody-modules
                     fi
-                    cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
-                    cp -r $INSTALL_DIR/prosody-modules/* /usr/lib/prosody/modules/
+                    cp -r "$INSTALL_DIR/prosody-modules/*" /var/lib/prosody/prosody-modules/
+                    cp -r "$INSTALL_DIR/prosody-modules/*" /usr/lib/prosody/modules/
                     chown -R prosody:prosody /var/lib/prosody/prosody-modules
                     chown -R prosody:prosody /usr/lib/prosody/modules
                     systemctl start prosody
@@ -435,60 +440,60 @@ function upgrade_xmpp {
     fi
 
     if grep -q "/etc/ssl/private/xmpp.key" /etc/prosody/prosody.cfg.lua; then
-        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem ]; then
+        if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem" ]; then
             sed -i "s|/etc/ssl/private/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/prosody.cfg.lua
         fi
     fi
 
     if grep -q "/etc/ssl/certs/xmpp.crt" /etc/prosody/prosody.cfg.lua; then
-        if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+        if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
             sed -i "s|/etc/ssl/certs/xmpp.crt|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/prosody/prosody.cfg.lua
         fi
     fi
 
-    curr_prosody_filename=$(cat $COMPLETION_FILE | grep "prosody_filename" | awk -F ':' '{print $2}')
+    curr_prosody_filename=$(grep "prosody_filename" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
     if [[ "$curr_prosody_filename" != "$prosody_filename" ]]; then
-        if [ -d ${INSTALL_DIR}/${prosody_filename} ]; then
+        if [ -d "${INSTALL_DIR}/${prosody_filename}" ]; then
             # ensure that the binaries have not been overwritten
             # by an operating system upgrade
-            cd ${INSTALL_DIR}/${prosody_filename}
+            cd "${INSTALL_DIR}/${prosody_filename}" || exit 462846284
             make prefix=/usr install
         else
-            cd $INSTALL_DIR
+            cd "$INSTALL_DIR" || exit 23681468
             # Try to get the source from the project repo
-            if [ -f /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
-                cp /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
+            if [ -f "/root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" ]; then
+                cp "/root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" .
             else
-                if [ -f /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
-                    cp /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
+                if [ -f "/home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" ]; then
+                    cp "/home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" .
                 else
                     wget $prosody_nightly_url
                 fi
             fi
-            if [ ! -f ${INSTALL_DIR}/${prosody_filename}.tar.gz ]; then
+            if [ ! -f "${INSTALL_DIR}/${prosody_filename}.tar.gz" ]; then
                 echo $"Failed to download prosody nightly $prosody_nightly_url"
                 return
             fi
 
-            hash_value=$(sha256sum ${INSTALL_DIR}/${prosody_filename}.tar.gz | awk -F ' ' '{print $1}')
+            hash_value=$(sha256sum "${INSTALL_DIR}/${prosody_filename}.tar.gz" | awk -F ' ' '{print $1}')
             if [[ "$hash_value" != "$prosody_nightly_hash" ]]; then
-                rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
+                rm "${INSTALL_DIR}/${prosody_filename}.tar.gz"
                 echo $'Unexpected hash value for prosody nightly download'
                 return
             fi
 
-            tar -xzvf ${INSTALL_DIR}/${prosody_filename}.tar.gz
-            cd ${INSTALL_DIR}/${prosody_filename}
+            tar -xzvf "${INSTALL_DIR}/${prosody_filename}.tar.gz"
+            cd "${INSTALL_DIR}/${prosody_filename}" || exit 246872468246
             ./configure --ostype=debian --prefix=/usr
             make prefix=/usr
             make prefix=/usr install
             if [ -f /usr/local/bin/prosody ]; then
                 echo $'Failed to build prosody nightly to /usr/bin'
-                rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
-                rm -rf ${INSTALL_DIR}/${prosody_filename}
+                rm "${INSTALL_DIR}/${prosody_filename}.tar.gz"
+                rm -rf "${INSTALL_DIR:?}/${prosody_filename}"
                 return
             fi
-            rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
+            rm "${INSTALL_DIR:?}/${prosody_filename}.tar.gz"
         fi
 
         # add onion addresses for known servers
@@ -500,7 +505,7 @@ function upgrade_xmpp {
         set_completion_param "prosody_filename" "${prosody_filename}"
     fi
 
-    cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
+    cp -r "$INSTALL_DIR/prosody-modules/*" /var/lib/prosody/prosody-modules/
     chown -R prosody:prosody /var/lib/prosody/prosody-modules
 
     systemctl restart prosody
@@ -526,6 +531,7 @@ function restore_local_xmpp {
         else
             cp -r $temp_restore_dir/* /var/lib/prosody/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             function_check set_user_permissions
             set_user_permissions
@@ -559,6 +565,7 @@ function restore_remote_xmpp {
         else
             cp -r $temp_restore_dir/* /var/lib/prosody/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 725
         fi
@@ -606,11 +613,11 @@ function remove_xmpp {
 
     apt-get -yq remove --purge prosody
     rm /etc/cron.daily/prosody
-    if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
-        rm $INSTALL_DIR/$prosody_modules_filename
+    if [ -f "$INSTALL_DIR/$prosody_modules_filename" ]; then
+        rm "$INSTALL_DIR/$prosody_modules_filename"
     fi
-    if [ -d $INSTALL_DIR/prosody-modules ]; then
-        rm -rf $INSTALL_DIR/prosody-modules
+    if [ -d "$INSTALL_DIR/prosody-modules" ]; then
+        rm -rf "$INSTALL_DIR/prosody-modules"
     fi
     if [ -d /etc/prosody ]; then
         rm -rf /etc/prosody
@@ -630,8 +637,8 @@ function remove_xmpp {
     groupdel prosody
 
     remove_completion_param install_xmpp
-    sed -i '/xmpp/d' $COMPLETION_FILE
-    sed -i '/prosody/d' $COMPLETION_FILE
+    sed -i '/xmpp/d' "$COMPLETION_FILE"
+    sed -i '/prosody/d' "$COMPLETION_FILE"
 
     rm /etc/avahi/services/xmpp.service
     rm /etc/avahi/services/xmpp-server.service
@@ -642,9 +649,9 @@ function xmpp_email_headers {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/.muttrc ]; then
-                if ! grep -q "Jabber-ID" /home/$USERNAME/.muttrc; then
-                    echo "my_hdr Jabber-ID: ${USERNAME}@${HOSTNAME}" >> /home/$USERNAME/.muttrc
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
+                if ! grep -q "Jabber-ID" "/home/$USERNAME/.muttrc"; then
+                    echo "my_hdr Jabber-ID: ${USERNAME}@${HOSTNAME}" >> "/home/$USERNAME/.muttrc"
                 fi
             fi
         fi
@@ -652,90 +659,92 @@ function xmpp_email_headers {
 }
 
 function xmpp_modules {
-    filename=$1
-    echo 'modules_enabled = {' >> $filename
-    echo '  "pubsub";' >> $filename
-    echo '  "pubsub_hub";' >> $filename
-    echo '  "dialback"; -- s2s dialback support' >> $filename
-    echo '  "disco"; -- Service discovery' >> $filename
-    echo '  "private"; -- Private XML storage (for room bookmarks, etc.)' >> $filename
-    echo '  "version"; -- Replies to server version requests' >> $filename
-    echo '  "uptime"; -- Report how long server has been running' >> $filename
-    echo '  "time"; -- Let others know the time here on this server' >> $filename
-    echo '  "ping"; -- Replies to XMPP pings with pongs' >> $filename
-    echo '  "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands' >> $filename
-    echo '  "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.' >> $filename
-    echo '  "bosh"; -- Enable mod_bosh' >> $filename
-    echo '  "tls"; -- Enable mod_tls' >> $filename
-    echo '  "saslauth"; -- Enable mod_saslauth' >> $filename
-    echo '  "onions"; -- Enable chat via onion service' >> $filename
-    echo '  "mam"; -- Message archive management' >> $filename
-    echo '  "csi"; -- Client state indication' >> $filename
-    echo '  "carbons"; -- Message carbons' >> $filename
-    echo '  "carbons_adhoc"; -- Message carbons' >> $filename
-    echo '  "carbons_copies"; -- Message carbons' >> $filename
-    echo '  "smacks"; -- Stream management' >> $filename
-    echo '  "smacks_offline"; -- Stream management' >> $filename
-    echo '  "pep"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
-    echo '  "omemo_all_access"; -- Fix for PEP with OMEMO' >> $filename
-    echo '  "vcard"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
-    echo '  "e2e_policy"; -- To support OMEMO' >> $filename
-    echo '  "pep_vcard_avatar"; -- Personal Eventing Protocol (to support OMEMO)' >> $filename
-    echo '  "blocklist"; -- Privacy lists' >> $filename
-    echo '  "privacy_lists"; -- Privacy lists' >> $filename
-    echo '  "blocking"; -- Blocking command' >> $filename
-    echo '  "roster"; -- Roster versioning' >> $filename
-    echo '  "offline_email"; -- If offline send to email' >> $filename
-    echo '  "offline"; -- Store offline messages' >> $filename
-    echo '  "http";' >> $filename
-    echo '  "http_upload";' >> $filename
-    echo '  "websocket";' >> $filename
-    echo '  "throttle_presence"; -- Reduce battery and bandwidth usage' >> $filename
-    echo '  "filter_chatstates"; -- Reduce battery and bandwidth usage' >> $filename
-    echo '};' >> $filename
+    filename="$1"
+
+    { echo 'modules_enabled = {';
+      echo '  "pubsub";';
+      echo '  "pubsub_hub";';
+      echo '  "dialback"; -- s2s dialback support';
+      echo '  "disco"; -- Service discovery';
+      echo '  "private"; -- Private XML storage (for room bookmarks, etc.)';
+      echo '  "version"; -- Replies to server version requests';
+      echo '  "uptime"; -- Report how long server has been running';
+      echo '  "time"; -- Let others know the time here on this server';
+      echo '  "ping"; -- Replies to XMPP pings with pongs';
+      echo '  "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands';
+      echo '  "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.';
+      echo '  "bosh"; -- Enable mod_bosh';
+      echo '  "tls"; -- Enable mod_tls';
+      echo '  "saslauth"; -- Enable mod_saslauth';
+      echo '  "onions"; -- Enable chat via onion service';
+      echo '  "mam"; -- Message archive management';
+      echo '  "csi"; -- Client state indication';
+      echo '  "carbons"; -- Message carbons';
+      echo '  "carbons_adhoc"; -- Message carbons';
+      echo '  "carbons_copies"; -- Message carbons';
+      echo '  "smacks"; -- Stream management';
+      echo '  "smacks_offline"; -- Stream management';
+      echo '  "pep"; -- Personal Eventing Protocol (to support OMEMO)';
+      echo '  "omemo_all_access"; -- Fix for PEP with OMEMO';
+      echo '  "vcard"; -- Personal Eventing Protocol (to support OMEMO)';
+      echo '  "e2e_policy"; -- To support OMEMO';
+      echo '  "pep_vcard_avatar"; -- Personal Eventing Protocol (to support OMEMO)';
+      echo '  "blocklist"; -- Privacy lists';
+      echo '  "privacy_lists"; -- Privacy lists';
+      echo '  "blocking"; -- Blocking command';
+      echo '  "roster"; -- Roster versioning';
+      echo '  "offline_email"; -- If offline send to email';
+      echo '  "offline"; -- Store offline messages';
+      echo '  "http";';
+      echo '  "http_upload";';
+      echo '  "websocket";';
+      echo '  "throttle_presence"; -- Reduce battery and bandwidth usage';
+      echo '  "filter_chatstates"; -- Reduce battery and bandwidth usage';
+      echo '};'; } >> "$filename"
 }
 
 function xmpp_onion_addresses {
-    filename=$1
-    echo 'onions_map = {' >> $filename
-    echo '  ["anonymitaet-im-inter.net"] = "rwf5skuv5vqzcdit.onion";' >> $filename
-    echo '  ["autistici.org"] = "wi7qkxyrdpu5cmvr.onion";' >> $filename
-    echo '  ["jabber.calyxinstitute.org"] = "ijeeynrc6x2uy5ob.onion";' >> $filename
-    echo '  ["jabber.ccc.de"] = "okj7xc6j2szr2y75.onion";' >> $filename
-    echo '  ["cloak.dk"] = "m2dsl4banuimpm6c.onion";' >> $filename
-    echo '  ["jabber.cryptoparty.is"] = "cryjabkbdljzohnp.onion";' >> $filename
-    echo '  ["daemons.cf"] = "daemon4jidu2oig6.onion";' >> $filename
-    echo '  ["dukgo.com"] = "wlcpmruglhxp6quz.onion";' >> $filename
-    echo '  ["evil.im"] = "evilxro6nvjuvxqo.onion";' >> $filename
-    echo '  ["xmpp.evil.im"] = "evilxro6nvjuvxqo.onion";' >> $filename
-    echo '  ["inventati.org"] = "wi7qkxyrdpu5cmvr.onion";' >> $filename
-    echo '  ["jabber.ipredator.se"] = "3iffdebkzzkpgipa.onion";' >> $filename
-    echo '  ["jabber-germany.de"] = "dbbrphko5tqcpar3.onion";' >> $filename
-    echo '  ["kode.im"] = "ihkw7qy3tok45dun.onion";' >> $filename
-    echo '  ["im.koderoot.net"] = "ihkw7qy3tok45dun.onion";' >> $filename
-    echo '  ["adb-centralen.se"] = "qai7jjjnhbrdiexf.onion";' >> $filename
-    echo '  ["joelpurra.se"] = "37x6i3wgr2jyublb.onion";' >> $filename
-    echo '  ["nordberg.se"] = "qai7jjjnhbrdiexf.onion";' >> $filename
-    echo '  ["jabber.lqdn.fr"] = "jabber63t4r2qi57.onion";' >> $filename
-    echo '  ["jabber.otr.im"] = "5rgdtlawqkcplz75.onion";' >> $filename
-    echo '  ["otromundo.cf"] = "arauemwe2utqqzye.onion";' >> $filename
-    echo '  ["patchcord.be"] = "xsydhi3dnbjuatpz.onion";' >> $filename
-    echo '  ["riseup.net"] = "4cjw6cwpeaeppfqz.onion";' >> $filename
-    echo '  ["xmpp.riseup.net"] = "4cjw6cwpeaeppfqz.onion";' >> $filename
-    echo '  ["rows.io"] = "yz6yiv2hxyagvwy6.onion";' >> $filename
-    echo '  ["xmpp.rows.io"] = "yz6yiv2hxyagvwy6.onion";' >> $filename
-    echo '  ["securejabber.me"] = "giyvshdnojeivkom.onion";' >> $filename
-    echo '  ["so36.net"] = "s4fgy24e2b5weqdb.onion";' >> $filename
-    echo '  ["jabber.so36.net"] = "s4fgy24e2b5weqdb.onion";' >> $filename
-    echo '  ["jabber.systemli.org"] = "x5tno6mwkncu5m3h.onion";' >> $filename
-    echo '  ["taolo.ga"] = "l3ybpw4vs6ie5rv2.onion";' >> $filename
-    echo '  ["tchncs.de"] = "duvfmyqmdlyvc3mi.onion";' >> $filename
-    echo '  ["wtfismyip.com"] = "ofkztxcohimx34la.onion";' >> $filename
-    echo '  ["prosody.xmpp.is"] = "y2qmqomqpszzryei.onion";' >> $filename
-    echo '  ["xndr.de"] = "trcubpttd6zkc3tf.onion";' >> $filename
-    echo '  ["jabber.cat"] = "sybzodlxacch7st7.onion";' >> $filename
-    echo '  ["trashserver.net"] = "m4c722bvc2r7brnn.onion";' >> $filename
-    echo '};' >> $filename
+    filename="$1"
+
+    { echo 'onions_map = {';
+      echo '  ["anonymitaet-im-inter.net"] = "rwf5skuv5vqzcdit.onion";';
+      echo '  ["autistici.org"] = "wi7qkxyrdpu5cmvr.onion";';
+      echo '  ["jabber.calyxinstitute.org"] = "ijeeynrc6x2uy5ob.onion";';
+      echo '  ["jabber.ccc.de"] = "okj7xc6j2szr2y75.onion";';
+      echo '  ["cloak.dk"] = "m2dsl4banuimpm6c.onion";';
+      echo '  ["jabber.cryptoparty.is"] = "cryjabkbdljzohnp.onion";';
+      echo '  ["daemons.cf"] = "daemon4jidu2oig6.onion";';
+      echo '  ["dukgo.com"] = "wlcpmruglhxp6quz.onion";';
+      echo '  ["evil.im"] = "evilxro6nvjuvxqo.onion";';
+      echo '  ["xmpp.evil.im"] = "evilxro6nvjuvxqo.onion";';
+      echo '  ["inventati.org"] = "wi7qkxyrdpu5cmvr.onion";';
+      echo '  ["jabber.ipredator.se"] = "3iffdebkzzkpgipa.onion";';
+      echo '  ["jabber-germany.de"] = "dbbrphko5tqcpar3.onion";';
+      echo '  ["kode.im"] = "ihkw7qy3tok45dun.onion";';
+      echo '  ["im.koderoot.net"] = "ihkw7qy3tok45dun.onion";';
+      echo '  ["adb-centralen.se"] = "qai7jjjnhbrdiexf.onion";';
+      echo '  ["joelpurra.se"] = "37x6i3wgr2jyublb.onion";';
+      echo '  ["nordberg.se"] = "qai7jjjnhbrdiexf.onion";';
+      echo '  ["jabber.lqdn.fr"] = "jabber63t4r2qi57.onion";';
+      echo '  ["jabber.otr.im"] = "5rgdtlawqkcplz75.onion";';
+      echo '  ["otromundo.cf"] = "arauemwe2utqqzye.onion";';
+      echo '  ["patchcord.be"] = "xsydhi3dnbjuatpz.onion";';
+      echo '  ["riseup.net"] = "4cjw6cwpeaeppfqz.onion";';
+      echo '  ["xmpp.riseup.net"] = "4cjw6cwpeaeppfqz.onion";';
+      echo '  ["rows.io"] = "yz6yiv2hxyagvwy6.onion";';
+      echo '  ["xmpp.rows.io"] = "yz6yiv2hxyagvwy6.onion";';
+      echo '  ["securejabber.me"] = "giyvshdnojeivkom.onion";';
+      echo '  ["so36.net"] = "s4fgy24e2b5weqdb.onion";';
+      echo '  ["jabber.so36.net"] = "s4fgy24e2b5weqdb.onion";';
+      echo '  ["jabber.systemli.org"] = "x5tno6mwkncu5m3h.onion";';
+      echo '  ["taolo.ga"] = "l3ybpw4vs6ie5rv2.onion";';
+      echo '  ["tchncs.de"] = "duvfmyqmdlyvc3mi.onion";';
+      echo '  ["wtfismyip.com"] = "ofkztxcohimx34la.onion";';
+      echo '  ["prosody.xmpp.is"] = "y2qmqomqpszzryei.onion";';
+      echo '  ["xndr.de"] = "trcubpttd6zkc3tf.onion";';
+      echo '  ["jabber.cat"] = "sybzodlxacch7st7.onion";';
+      echo '  ["trashserver.net"] = "m4c722bvc2r7brnn.onion";';
+      echo '};'; } >> "$filename"
 }
 
 function xmpp_create_config {
@@ -745,17 +754,17 @@ function xmpp_create_config {
     xmpp_modules /etc/prosody/prosody.cfg.lua
     echo '' >> /etc/prosody/prosody.cfg.lua
     xmpp_onion_addresses /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'allow_registration = false;' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'daemonize = true;' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'pidfile = "/var/run/prosody/prosody.pid";' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'https_ports = { 5281 }' >> /etc/prosody/prosody.cfg.lua
-    echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
-    echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    { echo '';
+      echo 'allow_registration = false;';
+      echo '';
+      echo 'daemonize = true;';
+      echo '';
+      echo 'pidfile = "/var/run/prosody/prosody.pid";';
+      echo '';
+      echo 'https_ports = { 5281 }';
+      echo 'https_interfaces = { "*" }';
+      echo 'https_ssl = {'; } >> /etc/prosody/prosody.cfg.lua
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
         echo "    key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
     else
@@ -765,160 +774,160 @@ function xmpp_create_config {
     echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
     echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
     echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     else
         echo "    dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     fi
-    echo "}" >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    { echo "}";
+      echo '';
+      echo 'ssl = {'; } >> /etc/prosody/prosody.cfg.lua
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
         echo "    key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
     else
         echo "    certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
         echo "    key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
     fi
-    echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
-    echo '    depth = "2";' >> /etc/prosody/prosody.cfg.lua
-    echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
-    echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    { echo "    curve = $XMPP_ECC_CURVE;";
+      echo '    depth = "2";';
+      echo "    ciphers = $XMPP_CIPHERS;";
+      echo '    options = {"no_sslv2", "no_sslv3" };'; } >> /etc/prosody/prosody.cfg.lua
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     else
         echo "    dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     fi
-    echo '}' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
-    echo 's2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 's2s_secure_auth = false' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'authentication = "internal_hashed"' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'storage = "sql"' >> /etc/prosody/prosody.cfg.lua
-    echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'log = {' >> /etc/prosody/prosody.cfg.lua
-    echo '    info = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
-    echo '    error = "/dev/null";' >> /etc/prosody/prosody.cfg.lua
-    echo '    { levels = { "error" }; to = "/dev/null";  };' >> /etc/prosody/prosody.cfg.lua
-    echo '}' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    if [[ $ONION_ONLY != 'no' ]]; then
+    { echo '}';
+      echo '';
+      echo 'c2s_require_encryption = true';
+      echo 's2s_require_encryption = true';
+      echo '';
+      echo 's2s_secure_auth = false';
+      echo '';
+      echo 'authentication = "internal_hashed"';
+      echo '';
+      echo 'storage = "sql"';
+      echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }';
+      echo '';
+      echo 'log = {';
+      echo '    info = "/dev/null";';
+      echo '    error = "/dev/null";';
+      echo '    { levels = { "error" }; to = "/dev/null";  };';
+      echo '}';
+      echo ''; } >> /etc/prosody/prosody.cfg.lua
+    if [[ "$ONION_ONLY" != 'no' ]]; then
         echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/prosody.cfg.lua
     else
         echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
     fi
     echo '    ssl = {' >> /etc/prosody/prosody.cfg.lua
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         echo "        certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
         echo "        key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
     else
         echo "        certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
         echo "        key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
     fi
-    echo "        curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
-    echo '        depth = "2";' >> /etc/prosody/prosody.cfg.lua
-    echo "        ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
-    echo '        options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    { echo "        curve = $XMPP_ECC_CURVE;";
+      echo '        depth = "2";';
+      echo "        ciphers = $XMPP_CIPHERS;";
+      echo '        options = {"no_sslv2", "no_sslv3" };'; } >> /etc/prosody/prosody.cfg.lua
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         echo "        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     else
         echo "        dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     fi
-    echo '    }' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
-    echo 'http_upload_path = "/var/lib/prosody/http_uploads"' >> /etc/prosody/prosody.cfg.lua
-    echo 'http_upload_file_size_limit = 307200' >> /etc/prosody/prosody.cfg.lua
-    echo '' >> /etc/prosody/prosody.cfg.lua
-    echo "Component \"chat.${DEFAULT_DOMAIN_NAME}\" \"muc\"" >> /etc/prosody/prosody.cfg.lua
-    echo '    name = "Chatrooms"' >> /etc/prosody/prosody.cfg.lua
-    echo '    modules_enabled = {' >> /etc/prosody/prosody.cfg.lua
-    echo '        "muc_limits";' >> /etc/prosody/prosody.cfg.lua
-    echo '        "muc_log";' >> /etc/prosody/prosody.cfg.lua
-    echo '        "mam_muc";' >> /etc/prosody/prosody.cfg.lua
-    echo '        "muc_log_http";' >> /etc/prosody/prosody.cfg.lua
-    echo '    }' >> /etc/prosody/prosody.cfg.lua
-    echo 'storage = { muc_log = "sql"; }' >> /etc/prosody/prosody.cfg.lua
-    echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }' >> /etc/prosody/prosody.cfg.lua
-    echo 'muc_event_rate = 0.5;' >> /etc/prosody/prosody.cfg.lua
-    echo 'muc_burst_factor = 10;' >> /etc/prosody/prosody.cfg.lua
-    echo 'muc_log_by_default = false;' >> /etc/prosody/prosody.cfg.lua
-    echo 'muc_log_all_rooms = false;' >> /etc/prosody/prosody.cfg.lua
-    echo 'max_archive_query_results = 10;' >> /etc/prosody/prosody.cfg.lua
-    echo 'max_history_messages = 10;' >> /etc/prosody/prosody.cfg.lua
+    { echo '    }';
+      echo '';
+      echo 'Include "conf.d/*.cfg.lua"';
+      echo 'http_upload_path = "/var/lib/prosody/http_uploads"';
+      echo 'http_upload_file_size_limit = 307200';
+      echo '';
+      echo "Component \"chat.${DEFAULT_DOMAIN_NAME}\" \"muc\"";
+      echo '    name = "Chatrooms"';
+      echo '    modules_enabled = {';
+      echo '        "muc_limits";';
+      echo '        "muc_log";';
+      echo '        "mam_muc";';
+      echo '        "muc_log_http";';
+      echo '    }';
+      echo 'storage = { muc_log = "sql"; }';
+      echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }';
+      echo 'muc_event_rate = 0.5;';
+      echo 'muc_burst_factor = 10;';
+      echo 'muc_log_by_default = false;';
+      echo 'muc_log_all_rooms = false;';
+      echo 'max_archive_query_results = 10;';
+      echo 'max_history_messages = 10;'; } >> /etc/prosody/prosody.cfg.lua
 }
 
 function install_xmpp_nightly {
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 2468274
 
     # Try to get the source from the project repo
-    if [ -f /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
-        cp /root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
+    if [ -f "/root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" ]; then
+        cp "/root/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" .
     else
-        if [ -f /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz ]; then
-            cp /home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz .
+        if [ -f "/home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" ]; then
+            cp "/home/${MY_USERNAME}/${PROJECT_NAME}/image_build/${prosody_filename}.tar.gz" .
         else
-            wget $prosody_nightly_url
+            wget "$prosody_nightly_url"
         fi
     fi
 
-    if [ ! -f ${INSTALL_DIR}/${prosody_filename}.tar.gz ]; then
+    if [ ! -f "${INSTALL_DIR}/${prosody_filename}.tar.gz" ]; then
         echo $"Failed to download prosody nightly $prosody_nightly_url"
         exit 78352
     fi
 
-    hash_value=$(sha256sum ${INSTALL_DIR}/${prosody_filename}.tar.gz | awk -F ' ' '{print $1}')
+    hash_value=$(sha256sum "${INSTALL_DIR}/${prosody_filename}.tar.gz" | awk -F ' ' '{print $1}')
     if [[ "$hash_value" != "$prosody_nightly_hash" ]]; then
-        rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
+        rm "${INSTALL_DIR}/${prosody_filename}.tar.gz"
         echo $'Unexpected hash value for prosody nightly download'
         exit 68224283
     fi
 
-    tar -xzvf ${INSTALL_DIR}/${prosody_filename}.tar.gz
-    cd ${INSTALL_DIR}/${prosody_filename}
+    tar -xzvf "${INSTALL_DIR}/${prosody_filename}.tar.gz"
+    cd "${INSTALL_DIR}/${prosody_filename}" || exit 7246284245
     ./configure --ostype=debian --prefix=/usr
     make prefix=/usr
     make prefix=/usr install
     if [ -f /usr/local/bin/prosody ]; then
         echo $'Failed to build prosody nightly to /usr/bin'
-        rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
-        rm -rf ${INSTALL_DIR}/${prosody_filename}
+        rm "${INSTALL_DIR}/${prosody_filename}.tar.gz"
+        rm -rf "${INSTALL_DIR:?}/${prosody_filename}"
         exit 628732
     fi
-    rm ${INSTALL_DIR}/${prosody_filename}.tar.gz
+    rm "${INSTALL_DIR}/${prosody_filename}.tar.gz"
 
     set_completion_param "prosody_filename" "${prosody_filename}"
 }
 
 function install_xmpp {
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     # remove any existing install attempt
-    if [ -f $INSTALL_DIR/$prosody_modules_filename ]; then
-        rm $INSTALL_DIR/$prosody_modules_filename
+    if [ -f "$INSTALL_DIR/$prosody_modules_filename" ]; then
+        rm "$INSTALL_DIR/$prosody_modules_filename"
     fi
-    if [ -d $INSTALL_DIR/prosody-modules ]; then
-        rm -rf $INSTALL_DIR/prosody-modules
+    if [ -d "$INSTALL_DIR/prosody-modules" ]; then
+        rm -rf "$INSTALL_DIR/prosody-modules"
     fi
 
     update_prosody_modules
 
     # obtain a cert for the default domain
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
-        create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
-        if [[ $ONION_ONLY == 'no' ]]; then
-            if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+    if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
+        create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
+        if [[ "$ONION_ONLY" == 'no' ]]; then
+            if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
                 echo $'LetsEncrypt cert could not be obtained for xmpp'
                 exit 72342
             fi
@@ -961,9 +970,9 @@ function install_xmpp {
     fi
 
     # create a certificate
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
-            ${PROJECT_NAME}-addcert -h xmpp --dhkey ${DH_KEYLENGTH}
+            "${PROJECT_NAME}-addcert" -h xmpp --dhkey "${DH_KEYLENGTH}"
             check_certificates xmpp
             if [ ! -f /etc/ssl/certs/xmpp.crt ]; then
                 echo $'Failed to create xmpp certificate'
@@ -987,12 +996,12 @@ function install_xmpp {
 
     chown root:default /etc/ssl/private/xmpp.*
     chown root:default /etc/ssl/certs/xmpp.*
-    chown root:default /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.*
-    chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
+    chown root:default "/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.*"
+    chown root:default "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*"
 
     cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
 
-    if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
+    if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "1" ]]; then
         sed -i "s|key =.*|key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
         sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
     else
@@ -1000,23 +1009,23 @@ function install_xmpp {
         sed -i "s|certificate =.*|certificate = \"/etc/ssl/certs/xmpp.crt\";|g" /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
     if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then
-            sed -i "/certificate =/a\        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
+        if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}")" == "1" ]]; then
+            sed -i "/certificate =/a\\        dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
         else
-            sed -i '/certificate =/a\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
+            sed -i '/certificate =/a\\        dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
         fi
     fi
     if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
         sed -i '/certificate =/a\        options = {"no_sslv2", "no_sslv3" };' /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
     if ! grep -q 'ciphers =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-        sed -i "/certificate =/a\        ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i "/certificate =/a\\        ciphers = $XMPP_CIPHERS;" /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
     if ! grep -q 'depth = "2";' /etc/prosody/conf.avail/xmpp.cfg.lua; then
         sed -i '/certificate =/a\        depth = "2";' /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
     if ! grep -q 'curve =' /etc/prosody/conf.avail/xmpp.cfg.lua; then
-        sed -i "/certificate =/a\        curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i "/certificate =/a\\        curve = $XMPP_ECC_CURVE;" /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
 
     sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/conf.avail/xmpp.cfg.lua
@@ -1049,10 +1058,10 @@ function install_xmpp {
         exit 877367
     fi
     if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
-        echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/' >> /etc/tor/torrc
-        echo 'HiddenServiceVersion 2' >> /etc/tor/torrc
-        echo "HiddenServicePort 5222 127.0.0.1:5222" >> /etc/tor/torrc
-        echo "HiddenServicePort 5269 127.0.0.1:5269" >> /etc/tor/torrc
+        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/';
+          echo 'HiddenServiceVersion 2';
+          echo "HiddenServicePort 5222 127.0.0.1:5222";
+          echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> /etc/tor/torrc
         echo $'Added onion site for xmpp chat'
     fi
 
@@ -1065,17 +1074,17 @@ function install_xmpp {
     fi
     XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
     if ! grep -q "${XMPP_ONION_HOSTNAME}" /etc/prosody/conf.avail/xmpp.cfg.lua; then
-        echo '' >> /etc/prosody/conf.avail/xmpp.cfg.lua
-        echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/conf.avail/xmpp.cfg.lua
-        echo '    modules_enabled = { "onions" };' >> /etc/prosody/conf.avail/xmpp.cfg.lua
+        { echo '';
+          echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"";
+          echo '    modules_enabled = { "onions" };'; } >> /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
     set_completion_param "xmpp onion domain" "${XMPP_ONION_HOSTNAME}"
 
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        XMPP_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        XMPP_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
     else
         if [ ${#XMPP_PASSWORD} -lt 8 ]; then
-            XMPP_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            XMPP_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
 
@@ -1122,10 +1131,11 @@ function install_xmpp {
     systemctl restart prosody
 
     if [[ $ONION_ONLY != 'no' ]]; then
-        prosodyctl register $MY_USERNAME $XMPP_ONION_HOSTNAME "$XMPP_PASSWORD"
+        prosodyctl register "$MY_USERNAME" "$XMPP_ONION_HOSTNAME" "$XMPP_PASSWORD"
     else
-        prosodyctl register $MY_USERNAME $DEFAULT_DOMAIN_NAME "$XMPP_PASSWORD"
+        prosodyctl register "$MY_USERNAME" "$DEFAULT_DOMAIN_NAME" "$XMPP_PASSWORD"
     fi
+    # shellcheck disable=SC2181
     if [ ! "$?" = "0" ]; then
         echo ''
         echo ''
@@ -1149,22 +1159,22 @@ function install_xmpp {
 
     prosody_daemon_restart_script
 
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a xmpp -p "$XMPP_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a xmpp -p "$XMPP_PASSWORD"
 
     # Add avahi services
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/xmpp.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/xmpp.service
-    echo '<service-group>' >> /etc/avahi/services/xmpp.service
-    echo '  <name replace-wildcards="yes">%h XMPP</name>' >> /etc/avahi/services/xmpp.service
-    echo '  <service>' >> /etc/avahi/services/xmpp.service
-    echo '    <type>_xmpp._tcp</type>' >> /etc/avahi/services/xmpp.service
-    echo "    <port>5222</port>" >> /etc/avahi/services/xmpp.service
-    echo '  </service>' >> /etc/avahi/services/xmpp.service
-    echo '  <service>' >> /etc/avahi/services/xmpp.service
-    echo '    <type>_xmpp-server._tcp</type>' >> /etc/avahi/services/xmpp.service
-    echo "    <port>5269</port>" >> /etc/avahi/services/xmpp.service
-    echo '  </service>' >> /etc/avahi/services/xmpp.service
-    echo '</service-group>' >> /etc/avahi/services/xmpp.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h XMPP</name>';
+      echo '  <service>';
+      echo '    <type>_xmpp._tcp</type>';
+      echo "    <port>5222</port>";
+      echo '  </service>';
+      echo '  <service>';
+      echo '    <type>_xmpp-server._tcp</type>';
+      echo "    <port>5269</port>";
+      echo '  </service>';
+      echo '</service-group>'; } > /etc/avahi/services/xmpp.service
 
     systemctl restart avahi-daemon
 
diff --git a/src/freedombone-app-zeronet b/src/freedombone-app-zeronet
index 3d09cb92..33480939 100755
--- a/src/freedombone-app-zeronet
+++ b/src/freedombone-app-zeronet
@@ -105,7 +105,7 @@ function remove_zeronet_blog {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroBlog
     fi
     remove_completion_param install_zeronet_blog
-    sed -i '/zeronet blog/d' $COMPLETION_FILE
+    sed -i '/zeronet blog/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet_mail {
@@ -113,7 +113,7 @@ function remove_zeronet_mail {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroMail
     fi
     remove_completion_param install_zeronet_mail
-    sed -i '/zeronet mail/d' $COMPLETION_FILE
+    sed -i '/zeronet mail/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet_forum {
@@ -121,7 +121,7 @@ function remove_zeronet_forum {
         rm -rf $MESH_INSTALL_DIR/zeronet/ZeroTalk
     fi
     remove_completion_param install_zeronet_forum
-    sed -i '/zeronet forum/d' $COMPLETION_FILE
+    sed -i '/zeronet forum/d' "$COMPLETION_FILE"
 }
 
 function remove_zeronet {
@@ -133,10 +133,10 @@ function remove_zeronet {
     firewall_remove ${TRACKER_PORT}
     firewall_remove 1900 udp
 
-    ${PROJECT_NAME}-mesh-install -f zeronet --remove yes
+    "${PROJECT_NAME}-mesh-install" -f zeronet --remove yes
     remove_completion_param install_zeronet
     remove_completion_param configure_firewall_for_zeronet
-    sed -i '/zeronet/d' $COMPLETION_FILE
+    sed -i '/zeronet/d' "$COMPLETION_FILE"
 }
 
 function configure_firewall_for_zeronet {
@@ -161,14 +161,14 @@ function install_zeronet_blog {
 
     ZERONET_DEFAULT_BLOG_TITLE="${MY_USERNAME}'s Blog"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 246284728
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/blog.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/blog.txt ]; then
         echo $'Unable to create blog'
         exit 479
     fi
-    blog_address=$(cat blog.txt | grep "Site address" | awk -F ':' '{print $2}')
-    blog_private_key=$(cat blog.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    blog_address=$(grep "Site address" blog.txt | awk -F ':' '{print $2}')
+    blog_private_key=$(grep "Site private key" blog.txt | awk -F ':' '{print $2}')
     ZERONET_BLOG_ADDRESS=${blog_address//[[:blank:]]/}
     ZERONET_BLOG_PRIVATE_KEY=${blog_private_key//[[:blank:]]/}
 
@@ -197,24 +197,24 @@ function install_zeronet_blog {
         echo $'ZeroBlog repo could not be cloned'
         exit 6739
     fi
-    cd $MESH_INSTALL_DIR/zeronet/ZeroBlog
+    cd "$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 47298462874
     git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
     set_completion_param "zeroNet blog commit" "$ZERONET_BLOG_COMMIT"
 
     echo $"ZeroNet Blog address:     $ZERONET_BLOG_ADDRESS"
     echo $"ZeroNet Blog private key: $ZERONET_BLOG_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroBlog/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroBlog/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS"
 
-    if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data ]; then
-        mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data
+    if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data" ]; then
+        mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
     fi
-    cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data
-    sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
-    sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json
-    sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
-    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html
-    sed -i "s/Blogging platform Demo/Blogging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_BLOG_ADDRESS $ZERONET_BLOG_PRIVATE_KEY
+    cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data"
+    sed -i "s/MyZeroBlog/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
+    sed -i "s/My ZeroBlog./$ZERONET_DEFAULT_BLOG_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/data/data.json"
+    sed -i "s/ZeroBlog Demo/$ZERONET_DEFAULT_BLOG_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
+    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_BLOG_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/index.html"
+    sed -i "s/Blogging platform Demo/Blogging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_BLOG_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_BLOG_ADDRESS" "$ZERONET_BLOG_PRIVATE_KEY"
 
     # Add an avahi service
     function_check create_avahi_service
@@ -223,11 +223,11 @@ function install_zeronet_blog {
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myblog
+    echo "${ZERONET_URL}/${ZERONET_BLOG_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myblog"
 
     install_completed zeronet_blog
 }
@@ -244,14 +244,14 @@ function install_zeronet_mail {
 
     ZERONET_DEFAULT_MAIL_TITLE="${MY_USERNAME}'s Mail"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 4628462862
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/mail.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/mail.txt ]; then
         echo $'Unable to create mail'
         exit 479
     fi
-    mail_address=$(cat mail.txt | grep "Site address" | awk -F ':' '{print $2}')
-    mail_private_key=$(cat mail.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    mail_address=$(grep "Site address" mail.txt | awk -F ':' '{print $2}')
+    mail_private_key=$(grep "Site private key" mail.txt | awk -F ':' '{print $2}')
     ZERONET_MAIL_ADDRESS=${mail_address//[[:blank:]]/}
     ZERONET_MAIL_PRIVATE_KEY=${mail_private_key//[[:blank:]]/}
 
@@ -280,24 +280,24 @@ function install_zeronet_mail {
         echo $'ZeroMail repo could not be cloned'
         exit 6739
     fi
-    cd $MESH_INSTALL_DIR/zeronet/ZeroMail
+    cd "$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 246284682
     git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
     set_completion_param "zeroNet mail commit" "$ZERONET_MAIL_COMMIT"
 
     echo $"ZeroNet Mail address:     $ZERONET_MAIL_ADDRESS"
     echo $"ZeroNet Mail private key: $ZERONET_MAIL_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroMail/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroMail/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS"
 
-    if [ ! -d $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data ]; then
-        mkdir $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data
+    if [ ! -d "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data" ]; then
+        mkdir "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
     fi
-    cp $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data
-    sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
-    sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json
-    sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
-    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html
-    sed -i "s/Mailging platform Demo/Mailging platform/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_MAIL_ADDRESS $ZERONET_MAIL_PRIVATE_KEY
+    cp "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data-default/data.json" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data"
+    sed -i "s/MyZeroMail/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
+    sed -i "s/My ZeroMail./$ZERONET_DEFAULT_MAIL_TAGLINE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/data/data.json"
+    sed -i "s/ZeroMail Demo/$ZERONET_DEFAULT_MAIL_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
+    sed -i "s|<h3 class=\"description\">.*|<h3 class=\"description\">$ZERONET_DEFAULT_MAIL_TAGLINE</h3>|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/index.html"
+    sed -i "s/Mailging platform Demo/Mailging platform/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_MAIL_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_MAIL_ADDRESS" "$ZERONET_MAIL_PRIVATE_KEY"
 
     # Add an avahi service
     function_check create_avahi_service
@@ -306,11 +306,11 @@ function install_zeronet_mail {
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/mymail
+    echo "${ZERONET_URL}/${ZERONET_MAIL_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/mymail"
 
     install_completed zeronet_mail
 }
@@ -327,14 +327,14 @@ function install_zeronet_forum {
 
     ZERONET_DEFAULT_FORUM_TITLE=$"${MY_USERNAME}'s Forum"
 
-    cd $MESH_INSTALL_DIR/zeronet
+    cd "$MESH_INSTALL_DIR/zeronet" || exit 472984624628
     python zeronet.py --batch siteCreate 2> $MESH_INSTALL_DIR/zeronet/forum.txt
     if [ ! -f $MESH_INSTALL_DIR/zeronet/forum.txt ]; then
         echo $'Unable to create forum'
         exit 479
     fi
-    forum_address=$(cat forum.txt | grep "Site address" | awk -F ':' '{print $2}')
-    forum_private_key=$(cat forum.txt | grep "Site private key" | awk -F ':' '{print $2}')
+    forum_address=$(grep "Site address" forum.txt | awk -F ':' '{print $2}')
+    forum_private_key=$(grep "Site private key" forum.txt | awk -F ':' '{print $2}')
     ZERONET_FORUM_ADDRESS=${forum_address//[[:blank:]]/}
     ZERONET_FORUM_PRIVATE_KEY=${forum_private_key//[[:blank:]]/}
 
@@ -368,13 +368,13 @@ function install_zeronet_forum {
 
     echo $"Forum address:     $ZERONET_FORUM_ADDRESS"
     echo $"Forum private key: $ZERONET_FORUM_PRIVATE_KEY"
-    cp -r $MESH_INSTALL_DIR/zeronet/ZeroTalk/* $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS
-    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html
-    sed -i 's/Messaging Board Demo/Messaging Board/g' $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
-    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" $MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json
-    python zeronet.py siteSign $ZERONET_FORUM_ADDRESS $ZERONET_FORUM_PRIVATE_KEY --inner_path data/users/content.json
+    cp -r "$MESH_INSTALL_DIR/zeronet/ZeroTalk/*" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS"
+    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i "s/ZeroTalk/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i "s|Demo for dynamic, decentralized content publishing.|$ZERONET_DEFAULT_FORUM_TAGLINE|g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/index.html"
+    sed -i 's/Messaging Board Demo/Messaging Board/g' "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
+    sed -i "s/ZeroBoard/$ZERONET_DEFAULT_FORUM_TITLE/g" "$MESH_INSTALL_DIR/zeronet/data/$ZERONET_FORUM_ADDRESS/content.json"
+    python zeronet.py siteSign "$ZERONET_FORUM_ADDRESS" "$ZERONET_FORUM_PRIVATE_KEY" --inner_path data/users/content.json
 
     # Add an avahi service
     function_check create_avahi_service
@@ -383,11 +383,11 @@ function install_zeronet_forum {
 
     chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
 
-    if [ ! -d /home/$MY_USERNAME/.config/zeronet ]; then
-        mkdir -p /home/$MY_USERNAME/.config/zeronet
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "/home/$MY_USERNAME/.config/zeronet" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/zeronet"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
-    echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > /home/$MY_USERNAME/.config/zeronet/myforum
+    echo "${ZERONET_URL}/${ZERONET_FORUM_ADDRESS}" > "/home/$MY_USERNAME/.config/zeronet/myforum"
 
     install_completed zeronet_forum
 }
@@ -397,7 +397,7 @@ function install_zeronet_main {
         return
     fi
 
-    ${PROJECT_NAME}-mesh-install -f zeronet
+    "${PROJECT_NAME}-mesh-install" -f zeronet
     systemctl daemon-reload
     systemctl start tracker.service
     systemctl start zeronet.service
@@ -408,117 +408,118 @@ function install_zeronet_main {
 }
 
 function mesh_zeronet {
-    ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_REPO_MAIN=$(grep "ZERONET_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
     if [ ${#ZERONET_REPO_MAIN} -gt 4 ]; then
         ZERONET_REPO=$ZERONET_REPO_MAIN
     fi
-    if [ ! $ZERONET_REPO ]; then
+    if [ ! "$ZERONET_REPO" ]; then
         echo $'No ZeroNet repo was specified'
         exit 723539
     fi
 
-    ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_COMMIT_MAIN=$(grep "ZERONET_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#ZERONET_COMMIT_MAIN} -gt 4 ]; then
         ZERONET_COMMIT=$ZERONET_COMMIT_MAIN
     fi
-    if [ ! $ZERONET_COMMIT ]; then
+    if [ ! "$ZERONET_COMMIT" ]; then
         echo $'No ZeroNet commit was specified'
         exit 490439
     fi
 
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install python python-msgpack python-gevent
     chroot "$rootdir" apt-get -yq install python-pip bittornado
     chroot "$rootdir" pip install msgpack-python --upgrade
 
-    chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
+    chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/zeronet/" -s /bin/false zeronet
 
     if [ -d /repos/zeronet ]; then
-        mkdir $rootdir$MESH_INSTALL_DIR/zeronet
-        cp -r -p /repos/zeronet/. $rootdir$MESH_INSTALL_DIR/zeronet
-        cd $rootdir$MESH_INSTALL_DIR/zeronet
+        mkdir "$rootdir$MESH_INSTALL_DIR/zeronet"
+        cp -r -p /repos/zeronet/. "$rootdir$MESH_INSTALL_DIR/zeronet"
+        cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2648246284
         git pull
     else
-        git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
+        git clone "$ZERONET_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet"
     fi
 
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet" ]; then
         echo 'WARNING: Unable to clone zeronet'
         return
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet
-    git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
-    if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
-        echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet" || exit 2468276484682
+    git checkout "$ZERONET_COMMIT" -b "$ZERONET_COMMIT"
+    if ! grep -q "ZeroNet commit" "$COMPLETION_FILE"; then
+        echo "ZeroNet commit:$ZERONET_COMMIT" >> "$rootdir$COMPLETION_FILE"
     else
-        sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
+        sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" "$COMPLETION_FILE"
     fi
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 
     # Hack to ensure that the file access port is opened
     # This is because zeronet normally relies on an internet site
     # to do this, but on a purely local mesh the internet isn't available
-    sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n            sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py
+    sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n            sys.modules["main"].file_server.port_opened = True|g' "$rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py"
 
     ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
-    echo '[Unit]' > $ZERONET_DAEMON
-    echo 'Description=Zeronet Server' >> $ZERONET_DAEMON
-    echo 'After=syslog.target' >> $ZERONET_DAEMON
-    echo 'After=network.target' >> $ZERONET_DAEMON
-    echo '[Service]' >> $ZERONET_DAEMON
-    echo 'Type=simple' >> $ZERONET_DAEMON
-    echo 'User=zeronet' >> $ZERONET_DAEMON
-    echo 'Group=zeronet' >> $ZERONET_DAEMON
-    echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON
-    echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON
-    echo '' >> $ZERONET_DAEMON
-    echo 'TimeoutSec=300' >> $ZERONET_DAEMON
-    echo '' >> $ZERONET_DAEMON
-    echo '[Install]' >> $ZERONET_DAEMON
-    echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON
+    { echo '[Unit]';
+      echo 'Description=Zeronet Server';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=zeronet';
+      echo 'Group=zeronet';
+      echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet";
+      echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$ZERONET_DAEMON"
 
     TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
-    echo '[Unit]' > $TRACKER_DAEMON
-    echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
-    echo 'After=syslog.target' >> $TRACKER_DAEMON
-    echo 'After=network.target' >> $TRACKER_DAEMON
-    echo '[Service]' >> $TRACKER_DAEMON
-    echo 'Type=simple' >> $TRACKER_DAEMON
-    echo 'User=tracker' >> $TRACKER_DAEMON
-    echo 'Group=tracker' >> $TRACKER_DAEMON
-    echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON
-    echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo 'TimeoutSec=300' >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo '[Install]' >> $TRACKER_DAEMON
-    echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
+    { echo '[Unit]';
+      echo 'Description=Torrent Tracker';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=tracker';
+      echo 'Group=tracker';
+      echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker";
+      echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$TRACKER_DAEMON"
 
-    chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then
-        mkdir $rootdir$MESH_INSTALL_DIR/tracker
+    chroot "$rootdir" useradd -d "$MESH_INSTALL_DIR/tracker/" -s /bin/false tracker
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/tracker" ]; then
+        mkdir "$rootdir$MESH_INSTALL_DIR/tracker"
     fi
-    chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker
+    chroot "$rootdir" chown -R tracker:tracker "$MESH_INSTALL_DIR/tracker"
 
     # publish regularly
     MESH_SYNC_COMMAND=$rootdir/usr/bin/mesh-sync
-    echo '#!/bin/bash' > $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/toxavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    echo '/usr/local/bin/meshavahi 2> /dev/null' >> $MESH_SYNC_COMMAND
-    chmod +x $MESH_SYNC_COMMAND
+    { echo '#!/bin/bash';
+      echo '/usr/local/bin/toxavahi 2> /dev/null';
+      echo '/usr/local/bin/meshavahi 2> /dev/null'; } > "$MESH_SYNC_COMMAND"
+    chmod +x "$MESH_SYNC_COMMAND"
 
-    if ! grep -q "mesh-sync" ${rootdir}/etc/crontab; then
-        echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
-        echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )" >> ${rootdir}/etc/crontab
+    if ! grep -q "mesh-sync" "${rootdir}/etc/crontab"; then
+        { echo "*/1            * *   *   *   root /usr/bin/mesh-sync 2> /dev/null";
+          echo "*/1            * *   *   *   root ( sleep 20 ; /usr/bin/mesh-sync 2> /dev/null )";
+          echo "*/1            * *   *   *   root ( sleep 40 ; /usr/bin/mesh-sync 2> /dev/null )"; } >> "${rootdir}/etc/crontab"
     fi
 
     chroot "$rootdir" systemctl enable tracker.service
@@ -526,95 +527,95 @@ function mesh_zeronet {
 }
 
 function mesh_zeronet_blog {
-    ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_BLOG_REPO=$(grep "ZERONET_BLOG_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_BLOG_COMMIT=$(grep "ZERONET_BLOG_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then
+    git clone "$ZERONET_BLOG_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" ]; then
         echo $'ZeroBlog repo could not be cloned'
         exit 6739
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
-    git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog" || exit 247824628
+    git checkout "$ZERONET_BLOG_COMMIT" -b "$ZERONET_BLOG_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_mail {
-    ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_MAIL_REPO=$(grep "ZERONET_MAIL_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_MAIL_COMMIT=$(grep "ZERONET_MAIL_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then
+    git clone "$ZERONET_MAIL_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" ]; then
         echo $'ZeroMail repo could not be cloned'
         exit 78493
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
-    git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail" || exit 2467824628
+    git checkout "$ZERONET_MAIL_COMMIT" -b "$ZERONET_MAIL_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_forum {
-    ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_FORUM_REPO=$(grep "ZERONET_FORUM_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_FORUM_COMMIT=$(grep "ZERONET_FORUM_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then
+    git clone "$ZERONET_FORUM_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" ]; then
         echo $'ZeroTalk repo could not be cloned'
         exit 78252
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
-    git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk" || exit 246824628
+    git checkout "$ZERONET_FORUM_COMMIT" -b "$ZERONET_FORUM_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function mesh_zeronet_id {
-    ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
-    ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
-    MESH_INSTALL_DIR_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "MESH_INSTALL_DIR=" | head -n 1 | awk -F "'" '{print $2}')
+    ZERONET_ID_REPO=$(grep "ZERONET_ID_REPO=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F '"' '{print $2}')
+    ZERONET_ID_COMMIT=$(grep "ZERONET_ID_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
+    MESH_INSTALL_DIR_MAIN=$(grep "MESH_INSTALL_DIR=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#MESH_INSTALL_DIR_MAIN} -gt 4 ]; then
         MESH_INSTALL_DIR=$MESH_INSTALL_DIR_MAIN
     fi
-    if [ ! $MESH_INSTALL_DIR ]; then
+    if [ ! "$MESH_INSTALL_DIR" ]; then
         echo $'No mesh install dir was specified'
         exit 432052
     fi
 
-    git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
-    if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then
+    git clone "$ZERONET_ID_REPO" "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID"
+    if [ ! -d "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" ]; then
         echo $'ZeroID repo could not be cloned'
         exit 37936
     fi
-    cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
-    git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT
-    chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
+    cd "$rootdir$MESH_INSTALL_DIR/zeronet/ZeroID" || exit 8723563244
+    git checkout "$ZERONET_ID_COMMIT" -b "$ZERONET_ID_COMMIT"
+    chroot "$rootdir" chown -R zeronet:zeronet "$MESH_INSTALL_DIR/zeronet"
 }
 
 function install_zeronet {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_zeronet
         mesh_zeronet_blog
         mesh_zeronet_mail
diff --git a/src/freedombone-archive-mail b/src/freedombone-archive-mail
index f4d79bcc..c008fee6 100755
--- a/src/freedombone-archive-mail
+++ b/src/freedombone-archive-mail
@@ -33,34 +33,34 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-archive-mail
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-validation"
 
 for d in /home/*/ ; do
     USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
     if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
         # for every user who has a mail directory
-        if [ -d /home/$USERNAME/Maildir ]; then
+        if [ -d "/home/$USERNAME/Maildir" ]; then
             MUTTRC=/home/$USERNAME/.muttrc
             # update archives
             python /usr/bin/cleanup-maildir --archive-folder="archive" --maildir-root="/home/$USERNAME/Maildir" archive ""
             # ensure the user has permissions on the archives
             for archive_dir in /home/$USERNAME/Maildir/archive-* ; do
-                chown -R $USERNAME:$USERNAME $archive_dir
+                chown -R "$USERNAME":"$USERNAME" "$archive_dir"
             done
             # add the archive to .muttrc if needed
-            if [ -f $MUTTRC ]; then
-                MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
+            if [ -f "$MUTTRC" ]; then
+                MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
                 YR=$(date +"%Y")
                 PREV_YR=$((YR - 1))
                 BACKUP_DIRECTORY=archive-$YR
                 PREV_BACKUP_DIRECTORY=archive-$PREV_YR
                 if [[ $MUTT_MAILBOXES != *$BACKUP_DIRECTORY* ]]; then
                     if [[ $MUTT_MAILBOXES == *$PREV_BACKUP_DIRECTORY* ]]; then
-                        sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" $MUTTRC
+                        sed -i "s|$PREV_BACKUP_DIRECTORY|$PREV_BACKUP_DIRECTORY =$BACKUP_DIRECTORY|g" "$MUTTRC"
                     else
-                        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" $MUTTRC
+                        sed -i "s|$MUTT_MAILBOXES|$MUTT_MAILBOXES =$BACKUP_DIRECTORY|g" "$MUTTRC"
                     fi
-                    chown $USERNAME:$USERNAME $MUTTRC
+                    chown "$USERNAME":"$USERNAME" "$MUTTRC"
                 fi
             fi
         fi
diff --git a/src/freedombone-backup-local b/src/freedombone-backup-local
index b31c6251..12d373d0 100755
--- a/src/freedombone-backup-local
+++ b/src/freedombone-backup-local
@@ -59,13 +59,13 @@ function please_wait {
 
 please_wait
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # include utils which allow function_check and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 clear
@@ -82,7 +82,7 @@ ADMIN_NAME=
 # Sites are suspended so that verification should work
 SUSPENDED_SITE=
 
-DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
 
 function make_backup_directory {
     # make a backup directory on the drive
@@ -100,7 +100,7 @@ function make_backup_directory {
 function check_storage_space_remaining {
     # Check space remaining on the usb drive
     used_percent=$(df -k $USB_MOUNT | tail -n 1 | awk -F ' ' '{print $5}' | awk -F '%' '{print $1}')
-    if [ $used_percent -gt 95 ]; then
+    if [ "$used_percent" -gt 95 ]; then
         echo $"Less than 5% of space remaining on backup drive"
         umount $USB_MOUNT
         rm -rf $USB_MOUNT
@@ -114,105 +114,105 @@ function backup_users {
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # Backup any gpg keys
-            if [ -d /home/$USERNAME/.gnupg ]; then
+            if [ -d "/home/$USERNAME/.gnupg" ]; then
                 echo $"Backing up gpg keys for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.gnupg gnupg/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
             fi
 
             # Backup any personal settings
-            if [ -d /home/$USERNAME/personal ]; then
+            if [ -d "/home/$USERNAME/personal" ]; then
                 echo $"Backing up personal settings for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/personal personal/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/personal" "personal/$USERNAME"
             fi
 
             # Backup ssh keys
-            if [ -d /home/$USERNAME/.ssh ]; then
+            if [ -d "/home/$USERNAME/.ssh" ]; then
                 echo $"Backing up ssh keys for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.ssh ssh/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.ssh" "ssh/$USERNAME"
             fi
 
             # Backup fin database if it exists
-            if [ -d /home/$USERNAME/.fin ]; then
+            if [ -d "/home/$USERNAME/.fin" ]; then
                 echo $"Backing up fin files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.fin fin/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.fin" "fin/$USERNAME"
             fi
 
             # Backup emacs
-            if [ -d /home/$USERNAME/.emacs.d ]; then
+            if [ -d "/home/$USERNAME/.emacs.d" ]; then
                 echo $"Backing up Emacs config for $USERNAME"
-                if [ -f /home/$USERNAME/.emacs ]; then
-                    cp /home/$USERNAME/.emacs /home/$USERNAME/.emacs.d/dotemacs
+                if [ -f "/home/$USERNAME/.emacs" ]; then
+                    cp "/home/$USERNAME/.emacs" "/home/$USERNAME/.emacs.d/dotemacs"
                 fi
-                backup_directory_to_usb /home/$USERNAME/.emacs.d config/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.emacs.d" "config/$USERNAME"
             fi
 
             # Backup user configs
-            if [ -d /home/$USERNAME/.config ]; then
+            if [ -d "/home/$USERNAME/.config" ]; then
                 echo $"Backing up config files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.config config/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.config" "config/$USERNAME"
             fi
 
             # Backup monkeysphere
-            if [ -d /home/$USERNAME/.monkeysphere ]; then
+            if [ -d "/home/$USERNAME/.monkeysphere" ]; then
                 echo $"Backing up monkeysphere files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
             fi
 
             # Backup user local
-            if [ -d /home/$USERNAME/.local ]; then
+            if [ -d "/home/$USERNAME/.local" ]; then
                 echo $"Backing up local files for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.local local/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.local" "local/$USERNAME"
             fi
 
             # Backup mutt
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 echo $"Backing up Mutt settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup
+                cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
                 if [ -f /etc/Muttrc ]; then
-                    cp /etc/Muttrc /home/$USERNAME/tempbackup
+                    cp /etc/Muttrc "/home/$USERNAME/tempbackup"
                 fi
-                backup_directory_to_usb /home/$USERNAME/tempbackup mutt/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
             fi
-            if [ -d /home/$USERNAME/.mutt ]; then
+            if [ -d "/home/$USERNAME/.mutt" ]; then
                 echo $"Backing up Mutt configurations for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                backup_directory_to_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
             fi
 
             # Backup email
-            if [ -d /home/$USERNAME/Maildir ]; then
+            if [ -d "/home/$USERNAME/Maildir" ]; then
                 echo $"Stopping mail server"
                 systemctl stop exim4
                 echo $"Creating an email archive for $USERNAME"
-                if [ ! -d /root/tempbackupemail/$USERNAME ]; then
-                    mkdir -p /root/tempbackupemail/$USERNAME
+                if [ ! -d "/root/tempbackupemail/$USERNAME" ]; then
+                    mkdir -p "/root/tempbackupemail/$USERNAME"
                 fi
-                tar -czvf /root/tempbackupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir
+                tar -czvf "/root/tempbackupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
                 echo $"Restarting mail server"
                 systemctl start exim4
                 echo $"Backing up emails for $USERNAME"
-                backup_directory_to_usb /root/tempbackupemail/$USERNAME mail/$USERNAME
+                backup_directory_to_usb "/root/tempbackupemail/$USERNAME" "mail/$USERNAME"
             fi
 
             # Backup spamassassin
-            if [ -d /home/$USERNAME/.spamassassin ]; then
+            if [ -d "/home/$USERNAME/.spamassassin" ]; then
                 echo $"Backing up spamassassin settings for $USERNAME"
-                backup_directory_to_usb /home/$USERNAME/.spamassassin spamassassin/$USERNAME
+                backup_directory_to_usb "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
             fi
 
             # Backup procmail
-            if [ -f /home/$USERNAME/.procmailrc ]; then
+            if [ -f "/home/$USERNAME/.procmailrc" ]; then
                 echo $"Backing up procmail settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
-                backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
+                cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
+                backup_directory_to_usb "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
             fi
 
-            gpg_agent_enable $USERNAME
+            gpg_agent_enable "$USERNAME"
         fi
     done
 }
@@ -231,11 +231,11 @@ function backup_directories {
     for dr in "${backup_dirs[@]}"
     do
         # if this directory exists then back it up to the given destination
-        source_directory=$(echo $dr | awk -F ',' '{print $1}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-        if [ -d $source_directory ]; then
-            dest_directory=$(echo $dr | awk -F ',' '{print $2}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+        source_directory=$(echo "$dr" | awk -F ',' '{print $1}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+        if [ -d "$source_directory" ]; then
+            dest_directory=$(echo "$dr" | awk -F ',' '{print $2}'  | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
             echo $"Backing up $source_directory to $dest_directory"
-            backup_directory_to_usb $source_directory $dest_directory
+            backup_directory_to_usb "$source_directory" "$dest_directory"
         fi
 
         restart_site
@@ -243,8 +243,8 @@ function backup_directories {
 }
 
 function remove_backup_directory {
-    if [ $1 ]; then
-        if [[ $1 == "remove" ]]; then
+    if [ "$1" ]; then
+        if [[ "$1" == "remove" ]]; then
             if [ -d $USB_MOUNT/backup ]; then
                 rm -rf $USB_MOUNT/backup
                 echo $'Existing backup directory removed'
@@ -274,7 +274,7 @@ function backup_blocklist {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
         cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
     fi
     backup_directory_to_usb $temp_backup_dir blocklist
@@ -287,8 +287,8 @@ function backup_configfiles {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
-        cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
+        cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
     fi
     if [ -f /root/.nostore ]; then
         cp -f /root/.nostore $temp_backup_dir
@@ -297,13 +297,13 @@ function backup_configfiles {
             rm $temp_backup_dir/.nostore
         fi
     fi
-    cp -f $CONFIGURATION_FILE $temp_backup_dir
-    cp -f $COMPLETION_FILE $temp_backup_dir
+    cp -f "$CONFIGURATION_FILE" $temp_backup_dir
+    cp -f "$COMPLETION_FILE" $temp_backup_dir
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
-    if [ -f $MONGODB_APPS_FILE ]; then
-        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
     fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
@@ -355,7 +355,8 @@ function backup_postgresql {
     if [ ! -d $temp_backup_dir ]; then
         mkdir $temp_backup_dir
     fi
-    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    # shellcheck disable=SC2024
+    sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
     if [ ! -s $temp_backup_dir/postgresql.sql ]; then
         echo $"Unable to backup postgresql settings"
         rm -rf $temp_backup_dir
@@ -375,8 +376,8 @@ if [[ $1 == "remove" ]]; then
 fi
 
 gpg_agent_setup root
-backup_mount_drive $1 $2
-remove_backup_directory $remove_option
+backup_mount_drive "$1" "$2"
+remove_backup_directory "$remove_option"
 make_backup_directory
 check_storage_space_remaining
 backup_users
diff --git a/src/freedombone-backup-remote b/src/freedombone-backup-remote
index a560c69e..213cafb8 100755
--- a/src/freedombone-backup-remote
+++ b/src/freedombone-backup-remote
@@ -43,20 +43,20 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # utilities needed for backup commands
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # Temporary location for data to be backed up to other servers
 SERVER_DIRECTORY=/root/remotebackup
 
 # get the version of Go being used
-GO_VERSION=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go | grep 'GO_VERSION=' | head -n 1 | awk -F '=' '{print $2}')
+GO_VERSION=$(grep 'GO_VERSION=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go" | head -n 1 | awk -F '=' '{print $2}')
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
 ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)
@@ -66,7 +66,7 @@ if [ ! -f /etc/ssl/private/backup.key ]; then
     ${PROJECT_NAME}-addcert -h backup --dhkey 2048
 fi
 
-if [ ! -f /home/${ADMIN_USERNAME}/backup.list ]; then
+if [ ! -f "/home/${ADMIN_USERNAME}/backup.list" ]; then
     exit 1
 fi
 
@@ -92,16 +92,16 @@ function suspend_site {
         return
     fi
     SUSPENDED_SITE="$1"
-    nginx_dissite $SUSPENDED_SITE
+    nginx_dissite "$SUSPENDED_SITE"
     systemctl reload nginx
 }
 
 function restart_site {
     # restarts a given website
-    if [ ! $SUSPENDED_SITE ]; then
+    if [ ! "$SUSPENDED_SITE" ]; then
         return
     fi
-    nginx_ensite $SUSPENDED_SITE
+    nginx_ensite "$SUSPENDED_SITE"
     systemctl reload nginx
     SUSPENDED_SITE=
 }
@@ -115,7 +115,7 @@ function backup_blocklist {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
         cp -f /root/${PROJECT_NAME}-firewall-domains.cfg $temp_backup_dir
     fi
     backup_directory_to_friend $temp_backup_dir blocklist
@@ -128,8 +128,8 @@ function backup_configfiles {
     if [ ! -d $temp_backup_dir ]; then
         mkdir -p $temp_backup_dir
     fi
-    if [ -f $NODEJS_INSTALLED_APPS_FILE ]; then
-        cp -f $NODEJS_INSTALLED_APPS_FILE $temp_backup_dir
+    if [ -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
+        cp -f "$NODEJS_INSTALLED_APPS_FILE" $temp_backup_dir
     fi
     if [ -f /root/.nostore ]; then
         cp -f /root/.nostore $temp_backup_dir
@@ -138,13 +138,13 @@ function backup_configfiles {
             rm $temp_backup_dir/.nostore
         fi
     fi
-    cp -f $CONFIGURATION_FILE $temp_backup_dir
-    cp -f $COMPLETION_FILE $temp_backup_dir
+    cp -f "$CONFIGURATION_FILE" $temp_backup_dir
+    cp -f "$COMPLETION_FILE" $temp_backup_dir
     if [ -f $BACKUP_EXTRA_DIRECTORIES ]; then
         cp -f $BACKUP_EXTRA_DIRECTORIES $temp_backup_dir
     fi
-    if [ -f $MONGODB_APPS_FILE ]; then
-        cp -f $MONGODB_APPS_FILE $temp_backup_dir
+    if [ -f "$MONGODB_APPS_FILE" ]; then
+        cp -f "$MONGODB_APPS_FILE" $temp_backup_dir
     fi
     # nginx password hashes
     if [ -f /etc/nginx/.htpasswd ]; then
@@ -158,114 +158,114 @@ function backup_users {
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             # personal settings
-            if [ -d /home/$USERNAME/personal ]; then
+            if [ -d "/home/$USERNAME/personal" ]; then
                 echo $"Backing up personal settings for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/personal personal/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/personal" "personal/$USERNAME"
             fi
 
             # gpg keys
-            if [ -d /home/$USERNAME/.gnupg ]; then
+            if [ -d "/home/$USERNAME/.gnupg" ]; then
                 echo $"Backing up gpg keys for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.gnupg gnupg/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.gnupg" "gnupg/$USERNAME"
             fi
 
             # ssh keys
-            if [ -d /home/$USERNAME/.ssh ]; then
+            if [ -d "/home/$USERNAME/.ssh" ]; then
                 echo $"Backing up ssh keys for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.ssh ssh/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.ssh" "ssh/$USERNAME"
             fi
 
             # syncthing files
-            if [ -d /home/$USERNAME/Sync ]; then
+            if [ -d "/home/$USERNAME/Sync" ]; then
                 echo $"Backing up syncthing files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/Sync syncthing/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/Sync" "syncthing/$USERNAME"
                 # ensure that device IDs will be backed up as part of user config settings
-                if [ ! -d /home/$USERNAME/.config/syncthing ]; then
-                    mkdir -p /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ ! -d "/home/$USERNAME/.config/syncthing" ]; then
+                    mkdir -p "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthing-server-id ]; then
-                    cp /home/$USERNAME/.syncthing-server-id /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthing-server-id" ]; then
+                    cp "/home/$USERNAME/.syncthing-server-id" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
-                if [ -f /home/$USERNAME/.syncthingids ]; then
-                    cp /home/$USERNAME/.syncthingids /home/$USERNAME/.config/syncthing
-                    chown -R $USERNAME:$USERNAME /home/$USERNAME/.config
+                if [ -f "/home/$USERNAME/.syncthingids" ]; then
+                    cp "/home/$USERNAME/.syncthingids" "/home/$USERNAME/.config/syncthing"
+                    chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.config"
                 fi
             fi
 
             # config files
-            if [ -d /home/$USERNAME/.config ]; then
+            if [ -d "/home/$USERNAME/.config" ]; then
                 echo $"Backing up config files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.config config/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.config" "config/$USERNAME"
             fi
 
             # monkeysphere files
-            if [ -d /home/$USERNAME/.monkeysphere ]; then
+            if [ -d "/home/$USERNAME/.monkeysphere" ]; then
                 echo $"Backing up monkeysphere files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.monkeysphere monkeysphere/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.monkeysphere" "monkeysphere/$USERNAME"
             fi
 
             # fin files
-            if [ -d /home/$USERNAME/.fin ]; then
+            if [ -d "/home/$USERNAME/.fin" ]; then
                 echo $"Backing up fin files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.fin fin/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.fin" "fin/$USERNAME"
             fi
 
             # local files
-            if [ -d /home/$USERNAME/.local ]; then
+            if [ -d "/home/$USERNAME/.local" ]; then
                 echo $"Backing up local files for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.local local/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.local" "local/$USERNAME"
             fi
 
             # mutt settings
-            if [ -f /home/$USERNAME/.muttrc ]; then
+            if [ -f "/home/$USERNAME/.muttrc" ]; then
                 echo $"Backing up Mutt settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.muttrc /home/$USERNAME/tempbackup
+                cp "/home/$USERNAME/.muttrc" "/home/$USERNAME/tempbackup"
                 if [ -f /etc/Muttrc ]; then
-                    cp /etc/Muttrc /home/$USERNAME/tempbackup
+                    cp /etc/Muttrc "/home/$USERNAME/tempbackup"
                 fi
-                backup_directory_to_friend /home/$USERNAME/tempbackup mutt/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/tempbackup" "mutt/$USERNAME"
             fi
-            if [ -d /home/$USERNAME/.mutt ]; then
+            if [ -d "/home/$USERNAME/.mutt" ]; then
                 echo $"Backing up Mutt configurations for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                backup_directory_to_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
             fi
 
             # procmail settings
-            if [ -f /home/$USERNAME/.procmailrc ]; then
+            if [ -f "/home/$USERNAME/.procmailrc" ]; then
                 echo $"Backing up procmail settings for $USERNAME"
-                if [ ! -d /home/$USERNAME/tempbackup ]; then
-                    mkdir -p /home/$USERNAME/tempbackup
+                if [ ! -d "/home/$USERNAME/tempbackup" ]; then
+                    mkdir -p "/home/$USERNAME/tempbackup"
                 fi
-                cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
-                backup_directory_to_friend /home/$USERNAME/tempbackup procmail/$USERNAME
+                cp "/home/$USERNAME/.procmailrc" "/home/$USERNAME/tempbackup"
+                backup_directory_to_friend "/home/$USERNAME/tempbackup" "procmail/$USERNAME"
             fi
 
             # spamassassin settings
-            if [ -d /home/$USERNAME/.spamassassin ]; then
+            if [ -d "/home/$USERNAME/.spamassassin" ]; then
                 echo $"Backing up spamassassin settings for $USERNAME"
-                backup_directory_to_friend /home/$USERNAME/.spamassassin spamassassin/$USERNAME
+                backup_directory_to_friend "/home/$USERNAME/.spamassassin" "spamassassin/$USERNAME"
             fi
 
             # email
-            if [ -d /home/$USERNAME/Maildir ]; then
+            if [ -d "/home/$USERNAME/Maildir" ]; then
                 echo $"Stopping mail server"
                 systemctl stop exim4
                 echo $"Creating an email archive"
-                if [ ! -d /root/backupemail/$USERNAME ]; then
-                    mkdir -p /root/backupemail/$USERNAME
+                if [ ! -d "/root/backupemail/$USERNAME" ]; then
+                    mkdir -p "/root/backupemail/$USERNAME"
                 fi
-                tar -czvf /root/backupemail/$USERNAME/maildir.tar.gz /home/$USERNAME/Maildir
+                tar -czvf "/root/backupemail/$USERNAME/maildir.tar.gz" "/home/$USERNAME/Maildir"
                 echo $"Restarting mail server"
                 systemctl start exim4
                 echo $"Backing up emails for $USERNAME"
-                backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
+                backup_directory_to_friend "/root/backupemail/$USERNAME" "mail/$USERNAME"
             fi
-            gpg_agent_enable $USERNAME
+            gpg_agent_enable "$USERNAME"
         fi
     done
 }
@@ -313,13 +313,13 @@ function backup_web_server {
 }
 
 function backup_admin_readme {
-    if [ -f /home/$ADMIN_USERNAME/README ]; then
+    if [ -f "/home/$ADMIN_USERNAME/README" ]; then
         echo $"Backing up README"
-        if [ ! -d /home/$ADMIN_USERNAME/tempbackup ]; then
-            mkdir -p /home/$ADMIN_USERNAME/tempbackup
+        if [ ! -d "/home/$ADMIN_USERNAME/tempbackup" ]; then
+            mkdir -p "/home/$ADMIN_USERNAME/tempbackup"
         fi
-        cp -f /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/tempbackup
-        backup_directory_to_friend /home/$ADMIN_USERNAME/tempbackup readme
+        cp -f "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/tempbackup"
+        backup_directory_to_friend "/home/$ADMIN_USERNAME/tempbackup" readme
     fi
 }
 
@@ -330,12 +330,12 @@ function backup_mariadb {
             mkdir $temp_backup_dir
         fi
         keep_database_running
-        mysqldump --password=$DATABASE_PASSWORD mysql user > $temp_backup_dir/mysql.sql
+        mysqldump --password="$DATABASE_PASSWORD" mysql user > "$temp_backup_dir/mysql.sql"
         if [ ! -s $temp_backup_dir/mysql.sql ]; then
             echo $"Unable to backup MariaDB settings"
             rm -rf $temp_backup_dir
             # Send a warning email
-            echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+            echo $"Unable to export database settings" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
             exit 653
         fi
         echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
@@ -353,12 +353,13 @@ function backup_postgresql {
     if [ ! -d $temp_backup_dir ]; then
         mkdir $temp_backup_dir
     fi
-    sudo -u postgres pg_dumpall --roles-only > $temp_backup_dir/postgresql.sql
+    # shellcheck disable=SC2024
+    sudo -u postgres pg_dumpall --roles-only > "$temp_backup_dir/postgresql.sql"
     if [ ! -s $temp_backup_dir/postgresql.sql ]; then
         echo $"Unable to backup postgresql settings"
         rm -rf $temp_backup_dir
-        umount $USB_MOUNT
-        rm -rf $USB_MOUNT
+        umount "$USB_MOUNT"
+        rm -rf "$USB_MOUNT"
         exit 684365
     fi
     echo "$DATABASE_PASSWORD" > $temp_backup_dir/db
@@ -375,10 +376,10 @@ function get_key_share {
     # Get a share index based on the supplied domain name
     # This ensures that the same share is always given to the same domain
     sharenumstr=$(md5sum <<< "$REMOTE_DOMAIN")
-    share_index=$(echo $((0x${sharenumstr%% *} % ${no_of_shares})) | tr -d -)
+    share_index=$(echo $((0x${sharenumstr%% *} % no_of_shares)) | tr -d -)
 
     # get the filename
-    share_files=(/home/$USERNAME/.gnupg_fragments/keyshare.asc.*)
+    share_files=("/home/$USERNAME/.gnupg_fragments/keyshare.asc.*")
     share_filename=${share_files[share_index]}
 
     echo "$share_filename"
@@ -391,35 +392,37 @@ function disperse_key_shares {
     REMOTE_PASSWORD=$4
     REMOTE_SERVER=$5
 
-    if [ -d /home/$USERNAME/.gnupg_fragments ]; then
-        if [ $REMOTE_DOMAIN ]; then
-            cd /home/$USERNAME/.gnupg_fragments
+    if [ -d "/home/$USERNAME/.gnupg_fragments" ]; then
+        if [ "$REMOTE_DOMAIN" ]; then
+            cd "/home/$USERNAME/.gnupg_fragments" || exit 34687246462
+            # shellcheck disable=SC2012
             no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
             if (( no_of_shares > 1 )); then
-                share_filename=$(get_key_share $no_of_shares "$USERNAME" "$REMOTE_DOMAIN")
+                share_filename=$(get_key_share "$no_of_shares" "$USERNAME" "$REMOTE_DOMAIN")
 
                 # create a temp directory containing the share
                 temp_key_share_dir=/home/$USERNAME/tempkey
                 temp_key_share_fragments=$temp_key_share_dir/.gnupg_fragments_${USERNAME}
-                mkdir -p $temp_key_share_fragments
-                cp $share_filename $temp_key_share_fragments/
+                mkdir -p "$temp_key_share_fragments"
+                cp "$share_filename" "$temp_key_share_fragments/"
 
                 # copy the fragments directory to the remote server
                 /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
-                                 scp -r -P $REMOTE_SSH_PORT $temp_key_share_fragments $REMOTE_SERVER
+                                 scp -r -P "$REMOTE_SSH_PORT" "$temp_key_share_fragments" "$REMOTE_SERVER"
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     # Send a warning email
                     echo "Key share to $REMOTE_SERVER failed" | \
-                        mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS
+                        mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
                 else
                     # Send a confirmation email
                     echo "Key ${share_filename} shared to $REMOTE_SERVER" | \
-                        mail -s "${PROJECT_NAME} social key management" $MY_EMAIL_ADDRESS
+                        mail -s "${PROJECT_NAME} social key management" "$MY_EMAIL_ADDRESS"
                 fi
 
                 # remove the temp file/directory
-                shred -zu $temp_key_share_fragments/*
-                rm -rf $temp_key_share_dir
+                shred -zu "$temp_key_share_fragments/*"
+                rm -rf "$temp_key_share_dir"
             fi
         fi
     fi
@@ -449,13 +452,13 @@ if [[ $TEST_MODE == "no" ]]; then
 fi
 
 # For each remote server
-while read remote_server
+while read -r remote_server
 do
     # Get the server and its password
     # Format is:
     #   username@domain <port number> /home/username <ssh password>
     REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
-    if [ $REMOTE_SERVER ]; then
+    if [ "$REMOTE_SERVER" ]; then
         REMOTE_DOMAIN=$(echo "${remote_server}" | awk -F ' ' '{print $1}' | awk -F '@' '{print $2}')
         REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
         REMOTE_DIRECTORY=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
@@ -469,23 +472,22 @@ do
         for d in /home/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                disperse_key_shares $USERNAME $REMOTE_DOMAIN $REMOTE_SSH_PORT "$REMOTE_PASSWORD" $REMOTE_SERVER
+                disperse_key_shares "$USERNAME" "$REMOTE_DOMAIN" "$REMOTE_SSH_PORT" "$REMOTE_PASSWORD" "$REMOTE_SERVER"
             fi
         done
 
         if [[ $TEST_MODE == "yes" ]]; then
             echo "rsync -ratlzv --rsh=\"/usr/bin/sshpass -p '$REMOTE_PASSWORD' ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no\" $SERVER_DIRECTORY/backup $REMOTE_SERVER"
         fi
-        rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $SERVER_DIRECTORY/backup $REMOTE_SERVER
-        if [ ! "$?" = "0" ]; then
+        if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p \"$REMOTE_PASSWORD\" ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$SERVER_DIRECTORY/backup" "$REMOTE_SERVER"; then
             echo "$NOW Backup to $REMOTE_SERVER failed" >> /var/log/remotebackups.log
             # Send a warning email
-            echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" $ADMIN_EMAIL_ADDRESS
+            echo "Backup to $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} backup to friends" "$ADMIN_EMAIL_ADDRESS"
         else
             echo "$NOW Backed up to $REMOTE_SERVER" >> /var/log/remotebackups.log
         fi
     fi
 
-done < /home/${ADMIN_USERNAME}/backup.list
+done < "/home/${ADMIN_USERNAME}/backup.list"
 
 exit 0
diff --git a/src/freedombone-base-email b/src/freedombone-base-email
index 5cd65d3f..13271be4 100755
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -95,27 +95,27 @@ function email_create_template {
         ln -s /etc/skel/Maildir/.learn-ham /etc/skel/Maildir/ham
     fi
 
-    if [ ! -d /home/$MY_USERNAME/Maildir ]; then
-        mkdir -m 700 /home/$MY_USERNAME/.mutt
-        mkdir -m 700 /home/$MY_USERNAME/Maildir
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/cur
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/tmp
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/new
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/cur
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/tmp
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/Sent/new
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/cur
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/new
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-spam/tmp
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/cur
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/new
-        mkdir -m 700 /home/$MY_USERNAME/Maildir/.learn-ham/tmp
-        ln -s /home/$MY_USERNAME/Maildir/.learn-spam /home/$MY_USERNAME/Maildir/spam
-        ln -s /home/$MY_USERNAME/Maildir/.learn-ham /home/$MY_USERNAME/Maildir/ham
-        chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir
+    if [ ! -d "/home/$MY_USERNAME/Maildir" ]; then
+        mkdir -m 700 "/home/$MY_USERNAME/.mutt"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/cur"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/tmp"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/new"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/Sent"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/Sent/cur"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/Sent/tmp"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/Sent/new"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-spam"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-spam/cur"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-spam/new"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-spam/tmp"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-ham"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-ham/cur"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-ham/new"
+        mkdir -m 700 "/home/$MY_USERNAME/Maildir/.learn-ham/tmp"
+        ln -s "/home/$MY_USERNAME/Maildir/.learn-spam" "/home/$MY_USERNAME/Maildir/spam"
+        ln -s "/home/$MY_USERNAME/Maildir/.learn-ham" "/home/$MY_USERNAME/Maildir/ham"
+        chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Maildir"
     fi
 }
 
@@ -123,15 +123,15 @@ function configure_email_onion {
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
-    if [[ $SYSTEM_TYPE == "mesh"* ]]; then
+    if [[ "$SYSTEM_TYPE" == "mesh"* ]]; then
         return
     fi
 
     if ! grep -q "hidden_service_email" /etc/tor/torrc; then
-        echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/' >> /etc/tor/torrc
-        echo 'HiddenServicePort 25 127.0.0.1:25' >> /etc/tor/torrc
-        echo 'HiddenServicePort 587 127.0.0.1:587' >> /etc/tor/torrc
-        echo 'HiddenServicePort 465 127.0.0.1:465' >> /etc/tor/torrc
+        { echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/';
+          echo 'HiddenServicePort 25 127.0.0.1:25';
+          echo 'HiddenServicePort 587 127.0.0.1:587';
+          echo 'HiddenServicePort 465 127.0.0.1:465'; } >> /etc/tor/torrc
     fi
 
     function_check onion_update
@@ -160,18 +160,18 @@ function check_email_address_exists {
     read_config_param MY_EMAIL_ADDRESS
     read_config_param DH_KEYLENGTH
 
-    if [ ! $MY_USERNAME ]; then
+    if [ ! "$MY_USERNAME" ]; then
         echo $'No username for email installation'
         exit 73672
     fi
-    if [ ! $DEFAULT_DOMAIN_NAME ]; then
+    if [ ! "$DEFAULT_DOMAIN_NAME" ]; then
         echo $'No default domain name for email installation'
         exit 57634
     fi
 
     my_email="$MY_EMAIL_ADDRESS"
     if [ ${#my_email} -lt 3 ]; then
-        MY_EMAIL_ADDRESS=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}
+        MY_EMAIL_ADDRESS="${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}"
         write_config_param "MY_EMAIL_ADDRESS" "$MY_EMAIL_ADDRESS"
     fi
 }
@@ -181,11 +181,11 @@ function backup_email {
 }
 
 function configure_firewall_for_email {
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+    if [[ "$INSTALLED_WITHIN_DOCKER" == "yes" ]]; then
         # docker does its own firewalling
         return
     fi
-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
         return
     fi
 
@@ -205,37 +205,37 @@ function encrypt_incoming_email {
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/gpgit "gpgit commit" "$GPGIT_COMMIT" $GPGIT_REPO
+    set_repo_commit "$INSTALL_DIR/gpgit" "gpgit commit" "$GPGIT_COMMIT" "$GPGIT_REPO"
 
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
-    if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
+    if [[ "$GPG_ENCRYPT_STORED_EMAIL" != "yes" ]]; then
         return
     fi
 
     if [ ! -f /usr/bin/gpgit.pl ]; then
         apt-get -yq install git libmail-gnupg-perl
-        cd $INSTALL_DIR
+        cd "$INSTALL_DIR" || exit 246824624
         function_check git_clone
-        git_clone $GPGIT_REPO $INSTALL_DIR/gpgit
-        cd $INSTALL_DIR/gpgit
-        git checkout $GPGIT_COMMIT -b $GPGIT_COMMIT
+        git_clone "$GPGIT_REPO" "$INSTALL_DIR/gpgit"
+        cd "$INSTALL_DIR/gpgit" || exit 7246725474
+        git checkout "$GPGIT_COMMIT" -b "$GPGIT_COMMIT"
         set_completion_param "gpgit commit" "$GPGIT_COMMIT"
         cp gpgit.pl /usr/bin
     fi
 
     # add a procmail rule
-    if ! grep -q "/usr/bin/gpgit.pl" /home/$MY_USERNAME/.procmailrc; then
-        echo '' >> /home/$MY_USERNAME/.procmailrc
-        echo ':0 f' >> /home/$MY_USERNAME/.procmailrc
-        echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/.procmailrc
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
-        echo '' >> /etc/skel/.procmailrc
-        echo ':0 f' >> /etc/skel/.procmailrc
-        echo -n '| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $USER@' >> /etc/skel/.procmailrc
-        echo "$DEFAULT_DOMAIN_NAME" >> /etc/skel/.procmailrc
+    if ! grep -q "/usr/bin/gpgit.pl" "/home/$MY_USERNAME/.procmailrc"; then
+        { echo '';
+          echo ':0 f';
+          echo "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten $MY_EMAIL_ADDRESS"; } >> "/home/$MY_USERNAME/.procmailrc"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.procmailrc"
+        { echo '';
+          echo ':0 f';
+          echo -n "| /usr/bin/gpgit.pl --encrypt-mode prefer-inline --inline-flatten \$USER@";
+          echo "$DEFAULT_DOMAIN_NAME"; } >> /etc/skel/.procmailrc
     fi
     mark_completed "${FUNCNAME[0]}"
 }
@@ -250,20 +250,20 @@ function encrypt_outgoing_email {
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
-    if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
+    if [[ "$GPG_ENCRYPT_STORED_EMAIL" != "yes" ]]; then
         return
     fi
 
-    if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+    if [ ! -d "/home/$MY_USERNAME/.gnupg" ]; then
         return
     fi
 
-    if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
+    if [ ! -f "/home/$MY_USERNAME/.muttrc" ]; then
         return
     fi
 
     # obtain your public key ID
-    if [ ! $MY_GPG_PUBLIC_KEY_ID ]; then
+    if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
         if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then
             return
@@ -273,18 +273,18 @@ function encrypt_outgoing_email {
         fi
     fi
 
-    if ! grep -q "pgp_encrypt_only_command" /home/$MY_USERNAME/.muttrc; then
-        echo '' >> /home/$MY_USERNAME/.muttrc
-        echo $'# Encrypt items in the Sent folder' >> /home/$MY_USERNAME/.muttrc
-        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_only_command" "/home/$MY_USERNAME/.muttrc"; then
+        { echo '';
+        echo $'# Encrypt items in the Sent folder';
+        echo "set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\""; } >> "/home/$MY_USERNAME/.muttrc"
     else
-        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_only_command.*|set pgp_encrypt_only_command=\"/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$MY_USERNAME/.muttrc"
     fi
 
-    if ! grep -q "pgp_encrypt_sign_command" /home/$MY_USERNAME/.muttrc; then
-        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> /home/$MY_USERNAME/.muttrc
+    if ! grep -q "pgp_encrypt_sign_command" "/home/$MY_USERNAME/.muttrc"; then
+        echo "set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"" >> "/home/$MY_USERNAME/.muttrc"
     else
-        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" /home/$MY_USERNAME/.muttrc
+        sed -i "s|set pgp_encrypt_sign_command.*|set pgp_encrypt_sign_command=\"/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --trust-model always --encrypt-to $MY_GPG_PUBLIC_KEY_ID -- -r %r -- %f\"|g" "/home/$MY_USERNAME/.muttrc"
     fi
 
     mark_completed "${FUNCNAME[0]}"
@@ -294,28 +294,28 @@ function encrypt_all_email {
     if [ ! -d /etc/exim4 ]; then
         return
     fi
-    if [[ $GPG_ENCRYPT_STORED_EMAIL != "yes" ]]; then
+    if [[ "$GPG_ENCRYPT_STORED_EMAIL" != "yes" ]]; then
         return
     fi
 
-    if [ -f /usr/local/bin/${PROJECT_NAME}-encrypt-mail ]; then
+    if [ -f "/usr/local/bin/${PROJECT_NAME}-encrypt-mail" ]; then
         if [ ! -f /usr/bin/encmaildir ]; then
-            cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
+            cp "/usr/local/bin/${PROJECT_NAME}-encrypt-mail" /usr/bin/encmaildir
         else
-            HASH1=$(sha256sum /usr/local/bin/${PROJECT_NAME}-encrypt-mail | awk -F ' ' '{print $1}')
+            HASH1=$(sha256sum "/usr/local/bin/${PROJECT_NAME}-encrypt-mail" | awk -F ' ' '{print $1}')
             HASH2=$(sha256sum /usr/bin/encmaildir | awk -F ' ' '{print $1}')
             if [[ "$HASH1" != "$HASH2" ]]; then
-                cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
+                cp "/usr/local/bin/${PROJECT_NAME}-encrypt-mail" /usr/bin/encmaildir
             fi
         fi
     else
         if [ ! -f /usr/bin/encmaildir ]; then
-            cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
+            cp "/usr/bin/${PROJECT_NAME}-encrypt-mail" /usr/bin/encmaildir
         else
-            HASH1=$(sha256sum /usr/bin/${PROJECT_NAME}-encrypt-mail | awk -F ' ' '{print $1}')
+            HASH1=$(sha256sum "/usr/bin/${PROJECT_NAME}-encrypt-mail" | awk -F ' ' '{print $1}')
             HASH2=$(sha256sum /usr/bin/encmaildir | awk -F ' ' '{print $1}')
             if [[ "$HASH1" != "$HASH2" ]]; then
-                cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
+                cp "/usr/bin/${PROJECT_NAME}-encrypt-mail" /usr/bin/encmaildir
             fi
         fi
     fi
@@ -324,23 +324,23 @@ function encrypt_all_email {
         return
     fi
 
-    if [ ! /home/$MY_USERNAME/README ]; then
-        touch /home/$MY_USERNAME/README
+    if [ ! -f "/home/$MY_USERNAME/README" ]; then
+        touch "/home/$MY_USERNAME/README"
     fi
-    if ! grep -q $"If you have imported legacy email which is not encrypted" /home/$MY_USERNAME/README; then
-        echo '' >> /home/$MY_USERNAME/README
-        echo '' >> /home/$MY_USERNAME/README
-        echo $'# Encrypting legacy email' >> /home/$MY_USERNAME/README
-        echo $'If you have imported legacy email which is not encrypted' >> /home/$MY_USERNAME/README
-        echo $'then it can be encrypted with the command:' >> /home/$MY_USERNAME/README
-        echo '' >> /home/$MY_USERNAME/README
-        echo '  encmaildir' >> /home/$MY_USERNAME/README
-        echo '' >> /home/$MY_USERNAME/README
-        echo $'But be warned that depending upon how much email you have' >> /home/$MY_USERNAME/README
-        echo $'this could take a seriously LONG time on the Beaglebone' >> /home/$MY_USERNAME/README
-        echo $'and may be better done on a faster machine.' >> /home/$MY_USERNAME/README
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-        chmod 600 /home/$MY_USERNAME/README
+    if ! grep -q $"If you have imported legacy email which is not encrypted" "/home/$MY_USERNAME/README"; then
+        { echo '';
+          echo '';
+          echo $'# Encrypting legacy email';
+          echo $'If you have imported legacy email which is not encrypted';
+          echo $'then it can be encrypted with the command:';
+          echo '';
+          echo '  encmaildir';
+          echo '';
+          echo $'But be warned that depending upon how much email you have';
+          echo $'this could take a seriously LONG time on the Beaglebone';
+          echo $'and may be better done on a faster machine.'; } >> "/home/$MY_USERNAME/README"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/README"
+        chmod 600 "/home/$MY_USERNAME/README"
     fi
 
     mark_completed "${FUNCNAME[0]}"
@@ -360,119 +360,119 @@ function email_client {
         exit 49
     fi
 
-    if [ ! -d /home/$MY_USERNAME/.mutt ]; then
-        mkdir /home/$MY_USERNAME/.mutt
+    if [ ! -d "/home/$MY_USERNAME/.mutt" ]; then
+        mkdir "/home/$MY_USERNAME/.mutt"
     fi
-    echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > /home/$MY_USERNAME/.mutt/mailcap
-    cp /home/$MY_USERNAME/.mutt/mailcap /etc/skel/.mutt
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt
+    echo "text/html; lynx -dump -width=78 -nolist %s | sed ‘s/^ //’; copiousoutput; needsterminal; nametemplate=%s.html" > "/home/$MY_USERNAME/.mutt/mailcap"
+    cp "/home/$MY_USERNAME/.mutt/mailcap" /etc/skel/.mutt
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt"
     chown -R root:root /etc/skel/.mutt
 
-    echo 'set mbox_type=Maildir' >> /etc/Muttrc
-    echo 'set folder="~/Maildir"' >> /etc/Muttrc
-    echo 'set mask="!^\\.[^.]"' >> /etc/Muttrc
-    echo 'set mbox="~/Maildir"' >> /etc/Muttrc
-    echo 'set record="+Sent"' >> /etc/Muttrc
-    echo 'set postponed="+Drafts"' >> /etc/Muttrc
-    echo 'set trash="+Trash"' >> /etc/Muttrc
-    echo 'set spoolfile="~/Maildir"' >> /etc/Muttrc
-    echo 'auto_view text/x-vcard text/html text/enriched' >> /etc/Muttrc
-    echo 'set header_cache="+.cache"' >> /etc/Muttrc
-    echo 'set markers=no' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# ctrl-u to view long URLs' >> /etc/Muttrc
-    echo 'macro pager \cu <pipe-entry>"urlview"<enter> "Follow links with urlview"' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo 'macro index S "<tag-prefix><decode-save>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
-    echo 'macro pager S "<decode-save>=.learn-spam<enter>" "move to learn-spam"' >> /etc/Muttrc
-    echo 'macro index H "<tag-prefix><decode-copy>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
-    echo 'macro pager H "<decode-copy>=.learn-ham<enter>" "copy to learn-ham"' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# set up the sidebar' >> /etc/Muttrc
-    echo 'set sidebar_width=22' >> /etc/Muttrc
-    echo 'set sidebar_visible=yes' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo 'set rfc2047_parameters' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# Show inbox and sent items' >> /etc/Muttrc
-    echo 'mailboxes = =admin =Sent =maybe-spam =spam' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# Alter these colours as needed for maximum bling' >> /etc/Muttrc
-    echo 'color sidebar_new yellow default' >> /etc/Muttrc
-    echo 'color normal white default' >> /etc/Muttrc
-    echo 'color hdrdefault brightcyan default' >> /etc/Muttrc
-    echo 'color signature green default' >> /etc/Muttrc
-    echo 'color attachment brightyellow default' >> /etc/Muttrc
-    echo 'color quoted green default' >> /etc/Muttrc
-    echo 'color quoted1 white default' >> /etc/Muttrc
-    echo 'color tilde blue default' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# ctrl-n, ctrl-p to select next, prev folder' >> /etc/Muttrc
-    echo '# ctrl-o to open selected folder' >> /etc/Muttrc
-    echo 'bind index \Cp sidebar-prev' >> /etc/Muttrc
-    echo 'bind index \Cn sidebar-next' >> /etc/Muttrc
-    echo 'bind index \Co sidebar-open' >> /etc/Muttrc
-    echo 'bind pager \Cp sidebar-prev' >> /etc/Muttrc
-    echo 'bind pager \Cn sidebar-next' >> /etc/Muttrc
-    echo 'bind pager \Co sidebar-open' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# ctrl-b toggles sidebar visibility' >> /etc/Muttrc
-    echo "macro index,pager \Cb '<enter-command>toggle sidebar_visible<enter><redraw-screen>' 'toggle sidebar'" >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# esc-m Mark new messages as read' >> /etc/Muttrc
-    echo 'macro index <esc>m "T~N<enter>;WNT~O<enter>;WO\CT~T<enter>" "mark all messages read"' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# Collapsing threads' >> /etc/Muttrc
-    echo 'macro index [ "<collapse-thread>" "collapse/uncollapse thread"' >> /etc/Muttrc
-    echo 'macro index ] "<collapse-all>"    "collapse/uncollapse all threads"' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# threads containing new messages' >> /etc/Muttrc
-    echo 'uncolor index "~(~N)"' >> /etc/Muttrc
-    echo 'color index brightblue default "~(~N)"' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# new messages themselves' >> /etc/Muttrc
-    echo 'uncolor index "~N"' >> /etc/Muttrc
-    echo 'color index brightyellow default "~N"' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# GPG/PGP integration' >> /etc/Muttrc
-    echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign' >> /etc/Muttrc
-    echo 'set pgp_timeout=1800' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# automatically sign and encrypt with PGP/MIME' >> /etc/Muttrc
-    echo 'set pgp_autosign         # autosign all outgoing mails' >> /etc/Muttrc
-    echo 'set pgp_autoencrypt      # Try to encrypt automatically' >> /etc/Muttrc
-    echo 'set pgp_replyencrypt     # autocrypt replies to crypted' >> /etc/Muttrc
-    echo 'set pgp_replysign        # autosign replies to signed' >> /etc/Muttrc
-    echo 'set pgp_auto_decode=yes  # decode attachments' >> /etc/Muttrc
-    echo 'set fcc_clear=no         # Keep encrypted copy of sent encrypted mail' >> /etc/Muttrc
-    echo 'unset smime_is_default' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo 'set alias_file=~/.mutt-alias' >> /etc/Muttrc
-    echo 'source ~/.mutt-alias' >> /etc/Muttrc
-    echo 'set query_command= "abook --mutt-query \"%s\""' >> /etc/Muttrc
-    echo 'macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"' >> /etc/Muttrc
-    echo '' >> /etc/Muttrc
-    echo '# Optional relay of SMTP via ISP' >> /etc/Muttrc
-    echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"' >> /etc/Muttrc
+    { echo 'set mbox_type=Maildir';
+      echo 'set folder="~/Maildir"';
+      echo 'set mask="!^\\.[^.]"';
+      echo 'set mbox="~/Maildir"';
+      echo 'set record="+Sent"';
+      echo 'set postponed="+Drafts"';
+      echo 'set trash="+Trash"';
+      echo 'set spoolfile="~/Maildir"';
+      echo 'auto_view text/x-vcard text/html text/enriched';
+      echo 'set header_cache="+.cache"';
+      echo 'set markers=no';
+      echo '';
+      echo '# ctrl-u to view long URLs';
+      echo 'macro pager \cu <pipe-entry>"urlview"<enter> "Follow links with urlview"';
+      echo '';
+      echo 'macro index S "<tag-prefix><decode-save>=.learn-spam<enter>" "move to learn-spam"';
+      echo 'macro pager S "<decode-save>=.learn-spam<enter>" "move to learn-spam"';
+      echo 'macro index H "<tag-prefix><decode-copy>=.learn-ham<enter>" "copy to learn-ham"';
+      echo 'macro pager H "<decode-copy>=.learn-ham<enter>" "copy to learn-ham"';
+      echo '';
+      echo '# set up the sidebar';
+      echo 'set sidebar_width=22';
+      echo 'set sidebar_visible=yes';
+      echo '';
+      echo 'set rfc2047_parameters';
+      echo '';
+      echo '# Show inbox and sent items';
+      echo 'mailboxes = =admin =Sent =maybe-spam =spam';
+      echo '';
+      echo '# Alter these colours as needed for maximum bling';
+      echo 'color sidebar_new yellow default';
+      echo 'color normal white default';
+      echo 'color hdrdefault brightcyan default';
+      echo 'color signature green default';
+      echo 'color attachment brightyellow default';
+      echo 'color quoted green default';
+      echo 'color quoted1 white default';
+      echo 'color tilde blue default';
+      echo '';
+      echo '# ctrl-n, ctrl-p to select next, prev folder';
+      echo '# ctrl-o to open selected folder';
+      echo 'bind index \Cp sidebar-prev';
+      echo 'bind index \Cn sidebar-next';
+      echo 'bind index \Co sidebar-open';
+      echo 'bind pager \Cp sidebar-prev';
+      echo 'bind pager \Cn sidebar-next';
+      echo 'bind pager \Co sidebar-open';
+      echo '';
+      echo '# ctrl-b toggles sidebar visibility';
+      echo "macro index,pager \\Cb '<enter-command>toggle sidebar_visible<enter><redraw-screen>' 'toggle sidebar'";
+      echo '';
+      echo '# esc-m Mark new messages as read';
+      echo 'macro index <esc>m "T~N<enter>;WNT~O<enter>;WO\CT~T<enter>" "mark all messages read"';
+      echo '';
+      echo '# Collapsing threads';
+      echo 'macro index [ "<collapse-thread>" "collapse/uncollapse thread"';
+      echo 'macro index ] "<collapse-all>"    "collapse/uncollapse all threads"';
+      echo '';
+      echo '# threads containing new messages';
+      echo 'uncolor index "~(~N)"';
+      echo 'color index brightblue default "~(~N)"';
+      echo '';
+      echo '# new messages themselves';
+      echo 'uncolor index "~N"';
+      echo 'color index brightyellow default "~N"';
+      echo '';
+      echo '# GPG/PGP integration';
+      echo '# this set the number of seconds to keep in memory the passphrase used to encrypt/sign';
+      echo 'set pgp_timeout=1800';
+      echo '';
+      echo '# automatically sign and encrypt with PGP/MIME';
+      echo 'set pgp_autosign         # autosign all outgoing mails';
+      echo 'set pgp_autoencrypt      # Try to encrypt automatically';
+      echo 'set pgp_replyencrypt     # autocrypt replies to crypted';
+      echo 'set pgp_replysign        # autosign replies to signed';
+      echo 'set pgp_auto_decode=yes  # decode attachments';
+      echo 'set fcc_clear=no         # Keep encrypted copy of sent encrypted mail';
+      echo 'unset smime_is_default';
+      echo '';
+      echo 'set alias_file=~/.mutt-alias';
+      echo 'source ~/.mutt-alias';
+      echo 'set query_command= "abook --mutt-query \"%s\""';
+      echo 'macro index,pager A "<pipe-message>abook --add-email-quiet<return>" "add the sender address to abook"';
+      echo '';
+      echo '# Optional relay of SMTP via ISP';
+      echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"'; } > /etc/Muttrc
 
     # For viewing long URLs
-    echo 'REGEXP (((http|https|ftp|gopher)|mailto)[.:][^ >"\t]*|www\.[-a-z0-9.]+)[^ .,;\t>">\):]' > /home/$MY_USERNAME/.urlview
-    echo 'COMMAND lynx -dump -width=78 -nolist %s' >> /home/$MY_USERNAME/.urlview
+    echo 'REGEXP (((http|https|ftp|gopher)|mailto)[.:][^ >"\t]*|www\.[-a-z0-9.]+)[^ .,;\t>">\):]' > "/home/$MY_USERNAME/.urlview"
+    echo 'COMMAND lynx -dump -width=78 -nolist %s' >> "/home/$MY_USERNAME/.urlview"
 
-    cp -f /etc/Muttrc /home/$MY_USERNAME/.muttrc
+    cp -f /etc/Muttrc "/home/$MY_USERNAME/.muttrc"
     cp -f /etc/Muttrc /etc/skel/.muttrc
-    cp -f /home/$MY_USERNAME/.urlview /etc/skel/.urlview
-    touch /home/$MY_USERNAME/.mutt-alias
-    cp /home/$MY_USERNAME/.mutt-alias /etc/skel/.mutt-alias
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.muttrc
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.mutt-alias
+    cp -f "/home/$MY_USERNAME/.urlview" /etc/skel/.urlview
+    touch "/home/$MY_USERNAME/.mutt-alias"
+    cp "/home/$MY_USERNAME/.mutt-alias" /etc/skel/.mutt-alias
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.muttrc"
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.mutt-alias"
 
     # default user on generic images
-    if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then
-        cp -f /etc/Muttrc /home/${GENERIC_IMAGE_USERNAME}/.muttrc
-        chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.muttrc
-        touch /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
-        chown ${GENERIC_IMAGE_USERNAME}:${GENERIC_IMAGE_USERNAME} /home/${GENERIC_IMAGE_USERNAME}/.mutt-alias
+    if [ -d "/home/${GENERIC_IMAGE_USERNAME}" ]; then
+        cp -f /etc/Muttrc "/home/${GENERIC_IMAGE_USERNAME}/.muttrc"
+        chown "${GENERIC_IMAGE_USERNAME}":"${GENERIC_IMAGE_USERNAME}" "/home/${GENERIC_IMAGE_USERNAME}/.muttrc"
+        touch "/home/${GENERIC_IMAGE_USERNAME}/.mutt-alias"
+        chown "${GENERIC_IMAGE_USERNAME}":"${GENERIC_IMAGE_USERNAME}" "/home/${GENERIC_IMAGE_USERNAME}/.mutt-alias"
     fi
 
     mark_completed "${FUNCNAME[0]}"
@@ -484,28 +484,28 @@ function email_archiving {
     fi
 
     # ensure that the mail archive script is up to date
-    if [ -f /usr/local/bin/${PROJECT_NAME}-archive-mail ]; then
+    if [ -f "/usr/local/bin/${PROJECT_NAME}-archive-mail" ]; then
         if [ ! -f /etc/cron.daily/archivemail ]; then
-            cp /usr/local/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
+            cp "/usr/local/bin/${PROJECT_NAME}-archive-mail" /etc/cron.daily/archivemail
             chmod +x /etc/cron.daily/archivemail
         else
-            HASH1=$(sha256sum /usr/local/bin/${PROJECT_NAME}-archive-mail | awk -F ' ' '{print $1}')
+            HASH1=$(sha256sum "/usr/local/bin/${PROJECT_NAME}-archive-mail" | awk -F ' ' '{print $1}')
             HASH2=$(sha256sum /etc/cron.daily/archivemail | awk -F ' ' '{print $1}')
             if [[ "$HASH1" != "$HASH2" ]]; then
-                cp /usr/local/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
+                cp "/usr/local/bin/${PROJECT_NAME}-archive-mail" /etc/cron.daily/archivemail
                 chmod +x /etc/cron.daily/archivemail
             fi
         fi
     else
-        if [ -f /usr/bin/${PROJECT_NAME}-archive-mail ]; then
+        if [ -f "/usr/bin/${PROJECT_NAME}-archive-mail" ]; then
             if [ ! -f /etc/cron.daily/archivemail ]; then
-                cp /usr/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
+                cp "/usr/bin/${PROJECT_NAME}-archive-mail" /etc/cron.daily/archivemail
                 chmod +x /etc/cron.daily/archivemail
             else
-                HASH1=$(sha256sum /usr/local/bin/${PROJECT_NAME}-archive-mail | awk -F ' ' '{print $1}')
+                HASH1=$(sha256sum "/usr/local/bin/${PROJECT_NAME}-archive-mail" | awk -F ' ' '{print $1}')
                 HASH2=$(sha256sum /etc/cron.daily/archivemail | awk -F ' ' '{print $1}')
                 if [[ "$HASH1" != "$HASH2" ]]; then
-                    cp /usr/local/bin/${PROJECT_NAME}-archive-mail /etc/cron.daily/archivemail
+                    cp "/usr/local/bin/${PROJECT_NAME}-archive-mail" /etc/cron.daily/archivemail
                     chmod +x /etc/cron.daily/archivemail
                 fi
             fi
@@ -517,29 +517,29 @@ function email_archiving {
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/cleanup-maildir "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT" $CLEANUP_MAILDIR_REPO
+    set_repo_commit "$INSTALL_DIR/cleanup-maildir" "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT" "$CLEANUP_MAILDIR_REPO"
 
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 246824245242
     function_check git_clone
-    git_clone $CLEANUP_MAILDIR_REPO $INSTALL_DIR/cleanup-maildir
-    cd $INSTALL_DIR/cleanup-maildir
+    git_clone "$CLEANUP_MAILDIR_REPO" "$INSTALL_DIR/cleanup-maildir"
+    cd "$INSTALL_DIR/cleanup-maildir" || exit 6887242572
     git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT
     set_completion_param "cleanup-maildir commit" "$CLEANUP_MAILDIR_COMMIT"
 
     if [ ! -f /usr/bin/cleanup-maildir ]; then
-        cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
+        cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
     else
-        HASH1=$(sha256sum $INSTALL_DIR/cleanup-maildir/cleanup-maildir | awk -F ' ' '{print $1}')
+        HASH1=$(sha256sum "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" | awk -F ' ' '{print $1}')
         HASH2=$(sha256sum /usr/bin/cleanup-maildir | awk -F ' ' '{print $1}')
         if [[ "$HASH1" != "$HASH2" ]]; then
-            cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
+            cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
         fi
     fi
 
@@ -552,13 +552,13 @@ function email_from_address {
         return
     fi
 
-    if [ ! -f /home/$MY_USERNAME/.muttrc ]; then
+    if [ ! -f "/home/$MY_USERNAME/.muttrc" ]; then
         return
     fi
-    if grep -q "set from=" /home/$MY_USERNAME/.muttrc; then
-        sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" /home/$MY_USERNAME/.muttrc
+    if grep -q "set from=" "/home/$MY_USERNAME/.muttrc"; then
+        sed -i "s|set from=.*|set from='$MY_NAME <$MY_EMAIL_ADDRESS>'|g" "/home/$MY_USERNAME/.muttrc"
     else
-        echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> /home/$MY_USERNAME/.muttrc
+        echo "set from='$MY_NAME <$MY_EMAIL_ADDRESS>'" >> "/home/$MY_USERNAME/.muttrc"
     fi
 
     mark_completed "${FUNCNAME[0]}"
@@ -571,68 +571,68 @@ function create_public_mailing_list {
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
-    if [ ! $PUBLIC_MAILING_LIST ]; then
+    if [ ! "$PUBLIC_MAILING_LIST" ]; then
         return
     fi
     # does the mailing list have a separate domain name?
-    if [ ! $PUBLIC_MAILING_LIST_DOMAIN_NAME ]; then
-        PUBLIC_MAILING_LIST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
+    if [ ! "$PUBLIC_MAILING_LIST_DOMAIN_NAME" ]; then
+        PUBLIC_MAILING_LIST_DOMAIN_NAME="$DEFAULT_DOMAIN_NAME"
     fi
 
     PUBLIC_MAILING_LIST_USER="mlmmj"
 
     apt-get -yq install mlmmj
-    adduser --system $PUBLIC_MAILING_LIST_USER
-    addgroup $PUBLIC_MAILING_LIST_USER
-    adduser $PUBLIC_MAILING_LIST_USER $PUBLIC_MAILING_LIST_USER
+    adduser --system "$PUBLIC_MAILING_LIST_USER"
+    addgroup "$PUBLIC_MAILING_LIST_USER"
+    adduser "$PUBLIC_MAILING_LIST_USER" "$PUBLIC_MAILING_LIST_USER"
 
     echo ''
     echo $"Creating the $PUBLIC_MAILING_LIST mailing list"
     echo ''
 
     # create the list
-    mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c $PUBLIC_MAILING_LIST_USER
+    mlmmj-make-ml -a -L "$PUBLIC_MAILING_LIST" -c "$PUBLIC_MAILING_LIST_USER"
 
-    echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe' > /etc/exim4/conf.d/main/000_localmacros
-    echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
-    echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER" >> /etc/exim4/conf.d/main/000_localmacros
+    { echo 'SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe';
+      echo "SYSTEM_ALIASES_USER = $PUBLIC_MAILING_LIST_USER";
+      echo "SYSTEM_ALIASES_GROUP = $PUBLIC_MAILING_LIST_USER"; } > /etc/exim4/conf.d/main/000_localmacros
 
     # router
-    echo 'mlmmj_router:' > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  debug_print = "R: mlmmj_router for $local_part@$domain"' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  driver = accept' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  domains = +mlmmj_domains' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  #require_files = MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  # Exim will then spawn a new process running under the UID of "mlmmj".' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  require_files = mlmmj:MLMMJ_HOME/${lc::$local_part}' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  local_part_suffix = +*' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  local_part_suffix_optional' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  headers_remove = Delivered-To' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  headers_add = Delivered-To: $local_part$local_part_suffix@$domain' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
-    echo '  transport = mlmmj_transport' >> /etc/exim4/conf.d/router/750_exim4-config_mlmmj
+    { echo 'mlmmj_router:';
+      echo "  debug_print = \"R: mlmmj_router for \$local_part@\$domain\"";
+      echo '  driver = accept';
+      echo '  domains = +mlmmj_domains';
+      echo "  #require_files = MLMMJ_HOME/\${lc::\$local_part}";
+      echo '  # Use this instead, if you dont want to give Exim rx rights to mlmmj spool.';
+      echo '  # Exim will then spawn a new process running under the UID of "mlmmj".';
+      echo "  require_files = mlmmj:MLMMJ_HOME/\${lc::\$local_part}";
+      echo '  local_part_suffix = +*';
+      echo '  local_part_suffix_optional';
+      echo '  headers_remove = Delivered-To';
+      echo "  headers_add = Delivered-To: \$local_part\$local_part_suffix@\$domain";
+      echo '  transport = mlmmj_transport'; } > /etc/exim4/conf.d/router/750_exim4-config_mlmmj
 
     # transport
-    echo 'mlmmj_transport:' > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
-    echo '  debug_print = "T: mlmmj_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
-    echo '  driver = pipe' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
-    echo '  return_path_add' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
-    echo '  user = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
-    echo '  group = mlmmj' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
-    echo '  home_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
-    echo '  current_directory = MLMMJ_HOME' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
-    echo '  command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/${lc:$local_part}' >> /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
+    { echo 'mlmmj_transport:';
+      echo "  debug_print = \"T: mlmmj_transport for \$local_part@\$domain\"";
+      echo '  driver = pipe';
+      echo '  return_path_add';
+      echo '  user = mlmmj';
+      echo '  group = mlmmj';
+      echo '  home_directory = MLMMJ_HOME';
+      echo '  current_directory = MLMMJ_HOME';
+      echo "  command = /usr/bin/mlmmj-receive -F -L MLMMJ_HOME/\${lc:\$local_part}"; } > /etc/exim4/conf.d/transport/40_exim4-config_mlmmj
 
     if ! grep -q "MLMMJ_HOME=/var/spool/mlmmj" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
         sed -i '/MAIN CONFIGURATION SETTINGS/a\MLMMJ_HOME=/var/spool/mlmmj' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
     fi
     if ! grep -q "domainlist mlmmj_domains =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
-        sed -i "/MLMMJ_HOME/a\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
+        sed -i "/MLMMJ_HOME/a\\domainlist mlmmj_domains = $PUBLIC_MAILING_LIST_DOMAIN_NAME" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
     fi
 
 
     if ! grep -q "delay_warning_condition =" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
-        sed -i '/domainlist mlmmj_domains =/a\delay_warning_condition = ${if match_domain{$domain}{+mlmmj_domains}{no}{yes}}' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
+        sed -i "/domainlist mlmmj_domains =/a\\delay_warning_condition = \${if match_domain{\$domain}{+mlmmj_domains}{no}{yes}}" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
     fi
     if ! grep -q ": +mlmmj_domains" /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs; then
         sed -i 's/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS/domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS : +mlmmj_domains/g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
@@ -645,98 +645,36 @@ function create_public_mailing_list {
     update-exim4.conf
     systemctl restart exim4
 
-    if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" /home/$MY_USERNAME/README; then
-        echo '' >> /home/$MY_USERNAME/README
-        echo '' >> /home/$MY_USERNAME/README
-        echo $"$PUBLIC_MAILING_LIST mailing list" >> /home/$MY_USERNAME/README
-        echo '=================================' >> /home/$MY_USERNAME/README
-        echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a" >> /home/$MY_USERNAME/README
-        echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
-        chmod 600 /home/$MY_USERNAME/README
+    if ! grep -q $"$PUBLIC_MAILING_LIST mailing list" "/home/$MY_USERNAME/README"; then
+        { echo '';
+        echo '';
+        echo $"$PUBLIC_MAILING_LIST mailing list";
+        echo '=================================';
+        echo $"To subscribe to the $PUBLIC_MAILING_LIST mailing list send a";
+        echo $"cleartext email to $PUBLIC_MAILING_LIST+subscribe@$DEFAULT_DOMAIN_NAME"; } >> "/home/$MY_USERNAME/README"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/README"
+        chmod 600 "/home/$MY_USERNAME/README"
     fi
 
-    ${PROJECT_NAME}-addlist -u $MY_USERNAME -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
+    "${PROJECT_NAME}-addlist" -u "$MY_USERNAME" -l "$PUBLIC_MAILING_LIST" -s "$PUBLIC_MAILING_LIST"
 
     mark_completed "${FUNCNAME[0]}"
 }
 
-function create_private_mailing_list {
-    if [ ! -d /etc/exim4 ]; then
-        return
-    fi
-    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
-        return
-    fi
-    if [ ! $PRIVATE_MAILING_LIST ]; then
-        return
-    fi
-    if [[ $PRIVATE_MAILING_LIST == $MY_USERNAME ]]; then
-        echo $'The name of the private mailing list should not be the same as your username'
-        exit 10
-    fi
-    if [ ! $MY_GPG_PUBLIC_KEY ]; then
-        echo $'To create a private mailing list you need to specify a file'
-        echo $'containing your exported GPG key within MY_GPG_PUBLIC_KEY at'
-        echo $'the top of the script'
-        exit 11
-    fi
-    apt-get -yq install ruby ruby-dev ruby-gpgme libgpgme11-dev libmagic-dev
-    gem install schleuder
-    schleuder-fix-gem-dependencies
-    schleuder-init-setup --gem
-    # NOTE: this is version number sensitive and so might need changing
-    ln -s /var/lib/gems/2.1.0/gems/schleuder-2.2.4 /var/lib/schleuder
-    sed -i 's/#smtp_port: 25/smtp_port: 465/g' /etc/schleuder/schleuder.conf
-    sed -i 's/#superadminaddr: root@localhost/superadminaddr: root@localhost' /etc/schleuder/schleuder.conf
-    schleuder-newlist $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -realname "$PRIVATE_MAILING_LIST" -adminaddress $MY_EMAIL_ADDRESS -initmember $MY_EMAIL_ADDRESS -initmemberkey $MY_GPG_PUBLIC_KEY -nointeractive
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME -l $PRIVATE_MAILING_LIST
-
-    echo 'schleuder:' > /etc/exim4/conf.d/router/550_exim4-config_schleuder
-    echo '  debug_print = "R: schleuder for $local_part@$domain"' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
-    echo '  driver = accept' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
-    echo '  local_part_suffix_optional' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
-    echo '  local_part_suffix = +* : -bounce : -sendkey' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
-    echo '  domains = +local_domains' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
-    echo '  user = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
-    echo '  group = schleuder' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
-    echo '  require_files = schleuder:+/var/lib/schleuder/$domain/${local_part}' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
-    echo '  transport = schleuder_transport' >> /etc/exim4/conf.d/router/550_exim4-config_schleuder
-
-    echo 'schleuder_transport:' > /etc/exim4/conf.d/transport/30_exim4-config_schleuder
-    echo '  debug_print = "T: schleuder_transport for $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
-    echo '  driver = pipe' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
-    echo '  home_directory = "/var/lib/schleuder/$domain/$local_part"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
-    echo '  command = "/usr/bin/schleuder $local_part@$domain"' >> /etc/exim4/conf.d/transport/30_exim4-config_schleuder
-    chown -R schleuder:schleuder /var/lib/schleuder
-    update-exim4.conf.template -r
-    update-exim4.conf
-    systemctl restart exim4
-    chmod 600 /etc/shadow
-    chmod 600 /etc/gshadow
-    useradd -d /var/schleuderlists -s /bin/false schleuder
-    adduser Debian-exim schleuder
-    usermod -a -G mail schleuder
-    chmod 0000 /etc/shadow
-    chmod 0000 /etc/gshadow
-    #exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
-    mark_completed "${FUNCNAME[0]}"
-}
-
 function split_gpg_key_into_fragments {
     # split the gpg key into fragments if social key management is enabled
-    if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
+    if [[ "$ENABLE_SOCIAL_KEY_MANAGEMENT" == "yes" ]]; then
 
-        if [ $IMAGE_PASSWORD_FILE ]; then
-            if [ -f $IMAGE_PASSWORD_FILE ]; then
-                ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" --passwordfile $IMAGE_PASSWORD_FILE
+        if [ "$IMAGE_PASSWORD_FILE" ]; then
+            if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+                "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -e "$MY_EMAIL_ADDRESS" --fullname "$MY_NAME" --passwordfile "$IMAGE_PASSWORD_FILE"
                 return
             fi
         fi
 
         echo 'Splitting GPG key. You may need to enter your passphrase.'
-        ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
-        if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
+        "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -e "$MY_EMAIL_ADDRESS" --fullname "$MY_NAME"
+        if [ ! -d "/home/$MY_USERNAME/.gnupg_fragments" ]; then
             echo 'Yhe GPG key could not be split'
             exit 86548
         fi
@@ -754,7 +692,7 @@ function import_email {
      25, 587, 465, 993 and 2222 to the ${PROJECT_NAME}
 "
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
-        if [[ $SYSTEM_TYPE == "mail"* ]]; then
+        if [[ "$SYSTEM_TYPE" == "mail"* ]]; then
             function_check backup_to_friends_servers
             backup_to_friends_servers
 
@@ -767,9 +705,9 @@ function import_email {
             clear
             echo ''
             echo "$EMAIL_COMPLETE_MSG"
-            if [ -d $USB_MOUNT ]; then
-                umount $USB_MOUNT
-                rm -rf $USB_MOUNT
+            if [ -d "$USB_MOUNT" ]; then
+                umount "$USB_MOUNT"
+                rm -rf "$USB_MOUNT"
                 echo $'            You can now remove the USB drive'
             fi
             exit 0
@@ -777,7 +715,7 @@ function import_email {
         return
     fi
     mark_completed "${FUNCNAME[0]}"
-    if [[ $SYSTEM_TYPE == "mail"* ]]; then
+    if [[ "$SYSTEM_TYPE" == "mail"* ]]; then
         function_check backup_to_friends_servers
         backup_to_friends_servers
 
@@ -792,9 +730,9 @@ function import_email {
         echo ''
         echo "$EMAIL_COMPLETE_MSG"
         echo ''
-        if [ -d $USB_MOUNT ]; then
-            umount $USB_MOUNT
-            rm -rf $USB_MOUNT
+        if [ -d "$USB_MOUNT" ]; then
+            umount "$USB_MOUNT"
+            rm -rf "$USB_MOUNT"
             echo $'            You can now remove the USB drive'
         fi
         exit 0
@@ -826,26 +764,26 @@ function install_email_basic {
     sed -i 's|pam_mail.so standard noenv|pam_mail.so dir=~/Maildir standard|g' /etc/pam.d/sshd
     sed -i 's|pam_mail.so nopen|pam_mail.so dir=~/Maildir nopen|g' /etc/pam.d/su
 
-    echo "dc_eximconfig_configtype='internet'" > /etc/exim4/update-exim4.conf.conf
-    echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};mail.${DEFAULT_DOMAIN_NAME}'" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_local_interfaces=''" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_readhost=''" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_relay_domains=''" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_minimaldns='false'" >> /etc/exim4/update-exim4.conf.conf
+    { echo "dc_eximconfig_configtype='internet'";
+      echo "dc_other_hostnames='${DEFAULT_DOMAIN_NAME};mail.${DEFAULT_DOMAIN_NAME}'";
+      echo "dc_local_interfaces=''";
+      echo "dc_readhost=''";
+      echo "dc_relay_domains=''";
+      echo "dc_minimaldns='false'"; } > /etc/exim4/update-exim4.conf.conf
     IPv4_address=$(get_ipv4_address)
     IPv4_address_base=$(echo "$IPv4_address" | awk -F '.' '{print $1"."$2"."$3}')
     RELAY_NETS="${IPv4_address_base}.0/24"
-    if [ $LOCAL_NETWORK_STATIC_IP_ADDRESS ]; then
-        RELAY_NETS=$(echo $LOCAL_NETWORK_STATIC_IP_ADDRESS | awk -F '.' '{print $1 "." $2 "." $3 ".0/24"}')
+    if [ "$LOCAL_NETWORK_STATIC_IP_ADDRESS" ]; then
+        RELAY_NETS=$(awk "$LOCAL_NETWORK_STATIC_IP_ADDRESS" -F '.' '{print $1 "." $2 "." $3 ".0/24"}')
     fi
-    echo "dc_relay_nets='$RELAY_NETS'" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_smarthost=''" >> /etc/exim4/update-exim4.conf.conf
-    echo "CFILEMODE='644'" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_use_split_config='false'" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_hide_mailname=''" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_mailname_in_oh='true'" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_localdelivery='maildir_home'" >> /etc/exim4/update-exim4.conf.conf
-    echo "dc_main_log_selector=-all" >> /etc/exim4/update-exim4.conf.conf
+    { echo "dc_relay_nets='$RELAY_NETS'";
+      echo "dc_smarthost=''";
+      echo "CFILEMODE='644'";
+      echo "dc_use_split_config='false'";
+      echo "dc_hide_mailname=''";
+      echo "dc_mailname_in_oh='true'";
+      echo "dc_localdelivery='maildir_home'";
+      echo "dc_main_log_selector=-all"; } >> /etc/exim4/update-exim4.conf.conf
 
     echo "chunking_advertise_hosts =" > /etc/exim4/conf.d/main/04_exim4-config_chunking
 
@@ -855,7 +793,7 @@ function install_email_basic {
 
     email_install_tls
 
-    adduser $MY_USERNAME sasl
+    adduser "$MY_USERNAME" sasl
     addgroup Debian-exim sasl
     systemctl restart exim4
 
@@ -889,34 +827,34 @@ function create_procmail {
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
-    if [ ! -f /home/$MY_USERNAME/.procmailrc ]; then
-        echo 'MAILDIR=$HOME/Maildir' > /home/$MY_USERNAME/.procmailrc
-        echo 'DEFAULT=$MAILDIR/' >> /home/$MY_USERNAME/.procmailrc
-        echo 'LOGFILE=$HOME/log/procmail.log' >> /home/$MY_USERNAME/.procmailrc
-        echo 'LOGABSTRACT=all' >> /home/$MY_USERNAME/.procmailrc
-        echo '' >> /home/$MY_USERNAME/.procmailrc
-        echo '# Test for an empty or missing subject line' >> /home/$MY_USERNAME/.procmailrc
-        echo 'SUBJ_=$(formail -xSubject: \' >> /home/$MY_USERNAME/.procmailrc
-        echo "        | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*\$//g')" >> /home/$MY_USERNAME/.procmailrc
-        echo ':0' >> /home/$MY_USERNAME/.procmailrc
-        echo '  * SUBJ_ ?? ^^^^' >> /home/$MY_USERNAME/.procmailrc
-        echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
-        echo '' >> /home/$MY_USERNAME/.procmailrc
-        echo $"# Tripwire reports which have no violations don't need to be logged" >> /home/$MY_USERNAME/.procmailrc
-        echo ':0 BD:' >> /home/$MY_USERNAME/.procmailrc
+    if [ ! -f "/home/$MY_USERNAME/.procmailrc" ]; then
+        { echo "MAILDIR=\$HOME/Maildir";
+          echo "DEFAULT=\$MAILDIR/";
+          echo "LOGFILE=\$HOME/log/procmail.log";
+          echo 'LOGABSTRACT=all';
+          echo '';
+          echo '# Test for an empty or missing subject line';
+          echo "SUBJ_=\$(formail -xSubject: \\";
+          echo "        | expand | sed -e 's/^[ ]*//g' -e 's/[ ]*\$//g')";
+          echo ':0';
+          echo '  * SUBJ_ ?? ^^^^';
+          echo '/dev/null';
+          echo '';
+          echo $"# Tripwire reports which have no violations don't need to be logged";
+          echo ':0 BD:'; } > "/home/$MY_USERNAME/.procmailrc"
         TRIPWIRE_VIOLATIONS_STR=$'Total violations found:  0'
-        echo "  * .*$TRIPWIRE_VIOLATIONS_STR" >> /home/$MY_USERNAME/.procmailrc
-        echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
-        echo '' >> /home/$MY_USERNAME/.procmailrc
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
+        { echo "  * .*$TRIPWIRE_VIOLATIONS_STR";
+          echo '/dev/null';
+          echo ''; } >> "/home/$MY_USERNAME/.procmailrc"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.procmailrc"
     fi
 
-    mkdir -p /home/$MY_USERNAME/Maildir/admin/new
-    mkdir -p /home/$MY_USERNAME/Maildir/admin/cur
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Maildir/admin
+    mkdir -p "/home/$MY_USERNAME/Maildir/admin/new"
+    mkdir -p "/home/$MY_USERNAME/Maildir/admin/cur"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Maildir/admin"
 
     if [ ! -f /etc/skel/.procmailrc ]; then
-        cp /home/$MY_USERNAME/.procmailrc /etc/skel/.procmailrc
+        cp "/home/$MY_USERNAME/.procmailrc" /etc/skel/.procmailrc
         chown root:root /etc/skel/.procmailrc
     fi
 
@@ -929,11 +867,11 @@ function create_procmail {
 
 function handle_admin_emails {
     # keep emails for root in a separate folder
-    if [ -d /home/$MY_USERNAME/Maildir/admin ]; then
+    if [ -d "/home/$MY_USERNAME/Maildir/admin" ]; then
         return
     fi
 
-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "root@$DEFAULT_DOMAIN_NAME" -g admin --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "root@$DEFAULT_DOMAIN_NAME" -g admin --public no
 }
 
 function spam_filtering {
@@ -955,95 +893,96 @@ function spam_filtering {
     # This configuration is based on https://wiki.debian.org/DebianSpamAssassin
     sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
     sed -i '/domains = +local_domains : +relay_to_domains/a\    set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
-    sed -i 's/accept/accept condition = ${if eq{$acl_m0}{rfcnames} {1}{0}}/g' /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo 'warn  message = X-Spam-Score: $spam_score ($spam_bar)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo '      spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo 'warn  message = X-Spam-Flag: YES' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo '      spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo 'warn  message = X-Spam-Report: $spam_report' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo '      spam = nobody' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo '# reject spam at high scores (> 12)' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo 'deny  message = This message scored $spam_score spam points.' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo '      spam = nobody:true' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    echo '      condition = ${if >{$spam_score_int}{120}{1}{0}}' >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
-    # procmail configuration
-    echo '# get spamassassin to check emails' >> /home/$MY_USERNAME/.procmailrc
-    echo ':0fw: .spamassassin.lock' >> /home/$MY_USERNAME/.procmailrc
-    echo '  * < 256000' >> /home/$MY_USERNAME/.procmailrc
-    echo '| spamc' >> /home/$MY_USERNAME/.procmailrc
-    echo '# strong spam are discarded' >> /home/$MY_USERNAME/.procmailrc
-    echo ':0' >> /home/$MY_USERNAME/.procmailrc
-    echo '  * ^X-Spam-Level: \*\*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
-    echo '/dev/null' >> /home/$MY_USERNAME/.procmailrc
-    echo '# weak spam are kept just in case - clear this out every now and then' >> /home/$MY_USERNAME/.procmailrc
-    echo ':0' >> /home/$MY_USERNAME/.procmailrc
-    echo '  * ^X-Spam-Level: \*\*\*\*\*' >> /home/$MY_USERNAME/.procmailrc
-    echo 'maybe-spam/' >> /home/$MY_USERNAME/.procmailrc
-    echo '# otherwise, marginal spam goes here for revision' >> /home/$MY_USERNAME/.procmailrc
-    echo ':0' >> /home/$MY_USERNAME/.procmailrc
-    echo '  * ^X-Spam-Level: \*\*' >> /home/$MY_USERNAME/.procmailrc
-    echo 'spam/' >> /home/$MY_USERNAME/.procmailrc
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.procmailrc
-    echo '# get spamassassin to check emails' >> /etc/skel/.procmailrc
-    echo ':0fw: .spamassassin.lock' >> /etc/skel/.procmailrc
-    echo '  * < 256000' >> /etc/skel/.procmailrc
-    echo '| spamc' >> /etc/skel/.procmailrc
-    echo '# strong spam are discarded' >> /etc/skel/.procmailrc
-    echo ':0' >> /etc/skel/.procmailrc
-    echo '  * ^X-Spam-Level: \*\*\*\*\*\*' >> /etc/skel/.procmailrc
-    echo '/dev/null' >> /etc/skel/.procmailrc
-    echo '# weak spam are kept just in case - clear this out every now and then' >> /etc/skel/.procmailrc
-    echo ':0' >> /etc/skel/.procmailrc
-    echo '  * ^X-Spam-Level: \*\*\*\*\*' >> /etc/skel/.procmailrc
-    echo 'maybe-spam/' >> /etc/skel/.procmailrc
-    echo '# otherwise, marginal spam goes here for revision' >> /etc/skel/.procmailrc
-    echo ':0' >> /etc/skel/.procmailrc
-    echo '  * ^X-Spam-Level: \*\*' >> /etc/skel/.procmailrc
-    echo 'spam/' >> /etc/skel/.procmailrc
-    # filtering scripts
-    echo '#!/bin/bash' > /usr/bin/filterspam
-    echo 'for d in /home/*/ ; do' >> /usr/bin/filterspam
-    echo '    USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterspam
-    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterspam
-    echo '        MAILDIR=/home/$USERNAME/Maildir/.learn-spam' >> /usr/bin/filterspam
-    echo '        if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterspam
-    echo '           exit' >> /usr/bin/filterspam
-    echo '        fi' >> /usr/bin/filterspam
-    echo '        for f in `ls $MAILDIR/cur`' >> /usr/bin/filterspam
-    echo '        do' >> /usr/bin/filterspam
-    echo '            spamc -L spam < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterspam
-    echo '            rm "$MAILDIR/cur/$f"' >> /usr/bin/filterspam
-    echo '        done' >> /usr/bin/filterspam
-    echo '        for f in `ls $MAILDIR/new`' >> /usr/bin/filterspam
-    echo '        do' >> /usr/bin/filterspam
-    echo '            spamc -L spam < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterspam
-    echo '            rm "$MAILDIR/new/$f"' >> /usr/bin/filterspam
-    echo '        done' >> /usr/bin/filterspam
-    echo '    fi' >> /usr/bin/filterspam
-    echo 'done' >> /usr/bin/filterspam
-    echo 'exit 0' >> /usr/bin/filterspam
+    sed -i "s/accept/accept condition = \${if eq{\$acl_m0}{rfcnames} {1}{0}}/g" /etc/exim4/conf.d/acl/40_exim4-config_check_data
 
-    echo '#!/bin/bash' > /usr/bin/filterham
-    echo 'for d in /home/*/ ; do' >> /usr/bin/filterham
-    echo '    USERNAME=$(echo "$d" | awk -F '"'"'/'"'"' '"'"'{print $3}'"'"')' >> /usr/bin/filterham
-    echo '    if [[ $USERNAME != "git" && $USERNAME != "go" && $USERNAME != "gogs" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then' >> /usr/bin/filterham
-    echo '        MAILDIR=/home/$USERNAME/Maildir/.learn-ham' >> /usr/bin/filterham
-    echo '        if [ ! -d "$MAILDIR" ]; then' >> /usr/bin/filterham
-    echo '            exit' >> /usr/bin/filterham
-    echo '        fi' >> /usr/bin/filterham
-    echo '        for f in `ls $MAILDIR/cur`' >> /usr/bin/filterham
-    echo '        do' >> /usr/bin/filterham
-    echo '            spamc -L ham < "$MAILDIR/cur/$f" > /dev/null' >> /usr/bin/filterham
-    echo '            rm "$MAILDIR/cur/$f"' >> /usr/bin/filterham
-    echo '        done' >> /usr/bin/filterham
-    echo '        for f in `ls $MAILDIR/new`' >> /usr/bin/filterham
-    echo '        do' >> /usr/bin/filterham
-    echo '            spamc -L ham < "$MAILDIR/new/$f" > /dev/null' >> /usr/bin/filterham
-    echo '            rm "$MAILDIR/new/$f"' >> /usr/bin/filterham
-    echo '        done' >> /usr/bin/filterham
-    echo '    fi' >> /usr/bin/filterham
-    echo 'done' >> /usr/bin/filterham
-    echo 'exit 0' >> /usr/bin/filterham
+    { echo "warn  message = X-Spam-Score: \$spam_score (\$spam_bar)";
+      echo '      spam = nobody:true';
+      echo 'warn  message = X-Spam-Flag: YES';
+      echo '      spam = nobody';
+      echo "warn  message = X-Spam-Report: \$spam_report";
+      echo '      spam = nobody';
+      echo '# reject spam at high scores (> 12)';
+      echo "deny  message = This message scored \$spam_score spam points.";
+      echo '      spam = nobody:true';
+      echo "      condition = \${if >{\$spam_score_int}{120}{1}{0}}"; } >> /etc/exim4/conf.d/acl/40_exim4-config_check_data
+    # procmail configuration
+    { echo '# get spamassassin to check emails';
+      echo ':0fw: .spamassassin.lock';
+      echo '  * < 256000';
+      echo '| spamc';
+      echo '# strong spam are discarded';
+      echo ':0';
+      echo '  * ^X-Spam-Level: \*\*\*\*\*\*';
+      echo '/dev/null';
+      echo '# weak spam are kept just in case - clear this out every now and then';
+      echo ':0';
+      echo '  * ^X-Spam-Level: \*\*\*\*\*';
+      echo 'maybe-spam/';
+      echo '# otherwise, marginal spam goes here for revision';
+      echo ':0';
+      echo '  * ^X-Spam-Level: \*\*';
+      echo 'spam/'; } >> "/home/$MY_USERNAME/.procmailrc"
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.procmailrc"
+    { echo '# get spamassassin to check emails';
+      echo ':0fw: .spamassassin.lock';
+      echo '  * < 256000';
+      echo '| spamc';
+      echo '# strong spam are discarded';
+      echo ':0';
+      echo '  * ^X-Spam-Level: \*\*\*\*\*\*';
+      echo '/dev/null';
+      echo '# weak spam are kept just in case - clear this out every now and then';
+      echo ':0';
+      echo '  * ^X-Spam-Level: \*\*\*\*\*';
+      echo 'maybe-spam/';
+      echo '# otherwise, marginal spam goes here for revision';
+      echo ':0';
+      echo '  * ^X-Spam-Level: \*\*';
+      echo 'spam/'; } >> /etc/skel/.procmailrc
+    # filtering scripts
+    { echo '#!/bin/bash';
+      echo 'for d in /home/*/ ; do';
+      echo "    USERNAME=\$(echo \"\$d\" | awk -F '/' '{print \$3}')";
+      echo "    if [[ \$USERNAME != \"git\" && $USERNAME != \"go\" && \$USERNAME != \"gogs\" && \$USERNAME != \"sync\" && \$USERNAME != \"tahoelafs\" ]]; then";
+      echo "        MAILDIR=/home/\$USERNAME/Maildir/.learn-spam";
+      echo "        if [ ! -d \"\$MAILDIR\" ]; then";
+      echo '           exit';
+      echo '        fi';
+      echo "        for f in \$(ls \$MAILDIR/cur)";
+      echo '        do';
+      echo "            spamc -L spam < \"\$MAILDIR/cur/\$f\" > /dev/null";
+      echo "            rm \"\$MAILDIR/cur/\$f\"";
+      echo '        done';
+      echo "        for f in \$(ls \$MAILDIR/new)";
+      echo '        do';
+      echo "            spamc -L spam < \"\$MAILDIR/new/\$f\" > /dev/null";
+      echo "            rm \"\$MAILDIR/new/\$f\"";
+      echo '        done';
+      echo '    fi';
+      echo 'done';
+      echo 'exit 0'; } > /usr/bin/filterspam
+
+    { echo '#!/bin/bash';
+      echo 'for d in /home/*/ ; do';
+      echo "    USERNAME=\$(echo \"\$d\" | awk -F '/' '{print \$3}')";
+      echo "    if [[ \$USERNAME != \"git\" && \$USERNAME != \"go\" && \$USERNAME != \"gogs\" && \$USERNAME != \"sync\" && \$USERNAME != \"tahoelafs\" ]]; then";
+      echo "        MAILDIR=/home/\$USERNAME/Maildir/.learn-ham";
+      echo "        if [ ! -d \"\$MAILDIR\" ]; then";
+      echo '            exit';
+      echo '        fi';
+      echo "        for f in \$(ls \$MAILDIR/cur)";
+      echo '        do';
+      echo "            spamc -L ham < \"\$MAILDIR/cur/\$f\" > /dev/null";
+      echo "            rm \"\$MAILDIR/cur/\$f\"";
+      echo '        done';
+      echo "        for f in \$(ls \$MAILDIR/new)";
+      echo '        do';
+      echo "            spamc -L ham < \"\$MAILDIR/new/\$f\" > /dev/null";
+      echo "            rm \"\$MAILDIR/new/\$f\"";
+      echo '        done';
+      echo '    fi';
+      echo 'done';
+      echo 'exit 0'; } > /usr/bin/filterham
 
     function_check cron_add_mins
     cron_add_mins 3 '/usr/bin/timeout 120 /usr/bin/filterspam'
@@ -1053,54 +992,54 @@ function spam_filtering {
     sed -i 's/# bayes_auto_learn 1/bayes_auto_learn 1/g' /etc/mail/spamassassin/local.cf
 
     # user preferences
-    if [ ! -d /home/$MY_USERNAME/.spamassassin ]; then
-        mkdir /home/$MY_USERNAME/.spamassassin
-        echo $'# How many points before a mail is considered spam.' > /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# required_score        5' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# whitelist_from    someone@somewhere.com' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# Add your own customised scores for some tests below.  The default scores are' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# read from the installed spamassassin rules files, but you can override them' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# here.  To see the list of tests and their default scores, go to' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# http://spamassassin.apache.org/tests.html .' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '#' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# score SYMBOLIC_TEST_NAME n.nn' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# definitely want to uncomment the following lines.  They will switch off some' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# character sets, or that assume a western-style charset is in use. ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# ' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# score HTML_COMMENT_8BITS  0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# score UPPERCASE_25_50     0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# score UPPERCASE_50_75     0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# score UPPERCASE_75_100    0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# score OBSCURED_EMAIL      0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# Speakers of any language that uses non-English, accented characters may wish' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# to uncomment the following lines.   They turn off rules that fire on' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# misformatted messages generated by common mail apps in contravention of the' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo $'# email RFCs.' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '' >> /home/$MY_USERNAME/.spamassassin/user_prefs
-        echo '# score SUBJ_ILLEGAL_CHARS      0' >> /home/$MY_USERNAME/.spamassassin/user_prefs
+    if [ ! -d "/home/$MY_USERNAME/.spamassassin" ]; then
+        mkdir "/home/$MY_USERNAME/.spamassassin"
+        { echo $'# How many points before a mail is considered spam.';
+          echo '# required_score        5';
+          echo '';
+          echo $'# Whitelist and blacklist addresses are now file-glob-style patterns, so';
+          echo $'# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.';
+          echo '# whitelist_from    someone@somewhere.com';
+          echo '';
+          echo $'# Add your own customised scores for some tests below.  The default scores are';
+          echo $'# read from the installed spamassassin rules files, but you can override them';
+          echo $'# here.  To see the list of tests and their default scores, go to';
+          echo '# http://spamassassin.apache.org/tests.html .';
+          echo '#';
+          echo '# score SYMBOLIC_TEST_NAME n.nn';
+          echo '';
+          echo $'# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost';
+          echo $'# definitely want to uncomment the following lines.  They will switch off some';
+          echo $'# rules that detect 8-bit characters, which commonly trigger on mails using CJK';
+          echo $'# character sets, or that assume a western-style charset is in use. ';
+          echo '# ';
+          echo '# score HTML_COMMENT_8BITS  0';
+          echo '# score UPPERCASE_25_50     0';
+          echo '# score UPPERCASE_50_75     0';
+          echo '# score UPPERCASE_75_100    0';
+          echo '# score OBSCURED_EMAIL      0';
+          echo '';
+          echo $'# Speakers of any language that uses non-English, accented characters may wish';
+          echo $'# to uncomment the following lines.   They turn off rules that fire on';
+          echo $'# misformatted messages generated by common mail apps in contravention of the';
+          echo $'# email RFCs.';
+          echo '';
+          echo '# score SUBJ_ILLEGAL_CHARS      0'; } > "/home/$MY_USERNAME/.spamassassin/user_prefs"
     fi
     # this must be accessible by root
-    chown -R $MY_USERNAME:root /home/$MY_USERNAME/.spamassassin
+    chown -R "$MY_USERNAME":root "/home/$MY_USERNAME/.spamassassin"
 
     # script to keep spamassassin running
     # There is a systemd script from the debian package, but it doesn't restart on failure
     # and also doesn't ensure start after networking is up. If that is eventually fixed
     # then this script and the cron job which runs it can be removed.
     script_name=/usr/bin/run-spamassassin
-    echo '#!/bin/bash' > $script_name
-    echo 'current_state=$(systemctl status spamassassin)' >> $script_name
-    echo 'if [[ "$current_state" != *"(running)"* ]]; then' >> $script_name
-    echo '    systemctl restart spamassassin' >> $script_name
-    echo 'fi' >> $script_name
-    echo 'exit 0' >> $script_name
+    { echo '#!/bin/bash';
+      echo "current_state=\$(systemctl status spamassassin)";
+      echo "if [[ \"\$current_state\" != *\"(running)\"* ]]; then";
+      echo '    systemctl restart spamassassin';
+      echo 'fi';
+      echo 'exit 0'; } > $script_name
     chmod +x $script_name
 
     systemctl start spamassassin
@@ -1128,7 +1067,7 @@ function configure_imap {
     fi
 
     if [[ "$(cert_exists dovecot)" == "0" ]]; then
-        ${PROJECT_NAME}-addcert -h dovecot --dhkey $DH_KEYLENGTH
+        "${PROJECT_NAME}-addcert" -h dovecot --dhkey "$DH_KEYLENGTH"
         check_certificates dovecot
     fi
 
@@ -1141,8 +1080,8 @@ function configure_imap {
 
     chown root:default /etc/ssl/certs/dovecot.*
     chown root:default /etc/ssl/private/dovecot.*
-    chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
-    chown root:default /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.*
+    chown root:default "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*"
+    chown root:default "/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.*"
 
     if [ ! -f /etc/dovecot/conf.d/10-ssl.conf ]; then
         echo $'Unable to find /etc/dovecot/conf.d/10-ssl.conf'
@@ -1205,11 +1144,11 @@ function configure_imap {
 
     # Separate logging, otherwise syslog is used
     if ! grep -q "# logging" /etc/dovecot/dovecot.conf; then
-        echo '' >> /etc/dovecot/dovecot.conf
-        echo '# logging' >> /etc/dovecot/dovecot.conf
-        echo 'log_path = /var/log/dovecot.log' >> /etc/dovecot/dovecot.conf
-        echo 'info_log_path = /var/log/dovecot-info.log' >> /etc/dovecot/dovecot.conf
-        echo 'debug_log_path = /var/log/dovecot-debug.log' >> /etc/dovecot/dovecot.conf
+        { echo '';
+          echo '# logging';
+          echo 'log_path = /var/log/dovecot.log';
+          echo 'info_log_path = /var/log/dovecot-info.log';
+          echo 'debug_log_path = /var/log/dovecot-debug.log'; } >> /etc/dovecot/dovecot.conf
     fi
 
     systemctl restart dovecot
@@ -1232,59 +1171,59 @@ function configure_imap_client_certs {
     sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
     sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf
     if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
-        echo '' >> /etc/dovecot/conf.d/10-auth.conf
-        echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf
-        echo '  driver = passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
-        echo '  args = /etc/dovecot/passwd-file' >> /etc/dovecot/conf.d/10-auth.conf
-        echo '  deny = no' >> /etc/dovecot/conf.d/10-auth.conf
-        echo '  master = no' >> /etc/dovecot/conf.d/10-auth.conf
-        echo '  pass = no' >> /etc/dovecot/conf.d/10-auth.conf
-        echo '}' >> /etc/dovecot/conf.d/10-auth.conf
+        { echo '';
+          echo 'passdb {';
+          echo '  driver = passwd-file';
+          echo '  args = /etc/dovecot/passwd-file';
+          echo '  deny = no';
+          echo '  master = no';
+          echo '  pass = no';
+          echo '}'; } >> /etc/dovecot/conf.d/10-auth.conf
     fi
-    if [[ $ONION_ONLY == "no" ]]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
         # make a CA cert
-        if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
-            if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
-                ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
+        if [ ! -f "/etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" ]; then
+            if [[ "$LETSENCRYPT_ENABLED" != "yes" ]]; then
+                "${PROJECT_NAME}-addcert" -h "$DEFAULT_DOMAIN_NAME" --ca "" --dhkey "$DH_KEYLENGTH"
             else
-                ${PROJECT_NAME}-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --ca "" --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS
+                "${PROJECT_NAME}-addcert" -e "$DEFAULT_DOMAIN_NAME" -s "$LETSENCRYPT_SERVER" --ca "" --dhkey "$DH_KEYLENGTH" --email "$MY_EMAIL_ADDRESS"
             fi
         fi
     fi
     # CA configuration
-    echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
-    echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf
-    echo '' >> /etc/ssl/dovecot-ca.cnf
-    echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf
-    echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf
-    echo '' >> /etc/ssl/dovecot-ca.cnf
-    echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf
-    echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf
-    echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf
-    echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf
-    echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf
-    echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf
-    echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
-    echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
-    echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
-    echo 'default_bits = 2048' >> /etc/ssl/dovecot-ca.cnf
-    echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
-    echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
-    echo '' >> /etc/ssl/dovecot-ca.cnf
-    echo '[ dovecot-ca_policy ]' >> /etc/ssl/dovecot-ca.cnf
-    echo 'commonName = supplied' >> /etc/ssl/dovecot-ca.cnf
-    echo 'stateOrProvinceName = supplied' >> /etc/ssl/dovecot-ca.cnf
-    echo 'countryName = supplied' >> /etc/ssl/dovecot-ca.cnf
-    echo 'emailAddress = optional' >> /etc/ssl/dovecot-ca.cnf
-    echo 'organizationName = supplied' >> /etc/ssl/dovecot-ca.cnf
-    echo 'organizationalUnitName = optional' >> /etc/ssl/dovecot-ca.cnf
-    echo '' >> /etc/ssl/dovecot-ca.cnf
-    echo '[ dovecot-ca_extensions ]' >> /etc/ssl/dovecot-ca.cnf
-    echo 'basicConstraints = CA:false' >> /etc/ssl/dovecot-ca.cnf
-    echo 'subjectKeyIdentifier = hash' >> /etc/ssl/dovecot-ca.cnf
-    echo 'authorityKeyIdentifier = keyid:always' >> /etc/ssl/dovecot-ca.cnf
-    echo 'keyUsage = digitalSignature,keyEncipherment' >> /etc/ssl/dovecot-ca.cnf
-    echo 'extendedKeyUsage = clientAuth' >> /etc/ssl/dovecot-ca.cnf
+    { echo '[ ca ]';
+      echo "default_ca = dovecot-ca";
+      echo '';
+      echo '[ crl_ext ]';
+      echo 'authorityKeyIdentifier=keyid:always';
+      echo '';
+      echo '[ dovecot-ca ]';
+      echo 'new_certs_dir = .';
+      echo 'unique_subject = no';
+      echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt";
+      echo 'database = ssldb';
+      echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key";
+      echo 'serial = sslserial';
+      echo 'default_days = 3650';
+      echo 'default_md = sha256';
+      echo 'default_bits = 2048';
+      echo 'policy = dovecot-ca_policy';
+      echo 'x509_extensions = dovecot-ca_extensions';
+      echo '';
+      echo '[ dovecot-ca_policy ]';
+      echo 'commonName = supplied';
+      echo 'stateOrProvinceName = supplied';
+      echo 'countryName = supplied';
+      echo 'emailAddress = optional';
+      echo 'organizationName = supplied';
+      echo 'organizationalUnitName = optional';
+      echo '';
+      echo '[ dovecot-ca_extensions ]';
+      echo 'basicConstraints = CA:false';
+      echo 'subjectKeyIdentifier = hash';
+      echo 'authorityKeyIdentifier = keyid:always';
+      echo 'keyUsage = digitalSignature,keyEncipherment';
+      echo 'extendedKeyUsage = clientAuth'; } > /etc/ssl/dovecot-ca.cnf
     if [ -f /etc/ssl/ssldb ]; then
         rm /etc/ssl/ssldb
     fi
@@ -1309,41 +1248,42 @@ function create_gpg_subkey {
     apt-get -yq install gnupg
 
     GPG_KEY_USAGE=$1
-    if [[ $GPG_KEY_USAGE != "sign" && $GPG_KEY_USAGE != "auth" && $GPG_KEY_USAGE != "encrypt" ]]; then
+    if [[ "$GPG_KEY_USAGE" != "sign" && "$GPG_KEY_USAGE" != "auth" && "$GPG_KEY_USAGE" != "encrypt" ]]; then
         echo $"Unknown subkey usage: $GPG_KEY_USAGE"
         echo $'Available types: sign|auth|encrypt'
         exit 14783
     fi
 
-    KEYGRIP=$(gpg --fingerprint --fingerprint $MY_EMAIL_ADDRESS | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g')
+    KEYGRIP=$(gpg --fingerprint --fingerprint "$MY_EMAIL_ADDRESS" | grep fingerprint | tail -1 | cut -d= -f2 | sed -e 's/ //g')
 
     # Generate a GPG subkey
-    echo 'Key-Type: eddsa' > /home/$MY_USERNAME/gpg-genkey.conf
-    echo 'Key-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo "Key-Grip: $KEYGRIP" >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo 'Subkey-Type: eddsa' >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo "subkey-Usage: $GPG_KEY_USAGE" > /home/$MY_USERNAME/gpg-genkey.conf
-    echo "Name-Real:  $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo "Name-Comment: $GPG_KEY_USAGE" >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
-    echo "Passphrase: $PROJECT_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
-    chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
-    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
+    { echo 'Key-Type: eddsa';
+      echo 'Key-Curve: Ed25519';
+      echo "Key-Grip: $KEYGRIP";
+      echo 'Subkey-Type: eddsa';
+      echo "subkey-Usage: $GPG_KEY_USAGE";
+      echo "Name-Real:  $MY_NAME";
+      echo "Name-Email: $MY_EMAIL_ADDRESS";
+      echo "Name-Comment: $GPG_KEY_USAGE";
+      echo 'Expire-Date: 0';
+      echo "Passphrase: $PROJECT_NAME"; } > "/home/$MY_USERNAME/gpg-genkey.conf"
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/gpg-genkey.conf"
+    su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - "$MY_USERNAME"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
 
-    shred -zu /home/$MY_USERNAME/gpg-genkey.conf
+    shred -zu "/home/$MY_USERNAME/gpg-genkey.conf"
 
+    # shellcheck disable=SC2034
     MY_GPG_SUBKEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
 
     mark_completed "${FUNCNAME[0]}"
 }
 
 function gpg_key_exists {
-    key_owner_username=$1
-    key_search_text=$2
+    key_owner_username="$1"
+    key_search_text="$2"
     if [[ $key_owner_username != "root" ]]; then
-        KEY_EXISTS=$(su -c "gpg --list-keys \"${key_search_text}\"" - $key_owner_username)
+        KEY_EXISTS=$(su -c "gpg --list-keys \"${key_search_text}\"" - "$key_owner_username")
     else
         KEY_EXISTS=$(gpg --list-keys "${key_search_text}")
     fi
@@ -1351,7 +1291,7 @@ function gpg_key_exists {
         echo "no"
         return
     fi
-    if [ "$KEY_EXISTS" == *"error"* ]; then
+    if [[ "$KEY_EXISTS" == *"error"* ]]; then
         echo "no"
         return
     fi
@@ -1370,17 +1310,17 @@ function configure_gpg {
 
     check_email_address_exists
 
-    gpg_dir=/home/$MY_USERNAME/.gnupg
+    gpg_dir="/home/$MY_USERNAME/.gnupg"
 
     # if gpg keys directory was previously imported from usb
-    if [ -d $gpg_dir ]; then
+    if [ -d "$gpg_dir" ]; then
         echo $'GPG directory exists'
     else
         echo $"GPG directory $gpg_dir was not found"
     fi
-    if [ -d $gpg_dir ]; then
+    if [ -d "$gpg_dir" ]; then
         echo $'GPG keys were imported'
-        sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
+        sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" "$gpg_dir/gpg.conf"
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
         if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
             echo $'GPG public key ID could not be obtained'
@@ -1388,12 +1328,12 @@ function configure_gpg {
             if [[ "$MY_GPG_PUBLIC_KEY_ID" == *'error'* ]]; then
                 echo $"Can't locate gpg key"
             else
-                chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
-                chmod 700 $gpg_dir
-                chmod 600 $gpg_dir/*
-                printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /home/$MY_USERNAME/.gnupg/S.dirmngr
-                if [ -d /home/$MY_USERNAME/.gnupg/crls.d ]; then
-                    chmod +x /home/$MY_USERNAME/.gnupg/crls.d
+                chown -R "$MY_USERNAME":"$MY_USERNAME" "$gpg_dir"
+                chmod 700 "$gpg_dir"
+                chmod 600 "$gpg_dir/*"
+                printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "/home/$MY_USERNAME/.gnupg/S.dirmngr"
+                if [ -d "/home/$MY_USERNAME/.gnupg/crls.d" ]; then
+                    chmod +x "/home/$MY_USERNAME/.gnupg/crls.d"
                 fi
                 mark_completed "${FUNCNAME[0]}"
                 return
@@ -1401,34 +1341,34 @@ function configure_gpg {
         fi
     fi
 
-    if [ ! -d $gpg_dir ]; then
-        mkdir $gpg_dir
-        echo "keyserver $GPG_KEYSERVER" >> $gpg_dir/gpg.conf
-        echo 'keyserver-options auto-key-retrieve' >> $gpg_dir/gpg.conf
+    if [ ! -d "$gpg_dir" ]; then
+        mkdir "$gpg_dir"
+        echo "keyserver $GPG_KEYSERVER" >> "$gpg_dir/gpg.conf"
+        echo 'keyserver-options auto-key-retrieve' >> "$gpg_dir/gpg.conf"
     fi
 
-    sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" $gpg_dir/gpg.conf
+    sed -i "s|keyserver hkp://keys.gnupg.net|keyserver $GPG_KEYSERVER|g" "$gpg_dir/gpg.conf"
 
     gpg_agent_setup root
-    gpg_agent_setup $MY_USERNAME
+    gpg_agent_setup "$MY_USERNAME"
 
-    if ! grep -q "# default preferences" $gpg_dir/gpg.conf; then
-        echo '' >> $gpg_dir/gpg.conf
-        echo '# default preferences' >> $gpg_dir/gpg.conf
-        echo 'personal-digest-preferences SHA256' >> $gpg_dir/gpg.conf
-        echo 'cert-digest-algo SHA256' >> $gpg_dir/gpg.conf
-        echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed' >> $gpg_dir/gpg.conf
+    if ! grep -q "# default preferences" "$gpg_dir/gpg.conf"; then
+        { echo '';
+          echo '# default preferences';
+          echo 'personal-digest-preferences SHA256';
+          echo 'cert-digest-algo SHA256';
+          echo 'default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed'; } >> "$gpg_dir/gpg.conf"
     fi
 
-    chown -R $MY_USERNAME:$MY_USERNAME $gpg_dir
-    chmod 700 $gpg_dir
-    chmod 600 $gpg_dir/*
-    printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > $gpg_dir/S.dirmngr
-    if [ -d $gpg_dir/crls.d ]; then
-        chmod +x $gpg_dir/crls.d
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "$gpg_dir"
+    chmod 700 "$gpg_dir"
+    chmod 600 "$gpg_dir/*"
+    printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > "$gpg_dir/S.dirmngr"
+    if [ -d "$gpg_dir/crls.d" ]; then
+        chmod +x "$gpg_dir/crls.d"
     fi
 
-    if [[ $MY_GPG_PUBLIC_KEY && $MY_GPG_PRIVATE_KEY ]]; then
+    if [[ "$MY_GPG_PUBLIC_KEY" && "$MY_GPG_PRIVATE_KEY" ]]; then
         echo $'Importing GPG keys from file'
         echo $"Public key:  $MY_GPG_PUBLIC_KEY"
         echo $"Private key: $MY_GPG_PRIVATE_KEY"
@@ -1444,8 +1384,8 @@ function configure_gpg {
             exit 5383
         fi
 
-        gpg_import_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY
-        gpg_import_private_key $MY_USERNAME $MY_GPG_PRIVATE_KEY
+        gpg_import_public_key "$MY_USERNAME" "$MY_GPG_PUBLIC_KEY"
+        gpg_import_private_key "$MY_USERNAME" "$MY_GPG_PRIVATE_KEY"
 
         KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
         if [[ $KEY_EXISTS == "no" ]]; then
@@ -1461,18 +1401,18 @@ function configure_gpg {
         fi
     else
         # Generate a GPG key
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
-            gpg_create_key $MY_USERNAME $(printf `cat $IMAGE_PASSWORD_FILE`)
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+            gpg_create_key "$MY_USERNAME" "$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            gpg_create_key $MY_USERNAME $PROJECT_NAME
+            gpg_create_key "$MY_USERNAME" "$PROJECT_NAME"
         fi
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
         MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
-        gpg_export_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY_ID $MY_GPG_PUBLIC_KEY
+        gpg_export_public_key "$MY_USERNAME" "$MY_GPG_PUBLIC_KEY_ID" "$MY_GPG_PUBLIC_KEY"
     fi
 
     if [ ! -d /root/.gnupg ]; then
-        cp -r /home/$MY_USERNAME/.gnupg /root/
+        cp -r "/home/$MY_USERNAME/.gnupg" /root/
         chmod 700 /root/.gnupg
         chmod 600 /root/.gnupg/*
         printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > /root/.gnupg/S.dirmngr
@@ -1486,19 +1426,19 @@ function configure_gpg {
 
 function refresh_gpg_keys {
     REFRESH_GPG_KEYS_SCRIPT=/tmp/update-gpg-keys
-    echo '#!/bin/bash' > $REFRESH_GPG_KEYS_SCRIPT
-    echo "if [ -f /usr/local/bin/${PROJECT_NAME}-sec ]; then" >> $REFRESH_GPG_KEYS_SCRIPT
-    echo "    /usr/bin/timeout 600 /usr/local/bin/${PROJECT_NAME}-sec --refresh yes" >> $REFRESH_GPG_KEYS_SCRIPT
-    echo 'else' >> $REFRESH_GPG_KEYS_SCRIPT
-    echo "    /usr/bin/timeout 600 /usr/bin/${PROJECT_NAME}-sec --refresh yes" >> $REFRESH_GPG_KEYS_SCRIPT
-    echo 'fi' >> $REFRESH_GPG_KEYS_SCRIPT
-    echo 'exit 0' >> $REFRESH_GPG_KEYS_SCRIPT
-    chmod +x $REFRESH_GPG_KEYS_SCRIPT
+    { echo '#!/bin/bash';
+      echo "if [ -f /usr/local/bin/${PROJECT_NAME}-sec ]; then";
+      echo "    /usr/bin/timeout 600 /usr/local/bin/${PROJECT_NAME}-sec --refresh yes";
+      echo 'else';
+      echo "    /usr/bin/timeout 600 /usr/bin/${PROJECT_NAME}-sec --refresh yes";
+      echo 'fi';
+      echo 'exit 0'; } > "$REFRESH_GPG_KEYS_SCRIPT"
+    chmod +x "$REFRESH_GPG_KEYS_SCRIPT"
 
     if [ ! -f /usr/bin/update-gpg-keys ]; then
-        cp $REFRESH_GPG_KEYS_SCRIPT /usr/bin/update-gpg-keys
+        cp "$REFRESH_GPG_KEYS_SCRIPT" /usr/bin/update-gpg-keys
     else
-        HASH1=$(sha256sum $REFRESH_GPG_KEYS_SCRIPT | awk -F ' ' '{print $1}')
+        HASH1=$(sha256sum "$REFRESH_GPG_KEYS_SCRIPT" | awk -F ' ' '{print $1}')
         HASH2=$(sha256sum /usr/bin/update-gpg-keys | awk -F ' ' '{print $1}')
         if [[ "$HASH1" != "$HASH2" ]]; then
             cp $REFRESH_GPG_KEYS_SCRIPT /usr/bin/update-gpg-keys
diff --git a/src/freedombone-base-tripwire b/src/freedombone-base-tripwire
index 9769b077..e05a79c0 100755
--- a/src/freedombone-base-tripwire
+++ b/src/freedombone-base-tripwire
@@ -37,7 +37,7 @@ function backup_remote_tripwire {
 }
 
 function remove_tripwire {
-    if ! grep -Fxq "tripwire" $COMPLETION_FILE; then
+    if ! grep -Fxq "tripwire" "$COMPLETION_FILE"; then
         return
     fi
     apt-get -yq remove --purge tripwire
@@ -45,7 +45,7 @@ function remove_tripwire {
         rm -rf /etc/tripwire
     fi
     rm /usr/bin/reset-tripwire
-    sed -i '/tripwire/d' $COMPLETION_FILE
+    sed -i '/tripwire/d' "$COMPLETION_FILE"
 }
 
 function install_tripwire {
@@ -60,35 +60,35 @@ function install_tripwire {
 
     apt-get -yq install tripwire qrencode
     apt-get -yq autoremove
-    cd /etc/tripwire
+    cd /etc/tripwire || exit 246852845
 
-    echo 'ROOT          =/usr/sbin' > /etc/tripwire/twcfg.txt
-    echo 'POLFILE       =/etc/tripwire/tw.pol' >> /etc/tripwire/twcfg.txt
-    echo 'DBFILE        =/var/lib/tripwire/$(HOSTNAME).twd' >> /etc/tripwire/twcfg.txt
-    echo 'REPORTFILE    =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr' >> /etc/tripwire/twcfg.txt
-    echo 'SITEKEYFILE   =/etc/tripwire/$(HOSTNAME)-site.key' >> /etc/tripwire/twcfg.txt
-    echo 'LOCALKEYFILE  =/etc/tripwire/$(HOSTNAME)-local.key' >> /etc/tripwire/twcfg.txt
-    echo 'EDITOR        =/usr/bin/editor' >> /etc/tripwire/twcfg.txt
-    echo 'LATEPROMPTING =false' >> /etc/tripwire/twcfg.txt
-    echo 'LOOSEDIRECTORYCHECKING =false' >> /etc/tripwire/twcfg.txt
-    echo 'MAILNOVIOLATIONS =false' >> /etc/tripwire/twcfg.txt
-    echo 'EMAILREPORTLEVEL =3' >> /etc/tripwire/twcfg.txt
-    echo 'REPORTLEVEL   =3' >> /etc/tripwire/twcfg.txt
-    echo 'SYSLOGREPORTING =false' >> /etc/tripwire/twcfg.txt
-    echo 'MAILMETHOD    =SENDMAIL' >> /etc/tripwire/twcfg.txt
-    echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t' >> /etc/tripwire/twcfg.txt
-    echo 'SMTPHOST      =localhost' >> /etc/tripwire/twcfg.txt
-    echo 'SMTPPORT      =25' >> /etc/tripwire/twcfg.txt
-    echo 'TEMPDIRECTORY =/tmp' >> /etc/tripwire/twcfg.txt
-    echo 'MAILFROMADDRESS =tripwire@$(HOSTNAME)' >> /etc/tripwire/twcfg.txt
+    { echo 'ROOT          =/usr/sbin';
+      echo 'POLFILE       =/etc/tripwire/tw.pol';
+      echo "DBFILE        =/var/lib/tripwire/\$(HOSTNAME).twd";
+      echo "REPORTFILE    =/var/lib/tripwire/report/\$(HOSTNAME)-\$(DATE).twr";
+      echo "SITEKEYFILE   =/etc/tripwire/\$(HOSTNAME)-site.key";
+      echo "LOCALKEYFILE  =/etc/tripwire/\$(HOSTNAME)-local.key";
+      echo 'EDITOR        =/usr/bin/editor';
+      echo 'LATEPROMPTING =false';
+      echo 'LOOSEDIRECTORYCHECKING =false';
+      echo 'MAILNOVIOLATIONS =false';
+      echo 'EMAILREPORTLEVEL =3';
+      echo 'REPORTLEVEL   =3';
+      echo 'SYSLOGREPORTING =false';
+      echo 'MAILMETHOD    =SENDMAIL';
+      echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t';
+      echo 'SMTPHOST      =localhost';
+      echo 'SMTPPORT      =25';
+      echo 'TEMPDIRECTORY =/tmp';
+      echo "MAILFROMADDRESS =tripwire@\$(HOSTNAME)"; } > /etc/tripwire/twcfg.txt
 
     echo '
 
-       ' | twadmin --generate-keys -L /etc/tripwire/${HOSTNAME}-local.key -S /etc/tripwire/${HOSTNAME}-site.key
+       ' | twadmin --generate-keys -L "/etc/tripwire/${HOSTNAME}-local.key" -S "/etc/tripwire/${HOSTNAME}-site.key"
 
     echo '
 
-       ' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
+       ' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt
 
     # make a script for easy resetting of the tripwire
     echo '#!/bin/sh' > /usr/bin/reset-tripwire
@@ -137,14 +137,14 @@ function install_tripwire {
     sed -i '/\/usr\/local\/bin/d' /etc/tripwire/twpol.txt
 
     # Avoid logging the changed database
-    sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
+    sed -i "s|\$(TWETC)/tw.pol.*||g" /etc/tripwire/twpol.txt
     # site key name
-    sed -i 's|$(TWETC)/site.key|$(TWETC)/$(HOSTNAME)-site.key|g' /etc/tripwire/twpol.txt
+    sed -i "s|$(TWETC)/site.key|\$(TWETC)/\$(HOSTNAME)-site.key|g" /etc/tripwire/twpol.txt
 
     # create the policy
     echo '
 
-       ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
+       ' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt
 
     mark_completed "${FUNCNAME[0]}"
 }
diff --git a/src/freedombone-client b/src/freedombone-client
index 3c678792..370f7167 100755
--- a/src/freedombone-client
+++ b/src/freedombone-client
@@ -55,11 +55,11 @@ if [ ! -f $MAIN_PROJECT_FILE ]; then
 fi
 
 # ssh (from https://stribika.github.io/2015/01/04/secure-secure-shell.html)
-UTILS_SSH=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh
-SSH_CIPHERS=$(cat $UTILS_SSH | grep 'SSH_CIPHERS=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_MACS=$(cat $UTILS_SSH | grep 'SSH_MACS=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_KEX=$(cat $UTILS_SSH | grep 'SSH_KEX=' | head -n 1 | awk -F '"' '{print $2}')
-SSH_HOST_KEY_ALGORITHMS=$(cat $UTILS_SSH | grep 'SSH_HOST_KEY_ALGORITHMS=' | head -n 1 | awk -F '"' '{print $2}')
+UTILS_SSH="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-ssh"
+SSH_CIPHERS=$(grep 'SSH_CIPHERS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_MACS=$(grep 'SSH_MACS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_KEX=$(grep 'SSH_KEX=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
+SSH_HOST_KEY_ALGORITHMS=$(grep 'SSH_HOST_KEY_ALGORITHMS=' "$UTILS_SSH" | head -n 1 | awk -F '"' '{print $2}')
 
 # refresh gpg keys every few hours
 REFRESH_GPG_KEYS_HOURS=2
@@ -74,7 +74,7 @@ function global_rate_limit {
     fi
 
     sudo cp $SYSCTL_FILE ~/sysctl.conf
-    sudo chown $CURR_USER:$CURR_GROUP ~/sysctl.conf
+    sudo chown "$CURR_USER":"$CURR_GROUP" ~/sysctl.conf
     if ! grep -q "tcp_challenge_ack_limit" ~/sysctl.conf; then
         echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> ~/sysctl.conf
     else
@@ -94,7 +94,7 @@ function refresh_gpg_keys {
         fi
     fi
     sudo cp /etc/crontab ~/temp_crontab
-    sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab
+    sudo chown "$CURR_USER":"$CURR_GROUP" ~/temp_crontab
     if ! grep -q 'gpg --refresh-keys' ~/temp_crontab; then
         echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
         sudo cp ~/temp_crontab /etc/crontab
@@ -105,8 +105,9 @@ function refresh_gpg_keys {
 
 # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
 function ssh_remove_small_moduli {
-    sudo awk '$5 > 2000' /etc/ssh/moduli > /home/$CURR_USER/moduli
-    sudo mv /home/$CURR_USER/moduli /etc/ssh/moduli
+    # shellcheck disable=SC2024
+    sudo awk '$5 > 2000' /etc/ssh/moduli > "/home/$CURR_USER/moduli"
+    sudo mv "/home/$CURR_USER/moduli" /etc/ssh/moduli
 }
 
 function configure_ssh_client {
@@ -124,7 +125,7 @@ function configure_ssh_client {
     sudo sed -i "s/HostKeyAlgorithms.*/HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS/g" /etc/ssh/ssh_config
     if ! grep -q "HostKeyAlgorithms" /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
@@ -134,7 +135,7 @@ function configure_ssh_client {
     sudo sed -i "s/Ciphers.*/Ciphers $SSH_CIPHERS/g" /etc/ssh/ssh_config
     if ! grep -q "Ciphers " /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   Ciphers $SSH_CIPHERS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
@@ -142,17 +143,17 @@ function configure_ssh_client {
     sudo sed -i "s/MACs.*/MACs $SSH_MACS/g" /etc/ssh/ssh_config
     if ! grep -q "MACs " /etc/ssh/ssh_config; then
         sudo cp /etc/ssh/ssh_config ~/ssh_config
-        sudo chown $CURR_USER:$CURR_GROUP ~/ssh_config
+        sudo chown "$CURR_USER":"$CURR_GROUP" ~/ssh_config
         echo "   MACs $SSH_MACS" >> ~/ssh_config
         sudo mv ~/ssh_config /etc/ssh/ssh_config
         sudo chown root:root /etc/ssh/ssh_config
     fi
 
     # Create ssh keys
-    if [ ! -f /home/$CURR_USER/.ssh/id_ed25519 ]; then
+    if [ ! -f "/home/$CURR_USER/.ssh/id_ed25519" ]; then
         ssh-keygen -t ed25519 -o -a 100
     fi
-    if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
+    if [ ! -f "/home/$CURR_USER/.ssh/id_rsa" ]; then
         ssh-keygen -t rsa -b 2048 -o -a 100
     fi
 
@@ -170,20 +171,20 @@ function configure_ssh_client {
     fi
     if ! grep -q "# ${PROJECT_NAME} settings" ~/.ssh/config; then
         if ! grep -q 'ProxyCommand' ~/.ssh/config; then
-            echo "# ${PROJECT_NAME} settings start" >> ~/.ssh/config
-            echo 'Host *.onion' >> ~/.ssh/config
-            echo '  ServerAliveInterval 60' >> ~/.ssh/config
-            echo '  ServerAliveCountMax 3' >> ~/.ssh/config
+            { echo "# ${PROJECT_NAME} settings start";
+              echo 'Host *.onion';
+              echo '  ServerAliveInterval 60';
+              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
 
-            if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then
+            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
                 echo "  ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect %h %p ; $proxycmd'" >> ~/.ssh/config
             else
                 echo "  ProxyCommand $proxycmd" >> ~/.ssh/config
             fi
-            echo 'Host *' >> ~/.ssh/config
-            echo '  ServerAliveInterval 60' >> ~/.ssh/config
-            echo '  ServerAliveCountMax 3' >> ~/.ssh/config
-            if [[ $ENABLE_MONKEYSPHERE == $'yes' || $ENABLE_MONKEYSPHERE == $'y' ]]; then
+            { echo 'Host *';
+              echo '  ServerAliveInterval 60';
+              echo '  ServerAliveCountMax 3'; } >> ~/.ssh/config
+            if [[ "$ENABLE_MONKEYSPHERE" == $'yes' || "$ENABLE_MONKEYSPHERE" == $'y' ]]; then
                 echo '  ProxyCommand monkeysphere ssh-proxycommand %h %p' >> ~/.ssh/config
             fi
             echo "# ${PROJECT_NAME} settings end" >> ~/.ssh/config
@@ -194,8 +195,8 @@ function configure_ssh_client {
     echo $'Go to the Administrator Control Panel, select "Manage Users", '
     echo $'"Change user ssh public key" then "yes" and paste the following:'
     echo ''
-    echo $(cat /home/$CURR_USER/.ssh/id_rsa.pub)
-    echo $(cat /home/$CURR_USER/.ssh/id_ed25519.pub)
+    cat "/home/$CURR_USER/.ssh/id_rsa.pub"
+    cat "/home/$CURR_USER/.ssh/id_ed25519.pub"
     echo ''
     echo $'Then go to "Security Settings", select "Allow ssh login with passwords"'
     echo $'and set it to "no".'
@@ -222,37 +223,37 @@ function setup_client_app_irc {
     else
         sudo pacman -S --noconfirm hexchat tor
     fi
-    if [ ! -d /home/$CURR_USER/.config/hexchat ]; then
-        mkdir -p /home/$CURR_USER/.config/hexchat
+    if [ ! -d "/home/$CURR_USER/.config/hexchat" ]; then
+        mkdir -p "/home/$CURR_USER/.config/hexchat"
     fi
-    echo 'net_proxy_host = 127.0.0.1' > /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_port = 9050' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_type = 3' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_use = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+    { echo 'net_proxy_host = 127.0.0.1';
+      echo 'net_proxy_port = 9050';
+      echo 'net_proxy_type = 3';
+      echo 'net_proxy_use = 0';
 
-    echo 'net_proxy_auth = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_pass = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'net_proxy_user = HexChat' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'net_proxy_auth = 1';
+      echo 'net_proxy_pass = HexChat';
+      echo 'net_proxy_user = HexChat';
 
-    echo 'dcc_auto_chat = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'dcc_auto_resume = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'dcc_auto_send = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_hide_version = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'identd = 0' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'dcc_auto_chat = 0';
+      echo 'dcc_auto_resume = 0';
+      echo 'dcc_auto_send = 0';
+      echo 'irc_hide_version = 1';
+      echo 'identd = 0';
 
-    echo 'away_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_part_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo 'irc_quit_reason =' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'away_reason =';
+      echo 'irc_part_reason =';
+      echo 'irc_quit_reason =';
 
-    echo "irc_real_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_user_name = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick1 = ${USER}" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick2 = ${USER}_" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
-    echo "irc_nick3 = ${USER}__" >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo "irc_real_name = ${USER}";
+      echo "irc_user_name = ${USER}";
+      echo "irc_nick1 = ${USER}";
+      echo "irc_nick2 = ${USER}_";
+      echo "irc_nick3 = ${USER}__";
 
-    echo 'completion_suffix = :' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'completion_suffix = :';
 
-    echo 'gui_slist_skip = 1' >> /home/$CURR_USER/.config/hexchat/hexchat.conf
+      echo 'gui_slist_skip = 1'; } > "/home/$CURR_USER/.config/hexchat/hexchat.conf"
 
     echo $'hexchat configured'
 }
@@ -272,8 +273,8 @@ function setup_client_app {
 
 function remove_known_hosts_entries {
     # remove any previous freedombone entries from known hosts
-    if [ -f /home/$CURR_USER/.ssh/known_hosts ]; then
-        sed -i "/${PROJECT_NAME}.local/d" /home/$CURR_USER/.ssh/known_hosts
+    if [ -f "/home/$CURR_USER/.ssh/known_hosts" ]; then
+        sed -i "/${PROJECT_NAME}.local/d" "/home/$CURR_USER/.ssh/known_hosts"
     fi
 }
 
diff --git a/src/freedombone-clientcert b/src/freedombone-clientcert
index 6c9750e1..7473bf49 100755
--- a/src/freedombone-clientcert
+++ b/src/freedombone-clientcert
@@ -59,34 +59,34 @@ function show_help {
 
 while [ $# -gt 1 ]
 do
-key="$1"
+    key="$1"
 
-case $key in
-    --help)
-    show_help
-    ;;
-    -u|--username)
+    case $key in
+        --help)
+            show_help
+            ;;
+        -u|--username)
+            shift
+            USERNAME="$1"
+            ;;
+        *)
+            # unknown option
+            ;;
+    esac
     shift
-    USERNAME="$1"
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
-shift
 done
 
-if [ ! $USERNAME ]; then
+if [ ! "$USERNAME" ]; then
     echo $'No username specified'
     exit 5748
 fi
 
-if [ ! -d /home/$USERNAME ]; then
+if [ ! -d "/home/$USERNAME" ]; then
     echo $"User $USERNAME not found"
     exit 76239
 fi
 
-if [ -d /home/$USERNAME/emailcert ]; then
+if [ -d "/home/$USERNAME/emailcert" ]; then
     echo $'Client certs were already for created'
     exit 2953
 fi
@@ -97,75 +97,71 @@ fi
 
 # Add a user password
 if ! grep -q "$USERNAME:{plain}" /etc/dovecot/passwd-file; then
-  echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file
+    echo "$USERNAME:{plain}::::::nopassword" >> /etc/dovecot/passwd-file
 fi
 
 chmod 600 /etc/dovecot/passwd-file
 
 # create a user cert
-${PROJECT_NAME}-addcert -h $USERNAME --nodh ""
+"${PROJECT_NAME}-addcert" -h "$USERNAME" --nodh ""
 
-if [ ! -f /etc/ssl/private/$USERNAME.key ]; then
+if [ ! -f "/etc/ssl/private/$USERNAME.key" ]; then
     echo $'User certificates were not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 74835
 fi
 
 # create a certificate request
 openssl req -new -sha256 -subj \
         "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$USERNAME" \
-        -key /etc/ssl/private/$USERNAME.key \
-        -out /etc/ssl/requests/$USERNAME.csr
+        -key "/etc/ssl/private/$USERNAME.key" \
+        -out "/etc/ssl/requests/$USERNAME.csr"
 
-if [ ! -f /etc/ssl/requests/$USERNAME.csr ]; then
+if [ ! -f "/etc/ssl/requests/$USERNAME.csr" ]; then
     echo $'Certificate request was not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 83520
 fi
 
 # sign the certificate request
-cd /etc/ssl
+cd /etc/ssl || exit 742742542
 openssl ca -config /etc/ssl/dovecot-ca.cnf \
-        -in /etc/ssl/requests/$USERNAME.csr \
-        -out /etc/ssl/certs/$USERNAME.cer
+        -in "/etc/ssl/requests/$USERNAME.csr" \
+        -out "/etc/ssl/certs/$USERNAME.cer"
 
-if [ ! -f /etc/ssl/certs/$USERNAME.cer ]; then
+if [ ! -f "/etc/ssl/certs/$USERNAME.cer" ]; then
     echo $'Authentication certificate was not created'
-    rm -rf /home/$USERNAME/emailcert
+    rm -rf "/home/$USERNAME/emailcert"
     exit 343569
 fi
 
 # move the cert to the user's home
-mkdir /home/$USERNAME/emailcert
-mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert
-cp /etc/ssl/certs/dovecot.crt /home/$USERNAME/emailcert
-cp /etc/ssl/certs/ca-$HOSTNAME.crt /home/$USERNAME/emailcert
-mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert
-mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert
-openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer \
-        -out /home/$USERNAME/emailcert/$USERNAME.p12 \
-        -inkey /home/$USERNAME/emailcert/$USERNAME.key \
-        -certfile /home/$USERNAME/emailcert/ca-$HOSTNAME.crt \
+mkdir "/home/$USERNAME/emailcert"
+mv "/etc/ssl/certs/$USERNAME.cer" "/home/$USERNAME/emailcert"
+cp "/etc/ssl/certs/dovecot.crt" "/home/$USERNAME/emailcert"
+cp "/etc/ssl/certs/ca-$HOSTNAME.crt" "/home/$USERNAME/emailcert"
+mv "/etc/ssl/private/$USERNAME.key" "/home/$USERNAME/emailcert"
+mv "/etc/ssl/certs/$USERNAME.crt" "/home/$USERNAME/emailcert"
+openssl pkcs12 -export -in "/home/$USERNAME/emailcert/$USERNAME.cer" \
+        -out "/home/$USERNAME/emailcert/$USERNAME.p12" \
+        -inkey "/home/$USERNAME/emailcert/$USERNAME.key" \
+        -certfile "/home/$USERNAME/emailcert/ca-$HOSTNAME.crt" \
         -password pass:""
 
 # make an install script
-echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh
-echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv $USERNAME.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv dovecot.crt /etc/ssl/certs" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo "sudo mv $USERNAME.key /etc/ssl/private" >> \
-     /home/$USERNAME/emailcert/install.sh
-echo 'exit 0' >> /home/$USERNAME/emailcert/install.sh
+{ echo '#!/bin/bash';
+  echo "sudo mv ca-$HOSTNAME.crt /etc/ssl/certs";
+  echo "sudo mv $USERNAME.crt /etc/ssl/certs";
+  echo "sudo mv dovecot.crt /etc/ssl/certs";
+  echo "sudo mv $USERNAME.key /etc/ssl/private";
+  echo 'exit 0'; } > "/home/$USERNAME/emailcert/install.sh"
 
 # set permissions for the user
-chmod -R 755 /home/$USERNAME/emailcert
-chown -R $USERNAME:$USERNAME /home/$USERNAME/emailcert
-chmod +x /home/$USERNAME/emailcert/install.sh
+chmod -R 755 "/home/$USERNAME/emailcert"
+chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/emailcert"
+chmod +x "/home/$USERNAME/emailcert/install.sh"
 
-shred -zu /etc/ssl/requests/$USERNAME.csr
+shred -zu "/etc/ssl/requests/$USERNAME.csr"
 
 echo $'Email authentication certificate created. You can obtain it on the client with:'
 echo ''
diff --git a/src/freedombone-config b/src/freedombone-config
index 70db151c..c2fc3eec 100755
--- a/src/freedombone-config
+++ b/src/freedombone-config
@@ -43,7 +43,7 @@ export TEXTDOMAINDIR="/usr/share/locale"
 FREEDOMBONE_WEBSITE="https://freedombone.net or http://4fvfozz6g3zmvf76.onion"
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # file containing new password
 IMAGE_PASSWORD_FILE=/root/login.txt
@@ -118,18 +118,18 @@ function please_wait {
         echo -n ''
 }
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 function show_help {
@@ -157,23 +157,25 @@ function choose_email_address {
         while [ ${#MY_EMAIL_ADDRESS} -lt 5 ]
         do
             EMAIL_ADDRESS=$(grep 'MY_EMAIL_ADDRESS' temp.cfg | awk -F '=' '{print $2}')
-            if [ ! $EMAIL_ADDRESS ]; then
+            if [ ! "$EMAIL_ADDRESS" ]; then
                 EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
             fi
             if [ ${#MY_EMAIL_ADDRESS} -lt 5 ]; then
                 EMAIL_ADDRESS=$MY_USERNAME@$DEFAULT_DOMAIN_NAME
             fi
 
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
-                   --inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> $data
+                   --inputbox $"Your email address" 10 30 "$EMAIL_ADDRESS" 2> "$data"
             sel=$?
             case $sel in
-                0) MY_EMAIL_ADDRESS=$(cat $data);;
-                1) exit 1;;
-                255) exit 1;;
+                0) MY_EMAIL_ADDRESS=$(cat "$data");;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
     fi
     save_configuration_values
@@ -183,23 +185,24 @@ function choose_social_instance_domain_name {
     DEFAULT_DOMAIN_DETAILS_COMPLETE=
     while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
             dialog --backtitle $"Freedombone Configuration" \
                    --title $"Instance domain" \
-                   --form $"\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
+                   --form $"\\nEnter your instance domain name and its FreeDNS code:" 11 55 3 \
                    $"Domain:" 1 1 "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 24 33 40 \
                    $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
-                   2> $data
+                   2> "$data"
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
-            if [ $DEFAULT_DOMAIN_NAME ]; then
+            DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
+            DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
+            if [ "$DEFAULT_DOMAIN_NAME" ]; then
                 validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                 if [ ! $VALID_CODE ]; then
                     DEFAULT_DOMAIN_NAME=
@@ -208,24 +211,27 @@ function choose_social_instance_domain_name {
         else
             dialog --backtitle $"Freedombone Configuration" \
                    --inputbox $"Enter your instance domain name:" 10 45 \
-                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0) DEFAULT_DOMAIN_NAME=$(cat $data);;
-                1) exit 1;;
-                255) exit 1;;
+                0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
         fi
-        if [ $DEFAULT_DOMAIN_NAME ]; then
+        if [ "$DEFAULT_DOMAIN_NAME" ]; then
             TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
             validate_domain_name
-            if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
+            if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
                 DEFAULT_DOMAIN_NAME=
                 dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
             else
                 DEFAULT_DOMAIN_DETAILS_COMPLETE="yes"
             fi
         fi
+        rm -f "$data"
     done
     save_configuration_values
 }
@@ -242,8 +248,7 @@ function choose_default_domain_name {
         DEFAULT_DOMAIN_DETAILS_COMPLETE=
         while [ ! $DEFAULT_DOMAIN_DETAILS_COMPLETE ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Your main domain name" \
@@ -252,23 +257,26 @@ function choose_default_domain_name {
                        $"Code:" 2 1 "$(grep 'DEFAULT_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 24 33 255 \
                        $"mail subdomain Code:" 3 1 "$(grep 'EMAIL_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 24 33 255 \
                        $"XMPP subdomain Code:" 4 1 "$(grep 'XMPP_DOMAIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 24 33 255 \
-                       2> $data
+                       2> "$data"
                 sel=$?
                 case $sel in
-                    1) exit 1;;
-                    255) exit 1;;
+                    1) rm -f "$data"
+                       exit 1;;
+                    255) rm -f "$data"
+                         exit 1;;
                 esac
-                DEFAULT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-                DEFAULT_DOMAIN_CODE=$(cat $data | sed -n 2p)
-                EMAIL_DOMAIN_CODE=$(cat $data | sed -n 3p)
-                XMPP_DOMAIN_CODE=$(cat $data | sed -n 4p)
-                if [ $DEFAULT_DOMAIN_NAME ]; then
+                DEFAULT_DOMAIN_NAME=$(sed -n 1p < "$data")
+                DEFAULT_DOMAIN_CODE=$(sed -n 2p < "$data")
+                EMAIL_DOMAIN_CODE=$(sed -n 3p < "$data")
+                XMPP_DOMAIN_CODE=$(sed -n 4p < "$data")
+                rm -f "$data"
+                if [ "$DEFAULT_DOMAIN_NAME" ]; then
                     validate_freedns_code "$DEFAULT_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
                     fi
                 fi
-                if [ $EMAIL_DOMAIN_CODE ]; then
+                if [ "$EMAIL_DOMAIN_CODE" ]; then
                     validate_freedns_code "$EMAIL_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
@@ -277,7 +285,7 @@ function choose_default_domain_name {
                         write_config_param "EMAIL_DOMAIN_CODE" "$EMAIL_DOMAIN_CODE"
                     fi
                 fi
-                if [ $XMPP_DOMAIN_CODE ]; then
+                if [ "$XMPP_DOMAIN_CODE" ]; then
                     validate_freedns_code "$XMPP_DOMAIN_CODE"
                     if [ ! $VALID_CODE ]; then
                         DEFAULT_DOMAIN_NAME=
@@ -289,18 +297,20 @@ function choose_default_domain_name {
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --inputbox $"Which domain name should your email/XMPP/IRC/Mumble be associated with?" 10 45 \
-                       "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                       "$(grep 'DEFAULT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
                 sel=$?
                 case $sel in
-                    0) DEFAULT_DOMAIN_NAME=$(cat $data);;
-                    1) exit 1;;
-                    255) exit 1;;
+                    0) DEFAULT_DOMAIN_NAME=$(cat "$data");;
+                    1) rm -f "$data"
+                       exit 1;;
+                    255) rm -f "$data"
+                         exit 1;;
                 esac
             fi
-            if [ $DEFAULT_DOMAIN_NAME ]; then
+            if [ "$DEFAULT_DOMAIN_NAME" ]; then
                 TEST_DOMAIN_NAME=$DEFAULT_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $DEFAULT_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$DEFAULT_DOMAIN_NAME" ]]; then
                     DEFAULT_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
@@ -313,8 +323,7 @@ function choose_default_domain_name {
 }
 
 function dynamic_dns_setup {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --radiolist $"Choose Dynamic DNS provider:" 40 40 40 \
            1 dyn.com off \
@@ -349,13 +358,15 @@ function dynamic_dns_setup {
            30 strato.com off \
            31 freemyip.com off \
            32 cloudxns.net off \
-           33 none off 2> $data
+           33 none off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) DDNS_PROVIDER="default@www.dyn.com";;
         2) DDNS_PROVIDER="default@freedns.afraid.org";;
         3) DDNS_PROVIDER="default@www.zoneedit.com";;
@@ -389,8 +400,10 @@ function dynamic_dns_setup {
         31) DDNS_PROVIDER="default@freemyip.com";;
         32) DDNS_PROVIDER="default@www.cloudxns.net";;
         33) DDNS_PROVIDER="none";;
-        255) exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
+    rm -f "$data"
     save_configuration_values
 
     valid_ddns_username=
@@ -403,50 +416,55 @@ function dynamic_dns_setup {
     else
         while [ ! $valid_ddns_username ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
-                   --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   --inputbox $"Dynamic DNS provider username" 10 30 "$(grep 'DDNS_USERNAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0)  possible_username=$(cat $data)
+                0)  possible_username=$(cat "$data")
                     if [ "$possible_username" ]; then
                         if [ ${#possible_username} -gt 1 ]; then
-                            valid_ddns_username=$(cat $data)
-                            DDNS_USERNAME=$valid_ddns_username
+                            valid_ddns_username=$(cat "$data")
+                            DDNS_USERNAME="$valid_ddns_username"
+                            rm -f "$data"
                             break;
                         fi
                     fi
                     ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
         save_configuration_values
 
         while [ ! $valid_ddns_password ]
         do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
                    --clear \
                    --insecure \
-                   --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+                   --passwordbox $"Dynamic DNS provider password" 10 30 "$(grep 'DDNS_PASSWORD' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
             sel=$?
             case $sel in
-                0)  possible_password=$(cat $data)
+                0)  possible_password=$(cat "$data")
                     if [ "$possible_password" ]; then
                         if [ ${#possible_password} -gt 1 ]; then
-                            valid_ddns_password=$(cat $data)
+                            valid_ddns_password=$(cat "$data")
                             DDNS_PASSWORD=$valid_ddns_password
                             break;
                         fi
                     fi
                     ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            if [ ${#DDNS_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            rm -f "$data"
+            if [ ${#DDNS_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 dialog --title $"Password quality check" --msgbox $"The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters. You may need to change your password on the dynamic DNS provider's web site." 10 40
                 DDNS_PASSWORD=""
             fi
@@ -458,10 +476,10 @@ function dynamic_dns_setup {
 function choose_dynamic_dns {
     DDNS_PROVIDER="none"
 
-    if [[ $SYSTEM_TYPE != "mesh"* && $ONION_ONLY == "no" ]]; then
+    if [[ "$SYSTEM_TYPE" != "mesh"* && "$ONION_ONLY" == "no" ]]; then
         dialog --title $"Dynamic DNS" \
                --backtitle $"Freedombone Configuration" \
-               --yesno $"\nConfigure a dynamic DNS service?\n\nIf it is already handled by your internet router then select 'no'." 10 50
+               --yesno $"\\nConfigure a dynamic DNS service?\\n\\nIf it is already handled by your internet router then select 'no'." 10 50
         sel=$?
         case $sel in
             0) dynamic_dns_setup;;
@@ -472,9 +490,8 @@ function choose_dynamic_dns {
 }
 
 function choose_debian_repo {
-    if [[ $MINIMAL_INSTALL == "no" ]]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+    if [[ "$MINIMAL_INSTALL" == "no" ]]; then
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
                --radiolist $"Where to download Debian packages from:" 25 45 49 \
                1 $"Australia" off \
@@ -525,13 +542,15 @@ function choose_debian_repo {
                46 $"Turkey" off \
                47 $"Ukraine" off \
                48 $"United Kingdom" off \
-               49 $"United States" on 2> $data
+               49 $"United States" on 2> "$data"
         sel=$?
         case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) DEBIAN_REPO='ftp.au.debian.org';;
             2) DEBIAN_REPO='ftp.at.debian.org';;
             3) DEBIAN_REPO='ftp.by.debian.org';;
@@ -581,8 +600,10 @@ function choose_debian_repo {
             47) DEBIAN_REPO='ftp.ua.debian.org';;
             48) DEBIAN_REPO='ftp.uk.debian.org';;
             49) DEBIAN_REPO='ftp.us.debian.org';;
-            255) exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
+        rm -f "$data"
         save_configuration_values
     else
         DEBIAN_REPO='ftp.de.debian.org'
@@ -591,28 +612,31 @@ function choose_debian_repo {
 
 function choose_rng {
     if [[ $MINIMAL_INSTALL == "no" ]]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
-        if [[ $INSTALLING_ON_BBB != "yes" ]]; then
+        data=$(mktemp 2>/dev/null)
+        if [[ "$INSTALLING_ON_BBB" != "yes" ]]; then
             dialog --backtitle $"Freedombone Configuration" \
                    --radiolist $"Type of Random Number Generator:" 10 40 2 \
                    1 Haveged on \
-                   2 OneRNG off 2> $data
+                   2 OneRNG off 2> "$data"
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
-            case $(cat $data) in
+            case $(cat "$data") in
                 2) HWRNG_TYPE="onerng"
                    dialog --title $"OneRNG Device" \
                           --msgbox $"Please ensure that the OneRNG device is disconnected. You can reconnect it later during the installation" 8 60
                    ;;
-                255) exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
         else
             HWRNG_TYPE="beaglebone"
         fi
+        rm -f "$data"
         save_configuration_values
     fi
 }
@@ -621,9 +645,7 @@ function choose_social_key_management {
     if [[ $MINIMAL_INSTALL == "no" ]]; then
         interactive_gpg
 
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
-        SOCIAL_KEY_STR=$"\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\n\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
+        SOCIAL_KEY_STR=$"\\nDo you wish to enable social key management, otherwise known as \"the unforgettable key\"?\\n\\nThis means that fragments of your GPG key will be included with any remote backups so that if you later lose your key then it can be reconstructed from your friends servers. If you select \"no\" then you can still do social key management, but offline using physical USB thumb drives, which is more secure but less convenient."
         if [[ $(grep "ENABLE_SOCIAL_KEY_MANAGEMENT" temp.cfg | awk -F '=' '{print $2}') == "yes" ]]; then
             dialog --title $"Social Key Management" \
                    --backtitle $"Freedombone Configuration" \
@@ -659,36 +681,36 @@ function choose_username {
             if [ ! $SELECTED_USERNAME ]; then
                 SELECTED_USERNAME=$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
             fi
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
             dialog --backtitle $"Freedombone Configuration" \
                    --title $"Username" \
-                   --inputbox $"Set your username for the system\n\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> $data
+                   --inputbox $"Set your username for the system\\n\\nYour username should not contain any spaces" 12 60 "$SELECTED_USERNAME" 2> "$data"
             sel=$?
             case $sel in
-                0) possible_username=$(cat $data)
+                0) possible_username=$(cat "$data")
                    SELECTED_USERNAME=
-                   if [[ $possible_username != *' '* && $possible_username != *'/'* && $possible_username != *'\'* && $possible_username != *'*'* ]]; then
-                       if [ $possible_username ]; then
+                   if [[ "$possible_username" != *' '* && "$possible_username" != *'/'* && "$possible_username" != *'*'* ]]; then
+                       if [ "$possible_username" ]; then
                            if [ ${#possible_username} -gt 1 ]; then
-                               if [[ $possible_username != $GENERIC_IMAGE_USERNAME ]]; then
-                                   MY_USERNAME=$(cat $data)
+                               if [[ "$possible_username" != "$GENERIC_IMAGE_USERNAME" ]]; then
+                                   MY_USERNAME=$(cat "$data")
                                    please_wait
                                    echo ''
                                    echo $'Creating user account'
                                    chmod 600 /etc/shadow
                                    chmod 600 /etc/gshadow
-                                   useradd -m -s /bin/bash $MY_USERNAME
+                                   useradd -m -s /bin/bash "$MY_USERNAME"
                                    chmod 0000 /etc/shadow
                                    chmod 0000 /etc/gshadow
-                                   if [ -d /home/$MY_USERNAME ]; then
-                                       echo "${MY_USERNAME}:$(printf `cat $IMAGE_PASSWORD_FILE`)" | chpasswd
+                                   if [ -d "/home/$MY_USERNAME" ]; then
+                                       echo "${MY_USERNAME}:$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" | chpasswd
                                        # Add the user as a sudoer - they will be the new admin user
                                        if ! grep -q "$MY_USERNAME  ALL=(ALL) ALL" /etc/sudoers; then
                                            echo "$MY_USERNAME  ALL=(ALL) ALL" >> /etc/sudoers
                                            # remove the generic image admin user from sudoers
                                            sed -i "s|${GENERIC_IMAGE_USERNAME}.*||g" /etc/sudoers
                                        fi
+                                       rm -f "$data"
                                        break
                                    fi
                                fi
@@ -696,13 +718,16 @@ function choose_username {
                        fi
                    fi
                    ;;
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
+            rm -f "$data"
         done
     else
         no_of_users=$(find /home/* -maxdepth 0 -type d | wc -l)
-        if [ $no_of_users -eq 1 ]; then
+        if [ "$no_of_users" -eq 1 ]; then
             # only a single user on the system
             MY_USERNAME=$(ls /home)
         else
@@ -741,13 +766,12 @@ function choose_full_name {
     valid_name=
     while [ ! $valid_name ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Configuration" \
-               --inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> $data
+               --inputbox $"Your full name (or nick)" 10 50 "$(grep 'MY_NAME' temp.cfg | awk -F '=' '{print $2}')" 2> "$data"
         sel=$?
         case $sel in
-            0)  possible_name=$(cat $data)
+            0)  possible_name=$(cat "$data")
                 if [ "$possible_name" ]; then
                     if [ ${#possible_name} -gt 1 ]; then
                         valid_name="$possible_name"
@@ -756,9 +780,12 @@ function choose_full_name {
                     fi
                 fi
                 ;;
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
         esac
+        rm -f "$data"
     done
     save_configuration_values
     please_wait
@@ -778,16 +805,17 @@ function choose_system_variant {
             varstate='on'
         fi
         varslist="$varslist $n $a $varstate"
-        n=$[n+1]
+        n=$((n+1))
     done
 
     variant_choice=$(dialog --stdout --backtitle $"Freedombone Configuration" \
                             --title $"Type of Installation" \
                             --radiolist $'Choose:' \
-                            27 40 20 $varslist)
+                            27 40 20 "$varslist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
-        variant_choice=$[variant_choice-1]
+        variant_choice=$((variant_choice-1))
         SYSTEM_TYPE=${available_variants_list[$variant_choice]}
         save_configuration_values
     fi
@@ -796,7 +824,7 @@ function choose_system_variant {
 function validate_freedns_code {
     freedns_code="$1"
 
-    FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\n\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters."
+    FREEDNS_MESSAGE=$"Please enter the FreeDNS code for this domain.\\n\\nThe code can be found by going to https://freedns.afraid.org, selecting 'Dynamic DNS' and then opening 'Wget example'. The code will consist of letters and numbers and be between the ? and = characters."
 
     if [[ "$freedns_code" == *"."* || "$freedns_code" == "http"* || "$freedns_code" == *"wget "* || "$freedns_code" == *" "* ]]; then
         dialog --title $"Invalid FreeDNS Code" --msgbox "$FREEDNS_MESSAGE" 10 70
@@ -855,8 +883,7 @@ do
 done
 
 function interactive_select_language {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Configuration" \
            --radiolist $"Select your language:" 26 40 24 \
            1 $"Afrikaans" off \
@@ -926,13 +953,15 @@ function interactive_select_language {
            65 $"Thai" off \
            66 $"Turkish" off \
            67 $"Ukrainian" off \
-           68 $"Vietnamese" off 2> $data
+           68 $"Vietnamese" off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) DEFAULT_LANGUAGE='af_ZA.UTF-8';;
         2) DEFAULT_LANGUAGE='sq_AL.UTF-8';;
         3) DEFAULT_LANGUAGE='ar_SA.UTF-8';;
@@ -1002,6 +1031,7 @@ function interactive_select_language {
         67) DEFAULT_LANGUAGE='uk_UA.UTF-8';;
         68) DEFAULT_LANGUAGE='vi_VN.UTF-8';;
     esac
+    rm -f "$data"
     save_configuration_values
 
     please_wait
@@ -1021,22 +1051,26 @@ function interactive_select_language {
 function select_user {
     SELECTED_USERNAME=
 
-    users_array=($(ls /home))
+    homedirs=$(ls /home)
+    # shellcheck disable=SC2206
+    users_array=($homedirs)
 
     delete=(git)
-    for del in ${delete[@]}
+    for del in "${delete[@]}"
     do
+        # shellcheck disable=SC2206
         users_array=(${users_array[@]/$del})
     done
 
     i=0
     W=()
     name=()
+    # shellcheck disable=SC2068
     for u in ${users_array[@]}
     do
         if [[ $(is_valid_user "$u") == "1" ]]; then
             i=$((i+1))
-            W+=($i "$u")
+            W+=("$i" "$u")
             name+=("$u")
         fi
     done
@@ -1046,6 +1080,7 @@ function select_user {
     else
         user_index=$(dialog --backtitle $"Freedombone Configuration" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+        # shellcheck disable=SC2181
         if [ $? -eq 0 ]; then
             SELECTED_USERNAME="${name[$((user_index-1))]}"
         fi
@@ -1055,19 +1090,19 @@ function select_user {
 function interactive_config {
     # create a temporary copy of the configuration file
     # which can be used to pre-populate selections
-    if [ -f $CONFIGURATION_FILE ]; then
-        cp $CONFIGURATION_FILE temp.cfg
+    if [ -f "$CONFIGURATION_FILE" ]; then
+        cp "$CONFIGURATION_FILE" temp.cfg
     fi
 
     interactive_select_language
 
-    if [ $SOCIALINSTANCE ]; then
-        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
+    if [ "$SOCIALINSTANCE" ]; then
+        INITIAL_MESSAGE=$"Welcome to your Freedombone $SOCIALINSTANCE instance.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit ${FREEDOMBONE_WEBSITE}/socialinstance.html."
     else
-        if [[ $ONION_ONLY == "no" ]]; then
-            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nEnsure that you have your domain and dynamic DNS settings ready.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+        if [[ "$ONION_ONLY" == "no" ]]; then
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nEnsure that you have your domain and dynamic DNS settings ready.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
         else
-            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\n\nWeb sites created will only be viewable within a Tor browser.\n\nFor more information please visit $FREEDOMBONE_WEBSITE."
+            INITIAL_MESSAGE=$"Welcome to the Freedombone interactive installer. Communications freedom is only a short time away.\\n\\nWeb sites created will only be viewable within a Tor browser.\\n\\nFor more information please visit $FREEDOMBONE_WEBSITE."
         fi
     fi
 
@@ -1079,7 +1114,7 @@ function interactive_config {
     choose_social_key_management
     choose_rng
     choose_debian_repo
-    ${PROJECT_NAME}-wifi --networksinteractive $WIFI_NETWORKS_FILE
+    "${PROJECT_NAME}-wifi" --networksinteractive "$WIFI_NETWORKS_FILE"
     choose_dynamic_dns
     choose_default_domain_name
     choose_email_address
@@ -1109,7 +1144,7 @@ function interactive_config {
     fi
 
     # This file indicates that the configuration happened successfully
-    touch $HOME/.${PROJECT_NAME}-interactive
+    touch "$HOME/.${PROJECT_NAME}-interactive"
 }
 
 function show_result {
@@ -1120,11 +1155,11 @@ function show_result {
     echo ''
     echo $'Contents:'
     echo ''
-    cat $CONFIGURATION_FILE
+    cat "$CONFIGURATION_FILE"
     echo ''
 }
 
-if [ ! $CONFIGURATION_FILE ]; then
+if [ ! "$CONFIGURATION_FILE" ]; then
     CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 fi
 
diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index aafd9c92..4ab07fd2 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -60,28 +60,28 @@ please_wait
 
 source /usr/local/bin/${PROJECT_NAME}-vars
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 # End including files
 
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
 SELECTED_USERNAME=
 ADMIN_USER=
 UPGRADE_SCRIPT_NAME="${PROJECT_NAME}-upgrade"
 UPDATE_DATE_SCRIPT=/usr/bin/updatedate
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # Mumble
 MUMBLE_PORT=64738
@@ -102,11 +102,11 @@ WIFI_SSID=
 WIFI_TYPE='wpa2-psk'
 WIFI_PASSPHRASE=
 WIFI_HOTSPOT='no'
-WIFI_NETWORKS_FILE=~/${PROJECT_NAME}-wifi.cfg
+WIFI_NETWORKS_FILE="$HOME/${PROJECT_NAME}-wifi.cfg"
 
 USB_DRIVE=sdb
 # get default USB from config file
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 read_config_param WIFI_HOTSPOT
 read_config_param WIFI_INTERFACE
@@ -139,46 +139,45 @@ function any_key_verify {
         return
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Check tripwire hash" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Paste your tripwire hash below and it will be checked against the current database" 12 60 2>$data
+           --inputbox $"Paste your tripwire hash below and it will be checked against the current database" 12 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            GIVEN_HASH=$(<$data)
+            GIVEN_HASH=$(<"$data")
             if [ ${#GIVEN_HASH} -gt 8 ]; then
                 if [[ "$GIVEN_HASH" == *' '* ]]; then
                     dialog --title $"Check tripwire" \
-                           --msgbox $"\nThe hash should not contain any spaces" 10 40
+                           --msgbox $"\\nThe hash should not contain any spaces" 10 40
                 else
-                    DBHASH=$(sha512sum  /var/lib/tripwire/${HOSTNAME}.twd | awk -F ' ' '{print $1}')
+                    DBHASH=$(sha512sum "/var/lib/tripwire/${HOSTNAME}.twd" | awk -F ' ' '{print $1}')
                     if [[ "$DBHASH" == "$GIVEN_HASH" ]]; then
                         dialog --title $"Check tripwire" \
-                               --msgbox $"\nSuccess\n\nThe hash you gave matches the current tripwire database" 10 40
+                               --msgbox $"\\nSuccess\\n\\nThe hash you gave matches the current tripwire database" 10 40
                     else
                         dialog --title $"Check tripwire" \
-                               --msgbox $"\nFailed\n\nThe hash you gave does not match the current tripwire database. This might be because you reset the tripwire, or there could have been an unauthorised modification of the system" 12 50
+                               --msgbox $"\\nFailed\\n\\nThe hash you gave does not match the current tripwire database. This might be because you reset the tripwire, or there could have been an unauthorised modification of the system" 12 50
                     fi
                 fi
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function get_app_icann_address {
     app_name="$1"
-    if grep -q "${app_name} domain" $COMPLETION_FILE; then
-        echo $(cat ${COMPLETION_FILE} | grep "${app_name} domain" | head -n 1 | awk -F ':' '{print $2}')
+    if grep -q "${app_name} domain" "$COMPLETION_FILE"; then
+        grep "${app_name} domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}'
         return
     else
-        app_name_upper=$(echo "$app_name" | tr '[:lower:]' '[:upper:]')_DOMAIN_NAME
-        if [ $app_name_upper ]; then
-            param_value=$(cat $CONFIGURATION_FILE | grep "${app_name_upper}=" | head -n 1 | awk -F '=' '{print $2}')
-            if [ ${param_value} ]; then
-                echo ${param_value}
+        app_name_upper="$(echo "$app_name" | tr '[:lower:]' '[:upper:]')_DOMAIN_NAME"
+        if [ "$app_name_upper" ]; then
+            param_value=$(grep "${app_name_upper}=" "$CONFIGURATION_FILE" | head -n 1 | awk -F '=' '{print $2}')
+            if [ "${param_value}" ]; then
+                echo "${param_value}"
                 return
             fi
         fi
@@ -189,22 +188,26 @@ function get_app_icann_address {
 function passwords_select_user {
     SELECTED_USERNAME=
 
+    # shellcheck disable=SC2207
     users_array=($(ls /home))
 
     delete=(git)
+    # shellcheck disable=SC2068
     for del in ${delete[@]}
     do
+        # shellcheck disable=SC2206
         users_array=(${users_array[@]/$del})
     done
 
     i=0
     W=()
     name=()
+    # shellcheck disable=SC2068
     for u in ${users_array[@]}
     do
         if [[ $(is_valid_user "$u") == "1" ]]; then
             i=$((i+1))
-            W+=($i "$u")
+            W+=("$i" "$u")
             name+=("$u")
         fi
     done
@@ -214,6 +217,7 @@ function passwords_select_user {
     else
         user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+        # shellcheck disable=SC2181
         if [ $? -eq 0 ]; then
             SELECTED_USERNAME="${name[$((user_index-1))]}"
         fi
@@ -227,18 +231,19 @@ function passwords_show_apps {
     name=()
     for a in "${APPS_AVAILABLE[@]}"
     do
-        if [[ $(function_exists change_password_${a}) == "1" ]]; then
+        if [[ $(function_exists "change_password_${a}") == "1" ]]; then
             i=$((i+1))
-            W+=($i "$a")
+            W+=("$i" "$a")
             name+=("$a")
         fi
     done
     i=$((i+1))
-    W+=($i "mariadb")
+    W+=("$i" "mariadb")
     name+=("mariadb")
 
     selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
         SELECTED_APP="${name[$((selected_app_index-1))]}"
     fi
@@ -246,35 +251,35 @@ function passwords_show_apps {
 
 function reset_password_tries {
     passwords_select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
-    pam_tally --user $SELECTED_USERNAME --reset
+    pam_tally --user "$SELECTED_USERNAME" --reset
     dialog --title $"Reset password tries" \
            --msgbox $"Password tries have been reset for $SELECTED_USERNAME" 6 60
 }
 
 function view_or_change_passwords {
     passwords_select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
     detect_installed_apps
     passwords_show_apps
-    if [ ! $SELECTED_APP ]; then
+    if [ ! "$SELECTED_APP" ]; then
         return
     fi
 
-    CURR_PASSWORD=$(${PROJECT_NAME}-pass -u ${SELECTED_USERNAME} -a ${SELECTED_APP})
+    CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}")
 
     icann_address=$(get_app_icann_address "${SELECTED_APP}")
     onion_address=$(get_app_onion_address "${SELECTED_APP}")
 
     titlestr=$"View or Change Password"
     if [ ${#onion_address} -gt 0 ]; then
-        viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address\n\nCopy or change it if you wish."
+        viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address\\n\\nCopy or change it if you wish."
     else
-        viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address\n\nCopy or change it if you wish."
+        viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address\\n\\nCopy or change it if you wish."
     fi
 
     if [ -f /root/.nostore ]; then
@@ -287,24 +292,23 @@ function view_or_change_passwords {
     fi
 
     if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
-        CURR_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         dialog --title $"MariaDB database password" \
-               --msgbox "\n            ${CURR_PASSWORD}" 7 40
+               --msgbox "\\n            ${CURR_PASSWORD}" 7 40
         return
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title "$titlestr" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox "$viewstr" 12 75 "$CURR_PASSWORD" 2>$data
+           --inputbox "$viewstr" 12 75 "$CURR_PASSWORD" 2>"$data"
     sel=$?
     case $sel in
         0)
-            CURR_PASSWORD=$(<$data)
+            CURR_PASSWORD=$(<"$data")
             if [ ${#CURR_PASSWORD} -gt 8 ]; then
-                ${PROJECT_NAME}-pass -u ${SELECTED_USERNAME} -a ${SELECTED_APP} -p "${CURR_PASSWORD}"
-                change_password_${SELECTED_APP} ${SELECTED_USERNAME} "${CURR_PASSWORD}"
+                "${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}" -p "${CURR_PASSWORD}"
+                "change_password_${SELECTED_APP}" "${SELECTED_USERNAME}" "${CURR_PASSWORD}"
                 dialog --title $"Change password" \
                        --msgbox $"The password was changed" 6 40
             else
@@ -313,66 +317,63 @@ function view_or_change_passwords {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function check_for_updates {
-    if [ ! -f /etc/cron.weekly/$UPGRADE_SCRIPT_NAME ]; then
+    if [ ! -f "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME" ]; then
         dialog --title $"Check for updates" \
                --msgbox $"Upgrade script was not found" 6 40
         return
     fi
 
     clear
-    . /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
+    /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
     any_key
 }
 
 function add_user {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Add new user" \
-           --form "\n" 8 60 3 \
+           --form "\\n" 8 60 3 \
            $"Username:" 1 1 "" 1 28 16 15 \
            $"ssh public key (optional):" 2 1 "" 2 28 40 10000 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    new_user_username=$(cat $data | sed -n 1p)
-    new_user_ssh_public_key=$(cat $data | sed -n 2p)
+    new_user_username=$(sed -n 1p < "$data")
+    new_user_ssh_public_key=$(sed -n 2p < "$data")
+    rm -f "$data"
     if [ ${#new_user_username} -lt 2 ]; then
         dialog --title $"New username" \
                --msgbox $"No username was given" 6 40
-        rm $data
         return
     fi
     if [[ "$new_user_username" == *" "* ]]; then
         dialog --title $"Invalid username" \
                --msgbox $"The username should not contain any spaces" 6 40
-        rm $data
         return
     fi
     if [ ${#new_user_ssh_public_key} -lt 20 ]; then
         clear
-        ${PROJECT_NAME}-adduser "$new_user_username"
+        "${PROJECT_NAME}-adduser" "$new_user_username"
         any_key
     else
         if [[ "$new_user_ssh_public_key" == "ssh-"* ]]; then
             clear
-            ${PROJECT_NAME}-adduser "$new_user_username" "$new_user_ssh_public_key"
+            "${PROJECT_NAME}-adduser" "$new_user_username" "$new_user_ssh_public_key"
             any_key
         else
             dialog --title $"ssh public key" \
                    --msgbox $"This does not look like an ssh public key" 6 40
         fi
     fi
-    rm $data
 }
 
 function pad_string {
@@ -390,37 +391,37 @@ function show_domains {
     echo -n -e "$(pad_string 'Tor')"
     echo ''
     echo '--------------------------------------------------------------------------'
-    if grep -q "ssh onion domain" $COMPLETION_FILE; then
+    if grep -q "ssh onion domain" "$COMPLETION_FILE"; then
         echo -n -e "$(pad_string 'ssh')"
-        echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})"
-        echo "$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')"
+        echo -n -e "$(pad_string "${DEFAULT_DOMAIN_NAME}")"
+        grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}'
     fi
-    if grep -q "email onion domain" $COMPLETION_FILE; then
+    if grep -q "email onion domain" "$COMPLETION_FILE"; then
         echo -n -e "$(pad_string 'Email')"
-        echo -n -e "$(pad_string ${DEFAULT_DOMAIN_NAME})"
-        echo "$(cat ${COMPLETION_FILE} | grep 'email onion domain' | awk -F ':' '{print $2}')"
+        echo -n -e "$(pad_string "${DEFAULT_DOMAIN_NAME}")"
+        grep 'email onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}'
     fi
-    if grep -q "sks onion domain" $COMPLETION_FILE; then
+    if grep -q "sks onion domain" "$COMPLETION_FILE"; then
         read_config_param "KEYSERVER_DOMAIN_NAME"
         echo -n -e "$(pad_string 'SKS')"
-        echo -n -e "$(pad_string ${KEYSERVER_DOMAIN_NAME})"
-        echo "$(cat ${COMPLETION_FILE} | grep 'sks onion domain' | awk -F ':' '{print $2}')"
+        echo -n -e "$(pad_string "${KEYSERVER_DOMAIN_NAME}")"
+        grep 'sks onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}'
     fi
 
     for app_name in "${APPS_INSTALLED_NAMES[@]}"
     do
-        if ! grep -q "SHOW_ON_ABOUT=1" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then
+        if ! grep -q "SHOW_ON_ABOUT=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
             continue
         fi
 
         # handle the foibles of capitalisation
-        if ! grep -q "${app_name} domain" $COMPLETION_FILE; then
-            app_name_upper=$(echo ${app_name} | awk '{print toupper($0)}')
-            if grep -q "${app_name_upper} domain" $COMPLETION_FILE; then
+        if ! grep -q "${app_name} domain" "$COMPLETION_FILE"; then
+            app_name_upper=$(echo "${app_name}" | awk '{print toupper($0)}')
+            if grep -q "${app_name_upper} domain" "$COMPLETION_FILE"; then
                 app_name=${app_name_upper}
             else
-                app_name_first_upper="$(tr '[:lower:]' '[:upper:]' <<< ${app_name:0:1})${app_name:1}"
-                if grep -q "${app_name_first_upper} domain" $COMPLETION_FILE; then
+                app_name_first_upper="$(tr '[:lower:]' '[:upper:]' <<< "${app_name:0:1}")${app_name:1}"
+                if grep -q "${app_name_first_upper} domain" "$COMPLETION_FILE"; then
                     app_name=${app_name_first_upper}
                 fi
             fi
@@ -428,11 +429,11 @@ function show_domains {
 
         if [ ${#app_name} -gt 0 ]; then
             icann_address=$(get_app_icann_address "$app_name")
-            if grep -q "SHOW_ICANN_ADDRESS_ON_ABOUT=0" /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}; then
+            if grep -q "SHOW_ICANN_ADDRESS_ON_ABOUT=0" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
                 icann_address='-'
             fi
-            if [[ $ONION_ONLY != 'no' ]]; then
-                if [[ ${icann_address} != ${LOCAL_NAME}.local ]]; then
+            if [[ "$ONION_ONLY" != 'no' ]]; then
+                if [[ "${icann_address}" != "${LOCAL_NAME}.local" ]]; then
                     icann_address='-'
                 fi
             fi
@@ -445,7 +446,7 @@ function show_domains {
             echo -n -e "$(pad_string "${icann_address}")"
             echo "${onion_address}"
 
-            if grep -q "mobile${app_name} onion domain" $COMPLETION_FILE; then
+            if grep -q "mobile${app_name} onion domain" "$COMPLETION_FILE"; then
                 onion_address=$(get_app_onion_address "${app_name}" "mobile")
                 echo -n -e "$(pad_string "${app_name} (mobile)")"
                 echo -n -e "$(pad_string "${icann_address}")"
@@ -454,7 +455,7 @@ function show_domains {
         fi
     done
 
-    if grep -q "rss reader domain" $COMPLETION_FILE; then
+    if grep -q "rss reader domain" "$COMPLETION_FILE"; then
         if [ -d /var/lib/tor/hidden_service_ttrss ]; then
             echo -n -e "$(pad_string 'RSS reader')"
             RSSDOM='-'
@@ -484,10 +485,10 @@ function show_users {
     for d in /home/*/ ; do
         USRNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USRNAME") == "1" ]]; then
-            echo -n -e "$(pad_string ${USRNAME})"
+            echo -n -e "$(pad_string "${USRNAME}")"
 
             # size of the home directory
-            echo "$(du -s -h /home/${USRNAME} | awk -F ' ' '{print $1}')"
+            du -s -h "/home/${USRNAME}" | awk -F ' ' '{print $1}'
         fi
     done
     echo ''
@@ -552,7 +553,7 @@ function show_ssh_public_key {
     echo $'SSH Public Keys'
     echo '==============='
     echo ''
-    echo "$(get_ssh_server_key)"
+    get_ssh_server_key
     echo ''
     echo ''
 }
@@ -565,7 +566,7 @@ function show_tahoelafs_introducer {
     echo $'Tahoe-LAFS introducer'
     echo '====================='
     echo ''
-    echo "$(cat $INTRODUCER_FILENAME)"
+    cat $INTRODUCER_FILENAME
     echo ''
     echo ''
 }
@@ -589,22 +590,26 @@ function show_about {
 function select_user {
     SELECTED_USERNAME=
 
+    # shellcheck disable=SC2207
     users_array=($(ls /home))
 
     delete=(git)
+    # shellcheck disable=SC2068
     for del in ${delete[@]}
     do
+        # shellcheck disable=SC2206
         users_array=(${users_array[@]/$del})
     done
 
     i=0
     W=()
     name=()
+    # shellcheck disable=SC2068
     for u in ${users_array[@]}
     do
         if [[ $(is_valid_user "$u") == "1" ]]; then
             i=$((i+1))
-            W+=($i "$u")
+            W+=("$i" "$u")
             name+=("$u")
         fi
     done
@@ -614,6 +619,7 @@ function select_user {
     else
         user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+        # shellcheck disable=SC2181
         if [ $? -eq 0 ]; then
             SELECTED_USERNAME="${name[$((user_index-1))]}"
         fi
@@ -622,21 +628,21 @@ function select_user {
 
 function delete_user {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
-    if grep -Fxq "Admin user:$SELECTED_USERNAME" $COMPLETION_FILE; then
+    if grep -Fxq "Admin user:$SELECTED_USERNAME" "$COMPLETION_FILE"; then
         dialog --title $"Administrator user" \
                --msgbox $"You can't delete the administrator user" 6 40
         return
     fi
     clear
-    ${PROJECT_NAME}-rmuser $SELECTED_USERNAME
+    "${PROJECT_NAME}-rmuser" "$SELECTED_USERNAME"
     any_key
 }
 
 function configure_remote_backups {
-    if ! grep -Fxq "Admin user:$ADMIN_USER" $COMPLETION_FILE; then
+    if ! grep -Fxq "Admin user:$ADMIN_USER" "$COMPLETION_FILE"; then
         dialog --title $"Administrator user" \
                --msgbox $"No Administrator user found. Check $COMPLETION_FILE" 6 40
         return
@@ -646,27 +652,27 @@ function configure_remote_backups {
                --msgbox $"Username not found" 6 40
         return
     fi
-    if [ ! -d /home/$ADMIN_USER ]; then
+    if [ ! -d "/home/$ADMIN_USER" ]; then
         dialog --title $"Administrator user" \
                --msgbox $"Home directory not found" 6 40
         return
     fi
-    ${PROJECT_NAME}-remote -u $ADMIN_USER
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-remote" -u "$ADMIN_USER"; then
         any_key
     fi
 }
 
 function change_password {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
 
     dialog --title $"Change password" \
-           --passwordbox $"New password for user $SELECTED_USERNAME" 8 40 2> $data
-    newpassword=$(<$data)
-    if [ ${#newpassword} -lt ${MINIMUM_PASSWORD_LENGTH} ]; then
+           --passwordbox $"New password for user $SELECTED_USERNAME" 8 40 2> "$data"
+    newpassword=$(<"$data")
+    rm -f "$data"
+    if [ "${#newpassword}" -lt "${MINIMUM_PASSWORD_LENGTH}" ]; then
         dialog --title $"Change password" \
                --msgbox $"The password should be ${MINIMUM_PASSWORD_LENGTH} or more characters" 6 40
         return
@@ -680,15 +686,15 @@ function change_password {
 
 function change_ssh_public_key {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
 
-    if grep -Fxq "Admin user:$SELECTED_USERNAME" $COMPLETION_FILE; then
+    if grep -Fxq "Admin user:$SELECTED_USERNAME" "$COMPLETION_FILE"; then
         dialog --title $"Change ssh public key" \
                --backtitle $"Freedombone Control Panel" \
                --defaultno \
-               --yesno $"\nThis is the administrator user.\n\nAre you sure you want to change the ssh public key for the administrator?" 10 60
+               --yesno $"\\nThis is the administrator user.\\n\\nAre you sure you want to change the ssh public key for the administrator?" 10 60
         sel=$?
         case $sel in
             1) return;;
@@ -696,36 +702,35 @@ function change_ssh_public_key {
         esac
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change ssh public key for $SELECTED_USERNAME" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Paste the ssh public key below" 8 60 2>$data
+           --inputbox $"Paste the ssh public key below" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            SSH_PUBLIC_KEY=$(<$data)
+            SSH_PUBLIC_KEY=$(<"$data")
             if [ "$SSH_PUBLIC_KEY" ]; then
                 if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
                     if [ -f "$SSH_PUBLIC_KEY" ]; then
-                        if [ ! -d /home/$SELECTED_USERNAME/.ssh ]; then
-                            mkdir /home/$SELECTED_USERNAME/.ssh
+                        if [ ! -d "/home/$SELECTED_USERNAME/.ssh" ]; then
+                            mkdir "/home/$SELECTED_USERNAME/.ssh"
                         fi
-                        cp $SSH_PUBLIC_KEY \
-                           /home/$SELECTED_USERNAME/.ssh/authorized_keys
-                        chown -R $SELECTED_USERNAME:$SELECTED_USERNAME \
-                              /home/$SELECTED_USERNAME/.ssh
+                        cp "$SSH_PUBLIC_KEY" \
+                           "/home/$SELECTED_USERNAME/.ssh/authorized_keys"
+                        chown -R "$SELECTED_USERNAME":"$SELECTED_USERNAME" \
+                              "/home/$SELECTED_USERNAME/.ssh"
                         dialog --title $"Change ssh public key" \
                                --msgbox $"ssh public key was installed" 6 40
                     else
                         if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
-                            if [ ! -d /home/$SELECTED_USERNAME/.ssh ]; then
-                                mkdir /home/$SELECTED_USERNAME/.ssh
+                            if [ ! -d "/home/$SELECTED_USERNAME/.ssh" ]; then
+                                mkdir "/home/$SELECTED_USERNAME/.ssh"
                             fi
                             echo "$SSH_PUBLIC_KEY" > \
-                                 /home/$SELECTED_USERNAME/.ssh/authorized_keys
-                            chown -R $SELECTED_USERNAME:$SELECTED_USERNAME \
-                                  /home/$SELECTED_USERNAME/.ssh
+                                 "/home/$SELECTED_USERNAME/.ssh/authorized_keys"
+                            chown -R "$SELECTED_USERNAME":"$SELECTED_USERNAME" \
+                                  "/home/$SELECTED_USERNAME/.ssh"
                             dialog --title $"Change ssh public key" \
                                    --msgbox $"ssh public key was installed" 6 40
                         fi
@@ -734,33 +739,34 @@ function change_ssh_public_key {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function remove_user_from_mailing_list {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
-    USER_MAILING_LISTS=$(cat "/home/$SELECTED_USERNAME/.procmailrc" | grep '\[' | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}')
+    USER_MAILING_LISTS=$(grep '\[' "/home/$SELECTED_USERNAME/.procmailrc" | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}')
 
     i=0
     W=()
     list_name=()
     while read -r listname; do
         i=$((i+1))
-        W+=($i "$listname")
+        W+=("$i" "$listname")
         list_name+=("$listname")
-        echo $listname
+        echo "$listname"
     done <<< "$USER_MAILING_LISTS"
 
     i=$((i+1))
-    W+=($i $"Exit back to user mainenance")
+    W+=("$i" $"Exit back to user mainenance")
 
     list_selected=$(dialog --default-item "$i" --backtitle $"Freedombone Control Panel" --title $"Remove a mailing list for $SELECTED_USERNAME" --menu $"Select one of the following:" 24 50 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then # Exit with OK
-        if [ ${list_selected} -ne ${i} ]; then
+        if [ "${list_selected}" -ne "${i}" ]; then
             remove_list_name="${list_name[$((list_selected-1))]}"
 
             # find the line number where the list is defined
@@ -768,7 +774,7 @@ function remove_user_from_mailing_list {
             i=0
             while read -r line
             do
-                if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then
+                if [[ "$line" == *"\\[${remove_list_name}\\]"* ]]; then
                     line_number=${i}
                 fi
                 i=$((i+1))
@@ -780,8 +786,8 @@ function remove_user_from_mailing_list {
             fi
 
             # recreate the file
-            if [ -f /home/${SELECTED_USERNAME}/.procmailrc_new ]; then
-                rm /home/${SELECTED_USERNAME}/.procmailrc_new
+            if [ -f "/home/${SELECTED_USERNAME}/.procmailrc_new" ]; then
+                rm "/home/${SELECTED_USERNAME}/.procmailrc_new"
             fi
             i=0
             clip=0
@@ -809,15 +815,15 @@ function remove_user_from_mailing_list {
                     fi
                 fi
 
-                echo "$line" >> /home/${SELECTED_USERNAME}/.procmailrc_new
+                echo "$line" >> "/home/${SELECTED_USERNAME}/.procmailrc_new"
 
-                if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then
+                if [[ "$line" == *"\\[${remove_list_name}\\]"* ]]; then
                     line_number=${i}
                 fi
             done < "/home/$SELECTED_USERNAME/.procmailrc"
-            cp /home/${SELECTED_USERNAME}/.procmailrc_new /home/${SELECTED_USERNAME}/.procmailrc
-            rm /home/${SELECTED_USERNAME}/.procmailrc_new
-            chown ${SELECTED_USERNAME}:${SELECTED_USERNAME} /home/${SELECTED_USERNAME}/.procmailrc
+            cp "/home/${SELECTED_USERNAME}/.procmailrc_new" "/home/${SELECTED_USERNAME}/.procmailrc"
+            rm "/home/${SELECTED_USERNAME}/.procmailrc_new"
+            chown "${SELECTED_USERNAME}":"${SELECTED_USERNAME}" "/home/${SELECTED_USERNAME}/.procmailrc"
             dialog --title $"Remove user from mailing list" \
                    --msgbox $"${SELECTED_USERNAME} has been removed from ${remove_list_name}" 6 50
         fi
@@ -826,30 +832,29 @@ function remove_user_from_mailing_list {
 
 function add_to_mailing_list {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Subscribe $SELECTED_USERNAME to a mailing list" \
-           --form $"You can either enter a subject or an email address\n" 11 68 4 \
+           --form $"You can either enter a subject or an email address\\n" 11 68 4 \
            $"List folder name:" 1 1 "" 1 35 26 25 \
            $"Name between [] on subject line:" 2 1 "" 2 35 26 25 \
            $"List email address:" 3 1 "" 3 35 26 25 \
            $"Public:" 4 1 $"yes" 4 35 4 25 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1)  rm $data
+        1)  rm -f "$data"
             return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    LIST_NAME=$(cat $data | sed -n 1p)
-    LIST_SUBJECT=$(cat $data | sed -n 2p)
-    LIST_EMAIL=$(cat $data | sed -n 3p)
-    LIST_PUBLIC=$(cat $data | sed -n 4p)
+    LIST_NAME=$(sed -n 1p < "$data")
+    LIST_SUBJECT=$(sed -n 2p < "$data")
+    LIST_EMAIL=$(sed -n 3p < "$data")
+    LIST_PUBLIC=$(sed -n 4p < "$data")
 
     if [ ${#LIST_PUBLIC} -lt 1 ]; then
         LIST_PUBLIC='no'
@@ -862,61 +867,60 @@ function add_to_mailing_list {
     if [ ${#LIST_NAME} -lt 2 ]; then
         dialog --title $"Add mailing list" \
                --msgbox $"No mailing list name was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [ ${#LIST_SUBJECT} -lt 2 ]; then
         if [ ${#LIST_EMAIL} -lt 2 ]; then
             dialog --title $"Add mailing list" \
                    --msgbox $"No mailing list subject or address was given" 6 40
-            rm $data
+            rm -f "$data"
             return
         fi
     fi
     if [ ${#LIST_SUBJECT} -gt 1 ]; then
-        ${PROJECT_NAME}-addlist -u $SELECTED_USERNAME -l "$LIST_NAME" \
-                       -s "$LIST_SUBJECT" --public $LIST_PUBLIC
+        "${PROJECT_NAME}-addlist" -u "$SELECTED_USERNAME" -l "$LIST_NAME" \
+                       -s "$LIST_SUBJECT" --public "$LIST_PUBLIC"
     else
         if [[ "$LIST_EMAIL" != *"@"* || "$LIST_EMAIL" != *"."* ]]; then
             dialog --title $"Add mailing list" \
                    --msgbox $"Unrecognised email address" 6 40
-            rm $data
+            rm -f "$data"
             return
         else
-            ${PROJECT_NAME}-addlist -u $SELECTED_USERNAME -l "$LIST_NAME" \
-                           -e "$LIST_EMAIL" --public $LIST_PUBLIC
+            "${PROJECT_NAME}-addlist" -u "$SELECTED_USERNAME" -l "$LIST_NAME" \
+                           -e "$LIST_EMAIL" --public "$LIST_PUBLIC"
         fi
     fi
 
     dialog --title $"Add mailing list" \
            --msgbox $"$LIST_NAME list was added" 6 40
-    rm $data
+    rm -f "$data"
 }
 
 function email_rule {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Email rule for user $SELECTED_USERNAME" \
-           --form "\n" 9 65 4 \
+           --form "\\n" 9 65 4 \
            $"When email arrives from address:" 1 1 "" 1 35 24 28 \
            $"Move to folder:" 2 1 "" 2 35 24 28 \
            $"Public:" 3 1 $"no" 3 35 4 25 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    RULE_EMAIL=$(cat $data | sed -n 1p)
-    RULE_FOLDER=$(cat $data | sed -n 2p)
-    RULE_PUBLIC=$(cat $data | sed -n 3p)
+    RULE_EMAIL=$(sed -n 1p < "$data")
+    RULE_FOLDER=$(sed -n 2p < "$data")
+    RULE_PUBLIC=$(sed -n 3p < "$data")
 
     if [ ${#RULE_PUBLIC} -lt 1 ]; then
         RULE_PUBLIC='no'
@@ -929,127 +933,122 @@ function email_rule {
     if [ ${#RULE_EMAIL} -lt 2 ]; then
         dialog --title $"Add email rule" \
                --msgbox $"No email address was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [ ${#RULE_FOLDER} -lt 2 ]; then
         dialog --title $"Add email rule" \
                --msgbox $"No folder name was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [[ "$RULE_EMAIL" != *"@"* || "$RULE_EMAIL" != *"."* ]]; then
         dialog --title $"Add email rule" \
                --msgbox $"Unrecognised email address" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
 
-    ${PROJECT_NAME}-addemail -u $SELECTED_USERNAME -e "$RULE_EMAIL" \
+    "${PROJECT_NAME}-addemail" -u "$SELECTED_USERNAME" -e "$RULE_EMAIL" \
                    -g "$RULE_FOLDER" --public $RULE_PUBLIC
     dialog --title $"Add email rule" \
            --msgbox $"Email rule for $RULE_EMAIL was added" 6 40
-    rm $data
+    rm -f "$data"
 }
 
 function block_unblock_email {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
     blockstr=$"Block/Unblock email going to"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title "$blockstr $SELECTED_USERNAME" \
-           --form "\n" 8 65 3 \
+           --form "\\n" 8 65 3 \
            $"When email arrives from address:" 1 1 "" 1 35 24 100 \
            $"Block it:" 2 1 "yes" 2 35 4 4 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    BLOCK_EMAIL=$(cat $data | sed -n 1p)
-    BLOCK=$(cat $data | sed -n 2p)
+    BLOCK_EMAIL=$(sed -n 1p < "$data")
+    BLOCK=$(sed -n 2p < "$data")
+    rm -f "$data"
     if [ ${#BLOCK_EMAIL} -lt 2 ]; then
         dialog --title $"Block/Unblock an email" \
                --msgbox $"No email address was given" 6 40
-        rm $data
         return
     fi
     if [[ "$BLOCK_EMAIL" != *"@"* || "$BLOCK_EMAIL" != *"."* ]]; then
         dialog --title $"Block/Unblock an email" \
                --msgbox $"Unrecognised email address" 6 40
-        rm $data
         return
     fi
     if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then
-        ${PROJECT_NAME}-ignore -u $SELECTED_USERNAME -e "$BLOCK_EMAIL"
+        "${PROJECT_NAME}-ignore" -u "$SELECTED_USERNAME" -e "$BLOCK_EMAIL"
         dialog --title $"Block an email" \
                --msgbox "Email from $BLOCK_EMAIL to $SELECTED_USERNAME blocked" 6 75
     else
-        ${PROJECT_NAME}-unignore -u $SELECTED_USERNAME -e "$BLOCK_EMAIL"
+        "${PROJECT_NAME}-unignore" -u "$SELECTED_USERNAME" -e "$BLOCK_EMAIL"
         dialog --title $"Unblock an email" \
                --msgbox "Email from $BLOCK_EMAIL to $SELECTED_USERNAME unblocked" 6 75
     fi
-    rm $data
 }
 
 function block_unblock_subject {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
     blockstr=$"Block/Unblock email going to"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title "$blockstr $SELECTED_USERNAME" \
-           --form "\n" 8 70 3 \
+           --form "\\n" 8 70 3 \
            $"When email arrives with subject text:" 1 1 "" 1 40 24 28 \
            $"Block it:" 2 1 "yes" 2 40 4 4 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    BLOCK_SUBJECT=$(cat $data | sed -n 1p)
-    BLOCK=$(cat $data | sed -n 2p)
+    BLOCK_SUBJECT=$(sed -n 1p < "$data")
+    BLOCK=$(sed -n 2p < "$data")
+    rm -f "$data"
     if [ ${#BLOCK_SUBJECT} -lt 2 ]; then
         dialog --title $"Block/Unblock an email" \
                --msgbox $"No subject was given" 6 40
-        rm $data
         return
     fi
     if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then
-        ${PROJECT_NAME}-ignore -u $SELECTED_USERNAME -t "$BLOCK_SUBJECT"
+        "${PROJECT_NAME}-ignore" -u "$SELECTED_USERNAME" -t "$BLOCK_SUBJECT"
         dialog --title $"Block an email" \
                --msgbox "Email with subject $BLOCK_SUBJECT to $SELECTED_USERNAME blocked" 6 40
     else
-        ${PROJECT_NAME}-unignore -u $SELECTED_USERNAME -t "$BLOCK_SUBJECT"
+        "${PROJECT_NAME}-unignore" -u "$SELECTED_USERNAME" -t "$BLOCK_SUBJECT"
         dialog --title $"Unblock an email" \
                --msgbox "Email with subject $BLOCK_SUBJECT to $SELECTED_USERNAME unblocked" 6 40
     fi
-    rm $data
 }
 
 function create_keydrive_master {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
     dialog --title $"USB Master Keydrive" \
            --msgbox $"Plug in a LUKS encrypted USB drive" 6 40
     clear
     detect_usb_drive
-    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME --master 'yes' -d $USB_DRIVE
+    "${PROJECT_NAME}-keydrive" -u "$SELECTED_USERNAME" --master 'yes' -d "$USB_DRIVE"
     any_key
 }
 
@@ -1062,7 +1061,7 @@ function create_keydrive_fragment {
            --msgbox $"Plug in a LUKS encrypted USB drive" 6 40
     clear
     detect_usb_drive
-    ${PROJECT_NAME}-keydrive -u $SELECTED_USERNAME -d $USB_DRIVE
+    "${PROJECT_NAME}-keydrive" -u "$SELECTED_USERNAME" -d "$USB_DRIVE"
     any_key
 }
 
@@ -1075,7 +1074,7 @@ function backup_data {
     echo $"Detected USB drive $USB_DRIVE"
     echo ''
     echo $'Enter the passphrase for your LUKS encrypted backup drive:'
-    ${PROJECT_NAME}-backup-local
+    "${PROJECT_NAME}-backup-local"
     any_key
 }
 
@@ -1122,7 +1121,7 @@ function restore_data_from_storage {
         app_list=()
         n=1
         applist="$n $AllStr off"
-        n=$[n+1]
+        n=$((n+1))
         app_list+=("$AllStr")
 
         util_index=0
@@ -1130,8 +1129,8 @@ function restore_data_from_storage {
         do
             applist="$applist $n $a off"
             app_name=${utils_installed[util_index]}
-            n=$[n+1]
-            util_index=$[util_index+1]
+            n=$((n+1))
+            util_index=$((util_index+1))
             app_list+=("$app_name")
         done
 
@@ -1139,24 +1138,25 @@ function restore_data_from_storage {
         for a in "${APPS_INSTALLED_NAMES[@]}"
         do
             applist="$applist $n $a off"
-            n=$[n+1]
+            n=$((n+1))
             app_name=${APPS_INSTALLED_NAMES[app_index]}
-            app_index=$[app_index+1]
+            app_index=$((app_index+1))
             app_list+=("$app_name")
         done
         applist="$applist $n $ExitStr on"
-        n=$[n+1]
+        n=$((n+1))
         app_list+=("$ExitStr")
 
         choice=$(dialog --stdout --backtitle $"Freedombone" \
                         --title "$RestoreStr" \
                         --radiolist $'Choose:' \
-                        30 50 20 $applist)
+                        30 50 20 "$applist")
 
+        # shellcheck disable=SC2181
         if [ $? -ne 0 ]; then
             break
         fi
-        app_index=$[choice-1]
+        app_index=$((choice-1))
         app_name=${app_list[app_index]}
 
         # exit
@@ -1229,36 +1229,35 @@ function restore_data_remote {
                --msgbox $"Unknown admin user" 6 40
         return
     fi
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Restore from remote server" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the domain name of the server from which you wish to restore" 8 60 2>$data
+           --inputbox $"Enter the domain name of the server from which you wish to restore" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            friend_server_domain_name=$(<$data)
+            friend_server_domain_name=$(<"$data")
 
             if [ ${#friend_server_domain_name} -lt 2 ]; then
-                rm $data
+                rm -f "$data"
                 return
             fi
 
             if [[ $friend_server_domain_name != *"."* ]]; then
                 dialog --title $"Remote server domain name" \
                        --msgbox $"Invalid domain name" 6 40
-                rm $data
+                rm -f "$data"
                 return
             fi
 
-            restore_data_from_storage $friend_server_domain_name
+            restore_data_from_storage "$friend_server_domain_name"
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function ping_enable_disable {
-    ping_str=$"\nDo you want to enable other systems to ping this machine?\n\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
+    ping_str=$"\\nDo you want to enable other systems to ping this machine?\\n\\nPing may be useful for diagnostic purposes, but for added security you may not want to enable it."
     enable_ping="no"
     dialog --title $"Enable Ping / ICMP" \
            --backtitle $"Freedombone Control Panel" \
@@ -1286,7 +1285,7 @@ function logging_on_off {
     dialog --title $"Logging" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nDo you want to turn logging on?" 7 60
+           --yesno $"\\nDo you want to turn logging on?" 7 60
     sel=$?
     case $sel in
         0) logging="yes";;
@@ -1305,31 +1304,31 @@ function logging_on_off {
 
 function restore_gpg_key {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
     restorestr=$"Restore GPG key for user"
     dialog --title "$restorestr $SELECTED_USERNAME" \
            --msgbox $"Plug in your USB keydrive" 6 40
     clear
-    ${PROJECT_NAME}-recoverkey -u $SELECTED_USERNAME
+    "${PROJECT_NAME}-recoverkey" -u "$SELECTED_USERNAME"
     any_key
 }
 
 function security_settings {
-    ${PROJECT_NAME}-sec
+    "${PROJECT_NAME}-sec"
     any_key
 }
 
 function show_tripwire_verification_code {
-    if [ ! -f /var/lib/tripwire/${HOSTNAME}.twd ]; then
+    if [ ! -f "/var/lib/tripwire/${HOSTNAME}.twd" ]; then
         return
     fi
     clear
     echo ''
     echo $'Tripwire Verification Code'
     echo ''
-    DBHASH=$(sha512sum  /var/lib/tripwire/${HOSTNAME}.twd)
+    DBHASH=$(sha512sum "/var/lib/tripwire/${HOSTNAME}.twd")
     echo -n "$DBHASH" | qrencode -t UTF8
     echo ''
     echo "$DBHASH"
@@ -1342,10 +1341,10 @@ function reset_tripwire {
         any_key
         return
     fi
-    if [ ! -f /etc/tripwire/${HOSTNAME}-local.key ]; then
-        if [ -f /etc/tripwire/${PROJECT_NAME}-local.key ]; then
-            mv /etc/tripwire/${PROJECT_NAME}-local.key /etc/tripwire/${HOSTNAME}-local.key
-            mv /etc/tripwire/${PROJECT_NAME}-site.key /etc/tripwire/${HOSTNAME}-site.key
+    if [ ! -f "/etc/tripwire/${HOSTNAME}-local.key" ]; then
+        if [ -f "/etc/tripwire/${PROJECT_NAME}-local.key" ]; then
+            mv "/etc/tripwire/${PROJECT_NAME}-local.key" "/etc/tripwire/${HOSTNAME}-local.key"
+            mv "/etc/tripwire/${PROJECT_NAME}-site.key" "/etc/tripwire/${HOSTNAME}-site.key"
         else
             echo $'Error: missing local key'
             any_key
@@ -1354,21 +1353,21 @@ function reset_tripwire {
     fi
     clear
     echo $'Turing off logging...'
-    ${PROJECT_NAME}-logging off
+    "${PROJECT_NAME}-logging" off
     echo $'Locking down permissions...'
     lockdown_permissions
     echo $'Creating configuration...'
     echo '
 
-       ' | twadmin --create-cfgfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twcfg.txt
+       ' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt
     echo $'Resetting policy...'
     echo '
 
-       ' | twadmin --create-polfile -S /etc/tripwire/${HOSTNAME}-site.key /etc/tripwire/twpol.txt
+       ' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt
     echo $'Creating tripwire database'
     echo '
 
-' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile /var/lib/tripwire/${HOSTNAME}.twd
+' | tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --dbfile "/var/lib/tripwire/${HOSTNAME}.twd"
     echo $'Resetting the Tripwire...'
     echo ''
     echo '
@@ -1383,7 +1382,7 @@ function reset_tripwire {
         systemctl restart nginx
     fi
 
-    if [ -f /var/lib/tripwire/${HOSTNAME}.twd ]; then
+    if [ -f "/var/lib/tripwire/${HOSTNAME}.twd" ]; then
         show_tripwire_verification_code
         echo $'Tripwire is now reset. Take a note of the above hash, or record'
         echo $'the QR code using a mobile device. This will enable you to independently'
@@ -1396,56 +1395,46 @@ function reset_tripwire {
 
 function format_drive {
     detect_usb_drive
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
     dialog --title $"Format USB drive $USB_DRIVE" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to format drive\n\n    ${USB_DRIVE}\n\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\n\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
+           --yesno $"\\nPlease confirm that you wish to format drive\\n\\n    ${USB_DRIVE}\\n\\nAll current data on the drive will be lost, and you will be prompted to give a password used to encrypt the drive.\\n\\nDANGER: If you screw up here and format the wrong drive it's your own fault!" 16 60
     sel=$?
     case $sel in
-        1) rm $data
-           return;;
-        255) rm $data
-             return;;
+        1) return;;
+        255) return;;
     esac
 
     clear
     echo ''
     echo $"Formatting drive $USB_DRIVE. ALL CONTENTS WILL BE LOST."
     echo ''
-    ${PROJECT_NAME}-format $USB_DRIVE
+    "${PROJECT_NAME}-format" "$USB_DRIVE"
     any_key
-    rm $data
 }
 
 function remove_backups {
     detect_usb_drive
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
     dialog --title $"Remove backups from a USB drive $USB_DRIVE" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to remove backups from this drive\n\n    ${drive}\n\nYou will not be able to recover them afterwards." 12 60
+           --yesno $"\\nPlease confirm that you wish to remove backups from this drive\\n\\n    ${drive}\\n\\nYou will not be able to recover them afterwards." 12 60
     sel=$?
     case $sel in
-        1) rm $data
-           return;;
-        255) rm $data
-             return;;
+        1) return;;
+        255) return;;
     esac
 
     clear
-    ${PROJECT_NAME}-backup-local $USB_DRIVE remove
+    "${PROJECT_NAME}-backup-local" "$USB_DRIVE" remove
     any_key
-    rm $data
 }
 
 function shut_down_system {
     dialog --title $"Power off the system" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to power off the system.\n\nWARNING: to power on again you will need to have physical access to the hardware." 10 60
+           --yesno $"\\nPlease confirm that you wish to power off the system.\\n\\nWARNING: to power on again you will need to have physical access to the hardware." 10 60
     sel=$?
     case $sel in
         1) return;;
@@ -1458,7 +1447,7 @@ function restart_system {
     dialog --title $"Restart the system" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to restart the system.\n\nWARNING: If you are using full disk encryption then you will need physical access to the hardware to type in the password" 10 60
+           --yesno $"\\nPlease confirm that you wish to restart the system.\\n\\nWARNING: If you are using full disk encryption then you will need physical access to the hardware to type in the password" 10 60
     sel=$?
     case $sel in
         1) return;;
@@ -1468,14 +1457,13 @@ function restart_system {
 }
 
 function change_system_name {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Change the name of this system" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Enter a new name for this system on your local network\n\nIt will appear as newname.local' 10 60 2>$data
+           --inputbox $'Enter a new name for this system on your local network\\n\\nIt will appear as newname.local' 10 60 2>"$data"
     sel=$?
     case $sel in
-        0) NEW_SYSTEM_NAME=$(<$data)
+        0) NEW_SYSTEM_NAME=$(<"$data")
            if [ "$NEW_SYSTEM_NAME" ]; then
                if [ ${#NEW_SYSTEM_NAME} -gt 1 ]; then
                    sed -i "s|host-name=.*|host-name=$NEW_SYSTEM_NAME|g" /etc/avahi/avahi-daemon.conf
@@ -1488,14 +1476,14 @@ function change_system_name {
            fi
            ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function set_dynamic_IP {
     revert_to_dynamic=
     dialog --title $"Return to using a dynamic IP address" \
            --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nDo you wish to go back to using a dynamic IP address?" 8 60
+           --yesno $"\\nDo you wish to go back to using a dynamic IP address?" 8 60
     sel=$?
     case $sel in
         0) revert_to_dynamic=1
@@ -1523,46 +1511,44 @@ function set_static_IP {
     NEW_STATIC_IP=
     NEW_STATIC_GATEWAY=
     if [ -f /etc/network/interfaces.d/static ]; then
-        STATIC_IP=$(cat /etc/network/interfaces.d/static | grep "address " | head -n 1 | awk -F ' ' '{print $2}')
-        STATIC_GATEWAY=$(cat /etc/network/interfaces.d/static | grep "gateway " | head -n 1 | awk -F ' ' '{print $2}')
+        STATIC_IP=$(grep "address " /etc/network/interfaces.d/static | head -n 1 | awk -F ' ' '{print $2}')
+        STATIC_GATEWAY=$(grep "gateway " /etc/network/interfaces.d/static | head -n 1 | awk -F ' ' '{print $2}')
     fi
 
     # get the IP for the box
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Set a static local IP address" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"In order to forward incoming internet traffic to this system most internet routers need to know a static local IP address to send the data to.\n\n
-Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_address_base}.x\n\nIf you leave this field blank then the system will revert to using a dynamic IP address." 18 60 "$STATIC_IP" 2>$data
+           --inputbox $"In order to forward incoming internet traffic to this system most internet routers need to know a static local IP address to send the data to.\\n\\n
+Enter a static local IP address for this system.\\n\\nIt will typically be ${IPv4_address_base}.x\\n\\nIf you leave this field blank then the system will revert to using a dynamic IP address." 18 60 "$STATIC_IP" 2>"$data"
     sel=$?
     case $sel in
-        0) NEW_STATIC_IP=$(<$data)
+        0) NEW_STATIC_IP=$(<"$data")
            if [[ "$NEW_STATIC_IP" != *"."* ]]; then
                set_dynamic_IP
-               rm $data
+               rm -f "$data"
                return
            fi
            ;;
-        1) rm $data
+        1) rm -f "$data"
            return;;
     esac
-    rm $data
+    rm -f "$data"
 
     # get the gateway
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Set the IP address of your internet router/modem" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Set the local IP address for your internet router or ADSL modem.\n\nIt will typically be ${IPv4_address_base}.1, ${IPv4_address_base}.254, or similar" 12 60 "$STATIC_GATEWAY" 2>$data
+           --inputbox $"Set the local IP address for your internet router or ADSL modem.\\n\\nIt will typically be ${IPv4_address_base}.1, ${IPv4_address_base}.254, or similar" 12 60 "$STATIC_GATEWAY" 2>"$data"
     sel=$?
     case $sel in
-        0) NEW_STATIC_GATEWAY=$(<$data)
+        0) NEW_STATIC_GATEWAY=$(<"$data")
            if [[ "$NEW_STATIC_GATEWAY" != *"."* ]]; then
-               rm $data
+               rm -f "$data"
                return
            fi
            ;;
-        1) rm $data
+        1) rm -f "$data"
            return;;
     esac
 
@@ -1588,7 +1574,7 @@ Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_
             if [[ $(config_param_exists "WIFI_INTERFACE") == "1" ]]; then
                 dialog --title $"Static local IP address" \
                        --backtitle $"Freedombone Control Panel" \
-                       --yesno $"\nSet a static address for the wifi adapter?\n\nIf you select 'no' then wired ethernet will be used." 10 60
+                       --yesno $"\\nSet a static address for the wifi adapter?\\n\\nIf you select 'no' then wired ethernet will be used." 10 60
                 sel=$?
                 case $sel in
                     0) static_wifi_address=1
@@ -1605,11 +1591,11 @@ Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_
                 # wired network
                 remove_wifi_startup_script
 
-                echo 'auto eth0' > /etc/network/interfaces.d/static
-                echo 'iface eth0 inet static' >> /etc/network/interfaces.d/static
-                echo "    address ${NEW_STATIC_IP}" >> /etc/network/interfaces.d/static
-                echo '    netmask 255.255.255.0' >> /etc/network/interfaces.d/static
-                echo "    gateway ${NEW_STATIC_GATEWAY}" >> /etc/network/interfaces.d/static
+                { echo 'auto eth0';
+                  echo 'iface eth0 inet static';
+                  echo "    address ${NEW_STATIC_IP}";
+                  echo '    netmask 255.255.255.0';
+                  echo "    gateway ${NEW_STATIC_GATEWAY}"; } >> /etc/network/interfaces.d/static
             else
                 # wifi network
                 wifi_settings
@@ -1622,18 +1608,18 @@ Enter a static local IP address for this system.\n\nIt will typically be ${IPv4_
             echo $'If you logged in using the previous IP address then you may need to close this terminal and log in again on the new one.'
 
             function_check pihole_change_ipv4
-            pihole_change_ipv4 ${NEW_STATIC_IP}
+            pihole_change_ipv4 "${NEW_STATIC_IP}"
 
             dialog --title $"Static local IP address" \
                    --backtitle $"Freedombone Control Panel" \
-                   --yesno $"\nFor the change to take effect your system will now need to reboot. Do this now?" 8 60
+                   --yesno $"\\nFor the change to take effect your system will now need to reboot. Do this now?" 8 60
             sel=$?
             case $sel in
                 0) systemctl reboot -i;;
             esac
         fi
     fi
-    rm $data
+    rm -f "$data"
 }
 
 function wifi_settings {
@@ -1644,9 +1630,9 @@ function wifi_settings {
     TEMP_WIFI_NETWORKS_FILE=~/.temp-${PROJECT_NAME}-wifi.cfg
     ${PROJECT_NAME}-wifi --networksinteractive $TEMP_WIFI_NETWORKS_FILE
     if [ -f $TEMP_WIFI_NETWORKS_FILE ]; then
-        cp $TEMP_WIFI_NETWORKS_FILE $WIFI_NETWORKS_FILE
+        cp "$TEMP_WIFI_NETWORKS_FILE" "$WIFI_NETWORKS_FILE"
         rm $TEMP_WIFI_NETWORKS_FILE
-        ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE
+        "${PROJECT_NAME}-wifi" --networks "$WIFI_NETWORKS_FILE"
         create_wifi_startup_script
         if [[ $(wifi_is_running) == "1" ]]; then
             dialog --title $"Wifi Settings" \
@@ -1664,24 +1650,23 @@ function wifi_edit_networks {
     if [ -f /etc/hostapd/hostapd.conf ]; then
         return
     fi
-    if [ ! -f $WIFI_NETWORKS_FILE ]; then
-        echo $'# Add wifi networks as follows:' > $WIFI_NETWORKS_FILE
-        echo '#' >> $WIFI_NETWORKS_FILE
-        echo $'# MySSID' >> $WIFI_NETWORKS_FILE
-        echo $'# wpa2-psk' >> $WIFI_NETWORKS_FILE
-        echo $'# myWifiPassphrase' >> $WIFI_NETWORKS_FILE
-        echo '#' >> $WIFI_NETWORKS_FILE
-        echo $'# AnotherSSID' >> $WIFI_NETWORKS_FILE
-        echo $'# none' >> $WIFI_NETWORKS_FILE
-        echo '#' >> $WIFI_NETWORKS_FILE
+    if [ ! -f "$WIFI_NETWORKS_FILE" ]; then
+        { echo $'# Add wifi networks as follows:';
+          echo '#';
+          echo $'# MySSID';
+          echo $'# wpa2-psk';
+          echo $'# myWifiPassphrase';
+          echo '#';
+          echo $'# AnotherSSID';
+          echo $'# none';
+          echo '#'; } > "$WIFI_NETWORKS_FILE"
     fi
-    editor $WIFI_NETWORKS_FILE
-    ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE
+    editor "$WIFI_NETWORKS_FILE"
+    "${PROJECT_NAME}-wifi" --networks "$WIFI_NETWORKS_FILE"
 }
 
 function hotspot_settings {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Hotspot Settings" \
            --form $"" 10 60 4 \
@@ -1689,25 +1674,24 @@ function hotspot_settings {
            $"SSID:" 2 1 "$WIFI_SSID" 2 24 256 256 \
            $"Type (wpa2-psk/none):" 3 1 "$WIFI_TYPE" 3 24 10 10 \
            $"Passphrase:" 4 1 "$WIFI_PASSPHRASE" 4 24 256 256 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    TEMP_WIFI_HOTSPOT=$(cat $data | sed -n 1p)
-    TEMP_WIFI_SSID=$(cat $data | sed -n 2p)
-    TEMP_WIFI_TYPE=$(cat $data | sed -n 3p)
-    TEMP_WIFI_PASSPHRASE=$(cat $data | sed -n 4p)
+    TEMP_WIFI_HOTSPOT=$(sed -n 1p < "$data")
+    TEMP_WIFI_SSID=$(sed -n 2p < "$data")
+    TEMP_WIFI_TYPE=$(sed -n 3p < "$data")
+    TEMP_WIFI_PASSPHRASE=$(sed -n 4p < "$data")
+    rm -f "$data"
 
     if [ ${#TEMP_WIFI_SSID} -lt 2 ]; then
-        rm $data
         return
     fi
     if [ ${#TEMP_WIFI_TYPE} -lt 2 ]; then
-        rm $data
         return
     fi
 
@@ -1716,22 +1700,20 @@ function hotspot_settings {
         TEMP_WIFI_HOTSPOT='yes'
     else
         TEMP_WIFI_HOTSPOT='no'
-        if [ -f $WIFI_NETWORKS_FILE ]; then
-            WIFI_EXTRA='--networks $WIFI_NETWORKS_FILE'
+        if [ -f "$WIFI_NETWORKS_FILE" ]; then
+            WIFI_EXTRA="--networks $WIFI_NETWORKS_FILE"
         fi
     fi
 
     if [[ $TEMP_WIFI_TYPE != $'none' ]]; then
-        if [ ! $TEMP_WIFI_PASSPHRASE ]; then
+        if [ ! "$TEMP_WIFI_PASSPHRASE" ]; then
             dialog --title $"Wifi Settings" \
                    --msgbox $"No wifi hotspot passphrase was given" 6 40
-            rm $data
             return
         fi
         if [ ${#TEMP_WIFI_PASSPHRASE} -lt 2 ]; then
             dialog --title $"Wifi Settings" \
                    --msgbox $"Wifi hotspot passphrase was too short" 6 40
-            rm $data
             return
         fi
 
@@ -1740,8 +1722,7 @@ function hotspot_settings {
         WIFI_TYPE=$TEMP_WIFI_TYPE
         WIFI_PASSPHRASE=$TEMP_WIFI_PASSPHRASE
 
-        ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT $WIFI_EXTRA
-        if [ ! "$?" = "0" ]; then
+        if ! "${PROJECT_NAME}-wifi" -i "$WIFI_INTERFACE" -s "$WIFI_SSID" -t "$WIFI_TYPE" -p "$WIFI_PASSPHRASE" --hotspot "$WIFI_HOTSPOT" "$WIFI_EXTRA"; then
             echo $"Can't enable wifi hotspot"
             any_key
         fi
@@ -1751,7 +1732,7 @@ function hotspot_settings {
         WIFI_TYPE=$TEMP_WIFI_TYPE
         WIFI_PASSPHRASE=$TEMP_WIFI_PASSPHRASE
 
-        ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE --hotspot $WIFI_HOTSPOT $WIFI_EXTRA
+        "${PROJECT_NAME}-wifi" -i "$WIFI_INTERFACE" -s "$WIFI_SSID" -t "$WIFI_TYPE" --hotspot "$WIFI_HOTSPOT" "$WIFI_EXTRA"
     fi
 
     # store any changes
@@ -1762,14 +1743,13 @@ function hotspot_settings {
 
     dialog --title $"Wifi Settings" \
            --msgbox $"Hotspot settings were changed" 6 40
-    rm $data
 }
 
 function reinstall_mariadb {
     dialog --title $"Reinstall MariaDB" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nThis should be a LAST RESORT, if the mysql daemon won't start. You will lose ALL databases and will then need to restore them from backup.\n\nAre you sure that you wish to continue?" 12 60
+           --yesno $"\\nThis should be a LAST RESORT, if the mysql daemon won't start. You will lose ALL databases and will then need to restore them from backup.\\n\\nAre you sure that you wish to continue?" 12 60
     sel=$?
     case $sel in
         1) return;;
@@ -1787,27 +1767,26 @@ function show_firewall {
     clear
     echo $"Firewall Settings"
     echo ''
-    while read line; do
-        firewall_name=$(echo "$line" | awk -F '=' '{print $1}')
-        firewall_port=$(echo "$line" | awk -F '=' '{print $2}')
-        echo -n -e "$(pad_string ${firewall_name})"
+    while read -r line; do
+        firewall_name=$(awk "$line" -F '=' '{print $1}')
+        firewall_port=$(awk "$line" -F '=' '{print $2}')
+        echo -n -e "$(pad_string "${firewall_name}")"
         echo "${firewall_port}"
-    done < $FIREWALL_CONFIG
+    done < "$FIREWALL_CONFIG"
     any_key
 }
 
 function email_extra_domains {
-    email_hostnames=$(cat /etc/exim4/update-exim4.conf.conf | grep "dc_other_hostnames" | awk -F "'" '{print $2}')
+    email_hostnames=$(grep "dc_other_hostnames" /etc/exim4/update-exim4.conf.conf | awk -F "'" '{print $2}')
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Email Domains" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the list of email domains to use, separated by semicolons" 8 60 $email_hostnames 2>$data
+           --inputbox $"Enter the list of email domains to use, separated by semicolons" 8 60 "$email_hostnames" 2>"$data"
     sel=$?
     case $sel in
         0)
-            emailhostnames=$(<$data)
+            emailhostnames=$(<"$data")
             if [ ${#emailhostnames} -gt 2 ]; then
                 if [[ "$email_hostnames" != "$emailhostnames" ]]; then
                     if [[ "$emailhostnames" == *"."* ]]; then
@@ -1829,7 +1808,7 @@ function email_extra_domains {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function email_smtp_proxy {
@@ -1838,8 +1817,7 @@ function email_smtp_proxy {
         return
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"SMTP Proxy for $ADMIN_USER" \
            --form $"You may need to proxy outgoing email via your ISP's mail server. If so enter the details below." 14 75 6 \
@@ -1849,31 +1827,33 @@ function email_smtp_proxy {
            $"Port:" 4 1 "$SMTP_PROXY_PORT" 4 24 5 5 \
            $"Username:" 5 1 "$SMTP_PROXY_USERNAME" 5 24 40 10000 \
            $"Password:" 6 1 "$SMTP_PROXY_PASSWORD" 6 24 40 10000 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    SMTP_PROXY_ENABLE=$(cat $data | sed -n 1p)
-    SMTP_PROXY_PROTOCOL=$(cat $data | sed -n 2p)
-    SMTP_PROXY_SERVER=$(cat $data | sed -n 3p)
-    SMTP_PROXY_PORT=$(cat $data | sed -n 4p)
-    SMTP_PROXY_USERNAME=$(cat $data | sed -n 5p)
-    SMTP_PROXY_PASSWORD=$(cat $data | sed -n 6p)
-    rm $data
+    SMTP_PROXY_ENABLE=$(sed -n 1p < "$data")
+    SMTP_PROXY_PROTOCOL=$(sed -n 2p < "$data")
+    SMTP_PROXY_SERVER=$(sed -n 3p < "$data")
+    SMTP_PROXY_PORT=$(sed -n 4p < "$data")
+    SMTP_PROXY_USERNAME=$(sed -n 5p < "$data")
+    SMTP_PROXY_PASSWORD=$(sed -n 6p < "$data")
+    rm -f "$data"
 
     # change muttrc
-    if [ $SMTP_PROXY_ENABLE != $'no' ]; then
-        if ! grep -q "set smtp_url" $MUTTRC_FILE; then
-            echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> $MUTTRC_FILE
+    if [ "$SMTP_PROXY_ENABLE" != $'no' ]; then
+        if ! grep -q "set smtp_url" "$MUTTRC_FILE"; then
+            echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> "$MUTTRC_FILE"
         else
-            sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" $MUTTRC_FILE
+            sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" "$MUTTRC_FILE"
         fi
-        sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE
+        sed -i 's|#set smtp_url|set smtp_url|g' "$MUTTRC_FILE"
     else
-        if grep -q "set smtp_url" $MUTTRC_FILE; then
-            sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE
+        if grep -q "set smtp_url" "$MUTTRC_FILE"; then
+            sed -i 's|set smtp_url|#set smtp_url|g' "$MUTTRC_FILE"
         fi
     fi
 
@@ -1889,8 +1869,7 @@ function email_smtp_proxy {
 function menu_backup_restore {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Backup and Restore" \
                --radiolist $"Choose an operation:" 19 70 12 \
@@ -1904,15 +1883,15 @@ function menu_backup_restore {
                8 $"Backup GPG key to USB (fragment keydrive)" off \
                9 $"Format a USB drive (LUKS encrypted)" off \
                10 $"Remove backups from a USB drive" off \
-               11 $"Back to main menu" on 2> $data
+               11 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                break;;
-            255) rm $data
+            255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) backup_data;;
             2) restore_gpg_key;;
             3) restore_data;;
@@ -1923,17 +1902,17 @@ function menu_backup_restore {
             8) create_keydrive_fragment;;
             9) format_drive;;
             10) remove_backups;;
-            11) break;;
+            11) rm -f "$data"
+                break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
 function menu_email {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Email Menu" \
                --radiolist $"Choose an operation:" 15 70 8 \
@@ -1944,15 +1923,15 @@ function menu_email {
                5 $"Block/Unblock email with subject text" off \
                6 $"Outgoing Email Proxy" off \
                7 $"Extra email domains" off \
-               8 $"Back to main menu" on 2> $data
+               8 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                break;;
-            255) rm $data
+            255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) add_to_mailing_list;;
             2) remove_user_from_mailing_list;;
             3) email_rule;;
@@ -1960,25 +1939,25 @@ function menu_email {
             5) block_unblock_subject;;
             6) email_smtp_proxy;;
             7) email_extra_domains;;
-            8) break;;
+            8) rm -f "$data"
+               break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
 function domain_blocking_add {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Block a domain or user" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the domain name or GNU Social/postActiv/Pleroma nick@domain that you wish to block" 8 60 "" 2>$data
+           --inputbox $"Enter the domain name or GNU Social/postActiv/Pleroma nick@domain that you wish to block" 8 60 "" 2>"$data"
     sel=$?
     case $sel in
         0)
-            blocked_domain=$(<$data)
+            blocked_domain=$(<"$data")
             if [ ${#blocked_domain} -gt 2 ]; then
                 if [[ "${blocked_domain}" == *'.'* ]]; then
-                    firewall_block_domain $blocked_domain
+                    firewall_block_domain "$blocked_domain"
                     if [[ "${blocked_domain}" != *'@'* ]]; then
                         dialog --title $"Block a domain" \
                                --msgbox $"The domain $blocked_domain has been blocked" 6 40
@@ -1990,22 +1969,21 @@ function domain_blocking_add {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function ip_blocking_add {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Block an IP address" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>$data
+           --inputbox $"Enter the IP address that you wish to block" 8 60 "" 2>"$data"
     sel=$?
     case $sel in
         0)
-            blocked_ip=$(<$data)
+            blocked_ip=$(<"$data")
             if [ ${#blocked_ip} -gt 2 ]; then
                 if [[ "${blocked_ip}" == *'.'* ]]; then
-                    firewall_block_ip $blocked_ip
+                    firewall_block_ip "$blocked_ip"
                     if [[ "${blocked_ip}" != *'@'* ]]; then
                         dialog --title $"Block an IP address" \
                                --msgbox $"The IP address $blocked_ip has been blocked" 6 40
@@ -2014,22 +1992,21 @@ function ip_blocking_add {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function domain_blocking_remove {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Unblock a domain or user" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the domain name or GNU Social/postActiv nick@domain that you wish to unblock" 8 60 "" 2>$data
+           --inputbox $"Enter the domain name or GNU Social/postActiv nick@domain that you wish to unblock" 8 60 "" 2>"$data"
     sel=$?
     case $sel in
         0)
-            unblocked_domain=$(<$data)
+            unblocked_domain=$(<"$data")
             if [ ${#unblocked_domain} -gt 2 ]; then
                 if [[ "${unblocked_domain}" == *'.'* ]]; then
-                    firewall_unblock_domain $unblocked_domain
+                    firewall_unblock_domain "$unblocked_domain"
                     if [[ "${unblocked_domain}" != *'@'* ]]; then
                         dialog --title $"Unblock a domain" \
                                --msgbox $"The domain $unblocked_domain has been unblocked" 6 40
@@ -2041,22 +2018,21 @@ function domain_blocking_remove {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function ip_blocking_remove {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Unblock an IP address" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>$data
+           --inputbox $"Enter the IP address that you wish to unblock" 8 60 "" 2>"$data"
     sel=$?
     case $sel in
         0)
-            unblocked_ip=$(<$data)
+            unblocked_ip=$(<"$data")
             if [ ${#unblocked_ip} -gt 2 ]; then
                 if [[ "${unblocked_ip}" == *'.'* ]]; then
-                    firewall_unblock_ip $unblocked_ip
+                    firewall_unblock_ip "$unblocked_ip"
                     if [[ "${unblocked_ip}" != *'@'* ]]; then
                         dialog --title $"Unblock an IP address" \
                                --msgbox $"The IP address $unblocked_ip has been unblocked" 6 40
@@ -2065,16 +2041,16 @@ function ip_blocking_remove {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function domain_blocking_show {
-    if [ -f $FIREWALL_DOMAINS ]; then
+    if [ -f "$FIREWALL_DOMAINS" ]; then
         clear
         echo ''
         echo $'The following domains or users have been blocked:'
         echo ''
-        cat $FIREWALL_DOMAINS | sort
+        sort < "$FIREWALL_DOMAINS"
         any_key
     else
         dialog --title $"Show blocked domains or users" \
@@ -2085,8 +2061,7 @@ function domain_blocking_show {
 function domain_blocking {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Domain or User Blocking" \
                --radiolist $"Choose an operation:" 14 60 6 \
@@ -2095,32 +2070,31 @@ function domain_blocking {
                3 $"Block an IP address" off \
                4 $"Unblock an IP address" off \
                5 $"Show blocked domains and users" off \
-               6 $"Back to main menu" on 2> $data
+               6 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                break;;
-            255) rm $data
+            255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) domain_blocking_add;;
             2) domain_blocking_remove;;
             3) ip_blocking_add;;
             4) ip_blocking_remove;;
             5) domain_blocking_show;;
-            6) rm $data
+            6) rm -f "$data"
                break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
 function menu_users {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Manage Users" \
                --radiolist $"Choose an operation:" 13 70 6 \
@@ -2129,24 +2103,24 @@ function menu_users {
                3 $"Change user password" off \
                4 $"Change user ssh public key" off \
                5 $"Reset password tries" off \
-               6 $"Back to main menu" on 2> $data
+               6 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                break;;
-            255) rm $data
+            255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) add_user;;
             2) delete_user;;
             3) change_password;;
             4) change_ssh_public_key;;
             5) reset_password_tries;;
-            6) rm $data
+            6) rm -f "$data"
                break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
@@ -2155,48 +2129,47 @@ function wifi_enable {
     dialog --title $"Enable Wifi" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \
-           --yesno $"\nDo you wish to enable wifi?" 10 50
+           --yesno $"\\nDo you wish to enable wifi?" 10 50
     sel=$?
     case $sel in
         0) disable_wifi='no';;
         1) disable_wifi='yes';;
         255) return;;
     esac
-    ${PROJECT_NAME}-wifi --disable $disable_wifi
+    "${PROJECT_NAME}-wifi" --disable $disable_wifi
 }
 
 function add_clacks {
     clacks=
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Add Clacks Overhead" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"" 7 60 2>$data
+           --inputbox $"" 7 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            clacks=$(<$data)
+            clacks=$(<"$data")
             if [ ${#clacks} -gt 1 ]; then
 
-                WEB_FILES=/etc/nginx/sites-available/*
+                WEB_FILES="/etc/nginx/sites-available/*"
                 for f in $WEB_FILES
                 do
-                    if grep -q "X-Clacks-Overhead" $f; then
-                        sed -i "s|X-Clacks-Overhead .*|X-Clacks-Overhead \"GNU $clacks\";|g" $f
+                    if grep -q "X-Clacks-Overhead" "$f"; then
+                        sed -i "s|X-Clacks-Overhead .*|X-Clacks-Overhead \"GNU $clacks\";|g" "$f"
                     else
-                        sed -i "/X-Content-Type-Options/a add_header X-Clacks-Overhead \"GNU $clacks\";" $f
+                        sed -i "/X-Content-Type-Options/a add_header X-Clacks-Overhead \"GNU $clacks\";" "$f"
                     fi
                 done
 
                 systemctl restart nginx
 
                 dialog --title $"Add Clacks Overhead" \
-                       --msgbox $"\nAdded for $clacks" 10 60
+                       --msgbox $"\\nAdded for $clacks" 10 60
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function menu_wifi {
@@ -2217,32 +2190,31 @@ function menu_wifi {
             fi
         fi
 
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Wifi Menu" \
-               --radiolist $"${status_str}\n\nChoose an operation:" 14 70 6 \
+               --radiolist $"${status_str}\\n\\nChoose an operation:" 14 70 6 \
                1 $"Enable or disable Wifi" off \
                2 $"Configure wifi networks" off \
                3 $"Manually edit wifi networks file" off \
                4 $"Hotspot settings" off \
-               5 $"Exit" on 2> $data
+               5 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                break;;
-            255) rm $data
+            255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) wifi_enable;;
             2) wifi_settings;;
             3) wifi_edit_networks;;
             4) hotspot_settings;;
-            5) rm $data
+            5) rm -f "$data"
                break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
@@ -2256,13 +2228,13 @@ function menu_app_settings {
     for a in "${APPS_AVAILABLE[@]}"
     do
         if [[ ${APPS_INSTALLED[$app_index]} != "0" ]]; then
-            if [[ $(function_exists configure_interactive_${a}) == "1" ]]; then
+            if [[ $(function_exists "configure_interactive_${a}") == "1" ]]; then
                 applist="$applist $n $a off"
-                n=$[n+1]
+                n=$((n+1))
                 appnames+=("$a")
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
     if [ $n -le 1 ]; then
         return
@@ -2274,13 +2246,14 @@ function menu_app_settings {
     choice=$(dialog --stdout --backtitle $"Freedombone" \
                     --title $"Change settings for an App" \
                     --radiolist $'Choose:' \
-                    26 40 30 $applist)
+                    26 40 30 "$applist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
-        app_index=$[choice-1]
+        app_index=$((choice-1))
         chosen_app=${appnames[$app_index]}
         if [[ $chosen_app != "Exit" ]]; then
-            configure_interactive_${chosen_app}
+            "configure_interactive_${chosen_app}"
         fi
     fi
 }
@@ -2288,8 +2261,7 @@ function menu_app_settings {
 function menu_top_level {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Control Panel" \
                --title $"Control Panel" \
                --radiolist $"Choose an operation:" 30 70 22 \
@@ -2314,16 +2286,16 @@ function menu_top_level {
                19 $"Check for updates" off \
                20 $"Power off the system" off \
                21 $"Restart the system" off \
-               22 $"Exit" on 2> $data
+               22 $"Exit" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                exit 1;;
-            255) rm $data
+            255) rm -f "$data"
                  exit 1;;
         esac
         please_wait
-        case $(cat $data) in
+        case $(cat "$data") in
             1) show_about;;
             2) view_or_change_passwords;;
             3) menu_backup_restore;;
@@ -2332,8 +2304,7 @@ function menu_top_level {
                any_key_verify;;
             6) reset_tripwire;;
             7) menu_app_settings;;
-            8) /usr/local/bin/addremove
-               if [ ! "$?" = "0" ]; then
+            8) if ! /usr/local/bin/addremove; then
                    any_key
                fi
                ;;
@@ -2350,14 +2321,14 @@ function menu_top_level {
             19) check_for_updates;;
             20) shut_down_system;;
             21) restart_system;;
-            22) rm $data
+            22) rm -f "$data"
                 break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
-if [ ! -f $COMPLETION_FILE ]; then
+if [ ! -f "$COMPLETION_FILE" ]; then
     echo $'This command should only be run on an installed Freedombone system'
     exit 1
 fi
diff --git a/src/freedombone-controlpanel-user b/src/freedombone-controlpanel-user
index 7e35a211..979b06c8 100755
--- a/src/freedombone-controlpanel-user
+++ b/src/freedombone-controlpanel-user
@@ -34,17 +34,17 @@ export TEXTDOMAIN=${PROJECT_NAME}-controlpanel-user
 export TEXTDOMAINDIR="/usr/share/locale"
 
 MY_EMAIL_ADDRESS=$USER@$HOSTNAME
-GPG_ID=$(gpg --list-keys $MY_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
+GPG_ID=$(gpg --list-keys "$MY_EMAIL_ADDRESS" | sed -n '2p' | sed 's/^[ \t]*//')
 GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
 
 # If the default key is specified within gpg.conf
 if [ -f ~/.gnupg/gpg.conf ]; then
     if grep -q "default-key" ~/.gnupg/gpg.conf; then
-        default_gpg_key=$(cat ~/.gnupg/gpg.conf | grep "default-key")
+        default_gpg_key=$(grep "default-key" ~/.gnupg/gpg.conf)
         if [[ "$default_gpg_key" != *'#'* ]]; then
-            default_gpg_key=$(cat ~/.gnupg/gpg.conf | grep "default-key" | awk -F ' ' '{print $2}')
+            default_gpg_key=$(grep "default-key" ~/.gnupg/gpg.conf | awk -F ' ' '{print $2}')
             if [ ${#default_gpg_key} -gt 3 ]; then
-                GPG_ID=$(gpg --list-keys $default_gpg_key | sed -n '2p' | sed 's/^[ \t]*//')
+                GPG_ID=$(gpg --list-keys "$default_gpg_key" | sed -n '2p' | sed 's/^[ \t]*//')
             fi
         fi
     fi
@@ -52,27 +52,29 @@ fi
 
 # Start including files
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+  source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-  source $f
+  source "$f"
 done
 
 # End including files
 
 function any_key {
     echo ' '
+    # shellcheck disable=SC2034
     read -n1 -r -p $"Press any key to continue..." key
 }
 
 function remove_user_from_mailing_list {
-    USER_MAILING_LISTS=$(cat "/home/$USER/.procmailrc" | grep '\[' | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}')
+    # shellcheck disable=SC1003
+    USER_MAILING_LISTS=$(grep '\[' "/home/$USER/.procmailrc" | grep '\]' | awk -F '\[' '{print $2}' | awk -F '\\' '{print $1}')
 
     i=0
     W=()
@@ -80,19 +82,20 @@ function remove_user_from_mailing_list {
     while read -r listname; do
         i=$((i+1))
         if [[ "$listname" != *']'* && "$listname" != *'['* ]]; then
-            W+=($i "$listname")
+            W+=("$i" "$listname")
             list_name+=("$listname")
-            echo $listname
+            echo "$listname"
         fi
     done <<< "$USER_MAILING_LISTS"
 
     i=$((i+1))
-    W+=($i $"Exit back to filtering rules menu")
+    W+=("$i" $"Exit back to filtering rules menu")
 
     list_selected=$(dialog --default-item "$i" --backtitle $"Freedombone User Control Panel" --title $"Remove yourself from a mailing list" --menu $"Select one of the following:" 24 50 17 "${W[@]}" 3>&2 2>&1 1>&3)
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then # Exit with OK
-        if [ ${list_selected} -ne ${i} ]; then
+        if [ "${list_selected}" -ne "${i}" ]; then
             remove_list_name="${list_name[$((list_selected-1))]}"
 
             # find the line number where the list is defined
@@ -100,7 +103,7 @@ function remove_user_from_mailing_list {
             i=0
             while read -r line
             do
-                if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then
+                if [[ "$line" == *"\\[${remove_list_name}\\]"* ]]; then
                     line_number=${i}
                 fi
                 i=$((i+1))
@@ -112,8 +115,8 @@ function remove_user_from_mailing_list {
             fi
 
             # recreate the file
-            if [ -f /home/${USER}/.procmailrc_new ]; then
-                rm /home/${USER}/.procmailrc_new
+            if [ -f "/home/${USER}/.procmailrc_new" ]; then
+                rm "/home/${USER}/.procmailrc_new"
             fi
             i=0
             clip=0
@@ -141,15 +144,15 @@ function remove_user_from_mailing_list {
                     fi
                 fi
 
-                echo "$line" >> /home/${USER}/.procmailrc_new
+                echo "$line" >> "/home/${USER}/.procmailrc_new"
 
-                if [[ "$line" == *"\[${remove_list_name}\\]"* ]]; then
+                if [[ "$line" == *"\\[${remove_list_name}\\]"* ]]; then
                     line_number=${i}
                 fi
             done < "/home/$USER/.procmailrc"
-            cp /home/${USER}/.procmailrc_new /home/${USER}/.procmailrc
-            rm /home/${USER}/.procmailrc_new
-            chown ${USER}:${USER} /home/${USER}/.procmailrc
+            cp "/home/${USER}/.procmailrc_new" "/home/${USER}/.procmailrc"
+            rm "/home/${USER}/.procmailrc_new"
+            chown "${USER}":"${USER}" "/home/${USER}/.procmailrc"
             dialog --title $"Remove yourself from mailing list" \
                    --msgbox $"You have been removed from ${remove_list_name}" 6 50
         fi
@@ -157,27 +160,26 @@ function remove_user_from_mailing_list {
 }
 
 function add_to_mailing_list {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Subscribe to a mailing list" \
-           --form $"You can either enter a subject or an email address\n" 11 68 4 \
+           --form $"You can either enter a subject or an email address\\n" 11 68 4 \
            $"List folder name:" 1 1 "" 1 35 26 25 \
            $"Name between [] on subject line:" 2 1 "" 2 35 26 25 \
            $"List email address:" 3 1 "" 3 35 26 25 \
            $"Public:" 4 1 $"yes" 4 35 4 25 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    LIST_NAME=$(cat $data | sed -n 1p)
-    LIST_SUBJECT=$(cat $data | sed -n 2p)
-    LIST_EMAIL=$(cat $data | sed -n 3p)
-    LIST_PUBLIC=$(cat $data | sed -n 4p)
+    LIST_NAME=$(sed -n 1p < "$data")
+    LIST_SUBJECT=$(sed -n 2p < "$data")
+    LIST_EMAIL=$(sed -n 3p < "$data")
+    LIST_PUBLIC=$(sed -n 4p < "$data")
 
     if [ ${#LIST_PUBLIC} -lt 1 ]; then
         LIST_PUBLIC='no'
@@ -190,57 +192,56 @@ function add_to_mailing_list {
     if [ ${#LIST_NAME} -lt 2 ]; then
         dialog --title $"Add mailing list" \
                --msgbox $"No mailing list name was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [ ${#LIST_SUBJECT} -lt 2 ]; then
         if [ ${#LIST_EMAIL} -lt 2 ]; then
             dialog --title $"Add mailing list" \
                    --msgbox $"No mailing list subject or address was given" 6 40
-            rm $data
+            rm -f "$data"
             return
         fi
     fi
     if [ ${#LIST_SUBJECT} -gt 1 ]; then
-        ${PROJECT_NAME}-addlist -u $USER -l "$LIST_NAME" \
-                       -s "$LIST_SUBJECT" --public $LIST_PUBLIC
+        "${PROJECT_NAME}-addlist" -u "$USER" -l "$LIST_NAME" \
+                       -s "$LIST_SUBJECT" --public "$LIST_PUBLIC"
     else
         if [[ "$LIST_EMAIL" != *"@"* || "$LIST_EMAIL" != *"."* ]]; then
             dialog --title $"Add mailing list" \
                    --msgbox $"Unrecognised email address" 6 40
-            rm $data
+            rm -f "$data"
             return
         else
-            ${PROJECT_NAME}-addlist -u $USER -l "$LIST_NAME" \
-                           -e "$LIST_EMAIL" --public $LIST_PUBLIC
+            "${PROJECT_NAME}-addlist" -u "$USER" -l "$LIST_NAME" \
+                           -e "$LIST_EMAIL" --public "$LIST_PUBLIC"
         fi
     fi
 
     dialog --title $"Add mailing list" \
            --msgbox $"$LIST_NAME list was added" 6 40
-    rm $data
+    rm -f "$data"
 }
 
 function email_rule_address {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Create an email rule" \
-           --form "\n" 9 65 4 \
+           --form "\\n" 9 65 4 \
            $"When email arrives from address:" 1 1 "" 1 35 24 28 \
            $"Move to folder:" 2 1 "" 2 35 24 28 \
            $"Public:" 3 1 $"no" 3 35 4 25 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    RULE_EMAIL=$(cat $data | sed -n 1p)
-    RULE_FOLDER=$(cat $data | sed -n 2p)
-    RULE_PUBLIC=$(cat $data | sed -n 3p)
+    RULE_EMAIL=$(sed -n 1p < "$data")
+    RULE_FOLDER=$(sed -n 2p < "$data")
+    RULE_PUBLIC=$(sed -n 3p < "$data")
 
     if [ ${#RULE_PUBLIC} -lt 1 ]; then
         RULE_PUBLIC='no'
@@ -253,27 +254,27 @@ function email_rule_address {
     if [ ${#RULE_EMAIL} -lt 2 ]; then
         dialog --title $"Create an email rule" \
                --msgbox $"No email address was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [ ${#RULE_FOLDER} -lt 2 ]; then
         dialog --title $"Create an email rule" \
                --msgbox $"No folder name was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [[ "$RULE_EMAIL" != *"@"* || "$RULE_EMAIL" != *"."* ]]; then
         dialog --title $"Create an email rule" \
                --msgbox $"Unrecognised email address" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
 
-    ${PROJECT_NAME}-addemail -u $USER -e "$RULE_EMAIL" \
+    "${PROJECT_NAME}-addemail" -u "$USER" -e "$RULE_EMAIL" \
                    -g "$RULE_FOLDER" --public $RULE_PUBLIC
     dialog --title $"Create an email rule" \
            --msgbox $"Email rule for $RULE_EMAIL was added" 6 40
-    rm $data
+    rm -f "$data"
 }
 
 function gpg_set_trust {
@@ -281,8 +282,7 @@ function gpg_set_trust {
     fpr=$(gpg --with-colons --fingerprint "$TRUST_ADDRESS" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
     if [ ${#fpr} -gt 2 ]; then
 
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"Trust a PGP/GPG key or website domain" \
                --radiolist $"Set the trust level for $TRUST_ADDRESS:" 18 70 10 \
@@ -290,19 +290,18 @@ function gpg_set_trust {
                2 $"I do NOT trust" off \
                3 $"I trust marginally" on \
                4 $"I trust fully" off \
-               5 $"I trust ultimately" off 2> $data
+               5 $"I trust ultimately" off 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                return;;
-            255) rm $data
+            255) rm -f "$data"
                  return;;
         esac
-        TRUST_LEVEL=$(cat $data)
-        if [ ${TRUST_LEVEL} -ge 1 ] ; then
-            if [ ${TRUST_LEVEL} -le 5 ] ; then
-                echo -e "trust\n${TRUST_LEVEL}\ny\nsave\n" | gpg --command-fd 0 --edit-key $fpr
-                if [ "$?" = "0" ]; then
+        TRUST_LEVEL=$(cat "$data")
+        if [ "${TRUST_LEVEL}" -ge 1 ] ; then
+            if [ "${TRUST_LEVEL}" -le 5 ] ; then
+                if echo -e "trust\\n${TRUST_LEVEL}\\ny\\nsave\\n" | gpg --command-fd 0 --edit-key "$fpr"; then
                     gpg --update-trustdb
                     dialog --title $"Trust a PGP/GPG key or website domain" \
                            --backtitle $"Freedombone User Control Panel" \
@@ -310,30 +309,29 @@ function gpg_set_trust {
                 fi
             fi
         fi
-        rm $data
+        rm -f "$data"
     fi
 }
 
 function email_rule_subject {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Create an email rule" \
-           --form "\n" 9 75 4 \
+           --form "\\n" 9 75 4 \
            $"When email arrives with subject containing:" 1 1 "" 1 45 24 28 \
            $"Move to folder:" 2 1 "" 2 45 24 28 \
            $"Public:" 3 1 $"no" 3 45 4 25 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    RULE_SUBJECT=$(cat $data | sed -n 1p)
-    RULE_FOLDER=$(cat $data | sed -n 2p)
-    RULE_PUBLIC=$(cat $data | sed -n 3p)
+    RULE_SUBJECT=$(sed -n 1p < "$data")
+    RULE_FOLDER=$(sed -n 2p < "$data")
+    RULE_PUBLIC=$(sed -n 3p < "$data")
 
     if [ ${#RULE_PUBLIC} -lt 1 ]; then
         RULE_PUBLIC='no'
@@ -346,42 +344,41 @@ function email_rule_subject {
     if [ ${#RULE_SUBJECT} -lt 2 ]; then
         dialog --title $"Create an email rule" \
                --msgbox $"No subject text was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [ ${#RULE_FOLDER} -lt 2 ]; then
         dialog --title $"Create an email rule" \
                --msgbox $"No folder name was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
 
-    ${PROJECT_NAME}-addemail -u $USER -s "$RULE_SUBJECT" \
-                   -g "$RULE_FOLDER" --public $RULE_PUBLIC
+    "${PROJECT_NAME}-addemail" -u "$USER" -s "$RULE_SUBJECT" \
+                   -g "$RULE_FOLDER" --public "$RULE_PUBLIC"
     dialog --title $"Create an email rule" \
            --msgbox $"Email rule for subject '$RULE_SUBJECT' was added" 6 40
-    rm $data
+    rm -f "$data"
 }
 
 function block_unblock_email {
     blockstr=$"Block or unblock emails from a given address"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title "$blockstr" \
-           --form "\n" 8 65 3 \
+           --form "\\n" 8 65 3 \
            $"When email arrives from address:" 1 1 "" 1 35 24 100 \
            $"Block it:" 2 1 "yes" 2 35 4 4 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    BLOCK_EMAIL=$(cat $data | sed -n 1p)
-    BLOCK=$(cat $data | sed -n 2p)
+    BLOCK_EMAIL=$(sed -n 1p < "$data")
+    BLOCK=$(sed -n 2p < "$data")
     if [ ${#BLOCK_EMAIL} -lt 2 ]; then
         dialog --title "$blockstr" \
                --msgbox $"No email address was given" 6 40
@@ -390,64 +387,63 @@ function block_unblock_email {
     if [[ "$BLOCK_EMAIL" != *"@"* || "$BLOCK_EMAIL" != *"."* ]]; then
         dialog --title "$blockstr" \
                --msgbox $"Unrecognised email address" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then
-        ${PROJECT_NAME}-ignore -u $USER -e "$BLOCK_EMAIL"
+        "${PROJECT_NAME}-ignore" -u "$USER" -e "$BLOCK_EMAIL"
         dialog --title $"Block an email" \
                --msgbox "Email from $BLOCK_EMAIL is now blocked" 6 75
     else
-        ${PROJECT_NAME}-unignore -u $USER -e "$BLOCK_EMAIL"
+        "${PROJECT_NAME}-unignore" -u "$USER" -e "$BLOCK_EMAIL"
         dialog --title $"Unblock an email" \
                --msgbox "Email from $BLOCK_EMAIL is now unblocked" 6 75
     fi
-    rm $data
+    rm -f "$data"
 }
 
 function block_unblock_subject {
     blockstr=$"Block or unblock emails with text in the subject line"
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone User Control Panel" \
            --title "$blockstr" \
-           --form "\n" 8 70 3 \
+           --form "\\n" 8 70 3 \
            $"When email arrives with subject text:" 1 1 "" 1 40 24 28 \
            $"Block it:" 2 1 "yes" 2 40 4 4 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    BLOCK_SUBJECT=$(cat $data | sed -n 1p)
-    BLOCK=$(cat $data | sed -n 2p)
+    BLOCK_SUBJECT=$(sed -n 1p < "$data")
+    BLOCK=$(sed -n 2p < "$data")
     if [ ${#BLOCK_SUBJECT} -lt 2 ]; then
         dialog --title "$blockstr" \
                --msgbox $"No subject was given" 6 40
-        rm $data
+        rm -f "$data"
         return
     fi
     if [[ $BLOCK == "y"* || $BLOCK == "Y"* ]]; then
-        ${PROJECT_NAME}-ignore -u $USER -t "$BLOCK_SUBJECT"
+        "${PROJECT_NAME}-ignore" -u "$USER" -t "$BLOCK_SUBJECT"
         dialog --title $"Block an email" \
                --msgbox $"Email with subject $BLOCK_SUBJECT is now blocked" 6 40
     else
-        ${PROJECT_NAME}-unignore -u $USER -t "$BLOCK_SUBJECT"
+        "${PROJECT_NAME}-unignore" -u "$USER" -t "$BLOCK_SUBJECT"
         dialog --title $"Unblock an email" \
                --msgbox $"Email with subject $BLOCK_SUBJECT is now unblocked" 6 40
     fi
-    rm $data
+    rm -f "$data"
 }
 
 function show_gpg_key {
-    GPG_FINGERPRINT=$(gpg --fingerprint $GPG_ID | sed -n '2p' | sed 's/^[ \t]*//')
-    GPG_DATE=$(gpg --fingerprint $GPG_ID | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
+    GPG_FINGERPRINT=$(gpg --fingerprint "$GPG_ID" | sed -n '2p' | sed 's/^[ \t]*//')
+    GPG_DATE=$(gpg --fingerprint "$GPG_ID" | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
     dialog --title $"My PGP/GPG Key" \
            --backtitle $"Freedombone User Control Panel" \
-           --msgbox $"Email Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE" 12 70
+           --msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70
 }
 
 function show_full_gpg_key {
@@ -455,18 +451,18 @@ function show_full_gpg_key {
     echo ''
     echo ''
     echo ''
-    gpg --armor --export $GPG_ID
+    gpg --armor --export "$GPG_ID"
     echo ''
     echo ''
     echo ''
-    gpg --armor --export-secret-key $GPG_ID
+    gpg --armor --export-secret-key "$GPG_ID"
     any_key
 }
 
 function publish_gpg_key {
-    gpg --send-key $GPG_ID
-    if [ $GPG_BACKUP_ID ]; then
-        gpg --send-key $GPG_BACKUP_ID
+    gpg --send-key "$GPG_ID"
+    if [ "$GPG_BACKUP_ID" ]; then
+        gpg --send-key "$GPG_BACKUP_ID"
     fi
     dialog --title $"Publish your PGP/GPG key" \
            --msgbox $"Your key has now been published" 6 40
@@ -479,15 +475,14 @@ function refresh_gpg_keys {
 }
 
 function add_gpg_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Enter email address, Key ID or full key below" \
            --backtitle $"Freedombone User Control Panel" \
-           --editbox $data 8 60 2>$data
+           --editbox "$data" 8 60
     sel=$?
     case $sel in
         0)
-            ADD_EMAIL_ADDRESS=$(<$data)
+            ADD_EMAIL_ADDRESS=$(<"$data")
             if [ ${#ADD_EMAIL_ADDRESS} -gt 2 ]; then
 
                 address_is_valid=
@@ -522,24 +517,23 @@ function add_gpg_key {
             fi
             ;;
     esac
-    rm $data
+    rm "$data"
 }
 
 function remove_gpg_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove someone's PGP/GPG key" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"Enter their email address or key ID below" 8 60 2>$data
+           --inputbox $"Enter their email address or key ID below" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            REMOVE_EMAIL_ADDRESS=$(<$data)
+            REMOVE_EMAIL_ADDRESS=$(<"$data")
             if [ ${#REMOVE_EMAIL_ADDRESS} -gt 2 ]; then
                 if [[ $REMOVE_EMAIL_ADDRESS == *"@"* && $REMOVE_EMAIL_ADDRESS == *"."* ]]; then
-                    if [[ $REMOVE_EMAIL_ADDRESS != $MY_EMAIL_ADDRESS ]]; then
+                    if [[ "$REMOVE_EMAIL_ADDRESS" != "$MY_EMAIL_ADDRESS" ]]; then
                         clear
-                        gpg --delete-key $REMOVE_EMAIL_ADDRESS
+                        gpg --delete-key "$REMOVE_EMAIL_ADDRESS"
                     else
                         dialog --title $"Remove someone's PGP/GPG key" \
                                --backtitle $"Freedombone User Control Panel" \
@@ -548,7 +542,7 @@ function remove_gpg_key {
                 else
                     if [[ $REMOVE_EMAIL_ADDRESS == "0x"* ]]; then
                         clear
-                        gpg --delete-key $REMOVE_EMAIL_ADDRESS
+                        gpg --delete-key "$REMOVE_EMAIL_ADDRESS"
                     else
                         dialog --title $"Unrecognised email address" \
                                --backtitle $"Freedombone User Control Panel" \
@@ -558,29 +552,28 @@ function remove_gpg_key {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function add_ssh_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Add an ssh key for logging in" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"This will allow you to log into ${PROJECT_NAME} if you have an ssh key on your system, and provides much stronger security than simply using a login password.\n\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>$data
+           --inputbox $"This will allow you to log into ${PROJECT_NAME} if you have an ssh key on your system, and provides much stronger security than simply using a login password.\\n\\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            SSH_PUBLIC_KEY=$(<$data)
+            SSH_PUBLIC_KEY=$(<"$data")
             if [ ${#SSH_PUBLIC_KEY} -gt 20 ]; then
                 if [[ "$SSH_PUBLIC_KEY" == "ssh-"* ]]; then
-                    if [ ! -d /home/$USER/.ssh ]; then
-                        mkdir /home/$USER/.ssh
+                    if [ ! -d "/home/$USER/.ssh" ]; then
+                        mkdir "/home/$USER/.ssh"
                     fi
-                    if [ ! -f /home/$USER/.ssh/authorized_keys ]; then
-                        touch /home/$USER/.ssh/authorized_keys
+                    if [ ! -f "/home/$USER/.ssh/authorized_keys" ]; then
+                        touch "/home/$USER/.ssh/authorized_keys"
                     fi
-                    if ! grep -q "$SSH_PUBLIC_KEY" /home/$USER/.ssh/authorized_keys; then
-                        echo "$SSH_PUBLIC_KEY" >> /home/$USER/.ssh/authorized_keys
+                    if ! grep -q "$SSH_PUBLIC_KEY" "/home/$USER/.ssh/authorized_keys"; then
+                        echo "$SSH_PUBLIC_KEY" >> "/home/$USER/.ssh/authorized_keys"
                         dialog --title $"New ssh key added" \
                                --backtitle $"Freedombone User Control Panel" \
                                --msgbox $"Your ssh key has now been added" 6 50
@@ -597,22 +590,21 @@ function add_ssh_key {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function remove_ssh_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove an ssh key for logging in" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"Enter the ssh public key which is to be removed. This can be just the address at the end.\n\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>$data
+           --inputbox $"Enter the ssh public key which is to be removed. This can be just the address at the end.\\n\\nWARNING: If you make any mistakes here then you may not be able to log in and will need to get the administrator to clear your ssh authorized_keys file." 15 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            SSH_PUBLIC_KEY=$(<$data)
+            SSH_PUBLIC_KEY=$(<"$data")
             if [ ${#SSH_PUBLIC_KEY} -gt 5 ]; then
-                if [ -f /home/$USER/.ssh/authorized_keys ]; then
-                    sed -i "s|.*${SSH_PUBLIC_KEY}.*||g" /home/$USER/.ssh/authorized_keys
+                if [ -f "/home/$USER/.ssh/authorized_keys" ]; then
+                    sed -i "s|.*${SSH_PUBLIC_KEY}.*||g" "/home/$USER/.ssh/authorized_keys"
                     dialog --title $"Remove an ssh public key" \
                            --backtitle $"Freedombone User Control Panel" \
                            --msgbox $"The ssh key has been removed" 6 50
@@ -620,12 +612,12 @@ function remove_ssh_key {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function smtp_proxy {
     MUTTRC_FILE=/home/$USER/.muttrc
-    if [ ! -f $MUTTRC_FILE ]; then
+    if [ ! -f "$MUTTRC_FILE" ]; then
         return
     fi
     SMTP_PROXY_ENABLE=$'no'
@@ -635,21 +627,20 @@ function smtp_proxy {
     SMTP_PROXY_USERNAME=''
     SMTP_PROXY_PASSWORD=''
 
-    if grep -q "set smtp_url" $MUTTRC_FILE; then
-        if grep -q "#set smtp_url" $MUTTRC_FILE; then
+    if grep -q "set smtp_url" "$MUTTRC_FILE"; then
+        if grep -q "#set smtp_url" "$MUTTRC_FILE"; then
             SMTP_PROXY_ENABLE=$'no'
         else
             SMTP_PROXY_ENABLE=$'yes'
         fi
-        SMTP_PROXY_PROTOCOL=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F ':' '{print $1}')
-        SMTP_PROXY_SERVER=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $2}')
-        SMTP_PROXY_PORT=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F ':' '{print $4}' | awk -F '/' '{print $1}')
-        SMTP_PROXY_USERNAME=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $1}')
-        SMTP_PROXY_PASSWORD=$(cat $MUTTRC_FILE | grep "set smtp_url" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $1}')
+        SMTP_PROXY_PROTOCOL=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F ':' '{print $1}')
+        SMTP_PROXY_SERVER=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $2}')
+        SMTP_PROXY_PORT=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F ':' '{print $4}' | awk -F '/' '{print $1}')
+        SMTP_PROXY_USERNAME=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $1}')
+        SMTP_PROXY_PASSWORD=$(grep "set smtp_url" "$MUTTRC_FILE" | awk -F '"' '{print $2}' | awk -F '/' '{print $3}' | awk -F ':' '{print $2}' | awk -F '@' '{print $1}')
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"SMTP Proxy for $USER" \
            --form $"You may need to proxy outgoing email via your ISP's mail server. If so enter the details below." 14 75 6 \
@@ -659,54 +650,52 @@ function smtp_proxy {
            $"Port:" 4 1 "$SMTP_PROXY_PORT" 4 24 5 5 \
            $"Username:" 5 1 "$SMTP_PROXY_USERNAME" 5 24 40 10000 \
            $"Password:" 6 1 "$SMTP_PROXY_PASSWORD" 6 24 40 10000 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) rm $data
+        1) rm -f "$data"
            return;;
-        255) rm $data
+        255) rm -f "$data"
              return;;
     esac
-    SMTP_PROXY_ENABLE=$(cat $data | sed -n 1p)
-    SMTP_PROXY_PROTOCOL=$(cat $data | sed -n 2p)
-    SMTP_PROXY_SERVER=$(cat $data | sed -n 3p)
-    SMTP_PROXY_PORT=$(cat $data | sed -n 4p)
-    SMTP_PROXY_USERNAME=$(cat $data | sed -n 5p)
-    SMTP_PROXY_PASSWORD=$(cat $data | sed -n 6p)
+    SMTP_PROXY_ENABLE=$(sed -n 1p < "$data")
+    SMTP_PROXY_PROTOCOL=$(sed -n 2p < "$data")
+    SMTP_PROXY_SERVER=$(sed -n 3p < "$data")
+    SMTP_PROXY_PORT=$(sed -n 4p < "$data")
+    SMTP_PROXY_USERNAME=$(sed -n 5p < "$data")
+    SMTP_PROXY_PASSWORD=$(sed -n 6p < "$data")
 
     # change muttrc
-    if [ $SMTP_PROXY_ENABLE != $'no' ]; then
-        if ! grep -q "set smtp_url" $MUTTRC_FILE; then
-            echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> $MUTTRC_FILE
+    if [ "$SMTP_PROXY_ENABLE" != $'no' ]; then
+        if ! grep -q "set smtp_url" "$MUTTRC_FILE"; then
+            echo "set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"" >> "$MUTTRC_FILE"
         else
-            sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" $MUTTRC_FILE
+            sed -i "s|set smtp_url=.*|set smtp_url=\"${SMTP_PROXY_PROTOCOL}://${SMTP_PROXY_USERNAME}:${SMTP_PROXY_PASSWORD}@${SMTP_PROXY_SERVER}:${SMTP_PROXY_PORT}/\"|g" "$MUTTRC_FILE"
         fi
-        sed -i 's|#set smtp_url|set smtp_url|g' $MUTTRC_FILE
+        sed -i 's|#set smtp_url|set smtp_url|g' "$MUTTRC_FILE"
     else
-        if grep -q "set smtp_url" $MUTTRC_FILE; then
-            sed -i 's|set smtp_url|#set smtp_url|g' $MUTTRC_FILE
+        if grep -q "set smtp_url" "$MUTTRC_FILE"; then
+            sed -i 's|set smtp_url|#set smtp_url|g' "$MUTTRC_FILE"
         fi
     fi
-    rm $data
+    rm -f "$data"
 }
 
 function sign_gpg_key {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Sign a PGP/GPG key or website domain" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"Enter the Key ID, address or domain to be signed.\n\nIf you are signing a website domain then include the https:// at the beginning.\n\nIf you are signing an ssh key then include ssh:// before the domain name." 14 75 2>$data
+           --inputbox $"Enter the Key ID, address or domain to be signed.\\n\\nIf you are signing a website domain then include the https:// at the beginning.\\n\\nIf you are signing an ssh key then include ssh:// before the domain name." 14 75 2>"$data"
     sel=$?
     case $sel in
         0)
-            SIGN_ADDRESS=$(<$data)
+            SIGN_ADDRESS=$(<"$data")
             if [ ${#SIGN_ADDRESS} -gt 2 ]; then
                 clear
                 gpg --search "$SIGN_ADDRESS"
                 fpr=$(gpg --with-colons --fingerprint "$SIGN_ADDRESS" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
                 if [ ${#fpr} -gt 2 ]; then
-                    gpg --sign-key $fpr
-                    if [ "$?" = "0" ]; then
+                    if gpg --sign-key "$fpr"; then
                         gpg --update-trustdb
                         dialog --title $"Sign a PGP/GPG key" \
                                --backtitle $"Freedombone User Control Panel" \
@@ -716,20 +705,19 @@ function sign_gpg_key {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 
 function gpg_key_trust {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Trust a PGP/GPG key or website domain" \
            --backtitle $"Freedombone User Control Panel" \
-           --inputbox $"Enter the Key ID, address or domain to be trusted.\n\nIf you are trusting a website domain then include the https:// at the beginning.\n\nIf you are trusting an ssh key then include ssh:// before the domain name." 14 75 2>$data
+           --inputbox $"Enter the Key ID, address or domain to be trusted.\\n\\nIf you are trusting a website domain then include the https:// at the beginning.\\n\\nIf you are trusting an ssh key then include ssh:// before the domain name." 14 75 2>"$data"
     sel=$?
     case $sel in
         0)
-            TRUST_ADDRESS=$(<$data)
+            TRUST_ADDRESS=$(<"$data")
             if [ ${#TRUST_ADDRESS} -gt 2 ]; then
                 clear
                 gpg --search "$TRUST_ADDRESS"
@@ -737,14 +725,13 @@ function gpg_key_trust {
             fi
             ;;
     esac
-    rm $data
+    rm -f "$data"
 }
 
 function menu_encryption_keys {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"My Encryption Keys" \
                --radiolist $"Choose an operation:" 19 70 11 \
@@ -758,15 +745,15 @@ function menu_encryption_keys {
                8 $"Add an ssh key for logging in" off \
                9 $"Remove an ssh key for logging in" off \
                10 $"Set the trust level for a PGP/GPG key" off \
-               11 $"Back to main menu" on 2> $data
+               11 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                break;;
-            255) rm $data
+            255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) show_gpg_key;;
             2) show_full_gpg_key;;
             3) publish_gpg_key;;
@@ -777,18 +764,17 @@ function menu_encryption_keys {
             8) add_ssh_key;;
             9) remove_ssh_key;;
             10) gpg_key_trust;;
-            11) rm $data
+            11) rm -f "$data"
                 break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
 function menu_email {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"Change Email Filtering Rules" \
                --radiolist $"Choose an operation:" 14 70 7 \
@@ -798,25 +784,25 @@ function menu_email {
                4 $"Add an email rule for a subject" off \
                5 $"Block or unblock an email address" off \
                6 $"Block or unblock email with subject text" off \
-               7 $"Back to main menu" on 2> $data
+               7 $"Back to main menu" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                break;;
-            255) rm $data
+            255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) add_to_mailing_list;;
             2) remove_user_from_mailing_list;;
             3) email_rule_address;;
             4) email_rule_subject;;
             5) block_unblock_email;;
             6) block_unblock_subject;;
-            7) rm $data
+            7) rm -f "$data"
                break;;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
@@ -829,17 +815,17 @@ function menu_admin {
 }
 
 function sign_keys {
-    if [ ! -f /home/$USER/.monkeysphere/server_keys ]; then
+    if [ ! -f "/home/$USER/.monkeysphere/server_keys" ]; then
         return
     fi
 
     dialog --title $"Monkeysphere sign server keys" \
            --backtitle $"Freedombone Security Configuration" \
            --defaultno \
-           --yesno $"\nMonkeysphere has been enabled and you will need to sign and trust the server keys. Do you want to do that now?" 8 60
+           --yesno $"\\nMonkeysphere has been enabled and you will need to sign and trust the server keys. Do you want to do that now?" 8 60
     sel=$?
     case $sel in
-        0) ${PROJECT_NAME}-sec --sign yes;;
+        0) "${PROJECT_NAME}-sec" --sign yes;;
     esac
 }
 
@@ -853,13 +839,13 @@ function menu_run_client_app {
     for a in "${APPS_AVAILABLE[@]}"
     do
         if [[ ${APPS_INSTALLED[$app_index]} != "0" ]]; then
-            if [[ $(function_exists run_client_${a}) == "1" ]]; then
+            if [[ $(function_exists "run_client_${a}") == "1" ]]; then
                 applist="$applist $n $a off"
-                n=$[n+1]
+                n=$((n+1))
                 appnames+=("$a")
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
     if [ $n -le 1 ]; then
         return
@@ -871,29 +857,30 @@ function menu_run_client_app {
     choice=$(dialog --stdout --backtitle $"Freedombone" \
                      --title $"Run an App" \
                      --radiolist $'Choose:' \
-                     16 40 20 $applist)
+                     16 40 20 "$applist")
 
+    # shellcheck disable=SC2181
     if [ $? -eq 0 ]; then
-        app_index=$[choice-1]
+        app_index=$((choice-1))
         chosen_app=${appnames[$app_index]}
         if [[ $chosen_app != "Exit" ]]; then
-            run_client_${chosen_app}
+            "run_client_${chosen_app}"
         fi
     fi
 }
 
 function show_your_email_address {
-    GPG_FINGERPRINT=$(gpg --fingerprint $GPG_ID | sed -n '2p' | sed 's/^[ \t]*//')
-    GPG_DATE=$(gpg --fingerprint $GPG_ID | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
+    GPG_FINGERPRINT=$(gpg --fingerprint "$GPG_ID" | sed -n '2p' | sed 's/^[ \t]*//')
+    GPG_DATE=$(gpg --fingerprint "$GPG_ID" | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
     if [ ! -f ~/.mutt/bdsmail ]; then
         dialog --title $"Show your Email Address" \
                --backtitle $"Freedombone User Control Panel" \
-               --msgbox $"Email Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE" 12 70
+               --msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70
     else
-        bdsmail_address=$(cat ~/.mutt/bdsmail | grep 'set from=' | awk -F '=' '{print $2}')
+        bdsmail_address=$(grep 'set from=' ~/.mutt/bdsmail | awk -F '=' '{print $2}')
         dialog --title $"Show your Email Address" \
                --backtitle $"Freedombone User Control Panel" \
-               --msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90
+               --msgbox $"\\nYou can press SHIFT and then drag the mouse and right click to copy.\\n\\nEmail Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE\\n\\nI2P Address: ${bdsmail_address}" 17 90
         clear
         echo ''
         echo $'Your bdsmail address as a QR code'
@@ -909,8 +896,7 @@ function show_your_email_address {
 function menu_top_level {
     while true
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone User Control Panel" \
                --title $"User Control Panel" \
                --radiolist $"Choose an operation:" 20 60 13 \
@@ -923,15 +909,15 @@ function menu_top_level {
                7 $"Set an outgoing email proxy" off \
                8 $"Administrator controls" off \
                9 $"Exit to the command line" off \
-               10 $"Log out" on 2> $data
+               10 $"Log out" on 2> "$data"
         sel=$?
         case $sel in
-            1) rm $data
+            1) rm -f "$data"
                exit 1;;
-            255) rm $data
+            255) rm -f "$data"
                  exit 1;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) mutt;;
             2) show_your_email_address;;
             3) menu_email;;
@@ -940,17 +926,18 @@ function menu_top_level {
             6) menu_encryption_keys;;
             7) smtp_proxy;;
             8) menu_admin;;
-            9) rm $data
+            9) rm -f "$data"
                break;;
-            10) kill -HUP `pgrep -s 0 -o`;;
+            10) kill -HUP "$(pgrep -s 0 -o)";;
         esac
-        rm $data
+        rm -f "$data"
     done
 }
 
 sign_keys
-gpg_agent_enable $USER
+gpg_agent_enable "$USER"
 menu_top_level
 clear
+# shellcheck disable=SC1090
 . ~/.bashrc
 exit 0
diff --git a/src/freedombone-dhparam b/src/freedombone-dhparam
index 80392ca4..d78c9f64 100755
--- a/src/freedombone-dhparam
+++ b/src/freedombone-dhparam
@@ -141,38 +141,37 @@ function calc_dh {
     if [[ $FAST == 'yes' ]]; then
         DHGROUP=$(( ( RANDOM % 4 )  + 14 ))
         if [[ ${DHGROUP} == 14 ]]; then
-            echo "$BETTERCRYPTO_GROUP14" > ${1}
+            echo "$BETTERCRYPTO_GROUP14" > "${1}"
         else
             if [[ ${DHGROUP} == 15 ]]; then
-                echo "$BETTERCRYPTO_GROUP15" > ${1}
+                echo "$BETTERCRYPTO_GROUP15" > "${1}"
             else
                 if [[ ${DHGROUP} == 16 ]]; then
-                    echo "$BETTERCRYPTO_GROUP16" > ${1}
+                    echo "$BETTERCRYPTO_GROUP16" > "${1}"
                 else
                     if [[ ${DHGROUP} == 17 ]]; then
-                        echo "$BETTERCRYPTO_GROUP17" > ${1}
+                        echo "$BETTERCRYPTO_GROUP17" > "${1}"
                     else
-                        echo "$BETTERCRYPTO_GROUP18" > ${1}
+                        echo "$BETTERCRYPTO_GROUP18" > "${1}"
                     fi
                 fi
             fi
         fi
     else
-        openssl dhparam -check -text $KEYLENGTH -out ${1}
-        if [ ! "$?" = "0" ]; then
+        if ! openssl dhparam -check -text $KEYLENGTH -out "${1}"; then
             exit 3674
         fi
     fi
-    chmod 640 ${1}
+    chmod 640 "${1}"
 }
 
 function regenerate_dh_keys {
     for file in /etc/ssl/mycerts/*
     do
         if [[ -f $file ]]; then
-            filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
-            if [ -f $filename ]; then
-                calc_dh $filename
+            filename=/etc/ssl/certs/$(echo "$file" | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
+            if [ -f "$filename" ]; then
+                calc_dh "$filename"
                 echo $"Recalculated DH params for $filename"
             fi
         fi
@@ -202,7 +201,7 @@ do
         -o|--output)
             shift
             FAST='yes'
-            calc_dh ${1}
+            calc_dh "${1}"
             exit 0
             ;;
         --fast)
@@ -223,7 +222,7 @@ if [[ $RECALCULATE == "yes" || $RECALCULATE == "y" ]]; then
     exit 0
 fi
 
-if [ ! $HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
     echo $'No hostname specified'
     exit 5728
 fi
@@ -237,7 +236,7 @@ if [ ! -d /etc/ssl/mycerts ]; then
     mkdir -p /etc/ssl/mycerts
 fi
 
-calc_dh /etc/ssl/certs/$HOSTNAME.dhparam
+calc_dh "/etc/ssl/certs/$HOSTNAME.dhparam"
 
 systemctl reload nginx
 exit 0
diff --git a/src/freedombone-encrypt-mail b/src/freedombone-encrypt-mail
index a13e786d..9d29be3e 100755
--- a/src/freedombone-encrypt-mail
+++ b/src/freedombone-encrypt-mail
@@ -31,17 +31,17 @@
 USERNAME=$1
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+  source "$f"
 done
 
 ADMIN_USER=$(get_completion_param "Admin user")
 
-if [ ! $USERNAME ]; then
+if [ ! "$USERNAME" ]; then
     USERNAME=$ADMIN_USER
 fi
 
@@ -49,23 +49,23 @@ MAIL_DIR=/home/$USERNAME/Maildir
 EMAIL_ADDRESS=$USERNAME@$HOSTNAME
 
 # Does this key exist?
-gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1
-if [ $? -gt 0 ]; then
+if ! gpg --list-keys "$EMAIL_ADDRESS" > /dev/null 2>&1; then
     echo $"A GPG key for $EMAIL_ADDRESS could not be found!"
     exit 0
 fi
 
 # Find all files in the Maildir specified.
 echo $"Calling find"
-find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' $4|while read line; do
+find "$MAIL_DIR" -type f -regex '.*/\(cur\|new\)/.*' "$4"|while read -r line; do
     gpgit.pl --encrypt-mode prefer-inline "$EMAIL_ADDRESS"  "/tmp/msg_$USERNAME"
 
     # Check to see if there are differences between the existing
     # Maildir file and what was created by gpgit.pl
     diff -qa "$line" "/tmp/msg_$USERNAME" > /dev/null 2>&1;
+    # shellcheck disable=SC2181
     if [ $? -gt 0 ]; then
         # Preserve timestamps, set ownership.
-        chown $USERNAME:$USERNAME "/tmp/msg_$USERNAME"
+        chown "$USERNAME":"$USERNAME" "/tmp/msg_$USERNAME"
         chmod 600   "/tmp/msg_$USERNAME"
         touch   "/tmp/msg_$USERNAME" --reference="$line"
 
diff --git a/src/freedombone-format b/src/freedombone-format
index 76154411..862e5f3f 100755
--- a/src/freedombone-format
+++ b/src/freedombone-format
@@ -33,7 +33,7 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-format
 export TEXTDOMAINDIR="/usr/share/locale"
 
-if [ ! $1 ]; then
+if [ ! "$1" ]; then
    echo $'Specify a drive, such as sdb, sdc, etc'
    exit 1
 fi
@@ -62,21 +62,18 @@ p
 a
 1
 w
-" | fdisk /dev/${USB_DRIVE_SHORT};mkfs.ext4 -L "$LABEL" /dev/${USB_DRIVE_SHORT}1
+" | fdisk "/dev/${USB_DRIVE_SHORT}";mkfs.ext4 -L "$LABEL" "/dev/${USB_DRIVE_SHORT}1"
 
 echo $"Formatting $USB_DRIVE as LUKS"
-cryptsetup -y -v luksFormat ${USB_DRIVE}
-if [ ! "$?" = "0" ]; then
+if ! cryptsetup -y -v luksFormat "${USB_DRIVE}"; then
     echo $"Failed to format $USB_DRIVE as LUKS"
     exit 36823
 fi
-cryptsetup luksOpen ${USB_DRIVE} encrypted_usb
-if [ ! "$?" = "0" ]; then
+if ! cryptsetup luksOpen "${USB_DRIVE}" encrypted_usb; then
     echo $"Failed to open LUKS formatted drive $USB_DRIVE"
     exit 37232
 fi
-mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL"
-if [ ! "$?" = "0" ]; then
+if ! mkfs.ext4 /dev/mapper/encrypted_usb -L "$LABEL"; then
     cryptsetup luksClose encrypted_usb
     echo $'Format of drive $USB_DRIVE failed'
     exit 73218
diff --git a/src/freedombone-freedns b/src/freedombone-freedns
index 3d68ac1f..e9db50a3 100755
--- a/src/freedombone-freedns
+++ b/src/freedombone-freedns
@@ -41,7 +41,7 @@ if [[ "$1" == "--verbose" || "$1" == "-v" ]]; then
     VERBOSE=1
 fi
 
-if [ ! -f $CONFIGURATION_FILE ]; then
+if [ ! -f "$CONFIGURATION_FILE" ]; then
     exit 0
 fi
 
@@ -52,28 +52,29 @@ function item_in_array {
 }
 
 detected_codes=()
-codelines=$(grep "_CODE=" $CONFIGURATION_FILE | uniq)
+codelines=$(grep "_CODE=" "$CONFIGURATION_FILE" | uniq)
 while read -r line; do
     code=$(echo "$line" | awk -F '=' '{print $2}')
-    item_in_array "$code" "${detected_codes[@]}"
-    if [[ $? != 0 ]]; then
+    if ! item_in_array "$code" "${detected_codes[@]}"; then
         detected_codes+=("$code")
     fi
 done <<< "$codelines"
 
-if [ ! -d $HOME/.freedns-update ]; then
-    mkdir $HOME/.freedns-update
+if [ ! -d "$HOME/.freedns-update" ]; then
+    mkdir "$HOME/.freedns-update"
 fi
-cd $HOME/.freedns-update
+cd "$HOME/.freedns-update" || exit 2467824684
 for code in "${detected_codes[@]}"
 do
     if [ $VERBOSE ]; then
         echo $"command: $FREEDNS_WGET${code}="
+        # shellcheck disable=SC1066,SC1067
         $FREEDNS_WGET${code}=
     else
         if [ -f /tmp/freedns ]; then
             rm /tmp/freedns
         fi
+        # shellcheck disable=SC1066,SC1067,SC1007
         $FREEDNS_WGET${code}= >> /tmp/freedns 2>&1
     fi
 done
diff --git a/src/freedombone-ignore b/src/freedombone-ignore
index b3817f80..8d927437 100755
--- a/src/freedombone-ignore
+++ b/src/freedombone-ignore
@@ -79,37 +79,37 @@ if ! [[ $MYUSERNAME && $EMAIL_ADDRESS ]]; then
     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
-PM=/home/$MYUSERNAME/.procmailrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
+PM="/home/$MYUSERNAME/.procmailrc"
 
 # Ignore if subject line contains text
 if [ "$SUBJECT_TEXT" ]; then
-    if ! grep -q "Ignore rule for $SUBJECT_TEXT" $PM; then
-        echo "# Ignore rule for $SUBJECT_TEXT" >> $PM
-        echo ":0" >> $PM
-        echo "  * ^Subject:.*$SUBJECT_TEXT" >> $PM
-        echo "/dev/null" >> $PM
-        echo "# End of ignore rule" >> $PM
-        chown $MYUSERNAME:$MYUSERNAME $PM
+    if ! grep -q "Ignore rule for $SUBJECT_TEXT" "$PM"; then
+        { echo "# Ignore rule for $SUBJECT_TEXT";
+          echo ":0";
+          echo "  * ^Subject:.*$SUBJECT_TEXT";
+          echo "/dev/null";
+          echo "# End of ignore rule"; } >> "$PM"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 fi
 
 # ignore an email address
-if [ $EMAIL_ADDRESS ]; then
-    if ! grep -q "Ignore rule for $EMAIL_ADDRESS" $PM; then
-        echo "# Ignore rule for $EMAIL_ADDRESS" >> $PM
-        echo ":0" >> $PM
-        echo "  * ^From:.*$EMAIL_ADDRESS" >> $PM
-        echo "/dev/null" >> $PM
-        echo "# End of ignore rule" >> $PM
-        chown $MYUSERNAME:$MYUSERNAME $PM
+if [ "$EMAIL_ADDRESS" ]; then
+    if ! grep -q "Ignore rule for $EMAIL_ADDRESS" "$PM"; then
+        { echo "# Ignore rule for $EMAIL_ADDRESS";
+        echo ":0";
+        echo "  * ^From:.*$EMAIL_ADDRESS";
+        echo "/dev/null";
+        echo "# End of ignore rule"; } >> "$PM"
+        chown "$MYUSERNAME":"$MYUSERNAME" "$PM"
     fi
 fi
 
 PROCMAILLOG=/home/$MYUSERNAME/log
-if [ ! -d $PROCMAILLOG ]; then
-    mkdir $PROCMAILLOG
-    chown -R $MYUSERNAME:$MYUSERNAME $PROCMAILLOG
+if [ ! -d "$PROCMAILLOG" ]; then
+    mkdir "$PROCMAILLOG"
+    chown -R "$MYUSERNAME":"$MYUSERNAME" "$PROCMAILLOG"
 fi
 
 exit 0
diff --git a/src/freedombone-image b/src/freedombone-image
index 7d3f1948..7e02335f 100755
--- a/src/freedombone-image
+++ b/src/freedombone-image
@@ -42,14 +42,14 @@ if [ -f /usr/bin/${PROJECT_NAME} ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 #get the project repo
 PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}"
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 read_config_param PROJECT_REPO
 
@@ -96,7 +96,7 @@ CONFIG_FILENAME=
 DEFAULT_DOMAIN_NAME="${LOCAL_NAME}.local"
 
 # Minimum number of characters in a password
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # Optional ssh public key to allow
 SSH_PUBKEY="no"
@@ -175,38 +175,36 @@ function image_setup {
             sudo pacman -S --noconfirm qemu-static binfmt-qemu-static uboot-tools qemu parted
             sudo pacman -S --noconfirm dpkg-devtools bin86 arch-install-scripts qemu-arch-extra
             sudo pacman -S --noconfirm syncthing
-            mkdir $USERHOME/develop
-            if [ -d $USERHOME/develop/python-cliapp ]; then
-                sudo rm -rf $USERHOME/develop/python-cliapp
+            mkdir "$USERHOME/develop"
+            if [ -d "$USERHOME/develop/python-cliapp" ]; then
+                sudo rm -rf "$USERHOME/develop/python-cliapp"
             fi
-            git_clone $CLIAPP_REPO $USERHOME/develop/python-cliapp
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone "$CLIAPP_REPO" "$USERHOME/develop/python-cliapp"; then
                 echo $"Failed to clone python-cliapp"
                 return
             fi
-            if [ ! -d $USERHOME/develop/python-cliapp ]; then
+            if [ ! -d "$USERHOME/develop/python-cliapp" ]; then
                 echo $"Couldn't clone python-cliapp"
                 return
             fi
             sudo pacman -S --noconfirm python2-coverage python2-pytest-cov python2-sphinx
             sudo pacman -S --noconfirm autopep8 python2-pylint python2-yaml python2-xdg python2-pip
-            cd $USERHOME/develop/python-cliapp
+            cd "$USERHOME/develop/python-cliapp" || exit 7824526242
             git checkout $CLIAPP_COMMIT -b $CLIAPP_COMMIT
             sudo python2 setup.py install
             sudo pip2 install distro-info logging
-            if [ -d $USERHOME/develop/mbr ]; then
-                sudo rm -rf $USERHOME/develop/mbr
+            if [ -d "$USERHOME/develop/mbr" ]; then
+                sudo rm -rf "$USERHOME/develop/mbr"
             fi
-            git_clone $MBR_REPO $USERHOME/develop/mbr
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone $MBR_REPO "$USERHOME/develop/mbr"; then
                 echo $"Failed to clone mbr"
                 return
             fi
-            if [ ! -d $USERHOME/develop/mbr ]; then
+            if [ ! -d "$USERHOME/develop/mbr" ]; then
                 echo $"Couldn't clone mbr"
                 return
             fi
-            cd $USERHOME/develop/mbr
+            cd "$USERHOME/develop/mbr" || exit 2468724524
             git checkout $MBR_COMMIT -b $MBR_COMMIT
             makepkg --force --noconfirm
             if [ ! -f mbr-${MBR_VERSION}.tar.gz ]; then
@@ -214,11 +212,11 @@ function image_setup {
                 return
             fi
             tar -xzvf mbr-${MBR_VERSION}.tar.gz
-            if [ ! -d $USERHOME/develop/mbr/mbr-${MBR_VERSION} ]; then
+            if [ ! -d "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" ]; then
                 echo $"mbr tarball could not be extracted"
                 return
             fi
-            cd $USERHOME/develop/mbr/mbr-${MBR_VERSION}
+            cd "$USERHOME/develop/mbr/mbr-${MBR_VERSION}" || exit 13584584
             cp ../*.patch .
             patch -p0 < *.patch
             ./configure
@@ -229,35 +227,34 @@ function image_setup {
                 return
             fi
             sudo cp /usr/local/sbin/install-mbr /sbin
-            if [ -d $USERHOME/develop/multipath-tools ]; then
-                sudo rm -rf $USERHOME/develop/multipath-tools
+            if [ -d "$USERHOME/develop/multipath-tools" ]; then
+                sudo rm -rf "$USERHOME/develop/multipath-tools"
             fi
-            git_clone $MULTIPATH_TOOLS_REPO $USERHOME/develop/multipath-tools
-            if [ ! "$?" = "0" ]; then
+            if ! git_clone "$MULTIPATH_TOOLS_REPO" "$USERHOME/develop/multipath-tools"; then
                 echo $"Failed to clone multipath-tools"
                 return
             fi
-            if [ ! -d $USERHOME/develop/multipath-tools ]; then
+            if [ ! -d "$USERHOME/develop/multipath-tools" ]; then
                 echo $"Couldn't clone multipath-tools"
                 return
             fi
             sudo pacman -S --noconfirm device-mapper libaio liburcu fakeroot
-            cd $USERHOME/develop/multipath-tools
+            cd "$USERHOME/develop/multipath-tools" || exit 27462454
             makepkg --force --noconfirm
             makepkg -i --force --noconfirm
-            sudo wget https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION} -O /usr/share/debootstrap/scripts/debscript
-            sudo cp -f /usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION}
-            if [ ! -f /usr/share/debootstrap/scripts/${DEBIAN_VERSION} ]; then
+            sudo wget "https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION}" -O /usr/share/debootstrap/scripts/debscript
+            sudo cp -f "/usr/share/debootstrap/scripts/debscript /usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
+            if [ ! -f "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" ]; then
                 echo $"No debian debootstrap script was found for $DEBIAN_VERSION"
                 return
             fi
-            debian_script_hash=$(sha256sum /usr/share/debootstrap/scripts/${DEBIAN_VERSION} | awk -F ' ' '{print $1}')
+            debian_script_hash=$(sha256sum "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" | awk -F ' ' '{print $1}')
             expected_debian_script_hash='620fa84c7ef64d10349aed38fa9cc2e7f00a6fcd1bc425f33ca2b57cc946fd0c'
             if [[ "$debian_script_hash" != "$expected_debian_script_hash" ]]; then
                 echo $"Invalid hash for debootstrap ${DEBIAN_VERSION} script"
                 return
             fi
-            sudo chmod +x /usr/share/debootstrap/scripts/${DEBIAN_VERSION}
+            sudo chmod +x "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
             ;;
         *)
             echo $'Unkown operating system'
@@ -271,26 +268,26 @@ function image_setup {
 function mesh_router_setup_script {
     # create a setup script for a mesh router
     mesh_script_filename=$1
-    echo "MY_USERNAME=${USERNAME}" > $mesh_script_filename
-    echo "DEFAULT_DOMAIN_NAME=${USERNAME}" >> $mesh_script_filename
-    echo 'SYSTEM_TYPE=mesh' >> $mesh_script_filename
-    echo 'INSTALLING_ON_BBB=no' >> $mesh_script_filename
-    echo 'USB_DRIVE=/dev/sda1' >> $mesh_script_filename
-    echo 'DDNS_PROVIDER=' >> $mesh_script_filename
-    echo 'DDNS_USERNAME=' >> $mesh_script_filename
-    echo 'DDNS_PASSWORD=' >> $mesh_script_filename
-    echo 'DEFAULT_LANGUAGE=en_GB.UTF-8' >> $mesh_script_filename
-    echo 'MY_EMAIL_ADDRESS=' >> $mesh_script_filename
-    echo 'ENABLE_BATMAN=yes' >> $mesh_script_filename
-    echo 'DEBIAN_REPO=' >> $mesh_script_filename
-    echo 'NAMESERVER1=' >> $mesh_script_filename
-    echo 'NAMESERVER2=' >> $mesh_script_filename
-    echo 'NAMESERVER3=' >> $mesh_script_filename
-    echo 'NAMESERVER4=' >> $mesh_script_filename
-    echo 'NAMESERVER5=' >> $mesh_script_filename
-    echo 'NAMESERVER6=' >> $mesh_script_filename
-    echo 'BATMAN_CELLID=any' >> $mesh_script_filename
-    echo 'WIFI_CHANNEL=9' >> $mesh_script_filename
+    { echo "MY_USERNAME=${USERNAME}";
+      echo "DEFAULT_DOMAIN_NAME=${USERNAME}";
+      echo 'SYSTEM_TYPE=mesh';
+      echo 'INSTALLING_ON_BBB=no';
+      echo 'USB_DRIVE=/dev/sda1';
+      echo 'DDNS_PROVIDER=';
+      echo 'DDNS_USERNAME=';
+      echo 'DDNS_PASSWORD=';
+      echo 'DEFAULT_LANGUAGE=en_GB.UTF-8';
+      echo 'MY_EMAIL_ADDRESS=';
+      echo 'ENABLE_BATMAN=yes';
+      echo 'DEBIAN_REPO=';
+      echo 'NAMESERVER1=';
+      echo 'NAMESERVER2=';
+      echo 'NAMESERVER3=';
+      echo 'NAMESERVER4=';
+      echo 'NAMESERVER5=';
+      echo 'NAMESERVER6=';
+      echo 'BATMAN_CELLID=any';
+      echo 'WIFI_CHANNEL=9'; } > "$mesh_script_filename"
 }
 
 while [ $# -gt 1 ]
@@ -304,11 +301,11 @@ do
         -c|--config)
             shift
             CONFIG_FILENAME="$1"
-            if [ ! -f $CONFIG_FILENAME ]; then
+            if [ ! -f "$CONFIG_FILENAME" ]; then
                 echo $"Config file $CONFIG_FILENAME not found"
                 exit 3
             fi
-            DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}')
+            DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
             ;;
         -t|--target|--board)
             shift
@@ -321,7 +318,7 @@ do
         -p|--password)
             shift
             PASSWORD="$1"
-            if [ ${#PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            if [ ${#PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 echo $"Your password chould contain at least ${MINIMUM_PASSWORD_LENGTH} characters"
                 exit 3628
             fi
@@ -415,7 +412,7 @@ do
             shift
             MIRROR="$1"
             ;;
-        --debianonly|--basic|--minimal)
+        --debianonly|--basic)
             shift
             DEBIAN_INSTALL_ONLY="$1"
             ;;
@@ -467,9 +464,9 @@ done
 
 if [[ $INTERACTIVE == "yes" || $INTERACTIVE == "y" || $INTERACTIVE == "Yes" ]]; then
     ${PROJECT_NAME}-config --minimal "$MINIMAL_INSTALL"
-    if [ -f $HOME/${PROJECT_NAME}.cfg ]; then
+    if [ -f "$HOME/${PROJECT_NAME}.cfg" ]; then
         CONFIG_FILENAME=$HOME/${PROJECT_NAME}.cfg
-        DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}')
+        DEFAULT_DOMAIN_NAME=$(grep 'DEFAULT_DOMAIN_NAME' "$CONFIG_FILENAME" | awk -F '=' '{print $2}')
     fi
 fi
 
@@ -480,34 +477,36 @@ fi
 
 if [ ! $PASSWORD ]; then
     # generate a random password
-    PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${MINIMUM_PASSWORD_LENGTH})
+    PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c "${MINIMUM_PASSWORD_LENGTH}")
 fi
 
 # Move any existing images into a build subdirectory
 image_types=( xz img sig vdi qcow2 )
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        if [ ! -d ${CURR_DIR}/build ]; then
-            mkdir ${CURR_DIR}/build
+        if [ ! -d "${CURR_DIR}/build" ]; then
+            mkdir "${CURR_DIR}/build"
         fi
-        mv -f ${CURR_DIR}/${PROJECT_NAME}*.${im} ${CURR_DIR}/build
+        mv -f "${CURR_DIR}/${PROJECT_NAME}*.${im}" "${CURR_DIR}/build"
     fi
 done
 
 # Delete anything which didn't move
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        rm -f ${CURR_DIR}/${PROJECT_NAME}*.${im}
+        rm -f "${CURR_DIR}/${PROJECT_NAME}*.${im}"
     fi
 done
 
 # Remove any existing login credentials file
-if [ -f ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt ]; then
-    rm ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
+if [ -f "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt" ]; then
+    rm "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
 fi
 
 if [ -d $TEMPBUILD_DIR ]; then
@@ -522,8 +521,8 @@ fi
 
 cp -r /etc/${PROJECT_NAME}/* $TEMPBUILD_DIR
 rm -rf $TEMPBUILD_DIR/vendor
-chown -R $CURR_USER:$CURR_USER $TEMPBUILD_DIR
-cd $TEMPBUILD_DIR
+chown -R "$CURR_USER":"$CURR_USER" $TEMPBUILD_DIR
+cd $TEMPBUILD_DIR || exit 24729847
 
 if [[ $MINIMAL_INSTALL == "yes" ]]; then
     IMAGE_NAME=$'min'
@@ -565,8 +564,8 @@ if [[ "$SOCIALINSTANCE" == "gnusocial" || "$SOCIALINSTANCE" == "postactiv" ]]; t
     IMAGE_NAME="${IMAGE_NAME}-${SOCIALINSTANCE}"
 fi
 
-cd $TEMPBUILD_DIR
-make $IMAGE_TYPE \
+cd $TEMPBUILD_DIR || exit 724245267
+make "$IMAGE_TYPE" \
      MYUSERNAME="$USERNAME" \
      MYPASSWORD="$PASSWORD" \
      ROUTER_IP_ADDRESS="$ROUTER_IP_ADDRESS" \
@@ -603,6 +602,7 @@ make $IMAGE_TYPE \
      SOCIALINSTANCE="$SOCIALINSTANCE" \
      LOCAL_NAME="$LOCAL_NAME"
 
+# shellcheck disable=SC2181
 if [ ! "$?" = "0" ]; then
     echo $'Build failed'
     rm -rf $TEMPBUILD_DIR
@@ -615,7 +615,7 @@ if [[ $IMAGE_TYPE == "qemu"* ]]; then
 fi
 
 shopt -s nullglob
-imgfiles=(build/${PROJECT_NAME}*.${EXPECTED_EXTENSION})
+imgfiles=("build/${PROJECT_NAME}*.${EXPECTED_EXTENSION}")
 if [ ${#imgfiles[@]} -eq 0 ]; then
     echo $'Image was not created'
     rm -rf $TEMPBUILD_DIR
@@ -625,17 +625,18 @@ fi
 # Move images from temporary directory to the current directory
 for im in "${image_types[@]}"
 do
+    # shellcheck disable=SC2012,SC2086
     no_of_files=$(ls -afq build/${PROJECT_NAME}*.${im} | wc -l)
     if (( no_of_files > 0 )); then
-        mv build/${PROJECT_NAME}*.${im} ${CURR_DIR}/
-        sudo chown ${CURR_USER}:${CURR_USER} ${CURR_DIR}/*.${im}
+        mv "build/${PROJECT_NAME}*.${im}" "${CURR_DIR}/"
+        sudo chown "${CURR_USER}":"${CURR_USER}" "${CURR_DIR}/*.${im}"
     fi
 done
 
 # Remove the temporary directory
 rm -rf ${TEMPBUILD_DIR}
 
-cd ${CURR_DIR}
+cd "${CURR_DIR}" || exit 2842845284
 
 clear
 if [[ $VARIANT != 'meshclient' && $VARIANT != 'meshusb' && $VARIANT != 'mesh' ]]; then
@@ -676,13 +677,13 @@ ls -lh ${PROJECT_NAME}*.img ${PROJECT_NAME}*.sig ${PROJECT_NAME}*.xz ${PROJECT_N
 
 # Remove the mesh script after use
 if [[ $VARIANT == "mesh"* ]]; then
-    rm -f $CONFIG_FILENAME
+    rm -f "$CONFIG_FILENAME"
 fi
 
 # record the default login credentials for later use
 echo $"Username: $USERNAME
-Password: $PASSWORD" > ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
-chmod 600 ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt
+Password: $PASSWORD" > "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
+chmod 600 "${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt"
 
 if [[ $IMAGE_TYPE != "qemu"* ]]; then
     echo ''
diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index c1fa2de4..36495557 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -64,6 +64,10 @@ BOX_IP_ADDRESS="192.168.1.55"
 # DNS
 NAMESERVER1='213.73.91.35'
 NAMESERVER2='85.214.20.141'
+NAMESERVER3='213.73.91.35'
+NAMESERVER4='85.214.73.63'
+NAMESERVER5='84.200.69.80'
+NAMESERVER6='84.200.70.40'
 
 # optional configuration file containing freedombone settings
 CONFIG_FILENAME=
@@ -140,24 +144,24 @@ BMX7_COMMIT='0a82c7c10fef44b259b35e77ab33632aa132d219'
 PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
 
 function configure_backports {
-    echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> $rootdir/etc/apt/sources.list
+    echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> "$rootdir/etc/apt/sources.list"
 }
 
 function configure_contrib_repo {
-    if ! grep -q "contrib" $rootdir/etc/apt/sources.list; then
+    if ! grep -q "contrib" "$rootdir/etc/apt/sources.list"; then
         chroot "$rootdir" /bin/sed -i "s| main| main contrib|g" /etc/apt/sources.list
     fi
 }
 
 enable_eatmydata_override() {
-    chroot $rootdir apt-get install -y eatmydata
-    if [ -x $rootdir/usr/bin/eatmydata ] && \
-           [ ! -f $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata ]; then
+    chroot "$rootdir" apt-get install -y eatmydata
+    if [ -x "$rootdir/usr/bin/eatmydata" ] && \
+           [ ! -f "$rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata" ]; then
         echo $"info: Adding apt config to call dpkg via eatmydata"
-        printf "#!/bin/sh\nexec eatmydata dpkg \"\$@\"\n" \
-               > $rootdir/var/tmp/dpkg-eatmydata
-        chmod 755 $rootdir/var/tmp/dpkg-eatmydata
-        cat > $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata <<EOF
+        printf "#!/bin/sh\\nexec eatmydata dpkg \"\$@\"\\n" \
+               > "$rootdir/var/tmp/dpkg-eatmydata"
+        chmod 755 "$rootdir/var/tmp/dpkg-eatmydata"
+        cat > "$rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata" <<EOF
 Dir::Bin::dpkg "/var/tmp/dpkg-eatmydata";
 EOF
     else
@@ -170,8 +174,8 @@ disable_eatmydata_override() {
         /etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata \
             /var/tmp/dpkg-eatmydata ; do
         echo $"info: Removing apt config to call dpkg via eatmydata"
-        if [ -f $rootdir$override ] ; then
-            rm -f $rootdir$override
+        if [ -f "$rootdir$override" ] ; then
+            rm -f "$rootdir$override"
         else
             echo $"warning: missing $rootdir$override"
         fi
@@ -195,20 +199,20 @@ EOF
 configure_networking() {
     chroot "$rootdir" apt-get -yq install resolvconf
 
-    if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then
+    if [[ "$DEBIAN_INSTALL_ONLY" != "no" ]]; then
         return
     fi
 
-    if [[ $GENERIC_IMAGE == "no" ]]; then
-        echo '# This file describes the network interfaces available on your system' > $rootdir/etc/network/interfaces
-        echo '# and how to activate them. For more information, see interfaces(5).' >> $rootdir/etc/network/interfaces
-        echo 'source /etc/network/interfaces.d/*' >> $rootdir/etc/network/interfaces
+    if [[ "$GENERIC_IMAGE" == "no" ]]; then
+        echo '# This file describes the network interfaces available on your system' > "$rootdir/etc/network/interfaces"
+        echo '# and how to activate them. For more information, see interfaces(5).' >> "$rootdir/etc/network/interfaces"
+        echo 'source /etc/network/interfaces.d/*' >> "$rootdir/etc/network/interfaces"
 
         echo "auto eth0
 iface eth0 inet static
     address $BOX_IP_ADDRESS
     netmask 255.255.255.0
-    gateway $ROUTER_IP_ADDRESS" > $rootdir/etc/network/interfaces.d/static
+    gateway $ROUTER_IP_ADDRESS" > "$rootdir/etc/network/interfaces.d/static"
 
         hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )
         a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
@@ -216,19 +220,19 @@ iface eth0 inet static
         c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
         d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
         e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
-        echo "hwaddress ether de:$a:$b:$c:$d:$e" > $rootdir/etc/network/interfaces.d/macaddress
+        echo "hwaddress ether de:$a:$b:$c:$d:$e" > "$rootdir/etc/network/interfaces.d/macaddress"
     fi
 
     # configure DNS
     resolvconf=$rootdir/etc/resolvconf/resolv.conf.d/head
-    echo 'domain localdomain' > $resolvconf
-    echo 'search localdomain' >> $resolvconf
-    echo "nameserver $NAMESERVER1" >> $resolvconf
-    echo "nameserver $NAMESERVER2" >> $resolvconf
-    echo "nameserver $NAMESERVER3" >> $resolvconf
-    echo "nameserver $NAMESERVER4" >> $resolvconf
-    echo "nameserver $NAMESERVER5" >> $resolvconf
-    echo "nameserver $NAMESERVER6" >> $resolvconf
+    { echo 'domain localdomain';
+      echo 'search localdomain';
+      echo "nameserver $NAMESERVER1";
+      echo "nameserver $NAMESERVER2";
+      echo "nameserver $NAMESERVER3";
+      echo "nameserver $NAMESERVER4";
+      echo "nameserver $NAMESERVER5";
+      echo "nameserver $NAMESERVER6"; } > "$resolvconf"
     chroot "$rootdir" resolvconf -u
 
     if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
@@ -248,7 +252,7 @@ following commands, then enter your details.
     sudo su
     ${PROJECT_NAME} menuconfig
 
-" > $rootdir/etc/motd
+" > "$rootdir/etc/motd"
     else
         echo $"
  .---.                  .              .
@@ -258,7 +262,7 @@ following commands, then enter your details.
  '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
 
                     Freedom in the Mesh
-" > $rootdir/etc/motd
+" > "$rootdir/etc/motd"
     fi
 }
 
@@ -267,17 +271,17 @@ configure_ssh() {
         return
     fi
 
-    sed -i "s/Port .*/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
-    sed -i "s/#Port ${SSH_PORT}/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
+    sed -i "s/Port .*/Port ${SSH_PORT}/g" "$rootdir/etc/ssh/sshd_config"
+    sed -i "s/#Port ${SSH_PORT}/Port ${SSH_PORT}/g" "$rootdir/etc/ssh/sshd_config"
 
     if [[ "$SSH_PUBKEY" != "no" ]]; then
-        if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
-            mkdir $rootdir/home/$MY_USERNAME/.ssh
+        if [ ! -d "$rootdir/home/$MY_USERNAME/.ssh" ]; then
+            mkdir "$rootdir/home/$MY_USERNAME/.ssh"
         fi
-        echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
-        chroot $rootdir /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
-        sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
-        sed -i 's|#PasswordAuthentication no|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
+        echo "$SSH_PUBKEY" > "$rootdir/home/$MY_USERNAME/.ssh/authorized_keys"
+        chroot "$rootdir" /bin/chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.ssh"
+        sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' "$rootdir/etc/ssh/sshd_config"
+        sed -i 's|#PasswordAuthentication no|PasswordAuthentication no|g' "$rootdir/etc/ssh/sshd_config"
         echo $"Using ssh public key:"
         echo $SSH_PUBKEY
         echo $'Password ssh authentication turned off'
@@ -301,7 +305,7 @@ create_generic_image() {
     if [[ $VARIANT != "mesh"* ]]; then
         CONFIG_FILENAME=
     else
-        touch $rootdir/root/.initial_mesh_setup
+        touch "$rootdir/root/.initial_mesh_setup"
     fi
 
     # Stick with the existing login for mesh clients
@@ -311,11 +315,11 @@ create_generic_image() {
 
     # The presence of this file indicates that the initial
     # setup has not yet been completed
-    touch $rootdir/home/$MY_USERNAME/.initial_setup
-    chroot $rootdir /bin/chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.initial_setup
-    touch $rootdir/root/.initial_setup
+    touch "$rootdir/home/$MY_USERNAME/.initial_setup"
+    chroot "$rootdir" /bin/chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.initial_setup"
+    touch "$rootdir/root/.initial_setup"
 
-    cat >> $rootdir/home/$MY_USERNAME/.bashrc <<EOF
+    cat >> "$rootdir/home/$MY_USERNAME/.bashrc" <<EOF
 # initial setup of the system
 if [ -f ~/.initial_setup ]; then
     clear
@@ -334,132 +338,132 @@ if [ -f ~/.initial_setup ]; then
 fi
 EOF
 
-    echo "MY_USERNAME=${MY_USERNAME}" >> $rootdir/root/.bashrc
-    echo "SSH_PORT=${SSH_PORT}" >> $rootdir/root/.bashrc
-    echo '# initial setup of the system' >> $rootdir/root/.bashrc
-    echo 'if [ -f ~/.initial_setup ]; then' >> $rootdir/root/.bashrc
-    echo '    if [ -f ~/login.txt ]; then' >> $rootdir/root/.bashrc
-    echo '        NEW_USER_PASSWORD=$(printf `cat ~/login.txt`)' >> $rootdir/root/.bashrc
-    echo '    else' >> $rootdir/root/.bashrc
-    echo '        ENTROPY=$(cat /proc/sys/kernel/random/entropy_avail)' >> $rootdir/root/.bashrc
-    echo '        if [ $ENTROPY -lt 500 ]; then' >> $rootdir/root/.bashrc
+    { echo "MY_USERNAME=${MY_USERNAME}";
+      echo "SSH_PORT=${SSH_PORT}";
+      echo '# initial setup of the system';
+      echo 'if [ -f ~/.initial_setup ]; then';
+      echo '    if [ -f ~/login.txt ]; then';
+      echo "        NEW_USER_PASSWORD=\$(printf \"%s\" \"\$(cat ~/login.txt)\")";
+      echo '    else';
+      echo "        ENTROPY=\$(cat /proc/sys/kernel/random/entropy_avail)";
+      echo "        if [ \$ENTROPY -lt 500 ]; then"; } >> "$rootdir/root/.bashrc"
     ENTROPY_MESSAGE1=$'Initial setup process'
     ENTROPY_MESSAGE2=$'Password Generation'
     ENTROPY_MESSAGE3=$'WARNING: The entropy available on this system is too low to generate a password.\n\nThe installation process cannot continue.'
-    echo "            dialog --backtitle \"${ENTROPY_MESSAGE1}\" --title \"${ENTROPY_MESSAGE2}\" --msgbox \"${ENTROPY_MESSAGE3}\" 8 50" >> $rootdir/root/.bashrc
-    echo '            exit' >> $rootdir/root/.bashrc
-    echo '        fi' >> $rootdir/root/.bashrc
-    echo -n '        NEW_USER_PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ' >> $rootdir/root/.bashrc
-    echo "${DEFAULT_PASSWORD_LENGTH})" >> $rootdir/root/.bashrc
-    echo '    fi' >> $rootdir/root/.bashrc
-    echo '    echo "${NEW_USER_PASSWORD}" > ~/login.txt' >> $rootdir/root/.bashrc
+    { echo "            dialog --backtitle \"${ENTROPY_MESSAGE1}\" --title \"${ENTROPY_MESSAGE2}\" --msgbox \"${ENTROPY_MESSAGE3}\" 8 50";
+      echo '            exit';
+      echo '        fi';
+      echo -n "        NEW_USER_PASSWORD=\$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ";
+      echo "${DEFAULT_PASSWORD_LENGTH})";
+      echo '    fi';
+      echo "    echo \"\${NEW_USER_PASSWORD}\" > ~/login.txt";
 
-    echo '    clear' >> $rootdir/root/.bashrc
-    echo '    echo ""' >> $rootdir/root/.bashrc
+      echo '    clear';
+      echo '    echo ""'; } >> "$rootdir/root/.bashrc"
     NEW_LOGIN_PASSWORD_MESSAGE1=$'Your new login password is:'
     NEW_LOGIN_PASSWORD_MESSAGE2=$'Use it whenever you wish to ssh into this system.'
     NEW_LOGIN_PASSWORD_MESSAGE3=$'IMPORTANT: Please take a moment to enter the above password into a\npassword manager or write it down somewhere.'
     PRESS_KEY_MESSAGE=$'Press any key to continue...'
-    echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE1}\"" >> $rootdir/root/.bashrc
-    echo '    echo ""' >> $rootdir/root/.bashrc
-    echo '    echo "                          ${NEW_USER_PASSWORD}"' >> $rootdir/root/.bashrc
-    echo '    echo ""' >> $rootdir/root/.bashrc
-    echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE2}\"" >> $rootdir/root/.bashrc
-    echo '    echo ""' >> $rootdir/root/.bashrc
-    echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE3}\"" >> $rootdir/root/.bashrc
-    echo '    echo ""' >> $rootdir/root/.bashrc
-    echo "    read -n1 -r -p \"${PRESS_KEY_MESSAGE}\" key" >> $rootdir/root/.bashrc
+    { echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE1}\"";
+      echo '    echo ""';
+      echo "    echo \"                          \${NEW_USER_PASSWORD}\"";
+      echo '    echo ""';
+      echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE2}\"";
+      echo '    echo ""';
+      echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE3}\"";
+      echo '    echo ""';
+      echo "    read -n1 -r -p \"${PRESS_KEY_MESSAGE}\" key";
 
-    # change the password for the admin user
-    echo -n "    echo \"${MY_USERNAME}:" >> $rootdir/root/.bashrc
-    echo '$(printf `cat ~/login.txt`)"|chpasswd' >> $rootdir/root/.bashrc
+      # change the password for the admin user
+      echo -n "    echo \"${MY_USERNAME}:";
+      echo "\$(printf \"%s\" \"\$(cat ~/login.txt)\")|chpasswd";
 
-    # update before continuing
-    echo "    cd /root/${PROJECT_NAME}" >> $rootdir/root/.bashrc
-    echo "    git stash" >> $rootdir/root/.bashrc
-    echo "    git pull" >> $rootdir/root/.bashrc
-    echo "    git checkout stretch" >> $rootdir/root/.bashrc
-    echo "    make install" >> $rootdir/root/.bashrc
+      # update before continuing
+      echo "    cd /root/${PROJECT_NAME}";
+      echo "    git stash";
+      echo "    git pull";
+      echo "    git checkout stretch";
+      echo "    make install"; } >> "$rootdir/root/.bashrc"
 
-    if [[ $VARIANT != "mesh"* && $VARIANT != "usb" ]]; then
+    if [[ "$VARIANT" != "mesh"* && "$VARIANT" != "usb" ]]; then
         if [[ "$SOCIALINSTANCE" == "gnusocial" ]]; then
-            echo "    ${PROJECT_NAME} menuconfig-gnusocial" >> $rootdir/root/.bashrc
+            echo "    ${PROJECT_NAME} menuconfig-gnusocial" >> "$rootdir/root/.bashrc"
         else
             if [[ "$SOCIALINSTANCE" == "postactiv" ]]; then
-                echo "    ${PROJECT_NAME} menuconfig-postactiv" >> $rootdir/root/.bashrc
+                echo "    ${PROJECT_NAME} menuconfig-postactiv" >> "$rootdir/root/.bashrc"
             else
-                if [[ $ONION_ONLY == "no" ]]; then
-                    if [[ $MINIMAL_INSTALL == "no" ]]; then
-                        echo "    ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc
+                if [[ "$ONION_ONLY" == "no" ]]; then
+                    if [[ "$MINIMAL_INSTALL" == "no" ]]; then
+                        echo "    ${PROJECT_NAME} menuconfig-full" >> "$rootdir/root/.bashrc"
                     else
-                        echo "    ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc
+                        echo "    ${PROJECT_NAME} menuconfig" >> "$rootdir/root/.bashrc"
                     fi
                 else
-                    echo "    ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc
+                    echo "    ${PROJECT_NAME} menuconfig-onion" >> "$rootdir/root/.bashrc"
                 fi
             fi
         fi
     else
-        echo "    echo ''" >> $rootdir/root/.bashrc
+        echo "    echo ''" >> "$rootdir/root/.bashrc"
     fi
-    echo '    if [ "$?" = "0" ]; then' >> $rootdir/root/.bashrc
-    echo "        if [ -f ~/${PROJECT_NAME}-completed.txt ]; then" >> $rootdir/root/.bashrc
-    echo "            # Check that the initial setup really did complete" >> $rootdir/root/.bashrc
-    echo "            if grep -q 'tripwire' ~/${PROJECT_NAME}-completed.txt; then" >> $rootdir/root/.bashrc
-    # Remove the initial setup files
-    echo '                rm /root/.initial_setup' >> $rootdir/root/.bashrc
-    echo '                rm /home/fbone/.initial_setup' >> $rootdir/root/.bashrc
-    echo "                touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-    echo '                shred -zu ~/login.txt' >> $rootdir/root/.bashrc
-    if [[ $VARIANT != "mesh"* && $VARIANT != "usb" ]]; then
-        echo '                SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc
+    { echo '    if [ "$?" = "0" ]; then';
+      echo "        if [ -f ~/${PROJECT_NAME}-completed.txt ]; then";
+      echo "            # Check that the initial setup really did complete";
+      echo "            if grep -q 'tripwire' ~/${PROJECT_NAME}-completed.txt; then";
+      # Remove the initial setup files
+      echo '                rm /root/.initial_setup';
+      echo '                rm /home/fbone/.initial_setup';
+      echo "                touch /root/.remove_${GENERIC_IMAGE_USERNAME}";
+      echo '                shred -zu ~/login.txt'; } >> "$rootdir/root/.bashrc"
+    if [[ "$VARIANT" != "mesh"* && "$VARIANT" != "usb" ]]; then
+        { echo "                SSH_ONION_HOSTNAME=\$(cat /var/lib/tor/hidden_service_ssh/hostname)";
 
-        echo '                if [ ${#SSH_ONION_HOSTNAME} -lt 2 ]; then' >> $rootdir/root/.bashrc
-        echo '                    exit 62392' >> $rootdir/root/.bashrc
-        echo '                fi' >> $rootdir/root/.bashrc
+          echo "                if [ \${#SSH_ONION_HOSTNAME} -lt 2 ]; then";
+          echo '                    exit 62392';
+          echo '                fi'; } >> "$rootdir/root/.bashrc"
     fi
-    echo "                if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then" >> $rootdir/root/.bashrc
-    echo "                    echo '[Unit]' > /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'Description=WifiStartup (Start wifi networking)' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'After=syslog.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'After=network.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'After=remote-fs.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo '[Service]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'Type=simple' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'User=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'Group=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo '[Install]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc
-    echo "                    systemctl enable wifistart" >> $rootdir/root/.bashrc
-    echo "                    systemctl daemon-reload" >> $rootdir/root/.bashrc
-    echo '                fi' >> $rootdir/root/.bashrc
-    echo '                systemctl reboot -i' >> $rootdir/root/.bashrc
-    echo '            fi' >> $rootdir/root/.bashrc
-    echo '        fi' >> $rootdir/root/.bashrc
-    echo '    else' >> $rootdir/root/.bashrc
-    echo '        key=' >> $rootdir/root/.bashrc
-    echo '        while [[ $key != "x" ]]; do' >> $rootdir/root/.bashrc
+    { echo "                if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then";
+      echo "                    echo '[Unit]' > /etc/systemd/system/wifistart.service";
+      echo "                    echo 'Description=WifiStartup (Start wifi networking)' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'After=syslog.target' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'After=network.target' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'After=remote-fs.target' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo '' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo '[Service]' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'Type=simple' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'User=root' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'Group=root' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo '' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo '[Install]' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service";
+      echo "                    systemctl enable wifistart";
+      echo "                    systemctl daemon-reload";
+      echo '                fi';
+      echo '                systemctl reboot -i';
+      echo '            fi';
+      echo '        fi';
+      echo '    else';
+      echo '        key=';
+      echo "        while [[ \$key != \"x\" ]]; do"; } >> "$rootdir/root/.bashrc"
     INSTALL_FAIL_MESSAGE=$"Install failed. Press x to continue..."
-    echo "            read -n1 -r -p \"${INSTALL_FAIL_MESSAGE}\" key" >> $rootdir/root/.bashrc
-    echo '        done' >> $rootdir/root/.bashrc
-    echo '    fi' >> $rootdir/root/.bashrc
-    echo '    exit' >> $rootdir/root/.bashrc
-    echo 'else' >> $rootdir/root/.bashrc
-    echo '    # Remove default account after install' >> $rootdir/root/.bashrc
-    echo "    if [ -f /root/.remove_${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc
-    echo "        if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc
-    echo "           userdel -r ${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-    echo "           if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc
-    echo "               rm -rf /home/${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-    echo "               rm /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-    echo '           fi' >> $rootdir/root/.bashrc
-    echo '        fi' >> $rootdir/root/.bashrc
-    echo '    fi' >> $rootdir/root/.bashrc
-    echo 'fi' >> $rootdir/root/.bashrc
+    { echo "            read -n1 -r -p \"${INSTALL_FAIL_MESSAGE}\" key";
+      echo '        done';
+      echo '    fi';
+      echo '    exit';
+      echo 'else';
+      echo '    # Remove default account after install';
+      echo "    if [ -f /root/.remove_${GENERIC_IMAGE_USERNAME} ]; then";
+      echo "        if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then";
+      echo "           userdel -r ${GENERIC_IMAGE_USERNAME}";
+      echo "           if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then";
+      echo "               rm -rf /home/${GENERIC_IMAGE_USERNAME}";
+      echo "               rm /root/.remove_${GENERIC_IMAGE_USERNAME}";
+      echo '           fi';
+      echo '        fi';
+      echo '    fi';
+      echo 'fi'; } >> "$rootdir/root/.bashrc"
 }
 
 continue_installation() {
@@ -468,8 +472,8 @@ continue_installation() {
     # This is equivalent to installing freedombox-setup on freedombox
     if [ $CONFIG_FILENAME ]; then
         if [ ${#CONFIG_FILENAME} -gt 2 ]; then
-            cp $CONFIG_FILENAME $rootdir/root/$PROJECT_NAME.cfg
-            cat $rootdir/root/$PROJECT_NAME.cfg
+            cp "$CONFIG_FILENAME" "$rootdir/root/$PROJECT_NAME.cfg"
+            cat "$rootdir/root/$PROJECT_NAME.cfg"
             chroot "$rootdir" su -c "$PROJECT_NAME -c /root/$PROJECT_NAME.cfg" - root
         fi
     fi
@@ -487,45 +491,44 @@ configure_wifi() {
 
     wifi_setup_service=setupwififirstboot
     wifi_setup_file=$rootdir/root/setup_wifi_firstboot
-    echo '#!/bin/bash' > $wifi_setup_file
+    echo '#!/bin/bash' > "$wifi_setup_file"
 
     if [ -f $WIFI_NETWORKS_FILE ]; then
-        echo "${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE" >> $wifi_setup_file
+        echo "${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE" >> "$wifi_setup_file"
     else
         if [[ $WIFI_TYPE != 'none' ]]; then
             if [ ${#WIFI_PASSPHRASE} -lt 2 ]; then
                 return
             fi
-            echo "${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT" >> $wifi_setup_file
+            echo "${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT" >> "$wifi_setup_file"
         else
-            echo "${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE --hotspot $WIFI_HOTSPOT" >> $wifi_setup_file
+            echo "${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE --hotspot $WIFI_HOTSPOT" >> "$wifi_setup_file"
         fi
     fi
 
-    echo "systemctl stop ${wifi_setup_service}" >> $wifi_setup_file
-    echo "systemctl disable ${wifi_setup_service}" >> $wifi_setup_file
-    echo "rm /etc/systemd/system/${wifi_setup_service}.service" >> $wifi_setup_file
-    echo 'systemctl reboot -i' >> $wifi_setup_file
-    chmod +x $wifi_setup_file
+    { echo "systemctl stop ${wifi_setup_service}";
+      echo "systemctl disable ${wifi_setup_service}";
+      echo "rm /etc/systemd/system/${wifi_setup_service}.service";
+      echo 'systemctl reboot -i'; } >> "$wifi_setup_file"
+    chmod +x "$wifi_setup_file"
 
-
-    echo '[Unit]' > $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo 'Description=Initial wifi configuration' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo '' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo 'Type=simple' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo 'User=root' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo 'Group=root' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo 'WorkingDirectory=/root' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo "ExecStart=/root/setup_wifi_firstboot > /var/log/wifi_setup.log" >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo '' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo 'TimeoutSec=99999' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo '' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/${wifi_setup_service}.service
-    chmod +x $rootdir/etc/systemd/system/${wifi_setup_service}.service
+    { echo '[Unit]';
+      echo 'Description=Initial wifi configuration';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'WorkingDirectory=/root';
+      echo "ExecStart=/root/setup_wifi_firstboot > /var/log/wifi_setup.log";
+      echo '';
+      echo 'TimeoutSec=99999';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } >> "$rootdir/etc/systemd/system/${wifi_setup_service}.service"
+    chmod +x "$rootdir/etc/systemd/system/${wifi_setup_service}.service"
     chroot "$rootdir" systemctl enable ${wifi_setup_service}
 }
 
@@ -588,14 +591,14 @@ install_patchwork() {
 
     get_npm_arch
 
-    git clone $PATCHWORK_REPO $rootdir/etc/patchwork
-    if [ ! -d $rootdir/etc/patchwork ]; then
+    git clone "$PATCHWORK_REPO" "$rootdir/etc/patchwork"
+    if [ ! -d "$rootdir/etc/patchwork" ]; then
         exit 7823520
     fi
-    cd $rootdir/etc/patchwork
-    git checkout $PATCHWORK_COMMIT -b $PATCHWORK_COMMIT
+    cd "$rootdir/etc/patchwork" || exit 68724685427
+    git checkout "$PATCHWORK_COMMIT" -b "$PATCHWORK_COMMIT"
 
-    cat <<EOF > $rootdir/usr/bin/install_patchwork
+    cat <<EOF > "$rootdir/usr/bin/install_patchwork"
 #!/bin/bash
 cd /etc/patchwork
 npm install --arch=$NPM_ARCH --build-from-source
@@ -605,32 +608,32 @@ npm install --arch=$NPM_ARCH git-ssb
 EOF
     chroot "$rootdir" /bin/chmod +x /usr/bin/install_patchwork
     chroot "$rootdir" /usr/bin/install_patchwork
-    rm $rootdir/usr/bin/install_patchwork
+    rm "$rootdir/usr/bin/install_patchwork"
 
-    echo '#!/bin/bash' > $rootdir/usr/bin/start_patchwork
-    echo 'cd /etc/patchwork' >> $rootdir/usr/bin/start_patchwork
-    echo 'npm start' >> $rootdir/usr/bin/start_patchwork
-    chmod +x $rootdir/usr/bin/start_patchwork
+    { echo '#!/bin/bash';
+      echo 'cd /etc/patchwork';
+      echo 'npm start'; } > "$rootdir/usr/bin/start_patchwork"
+    chmod +x "$rootdir/usr/bin/start_patchwork"
 
     # Copy icon to an accesible location
-    cp $rootdir/root/$PROJECT_NAME/img/icon_patchwork.png $rootdir/etc/patchwork/icon_patchwork.png
+    cp "$rootdir/root/$PROJECT_NAME/img/icon_patchwork.png" "$rootdir/etc/patchwork/icon_patchwork.png"
 }
 
 install_ferment() {
-    if [[ $VARIANT != "meshclient" ]]; then
+    if [[ "$VARIANT" != "meshclient" ]]; then
         return
     fi
 
     get_npm_arch
 
-    git clone $FERMENT_REPO $rootdir/etc/ferment
-    if [ ! -d $rootdir/etc/ferment ]; then
+    git clone "$FERMENT_REPO" "$rootdir/etc/ferment"
+    if [ ! -d "$rootdir/etc/ferment" ]; then
         exit 5239465
     fi
-    cd $rootdir/etc/ferment
-    git checkout $FERMENT_COMMIT -b $FERMENT_COMMIT
+    cd "$rootdir/etc/ferment" || exit 2482684
+    git checkout "$FERMENT_COMMIT" -b "$FERMENT_COMMIT"
 
-    cat <<EOF > $rootdir/usr/bin/install_ferment
+    cat <<EOF > "$rootdir/usr/bin/install_ferment"
 #!/bin/bash
 cd /etc/ferment
 npm install --arch=$NPM_ARCH --build-from-source
@@ -640,43 +643,43 @@ npm install --arch=$NPM_ARCH git-ssb
 EOF
     chroot "$rootdir" /bin/chmod +x /usr/bin/install_ferment
     chroot "$rootdir" /usr/bin/install_ferment
-    rm $rootdir/usr/bin/install_ferment
+    rm "$rootdir/usr/bin/install_ferment"
 
-    echo '#!/bin/bash' > $rootdir/usr/bin/start_ferment
-    echo 'cd /etc/ferment' >> $rootdir/usr/bin/start_ferment
-    echo 'npm start' >> $rootdir/usr/bin/start_ferment
-    chmod +x $rootdir/usr/bin/start_ferment
+    { echo '#!/bin/bash';
+      echo 'cd /etc/ferment';
+      echo 'npm start'; } > "$rootdir/usr/bin/start_ferment"
+    chmod +x "$rootdir/usr/bin/start_ferment"
 
     # Copy icon to an accesible location
-    cp $rootdir/root/$PROJECT_NAME/img/icon_ferment.png $rootdir/etc/patchwork/icon_ferment.png
+    cp "$rootdir/root/$PROJECT_NAME/img/icon_ferment.png" "$rootdir/etc/patchwork/icon_ferment.png"
 }
 
 mesh_shutdown_script() {
-    mesh_shutdown_script=$rootdir/usr/bin/meshshutdown
-    echo '#!/bin/bash' > $mesh_shutdown_script
-    echo 'batman stop' >> $mesh_shutdown_script
+    mesh_shutdown_script="$rootdir/usr/bin/meshshutdown"
+    { echo '#!/bin/bash';
+      echo 'batman stop'; } > "$mesh_shutdown_script"
     chroot "$rootdir" chmod +x /usr/bin/meshshutdown
 
-    echo '[Unit]' > $rootdir/etc/systemd/system/meshshutdown.service
-    echo 'Description=Shuts down the mesh' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo 'Before=shutdown.target' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo '' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo 'User=root' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo 'Group=root' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo 'ExecStart=/bin/true' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo 'ExecStop=/bin/bash /usr/bin/meshshutdown' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo 'RemainAfterExit=yes' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo '' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/meshshutdown.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/meshshutdown.service
+    { echo '[Unit]';
+      echo 'Description=Shuts down the mesh';
+      echo 'Before=shutdown.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'ExecStart=/bin/true';
+      echo 'ExecStop=/bin/bash /usr/bin/meshshutdown';
+      echo 'RemainAfterExit=yes';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/meshshutdown.service"
     chroot "$rootdir" systemctl enable meshshutdown
 }
 
 install_babel() {
-    git clone $BABEL_REPO $rootdir/etc/babel
+    git clone "$BABEL_REPO" "$rootdir/etc/babel"
 
-    cat <<EOF > $rootdir/usr/bin/install_babel
+    cat <<EOF > "$rootdir/usr/bin/install_babel"
 #!/bin/bash
 cd /etc/babel
 git checkout $BABEL_COMMIT -b $BABEL_COMMIT
@@ -687,34 +690,34 @@ EOF
     chroot "$rootdir" chmod +x /usr/bin/install_babel
     chroot "$rootdir" /usr/bin/install_babel
 
-    if [ ! -f $rootdir/usr/local/bin/babeld ]; then
+    if [ ! -f "$rootdir/usr/local/bin/babeld" ]; then
         echo $'Unable to build Babel'
         exit 52382524
     fi
 
-    rm $rootdir/usr/bin/install_babel
+    rm "$rootdir/usr/bin/install_babel"
 
-    echo '[Unit]' > $rootdir/etc/systemd/system/babel.service
-    echo 'Description=Babel mesh routing protocol' >> $rootdir/etc/systemd/system/babel.service
-    echo 'Requires=network.target' >> $rootdir/etc/systemd/system/babel.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/babel.service
-    echo '' >> $rootdir/etc/systemd/system/babel.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/babel.service
-    echo 'User=root' >> $rootdir/etc/systemd/system/babel.service
-    echo 'Group=root' >> $rootdir/etc/systemd/system/babel.service
-    echo 'ExecStart=/usr/local/bin/babeld wlan0' >> $rootdir/etc/systemd/system/babel.service
-    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/babel.service
-    echo '' >> $rootdir/etc/systemd/system/babel.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/babel.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/babel.service
+    { echo '[Unit]';
+      echo 'Description=Babel mesh routing protocol';
+      echo 'Requires=network.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'ExecStart=/usr/local/bin/babeld wlan0';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/babel.service"
 }
 
 install_olsr2() {
     chroot "$rootdir" apt-get -yq install cmake libnl-3-dev
 
-    git clone $OLSR2_REPO $rootdir/etc/olsr2
+    git clone "$OLSR2_REPO" "$rootdir/etc/olsr2"
 
-    cat <<EOF > $rootdir/usr/bin/install_olsr2
+    cat <<EOF > "$rootdir/usr/bin/install_olsr2"
 #!/bin/bash
 cd /etc/olsr2
 git checkout $OLSR2_COMMIT -b $OLSR2_COMMIT
@@ -726,32 +729,32 @@ EOF
     chroot "$rootdir" chmod +x /usr/bin/install_olsr2
     chroot "$rootdir" /usr/bin/install_olsr2
 
-    if [ ! -f $rootdir/usr/local/sbin/olsrd2_static ]; then
+    if [ ! -f "$rootdir/usr/local/sbin/olsrd2_static" ]; then
         echo $'Unable to build OLSR2'
         exit 79835392
     fi
 
-    rm $rootdir/usr/bin/install_olsr2
+    rm "$rootdir/usr/bin/install_olsr2"
 
-    echo '[Unit]' > $rootdir/etc/systemd/system/olsr2.service
-    echo 'Description=OLSR2 mesh routing protocol' >> $rootdir/etc/systemd/system/olsr2.service
-    echo 'Requires=network.target' >> $rootdir/etc/systemd/system/olsr2.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/olsr2.service
-    echo '' >> $rootdir/etc/systemd/system/olsr2.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/olsr2.service
-    echo 'User=root' >> $rootdir/etc/systemd/system/olsr2.service
-    echo 'Group=root' >> $rootdir/etc/systemd/system/olsr2.service
-    echo 'ExecStart=/usr/local/sbin/olsrd2_static wlan0' >> $rootdir/etc/systemd/system/olsr2.service
-    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/olsr2.service
-    echo '' >> $rootdir/etc/systemd/system/olsr2.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/olsr2.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/olsr2.service
+    { echo '[Unit]';
+      echo 'Description=OLSR2 mesh routing protocol';
+      echo 'Requires=network.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'ExecStart=/usr/local/sbin/olsrd2_static wlan0';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/olsr2.service"
 }
 
 install_bmx6() {
-    git clone $BMX6_REPO $rootdir/etc/bmx6
+    git clone "$BMX6_REPO" "$rootdir/etc/bmx6"
 
-    cat <<EOF > $rootdir/usr/bin/install_bmx6
+    cat <<EOF > "$rootdir/usr/bin/install_bmx6"
 #!/bin/bash
 cd /etc/bmx6
 git checkout $BMX6_COMMIT -b $BMX6_COMMIT
@@ -785,37 +788,37 @@ EOF
     chroot "$rootdir" chmod +x /usr/bin/install_bmx6
     chroot "$rootdir" /usr/bin/install_bmx6
 
-    if [ ! -f $rootdir/usr/sbin/bmx6 ]; then
+    if [ ! -f "$rootdir/usr/sbin/bmx6" ]; then
         echo $'bmx6 was not installed'
         exit 79835292
     fi
 
-    rm $rootdir/usr/bin/install_bmx6
+    rm "$rootdir/usr/bin/install_bmx6"
 
-    echo '[Unit]' > $rootdir/etc/systemd/system/bmx6.service
-    echo 'Description=BMX6 mesh routing protocol' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'Requires=network.target' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/bmx6.service
-    echo '' >> $rootdir/etc/systemd/system/bmx6.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'Type=forking' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'User=root' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'Group=root' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'ExecStart=/usr/sbin/bmx6 dev=wlan0' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'ExecStop=/usr/bin/kill -15 $MAINPID' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'PIDFile=/var/run/bmx6/pid' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/bmx6.service
-    echo '' >> $rootdir/etc/systemd/system/bmx6.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/bmx6.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/bmx6.service
+    { echo '[Unit]';
+      echo 'Description=BMX6 mesh routing protocol';
+      echo 'Requires=network.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=forking';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'ExecStart=/usr/sbin/bmx6 dev=wlan0';
+      echo "ExecStop=/usr/bin/kill -15 \$MAINPID";
+      echo 'PIDFile=/var/run/bmx6/pid';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/bmx6.service"
 }
 
 install_bmx7() {
     chroot "$rootdir" apt-get -qy install libjson-c-dev zlib1g-dev libiw-dev
 
-    git clone $BMX7_REPO $rootdir/etc/bmx7
+    git clone "$BMX7_REPO" "$rootdir/etc/bmx7"
 
-    cat <<EOF > $rootdir/usr/bin/install_bmx7
+    cat <<EOF > "$rootdir/usr/bin/install_bmx7"
 #!/bin/bash
 cd /etc
 wget https://polarssl.org/code/releases/polarssl-1.3.3-gpl.tgz
@@ -852,47 +855,47 @@ EOF
     chroot "$rootdir" chmod +x /usr/bin/install_bmx7
     chroot "$rootdir" /usr/bin/install_bmx7
 
-    if [ ! -f $rootdir/usr/sbin/bmx7 ]; then
+    if [ ! -f "$rootdir/usr/sbin/bmx7" ]; then
         echo $'bmx7 was not installed'
         exit 67836235
     fi
 
-    rm $rootdir/usr/bin/install_bmx7
+    rm "$rootdir/usr/bin/install_bmx7"
 
-    echo '[Unit]' > $rootdir/etc/systemd/system/bmx7.service
-    echo 'Description=BMX7 mesh routing protocol' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'Requires=network.target' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/bmx7.service
-    echo '' >> $rootdir/etc/systemd/system/bmx7.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'Type=forking' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'User=root' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'Group=root' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'ExecStart=/usr/sbin/bmx7 dev=wlan0' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'ExecStop=/usr/bin/kill -15 $MAINPID' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'PIDFile=/var/run/bmx7/pid' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'Restart=on-failure' >> $rootdir/etc/systemd/system/bmx7.service
-    echo '' >> $rootdir/etc/systemd/system/bmx7.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/bmx7.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/bmx7.service
+    { echo '[Unit]';
+      echo 'Description=BMX7 mesh routing protocol';
+      echo 'Requires=network.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=forking';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'ExecStart=/usr/sbin/bmx7 dev=wlan0';
+      echo "ExecStop=/usr/bin/kill -15 \$MAINPID";
+      echo 'PIDFile=/var/run/bmx7/pid';
+      echo 'Restart=on-failure';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/bmx7.service"
 }
 
 initialise_mesh() {
-    if [[ $VARIANT != "mesh"* ]]; then
+    if [[ "$VARIANT" != "mesh"* ]]; then
         return
     fi
-    if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then
+    if [[ "$DEBIAN_INSTALL_ONLY" != "no" ]]; then
         return
     fi
 
-    if [[ $INSECURE == $'yes' ]]; then
+    if [[ "$INSECURE" == $'yes' ]]; then
         echo  '*********************************************************'
         echo $'WARNING: non-free wifi drivers are being installed.'
         echo $'         This may compromise the security of your system.'
         echo  '*********************************************************'
 
         # enable non-free repo
-        if ! grep -q "non-free" $rootdir/etc/apt/sources.list; then
+        if ! grep -q "non-free" "$rootdir/etc/apt/sources.list"; then
             chroot "$rootdir" /bin/sed -i "s| main| main non-free|g" /etc/apt/sources.list
         fi
 
@@ -917,16 +920,16 @@ initialise_mesh() {
     chroot "$rootdir" apt-get -yq install traceroute
 
     # set the default protocol to be used
-    echo 'bmx6' > $rootdir$MESH_DEFAULT_PROTOCOL
+    echo 'bmx6' > "$rootdir$MESH_DEFAULT_PROTOCOL"
 
-    sed -i 's|#net.ipv6.conf.all.forwarding.*|net.ipv6.conf.all.forwarding=1|g' $rootdir/etc/sysctl.conf
-    sed -i 's|net.ipv6.conf.all.forwarding.*|net.ipv6.conf.all.forwarding=1|g' $rootdir/etc/sysctl.conf
+    sed -i 's|#net.ipv6.conf.all.forwarding.*|net.ipv6.conf.all.forwarding=1|g' "$rootdir/etc/sysctl.conf"
+    sed -i 's|net.ipv6.conf.all.forwarding.*|net.ipv6.conf.all.forwarding=1|g' "$rootdir/etc/sysctl.conf"
 
-    sed -i 's|#net.ipv6.conf.all.accept_redirects.*|net.ipv6.conf.all.accept_redirects=1|g' $rootdir/etc/sysctl.conf
-    sed -i 's|net.ipv6.conf.all.accept_redirects.*|net.ipv6.conf.all.accept_redirects=1|g' $rootdir/etc/sysctl.conf
+    sed -i 's|#net.ipv6.conf.all.accept_redirects.*|net.ipv6.conf.all.accept_redirects=1|g' "$rootdir/etc/sysctl.conf"
+    sed -i 's|net.ipv6.conf.all.accept_redirects.*|net.ipv6.conf.all.accept_redirects=1|g' "$rootdir/etc/sysctl.conf"
 
-    sed -i 's|#net.ipv6.conf.all.accept_source_route.*|net.ipv6.conf.all.accept_source_route=1|g' $rootdir/etc/sysctl.conf
-    sed -i 's|net.ipv6.conf.all.accept_source_route.*|net.ipv6.conf.all.accept_source_route=1|g' $rootdir/etc/sysctl.conf
+    sed -i 's|#net.ipv6.conf.all.accept_source_route.*|net.ipv6.conf.all.accept_source_route=1|g' "$rootdir/etc/sysctl.conf"
+    sed -i 's|net.ipv6.conf.all.accept_source_route.*|net.ipv6.conf.all.accept_source_route=1|g' "$rootdir/etc/sysctl.conf"
 
     configure_firewall
     install_avahi
@@ -954,126 +957,127 @@ initialise_mesh() {
     install_pelican
     mesh_install_cryptpad
     #mesh_install_peertube
-    if [ $ENABLE_ZERONET ]; then
+    if [ "$ENABLE_ZERONET" ]; then
         install_zeronet
     fi
 
     # ssh server not available on mesh peers
-    if [ -f $rootdir/etc/avahi/services/ssh.service ]; then
-        rm $rootdir/etc/avahi/services/ssh.service
+    if [ -f "$rootdir/etc/avahi/services/ssh.service" ]; then
+        rm "$rootdir/etc/avahi/services/ssh.service"
     fi
 
     MESH_SERVICE='mesh-setup.service'
-    MESH_SETUP_DAEMON=$rootdir/etc/systemd/system/$MESH_SERVICE
+    MESH_SETUP_DAEMON="$rootdir/etc/systemd/system/$MESH_SERVICE"
 
     MESH_STARTUP_PARAMS="${MY_USERNAME}"
-    if [[ $AMNESIC != 'no' ]]; then
+    if [[ "$AMNESIC" != 'no' ]]; then
         MESH_STARTUP_PARAMS="${MY_USERNAME} amnesic"
     fi
 
-    echo '[Unit]' > $MESH_SETUP_DAEMON
-    echo 'Description=Initial mesh router configuration' >> $MESH_SETUP_DAEMON
-    echo 'After=syslog.target' >> $MESH_SETUP_DAEMON
-    echo 'After=network.target' >> $MESH_SETUP_DAEMON
-    echo '' >> $MESH_SETUP_DAEMON
-    echo '[Service]' >> $MESH_SETUP_DAEMON
-    echo 'Type=simple' >> $MESH_SETUP_DAEMON
-    echo 'User=root' >> $MESH_SETUP_DAEMON
-    echo 'Group=root' >> $MESH_SETUP_DAEMON
-    echo 'WorkingDirectory=/root' >> $MESH_SETUP_DAEMON
-    echo "ExecStart=/usr/local/bin/${PROJECT_NAME}-image-mesh ${MESH_STARTUP_PARAMS} > /var/log/mesh-setup.log" >> $MESH_SETUP_DAEMON
-    echo '' >> $MESH_SETUP_DAEMON
-    echo 'TimeoutSec=99999' >> $MESH_SETUP_DAEMON
-    echo '' >> $MESH_SETUP_DAEMON
-    echo '[Install]' >> $MESH_SETUP_DAEMON
-    echo 'WantedBy=multi-user.target' >> $MESH_SETUP_DAEMON
-    chmod +x $MESH_SETUP_DAEMON
-    chroot "$rootdir" systemctl enable $MESH_SERVICE
+    { echo '[Unit]';
+      echo 'Description=Initial mesh router configuration';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'WorkingDirectory=/root';
+      echo "ExecStart=/usr/local/bin/${PROJECT_NAME}-image-mesh ${MESH_STARTUP_PARAMS} > /var/log/mesh-setup.log";
+      echo '';
+      echo 'TimeoutSec=99999';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$MESH_SETUP_DAEMON"
+    chmod +x "$MESH_SETUP_DAEMON"
+    chroot "$rootdir" systemctl enable "$MESH_SERVICE"
 }
 
 # User interface for USB drive installs ######################################
 
 function mesh_client_startup_applications {
-    if [ ! -d $rootdir/home/$MY_USERNAME/Desktop ]; then
-        mkdir -p $rootdir/home/$MY_USERNAME/Desktop
+    if [ ! -d "$rootdir/home/$MY_USERNAME/Desktop" ]; then
+        mkdir -p "$rootdir/home/$MY_USERNAME/Desktop"
     fi
 
-    if [ ! -d $rootdir/home/$MY_USERNAME/.config/autostart ]; then
-        mkdir -p $rootdir/home/$MY_USERNAME/.config/autostart
-        chroot "$rootdir" /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    if [ ! -d "$rootdir/home/$MY_USERNAME/.config/autostart" ]; then
+        mkdir -p "$rootdir/home/$MY_USERNAME/.config/autostart"
+        chroot "$rootdir" /bin/chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"
     fi
 
-    START_DESKTOP=$rootdir/home/$MY_USERNAME/mesh-desktop.sh
-    FIRST_BOOT=/home/$MY_USERNAME/.first_boot
+    START_DESKTOP="$rootdir/home/$MY_USERNAME/mesh-desktop.sh"
+    FIRST_BOOT="/home/$MY_USERNAME/.first_boot"
     TAHOE_COMMAND="cd /var/lib/tahoelafs && venv/bin/tahoe"
-    echo '#!/bin/bash' > $START_DESKTOP
-    echo "setxkbmap ${KEYBOARD_MAP}" > $START_DESKTOP
-    echo 'dconf write /org/mate/caja/desktop/volumes-visible false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/caja/desktop/computer-icon-visible false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/caja/desktop/home-icon-visible false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/caja/desktop/network-icon-visible false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/caja/desktop/trash-icon-visible false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/caja/desktop/volumes-visible false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/desktop/media-handling/automount-open false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/screensaver/lock-enabled false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/power-manager/lock-keyring-suspend false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/power-manager/lock-suspend false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/power-manager/lock-use-screensaver false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/power-manager/lock-blank-screen false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/power-manager/lock-hibernate false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/power-manager/lock-keyring-hibernate false' >> $START_DESKTOP
-    echo 'dconf write /org/mate/desktop/peripherals/touchpad/scroll-method 2' >> $START_DESKTOP
-    echo "touch /home/$MY_USERNAME/.dbus/Xdbus" >> $START_DESKTOP
-    echo "chmod 600 /home/$MY_USERNAME/.dbus/Xdbus" >> $START_DESKTOP
-    echo "env | grep DBUS_SESSION_BUS_ADDRESS > /home/$MY_USERNAME/.dbus/Xdbus" >> $START_DESKTOP
-    echo "echo 'export DBUS_SESSION_BUS_ADDRESS' >> /home/$MY_USERNAME/.dbus/Xdbus" >> $START_DESKTOP
 
-    echo '' >> $START_DESKTOP
-    echo "amixer set 'Master' unmute" >> $START_DESKTOP
-    echo "amixer set 'Master' 50%" >> $START_DESKTOP
-    echo '' >> $START_DESKTOP
-    echo '' >> $START_DESKTOP
-    echo "if [ ! -f $FIRST_BOOT ]; then" >> $START_DESKTOP
-    echo '  if [ -d /var/lib/tahoelafs ]; then' >> $START_DESKTOP
-    echo "    $TAHOE_COMMAND start" >> $START_DESKTOP
-    echo '  fi' >> $START_DESKTOP
-    echo '  exit 0' >> $START_DESKTOP
-    echo 'fi' >> $START_DESKTOP
-    echo '' >> $START_DESKTOP
-    echo 'INITIAL_TOX_USERNAME=""' >> $START_DESKTOP
-    echo 'while [ ${#INITIAL_TOX_USERNAME} -eq 0 ]; do' >> $START_DESKTOP
-    echo "  data=\$(zenity --entry --title=\"$MESH_TITLE\" --text=\"$MESH_SET_USERNAME\")" >> $START_DESKTOP
-    echo '  accepted=$?' >> $START_DESKTOP
-    echo '  if ((accepted == 0)); then' >> $START_DESKTOP
-    echo "      INITIAL_TOX_USERNAME=\$(awk -F, '{print \$1}' <<<\$data)" >> $START_DESKTOP
-    echo '  fi' >> $START_DESKTOP
-    echo 'done' >> $START_DESKTOP
-    echo '' >> $START_DESKTOP
-    echo 'toxid --setuser "$INITIAL_TOX_USERNAME"' >> $START_DESKTOP
-    echo '' >> $START_DESKTOP
-    echo "if [ -f /home/$MY_USERNAME/.tahoe/tahoe.cfg ]; then" >> $START_DESKTOP
-    echo "    sed -i 's|nickname =.*|nickname = \$INITIAL_TOX_USERNAME|g' /home/$MY_USERNAME/.tahoe/tahoe.cfg" >> $START_DESKTOP
+    { echo '#!/bin/bash';
+      echo "setxkbmap ${KEYBOARD_MAP}";
+      echo 'dconf write /org/mate/caja/desktop/volumes-visible false';
+      echo 'dconf write /org/mate/caja/desktop/computer-icon-visible false';
+      echo 'dconf write /org/mate/caja/desktop/home-icon-visible false';
+      echo 'dconf write /org/mate/caja/desktop/network-icon-visible false';
+      echo 'dconf write /org/mate/caja/desktop/trash-icon-visible false';
+      echo 'dconf write /org/mate/caja/desktop/volumes-visible false';
+      echo 'dconf write /org/mate/desktop/media-handling/automount-open false';
+      echo 'dconf write /org/mate/screensaver/lock-enabled false';
+      echo 'dconf write /org/mate/power-manager/lock-keyring-suspend false';
+      echo 'dconf write /org/mate/power-manager/lock-suspend false';
+      echo 'dconf write /org/mate/power-manager/lock-use-screensaver false';
+      echo 'dconf write /org/mate/power-manager/lock-blank-screen false';
+      echo 'dconf write /org/mate/power-manager/lock-hibernate false';
+      echo 'dconf write /org/mate/power-manager/lock-keyring-hibernate false';
+      echo 'dconf write /org/mate/desktop/peripherals/touchpad/scroll-method 2';
+      echo "touch /home/$MY_USERNAME/.dbus/Xdbus";
+      echo "chmod 600 /home/$MY_USERNAME/.dbus/Xdbus";
+      echo "env | grep DBUS_SESSION_BUS_ADDRESS > /home/$MY_USERNAME/.dbus/Xdbus";
+      echo "echo 'export DBUS_SESSION_BUS_ADDRESS' >> /home/$MY_USERNAME/.dbus/Xdbus";
 
-    echo "    $TAHOE_COMMAND restart" >> $START_DESKTOP
-    echo 'fi' >> $START_DESKTOP
-    echo '' >> $START_DESKTOP
-    echo "rm -f $FIRST_BOOT" >> $START_DESKTOP
-    echo '' >> $START_DESKTOP
-    echo 'exit 0' >> $START_DESKTOP
-    chmod +x $START_DESKTOP
+      echo '';
+      echo "amixer set 'Master' unmute";
+      echo "amixer set 'Master' 50%";
+      echo '';
+      echo '';
+      echo "if [ ! -f $FIRST_BOOT ]; then";
+      echo '  if [ -d /var/lib/tahoelafs ]; then';
+      echo "    $TAHOE_COMMAND start";
+      echo '  fi';
+      echo '  exit 0';
+      echo 'fi';
+      echo '';
+      echo 'INITIAL_TOX_USERNAME=""';
+      echo "while [ \${#INITIAL_TOX_USERNAME} -eq 0 ]; do";
+      echo "  data=\$(zenity --entry --title=\"$MESH_TITLE\" --text=\"$MESH_SET_USERNAME\")";
+      echo '  accepted=$?';
+      echo '  if ((accepted == 0)); then';
+      echo "      INITIAL_TOX_USERNAME=\$(awk -F, '{print \$1}' <<<\$data)";
+      echo '  fi';
+      echo 'done';
+      echo '';
+      echo "toxid --setuser \"\$INITIAL_TOX_USERNAME\"";
+      echo '';
+      echo "if [ -f /home/$MY_USERNAME/.tahoe/tahoe.cfg ]; then";
+      echo "    sed -i 's|nickname =.*|nickname = \$INITIAL_TOX_USERNAME|g' /home/$MY_USERNAME/.tahoe/tahoe.cfg";
 
-    START_DESKTOP2=$rootdir/home/$MY_USERNAME/.config/autostart/mesh-start.desktop
-    echo '[Desktop Entry]' > $START_DESKTOP2
-    echo 'Type=Application' >> $START_DESKTOP2
-    echo 'Name=Mesh start desktop script' >> $START_DESKTOP2
-    echo "Exec=bash -c '~/mesh-desktop.sh'" >> $START_DESKTOP2
-    echo 'X-GNOME-Autostart-enabled=true' >> $START_DESKTOP2
-    chmod +x $START_DESKTOP2
+      echo "    $TAHOE_COMMAND restart";
+      echo 'fi';
+      echo '';
+      echo "rm -f $FIRST_BOOT";
+      echo '';
+      echo 'exit 0'; } > "$START_DESKTOP"
+    chmod +x "$START_DESKTOP"
+
+    START_DESKTOP2="$rootdir/home/$MY_USERNAME/.config/autostart/mesh-start.desktop"
+    { echo '[Desktop Entry]';
+      echo 'Type=Application';
+      echo 'Name=Mesh start desktop script';
+      echo "Exec=bash -c '~/mesh-desktop.sh'";
+      echo 'X-GNOME-Autostart-enabled=true'; } > "$START_DESKTOP2"
+    chmod +x "$START_DESKTOP2"
 }
 
 function mesh_desktop_icons {
-    if [ ! -d $rootdir/home/$MY_USERNAME/Desktop ]; then
-        mkdir -p $rootdir/home/$MY_USERNAME/Desktop
+    if [ ! -d "$rootdir/home/$MY_USERNAME/Desktop" ]; then
+        mkdir -p "$rootdir/home/$MY_USERNAME/Desktop"
     fi
 
     # Terminal
@@ -1086,11 +1090,11 @@ function mesh_desktop_icons {
     #echo 'Icon=terminal' >> $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop
     #echo 'StartupNotify=true' >> $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop
 
-    chroot "$rootdir" /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop
+    chroot "$rootdir" /bin/chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Desktop"
 }
 
 function configure_user_interface {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" && "$VARIANT" != "usb" ]]; then
         return
     fi
 
@@ -1142,7 +1146,7 @@ function configure_user_interface {
     chroot "$rootdir" apt-get -yq install zenity
 
     # Produce a text file on the desktop listing users on the mesh
-    cat <<EOF > $rootdir/usr/bin/list-tox-users
+    cat <<EOF > "$rootdir/usr/bin/list-tox-users"
 #!/bin/bash
 StrMeshUsers=\$"Mesh Users"
 StrUsername=\$'Username'
@@ -1161,13 +1165,13 @@ if [ \$no_of_users -gt 0 ]; then
     if [ ! -f /home/$MY_USERNAME/showusers ]; then
         echo '#!/bin/bash' > /home/$MY_USERNAME/showusers
         echo 'data=\$(' >> /home/$MY_USERNAME/showusers
-        echo 'cat /tmp/Users.txt | \' >> /home/$MY_USERNAME/showusers
+        echo 'cat /tmp/Users.txt | \\' >> /home/$MY_USERNAME/showusers
         echo "    awk -F ' ' '{" >> /home/$MY_USERNAME/showusers
         echo '        for(i=1;i<=NF;i++){' >> /home/$MY_USERNAME/showusers
         echo '            print \$i;' >> /home/$MY_USERNAME/showusers
         echo '        }' >> /home/$MY_USERNAME/showusers
         echo "}' | \\\\" >> /home/$MY_USERNAME/showusers
-        echo '    zenity --list \' >> /home/$MY_USERNAME/showusers
+        echo '    zenity --list \\' >> /home/$MY_USERNAME/showusers
         echo "     --title='\$StrMeshUsers' \\\\" >> /home/$MY_USERNAME/showusers
         echo "     --column='\$StrUsername' --column='\$StrToxID' \\\\" >> /home/$MY_USERNAME/showusers
         echo '     --print-column=2 --hide-column=2 --width=250 --height=400)' >> /home/$MY_USERNAME/showusers
@@ -1544,22 +1548,22 @@ else
     fi
 fi
 EOF
-    chroot "$rootdir" /bin/chown $MY_USERNAME:$MY_USERNAME /usr/bin/list-tox-users
+    chroot "$rootdir" /bin/chown "$MY_USERNAME":"$MY_USERNAME" /usr/bin/list-tox-users
     chroot "$rootdir" /bin/chmod +x /usr/bin/list-tox-users
-    echo "* *       * * *   $MY_USERNAME    bash -c /usr/bin/list-tox-users > /dev/null" >> $rootdir/etc/crontab
+    echo "* *       * * *   $MY_USERNAME    bash -c /usr/bin/list-tox-users > /dev/null" >> "$rootdir/etc/crontab"
 
-    if [[ $VARIANT != "usb" ]]; then
+    if [[ "$VARIANT" != "usb" ]]; then
         # log in automatically
         chroot "$rootdir" apt-get -y install nodm xinit
         echo 'NODM_ENABLED=true' > /etc/default/nodm
         echo "NODM_USER=$MY_USERNAME" >> /etc/default/nodm
 
         chroot "$rootdir" mkdir /etc/systemd/system/getty@tty1.service.d
-        echo '[Service]' > $rootdir/etc/systemd/system/getty@tty1.service.d/override.conf
-        echo 'ExecStart=' >> $rootdir/etc/systemd/system/getty@tty1.service.d/override.conf
-        echo 'ExecStart=-/sbin/agetty --autologin fbone --noclear %I $TERM' >> $rootdir/etc/systemd/system/getty@tty1.service.d/override.conf
+        { echo '[Service]';
+          echo 'ExecStart=';
+          echo "ExecStart=-/sbin/agetty --autologin fbone --noclear %I \$TERM"; } > "$rootdir/etc/systemd/system/getty@tty1.service.d/override.conf"
 
-        echo '[[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && exec startx' >> $rootdir/home/$MY_USERNAME/.profile
+        echo "[[ -z \$DISPLAY && \$XDG_VTNR -eq 1 ]] && exec startx" >> "$rootdir/home/$MY_USERNAME/.profile"
 
         chroot "$rootdir" systemctl set-default multi-user.target
 
@@ -1567,17 +1571,17 @@ EOF
         mesh_desktop_icons
 
         # Different desktop background for amnesic
-        if [[ $AMNESIC != 'no' ]]; then
-            MESH_DESKTOP_BACKGROUND_IMAGE=/usr/local/share/${PROJECT_NAME}_mesh_amnesic_background.png
+        if [[ "$AMNESIC" != 'no' ]]; then
+            MESH_DESKTOP_BACKGROUND_IMAGE="/usr/local/share/${PROJECT_NAME}_mesh_amnesic_background.png"
         fi
 
         # change the desktop background
-        if [ $MESH_DESKTOP_BACKGROUND_IMAGE ]; then
-            if [ -f $MESH_DESKTOP_BACKGROUND_IMAGE ]; then
-                if [ -d $rootdir/usr/share/images/desktop-base ]; then
-                    cp $MESH_DESKTOP_BACKGROUND_IMAGE $rootdir/usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png
+        if [ "$MESH_DESKTOP_BACKGROUND_IMAGE" ]; then
+            if [ -f "$MESH_DESKTOP_BACKGROUND_IMAGE" ]; then
+                if [ -d "$rootdir/usr/share/images/desktop-base" ]; then
+                    cp "$MESH_DESKTOP_BACKGROUND_IMAGE" "$rootdir/usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png"
                     chroot "$rootdir" /bin/rm /usr/share/images/desktop-base/desktop-background
-                    chroot "$rootdir" ln -s /usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png /usr/share/images/desktop-base/desktop-background
+                    chroot "$rootdir" ln -s "/usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png" /usr/share/images/desktop-base/desktop-background
                 fi
             fi
         fi
@@ -1589,22 +1593,22 @@ EOF
     chroot "$rootdir" apt-get -yq install firefox-esr
 
     # help
-    mkdir -p $rootdir/home/${MY_USERNAME}/help/images
-    cd $rootdir/root/${PROJECT_NAME}/website
-    ./deploy.sh EN $rootdir/home/${MY_USERNAME}/help
-    chroot "$rootdir" /bin/chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/help
+    mkdir -p "$rootdir/home/${MY_USERNAME}/help/images"
+    cd "$rootdir/root/${PROJECT_NAME}/website" || exit 2346872684
+    ./deploy.sh EN "$rootdir/home/${MY_USERNAME}/help"
+    chroot "$rootdir" /bin/chown -R "${MY_USERNAME}":"${MY_USERNAME}" "/home/${MY_USERNAME}/help"
 
     # Tox user interface
     #enable_tox_repo
     mesh_tox_qtox
     # copy the default qtox ini file
-    if [ ! -d ${rootdir}/home/${MY_USERNAME}/.config/tox ]; then
-        mkdir ${rootdir}/home/${MY_USERNAME}/.config/tox
-        cp /usr/local/bin/${PROJECT_NAME}-config-qtox ${rootdir}/home/${MY_USERNAME}/.config/tox/qtox.ini
-        chroot "$rootdir" /bin/chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/.config
+    if [ ! -d "${rootdir}/home/${MY_USERNAME}/.config/tox" ]; then
+        mkdir "${rootdir}/home/${MY_USERNAME}/.config/tox"
+        cp "/usr/local/bin/${PROJECT_NAME}-config-qtox" "${rootdir}/home/${MY_USERNAME}/.config/tox/qtox.ini"
+        chroot "$rootdir" /bin/chown -R "${MY_USERNAME}":"${MY_USERNAME}" "/home/${MY_USERNAME}/.config"
     fi
 
-    if [[ $VARIANT == "usb" ]]; then
+    if [[ "$VARIANT" == "usb" ]]; then
         # tor
         chroot "$rootdir" apt-get -yq install tor
 
@@ -1613,10 +1617,10 @@ EOF
         chroot "$rootdir" apt-get update
         chroot "$rootdir" apt-get -yq install gajim-dev-keyring
         chroot "$rootdir" apt-get -yq install git python-dev python-pip gajim-nightly
-        chroot "$rootdir" mkdir /home/$GENERIC_IMAGE_USERNAME/.local/share/gajim/plugins -p
-        chroot "$rootdir" git clone https://github.com/omemo/gajim-omemo /home/$GENERIC_IMAGE_USERNAME/.local/share/gajim/plugins/gajim-omemo
+        chroot "$rootdir" mkdir "/home/$GENERIC_IMAGE_USERNAME/.local/share/gajim/plugins" -p
+        chroot "$rootdir" git clone https://github.com/omemo/gajim-omemo "/home/$GENERIC_IMAGE_USERNAME/.local/share/gajim/plugins/gajim-omemo"
         chroot "$rootdir" pip install protobuf==2.6.1, python-axolotl==0.1.35
-        chroot "$rootdir" /bin/chown -R $GENERIC_IMAGE_USERNAME:$GENERIC_IMAGE_USERNAME /home/$GENERIC_IMAGE_USERNAME/.local
+        chroot "$rootdir" /bin/chown -R "$GENERIC_IMAGE_USERNAME":"$GENERIC_IMAGE_USERNAME" "/home/$GENERIC_IMAGE_USERNAME/.local"
 
         # IRC client
         chroot "$rootdir" apt-get -yq install hexchat profanity
@@ -1628,70 +1632,70 @@ EOF
 ##############################################################################
 
 function image_install_inadyn {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         return
     fi
-    if [ ! -d $rootdir/root/build ]; then
-        mkdir -p $rootdir/root/build
+    if [ ! -d "$rootdir/root/build" ]; then
+        mkdir -p "$rootdir/root/build"
     fi
     chroot "$rootdir" apt-get -yq install build-essential curl libgnutls28-dev automake1.11 libconfuse-dev
 
     if [ -d /repos/inadyn ]; then
-        mkdir $rootdir/root/build/inadyn
-        cp -r -p /repos/inadyn/. $rootdir/root/build/inadyn
-        cd $rootdir/root/build/inadyn
+        mkdir "$rootdir/root/build/inadyn"
+        cp -r -p /repos/inadyn/. "$rootdir/root/build/inadyn"
+        cd "$rootdir/root/build/inadyn" || exit 24729466456
         git pull
     else
-        git clone $INADYN_REPO $rootdir/root/build/inadyn
+        git clone "$INADYN_REPO" "$rootdir/root/build/inadyn"
     fi
 
-    if [ ! -d $rootdir/root/build/inadyn ]; then
+    if [ ! -d "$rootdir/root/build/inadyn" ]; then
         echo 'Failed to clone inadyn'
         exit 728252
     fi
-    cd $rootdir/root/build/inadyn
-    git checkout $INADYN_COMMIT -b $INADYN_COMMIT
+    cd "$rootdir/root/build/inadyn" || exit 3468724568
+    git checkout "$INADYN_COMMIT" -b "$INADYN_COMMIT"
 
-    cd $rootdir/root/build/inadyn
-    echo '#!/bin/bash' > $rootdir/root/build/build_inadyn.sh
-    echo 'cd ~/build/inadyn' >> $rootdir/root/build/build_inadyn.sh
-    echo '#./autogen.sh' >> $rootdir/root/build/build_inadyn.sh
-    echo './configure' >> $rootdir/root/build/build_inadyn.sh
-    echo 'USE_OPENSSL=1 make' >> $rootdir/root/build/build_inadyn.sh
-    echo 'make install' >> $rootdir/root/build/build_inadyn.sh
-    chmod +x $rootdir/root/build/build_inadyn.sh
+    cd "$rootdir/root/build/inadyn" || exit 24682464628
+    { echo '#!/bin/bash';
+      echo 'cd ~/build/inadyn';
+      echo '#./autogen.sh';
+      echo './configure';
+      echo 'USE_OPENSSL=1 make';
+      echo 'make install'; } > "$rootdir/root/build/build_inadyn.sh"
+    chmod +x "$rootdir/root/build/build_inadyn.sh"
     chroot "$rootdir" /root/build/build_inadyn.sh
-    if [ ! -f $rootdir/usr/local/sbin/inadyn ]; then
+    if [ ! -f "$rootdir/usr/local/sbin/inadyn" ]; then
         echo 'Failed to build inadyn'
         exit 6209356
     fi
 
     # create a configuration file
-    echo 'background' > $rootdir/etc/inadyn.conf
-    echo 'verbose        1' >> $rootdir/etc/inadyn.conf
-    echo 'period         300' >> $rootdir/etc/inadyn.conf
-    echo 'startup-delay  60' >> $rootdir/etc/inadyn.conf
-    echo 'cache-dir      /run/inadyn' >> $rootdir/etc/inadyn.conf
-    echo 'logfile        /dev/null' >> $rootdir/etc/inadyn.conf
-    chmod 600 $rootdir/etc/inadyn.conf
+    { echo 'background';
+      echo 'verbose        1';
+      echo 'period         300';
+      echo 'startup-delay  60';
+      echo 'cache-dir      /run/inadyn';
+      echo 'logfile        /dev/null'; } > "$rootdir/etc/inadyn.conf"
+    chmod 600 "$rootdir/etc/inadyn.conf"
 
-    echo '[Unit]' > $rootdir/etc/systemd/system/inadyn.service
-    echo 'Description=inadyn (DynDNS updater)' >> $rootdir/etc/systemd/system/inadyn.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/inadyn.service
-    echo '' >> $rootdir/etc/systemd/system/inadyn.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/inadyn.service
-    echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf' >> $rootdir/etc/systemd/system/inadyn.service
-    echo 'Restart=always' >> $rootdir/etc/systemd/system/inadyn.service
-    echo 'Type=forking' >> $rootdir/etc/systemd/system/inadyn.service
-    echo '' >> $rootdir/etc/systemd/system/inadyn.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/inadyn.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/inadyn.service
+    { echo '[Unit]';
+      echo 'Description=inadyn (DynDNS updater)';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf';
+      echo 'Restart=always';
+      echo 'Type=forking';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/inadyn.service"
     chroot "$rootdir" systemctl enable inadyn
-    echo "inadyn commit:$INADYN_COMMIT" >> $rootdir/root/freedombone-completed.txt
+    echo "inadyn commit:$INADYN_COMMIT" >> "$rootdir/root/freedombone-completed.txt"
 }
 
 function image_setup_utils {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         return
     fi
     chroot "$rootdir" apt-get -yq install apt-transport-https
@@ -1701,29 +1705,29 @@ function image_setup_utils {
     chroot "$rootdir" apt-get -yq install apt-utils
     chroot "$rootdir" apt-get -yq install shellcheck
 
-    if [[ $ARCHITECTURE == 'amd64' ]]; then
+    if [[ "$ARCHITECTURE" == 'amd64' ]]; then
         chroot "$rootdir" apt-get -yq install linux-image-amd64
     fi
 
-    if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'i386' ]]; then
+    if [[ "$ARCHITECTURE" == 'qemu'* || "$ARCHITECTURE" == 'amd64' || "$ARCHITECTURE" == 'x86_64' || "$ARCHITECTURE" == 'i686' || "$ARCHITECTURE" == 'i386' ]]; then
         chroot "$rootdir" apt-get -yq install grub2 lvm2
     fi
 
     chroot "$rootdir" apt-get -yq install locales locales-all debconf
 
-    SYSCTL_FILE=$rootdir/etc/sysctl.conf
-    if [ ! -f $SYSCTL_FILE ]; then
-        touch $SYSCTL_FILE
+    SYSCTL_FILE="$rootdir/etc/sysctl.conf"
+    if [ ! -f "$SYSCTL_FILE" ]; then
+        touch "$SYSCTL_FILE"
     fi
-    cp $SYSCTL_FILE $rootdir/root/sysctl.conf
-    chown $CURR_USER:$CURR_GROUP $rootdir/root/sysctl.conf
-    if ! grep -q "tcp_challenge_ack_limit" $rootdir/root/sysctl.conf; then
-        echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> $rootdir/root/sysctl.conf
+    cp "$SYSCTL_FILE" "$rootdir/root/sysctl.conf"
+    chown "$CURR_USER":"$CURR_GROUP" "$rootdir/root/sysctl.conf"
+    if ! grep -q "tcp_challenge_ack_limit" "$rootdir/root/sysctl.conf"; then
+        echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> "$rootdir/root/sysctl.conf"
     else
-        sed -i 's|net.ipv4.tcp_challenge_ack_limit.*|net.ipv4.tcp_challenge_ack_limit = 999999999|g' $rootdir/root/sysctl.conf
+        sed -i 's|net.ipv4.tcp_challenge_ack_limit.*|net.ipv4.tcp_challenge_ack_limit = 999999999|g' "$rootdir/root/sysctl.conf"
     fi
-    cp $rootdir/root/sysctl.conf $SYSCTL_FILE
-    rm $rootdir/root/sysctl.conf
+    cp "$rootdir/root/sysctl.conf" "$SYSCTL_FILE"
+    rm "$rootdir/root/sysctl.conf"
 
     # all the packages
     chroot "$rootdir" apt-get -yq install cryptsetup libgfshare-bin duplicity sshpass wget
@@ -1741,91 +1745,91 @@ function image_setup_utils {
     # Tor and ssh over tor
     chroot "$rootdir" apt-get -yq install tor connect-proxy
     chroot "$rootdir" connect-proxy
-    sed -i 's|#Log notice file.*|Log notice file /dev/null|g' $rootdir/etc/tor/torrc
-    sed -i 's|Log notice file.*|Log notice file /dev/null|g' $rootdir/etc/tor/torrc
-    sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" $rootdir/etc/tor/torrc
-    sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" $rootdir/etc/tor/torrc
-    if ! grep -q 'Host *.onion' $rootdir/root/.ssh/config; then
-        if [ ! -d $rootdir/root/.ssh ]; then
-            mkdir $rootdir/root/.ssh
+    sed -i 's|#Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"
+    sed -i 's|Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"
+    sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" "$rootdir/etc/tor/torrc"
+    sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" "$rootdir/etc/tor/torrc"
+    if ! grep -q 'Host *.onion' "$rootdir/root/.ssh/config"; then
+        if [ ! -d "$rootdir/root/.ssh" ]; then
+            mkdir "$rootdir/root/.ssh"
         fi
-        echo 'Host *.onion' >> $rootdir/root/.ssh/config
-        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> $rootdir/root/.ssh/config
+        echo 'Host *.onion' >> "$rootdir/root/.ssh/config"
+        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> "$rootdir/root/.ssh/config"
     fi
-    if ! grep -q 'Host *.onion' $rootdir/etc/skel/.ssh/config; then
-        if [ ! -d $rootdir/etc/skel/.ssh ]; then
-            mkdir $rootdir/etc/skel/.ssh
+    if ! grep -q 'Host *.onion' "$rootdir/etc/skel/.ssh/config"; then
+        if [ ! -d "$rootdir/etc/skel/.ssh" ]; then
+            mkdir "$rootdir/etc/skel/.ssh"
         fi
-        echo 'Host *.onion' >> $rootdir/etc/skel/.ssh/config
-        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> $rootdir/etc/skel/.ssh/config
+        echo 'Host *.onion' >> "$rootdir/etc/skel/.ssh/config"
+        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> "$rootdir/etc/skel/.ssh/config"
     fi
 
     # Install golang
     chroot "$rootdir" adduser --disabled-login --gecos 'go' go
     GOARCH=
-    if [[ $ARCHITECTURE == *"386" || $ARCHITECTURE == *"686" ]]; then
+    if [[ "$ARCHITECTURE" == *"386" || "$ARCHITECTURE" == *"686" ]]; then
         GOARCH=386
     fi
-    if [[ $ARCHITECTURE == *"amd64" || $ARCHITECTURE == "x86_64" ]]; then
+    if [[ "$ARCHITECTURE" == *"amd64" || "$ARCHITECTURE" == "x86_64" ]]; then
         GOARCH=amd64
     fi
-    if [[ $ARCHITECTURE == *"arm"* ]]; then
+    if [[ "$ARCHITECTURE" == *"arm"* ]]; then
         GOARCH=armv6l
     fi
-    if [[ $ARCHITECTURE == *"aarch"* || $ARCHITECTURE == *"arm64"* ]]; then
+    if [[ "$ARCHITECTURE" == *"aarch"* || "$ARCHITECTURE" == *"arm64"* ]]; then
         GOARCH=arm64
     fi
-    if [ ! $GOARCH ]; then
+    if [ ! "$GOARCH" ]; then
         echo $'System architecture was not specified when installing Go'
         exit 6734378
     fi
-    GO_SOURCE=https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GOARCH}.tar.gz
+    GO_SOURCE="https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GOARCH}.tar.gz"
 
-    if [ ! -d ${rootdir}/root/build ]; then
-        mkdir -p $rootdir/root/build
+    if [ ! -d "${rootdir}/root/build" ]; then
+        mkdir -p "$rootdir/root/build"
     fi
-    cd $rootdir/root/build
-    wget ${GO_SOURCE}
-    if [ ! -f ${rootdir}/root/build/go${GO_VERSION}.linux-${GOARCH}.tar.gz ]; then
-        exit 26524
+    cd "$rootdir/root/build" || exit 4268746282
+    wget "${GO_SOURCE}"
+    if [ ! -f "${rootdir}/root/build/go${GO_VERSION}.linux-${GOARCH}.tar.gz" ]; then
+        exit 265243553
     fi
-    chroot "$rootdir" tar -C /home/go -xzf ${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz
-    if [ ! -d ${rootdir}/home/go/go/bin ]; then
+    chroot "$rootdir" tar -C /home/go -xzf "${INSTALL_DIR}/go${GO_VERSION}.linux-${GOARCH}.tar.gz"
+    if [ ! -d "${rootdir}/home/go/go/bin" ]; then
         echo 'Go binary not installed'
         exit 763562
     fi
-    mv ${rootdir}/home/go/go ${rootdir}/home/go/go${GO_VERSION}
-    echo "export GOROOT=/home/go" >> ${rootdir}/root/.bashrc
-    echo "export GOROOT=/home/go" >> ${rootdir}/etc/skel/.bashrc
-    echo "export GOROOT=/home/go" >> ${rootdir}/home/go/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/root/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/etc/skel/.bashrc
-    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> ${rootdir}/home/go/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/root/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/etc/skel/.bashrc
-    echo 'export PATH=$PATH:$GOPATH' >> ${rootdir}/home/go/.bashrc
+    mv "${rootdir}/home/go/go" "${rootdir}/home/go/go${GO_VERSION}"
+    echo "export GOROOT=/home/go" >> "${rootdir}/root/.bashrc"
+    echo "export GOROOT=/home/go" >> "${rootdir}/etc/skel/.bashrc"
+    echo "export GOROOT=/home/go" >> "${rootdir}/home/go/.bashrc"
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/root/.bashrc"
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/etc/skel/.bashrc"
+    echo "export GOPATH=\$GOROOT/go${GO_VERSION}/bin" >> "${rootdir}/home/go/.bashrc"
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/root/.bashrc"
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/etc/skel/.bashrc"
+    echo "export PATH=\$PATH:\$GOPATH" >> "${rootdir}/home/go/.bashrc"
     chroot "$rootdir" chown -R go:go /home/go
-    cp ${rootdir}/home/go/go${GO_VERSION}/bin/* ${rootdir}/usr/bin
+    cp "${rootdir}/home/go/go${GO_VERSION}/bin/*" "${rootdir}/usr/bin"
 
     # Tomb
     chroot "$rootdir" apt-get -yq install zsh pinentry-curses
-    git clone $TOMB_REPO $rootdir/root/build/tomb
-    cd $rootdir/root/build/tomb
-    git checkout $TOMB_COMMIT -b $TOMB_COMMIT
+    git clone "$TOMB_REPO" "$rootdir/root/build/tomb"
+    cd "$rootdir/root/build/tomb" || exit 468368345425
+    git checkout "$TOMB_COMMIT" -b "$TOMB_COMMIT"
     chroot "$rootdir" cd /root/build/tomb && make install
-    echo "tomb commit:$TOMB_COMMIT" >> $rootdir/root/freedombone-completed.txt
+    echo "tomb commit:$TOMB_COMMIT" >> "$rootdir/root/freedombone-completed.txt"
 
-    if ! grep -q '* hard maxsyslogins' $rootdir/etc/security/limits.conf; then
-        echo '* hard maxsyslogins 10' >> $rootdir/etc/security/limits.conf
+    if ! grep -q '\* hard maxsyslogins' "$rootdir/etc/security/limits.conf"; then
+        echo '* hard maxsyslogins 10' >> "$rootdir/etc/security/limits.conf"
     else
-        sed -i 's|hard maxsyslogins.*|hard maxsyslogins 10|g' $rootdir/etc/security/limits.conf
+        sed -i 's|hard maxsyslogins.*|hard maxsyslogins 10|g' "$rootdir/etc/security/limits.conf"
     fi
 
     # Max logins for each user
-    if ! grep -q '* hard maxlogins' $rootdir/etc/security/limits.conf; then
-        echo '* hard maxlogins 2' >> $rootdir/etc/security/limits.conf
+    if ! grep -q '\* hard maxlogins' "$rootdir/etc/security/limits.conf"; then
+        echo '* hard maxlogins 2' >> "$rootdir/etc/security/limits.conf"
     else
-        sed -i 's|hard maxlogins.*|hard maxlogins 2|g' $rootdir/etc/security/limits.conf
+        sed -i 's|hard maxlogins.*|hard maxlogins 2|g' "$rootdir/etc/security/limits.conf"
     fi
 
     # Email
@@ -1842,34 +1846,34 @@ function image_setup_utils {
 
     # encrypting email
     chroot "$rootdir" apt-get -yq install libmail-gnupg-perl
-    git clone $GPGIT_REPO $rootdir/root/build/gpgit
-    cd $rootdir/root/build/gpgit
-    git checkout $GPGIT_COMMIT -b $GPGIT_COMMIT
-    cp $rootdir/root/build/gpgit/gpgit.pl $rootdir/usr/bin
-    echo "gpgit commit:$GPGIT_COMMIT" >> $rootdir/root/freedombone-completed.txt
+    git clone "$GPGIT_REPO" "$rootdir/root/build/gpgit"
+    cd "$rootdir/root/build/gpgit" || exit 62484624682
+    git checkout "$GPGIT_COMMIT" -b "$GPGIT_COMMIT"
+    cp "$rootdir/root/build/gpgit/gpgit.pl" "$rootdir/usr/bin"
+    echo "gpgit commit:$GPGIT_COMMIT" >> "$rootdir/root/freedombone-completed.txt"
 
     # email client
     chroot "$rootdir" apt-get -yq install lynx abook urlview mutt
 
-    git clone $CLEANUP_MAILDIR_REPO $rootdir/root/build/cleanup-maildir
-    cd $rootdir/root/build/cleanup-maildir
-    git checkout $CLEANUP_MAILDIR_COMMIT -b $CLEANUP_MAILDIR_COMMIT
-    cp $rootdir/root/build/cleanup-maildir/cleanup-maildir $rootdir/usr/bin
-    echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> $rootdir/root/freedombone-completed.txt
+    git clone "$CLEANUP_MAILDIR_REPO" "$rootdir/root/build/cleanup-maildir"
+    cd "$rootdir/root/build/cleanup-maildir" || exit 246872646847264
+    git checkout "$CLEANUP_MAILDIR_COMMIT" -b "$CLEANUP_MAILDIR_COMMIT"
+    cp "$rootdir/root/build/cleanup-maildir/cleanup-maildir" "$rootdir/usr/bin"
+    echo "cleanup-maildir commit:$CLEANUP_MAILDIR_COMMIT" >> "$rootdir/root/freedombone-completed.txt"
 
     # web server
     chroot "$rootdir" apt-get -yq remove --purge apache2
     chroot "$rootdir" apt-get -yq install nginx php-fpm
-    git clone $NGINX_ENSITE_REPO $rootdir/root/build/nginx_ensite
-    cd $rootdir/root/build/nginx_ensite
-    git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
-    echo "nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $rootdir/root/freedombone-completed.txt
+    git clone "$NGINX_ENSITE_REPO" "$rootdir/root/build/nginx_ensite"
+    cd "$rootdir/root/build/nginx_ensite" || exit 462746826482
+    git checkout "$NGINX_ENSITE_COMMIT" -b "$NGINX_ENSITE_COMMIT"
+    echo "nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> "$rootdir/root/freedombone-completed.txt"
     chroot "$rootdir" cd /root/build/nginx_ensite && make install
-    if [ ! -f $rootdir/etc/pam.d/nginx ]; then
-        echo '#%PAM-1.0' > $rootdir/etc/pam.d/nginx
-        echo '@include common-auth' >> $rootdir/etc/pam.d/nginx
-        echo '@include common-account' >> $rootdir/etc/pam.d/nginx
-        echo '@include common-session' >> $rootdir/etc/pam.d/nginx
+    if [ ! -f "$rootdir/etc/pam.d/nginx" ]; then
+        { echo '#%PAM-1.0';
+          echo '@include common-auth';
+          echo '@include common-account';
+          echo '@include common-session'; } > "$rootdir/etc/pam.d/nginx"
     fi
     chroot "$rootdir" apt-get -yq install tripwire
 
@@ -1883,86 +1887,86 @@ function image_install_nodejs {
 }
 
 function image_preinstall_repos {
-    if [[ $VARIANT == "mesh"* ]]; then
+    if [[ "$VARIANT" == "mesh"* ]]; then
         return
     fi
 
-    if [ ! -d $rootdir/repos ]; then
-        mkdir $rootdir/repos
+    if [ ! -d "$rootdir/repos" ]; then
+        mkdir "$rootdir/repos"
     fi
 
-    git clone $CMAKE_REPO $rootdir/repos/cmake
-    git clone $INADYN_REPO $rootdir/repos/inadyn
-    git clone $TOMB_REPO $rootdir/repos/tomb
+    git clone "$CMAKE_REPO" "$rootdir/repos/cmake"
+    git clone "$INADYN_REPO" "$rootdir/repos/inadyn"
+    git clone "$TOMB_REPO" "$rootdir/repos/tomb"
 
-    if [[ $SOCIALINSTANCE == "pleroma" ]]; then
-        git clone $PLEROMA_REPO $rootdir/repos/pleroma
-        #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
-        git clone $PLEROMA_FRONTEND_REPO $rootdir/repos/pleroma-fe
+    if [[ "$SOCIALINSTANCE" == "pleroma" ]]; then
+        git clone "$PLEROMA_REPO" "$rootdir/repos/pleroma"
+        #git clone $QVITTER_THEME_REPO "$rootdir/repos/qvitter"
+        git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
         return
     fi
 
-    if [[ $SOCIALINSTANCE == "gnusocial" ]]; then
-        git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
-        git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
-        #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
-        git clone $PLEROMA_FRONTEND_REPO $rootdir/repos/pleroma-fe
+    if [[ "$SOCIALINSTANCE" == "gnusocial" ]]; then
+        git clone "$GNUSOCIAL_REPO" "$rootdir/repos/gnusocial"
+        git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
+        #git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
+        git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
         return
     fi
 
-    if [[ $SOCIALINSTANCE == "postactiv" ]]; then
-        git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
-        #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
-        git clone $PLEROMA_FRONTEND_REPO $rootdir/repos/pleroma-fe
-        #git clone $POSTACTIV_REPO $rootdir/repos/postactiv
+    if [[ "$SOCIALINSTANCE" == "postactiv" ]]; then
+        git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
+        #git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
+        git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
+        #git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
         return
     fi
 
-    git clone $CRYPTPAD_REPO $rootdir/repos/cryptpad
-    git clone $DOKUWIKI_REPO $rootdir/repos/dokuwiki
-    git clone $ETHERPAD_REPO $rootdir/repos/etherpad
-    git clone $FRIENDICA_REPO $rootdir/repos/friendica
-    git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
-    git clone $PLEROMA_REPO $rootdir/repos/pleroma
-    git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
-    #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
-    git clone $PLEROMA_FRONTEND_REPO $rootdir/repos/pleroma-fe
-    #git clone $POSTACTIV_REPO $rootdir/repos/postactiv
-    git clone $SHARINGS_REPO $rootdir/repos/sharings
-    git clone $HTMLY_REPO $rootdir/repos/htmly
-    git clone $HUBZILLA_REPO $rootdir/repos/hubzilla
-    git clone $HUBZILLA_ADDONS_REPO $rootdir/repos/hubzilla-addons
-    git clone $KOEL_REPO $rootdir/repos/koel
-    #git clone $LIBREVAULT_REPO $rootdir/repos/librevault
-    git clone $LYCHEE_REPO $rootdir/repos/lychee
-    git clone $MAILPILE_REPO $rootdir/repos/mailpile
-    git clone $MATRIX_REPO $rootdir/repos/matrix
-    git clone $MEDIAGOBLIN_REPO $rootdir/repos/mediagoblin
-    #git clone $MOVIM_REPO $rootdir/repos/movim
-    git clone $NEXTCLOUD_REPO $rootdir/repos/nextcloud
-    git clone $PIHOLE_REPO $rootdir/repos/pihole
-    git clone $PROFANITY_REPO $rootdir/repos/profanity
-    git clone $LIBMESODE_REPO $rootdir/repos/libmesode
-    git clone $PROFANITY_OMEMO_PLUGIN_REPO $rootdir/repos/profanity-omemo
-    git clone $RSS_READER_REPO $rootdir/repos/rss
-    git clone $RSS_MOBILE_READER_REPO $rootdir/repos/rss-mobile
-    git clone $SEARX_REPO $rootdir/repos/searx
-    git clone $TOXCORE_REPO $rootdir/repos/toxcore
-    git clone $TOXID_REPO $rootdir/repos/toxid
-    git clone $TOXIC_REPO $rootdir/repos/toxic
-    git clone $TURTL_REPO $rootdir/repos/turtl
-    git clone $KANBOARD_REPO $rootdir/repos/kanboard
-    git clone $KEYSERVER_WEB_REPO $rootdir/repos/keyserverweb
-    git clone $PEERTUBE_REPO $rootdir/repos/peertube
-    git clone $PRIVATEBIN_REPO $rootdir/repos/privatebin
-    git clone $EDITH_REPO $rootdir/repos/edith
-    git clone $BDSMAIL_REPO $rootdir/repos/bdsmail
-    #git clone $WEKAN_REPO $rootdir/repos/wekan
-    #git clone $FLOW_ROUTER_REPO $rootdir/repos/flowrouter
-    #git clone $METEOR_USERACCOUNTS_REPO $rootdir/repos/meteoruseraccounts
-    #git clone $METEOR_REPO $rootdir/repos/meteor
-    #git clone $ZERONET_REPO $rootdir/repos/zeronet
-    #git clone $QTOX_REPO $rootdir/repos/qtox
+    git clone "$CRYPTPAD_REPO" "$rootdir/repos/cryptpad"
+    git clone "$DOKUWIKI_REPO" "$rootdir/repos/dokuwiki"
+    git clone "$ETHERPAD_REPO" "$rootdir/repos/etherpad"
+    git clone "$FRIENDICA_REPO" "$rootdir/repos/friendica"
+    git clone "$GNUSOCIAL_REPO" "$rootdir/repos/gnusocial"
+    git clone "$PLEROMA_REPO" "$rootdir/repos/pleroma"
+    git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
+    #git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
+    git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
+    #git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
+    git clone "$SHARINGS_REPO" "$rootdir/repos/sharings"
+    git clone "$HTMLY_REPO" "$rootdir/repos/htmly"
+    git clone "$HUBZILLA_REPO" "$rootdir/repos/hubzilla"
+    git clone "$HUBZILLA_ADDONS_REPO" "$rootdir/repos/hubzilla-addons"
+    git clone "$KOEL_REPO" "$rootdir/repos/koel"
+    #git clone "$LIBREVAULT_REPO" "$rootdir/repos/librevault"
+    git clone "$LYCHEE_REPO" "$rootdir/repos/lychee"
+    git clone "$MAILPILE_REPO" "$rootdir/repos/mailpile"
+    git clone "$MATRIX_REPO" "$rootdir/repos/matrix"
+    git clone "$MEDIAGOBLIN_REPO" "$rootdir/repos/mediagoblin"
+    #git clone "$MOVIM_REPO" "$rootdir/repos/movim"
+    git clone "$NEXTCLOUD_REPO" "$rootdir/repos/nextcloud"
+    git clone "$PIHOLE_REPO" "$rootdir/repos/pihole"
+    git clone "$PROFANITY_REPO" "$rootdir/repos/profanity"
+    git clone "$LIBMESODE_REPO" "$rootdir/repos/libmesode"
+    git clone "$PROFANITY_OMEMO_PLUGIN_REPO" "$rootdir/repos/profanity-omemo"
+    git clone "$RSS_READER_REPO" "$rootdir/repos/rss"
+    git clone "$RSS_MOBILE_READER_REPO" "$rootdir/repos/rss-mobile"
+    git clone "$SEARX_REPO" "$rootdir/repos/searx"
+    git clone "$TOXCORE_REPO" "$rootdir/repos/toxcore"
+    git clone "$TOXID_REPO" "$rootdir/repos/toxid"
+    git clone "$TOXIC_REPO" "$rootdir/repos/toxic"
+    git clone "$TURTL_REPO" "$rootdir/repos/turtl"
+    git clone "$KANBOARD_REPO" "$rootdir/repos/kanboard"
+    git clone "$KEYSERVER_WEB_REPO" "$rootdir/repos/keyserverweb"
+    git clone "$PEERTUBE_REPO" "$rootdir/repos/peertube"
+    git clone "$PRIVATEBIN_REPO" "$rootdir/repos/privatebin"
+    git clone "$EDITH_REPO" "$rootdir/repos/edith"
+    git clone "$BDSMAIL_REPO" "$rootdir/repos/bdsmail"
+    #git clone "$WEKAN_REPO" "$rootdir/repos/wekan"
+    #git clone "$FLOW_ROUTER_REPO" "$rootdir/repos/flowrouter"
+    #git clone "$METEOR_USERACCOUNTS_REPO" "$rootdir/repos/meteoruseraccounts"
+    #git clone "$METEOR_REPO" "$rootdir/repos/meteor"
+    #git clone "$ZERONET_REPO" "$rootdir/repos/zeronet"
+    #git clone "$QTOX_REPO" "$rootdir/repos/qtox"
 }
 
 ##############################################################################
@@ -1976,7 +1980,7 @@ fmdir="$(pwd)"
 image="$fmdir"/"$2"
 cd "$rootdir"
 
-echo info: building $MACHINE for $ARCHITECTURE
+echo info: building "$MACHINE" for "$ARCHITECTURE"
 
 export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
 export LC_ALL=C LANGUAGE=C LANG=C
@@ -1985,55 +1989,55 @@ export LC_ALL=C LANGUAGE=C LANG=C
 # are not created yet.
 export TMP=/tmp/ TMPDIR=/tmp/
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     echo $'No username was specified'
     exit 52825
 fi
-username=$MY_USERNAME
+username="$MY_USERNAME"
 echo $"warning: creating initial user $username with well known password!"
-password=$MY_PASSWORD
+password="$MY_PASSWORD"
 chroot "$rootdir" /usr/bin/env -i \
     HOME=/root                    \
     PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
-echo "export PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:" >> $rootdir/root/.bashrc
-chroot "$rootdir" adduser --gecos $username --disabled-password $username
-echo $username:$password | chroot "$rootdir" /usr/sbin/chpasswd
-chroot "$rootdir" adduser $username sudo
+echo "export PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:" >> "$rootdir/root/.bashrc"
+chroot "$rootdir" adduser --gecos "$username" --disabled-password "$username"
+echo "$username":"$password" | chroot "$rootdir" /usr/sbin/chpasswd
+chroot "$rootdir" adduser "$username" sudo
 
-if [ ! $DEBIAN_REPO ]; then
+if [ ! "$DEBIAN_REPO" ]; then
     DEBIAN_REPO='ftp.de.debian.org'
 fi
-if [ ! $DEBIAN_VERSION ]; then
+if [ ! "$DEBIAN_VERSION" ]; then
     DEBIAN_VERSION='stretch'
 fi
 
-set_apt_sources $BUILD_MIRROR
+set_apt_sources "$BUILD_MIRROR"
 chroot "$rootdir" apt-get clean
 chroot "$rootdir" /bin/rm -rf /var/lib/apt/lists/*
 chroot "$rootdir" apt-get clean
-set_apt_sources $MIRROR
+set_apt_sources "$MIRROR"
 configure_backports
 configure_contrib_repo
 chroot "$rootdir" apt-get update
 chroot "$rootdir" apt-get install -y apt-utils
 
-cat > $rootdir/usr/sbin/policy-rc.d <<EOF
+cat > "$rootdir/usr/sbin/policy-rc.d" <<EOF
 #!/bin/sh
 exit 101
 EOF
-chmod a+rx $rootdir/usr/sbin/policy-rc.d
+chmod a+rx "$rootdir/usr/sbin/policy-rc.d"
 
-if $use_eatmydata ; then
+if "$use_eatmydata" ; then
     enable_eatmydata_override
 fi
 
 if [ -n "$CUSTOM_SETUP" ]; then
     cp "$CUSTOM_SETUP" "$rootdir"/tmp
     chroot "$rootdir" apt-get install -y gdebi-core
-    chroot "$rootdir" gdebi -n /tmp/"$(basename $CUSTOM_SETUP)"
+    chroot "$rootdir" gdebi -n "/tmp/$(basename "$CUSTOM_SETUP")"
 fi
 
-if [[ $VARIANT != "mesh"* ]]; then
+if [[ "$VARIANT" != "mesh"* ]]; then
     chroot "$rootdir" apt-get install -y openssh-server
 fi
 chroot "$rootdir" apt-get install -y sudo git dialog build-essential
@@ -2041,45 +2045,45 @@ chroot "$rootdir" apt-get install -y avahi-daemon avahi-utils avahi-discover
 chroot "$rootdir" apt-get install -y iptables dnsutils net-tools network-manager iputils-ping
 chroot "$rootdir" apt-get install -y libnss-mdns libnss-myhostname libnss-gw-name nano man ntp
 chroot "$rootdir" apt-get install -y locales locales-all debconf wireless-tools wpasupplicant usbutils
-if [[ $ARCHITECTURE == 'qemu'* || $ARCHITECTURE == 'i386' || $ARCHITECTURE == 'i686' || $ARCHITECTURE == 'amd64' || $ARCHITECTURE == 'x86_64' ]]; then
+if [[ "$ARCHITECTURE" == 'qemu'* || "$ARCHITECTURE" == 'i386' || "$ARCHITECTURE" == 'i686' || "$ARCHITECTURE" == 'amd64' || "$ARCHITECTURE" == 'x86_64' ]]; then
     chroot "$rootdir" apt-get install -y cryptsetup zsh pinentry-curses iotop bc
     chroot "$rootdir" apt-get install -y grub2 hostapd lvm2
 fi
 
-sed -i "s|#host-name=.*|host-name=${LOCAL_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
-sed -i "s|host-name=.*|host-name=${LOCAL_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
-sed -i "s|use-ipv4=.*|use-ipv4=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-sed -i "s|use-ipv6=.*|use-ipv6=no|g" $rootdir/etc/avahi/avahi-daemon.conf
-sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" $rootdir/etc/avahi/avahi-daemon.conf
-sed -i "s|hosts:.*|hosts:          files mdns4_minimal dns mdns4 mdns|g" $rootdir/etc/nsswitch.conf
+sed -i "s|#host-name=.*|host-name=${LOCAL_NAME}|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+sed -i "s|host-name=.*|host-name=${LOCAL_NAME}|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+sed -i "s|use-ipv4=.*|use-ipv4=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+sed -i "s|use-ipv6=.*|use-ipv6=no|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+sed -i "s|#disallow-other-stacks=.*|disallow-other-stacks=yes|g" "$rootdir/etc/avahi/avahi-daemon.conf"
+sed -i "s|hosts:.*|hosts:          files mdns4_minimal dns mdns4 mdns|g" "$rootdir/etc/nsswitch.conf"
 
 # Add an ssh avahi service
-echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
-echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
-echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
-echo '  <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
-echo '  <service>' >> $rootdir/etc/avahi/services/ssh.service
-echo '    <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
-echo "    <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
-echo '  </service>' >> $rootdir/etc/avahi/services/ssh.service
-echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
+{ echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+  echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+  echo '<service-group>';
+  echo '  <name replace-wildcards="yes">%h SSH</name>';
+  echo '  <service>';
+  echo '    <type>_ssh._tcp</type>';
+  echo "    <port>$SSH_PORT</port>";
+  echo '  </service>';
+  echo '</service-group>'; } > "$rootdir/etc/avahi/services/ssh.service"
 
 # Ensure that the avahi daemon keeps running
 WATCHDOG_SCRIPT_NAME="keepon"
-echo '#!/bin/bash' > $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo 'LOGFILE=/var/log/keepon.log' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo 'CURRENT_DATE=$(date)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo "# keep avahi-daemon daemon running" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo "RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo 'if [ ! $RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo "  systemctl start avahi-daemon" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo "  echo \"avahi-daemon daemon restarted\" >> \$LOGFILE" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo "# End of avahi-daemon" >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-echo "*/1            * *   *   *   root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> $rootdir/etc/crontab
+{ echo '#!/bin/bash';
+  echo 'LOGFILE=/var/log/keepon.log';
+  echo "CURRENT_DATE=\$(date)";
+  echo '';
+  echo "# keep avahi-daemon daemon running";
+  echo "RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)";
+  echo "if [ ! \$RUNNING ]; then";
+  echo "  systemctl start avahi-daemon";
+  echo "  echo -n \$CURRENT_DATE >> \$LOGFILE";
+  echo "  echo \"avahi-daemon daemon restarted\" >> \$LOGFILE";
+  echo 'fi';
+  echo "# End of avahi-daemon"; } > "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
+chmod +x "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
+echo "*/1            * *   *   *   root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> "$rootdir/etc/crontab"
 
 chroot "$rootdir" /bin/bash -x <<EOF
 git clone $PROJECT_REPO /root/$PROJECT_NAME
@@ -2089,10 +2093,10 @@ make install
 cp image_build/bbb-4.9.0.tar.gz /boot/bbb.tar.gz
 EOF
 
-chroot "$rootdir" ${PROJECT_NAME}-image-hardware-setup 2>&1 | \
-    tee $rootdir/var/log/${PROJECT_NAME}-image-hardware-setup.log
+chroot "$rootdir" "${PROJECT_NAME}-image-hardware-setup" 2>&1 | \
+    tee "$rootdir/var/log/${PROJECT_NAME}-image-hardware-setup.log"
 
-rm $rootdir/usr/sbin/policy-rc.d
+rm "$rootdir/usr/sbin/policy-rc.d"
 
 # Set up HRNG for systems known to have one
 # Otherwise install haveged
@@ -2100,33 +2104,33 @@ if [[ "$MACHINE" != "beaglebone"* ]]; then
     # With some VMs, the hardware cycles counter is emulated and deterministic,
     # and thus predictible, so havege should not be used
     if [[ "$MACHINE" != "qemu"* ]]; then
-        chroot $rootdir apt-get -yq install haveged
+        chroot "$rootdir" apt-get -yq install haveged
     fi
 else
-    chroot $rootdir apt-get -yq install rng-tools
-    sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools
+    chroot "$rootdir" apt-get -yq install rng-tools
+    sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' "$rootdir/etc/default/rng-tools"
 
 fi
 
 # copy u-boot to beginning of image
 case "$MACHINE" in
     beaglebone)
-        dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/MLO of="$image" \
+        dd if="$rootdir/usr/lib/u-boot/am335x_boneblack/MLO" of="$image" \
            count=1 seek=1 conv=notrunc bs=128k
-        dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img of="$image" \
+        dd if="$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img" of="$image" \
            count=2 seek=1 conv=notrunc bs=384k
         ;;
     cubieboard2)
-        dd if=$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin of="$image" \
+        dd if="$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin" of="$image" \
            seek=8 conv=notrunc bs=1k
         ;;
     a20-olinuxino-lime)
-        dd if=$rootdir/usr/lib/u-boot/A20-OLinuXino-Lime/u-boot-sunxi-with-spl.bin \
+        dd if="$rootdir/usr/lib/u-boot/A20-OLinuXino-Lime/u-boot-sunxi-with-spl.bin" \
            of="$image" seek=8 conv=notrunc bs=1k
         ;;
 esac
 
-if $use_eatmydata ; then
+if "$use_eatmydata" ; then
     disable_eatmydata_override
 fi
 
@@ -2145,11 +2149,11 @@ image_install_inadyn
 image_preinstall_repos
 
 # remove downloaded packages
-chroot $rootdir apt-get -y autoremove
-chroot $rootdir apt-get clean
+chroot "$rootdir" apt-get -y autoremove
+chroot "$rootdir" apt-get clean
 
 cd /
 echo $"info: killing leftover processes in chroot"
-fuser -mvk $rootdir/. || true
+fuser -mvk "$rootdir/." || true
 
 exit 0
diff --git a/src/freedombone-image-hardware-setup b/src/freedombone-image-hardware-setup
index ba8e18f4..14584512 100755
--- a/src/freedombone-image-hardware-setup
+++ b/src/freedombone-image-hardware-setup
@@ -34,12 +34,11 @@ export TEXTDOMAINDIR="/usr/share/locale"
 enable_serial_console() {
     # By default, spawn a console on the serial port
     device="$1"
-    echo $"Adding a getty on the serial port"
+    echo "Adding a getty on the serial port"
     echo "T0:12345:respawn:/sbin/getty -L $device 115200 vt100" >> /etc/inittab
 }
 
 beaglebone_setup_boot() {
-    bbb_version=$1
 
     # Setup uEnv.txt
     if grep -q btrfs /etc/fstab ; then
@@ -47,12 +46,9 @@ beaglebone_setup_boot() {
     else
         fstype=ext4
     fi
-    if [ ! $bbb_version ]; then
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack.dtb | head -1 | cut -d/ -f4)
-    else
-        kernelVersion=$(ls /usr/lib/*/am335x-boneblack-${1}.dtb | head -1 | cut -d/ -f4)
-    fi
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/am335x-boneblack.dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
@@ -103,7 +99,6 @@ beaglebone_flash() {
 }
 
 beaglebone_repack_kernel() {
-    bbb_version=$1
     # process installed kernel to create uImage, uInitrd, dtb
     # using flash-kernel would be a good approach, except it fails in the
     # cross build environment due to too many environment checks...
@@ -119,12 +114,10 @@ beaglebone_repack_kernel() {
     echo "info: repacking beaglebone kernel and initrd"
 
     bbb_dtb='am335x-boneblack'
-    if [ $bbb_version ]; then
-        bbb_dtb="am335x-boneblack-${bbb_version}"
-    fi
 
-    kernelVersion=$(ls /usr/lib/*/${bbb_dtb}.dtb | head -1 | cut -d/ -f4)
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/${bbb_dtb}.dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
@@ -143,23 +136,23 @@ beaglebone_repack_kernel() {
 
     mkdir /tmp/initrd-repack
 
-    (cd /tmp/initrd-repack ; \
-     zcat /boot/$initRd | cpio -i ; \
+    (cd /tmp/initrd-repack || exit 2468246 ; \
+     zcat "/boot/$initRd" | cpio -i ; \
      rm -f conf/param.conf ; \
      find . | cpio --quiet -o -H newc | \
-         gzip -9 > /boot/$initRd )
+         gzip -9 > "/boot/$initRd" )
 
     rm -rf /tmp/initrd-repack
 
-    (cd /boot ; \
-     cp ${bbb_dtb_file} dtb ; \
-     cat $vmlinuz dtb >> temp-kernel ; \
+    (cd /boot || exit 246824684 ; \
+     cp "${bbb_dtb_file}" dtb ; \
+     cat "$vmlinuz" dtb >> temp-kernel ; \
      mkimage -A arm -O linux -T kernel -n "Debian kernel ${version}" \
              -C none -a 0x82000000 -e 0x82000000 -d temp-kernel uImage ; \
      rm -f temp-kernel ; \
      mkimage -A arm -O linux -T ramdisk -C gzip -a 0x88080000 -e 0x88080000 \
              -n "Debian ramdisk ${version}" \
-             -d $initRd uInitrd )
+             -d "$initRd" uInitrd )
 }
 
 a20_setup_boot() {
@@ -171,8 +164,9 @@ a20_setup_boot() {
     else
         fstype=ext4
     fi
-    kernelVersion=$(ls /usr/lib/*/$dtb | head -1 | cut -d/ -f4)
-    version=$(echo $kernelVersion | sed 's/linux-image-\(.*\)/\1/')
+    # shellcheck disable=SC2012
+    kernelVersion=$(ls "/usr/lib/*/$dtb" | head -1 | cut -d/ -f4)
+    version=$(echo "$kernelVersion" | sed 's/linux-image-\(.*\)/\1/')
     initRd=initrd.img-$version
     vmlinuz=vmlinuz-$version
 
@@ -213,7 +207,7 @@ EOF
 
     # Copy all DTBs
     mkdir -p /boot/dtbs
-    cp /usr/lib/$kernelVersion/* /boot/dtbs
+    cp "/usr/lib/$kernelVersion/*" /boot/dtbs
 
     # extra boot modules
     echo "rtc_sunxi" >> /etc/initramfs-tools/modules
@@ -224,7 +218,7 @@ setup_flash_kernel() {
     if [ ! -d /etc/flash-kernel ] ; then
        mkdir /etc/flash-kernel
     fi
-    echo -n "$1" > /etc/flash-kernel/machine
+    echo "$1" > /etc/flash-kernel/machine
 
     command_line=""
     if [ -n "$2" ] ; then
diff --git a/src/freedombone-image-make b/src/freedombone-image-make
index d0cdad3e..15c9850b 100755
--- a/src/freedombone-image-make
+++ b/src/freedombone-image-make
@@ -35,11 +35,11 @@ export TEXTDOMAIN=${PROJECT_NAME}-image-make
 export TEXTDOMAINDIR="/usr/share/locale"
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-setup"
 
 #set -x # Enable debugging
 
@@ -103,7 +103,7 @@ a20_pkgs="linux-image-armmp-lpae u-boot-tools u-boot u-boot-sunxi"
 # Packages needed for self-hosted development
 dev_pkgs="build-essential devscripts make man-db emacs org-mode git mercurial"
 
-echo Building $MACHINE $PROJECT_NAME for $ARCHITECTURE.
+echo Building "$MACHINE" "$PROJECT_NAME" for "$ARCHITECTURE".
 
 case "$MACHINE" in
     beaglebone)
@@ -164,7 +164,7 @@ for p in $base_pkgs $extra_pkgs; do
 done
 
 # Make sure file is owned by current user, not root
-touch $(dirname $IMAGE)/${PROJECT_NAME}.log
+touch "$(dirname "$IMAGE")/${PROJECT_NAME}.log"
 
 if [ -x vendor/vmdebootstrap/vmdebootstrap ] ; then
     VMDEBOOTSTRAP=vendor/vmdebootstrap/vmdebootstrap
@@ -173,15 +173,15 @@ else
 fi
 
 PROJECT_INSTALL_DIR=/usr/local/bin
-if [ -f /usr/bin/${PROJECT_NAME} ]; then
+if [ -f "/usr/bin/${PROJECT_NAME}" ]; then
     PROJECT_INSTALL_DIR=/usr/bin
 fi
 
 echo $'Making customised customisation script'
-TEMP_CUSTOMISE=/etc/${PROJECT_NAME}/image-customise
-TEMP_CUSTOMISE2=/tmp/${PROJECT_NAME}-image-customise2
-TEMP_CUSTOMISE3=/tmp/${PROJECT_NAME}-image-customise3
-TEMP_CUSTOMISE4=/tmp/${PROJECT_NAME}-image-customise4
+TEMP_CUSTOMISE="/etc/${PROJECT_NAME}/image-customise"
+TEMP_CUSTOMISE2="/tmp/${PROJECT_NAME}-image-customise2"
+TEMP_CUSTOMISE3="/tmp/${PROJECT_NAME}-image-customise3"
+TEMP_CUSTOMISE4="/tmp/${PROJECT_NAME}-image-customise4"
 
 # cat all the things together
 combine_all_scripts $TEMP_CUSTOMISE2
@@ -191,43 +191,43 @@ if [ ! -f $TEMP_CUSTOMISE2 ]; then
 fi
 
 echo $'Changing values within customised customisation script'
-cp $PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise $TEMP_CUSTOMISE3
-if [ $MYUSERNAME ]; then
-    sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" $TEMP_CUSTOMISE3
+cp "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-image-customise" "$TEMP_CUSTOMISE3"
+if [ "$MYUSERNAME" ]; then
+    sed -i "s|MY_USERNAME=.*|MY_USERNAME=${MYUSERNAME}|g" "$TEMP_CUSTOMISE3"
 fi
-if [ $MYPASSWORD ]; then
-    sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" $TEMP_CUSTOMISE3
+if [ "$MYPASSWORD" ]; then
+    sed -i "s|MY_PASSWORD=.*|MY_PASSWORD=${MYPASSWORD}|g" "$TEMP_CUSTOMISE3"
 fi
-sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" $TEMP_CUSTOMISE3
-sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" $TEMP_CUSTOMISE3
-sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" $TEMP_CUSTOMISE3
-sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" $TEMP_CUSTOMISE3
-sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" $TEMP_CUSTOMISE3
-sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" $TEMP_CUSTOMISE3
-sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" $TEMP_CUSTOMISE3
-sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" $TEMP_CUSTOMISE3
-sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" $TEMP_CUSTOMISE3
-sed -i 's|#!/bin/bash||g' $TEMP_CUSTOMISE3
+sed -i "s|ROUTER_IP_ADDRESS=.*|ROUTER_IP_ADDRESS=${ROUTER_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|BOX_IP_ADDRESS=.*|BOX_IP_ADDRESS=${BOX_IP_ADDRESS}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER1=.*|NAMESERVER1=${NAMESERVER1}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER2=.*|NAMESERVER2=${NAMESERVER2}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER3=.*|NAMESERVER3=${NAMESERVER3}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER4=.*|NAMESERVER4=${NAMESERVER4}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER5=.*|NAMESERVER5=${NAMESERVER5}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|NAMESERVER6=.*|NAMESERVER6=${NAMESERVER6}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|PROJECT_NAME=.*|PROJECT_NAME=${PROJECT_NAME}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|CONFIG_FILENAME=.*|CONFIG_FILENAME=${CONFIG_FILENAME}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SSH_PUBKEY=.*|SSH_PUBKEY=${SSH_PUBKEY}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|GENERIC_IMAGE=.*|GENERIC_IMAGE=${GENERIC_IMAGE}|g" "$TEMP_CUSTOMISE3"
+sed -i "s|MINIMAL_INSTALL=.*|MINIMAL_INSTALL=\"${MINIMAL_INSTALL}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SSH_PORT=.*|SSH_PORT=\"${SSH_PORT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|ONION_ONLY=.*|ONION_ONLY=\"${ONION_ONLY}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|PROJECT_REPO=.*|PROJECT_REPO=\"${PROJECT_REPO}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|DEBIAN_INSTALL_ONLY=.*|DEBIAN_INSTALL_ONLY=\"${DEBIAN_INSTALL_ONLY}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_INTERFACE=.*|WIFI_INTERFACE=\"${WIFI_INTERFACE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_SSID=.*|WIFI_SSID=\"${WIFI_SSID}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_TYPE=.*|WIFI_TYPE=\"${WIFI_TYPE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_PASSPHRASE=.*|WIFI_PASSPHRASE=\"${WIFI_PASSPHRASE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_HOTSPOT=.*|WIFI_HOTSPOT=\"${WIFI_HOTSPOT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|WIFI_NETWORKS_FILE=.*|WIFI_NETWORKS_FILE=\"${WIFI_NETWORKS_FILE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|VARIANT=.*|VARIANT=\"${VARIANT}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|MINIMUM_PASSWORD_LENGTH=.*|MINIMUM_PASSWORD_LENGTH=\"${MINIMUM_PASSWORD_LENGTH}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" "$TEMP_CUSTOMISE3"
+sed -i 's|#!/bin/bash||g' "$TEMP_CUSTOMISE3"
 
 cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4
 if [ -f $TEMP_CUSTOMISE ]; then
@@ -256,19 +256,19 @@ sudo -H \
      SOURCE="$SOURCE" \
      CUSTOM_SETUP="$CUSTOM_SETUP" \
      $VMDEBOOTSTRAP \
-     --log $(dirname $IMAGE)/${PROJECT_NAME}.log \
+     --log "$(dirname "$IMAGE")/${PROJECT_NAME}.log" \
      --log-level debug \
-     --size $IMAGE_SIZE \
-     --image $IMAGE.img \
+     --size "$IMAGE_SIZE" \
+     --image "$IMAGE.img" \
      --hostname ${PROJECT_NAME} \
      --verbose \
-     --mirror $BUILD_MIRROR \
+     --mirror "$BUILD_MIRROR" \
      --customize "$TEMP_CUSTOMISE" \
      --lock-root-password \
-     --arch $ARCHITECTURE \
-     --distribution $SUITE \
-     $extra_opts \
-     $pkgopts
+     --arch "$ARCHITECTURE" \
+     --distribution "$SUITE" \
+     "$extra_opts" \
+     "$pkgopts"
 
 echo $'Removing customised customisation script'
 sudo shred -zu $TEMP_CUSTOMISE
diff --git a/src/freedombone-image-mesh b/src/freedombone-image-mesh
index 3b818bb8..0696e864 100755
--- a/src/freedombone-image-mesh
+++ b/src/freedombone-image-mesh
@@ -92,12 +92,12 @@ PEERTUBE_DIR=/etc/peertube
 
 function run_system_query_postgresql {
     query=$1
-    cd /etc/postgresql
+    cd /etc/postgresql || exit 2648246824
     sudo -u postgres psql -c "$query"
 }
 
 function create_password {
-    openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${1} ; echo -n ''
+    openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c "${1}" ; echo -n ''
 }
 
 function enable_peertube {
@@ -186,16 +186,16 @@ function create_avahi_mesh_service {
         exit 52925
     fi
 
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/${service_name}.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/${service_name}.service
-    echo '<service-group>' >> /etc/avahi/services/${service_name}.service
-    echo "  <name replace-wildcards=\"yes\">%h ${service_type}</name>" >> /etc/avahi/services/${service_name}.service
-    echo '  <service>' >> /etc/avahi/services/${service_name}.service
-    echo "    <type>_${service_type}._${service_protocol}</type>" >> /etc/avahi/services/${service_name}.service
-    echo "    <port>${service_port}</port>" >> /etc/avahi/services/${service_name}.service
-    echo "    <txt-record>$service_description</txt-record>" >> /etc/avahi/services/${service_name}.service
-    echo '  </service>' >> /etc/avahi/services/${service_name}.service
-    echo '</service-group>' >> /etc/avahi/services/${service_name}.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo "  <name replace-wildcards=\"yes\">%h ${service_type}</name>";
+      echo '  <service>';
+      echo "    <type>_${service_type}._${service_protocol}</type>";
+      echo "    <port>${service_port}</port>";
+      echo "    <txt-record>$service_description</txt-record>";
+      echo '  </service>';
+      echo '</service-group>'; } > "/etc/avahi/services/${service_name}.service"
 }
 
 function create_ram_disk {
@@ -204,7 +204,7 @@ function create_ram_disk {
         mkdir -p /mnt/ramdisk
     fi
     if ! grep -q "ramdisk" /etc/fstab; then
-        mount -t tmpfs -o size=${ramdisk_size_mb}m tmpfs /mnt/ramdisk
+        mount -t tmpfs -o size="${ramdisk_size_mb}m" tmpfs /mnt/ramdisk
         echo "tmpfs       /mnt/ramdisk tmpfs   nodev,nosuid,noexec,nodiratime,size=${ramdisk_size_mb}M   0 0" >> /etc/fstab
         echo $"${ramdisk_size_mb}M ramdisk created for /tmp" >> $INSTALL_LOG
     fi
@@ -225,7 +225,7 @@ function tmp_ram_disk {
         mkdir -p /tmp
     fi
     if ! grep -q '/tmp' /etc/fstab; then
-        mount -t tmpfs -o size=${ramdisk_size_mb}m tmpfs /tmp
+        mount -t tmpfs -o size="${ramdisk_size_mb}m" tmpfs /tmp
         echo "tmpfs       /tmp tmpfs   nodev,nosuid,noexec,nodiratime,size=${ramdisk_size_mb}M   0 0" >> /etc/fstab
     fi
 }
@@ -235,7 +235,7 @@ function set_hostname {
 
     echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
     echo "$DEFAULT_DOMAIN_NAME" > /etc/mailname
-    hostname $DEFAULT_DOMAIN_NAME
+    hostname "$DEFAULT_DOMAIN_NAME"
 
     if grep -q "127.0.1.1" /etc/hosts; then
         sed -i "s/127.0.1.1.*/127.0.1.1       $DEFAULT_DOMAIN_NAME/g" /etc/hosts
@@ -249,7 +249,7 @@ function change_avahi_name {
     PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
     sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
     sed -i "s|host-name=.*|host-name=P$PEER_ID|g" /etc/avahi/avahi-daemon.conf
-    set_hostname P$PEER_ID
+    set_hostname "P$PEER_ID"
     systemctl restart avahi-daemon
 
     echo "New avahi name for this peer is P$PEER_ID"
@@ -259,7 +259,7 @@ function change_avahi_name {
 function configure_toxcore {
     echo $'Configuring toxcore' >> $INSTALL_LOG
 
-    TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
+    TOXIC_FILE=$(grep "TOXIC_FILE=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F '=' '{print $2}')
 
     if [ -f $MESH_AMNESIC ]; then
         # change to the amnesic mount
@@ -288,7 +288,7 @@ function configure_toxcore {
     if [ -f $MESH_AMNESIC ]; then
         TOX_BOOTSTRAP_ID_FILE=/media/tox-bootstrapd/pubkey.txt
     fi
-    TOX_PUBLIC_KEY=$(cat /var/log/syslog | grep tox | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
+    TOX_PUBLIC_KEY=$(grep tox /var/log/syslog | grep "Public Key" | awk -F ' ' '{print $8}' | tail -1)
     if [ ${#TOX_PUBLIC_KEY} -lt 30 ]; then
         echo $'WARNING: Could not obtain the tox node public key' >> $INSTALL_LOG
         exit 46362
@@ -334,518 +334,520 @@ function show_desktop_icons {
     chmod +x /home/$MY_USERNAME/.showhelp
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.showhelp
 
-    echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/help.desktop
-    echo 'Version=1.0' >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo 'Name=Help' >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[el]=Βοήθεια" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[ar]=مساعدة" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[ca]=Ajuda" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[hi]=मदद" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[fr]=Aidez-moi" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[de]=Hilfe" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[es]=Ayuda" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[it]=Aiuto" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[ru]=Помогите" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Name[zh]=帮帮我" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo 'Comment=Show help' >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[el]=Εμφάνιση βοήθειας" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[ar]=عرض المساعدة" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[ca]=Mostra ajuda" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[hi]=मदद दिखायें" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[fr]=Afficher l'aide" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[de]=Zeig Hilfe" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[es]=Mostrar ayuda" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[it]=Mostra aiuto" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[ru]=Показать справку" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Comment[zh]=显示帮助" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Exec=bash -c /home/$MY_USERNAME/.showhelp" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_help.png" >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/help.desktop
-    echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/help.desktop
+    { echo '[Desktop Entry]';
+      echo 'Version=1.0';
+      echo 'Name=Help';
+      echo "Name[el]=Βοήθεια";
+      echo "Name[ar]=مساعدة";
+      echo "Name[ca]=Ajuda";
+      echo "Name[hi]=मदद";
+      echo "Name[fr]=Aidez-moi";
+      echo "Name[de]=Hilfe";
+      echo "Name[es]=Ayuda";
+      echo "Name[it]=Aiuto";
+      echo "Name[ru]=Помогите";
+      echo "Name[zh]=帮帮我";
+      echo 'Type=Application';
+      echo 'Comment=Show help';
+      echo "Comment[el]=Εμφάνιση βοήθειας";
+      echo "Comment[ar]=عرض المساعدة";
+      echo "Comment[ca]=Mostra ajuda";
+      echo "Comment[hi]=मदद दिखायें";
+      echo "Comment[fr]=Afficher l'aide";
+      echo "Comment[de]=Zeig Hilfe";
+      echo "Comment[es]=Mostrar ayuda";
+      echo "Comment[it]=Mostra aiuto";
+      echo "Comment[ru]=Показать справку";
+      echo "Comment[zh]=显示帮助";
+      echo "Exec=bash -c /home/$MY_USERNAME/.showhelp";
+      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_help.png";
+      echo 'Terminal=false';
+      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/help.desktop"
 
-    echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo 'Version=1.0' >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo 'Name=Wifi' >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[el]=Wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[ar]=واي فاي" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[ca]=Wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[hi]=वाई - फाई" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[fr]=Wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[de]=W-lan" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[es]=Wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[it]=Wi-Fi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[ru]=вай-фай" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Name[zh]=无线上网" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo 'Comment=Check wifi status' >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[el]=Ελέγξτε την κατάσταση wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[ar]=التحقق من حالة واي فاي" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[ca]=Comprova l'estat de wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[hi]=वाईफ़ाई स्थिति की जांच करें" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[fr]=Vérifier l'état du wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[de]=WLAN-Status überprüfen" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[es]=Verificar el estado del wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[it]=Controllare lo stato wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[ru]=Проверить статус wifi" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Comment[zh]=检查wifi状态" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo 'Exec=mate-terminal --full-screen -e "sudo batman monitor"' >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_wifi.png" >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/wifi.desktop
-    echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/wifi.desktop
+    { echo '[Desktop Entry]';
+      echo 'Version=1.0';
+      echo 'Name=Wifi';
+      echo "Name[el]=Wifi";
+      echo "Name[ar]=واي فاي";
+      echo "Name[ca]=Wifi";
+      echo "Name[hi]=वाई - फाई";
+      echo "Name[fr]=Wifi";
+      echo "Name[de]=W-lan";
+      echo "Name[es]=Wifi";
+      echo "Name[it]=Wi-Fi";
+      echo "Name[ru]=вай-фай";
+      echo "Name[zh]=无线上网";
+      echo 'Type=Application';
+      echo 'Comment=Check wifi status';
+      echo "Comment[el]=Ελέγξτε την κατάσταση wifi";
+      echo "Comment[ar]=التحقق من حالة واي فاي";
+      echo "Comment[ca]=Comprova l'estat de wifi";
+      echo "Comment[hi]=वाईफ़ाई स्थिति की जांच करें";
+      echo "Comment[fr]=Vérifier l'état du wifi";
+      echo "Comment[de]=WLAN-Status überprüfen";
+      echo "Comment[es]=Verificar el estado del wifi";
+      echo "Comment[it]=Controllare lo stato wifi";
+      echo "Comment[ru]=Проверить статус wifi";
+      echo "Comment[zh]=检查wifi状态";
+      echo 'Exec=mate-terminal --full-screen -e "sudo batman monitor"';
+      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_wifi.png";
+      echo 'Terminal=false';
+      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/wifi.desktop"
 
-    echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/restart.desktop
-    echo 'Version=1.0' >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo 'Name=Network Restart' >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[el]=Δικτυακή επανεκκίνηση" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[ar]=إعادة تشغيل الشبكة" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[ca]=Reinicia la xarxa" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[hi]=नेटवर्क पुनरारंभ करें" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[fr]=Redémarrage du réseau" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[de]=Netzwerk Neustart" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[es]=Reinicio de red" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[it]=Riavvia rete" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[ru]=Перезапуск сети" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Name[zh]=网络重新启动" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo 'Comment=Restart the mesh network daemon' >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[el]=Κάντε επανεκκίνηση του δαίμονα του δικτύου ματιών" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[ar]=إعادة تشغيل شبكة شبكة الخفي" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[ca]=Reinicia el dimoni de la xarxa de malla" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[hi]=जाल नेटवर्क डेमॉन को पुनरारंभ करें" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[fr]=Redémarrez le démon réseau maillé" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[de]=Starten Sie den Mesh-Netzwerk-Daemon neu." >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[es]=Reinicie el daemon de red de malla" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[it]=Riavviare il daemon della rete mesh" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[ru]=Перезапустить демон сетчатой сети" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Comment[zh]=重新启动网状网络守护程序" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo 'Exec=mate-terminal -e "sudo batman restart 2> /dev/null"' >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_restart_network.png" >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/restart.desktop
-    echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/restart.desktop
+    { echo '[Desktop Entry]';
+      echo 'Version=1.0';
+      echo 'Name=Network Restart';
+      echo "Name[el]=Δικτυακή επανεκκίνηση";
+      echo "Name[ar]=إعادة تشغيل الشبكة";
+      echo "Name[ca]=Reinicia la xarxa";
+      echo "Name[hi]=नेटवर्क पुनरारंभ करें";
+      echo "Name[fr]=Redémarrage du réseau";
+      echo "Name[de]=Netzwerk Neustart";
+      echo "Name[es]=Reinicio de red";
+      echo "Name[it]=Riavvia rete";
+      echo "Name[ru]=Перезапуск сети";
+      echo "Name[zh]=网络重新启动";
+      echo 'Type=Application';
+      echo 'Comment=Restart the mesh network daemon';
+      echo "Comment[el]=Κάντε επανεκκίνηση του δαίμονα του δικτύου ματιών";
+      echo "Comment[ar]=إعادة تشغيل شبكة شبكة الخفي";
+      echo "Comment[ca]=Reinicia el dimoni de la xarxa de malla";
+      echo "Comment[hi]=जाल नेटवर्क डेमॉन को पुनरारंभ करें";
+      echo "Comment[fr]=Redémarrez le démon réseau maillé";
+      echo "Comment[de]=Starten Sie den Mesh-Netzwerk-Daemon neu.";
+      echo "Comment[es]=Reinicie el daemon de red de malla";
+      echo "Comment[it]=Riavviare il daemon della rete mesh";
+      echo "Comment[ru]=Перезапустить демон сетчатой сети";
+      echo "Comment[zh]=重新启动网状网络守护程序";
+      echo 'Exec=mate-terminal -e "sudo batman restart 2> /dev/null"';
+      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_restart_network.png";
+      echo 'Terminal=false';
+      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/restart.desktop"
 
-    echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo 'Version=1.0' >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo 'Name=New Identity' >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[el]=Νέα ταυτότητα" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[ar]=هوية جديدة" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[ca]=Nova identitat" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[hi]=नई पहचान" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[fr]=Nouvelle identité" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[de]=Neue Identität" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[es]=Nueva identidad" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[it]=Nuova Identità" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[ru]=Новая идентификация" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Name[zh]=新身份" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo 'Comment=Create a new identity' >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[el]=Δημιουργήστε μια νέα ταυτότητα" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[ar]=إنشاء هوية جديدة" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[ca]=Crea una nova identitat" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[hi]=एक नई पहचान बनाएँ" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[fr]=Créer une nouvelle identité" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[de]=Erstellen Sie eine neue Identität" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[es]=Crea una nueva identidad" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[it]=Crea una nuova identità" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[ru]=Создайте новое удостоверение личности" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Comment[zh]=创建一个新的身份" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Exec=${PROJECT_NAME}-mesh-reset" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_new_identity.png" >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/new_identity.desktop
-    echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/new_identity.desktop
+    { echo '[Desktop Entry]';
+      echo 'Version=1.0';
+      echo 'Name=New Identity';
+      echo "Name[el]=Νέα ταυτότητα";
+      echo "Name[ar]=هوية جديدة";
+      echo "Name[ca]=Nova identitat";
+      echo "Name[hi]=नई पहचान";
+      echo "Name[fr]=Nouvelle identité";
+      echo "Name[de]=Neue Identität";
+      echo "Name[es]=Nueva identidad";
+      echo "Name[it]=Nuova Identità";
+      echo "Name[ru]=Новая идентификация";
+      echo "Name[zh]=新身份";
+      echo 'Type=Application';
+      echo 'Comment=Create a new identity';
+      echo "Comment[el]=Δημιουργήστε μια νέα ταυτότητα";
+      echo "Comment[ar]=إنشاء هوية جديدة";
+      echo "Comment[ca]=Crea una nova identitat";
+      echo "Comment[hi]=एक नई पहचान बनाएँ";
+      echo "Comment[fr]=Créer une nouvelle identité";
+      echo "Comment[de]=Erstellen Sie eine neue Identität";
+      echo "Comment[es]=Crea una nueva identidad";
+      echo "Comment[it]=Crea una nuova identità";
+      echo "Comment[ru]=Создайте новое удостоверение личности";
+      echo "Comment[zh]=创建一个新的身份";
+      echo "Exec=${PROJECT_NAME}-mesh-reset";
+      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_new_identity.png";
+      echo 'Terminal=false';
+      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/new_identity.desktop"
 
-    echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name=Social' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[el]=Κοινωνικός' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[ar]=اجتماعي' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[ca]=Social' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[hi]=सामाजिक' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[fr]=Social' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[de]=Soziale' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[es]=Social' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[it]=Sociale' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[ru]=Социальное' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Name[zh]=社会' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment=A decentralized messaging and sharing app built on top of Secure Scuttlebutt" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[el]=Μια αποκεντρωμένη εφαρμογή ανταλλαγής μηνυμάτων και κοινής χρήσης που είναι ενσωματωμένη στην κορυφή του Secure Scuttlebutt" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[ar]=والرسائل اللامركزية وتبادل التطبيق بنيت على رأس سكوتليبوت الآمنة (سب)" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[ca]=Una aplicació de missatgeria i distribució descentralitzada integrada a Secure Scuttlebutt" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[hi]=सिक्योर स्कूटलबट (एसएसबी) के शीर्ष पर निर्मित एक विकेन्द्रीकृत संदेश और साझाकरण ऐप" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[fr]=Une application de messagerie et de partage décentralisée basée sur Secure Scuttlebutt" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[de]=Eine dezentralisierte Messaging- und Sharing-App, die auf Secure Scuttlebutt basiert" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[es]=Una aplicación de mensajería y uso compartido descentralizada construida sobre Secure Scuttlebutt" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[it]=Un'applicazione decentralizzata di messaggistica e condivisione costruita sulla base di Secure Shuttlebutt" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[ru]=Децентрализованное приложение для обмена сообщениями и совместного использования, построенное на основе Secure Scuttlebutt" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Comment[zh]=安全Scuttlebutt之上构建的分散式消息和共享应用程序" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Exec=bash /usr/bin/start_patchwork' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo "Icon=/usr/share/$PROJECT_NAME/avatars/icon_social.png" >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/social.desktop
-    echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/social.desktop
+    { echo '[Desktop Entry]';
+      echo 'Name=Social';
+      echo 'Name[el]=Κοινωνικός';
+      echo 'Name[ar]=اجتماعي';
+      echo 'Name[ca]=Social';
+      echo 'Name[hi]=सामाजिक';
+      echo 'Name[fr]=Social';
+      echo 'Name[de]=Soziale';
+      echo 'Name[es]=Social';
+      echo 'Name[it]=Sociale';
+      echo 'Name[ru]=Социальное';
+      echo 'Name[zh]=社会';
+      echo 'Type=Application';
+      echo "Comment=A decentralized messaging and sharing app built on top of Secure Scuttlebutt";
+      echo "Comment[el]=Μια αποκεντρωμένη εφαρμογή ανταλλαγής μηνυμάτων και κοινής χρήσης που είναι ενσωματωμένη στην κορυφή του Secure Scuttlebutt";
+      echo "Comment[ar]=والرسائل اللامركزية وتبادل التطبيق بنيت على رأس سكوتليبوت الآمنة (سب)";
+      echo "Comment[ca]=Una aplicació de missatgeria i distribució descentralitzada integrada a Secure Scuttlebutt";
+      echo "Comment[hi]=सिक्योर स्कूटलबट (एसएसबी) के शीर्ष पर निर्मित एक विकेन्द्रीकृत संदेश और साझाकरण ऐप";
+      echo "Comment[fr]=Une application de messagerie et de partage décentralisée basée sur Secure Scuttlebutt";
+      echo "Comment[de]=Eine dezentralisierte Messaging- und Sharing-App, die auf Secure Scuttlebutt basiert";
+      echo "Comment[es]=Una aplicación de mensajería y uso compartido descentralizada construida sobre Secure Scuttlebutt";
+      echo "Comment[it]=Un'applicazione decentralizzata di messaggistica e condivisione costruita sulla base di Secure Shuttlebutt";
+      echo "Comment[ru]=Децентрализованное приложение для обмена сообщениями и совместного использования, построенное на основе Secure Scuttlebutt";
+      echo "Comment[zh]=安全Scuttlebutt之上构建的分散式消息和共享应用程序";
+      echo 'Exec=bash /usr/bin/start_patchwork';
+      echo "Icon=/usr/share/$PROJECT_NAME/avatars/icon_social.png";
+      echo 'Terminal=false';
+      echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/social.desktop"
 
-    cp /root/${PROJECT_NAME}/img/icon_kdenlive.png /usr/share/${PROJECT_NAME}/avatars/icon_kdenlive.png
-    echo '#!/usr/bin/env xdg-open' > /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo '# KDE Config File' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo '' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo '[Desktop Entry]' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name=Video Editor' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[ast]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[bs]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[ca]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[ca@valencia]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[cs]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[da]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[de]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[el]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[en_GB]=Video Editor' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[es]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[et]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[fi]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[fr]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[ga]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[gl]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[hu]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[it]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[ja]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[km]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[lt]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[lv]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[mr]=के-डि-एनलाइव्ह' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[nb]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[nds]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[nl]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[nn]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[pl]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[pt]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[pt_BR]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[ro]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[ru]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[sk]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[sl]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[sv]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[tr]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[ug]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[uk]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[x-test]=xxKdenlivexx' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[zh_CN]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Name[zh_TW]=Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName=Video Editor' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[ar]=محرّر فيديوهات' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[ast]=Editor de videu' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[bs]=Video uređivač' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[ca]=Editor de vídeo' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[ca@valencia]=Editor de vídeo' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[cs]=Editor videí' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[da]=Videoredigering' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[de]=Video-Editor' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[el]=Επεξεργαστής βίντεο' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[en_GB]=Video Editor' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[es]=Editor de video' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[et]=Videoredaktor' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[fi]=Videomuokkain' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[fr]=Éditeur vidéo' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[ga]=Eagarthóir Físe' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[gl]=Editor de vídeo' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[hu]=Videoszerkesztő' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[it]=Editor video' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[ja]=ビデオエディタ' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[km]=កម្មវិធី​កែសម្រួល​វីដេអូ' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[lt]=Video redaktorius' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[lv]=Video redaktors' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[mr]=व्हिडीओ संपादक' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[nb]=Videoredigeringsprogram' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[nl]=Video-bewerker' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[nn]=Videoredigering' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[pl]=Edytor wideo' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[pt]=Editor de Víde' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[pt_BR]=Editor de Vídeo' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[ro]=Redactor de imagini' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[ru]=Видеоредактор' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[sk]=Editor videa' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[sl]=Urejevalnik videa' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[sv]=Videoeditor' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[tr]=Video Düzenleyici' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[uk]=Відеоредактор' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[x-test]=xxVideo Editorxx' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[zh_CN]=视频编辑器' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'GenericName[zh_TW]=影像編輯器' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment=Nonlinear video editor for KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[ar]=محرّر فيديوهات غير خطّيّ لكدي' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[ast]=Editor de videu non llinial pa KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[bs]=Nelinearni video uređivač za KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[ca]=Editor de vídeo no lineal per al KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[ca@valencia]=Editor de vídeo no lineal per al KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[cs]=Nelineární editor videí pro KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[da]=Ikke-lineær videoredigering til KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[de]=Nichtlinearer Video-Editor für KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[el]=Μη γραμμικός επεξεργαστής βίντεο για το KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[en_GB]=Nonlinear video editor for KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[es]=Editor no lineal de video para KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[et]=KDE mittelineaarne videoredaktor' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[fi]=Epälineaarinen videomuokkain KDE:lle' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[fr]=Éditeur vidéo non linéaire pour KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[gl]=Editor de vídeo non linear para KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[hu]=Nemlineáris videoszerkesztő a KDE-hez' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[it]=Editor di video non lineare per KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[ja]=KDE 向けノンリニアビデオエディタ' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[km]=កម្មវិធី​កែសម្រួល​វីដេអូ​មិន​លីនេអ៊ែរ​សម្រាប់ KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[lt]=Nelinijinis veido redaktorius skirtas KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[lv]=Nelineārais video redaktors KDE videi' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[mr]=केडीई करिता अरेषीय व्हिडीओ संपादक' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[nb]=Videoredigeringsprogram for KDE med dataklipping' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[nl]=Niet-lineaire video-bewerker voor KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[nn]=Program for ikkje-lineær videoredigering' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[pl]=Nieliniowy edytor wideo dla KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[pt]=Editor de vídeo não-linear para o KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[pt_BR]=Editor de vídeo não-linear para o KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[ro]=Redactor de imagini neliniar pentru KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[ru]=Нелинейный видеоредактор от KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[sk]=Nelineárny editor videa pre KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[sl]=Ne-linearni urejevalnik videa za KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[sv]=Icke-linjär videoeditor för KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[tr]=KDE için doğrusal olmayan video düzenleyici' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[ug]=KDE ئۈچۈن سىزىقسىز سىن تەھرىرلىگۈچ' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[uk]=Нелінійний редактор відео для KDE' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[x-test]=xxNonlinear video editor for KDExx' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[zh_CN]=KDE 的非线性视频编辑器' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Comment[zh_TW]=KDE 上的非線性影像編輯器' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Exec=kdenlive %U' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_kdenlive.png" >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'X-DocPath=kdenlive/index.html' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'X-DocPath[cs]=http://cs.wikibooks.org/wiki/Kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'MimeType=application/x-kdenlive;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Categories=Qt;KDE;AudioVideo;AudioVideoEditing;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords=editing;video;audio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[ca]=edició;vídeo;àudio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[ca@valencia]=edició;vídeo;àudio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[da]=redigering;video;lyd;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[de]=Editing;Bearbeitung;Schnitt;Videoschnitt;Video;Audio;MLT;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[en_GB]=editing;video;audio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[es]=edición;video;audio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[et]=redigeerimine;muutmine;video;audio;heli;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[fi]=editing;video;audio;mlt;kde;editointi;ääni;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[fr]=montage;vidéo;audio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[gl]=editing;edición;video;vídeo;audio;son;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[it]=editing;video;audio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[nl]=bewerken;video;audio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[nn]=redigering;video;lyd;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[pl]=edytowanie;video;wideo;filmy;audio;dźwięk;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[pt]=edição;vídeo;áudio;MLT;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[pt_BR]=edição;vídeo;áudio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[sk]=editovanie;video;audio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[sl]=urejanje;video;zvok;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[sv]=redigering;video;ljud;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[uk]=editing;video;audio;mlt;kde;редагування;відео;звук;аудіо;млт;кдє;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[x-test]=xxeditingxx;xxvideoxx;xxaudioxx;xxmltxx;xxkdexx;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[zh_CN]=editing;video;audio;mlt;kde;编辑;视频;音频;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'Keywords[zh_TW]=editing;video;audio;mlt;kde;' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
-    echo 'X-DBUS-ServiceName=org.kde.kdenlive' >> /home/$MY_USERNAME/Desktop/kdenlive.desktop
+    cp "/root/${PROJECT_NAME}/img/icon_kdenlive.png" "/usr/share/${PROJECT_NAME}/avatars/icon_kdenlive.png"
 
-    cp /root/${PROJECT_NAME}/img/icon_photos.png /usr/share/${PROJECT_NAME}/avatars/icon_photos.png
-    echo '#!/usr/bin/env xdg-open' > /home/$MY_USERNAME/Desktop/photos.desktop
-    echo '[Desktop Entry]' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Version=1.0' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[ar]=شُتْ‌وِل' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[as]=Photos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[bn_IN]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[bs]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[ca]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[cs]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[da]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[de]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[el]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[en_GB]=Photos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[es]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[et]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[eu]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[fi]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[fr]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[gd]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[gl]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[gu]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[he]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[hi]=शॉटवेल' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[hr]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[hu]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[id]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[it]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[ja]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[kk]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[kn]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[ko]=샷웰' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[lt]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[lv]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[ml]=ഷോട്ട്‌‌വെല്‍' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[mr]=शॉटवेल' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[nb]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[nl]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[oc]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[or]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[pa]=ਸ਼ੂਟਵੈੱਲ' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[pl]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[pt]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[pt_BR]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[ro]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[ru]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[sk]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[sl]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[sr]=Фото-бунар' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[sr@latin]=Foto-bunar' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[sv]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[ta]=ஷாட்வெல்' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[te]=షాట్‌వెల్' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[tr]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[uk]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[vi]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[zh_CN]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[zh_HK]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name[zh_TW]=Shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Name=Photos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[af]=Foto Organiseerder' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ar]=مدير الصور' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo "GenericName[as]=ফ'টো ব্যৱস্থাপক" >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ast]=Xestor de semeyes' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[bg]=Мениджър на снимки' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[bn]=ফটো ম্যানেজার' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[bn_IN]=ছবি পরিচালন ব্যবস্থা' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[bs]=Organizator Slika' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ca]=Gestor fotogràfic' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[cs]=Správce fotografií' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[da]=Billedhåndtering' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[de]=Fotoverwaltung' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[el]=Διαχειριστής εικόνων' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[en_GB]=Photo Manager' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[es]=Gestor de fotos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[et]=Fotohaldur' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[eu]=Argazki-kudeatzailea' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[fi]=Valokuvien hallinta' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[fr]=Gestionnaire de photos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[gd]=Manaidsear dhealbhan' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[gl]=Xestor de fotos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[gu]=ફોટો સંચાલક' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[he]=מנהל תמונות' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[hi]=फ़ोटो प्रबंधक' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[hr]=Upravitelj fotografija' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[hu]=Fényképkezelő' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ia]=Administrator de photos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[id]=Manajer Foto' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[it]=Gestore di fotografie' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ja]=Shotwell 写真管理ツール' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[kk]=Фотосуреттерді басқару қолданбасы' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[km]=កម្ម​វិធី​គ្រប់​គ្រង​រូប​ថត' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[kn]=ಫೋಟೊ ವ್ಯವಸ್ಥಾಪಕ' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ko]=사진 관리자' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ky]=Фотография менеджери' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[lt]=Nuotraukų tvarkytuvė' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[lv]=Fotogrāfiju pārvaldnieks' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[mk]=Менаџер на фотографии' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ml]=ചിത്ര പാലകന്‍' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[mr]=छायाचित्र व्यवस्थापक' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[nb]=Fotobehandler' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[nl]=Fotobeheerder' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[oc]=Gestionari de fòtos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[or]=ଫୋଟୋ ପରିଚାଳକ' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[pa]=ਫੋਟੋ ਮੈਨੇਜਰ' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[pl]=Menedżer zdjęć' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[pt]=Gestor de fotografias' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[pt_BR]=Organizador de fotos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ro]=Administrator de fotografii' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ru]=Менеджер фотографий' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[sk]=Správca fotografií' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[sl]=Upravljalnik fotografij' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[sr]=Управник фотографија' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[sr@latin]=Upravnik fotografija' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[sv]=Bildhanterare' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[ta]=புகைப்பட அடுக்கு' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[te]=ఫోటో నిర్వాహకం' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[th]=ตัวจัดการภาพถ่าย' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[tr]=Fotoğraf Yöneticisi' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[uk]=Впорядник фотографій' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[vi]=Trình quản lý ảnh' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[zh_CN]=照片管理器' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[zh_HK]=相片管理員' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName[zh_TW]=相片管理員' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'GenericName=Photo Manager' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[cs]=Roztřiďte si své fotografie' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[da]=Organisér dine billeder' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[de]=Ihre Fotos organisieren' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[es]=Organice sus fotos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[fi]=Hallitse kuviasi' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[gd]=Cuir rian air na dealbhan agad' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[he]=ארגון התמונות שלך' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[hr]=Organizirajte svoje fotografije' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[hu]=Rendszerezze a fényképeit' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[id]=Organisasikan foto Anda' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[kk]=Фотосуреттеріңізді реттеңіз' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[kn]=ನಿಮ್ಮ ಚಿತ್ರಗಳನ್ನು ವ್ಯವಸ್ಥಿತವಾಗಿ ಜೋಡಿಸಿ' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[ko]=사진을 정리합니다.' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[lv]=Organizē savas fotogrāfijas' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[pl]=Organizowanie zdjęć' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[pt]=Organize as suas fotografias' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[pt_BR]=Organize suas fotos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[sk]=Organizuje vaše fotografie' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[sr]=Организујте ваше фотографије' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[sr@latin]=Organizujte vaše fotografije' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[sv]=Organisera dina bilder' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment[uk]=Впорядкуйте ваші фотографії' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Comment=Organize your photos' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_photos.png" >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Exec=shotwell %U' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'MimeType=x-content/image-dcf;' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'Categories=Graphics;Photography;GNOME;GTK;' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'X-GIO-NoFuse=true' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'X-GNOME-Gettext-Domain=shotwell' >> /home/$MY_USERNAME/Desktop/photos.desktop
-    echo 'X-GNOME-FullName=Shotwell Photo Manager' >> /home/$MY_USERNAME/Desktop/photos.desktop
+    { echo '#!/usr/bin/env xdg-open';
+      echo '# KDE Config File';
+      echo '';
+      echo '[Desktop Entry]';
+      echo 'Name=Video Editor';
+      echo 'Name[ast]=Kdenlive';
+      echo 'Name[bs]=Kdenlive';
+      echo 'Name[ca]=Kdenlive';
+      echo 'Name[ca@valencia]=Kdenlive';
+      echo 'Name[cs]=Kdenlive';
+      echo 'Name[da]=Kdenlive';
+      echo 'Name[de]=Kdenlive';
+      echo 'Name[el]=Kdenlive';
+      echo 'Name[en_GB]=Video Editor';
+      echo 'Name[es]=Kdenlive';
+      echo 'Name[et]=Kdenlive';
+      echo 'Name[fi]=Kdenlive';
+      echo 'Name[fr]=Kdenlive';
+      echo 'Name[ga]=Kdenlive';
+      echo 'Name[gl]=Kdenlive';
+      echo 'Name[hu]=Kdenlive';
+      echo 'Name[it]=Kdenlive';
+      echo 'Name[ja]=Kdenlive';
+      echo 'Name[km]=Kdenlive';
+      echo 'Name[lt]=Kdenlive';
+      echo 'Name[lv]=Kdenlive';
+      echo 'Name[mr]=के-डि-एनलाइव्ह';
+      echo 'Name[nb]=Kdenlive';
+      echo 'Name[nds]=Kdenlive';
+      echo 'Name[nl]=Kdenlive';
+      echo 'Name[nn]=Kdenlive';
+      echo 'Name[pl]=Kdenlive';
+      echo 'Name[pt]=Kdenlive';
+      echo 'Name[pt_BR]=Kdenlive';
+      echo 'Name[ro]=Kdenlive';
+      echo 'Name[ru]=Kdenlive';
+      echo 'Name[sk]=Kdenlive';
+      echo 'Name[sl]=Kdenlive';
+      echo 'Name[sv]=Kdenlive';
+      echo 'Name[tr]=Kdenlive';
+      echo 'Name[ug]=Kdenlive';
+      echo 'Name[uk]=Kdenlive';
+      echo 'Name[x-test]=xxKdenlivexx';
+      echo 'Name[zh_CN]=Kdenlive';
+      echo 'Name[zh_TW]=Kdenlive';
+      echo 'GenericName=Video Editor';
+      echo 'GenericName[ar]=محرّر فيديوهات';
+      echo 'GenericName[ast]=Editor de videu';
+      echo 'GenericName[bs]=Video uređivač';
+      echo 'GenericName[ca]=Editor de vídeo';
+      echo 'GenericName[ca@valencia]=Editor de vídeo';
+      echo 'GenericName[cs]=Editor videí';
+      echo 'GenericName[da]=Videoredigering';
+      echo 'GenericName[de]=Video-Editor';
+      echo 'GenericName[el]=Επεξεργαστής βίντεο';
+      echo 'GenericName[en_GB]=Video Editor';
+      echo 'GenericName[es]=Editor de video';
+      echo 'GenericName[et]=Videoredaktor';
+      echo 'GenericName[fi]=Videomuokkain';
+      echo 'GenericName[fr]=Éditeur vidéo';
+      echo 'GenericName[ga]=Eagarthóir Físe';
+      echo 'GenericName[gl]=Editor de vídeo';
+      echo 'GenericName[hu]=Videoszerkesztő';
+      echo 'GenericName[it]=Editor video';
+      echo 'GenericName[ja]=ビデオエディタ';
+      echo 'GenericName[km]=កម្មវិធី​កែសម្រួល​វីដេអូ';
+      echo 'GenericName[lt]=Video redaktorius';
+      echo 'GenericName[lv]=Video redaktors';
+      echo 'GenericName[mr]=व्हिडीओ संपादक';
+      echo 'GenericName[nb]=Videoredigeringsprogram';
+      echo 'GenericName[nl]=Video-bewerker';
+      echo 'GenericName[nn]=Videoredigering';
+      echo 'GenericName[pl]=Edytor wideo';
+      echo 'GenericName[pt]=Editor de Víde';
+      echo 'GenericName[pt_BR]=Editor de Vídeo';
+      echo 'GenericName[ro]=Redactor de imagini';
+      echo 'GenericName[ru]=Видеоредактор';
+      echo 'GenericName[sk]=Editor videa';
+      echo 'GenericName[sl]=Urejevalnik videa';
+      echo 'GenericName[sv]=Videoeditor';
+      echo 'GenericName[tr]=Video Düzenleyici';
+      echo 'GenericName[uk]=Відеоредактор';
+      echo 'GenericName[x-test]=xxVideo Editorxx';
+      echo 'GenericName[zh_CN]=视频编辑器';
+      echo 'GenericName[zh_TW]=影像編輯器';
+      echo 'Comment=Nonlinear video editor for KDE';
+      echo 'Comment[ar]=محرّر فيديوهات غير خطّيّ لكدي';
+      echo 'Comment[ast]=Editor de videu non llinial pa KDE';
+      echo 'Comment[bs]=Nelinearni video uređivač za KDE';
+      echo 'Comment[ca]=Editor de vídeo no lineal per al KDE';
+      echo 'Comment[ca@valencia]=Editor de vídeo no lineal per al KDE';
+      echo 'Comment[cs]=Nelineární editor videí pro KDE';
+      echo 'Comment[da]=Ikke-lineær videoredigering til KDE';
+      echo 'Comment[de]=Nichtlinearer Video-Editor für KDE';
+      echo 'Comment[el]=Μη γραμμικός επεξεργαστής βίντεο για το KDE';
+      echo 'Comment[en_GB]=Nonlinear video editor for KDE';
+      echo 'Comment[es]=Editor no lineal de video para KDE';
+      echo 'Comment[et]=KDE mittelineaarne videoredaktor';
+      echo 'Comment[fi]=Epälineaarinen videomuokkain KDE:lle';
+      echo 'Comment[fr]=Éditeur vidéo non linéaire pour KDE';
+      echo 'Comment[gl]=Editor de vídeo non linear para KDE';
+      echo 'Comment[hu]=Nemlineáris videoszerkesztő a KDE-hez';
+      echo 'Comment[it]=Editor di video non lineare per KDE';
+      echo 'Comment[ja]=KDE 向けノンリニアビデオエディタ';
+      echo 'Comment[km]=កម្មវិធី​កែសម្រួល​វីដេអូ​មិន​លីនេអ៊ែរ​សម្រាប់ KDE';
+      echo 'Comment[lt]=Nelinijinis veido redaktorius skirtas KDE';
+      echo 'Comment[lv]=Nelineārais video redaktors KDE videi';
+      echo 'Comment[mr]=केडीई करिता अरेषीय व्हिडीओ संपादक';
+      echo 'Comment[nb]=Videoredigeringsprogram for KDE med dataklipping';
+      echo 'Comment[nl]=Niet-lineaire video-bewerker voor KDE';
+      echo 'Comment[nn]=Program for ikkje-lineær videoredigering';
+      echo 'Comment[pl]=Nieliniowy edytor wideo dla KDE';
+      echo 'Comment[pt]=Editor de vídeo não-linear para o KDE';
+      echo 'Comment[pt_BR]=Editor de vídeo não-linear para o KDE';
+      echo 'Comment[ro]=Redactor de imagini neliniar pentru KDE';
+      echo 'Comment[ru]=Нелинейный видеоредактор от KDE';
+      echo 'Comment[sk]=Nelineárny editor videa pre KDE';
+      echo 'Comment[sl]=Ne-linearni urejevalnik videa za KDE';
+      echo 'Comment[sv]=Icke-linjär videoeditor för KDE';
+      echo 'Comment[tr]=KDE için doğrusal olmayan video düzenleyici';
+      echo 'Comment[ug]=KDE ئۈچۈن سىزىقسىز سىن تەھرىرلىگۈچ';
+      echo 'Comment[uk]=Нелінійний редактор відео для KDE';
+      echo 'Comment[x-test]=xxNonlinear video editor for KDExx';
+      echo 'Comment[zh_CN]=KDE 的非线性视频编辑器';
+      echo 'Comment[zh_TW]=KDE 上的非線性影像編輯器';
+      echo 'Type=Application';
+      echo 'Exec=kdenlive %U';
+      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_kdenlive.png";
+      echo 'X-DocPath=kdenlive/index.html';
+      echo 'X-DocPath[cs]=http://cs.wikibooks.org/wiki/Kdenlive';
+      echo 'Terminal=false';
+      echo 'MimeType=application/x-kdenlive;';
+      echo 'Categories=Qt;KDE;AudioVideo;AudioVideoEditing;';
+      echo 'Keywords=editing;video;audio;mlt;kde;';
+      echo 'Keywords[ca]=edició;vídeo;àudio;mlt;kde;';
+      echo 'Keywords[ca@valencia]=edició;vídeo;àudio;mlt;kde;';
+      echo 'Keywords[da]=redigering;video;lyd;mlt;kde;';
+      echo 'Keywords[de]=Editing;Bearbeitung;Schnitt;Videoschnitt;Video;Audio;MLT;';
+      echo 'Keywords[en_GB]=editing;video;audio;mlt;kde;';
+      echo 'Keywords[es]=edición;video;audio;mlt;kde;';
+      echo 'Keywords[et]=redigeerimine;muutmine;video;audio;heli;mlt;kde;';
+      echo 'Keywords[fi]=editing;video;audio;mlt;kde;editointi;ääni;';
+      echo 'Keywords[fr]=montage;vidéo;audio;mlt;kde;';
+      echo 'Keywords[gl]=editing;edición;video;vídeo;audio;son;mlt;kde;';
+      echo 'Keywords[it]=editing;video;audio;mlt;kde;';
+      echo 'Keywords[nl]=bewerken;video;audio;mlt;kde;';
+      echo 'Keywords[nn]=redigering;video;lyd;mlt;kde;';
+      echo 'Keywords[pl]=edytowanie;video;wideo;filmy;audio;dźwięk;mlt;kde;';
+      echo 'Keywords[pt]=edição;vídeo;áudio;MLT;kde;';
+      echo 'Keywords[pt_BR]=edição;vídeo;áudio;mlt;kde;';
+      echo 'Keywords[sk]=editovanie;video;audio;mlt;kde;';
+      echo 'Keywords[sl]=urejanje;video;zvok;mlt;kde;';
+      echo 'Keywords[sv]=redigering;video;ljud;mlt;kde;';
+      echo 'Keywords[uk]=editing;video;audio;mlt;kde;редагування;відео;звук;аудіо;млт;кдє;';
+      echo 'Keywords[x-test]=xxeditingxx;xxvideoxx;xxaudioxx;xxmltxx;xxkdexx;';
+      echo 'Keywords[zh_CN]=editing;video;audio;mlt;kde;编辑;视频;音频;';
+      echo 'Keywords[zh_TW]=editing;video;audio;mlt;kde;';
+      echo 'X-DBUS-ServiceName=org.kde.kdenlive'; } > "/home/$MY_USERNAME/Desktop/kdenlive.desktop"
 
-    #echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/audio.desktop
-    #echo 'Name=Audio/Music' >> /home/$MY_USERNAME/Desktop/audio.desktop
-    #echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/audio.desktop
-    #echo 'Comment=Audio publishing and streaming' >> /home/$MY_USERNAME/Desktop/audio.desktop
-    #echo 'Exec=bash /usr/bin/start_ferment' >> /home/$MY_USERNAME/Desktop/audio.desktop
-    #echo "Icon=/etc/patchwork/icon_ferment.png" >> /home/$MY_USERNAME/Desktop/audio.desktop
-    #echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/audio.desktop
-    #echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/audio.desktop
+    cp "/root/${PROJECT_NAME}/img/icon_photos.png" "/usr/share/${PROJECT_NAME}/avatars/icon_photos.png"
 
-    echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name=Routing Protocol' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name[el]=Πρωτόκολλο δρομολόγησης' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name[ar]=بروتوكول التوجيه' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo "Name[ca]=Protocol d'enrutament" >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name[hi]=रूटिंग प्रोटोकॉल' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name[fr]=Protocole de routage' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name[de]=Routingprotokoll' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name[es]=Protocolo de enrutamiento' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name[it]=Protocollo di routing' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name[ru]=Протокол маршрутизации' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Name[zh]=路由协议' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Comment=Select the mesh routing protocol' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Comment[el]=Επιλέξτε το πρωτόκολλο δρομολόγησης πλέγματος' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Comment[ar]=حدد بروتوكول توجيه الشبكة' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo "Comment[ca]=Seleccioneu el protocol d'enrutament de malles" >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Comment[hi]=जाल रूटिंग प्रोटोकॉल का चयन करें' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Comment[fr]=Sélectionnez le protocole de routage de maillage' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Comment[de]=Wählen Sie das Mesh-Routing-Protokoll' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Comment[es]=Seleccione el protocolo de enrutamiento de malla' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo "Comment[it]=Seleziona il protocollo di instradamento della mesh" >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Comment[ru]=Выберите протокол маршрутизации сетки' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Comment[zh]=选择网状路由协议' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo "Exec=mate-terminal -e \"/usr/local/bin/${PROJECT_NAME}-mesh-routing\"" >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_routing.png" >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/routing.desktop
-    echo 'Categories=Application' >> /home/$MY_USERNAME/Desktop/routing.desktop
+    { echo '#!/usr/bin/env xdg-open';
+      echo '[Desktop Entry]';
+      echo 'Version=1.0';
+      echo 'Name[ar]=شُتْ‌وِل';
+      echo 'Name[as]=Photos';
+      echo 'Name[bn_IN]=Shotwell';
+      echo 'Name[bs]=Shotwell';
+      echo 'Name[ca]=Shotwell';
+      echo 'Name[cs]=Shotwell';
+      echo 'Name[da]=Shotwell';
+      echo 'Name[de]=Shotwell';
+      echo 'Name[el]=Shotwell';
+      echo 'Name[en_GB]=Photos';
+      echo 'Name[es]=Shotwell';
+      echo 'Name[et]=Shotwell';
+      echo 'Name[eu]=Shotwell';
+      echo 'Name[fi]=Shotwell';
+      echo 'Name[fr]=Shotwell';
+      echo 'Name[gd]=Shotwell';
+      echo 'Name[gl]=Shotwell';
+      echo 'Name[gu]=Shotwell';
+      echo 'Name[he]=Shotwell';
+      echo 'Name[hi]=शॉटवेल';
+      echo 'Name[hr]=Shotwell';
+      echo 'Name[hu]=Shotwell';
+      echo 'Name[id]=Shotwell';
+      echo 'Name[it]=Shotwell';
+      echo 'Name[ja]=Shotwell';
+      echo 'Name[kk]=Shotwell';
+      echo 'Name[kn]=Shotwell';
+      echo 'Name[ko]=샷웰';
+      echo 'Name[lt]=Shotwell';
+      echo 'Name[lv]=Shotwell';
+      echo 'Name[ml]=ഷോട്ട്‌‌വെല്‍';
+      echo 'Name[mr]=शॉटवेल';
+      echo 'Name[nb]=Shotwell';
+      echo 'Name[nl]=Shotwell';
+      echo 'Name[oc]=Shotwell';
+      echo 'Name[or]=Shotwell';
+      echo 'Name[pa]=ਸ਼ੂਟਵੈੱਲ';
+      echo 'Name[pl]=Shotwell';
+      echo 'Name[pt]=Shotwell';
+      echo 'Name[pt_BR]=Shotwell';
+      echo 'Name[ro]=Shotwell';
+      echo 'Name[ru]=Shotwell';
+      echo 'Name[sk]=Shotwell';
+      echo 'Name[sl]=Shotwell';
+      echo 'Name[sr]=Фото-бунар';
+      echo 'Name[sr@latin]=Foto-bunar';
+      echo 'Name[sv]=Shotwell';
+      echo 'Name[ta]=ஷாட்வெல்';
+      echo 'Name[te]=షాట్‌వెల్';
+      echo 'Name[tr]=Shotwell';
+      echo 'Name[uk]=Shotwell';
+      echo 'Name[vi]=Shotwell';
+      echo 'Name[zh_CN]=Shotwell';
+      echo 'Name[zh_HK]=Shotwell';
+      echo 'Name[zh_TW]=Shotwell';
+      echo 'Name=Photos';
+      echo 'GenericName[af]=Foto Organiseerder';
+      echo 'GenericName[ar]=مدير الصور';
+      echo "GenericName[as]=ফ'টো ব্যৱস্থাপক";
+      echo 'GenericName[ast]=Xestor de semeyes';
+      echo 'GenericName[bg]=Мениджър на снимки';
+      echo 'GenericName[bn]=ফটো ম্যানেজার';
+      echo 'GenericName[bn_IN]=ছবি পরিচালন ব্যবস্থা';
+      echo 'GenericName[bs]=Organizator Slika';
+      echo 'GenericName[ca]=Gestor fotogràfic';
+      echo 'GenericName[cs]=Správce fotografií';
+      echo 'GenericName[da]=Billedhåndtering';
+      echo 'GenericName[de]=Fotoverwaltung';
+      echo 'GenericName[el]=Διαχειριστής εικόνων';
+      echo 'GenericName[en_GB]=Photo Manager';
+      echo 'GenericName[es]=Gestor de fotos';
+      echo 'GenericName[et]=Fotohaldur';
+      echo 'GenericName[eu]=Argazki-kudeatzailea';
+      echo 'GenericName[fi]=Valokuvien hallinta';
+      echo 'GenericName[fr]=Gestionnaire de photos';
+      echo 'GenericName[gd]=Manaidsear dhealbhan';
+      echo 'GenericName[gl]=Xestor de fotos';
+      echo 'GenericName[gu]=ફોટો સંચાલક';
+      echo 'GenericName[he]=מנהל תמונות';
+      echo 'GenericName[hi]=फ़ोटो प्रबंधक';
+      echo 'GenericName[hr]=Upravitelj fotografija';
+      echo 'GenericName[hu]=Fényképkezelő';
+      echo 'GenericName[ia]=Administrator de photos';
+      echo 'GenericName[id]=Manajer Foto';
+      echo 'GenericName[it]=Gestore di fotografie';
+      echo 'GenericName[ja]=Shotwell 写真管理ツール';
+      echo 'GenericName[kk]=Фотосуреттерді басқару қолданбасы';
+      echo 'GenericName[km]=កម្ម​វិធី​គ្រប់​គ្រង​រូប​ថត';
+      echo 'GenericName[kn]=ಫೋಟೊ ವ್ಯವಸ್ಥಾಪಕ';
+      echo 'GenericName[ko]=사진 관리자';
+      echo 'GenericName[ky]=Фотография менеджери';
+      echo 'GenericName[lt]=Nuotraukų tvarkytuvė';
+      echo 'GenericName[lv]=Fotogrāfiju pārvaldnieks';
+      echo 'GenericName[mk]=Менаџер на фотографии';
+      echo 'GenericName[ml]=ചിത്ര പാലകന്‍';
+      echo 'GenericName[mr]=छायाचित्र व्यवस्थापक';
+      echo 'GenericName[nb]=Fotobehandler';
+      echo 'GenericName[nl]=Fotobeheerder';
+      echo 'GenericName[oc]=Gestionari de fòtos';
+      echo 'GenericName[or]=ଫୋଟୋ ପରିଚାଳକ';
+      echo 'GenericName[pa]=ਫੋਟੋ ਮੈਨੇਜਰ';
+      echo 'GenericName[pl]=Menedżer zdjęć';
+      echo 'GenericName[pt]=Gestor de fotografias';
+      echo 'GenericName[pt_BR]=Organizador de fotos';
+      echo 'GenericName[ro]=Administrator de fotografii';
+      echo 'GenericName[ru]=Менеджер фотографий';
+      echo 'GenericName[sk]=Správca fotografií';
+      echo 'GenericName[sl]=Upravljalnik fotografij';
+      echo 'GenericName[sr]=Управник фотографија';
+      echo 'GenericName[sr@latin]=Upravnik fotografija';
+      echo 'GenericName[sv]=Bildhanterare';
+      echo 'GenericName[ta]=புகைப்பட அடுக்கு';
+      echo 'GenericName[te]=ఫోటో నిర్వాహకం';
+      echo 'GenericName[th]=ตัวจัดการภาพถ่าย';
+      echo 'GenericName[tr]=Fotoğraf Yöneticisi';
+      echo 'GenericName[uk]=Впорядник фотографій';
+      echo 'GenericName[vi]=Trình quản lý ảnh';
+      echo 'GenericName[zh_CN]=照片管理器';
+      echo 'GenericName[zh_HK]=相片管理員';
+      echo 'GenericName[zh_TW]=相片管理員';
+      echo 'GenericName=Photo Manager';
+      echo 'Comment[cs]=Roztřiďte si své fotografie';
+      echo 'Comment[da]=Organisér dine billeder';
+      echo 'Comment[de]=Ihre Fotos organisieren';
+      echo 'Comment[es]=Organice sus fotos';
+      echo 'Comment[fi]=Hallitse kuviasi';
+      echo 'Comment[gd]=Cuir rian air na dealbhan agad';
+      echo 'Comment[he]=ארגון התמונות שלך';
+      echo 'Comment[hr]=Organizirajte svoje fotografije';
+      echo 'Comment[hu]=Rendszerezze a fényképeit';
+      echo 'Comment[id]=Organisasikan foto Anda';
+      echo 'Comment[kk]=Фотосуреттеріңізді реттеңіз';
+      echo 'Comment[kn]=ನಿಮ್ಮ ಚಿತ್ರಗಳನ್ನು ವ್ಯವಸ್ಥಿತವಾಗಿ ಜೋಡಿಸಿ';
+      echo 'Comment[ko]=사진을 정리합니다.';
+      echo 'Comment[lv]=Organizē savas fotogrāfijas';
+      echo 'Comment[pl]=Organizowanie zdjęć';
+      echo 'Comment[pt]=Organize as suas fotografias';
+      echo 'Comment[pt_BR]=Organize suas fotos';
+      echo 'Comment[sk]=Organizuje vaše fotografie';
+      echo 'Comment[sr]=Организујте ваше фотографије';
+      echo 'Comment[sr@latin]=Organizujte vaše fotografije';
+      echo 'Comment[sv]=Organisera dina bilder';
+      echo 'Comment[uk]=Впорядкуйте ваші фотографії';
+      echo 'Comment=Organize your photos';
+      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_photos.png";
+      echo 'Exec=shotwell %U';
+      echo 'Terminal=false';
+      echo 'Type=Application';
+      echo 'MimeType=x-content/image-dcf;';
+      echo 'Categories=Graphics;Photography;GNOME;GTK;';
+      echo 'X-GIO-NoFuse=true';
+      echo 'X-GNOME-Gettext-Domain=shotwell';
+      echo 'X-GNOME-FullName=Shotwell Photo Manager'; } > "/home/$MY_USERNAME/Desktop/photos.desktop"
+
+    #{ echo '[Desktop Entry]';
+    #echo 'Name=Audio/Music';
+    #echo 'Type=Application';
+    #echo 'Comment=Audio publishing and streaming';
+    #echo 'Exec=bash /usr/bin/start_ferment';
+    #echo "Icon=/etc/patchwork/icon_ferment.png";
+    #echo 'Terminal=false';
+    #echo 'Categories=Application;'; } > "/home/$MY_USERNAME/Desktop/audio.desktop"
+
+    { echo '[Desktop Entry]';
+      echo 'Type=Application';
+      echo 'Name=Routing Protocol';
+      echo 'Name[el]=Πρωτόκολλο δρομολόγησης';
+      echo 'Name[ar]=بروتوكول التوجيه';
+      echo "Name[ca]=Protocol d'enrutament";
+      echo 'Name[hi]=रूटिंग प्रोटोकॉल';
+      echo 'Name[fr]=Protocole de routage';
+      echo 'Name[de]=Routingprotokoll';
+      echo 'Name[es]=Protocolo de enrutamiento';
+      echo 'Name[it]=Protocollo di routing';
+      echo 'Name[ru]=Протокол маршрутизации';
+      echo 'Name[zh]=路由协议';
+      echo 'Comment=Select the mesh routing protocol';
+      echo 'Comment[el]=Επιλέξτε το πρωτόκολλο δρομολόγησης πλέγματος';
+      echo 'Comment[ar]=حدد بروتوكول توجيه الشبكة';
+      echo "Comment[ca]=Seleccioneu el protocol d'enrutament de malles";
+      echo 'Comment[hi]=जाल रूटिंग प्रोटोकॉल का चयन करें';
+      echo 'Comment[fr]=Sélectionnez le protocole de routage de maillage';
+      echo 'Comment[de]=Wählen Sie das Mesh-Routing-Protokoll';
+      echo 'Comment[es]=Seleccione el protocolo de enrutamiento de malla';
+      echo "Comment[it]=Seleziona il protocollo di instradamento della mesh";
+      echo 'Comment[ru]=Выберите протокол маршрутизации сетки';
+      echo 'Comment[zh]=选择网状路由协议';
+      echo "Exec=mate-terminal -e \"/usr/local/bin/${PROJECT_NAME}-mesh-routing\"";
+      echo "Icon=/usr/share/${PROJECT_NAME}/avatars/icon_routing.png";
+      echo 'Terminal=false';
+      echo 'Categories=Application'; } > "/home/$MY_USERNAME/Desktop/routing.desktop"
 
     # set permissions
-    chmod +x /home/$MY_USERNAME/Desktop/*.desktop
-    chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/Desktop/*
-    chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config
-    chown -R ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config/tox
-    chown -R ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config/autostart
-    chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/*.sh
+    chmod +x "/home/$MY_USERNAME/Desktop/*.desktop"
+    chown "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/Desktop/*"
+    chown "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/.config"
+    chown -R "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/.config/tox"
+    chown -R "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/.config/autostart"
+    chown "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/*.sh"
 
     # link to Tahoe-LAFS Magic folder
     #ln -s /home/${MY_USERNAME}/Desktop/${TAHOELAFS_SHARED_DIR} /home/${MY_USERNAME}/${TAHOELAFS_SHARED_DIR}
@@ -865,34 +867,34 @@ function mesh_amnesic {
         return
     fi
 
-    echo '#!/bin/bash' > /usr/bin/amnesic
-    echo '' >> /usr/bin/amnesic
-    echo 'MY_USERNAME=$1' >> /usr/bin/amnesic
-    echo 'tomb slam all' >> /usr/bin/amnesic
-    echo "if [ -f /home/${MY_USERNAME}/.bash_history ]; then" >> /usr/bin/amnesic
-    echo "    shred -zu /home/${MY_USERNAME}/.bash_history" >> /usr/bin/amnesic
-    echo 'fi' >> /usr/bin/amnesic
-    echo "if [ -f /home/${MY_USERNAME}/.xsession-errors ]; then" >> /usr/bin/amnesic
-    echo "    shred -zu /home/${MY_USERNAME}/.xsession-errors" >> /usr/bin/amnesic
-    echo 'fi' >> /usr/bin/amnesic
-    echo '' >> /usr/bin/amnesic
-    echo 'exit 0' >> /usr/bin/amnesic
+    { echo '#!/bin/bash';
+      echo '';
+      echo "MY_USERNAME=\$1";
+      echo 'tomb slam all';
+      echo "if [ -f /home/${MY_USERNAME}/.bash_history ]; then";
+      echo "    shred -zu /home/${MY_USERNAME}/.bash_history";
+      echo 'fi';
+      echo "if [ -f /home/${MY_USERNAME}/.xsession-errors ]; then";
+      echo "    shred -zu /home/${MY_USERNAME}/.xsession-errors";
+      echo 'fi';
+      echo '';
+      echo 'exit 0'; } > /usr/bin/amnesic
     chmod +x /usr/bin/amnesic
 
     if [ ! -f /etc/systemd/system/amnesic.service ]; then
-        echo '[Unit]' > /etc/systemd/system/amnesic.service
-        echo 'Description=Amnesic Mesh' >> /etc/systemd/system/amnesic.service
-        echo '' >> /etc/systemd/system/amnesic.service
-        echo '[Service]' >> /etc/systemd/system/amnesic.service
-        echo 'User=root' >> /etc/systemd/system/amnesic.service
-        echo 'Group=root' >> /etc/systemd/system/amnesic.service
-        echo 'Type=oneshot' >> /etc/systemd/system/amnesic.service
-        echo 'RemainAfterExit=true' >> /etc/systemd/system/amnesic.service
-        echo 'ExecStart=/bin/true' >> /etc/systemd/system/amnesic.service
-        echo "ExecStop=/usr/bin/amnesic $MY_USERNAME" >> /etc/systemd/system/amnesic.service
-        echo '' >> /etc/systemd/system/amnesic.service
-        echo '[Install]' >> /etc/systemd/system/amnesic.service
-        echo 'WantedBy=multi-user.target' >> /etc/systemd/system/amnesic.service
+        { echo '[Unit]';
+          echo 'Description=Amnesic Mesh';
+          echo '';
+          echo '[Service]';
+          echo 'User=root';
+          echo 'Group=root';
+          echo 'Type=oneshot';
+          echo 'RemainAfterExit=true';
+          echo 'ExecStart=/bin/true';
+          echo "ExecStop=/usr/bin/amnesic $MY_USERNAME";
+          echo '';
+          echo '[Install]';
+          echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/amnesic.service
 
         chmod +x /etc/systemd/system/amnesic.service
         systemctl daemon-reload
@@ -912,21 +914,21 @@ function create_tomb {
     tomb_name=$1
     tomb_size=$2
 
-    if [ -f /tmp/${tomb_name}.tomb ]; then
-        tomb slam /tmp/${tomb_name}.tomb
+    if [ -f "/tmp/${tomb_name}.tomb" ]; then
+        tomb slam "/tmp/${tomb_name}.tomb"
     fi
 
     # make a temporary password
-    tomb dig -s ${tomb_size} /tmp/${tomb_name}.tomb
-    if [ ! -f /tmp/${tomb_name}.tomb ]; then
+    tomb dig -s "${tomb_size}" "/tmp/${tomb_name}.tomb"
+    if [ ! -f "/tmp/${tomb_name}.tomb" ]; then
         echo "WARNING: ${tomb_name} tomb did not install properly" >> /var/log/${PROJECT_NAME}.log
         tomb >> /var/log/${PROJECT_NAME}.log
     fi
     TOMB_TEMP_PASSWORD=$(openssl rand -base64 64 | tr -dc A-Za-z0-9 | head -c 30)
 
-    tomb forge /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
-    tomb lock /tmp/${tomb_name}.tomb -k /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
-    tomb open /tmp/${tomb_name}.tomb -k /mnt/ramdisk/${tomb_name}.tomb.key --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
+    tomb forge "/mnt/ramdisk/${tomb_name}.tomb.key" --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
+    tomb lock "/tmp/${tomb_name}.tomb" -k "/mnt/ramdisk/${tomb_name}.tomb.key" --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
+    tomb open "/tmp/${tomb_name}.tomb" -k "/mnt/ramdisk/${tomb_name}.tomb.key" --tomb-pwd "${TOMB_TEMP_PASSWORD}" --unsafe
     # stop stuff from popping up
     pkill caja
 
@@ -1123,90 +1125,90 @@ function setup_tahoelafs {
 function create_user_vpn_key {
     username=$1
 
-    if [ ! -d /home/$username ]; then
+    if [ ! -d "/home/$username" ]; then
         return
     fi
 
     echo $"Creating VPN key for $username" >> /var/log/${PROJECT_NAME}.log
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 824527645247
 
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.crt
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.crt"
     fi
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.key
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.key"
     fi
-    if [ -f /etc/openvpn/easy-rsa/keys/$username.csr ]; then
-        rm /etc/openvpn/easy-rsa/keys/$username.csr
+    if [ -f "/etc/openvpn/easy-rsa/keys/$username.csr" ]; then
+        rm "/etc/openvpn/easy-rsa/keys/$username.csr"
     fi
 
     sed -i 's| --interact||g' build-key
     ./build-key "$username"
 
-    if [ ! -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
-        echo $'VPN user cert not generated' >> /var/log/${PROJECT_NAME}.log
+    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.crt" ]; then
+        echo $'VPN user cert not generated' >> "/var/log/${PROJECT_NAME}.log"
         exit 783528
     fi
-    user_cert=$(cat /etc/openvpn/easy-rsa/keys/$username.crt)
+    user_cert=$(cat "/etc/openvpn/easy-rsa/keys/$username.crt")
     if [ ${#user_cert} -lt 10 ]; then
-        cat /etc/openvpn/easy-rsa/keys/$username.crt
+        cat "/etc/openvpn/easy-rsa/keys/$username.crt"
         echo $'User cert generation failed' >> /var/log/${PROJECT_NAME}.log
         exit 634659
     fi
-    if [ ! -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
+    if [ ! -f "/etc/openvpn/easy-rsa/keys/$username.key" ]; then
         echo $'VPN user key not generated'
         exit 682523
     fi
-    user_key=$(cat /etc/openvpn/easy-rsa/keys/$username.key)
+    user_key=$(cat "/etc/openvpn/easy-rsa/keys/$username.key")
     if [ ${#user_key} -lt 10 ]; then
-        cat /etc/openvpn/easy-rsa/keys/$username.key
+        cat "/etc/openvpn/easy-rsa/keys/$username.key"
         echo $'User key generation failed'
         exit 285838
     fi
 
     user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME
 
-    echo 'client' > $user_vpn_cert_file
-    echo 'dev tun' >> $user_vpn_cert_file
-    echo 'proto tcp' >> $user_vpn_cert_file
-    echo "remote localhost $STUNNEL_PORT" >> $user_vpn_cert_file
-    echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway" >> $user_vpn_cert_file
-    echo 'resolv-retry infinite' >> $user_vpn_cert_file
-    echo 'nobind' >> $user_vpn_cert_file
-    echo 'tun-mtu 1500' >> $user_vpn_cert_file
-    echo 'tun-mtu-extra 32' >> $user_vpn_cert_file
-    echo 'mssfix 1450' >> $user_vpn_cert_file
-    echo 'persist-key' >> $user_vpn_cert_file
-    echo 'persist-tun' >> $user_vpn_cert_file
-    echo 'auth-nocache' >> $user_vpn_cert_file
-    echo 'remote-cert-tls server' >> $user_vpn_cert_file
-    echo 'comp-lzo' >> $user_vpn_cert_file
-    echo 'verb 3' >> $user_vpn_cert_file
-    echo '' >> $user_vpn_cert_file
+    { echo 'client';
+      echo 'dev tun';
+      echo 'proto tcp';
+      echo "remote localhost $STUNNEL_PORT";
+      echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway";
+      echo 'resolv-retry infinite';
+      echo 'nobind';
+      echo 'tun-mtu 1500';
+      echo 'tun-mtu-extra 32';
+      echo 'mssfix 1450';
+      echo 'persist-key';
+      echo 'persist-tun';
+      echo 'auth-nocache';
+      echo 'remote-cert-tls server';
+      echo 'comp-lzo';
+      echo 'verb 3';
+      echo '';
 
-    echo '<ca>' >> $user_vpn_cert_file
-    cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
-    echo '</ca>' >> $user_vpn_cert_file
+      echo '<ca>';
+      cat "/etc/openvpn/ca.crt";
+      echo '</ca>';
 
-    echo '<cert>' >> $user_vpn_cert_file
-    cat /etc/openvpn/easy-rsa/keys/$username.crt >> $user_vpn_cert_file
-    echo '</cert>' >> $user_vpn_cert_file
+      echo '<cert>';
+      cat "/etc/openvpn/easy-rsa/keys/$username.crt";
+      echo '</cert>';
 
-    echo '<key>' >> $user_vpn_cert_file
-    cat /etc/openvpn/easy-rsa/keys/$username.key >> $user_vpn_cert_file
-    echo '</key>' >> $user_vpn_cert_file
+      echo '<key>';
+      cat "/etc/openvpn/easy-rsa/keys/$username.key";
+      echo '</key>'; } > "$user_vpn_cert_file"
 
-    chown $username:$username $user_vpn_cert_file
+    chown "$username":"$username" "$user_vpn_cert_file"
 
     # keep a backup
-    cp $user_vpn_cert_file /etc/openvpn/easy-rsa/keys/$username.ovpn
+    cp "$user_vpn_cert_file" "/etc/openvpn/easy-rsa/keys/$username.ovpn"
 
     #rm /etc/openvpn/easy-rsa/keys/$username.crt
     #rm /etc/openvpn/easy-rsa/keys/$username.csr
-    shred -zu /etc/openvpn/easy-rsa/keys/$username.key
+    shred -zu "/etc/openvpn/easy-rsa/keys/$username.key"
 
-    echo $"VPN key created at $user_vpn_cert_file" >> /var/log/${PROJECT_NAME}.log
+    echo $"VPN key created at $user_vpn_cert_file" >> "/var/log/${PROJECT_NAME}.log"
 }
 
 function vpn_generate_keys {
@@ -1220,7 +1222,8 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 2452486824
+    # shellcheck disable=SC1091
     . ./vars
     ./clean-all
     vpn_openssl_version='1.0.0'
@@ -1313,7 +1316,7 @@ function mesh_setup_vpn {
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
 
     # create an archive of the vpn client files
-    cd /home/$MY_USERNAME
+    cd /home/$MY_USERNAME || exit 24682468242
     tar -czvf vpn.tar.gz stunnel* client.ovpn
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz
 
@@ -1335,25 +1338,25 @@ function initialise_scuttlebot_pub {
         exit 73528
     fi
 
-    echo '{' > /etc/scuttlebot/.ssb/config
-    echo "  \"host\": \"$P{PEER_ID}.local\"," >> /etc/scuttlebot/.ssb/config
-    echo "  \"port\": ${SCUTTLEBOT_PORT}," >> /etc/scuttlebot/.ssb/config
-    echo '  "allowPrivate": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "timeout": 30000,' >> /etc/scuttlebot/.ssb/config
-    echo '  "pub": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "local": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "friends": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "dunbar": 150,' >> /etc/scuttlebot/.ssb/config
-    echo '    "hops": 3' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "gossip": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "connections": 2' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "master": [],' >> /etc/scuttlebot/.ssb/config
-    echo '  "logging": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "level": "error"' >> /etc/scuttlebot/.ssb/config
-    echo '  }' >> /etc/scuttlebot/.ssb/config
-    echo '}' >> /etc/scuttlebot/.ssb/config
+    { echo '{';
+      echo "  \"host\": \"$P{PEER_ID}.local\",";
+      echo "  \"port\": ${SCUTTLEBOT_PORT},";
+      echo '  "allowPrivate": true,';
+      echo '  "timeout": 30000,';
+      echo '  "pub": true,';
+      echo '  "local": true,';
+      echo '  "friends": {';
+      echo '    "dunbar": 150,';
+      echo '    "hops": 3';
+      echo '  },';
+      echo '  "gossip": {';
+      echo '    "connections": 2';
+      echo '  },';
+      echo '  "master": [],';
+      echo '  "logging": {';
+      echo '    "level": "error"';
+      echo '  }';
+      echo '}'; } > /etc/scuttlebot/.ssb/config
     chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
     systemctl restart scuttlebot.service
     echo "scuttlebot pub started" >> /var/log/${PROJECT_NAME}.log
@@ -1370,7 +1373,7 @@ function initialise_scuttlebot_pub {
 
 # whether to reset the identity
 set_new_identity=
-if [ $2 ]; then
+if [ "$2" ]; then
     if [[ "$2" == $"new"* ]]; then
         if [ ! -f $MESH_INSTALL_SETUP ]; then
             touch $MESH_INSTALL_SETUP
@@ -1389,7 +1392,7 @@ if [ $2 ]; then
 fi
 
 if [ -f $MESH_INSTALL_SETUP ]; then
-    if [ $1 ]; then
+    if [ "$1" ]; then
         MY_USERNAME=$1
     fi
 
@@ -1404,8 +1407,8 @@ if [ -f $MESH_INSTALL_SETUP ]; then
     fi
 
     # Remove SSB/Patchwork files
-    if [ -d /home/$MY_USERNAME/.ssb ]; then
-        rm -rf /home/$MY_USERNAME/.ssb
+    if [ -d "/home/$MY_USERNAME/.ssb" ]; then
+        rm -rf "/home/$MY_USERNAME/.ssb"
     fi
 
     # Remove vpn host keys
@@ -1419,14 +1422,14 @@ if [ -f $MESH_INSTALL_SETUP ]; then
     fi
 
     # Remove any existing vpn client keys
-    if [ -f /home/$MY_USERNAME/vpn.tar.gz ]; then
-        rm /home/$MY_USERNAME/vpn.tar.gz
+    if [ -f "/home/$MY_USERNAME/vpn.tar.gz" ]; then
+        rm "/home/$MY_USERNAME/vpn.tar.gz"
     fi
-    if [ -f /home/$USERNAME/stunnel.pem ]; then
-        rm /home/$USERNAME/stunnel.pem
+    if [ -f "/home/$MY_USERNAME/stunnel.pem" ]; then
+        rm "/home/$MY_USERNAME/stunnel.pem"
     fi
-    if [ -f /home/$USERNAME/stunnel.p12 ]; then
-        rm /home/$USERNAME/stunnel.p12
+    if [ -f "/home/$MY_USERNAME/stunnel.p12" ]; then
+        rm "/home/$MY_USERNAME/stunnel.p12"
     fi
 
     # Remove cryptpad datastore
@@ -1436,8 +1439,8 @@ if [ -f $MESH_INSTALL_SETUP ]; then
 
     echo $'Beginning mesh node setup' >> $INSTALL_LOG
 
-    if [ -d /home/$MY_USERNAME/.config ]; then
-        chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config
+    if [ -d "/home/$MY_USERNAME/.config" ]; then
+        chown "${MY_USERNAME}":"${MY_USERNAME}" "/home/$MY_USERNAME/.config"
     fi
 
     systemctl stop tor
@@ -1492,13 +1495,13 @@ if [ -f $MESH_INSTALL_SETUP ]; then
     if [ ! -f $MESH_INSTALL_COMPLETED ]; then
         echo $'Mesh node setup complete' >> $INSTALL_LOG
         touch $MESH_INSTALL_COMPLETED
-        if [ -d /home/$MY_USERNAME/Desktop ]; then
+        if [ -d "/home/$MY_USERNAME/Desktop" ]; then
             touch $FIRST_BOOT
-            chown ${MY_USERNAME}:${MY_USERNAME} $FIRST_BOOT
+            chown "${MY_USERNAME}":"${MY_USERNAME}" "$FIRST_BOOT"
         fi
 
         # set the desktop background
-        if [ -d /home/$MY_USERNAME/Desktop ]; then
+        if [ -d "/home/$MY_USERNAME/Desktop" ]; then
             MESH_DESKTOP_BACKGROUND_IMAGE=/usr/local/share/${PROJECT_NAME}_mesh_background.png
             cp $MESH_DESKTOP_BACKGROUND_IMAGE /usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png
             rm /usr/share/images/desktop-base/desktop-background
diff --git a/src/freedombone-image-vmdebootstrap b/src/freedombone-image-vmdebootstrap
index 76f29b49..19ae5eb1 100755
--- a/src/freedombone-image-vmdebootstrap
+++ b/src/freedombone-image-vmdebootstrap
@@ -36,7 +36,7 @@ VMDEBOOTSTRAP_BRANCH='bashrc/freedombone'
 
 mkdir -p vendor
 if [ -d vendor/vmdebootstrap ] ; then
-    (cd vendor/vmdebootstrap; git checkout .; git pull)
+    (cd vendor/vmdebootstrap || exit 246824624; git checkout .; git pull)
 else
     git clone $VMDEBOOTSTRAP_REPO vendor/vmdebootstrap
 fi
@@ -103,5 +103,5 @@ EOF
     sudo mv /tmp/ubuntu.csv /usr/share/distro-info/
 fi
 
-cd vendor/vmdebootstrap
+cd vendor/vmdebootstrap || exit 2648726446
 git checkout $VMDEBOOTSTRAP_BRANCH
diff --git a/src/freedombone-keydrive b/src/freedombone-keydrive
index c0b3f6e4..7f36e610 100755
--- a/src/freedombone-keydrive
+++ b/src/freedombone-keydrive
@@ -87,17 +87,17 @@ do
     shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     echo $'No username given'
     exit 69350
 fi
 
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"Home directory for $MY_USERNAME not found. This user may not exist on the system"
     exit 72378
 fi
 
-if [ ! -b $USB_DRIVE ]; then
+if [ ! -b "$USB_DRIVE" ]; then
     echo $'Please attach a USB drive'
     exit 65743
 fi
@@ -113,18 +113,15 @@ cryptsetup luksClose encrypted_usb
 
 # optionally format the drive
 if [[ $FORMAT == "yes" ]]; then
-    ${PROJECT_NAME}-format ${USB_DRIVE::-1}
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-format" "${USB_DRIVE::-1}"; then
         exit 36823
     fi
 fi
 
-cryptsetup luksOpen $USB_DRIVE encrypted_usb
-if [ "$?" = "0" ]; then
+if cryptsetup luksOpen "$USB_DRIVE" encrypted_usb; then
     USB_DRIVE=/dev/mapper/encrypted_usb
 fi
-mount $USB_DRIVE $USB_MOUNT
-if [ ! "$?" = "0" ]; then
+if ! mount $USB_DRIVE $USB_MOUNT; then
     echo $"There was a problem mounting the USB drive to $USB_MOUNT"
     rm -rf $USB_MOUNT
     exit 78543
@@ -132,7 +129,7 @@ fi
 
 # optionally create a master drive which contains the full GPG keyring
 if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; then
-    if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+    if [ ! -d "/home/$MY_USERNAME/.gnupg" ]; then
         echo $"No .gnupg directory was found for $MY_USERNAME"
         umount -f $USB_MOUNT
         rm -rf $USB_MOUNT
@@ -149,7 +146,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
 
     gpgerrstr=$'error'
-    gpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_ID)
+    gpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_ID")
     if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting public gpg key'
         echo "$gpgkey"
@@ -157,7 +154,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     fi
     echo ''
     echo $'Enter your gpg private key passphrase:'
-    gpgprivkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_ID)
+    gpgprivkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_ID")
     if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting private gpg key'
         echo "$gpgprivkey"
@@ -168,13 +165,13 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     # Dummy password to get around not being able to create a key without passphrase
     BACKUP_DUMMY_PASSWORD='backup'
 
-    backupgpgkey=$(gpg --homedir=/home/$MY_USERNAME/.gnupg --armor --export $GPG_BACKUP_ID)
+    backupgpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_BACKUP_ID")
     if [[ "$backupgpgkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting public gpg backup key'
         echo "$backupgpgkey"
         exit 735282
     fi
-    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir=/home/$MY_USERNAME/.gnupg --armor --export-secret-key $GPG_BACKUP_ID)
+    backupgpgprivkey=$(echo "$BACKUP_DUMMY_PASSWORD" | gpg --batch --passphrase-fd 0 --homedir="/home/$MY_USERNAME/.gnupg" --armor --export-secret-key "$GPG_BACKUP_ID")
     if [[ "$backupgpgprivkey" == *"$gpgerrstr"* ]]; then
         echo $'Problem exporting private gpg backup key'
         echo "$backupgpgprivkey"
@@ -187,7 +184,7 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
     echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
 
-    cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
+    cp -rf "/home/$MY_USERNAME/.gnupg" $USB_MOUNT
 
     if [ -d /etc/letsencrypt ]; then
         cp -rf /etc/letsencrypt $USB_MOUNT
@@ -220,25 +217,25 @@ fi
 FRAGMENTS_DIR=$FRAGMENTS_DIR/$MY_USERNAME
 
 # make a directory to contain the fragments
-if [ ! -d $FRAGMENTS_DIR ]; then
-    mkdir -p $FRAGMENTS_DIR
+if [ ! -d "$FRAGMENTS_DIR" ]; then
+    mkdir -p "$FRAGMENTS_DIR"
     echo $"Made directory $FRAGMENTS_DIR"
 fi
-if [ ! -d $FRAGMENTS_DIR ]; then
+if [ ! -d "$FRAGMENTS_DIR" ]; then
     echo $"There was a problem making the directory $FRAGMENTS_DIR"
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 6843
 fi
 
-cd $FRAGMENTS_DIR
-no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l)
-if [ ! "$?" = "0" ]; then
+cd "$FRAGMENTS_DIR" || exit 13389478368
+# shellcheck disable=SC2012
+if ! no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l); then
     no_of_usb_shares=0
 fi
 if (( no_of_usb_shares > 0 )); then
     echo $"A key fragment already exists on the drive for the user $MY_USERNAME"
-    cd ~/
+    cd ~/ || exit 34678264583
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 58945
@@ -247,43 +244,44 @@ fi
 # copy a random fragment to the drive
 LOCAL_FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
 
-if [ ! -d $LOCAL_FRAGMENTS_DIR ]; then
-    ${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS
+if [ ! -d "$LOCAL_FRAGMENTS_DIR" ]; then
+    "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
 fi
 
-cd $LOCAL_FRAGMENTS_DIR
-no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l)
-if [ ! "$?" = "0" ]; then
+cd "$LOCAL_FRAGMENTS_DIR" || exit 7822452644
+# shellcheck disable=SC2012
+if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
     no_of_local_shares=0
 fi
 if (( no_of_local_shares < 3 )); then
-    ${PROJECT_NAME}-splitkey -u $MY_USERNAME -n $KEY_FRAGMENTS
-    cd $LOCAL_FRAGMENTS_DIR
-    no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l)
-    if [ ! "$?" = "0" ]; then
+    "${PROJECT_NAME}-splitkey" -u "$MY_USERNAME" -n "$KEY_FRAGMENTS"
+    cd "$LOCAL_FRAGMENTS_DIR" || exit 724524242
+    # shellcheck disable=SC2012
+    if ! no_of_local_shares=$(ls -afq keyshare.asc.* | wc -l); then
         no_of_local_shares=0
     fi
 fi
 
 if (( no_of_local_shares < 3 )); then
     echo $"Not enough key fragments available ${no_of_local_shares}"
-    cd ~/
+    cd ~/ || exit 7245267457
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 63386
 fi
 
-share_files=($LOCAL_FRAGMENTS_DIR/keyshare.asc.*)
+share_files=("$LOCAL_FRAGMENTS_DIR/keyshare.asc.*")
 SHARE_FILENAME=${share_files[RANDOM % ${#share_files[@]}]}
 
-cp -f $SHARE_FILENAME $FRAGMENTS_DIR
-cd $FRAGMENTS_DIR
+cp -f "$SHARE_FILENAME" "$FRAGMENTS_DIR"
+cd "$FRAGMENTS_DIR" || exit 2543244726
+# shellcheck disable=SC2012
 no_of_usb_shares=$(ls -afq keyshare.asc.* | wc -l)
 echo $"Number of fragments on the drive: ${no_of_usb_shares}"
 if (( no_of_usb_shares > 1 )); then
     echo $"Too many key fragments exist in $FRAGMENTS_DIR"
-    ls $FRAGMENTS_DIR
-    cd ~/
+    ls "$FRAGMENTS_DIR"
+    cd ~/ || 357836582645
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 54292
@@ -291,14 +289,14 @@ fi
 if (( no_of_usb_shares <= 0 )); then
     echo $"There was a problem copying the key fragment to $USB_DRIVE"
     echo $"Files found: ${no_of_usb_shares}"
-    ls $FRAGMENTS_DIR
-    cd ~/
+    ls "$FRAGMENTS_DIR"
+    cd ~/ || exit 743452452
     umount -f $USB_MOUNT
     rm -rf $USB_MOUNT
     exit 54292
 fi
 
-cd ~/
+cd ~/ || exit 245672457
 umount -f $USB_MOUNT
 rm -rf $USB_MOUNT
 echo $"Key fragment copied to $USB_DRIVE. You may now remove the drive."
diff --git a/src/freedombone-logging b/src/freedombone-logging
index c8f24598..ca3dbdd7 100755
--- a/src/freedombone-logging
+++ b/src/freedombone-logging
@@ -42,28 +42,28 @@ REMOVE_FILES_COMMAND='rm -rf'
 
 source /usr/local/bin/${PROJECT_NAME}-vars
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 APPS_AVAILABLE=()
 
 function logging_get_app_names {
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     for filename in $FILES
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-        if grep -q "logging_on_" ${filename}; then
-            if grep -q "logging_off_" ${filename}; then
+        if grep -q "logging_on_" "${filename}"; then
+            if grep -q "logging_off_" "${filename}"; then
                 APPS_AVAILABLE+=("${app_name}")
             fi
         fi
@@ -76,7 +76,7 @@ function turn_logging_on {
     for a in "${APPS_AVAILABLE[@]}"
     do
         echo $"Turning on logging for ${a}"
-        logging_on_${a}
+        "logging_on_${a}"
     done
 }
 
@@ -86,7 +86,7 @@ function turn_logging_off {
     for a in "${APPS_AVAILABLE[@]}"
     do
         echo $"Turning off logging for ${a}"
-        logging_off_${a}
+        "logging_off_${a}"
     done
 }
 
@@ -162,14 +162,14 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
         fi
         for filename in /etc/nginx/sites-available/* ; do
             filename_domain=$(echo "$filename" | awk -F '/' '{print $5}')
-            sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" $filename
-            sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" $filename
+            sed -i "s|access_log.*|access_log /var/log/nginx/$filename_domain.access.log;|g" "$filename"
+            sed -i "s|error_log.*|error_log /var/log/nginx/$filename_domain.err.log $WEBSERVER_LOG_LEVEL;|g" "$filename"
         done
         sed -i 's|access_log.*|access_log /var/log/nginx/access.log;|g' /etc/nginx/nginx.conf
         sed -i 's|error_log.*|error_log /var/log/nginx/error.log;|g' /etc/nginx/nginx.conf
     fi
     if [ -f /etc/init.d/spamassassin ]; then
-        sed -i 's|DOPTIONS="-s null -d --pidfile=$PIDFILE"|DOPTIONS="-d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
+        sed -i "s|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
     fi
     if [ -d /etc/exim4 ]; then
         if [ ! -d /var/log/exim4 ]; then
@@ -211,16 +211,16 @@ else
     fi
     if [ -d /etc/nginx ]; then
         for filename in /etc/nginx/sites-available/* ; do
-            sed -i 's|access_log.*|access_log /dev/null;|g' $filename
-            sed -i 's|warn_log.*|warn_log /dev/null;|g' $filename
-            sed -i 's|error_log.*|error_log /dev/null;|g' $filename
+            sed -i 's|access_log.*|access_log /dev/null;|g' "$filename"
+            sed -i 's|warn_log.*|warn_log /dev/null;|g' "$filename"
+            sed -i 's|error_log.*|error_log /dev/null;|g' "$filename"
         done
         sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
         sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
         $REMOVE_FILES_COMMAND /var/log/nginx/*
     fi
     if [ -f /etc/init.d/spamassassin ]; then
-        sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
+        sed -i "s|DOPTIONS=\"-d --pidfile=\$PIDFILE\"|DOPTIONS=\"-s null -d --pidfile=\$PIDFILE\"|g" /etc/init.d/spamassassin
     fi
     if [ -d /etc/exim4 ]; then
         sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman
index 141c48e0..f52e6def 100755
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -29,7 +29,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=/root/${PROJECT_NAME}-completed.txt
+COMPLETION_FILE="/root/${PROJECT_NAME}-completed.txt"
 
 # hotspot passphrase must be 5 characters or longer
 HOTSPOT_PASSPHRASE="${PROJECT_NAME}"
@@ -40,28 +40,29 @@ source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh
 mesh_protocol_init
 update_wifi_adaptors
 
-if [ ! $IFACE ]; then
+if [ ! "$IFACE" ]; then
     echo $'No wlan adaptor'
     exit 0
 fi
 
 if [ -e /etc/default/batctl ]; then
+    # shellcheck disable=SC1091
     . /etc/default/batctl
 fi
 
 function status {
     batctl o
 
-    if grep -q "bmx6" $MESH_CURRENT_PROTOCOL; then
+    if grep -q "bmx6" "$MESH_CURRENT_PROTOCOL"; then
         bmx6 -c show=originators
     fi
-    if grep -q "bmx7" $MESH_CURRENT_PROTOCOL; then
+    if grep -q "bmx7" "$MESH_CURRENT_PROTOCOL"; then
         bmx7 -c show=originators
     fi
 }
 
 function stop {
-    if [ ! -f $MESH_CURRENT_PROTOCOL ]; then
+    if [ ! -f "$MESH_CURRENT_PROTOCOL" ]; then
         return
     fi
 
@@ -82,31 +83,31 @@ function stop {
     systemctl disable dnsmasq
 
     if [ "$EIFACE" ]; then
-        brctl delif $BRIDGE bat0
-        ifconfig $BRIDGE down || true
-        ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
+        brctl delif "$BRIDGE" bat0
+        ifconfig "$BRIDGE" down || true
+        ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
         if [[ "$ethernet_connected" != "0" ]]; then
             systemctl stop hostapd
-            brctl delif $BRIDGE $EIFACE
-            ifconfig $EIFACE down -promisc
+            brctl delif "$BRIDGE" "$EIFACE"
+            ifconfig "$EIFACE" down -promisc
         fi
-        brctl delbr $BRIDGE
+        brctl delbr "$BRIDGE"
     fi
 
     ifconfig bat0 down -promisc
 
-    batctl if del $IFACE
-    ifconfig $IFACE mtu 1500
-    ifconfig $IFACE down
-    iwconfig $IFACE mode managed
+    batctl if del "$IFACE"
+    ifconfig "$IFACE" mtu 1500
+    ifconfig "$IFACE" down
+    iwconfig "$IFACE" mode managed
 
-    if [ $IFACE_SECONDARY ]; then
+    if [ "$IFACE_SECONDARY" ]; then
         systemctl stop hostapd
         systemctl disable hostapd
-        batctl if del $IFACE_SECONDARY
-        ifconfig $IFACE_SECONDARY mtu 1500
-        ifconfig $IFACE_SECONDARY down
-        iwconfig $IFACE_SECONDARY mode managed
+        batctl if del "$IFACE_SECONDARY"
+        ifconfig "$IFACE_SECONDARY" mtu 1500
+        ifconfig "$IFACE_SECONDARY" down
+        iwconfig "$IFACE_SECONDARY" mode managed
     fi
 
     rmmod batman-adv
@@ -115,53 +116,53 @@ function stop {
 
     systemctl restart network-manager
 
-    if [ -f $MESH_CURRENT_PROTOCOL ]; then
-        rm $MESH_CURRENT_PROTOCOL
+    if [ -f "$MESH_CURRENT_PROTOCOL" ]; then
+        rm "$MESH_CURRENT_PROTOCOL"
     fi
 }
 
 function verify {
     tempfile="$(mktemp)"
-    batctl o > $tempfile
-    if grep -q "disabled" $tempfile; then
+    batctl o > "$tempfile"
+    if grep -q "disabled" "$tempfile"; then
         echo $'B.A.T.M.A.N. not enabled'
-        rm $tempfile
+        rm "$tempfile"
         stop
         exit 726835
     fi
     echo $'B.A.T.M.A.N. is running'
-    rm $tempfile
+    rm "$tempfile"
 }
 
 function add_wifi_interface {
     ifname=$1
     ifssid=$WIFI_SSID
-    if [ $2 ]; then
+    if [ "$2" ]; then
         ifssid=$2
     fi
     ifmode=ad-hoc
-    if [ $3 ]; then
+    if [ "$3" ]; then
         ifmode=$3
     fi
     ifchannel=$CHANNEL
-    if [ $4 ]; then
+    if [ "$4" ]; then
         ifchannel=$4
     fi
 
-    ifconfig $ifname down
-    ifconfig $ifname mtu 1532
+    ifconfig "$ifname" down
+    ifconfig "$ifname" mtu 1532
     peermac=$(assign_peer_address)
-    if [ ! $peermac ]; then
+    if [ ! "$peermac" ]; then
         echo $"Unable to obtain MAC address for $peermac on $ifname"
         return
     fi
-    ifconfig $ifname hw ether $peermac
+    ifconfig "$ifname" hw ether "$peermac"
     echo $"$ifname assigned MAC address $peermac"
-    iwconfig $ifname enc off
-    iwconfig $ifname mode $ifmode essid $ifssid channel $ifchannel
+    iwconfig "$ifname" enc off
+    iwconfig "$ifname" mode "$ifmode" essid "$ifssid" channel "$ifchannel"
 
-    batctl if add $ifname
-    ifconfig $ifname up
+    batctl if add "$ifname"
+    ifconfig "$ifname" up
 }
 
 function start {
@@ -188,11 +189,11 @@ function start {
     global_rate_limit
 
     # Might have to re-enable wifi
-    rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true
+    rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
 
     secondary_wifi_available=
-    if [ $IFACE_SECONDARY ]; then
-        if [[ $IFACE != $IFACE_SECONDARY ]]; then
+    if [ "$IFACE_SECONDARY" ]; then
+        if [[ "$IFACE" != "$IFACE_SECONDARY" ]]; then
             if [ -d /etc/hostapd ]; then
                 if [ ${#HOTSPOT_PASSPHRASE} -gt 4 ]; then
                     secondary_wifi_available=1
@@ -215,23 +216,23 @@ function start {
     sed -i "s|ExecStart=.*|ExecStart=/usr/local/bin/babeld ${IFACE}|g" /etc/systemd/system/babel.service
     systemctl daemon-reload
 
-    add_wifi_interface $IFACE $WIFI_SSID ad-hoc $CHANNEL
+    add_wifi_interface "$IFACE" "$WIFI_SSID" ad-hoc "$CHANNEL"
 
     # NOTE: Don't connect the secondary wifi device. hostapd will handle that by itself
 
     ifconfig bat0 up promisc
 
-    brctl addbr $BRIDGE
-    brctl addif $BRIDGE bat0
+    brctl addbr "$BRIDGE"
+    brctl addif "$BRIDGE" bat0
     ifconfig bat0 0.0.0.0
     ethernet_connected='0'
     if [ "$EIFACE" ] ; then
-        ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
+        ethernet_connected=$(cat "/sys/class/net/$EIFACE/carrier")
         if [[ "$ethernet_connected" != "0" ]]; then
             echo $'Trying ethernet bridge to the internet'
-            brctl addif $BRIDGE $EIFACE
-            ifconfig $EIFACE 0.0.0.0
-            ifconfig $EIFACE up promisc
+            brctl addif "$BRIDGE" "$EIFACE"
+            ifconfig "$EIFACE" 0.0.0.0
+            ifconfig "$EIFACE" up promisc
             echo $'End of ethernet bridge'
 
             sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx6 dev=${IFACE} dev=${EIFACE}|g" /etc/systemd/system/bmx6.service
@@ -243,8 +244,8 @@ function start {
             echo $"$EIFACE is not connected"
         fi
     fi
-    ifconfig $BRIDGE up
-    dhclient $BRIDGE
+    ifconfig "$BRIDGE" up
+    dhclient "$BRIDGE"
 
     enable_mesh_seconary_wifi
 
@@ -257,34 +258,34 @@ function start {
 
     systemctl restart nginx
 
-    if [ ! -f $MESH_DEFAULT_PROTOCOL ]; then
-        echo 'bmx6' > $MESH_DEFAULT_PROTOCOL
+    if [ ! -f "$MESH_DEFAULT_PROTOCOL" ]; then
+        echo 'bmx6' > "$MESH_DEFAULT_PROTOCOL"
     fi
 
-    if grep -q "bmx6" $MESH_DEFAULT_PROTOCOL; then
+    if grep -q "bmx6" "$MESH_DEFAULT_PROTOCOL"; then
         systemctl enable bmx6
         systemctl restart bmx6
         sed -i 's|<type>.*|<type>_bmx6._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "bmx7" $MESH_DEFAULT_PROTOCOL; then
+    if grep -q "bmx7" "$MESH_DEFAULT_PROTOCOL"; then
         systemctl enable bmx7
         systemctl restart bmx7
         sed -i 's|<type>.*|<type>_bmx7._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "olsr" $MESH_DEFAULT_PROTOCOL; then
-        IFACE=$(cat /etc/systemd/system/olsr2.service | grep ExecStart | awk -F ' ' '{print $2}')
-        mesh_generate_ipv6_address $IFACE
+    if grep -q "olsr" "$MESH_DEFAULT_PROTOCOL"; then
+        IFACE=$(grep ExecStart "/etc/systemd/system/olsr2.service" | awk -F ' ' '{print $2}')
+        mesh_generate_ipv6_address "$IFACE"
 
         systemctl enable olsr2
         systemctl restart olsr2
         sed -i 's|<type>.*|<type>_olsr2._tcp</type>|g' /etc/avahi/services/routing.service
     fi
 
-    if grep -q "babel" $MESH_DEFAULT_PROTOCOL; then
-        IFACE=$(cat /etc/systemd/system/babel.service | grep ExecStart | awk -F ' ' '{print $2}')
-        mesh_generate_ipv6_address $IFACE
+    if grep -q "babel" "$MESH_DEFAULT_PROTOCOL"; then
+        IFACE=$(grep ExecStart /etc/systemd/system/babel.service | awk -F ' ' '{print $2}')
+        mesh_generate_ipv6_address "$IFACE"
 
         systemctl enable babel
         systemctl restart babel
@@ -295,7 +296,7 @@ function start {
 
     verify
 
-    echo "$(cat $MESH_DEFAULT_PROTOCOL)" > $MESH_CURRENT_PROTOCOL
+    cat "$MESH_DEFAULT_PROTOCOL" > "$MESH_CURRENT_PROTOCOL"
 }
 
 function monitor {
@@ -329,21 +330,21 @@ function monitor {
     echo ''
 
     # Might have to re-enable wifi
-    rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true
+    rfkill unblock "$(rfkill list|awk -F: "/phy/ {print $1}")" || true
 
-    ifconfig $IFACE down
-    ifconfig $IFACE mtu 1532
-    ifconfig $IFACE hw ether $(assign_peer_address)
-    iwconfig $IFACE enc off
-    iwconfig $IFACE mode monitor channel $CHANNEL
+    ifconfig "$IFACE" down
+    ifconfig "$IFACE" mtu 1532
+    ifconfig "$IFACE" hw ether "$(assign_peer_address)"
+    iwconfig "$IFACE" enc off
+    iwconfig "$IFACE" mode monitor channel "$CHANNEL"
     sleep 1
-    iwconfig $IFACE ap $CELLID
+    iwconfig "$IFACE" ap "$CELLID"
 
     modprobe batman-adv
-    batctl if add $IFACE
-    ifconfig $IFACE up
+    batctl if add "$IFACE"
+    ifconfig "$IFACE" up
 
-    horst -i $IFACE
+    horst -i "$IFACE"
 
     clear
     echo ''
@@ -354,7 +355,7 @@ function monitor {
 }
 
 if ! grep -q "$IFACE" /proc/net/dev; then
-    echo 'Interface $IFACE was not found'
+    echo "Interface \$IFACE was not found"
     stop
     exit 1
 fi
@@ -377,7 +378,7 @@ case "$1" in
         start
         ;;
     ping)
-        batctl ping $2
+        batctl ping "$2"
         ;;
     data)
         watch -n1 "batctl s | grep mgmt | grep bytes"
@@ -387,7 +388,7 @@ case "$1" in
         ;;
     *)
         echo "error: invalid parameter $1"
-        echo 'usage: $0 {start|stop|restart|status|ping|ls|list}'
+        echo "usage: \$0 {start|stop|restart|status|ping|ls|list}"
         exit 2
         ;;
 esac
diff --git a/src/freedombone-mesh-blog b/src/freedombone-mesh-blog
index 10ad11cc..052bc799 100755
--- a/src/freedombone-mesh-blog
+++ b/src/freedombone-mesh-blog
@@ -42,17 +42,17 @@ BLOG_EDITOR='pluma'
 DEFAULT_BLOG_TITLE=$"Freedombone Blog"
 
 function remove_bad_blog_links {
-    find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
 }
 
 function ipfs_publish {
     DIR_TO_CHECK=/home/$USER/Public
-    if [ ! -d $DIR_TO_CHECK ]; then
+    if [ ! -d "$DIR_TO_CHECK" ]; then
         return
     fi
 
@@ -60,13 +60,13 @@ function ipfs_publish {
     echo $'Publishing to IPFS. This may take some time...'
 
     OLD_STAT_FILE=/home/$USER/.old_stat.txt
-    NEW_STAT=$(stat -t $DIR_TO_CHECK)
-    echo $($IPFS_COMMAND add -rq /home/$USER/Public | tail -n 1) > $IPFS_PUBLIC
-    echo "$NEW_STAT" > $OLD_STAT_FILE
+    NEW_STAT=$(stat -t "$DIR_TO_CHECK")
+    $IPFS_COMMAND add -rq "/home/$USER/Public" | tail -n 1 > "$IPFS_PUBLIC"
+    echo "$NEW_STAT" > "$OLD_STAT_FILE"
 
-    if [ -f $IPFS_PUBLIC ]; then
-        IPFS_PUBLIC_ID=$(cat $IPFS_PUBLIC)
-        $IPFS_COMMAND name publish /ipfs/$IPFS_PUBLIC_ID
+    if [ -f "$IPFS_PUBLIC" ]; then
+        IPFS_PUBLIC_ID=$(cat "$IPFS_PUBLIC")
+        $IPFS_COMMAND name publish "/ipfs/$IPFS_PUBLIC_ID"
     fi
 }
 
@@ -75,7 +75,7 @@ function regenerate_blog {
     echo ''
     echo $'Regenerating blog...'
 
-    cd $BLOG_PATH
+    cd $BLOG_PATH || exit 246872648
     if grep -q "SITENAME=u'${DEFAULT_BLOG_TITLE}'" $BLOG_PATH/pelicanconf.py; then
         TOX_NICK=$(toxid --showuser)
         BLOG_TITLE=$"${TOX_NICK}'s Blog"
@@ -83,7 +83,7 @@ function regenerate_blog {
     fi
     make html
 
-    cd $BLOG_PATH
+    cd $BLOG_PATH || exit 23682468
     remove_bad_blog_links
 
     ipfs_publish
@@ -97,19 +97,19 @@ function view_blog {
 function new_blog {
     DATESTR=$(date "+%Y-%m-%d %H:%M:%S")
 
-    echo $'Title: Blog Post Title' > ~/.new-blog-entry
-    echo $"Date: ${DATESTR}" >> ~/.new-blog-entry
-    echo $"Author: $(toxid --showuser)" >> ~/.new-blog-entry
-    echo $'Category: default' >> ~/.new-blog-entry
-    echo $'Tags: blog, tag' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo $'Add your text here' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ' >> ~/.new-blog-entry
-    echo $'then link to it with:' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
-    echo $'![My image]({filename}images/myimage.jpg)' >> ~/.new-blog-entry
-    echo  '' >> ~/.new-blog-entry
+    { echo $'Title: Blog Post Title';
+      echo $"Date: ${DATESTR}";
+      echo $"Author: $(toxid --showuser)";
+      echo $'Category: default';
+      echo $'Tags: blog, tag';
+      echo  '';
+      echo $'Add your text here';
+      echo  '';
+      echo -n $'To include an image copy it into the ~/CreateBlog/content/images directory, ';
+      echo $'then link to it with:';
+      echo  '';
+      echo $'![My image]({filename}images/myimage.jpg)';
+      echo  ''; } > ~/.new-blog-entry
 
     $BLOG_EDITOR ~/.new-blog-entry
 
@@ -119,26 +119,26 @@ function new_blog {
     if grep -q $"Blog Post Title" ~/.new-blog-entry; then
         return
     fi
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
-        echo '0' > $CURRENT_BLOG_INDEX
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
+        echo '0' > "$CURRENT_BLOG_INDEX"
     fi
 
     # move to the content directory
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
-    mv ~/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
+    mv ~/.new-blog-entry "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"
 
     # increment the index
     CURRENT_INDEX=$((CURRENT_INDEX + 1))
-    echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX
+    echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
 
     regenerate_blog
 }
 
 function edit_blog {
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
         return
     fi
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
     if [ ! -f $LAST_BLOG_ENTRY ]; then
@@ -149,23 +149,23 @@ function edit_blog {
 }
 
 function delete_blog {
-    if [ ! -f $CURRENT_BLOG_INDEX ]; then
+    if [ ! -f "$CURRENT_BLOG_INDEX" ]; then
         return
     fi
-    CURRENT_INDEX=$(cat $CURRENT_BLOG_INDEX)
+    CURRENT_INDEX=$(cat "$CURRENT_BLOG_INDEX")
     PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
     LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
     if [ ! -f $LAST_BLOG_ENTRY ]; then
         return
     fi
 
-    if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then
+    if ! zenity --question --title=$'Delete the previous blog entry' --text=$"\\nAre you sure that you wish to delete the previous blog entry?" --ok-label=No --cancel-label=Yes --width=300; then
         rm $LAST_BLOG_ENTRY
-        if [ $CURRENT_INDEX -gt 0 ]; then
+        if [ "$CURRENT_INDEX" -gt 0 ]; then
             CURRENT_INDEX=$PREVIOUS_INDEX
-            echo "$CURRENT_INDEX" > $CURRENT_BLOG_INDEX
+            echo "$CURRENT_INDEX" > "$CURRENT_BLOG_INDEX"
         else
-            rm -f $CURRENT_BLOG_INDEX
+            rm -f "$CURRENT_BLOG_INDEX"
         fi
         regenerate_blog
     fi
@@ -180,8 +180,8 @@ function change_theme {
 
     n=1
     curr_theme_index=
-    if [ -f /home/$USER/.blog-theme-index ]; then
-        curr_theme_index=$(cat /home/$USER/.blog-theme-index)
+    if [ -f "/home/$USER/.blog-theme-index" ]; then
+        curr_theme_index=$(cat "/home/$USER/.blog-theme-index")
     fi
     if [ -f /tmp/.blog-themes ]; then
         rm /tmp/.blog-themes
@@ -189,10 +189,11 @@ function change_theme {
     for a in "${THEMES[@]}"
     do
         echo "$n $a" >> /tmp/.blog-themes
-        n=$[n+1]
+        n=$((n+1))
     done
 
     CHOSEN_THEME_INDEX=$(
+    # shellcheck disable=SC2002
     cat /tmp/.blog-themes | \
         awk -F ' ' '{
         for(i=1;i<=NF;i++){
@@ -204,15 +205,15 @@ function change_theme {
            --column=$'Index' --column=$'Theme' \
            --print-column=1 --hide-column=1 --width=300 --height=400)
     rm /tmp/.blog-themes
-    if [ ! $CHOSEN_THEME_INDEX ]; then
+    if [ ! "$CHOSEN_THEME_INDEX" ]; then
         exit 1
     fi
 
-    echo "$CHOSEN_THEME_INDEX" > /home/$USER/.blog-theme-index
+    echo "$CHOSEN_THEME_INDEX" > "/home/$USER/.blog-theme-index"
     CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))
 
     CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}
-    cd cd $BLOG_PATH/themes/$CHOSEN_THEME
+    cd "$BLOG_PATH/themes/$CHOSEN_THEME" || exit 346746824
     remove_bad_blog_links
     if grep -q "THEME=" $BLOG_PATH/pelicanconf.py; then
         sed -i "s|THEME=.*|THEME='themes/${CHOSEN_THEME}'|g" $BLOG_PATH/pelicanconf.py
diff --git a/src/freedombone-mesh-connect b/src/freedombone-mesh-connect
index 2491083b..0ee0595d 100755
--- a/src/freedombone-mesh-connect
+++ b/src/freedombone-mesh-connect
@@ -54,7 +54,8 @@ function vpn_generate_keys {
     fi
     cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
 
-    cd /etc/openvpn/easy-rsa
+    cd /etc/openvpn/easy-rsa || exit 246872464
+    # shellcheck disable=SC1091
     . ./vars
     ./clean-all
     vpn_openssl_version='1.0.0'
@@ -147,12 +148,12 @@ function mesh_setup_vpn {
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
 
     # create an archive of the vpn client files
-    cd /home/$MY_USERNAME
+    cd /home/$MY_USERNAME || exit 346825628354
     tar -czvf vpn.tar.gz stunnel* client.ovpn
     chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz
 
     if [ -f vpn.tar.gz ]; then
-        zenity --info --title $"Generate VPN client keys" --text $"\nNew VPN client keys have been generated in the /home/fbone directory.\n\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\n\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600
+        zenity --info --title $"Generate VPN client keys" --text $"\\nNew VPN client keys have been generated in the /home/fbone directory.\\n\\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\\n\\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600
     fi
 }
 
@@ -190,7 +191,7 @@ function connect_to_mesh {
                     sed -i "s|route .*|route $ip_or_domain 255.255.255.255 net_gateway|g" ~/client.ovpn
 
                     clear
-                    cd ~/
+                    cd ~/ || exit 234628422874
                     sudo stunnel stunnel-client.conf
                     sudo openvpn client.ovpn
                 fi
diff --git a/src/freedombone-mesh-install b/src/freedombone-mesh-install
index 74145c28..77ebd198 100755
--- a/src/freedombone-mesh-install
+++ b/src/freedombone-mesh-install
@@ -108,26 +108,26 @@ function mesh_avahi {
     fi
 
     # Add a mesh routing protocol service
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/routing.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/routing.service
-    echo '<service-group>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <name replace-wildcards="yes">%h routing</name>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  <service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '    <type>_bmx6._tcp</type>' >> $rootdir/etc/avahi/services/routing.service
-    echo '  </service>' >> $rootdir/etc/avahi/services/routing.service
-    echo '</service-group>' >> $rootdir/etc/avahi/services/routing.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h routing</name>';
+      echo '  <service>';
+      echo '    <type>_bmx6._tcp</type>';
+      echo '  </service>';
+      echo '</service-group>'; } > "$rootdir/etc/avahi/services/routing.service"
 
     # keep the daemon running
     WATCHDOG_SCRIPT_NAME="keepon"
-    echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
-    chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
+    { echo '';
+    echo '# keep avahi daemon running';
+    echo "AVAHI_RUNNING=\$(pgrep avahi-daemon > /dev/null && echo Running)";
+    echo "if [ ! \$AVAHI_RUNNING ]; then";
+    echo '  systemctl start avahi-daemon';
+    echo "  echo -n \$CURRENT_DATE >> \$LOGFILE";
+    echo "  echo \" Avahi daemon restarted\" >> \$LOGFILE";
+    echo 'fi'; } >> "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
+    chmod +x "$rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME"
 }
 
 function install_batman_remove {
@@ -154,23 +154,23 @@ function install_batman {
     fi
 
     BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
-    echo '[Unit]' > $BATMAN_DAEMON
-    echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
-    echo 'After=network.target' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Service]' >> $BATMAN_DAEMON
-    echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
-    echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
-    echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
-    echo 'Restart=on-failure' >> $BATMAN_DAEMON
-    echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
-    echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
-    echo 'TimeoutSec=300' >> $BATMAN_DAEMON
-    echo '' >> $BATMAN_DAEMON
-    echo '[Install]' >> $BATMAN_DAEMON
-    echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
+    { echo '[Unit]';
+      echo 'Description=B.A.T.M.A.N. Advanced';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'RemainAfterExit=yes';
+      echo "ExecStart=/var/lib/batman start";
+      echo "ExecStop=/var/lib/batman stop";
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '# Allow time for the server to start/stop';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$BATMAN_DAEMON"
     $CHROOT_PREFIX systemctl enable batman
 }
 
@@ -178,79 +178,79 @@ function mesh_firewall {
     FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
     MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
 
-    echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
-    echo '' >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+    { echo '#!/bin/bash';
+      echo 'iptables -P INPUT ACCEPT';
+      echo 'ip6tables -P INPUT ACCEPT';
+      echo 'iptables -F';
+      echo 'ip6tables -F';
+      echo 'iptables -t nat -F';
+      echo 'ip6tables -t nat -F';
+      echo 'iptables -X';
+      echo 'ip6tables -X';
+      echo 'iptables -P INPUT DROP';
+      echo 'ip6tables -P INPUT DROP';
+      echo 'iptables -A INPUT -i lo -j ACCEPT';
+      echo 'ip6tables -A INPUT -i lo -j ACCEPT';
+      echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
+      echo '';
+      echo '# Make sure incoming tcp connections are SYN packets';
+      echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
+      echo '';
+      echo '# Drop packets with incoming fragments';
+      echo 'iptables -A INPUT -f -j DROP';
+      echo 'ip6tables -A INPUT -f -j DROP';
+      echo '';
+      echo '# Drop bogons';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
+      echo '';
+      echo '# Incoming malformed NULL packets:';
+      echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
+      echo '';
+      echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
 
-    echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
-    echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
+      echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
+      echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
+      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT";
 
-    echo '# OLSR2/MANET' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+      echo '# OLSR2/MANET';
+      echo 'iptables -A INPUT -p udp --dport 269 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p udp --dport 269 -j ACCEPT';
+      echo 'iptables -A INPUT -p tcp --dport 138 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p tcp --dport 138 -j ACCEPT';
 
-    echo '# Babel' >> $MESH_FIREWALL_SCRIPT
-    echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
-    echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
+      echo '# Babel';
+      echo 'iptables -A INPUT -p udp --dport 6696 -j ACCEPT';
+      echo 'ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT'; } > "$MESH_FIREWALL_SCRIPT"
     chmod +x $MESH_FIREWALL_SCRIPT
 
-    echo '[Unit]' > $FIREWALL_FILENAME
-    echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Service]' >> $FIREWALL_FILENAME
-    echo 'Type=oneshot' >> $FIREWALL_FILENAME
-    echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
-    echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
-    echo '' >> $FIREWALL_FILENAME
-    echo '[Install]' >> $FIREWALL_FILENAME
-    echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
+    { echo '[Unit]';
+      echo 'Description=Mesh Firewall';
+      echo '';
+      echo '[Service]';
+      echo 'Type=oneshot';
+      echo 'ExecStart=/usr/bin/mesh-firewall';
+      echo 'RemainAfterExit=no';
+      echo '';
+      echo 'TimeoutSec=30';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $FIREWALL_FILENAME
     chmod +x $FIREWALL_FILENAME
     $CHROOT_PREFIX systemctl enable meshfirewall
 }
@@ -290,7 +290,7 @@ do
         -r|--rootdir)
             shift
             rootdir="$1"
-            CHROOT_PREFIX='chroot "${rootdir}"'
+            CHROOT_PREFIX="chroot \"\${rootdir}\""
             ;;
         -w|--wifi|--interface)
             shift
diff --git a/src/freedombone-mesh-invite b/src/freedombone-mesh-invite
index 857f96f1..304816aa 100755
--- a/src/freedombone-mesh-invite
+++ b/src/freedombone-mesh-invite
@@ -35,13 +35,13 @@ invite=$(sudo -- bash -c 'su -c "sbot invite.create 1" - scuttlebot' | awk -F '"
 
 if [ ${#invite} -lt 10 ]; then
    dialog --title $"Create Invite" \
-          --msgbox $"\nThe invite could not be created" 7 70
+          --msgbox $"\\nThe invite could not be created" 7 70
    exit 1
 fi
 
 echo "$invite" | xclip -selection c
 
 dialog --title $"Create Invite" \
-       --msgbox $"\nThe invite has been copied to the clipboard.\n\nYou can paste it with CTRL+v" 9 70
+       --msgbox $"\\nThe invite has been copied to the clipboard.\\n\\nYou can paste it with CTRL+v" 9 70
 
 exit 0
diff --git a/src/freedombone-mesh-reset b/src/freedombone-mesh-reset
index 87a5c601..8c1691a9 100755
--- a/src/freedombone-mesh-reset
+++ b/src/freedombone-mesh-reset
@@ -43,12 +43,12 @@ if ! zenity --question --title=$'New Identity' --text=$"Do you want to reset you
     sudo pkill midori
     sudo pkill patchwork
     sudo rm -f $MESH_INSTALL_COMPLETED
-    sudo ${PROJECT_NAME}-image-mesh $USER new
+    sudo "${PROJECT_NAME}-image-mesh" "$USER" new
 
     sudo batman start
 
-    if [ -f $HOME/mesh-desktop.sh ]; then
-        $HOME/mesh-desktop.sh
+    if [ -f "$HOME/mesh-desktop.sh" ]; then
+        "$HOME/mesh-desktop.sh"
     else
         zenity --info --title=$"New Identity" --text=$"You now have a new identity" --width=200
     fi
diff --git a/src/freedombone-mesh-routing b/src/freedombone-mesh-routing
index b10326ec..8e1769ef 100755
--- a/src/freedombone-mesh-routing
+++ b/src/freedombone-mesh-routing
@@ -31,34 +31,34 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-mesh-routing
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi
-source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi"
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-mesh"
 
 function mesh_stop_daemon {
     daemon_name=$1
 
     clear
     echo ''
-    echo $"Stopping $1..."
-    sudo systemctl stop $1
-    echo $"Disabling $1..."
-    sudo systemctl disable $1
+    echo $"Stopping ${daemon_name}..."
+    sudo systemctl stop "${daemon_name}"
+    echo $"Disabling ${daemon_name}..."
+    sudo systemctl disable "${daemon_name}"
 }
 
 clear
 echo ''
 echo $'Scanning for BMX6 protocol...'
-bmx6_peers=$(avahi-browse -at | grep routing | grep bmx6 | wc -l)
+bmx6_peers=$(avahi-browse -at | grep routing | grep -c bmx6)
 
 clear
 echo ''
 echo $'Scanning for OLSR2 protocol...'
-olsr2_peers=$(avahi-browse -at | grep routing | grep olsr2 | wc -l)
+olsr2_peers=$(avahi-browse -at | grep routing | grep -c olsr2)
 
 clear
 echo ''
 echo $'Scanning for Babel protocol...'
-babel_peers=$(avahi-browse -at | grep routing | grep babel | wc -l)
+babel_peers=$(avahi-browse -at | grep routing | grep -c babel)
 
 clear
 
@@ -71,28 +71,28 @@ case $sel in
 esac
 
 temp_script=$HOME/.change_routing
-echo '#!/bin/bash' > $temp_script
-echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL" >> $temp_script
-echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL" >> $temp_script
-echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service" >> $temp_script
-echo 'systemctl restart avahi-daemon' >> $temp_script
-echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')" >> $temp_script
-echo 'network=fd66:66:66' >> $temp_script
-echo 'search_ipv6=$(ifconfig $1 | grep $network)' >> $temp_script
-echo 'if [ $search_ipv6 ]; then' >> $temp_script
-echo "    result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')" >> $temp_script
-echo '    ip -6 addr add ${result}/128 dev $1' >> $temp_script
-echo 'else' >> $temp_script
-echo '    ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )' >> $temp_script
-echo '    a=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    b=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    c=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    d=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    e=${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}${ipv6_array[$RANDOM%16]}' >> $temp_script
-echo '    result=$network:$a:$b:$c:$d:$e' >> $temp_script
-echo '    ip -6 addr add ${result}/128 dev $1' >> $temp_script
-echo 'fi' >> $temp_script
-chmod +x $temp_script
+{ echo '#!/bin/bash';
+  echo "echo \"\$1\" > $MESH_DEFAULT_PROTOCOL";
+  echo "echo \"\$1\" > $MESH_CURRENT_PROTOCOL";
+  echo "sed -i \"s|<type>.*|<type>_\${1}._tcp</type>|g\" /etc/avahi/services/routing.service";
+  echo 'systemctl restart avahi-daemon';
+  echo "IFACE=\$(cat /etc/systemd/system/\${1}.service | grep ExecStart | awk -F ' ' '{print \$2}')";
+  echo 'network=fd66:66:66';
+  echo "search_ipv6=\$(ifconfig \$1 | grep \$network)";
+  echo "if [ \$search_ipv6 ]; then";
+  echo "    result=\$(ifconfig \$1 | grep \$network | awk -F ' ' '{print \$2}')";
+  echo "    ip -6 addr add \${result}/128 dev \$1";
+  echo 'else';
+  echo '    ipv6_array=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )';
+  echo "    a=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    b=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    c=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    d=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    e=\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}\${ipv6_array[\$RANDOM%16]}";
+  echo "    result=\$network:\$a:\$b:\$c:\$d:\$e";
+  echo "    ip -6 addr add \${result}/128 dev \$1";
+  echo 'fi'; } > "$temp_script"
+chmod +x "$temp_script"
 
 clear
 echo ''
@@ -100,7 +100,7 @@ echo $'Authentication to change mesh protocol'
 echo ''
 
 case $data in
-    1)  sudo $temp_script 'bmx6'
+    1)  sudo "$temp_script" 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'olsr2'
         mesh_stop_daemon 'babel'
@@ -111,7 +111,7 @@ case $data in
         echo $'Starting BMX6...'
         sudo systemctl start bmx6
         ;;
-    2)  sudo $temp_script 'olsr2'
+    2)  sudo "$temp_script" 'olsr2'
         mesh_stop_daemon 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'babel'
@@ -122,7 +122,7 @@ case $data in
         echo $'Starting OLSR2...'
         sudo systemctl start olsr2
         ;;
-    3)  sudo $temp_script 'babel'
+    3)  sudo "$temp_script" 'babel'
         mesh_stop_daemon 'bmx6'
         mesh_stop_daemon 'bmx7'
         mesh_stop_daemon 'olsr2'
@@ -135,6 +135,6 @@ case $data in
         ;;
 esac
 
-rm $temp_script
+rm "$temp_script"
 
 exit 0
diff --git a/src/freedombone-mesh-visit-site b/src/freedombone-mesh-visit-site
index b13c4d02..70a5e17c 100755
--- a/src/freedombone-mesh-visit-site
+++ b/src/freedombone-mesh-visit-site
@@ -51,7 +51,7 @@ fi
 
 USERS_FILE_LINES=$(wc -l $USERS_FILE | awk -F ' ' '{print $1}')
 
-if [ $USERS_FILE_LINES -gt 200 ]; then
+if [ "$USERS_FILE_LINES" -gt 200 ]; then
     # If there are more than a Dunbar number of peers then ask for the peer name or ID
     data=$(zenity --entry --title="Visit IPFS site" --text="Enter the username or Tox ID for the site you wish to visit")
     sel=$?
@@ -62,7 +62,7 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
         if ! grep -q "$TOX_USERNAME_OR_ID" $USERS_FILE; then
                     TOX_ID="$TOX_USERNAME_OR_ID"
         else
-                    TOX_ID=$(cat "$USERS_FILE" | grep "$TOX_USERNAME_OR_ID" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//')
+                    TOX_ID=$(grep "$TOX_USERNAME_OR_ID" "$USERS_FILE" | head -n 1 | sed "s|$TOX_USERNAME_OR_ID ||g" | sed -e 's/^[[:space:]]*//')
         fi
 
         if [ ${#TOX_ID} -gt 5 ]; then
@@ -70,7 +70,7 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
             zenity --info --title $"Visit a site" --text $"An IPFS site was not found for the user '$TOX_USERNAME_OR_ID'" --width 500
             exit 3
                     fi
-                    IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}')
+                    IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
                     pkill $BROWSER
                     setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &
 
@@ -85,7 +85,8 @@ if [ $USERS_FILE_LINES -gt 200 ]; then
 else
     # If there are a relatively small number of users then choose from a list
     TOX_ID=$(
-    cat $USERS_FILE | \
+    # shellcheck disable=SC2002
+    cat "$USERS_FILE" | \
         awk -F ' ' '{
         for(i=1;i<=NF;i++){
             print $i;
@@ -95,10 +96,10 @@ else
            --title='Visit the site of another user' \
            --column='Username' --column='Tox ID' \
            --print-column=2 --hide-column=2 --width=300 --height=400)
-    if [ ! $TOX_ID ]; then
+    if [ ! "$TOX_ID" ]; then
         exit 0
     fi
-    IPFS_FULL_URL=${IPFS_URL}/$(cat "$IPFS_USERS_FILE" | grep $TOX_ID | head -n 1 | awk -F ':' '{print $2}')
+    IPFS_FULL_URL=${IPFS_URL}/$(grep "$TOX_ID" "$IPFS_USERS_FILE" | head -n 1 | awk -F ':' '{print $2}')
     pkill $BROWSER
     setsid sh -c "$BROWSER $BROWSER_OPTIONS $IPFS_FULL_URL$SUFFIX" > /dev/null 2>&1 < /dev/null &
 
diff --git a/src/freedombone-pass b/src/freedombone-pass
index cbf77d94..dd47be22 100755
--- a/src/freedombone-pass
+++ b/src/freedombone-pass
@@ -60,7 +60,7 @@ function get_backup_key_id {
     MY_BACKUP_KEY_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
     if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
         echo $"Error: gpg backup key was not found"
-        return 58213
+        exit 58213
     fi
 }
 
@@ -99,7 +99,7 @@ function pad_string {
     pass_string="$1"
     str_length=${#pass_string}
     total_padding=$((128 - str_length))
-    leading_padding=$((1 + RANDOM % $total_padding))
+    leading_padding=$((1 + RANDOM % total_padding))
     trailing_padding=$((total_padding - leading_padding))
     leading=$(printf "%-${leading_padding}s")
     trailing=$(printf "%-${trailing_padding}s")
@@ -118,8 +118,7 @@ function run_tests {
         echo $'Incorrect padded length'
         exit 78352
     fi
-    ${PROJECT_NAME}-pass -u root -a tests -p "$pass"
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-pass" -u root -a tests -p "$pass"; then
         echo $'Unable to encrypt password'
         exit 72725
     fi
@@ -142,8 +141,8 @@ function clear_passwords {
     for d in /root/.passwords/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
         if [[ "$USERNAME" != 'root' ]]; then
-            shred -zu /root/.passwords/$USERNAME/*
-            rm -rf /root/.passwords/$USERNAME
+            shred -zu "/root/.passwords/$USERNAME/*"
+            rm -rf "/root/.passwords/$USERNAME"
         fi
     done
     if [ ! -f $NO_PASSWORD_STORE_FILE ]; then
@@ -156,34 +155,34 @@ function clear_passwords {
 function export_to_keepass {
     filename="$1"
 
-    echo '<database>' > $filename
-    echo '  <group>' >> $filename
-    echo "    <title>${PROJECT_NAME}</title>" >> $filename
-    echo '    <icon>48</icon>' >> $filename
+    { echo '<database>';
+      echo '  <group>';
+      echo "    <title>${PROJECT_NAME}</title>";
+      echo '    <icon>48</icon>'; } > "$filename"
 
     for d in /root/.passwords/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
-        echo '    <group>' >> $filename
-        echo "      <title>$USERNAME</title>" >> $filename
-        echo '      <icon>0</icon>' >> $filename
+        { echo '    <group>';
+          echo "      <title>$USERNAME</title>";
+          echo '      <icon>0</icon>'; } >> "$filename"
         for a in /root/.passwords/$USERNAME/* ; do
-            APP_NAME=$(basename $a)
-            app_password=$(${PROJECT_NAME}-pass -u $USERNAME -a $APP_NAME)
-            echo '      <entry>' >> $filename
-            echo "        <title>$APP_NAME</title>" >> $filename
-            echo "        <username>$USERNAME</username>" >> $filename
-            echo "        <password>$app_password</password>" >> $filename
-            echo '        <url/>' >> $filename
-            echo '        <comment/>' >> $filename
-            echo '        <icon>0</icon>' >> $filename
-            echo '        <expire>Never</expire>' >> $filename
-            echo '      </entry>' >> $filename
+            APP_NAME=$(basename "$a")
+            app_password=$("${PROJECT_NAME}-pass" -u "$USERNAME" -a "$APP_NAME")
+            { echo '      <entry>';
+              echo "        <title>$APP_NAME</title>";
+              echo "        <username>$USERNAME</username>";
+              echo "        <password>$app_password</password>";
+              echo '        <url/>';
+              echo '        <comment/>';
+              echo '        <icon>0</icon>';
+              echo '        <expire>Never</expire>';
+              echo '      </entry>'; } >> "$filename"
         done
-        echo '    </group>' >> $filename
+        echo '    </group>' >> "$filename"
     done
 
-    echo '  </group>' >> $filename
-    echo '</database>' >> $filename
+    echo '  </group>' >> "$filename"
+    echo '</database>' >> "$filename"
 
     echo $"Exported $filename"
 }
@@ -245,9 +244,9 @@ do
     shift
 done
 
-if [ ${REMOVE_USERNAME} ]; then
-    if [ -d ~/.passwords/${REMOVE_USERNAME} ]; then
-        rm -rf ~/.passwords/${REMOVE_USERNAME}
+if [ "${REMOVE_USERNAME}" ]; then
+    if [ -d "${HOME}/.passwords/${REMOVE_USERNAME}" ]; then
+        rm -rf "${HOME}/.passwords/${REMOVE_USERNAME}"
     fi
     exit 0
 fi
@@ -271,43 +270,43 @@ if [ $TESTS ]; then
     exit 0
 fi
 
-if [ $EXPORT_FILENAME ]; then
-    export_to_keepass $EXPORT_FILENAME
+if [ "$EXPORT_FILENAME" ]; then
+    export_to_keepass "$EXPORT_FILENAME"
     exit 0
 fi
 
-if [ ! $CURR_USERNAME ]; then
+if [ ! "$CURR_USERNAME" ]; then
     echo $'Error: No username given'
     exit 1
 fi
 
-if [ ! -d /home/$CURR_USERNAME ]; then
+if [ ! -d "/home/$CURR_USERNAME" ]; then
     if [[ "$CURR_USERNAME" != "root" ]]; then
         echo $"Error: User $CURR_USERNAME does not exist"
         exit 2
     fi
 fi
 
-if [ ${REMOVE_APP} ]; then
-    if [ -d ~/.passwords/${CURR_USERNAME}/${REMOVE_APP} ]; then
-        shred -zu ~/.passwords/${CURR_USERNAME}/${REMOVE_APP}
+if [ "${REMOVE_APP}" ]; then
+    if [ -d "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}" ]; then
+        shred -zu "${HOME}/.passwords/${CURR_USERNAME}/${REMOVE_APP}"
     fi
     exit 0
 fi
 
-if [ ! $CURR_APP ]; then
+if [ ! "$CURR_APP" ]; then
     echo $'Error: No app name given'
     exit 3
 fi
 
 if [ ${#CURR_PASSWORD} -eq 0 ]; then
     # retrieve password
-    if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
+    if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
         MASTER_PASSWORD=
         echo ""
         exit 4
     else
-        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" ~/.passwords/$CURR_USERNAME/$CURR_APP)
+        pass=$(gpg --batch -dq --passphrase "$MASTER_PASSWORD" "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP")
         remove_padding "${pass}"
     fi
 else
@@ -318,12 +317,12 @@ else
             exit 0
         fi
     fi
-    if [ ! -d ~/.passwords/$CURR_USERNAME ]; then
-        mkdir -p ~/.passwords/$CURR_USERNAME
+    if [ ! -d "${HOME}/.passwords/$CURR_USERNAME" ]; then
+        mkdir -p "${HOME}/.passwords/$CURR_USERNAME"
     fi
     # padding helps to ensure than nothing can be learned from the length of the cyphertext
-    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > ~/.passwords/$CURR_USERNAME/$CURR_APP
-    if [ ! -f ~/.passwords/$CURR_USERNAME/$CURR_APP ]; then
+    pad_string "${CURR_PASSWORD}" | gpg --batch -ca --cipher-algo AES256 --passphrase "$MASTER_PASSWORD" > "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP"
+    if [ ! -f "${HOME}/.passwords/$CURR_USERNAME/$CURR_APP" ]; then
         MASTER_PASSWORD=
         exit 5
     fi
diff --git a/src/freedombone-pin-cert b/src/freedombone-pin-cert
index 82220521..5cd48130 100755
--- a/src/freedombone-pin-cert
+++ b/src/freedombone-pin-cert
@@ -43,20 +43,20 @@ function pin_all_certs {
         return
     fi
 
-    cd $WEBSITES_DIRECTORY
-    for file in `dir -d *` ; do
-        if grep -q "Public-Key-Pins" $file; then
+    cd $WEBSITES_DIRECTORY || exit 2468724684
+    for file in $(dir -d "*") ; do
+        if grep -q "Public-Key-Pins" "$file"; then
             DOMAIN_NAME=$file
             KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
-            if [ -f $KEY_FILENAME ]; then
+            if [ -f "$KEY_FILENAME" ]; then
                 BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
-                if [ -f $BACKUP_KEY_FILENAME ]; then
-                    KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
-                    BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+                if [ -f "$BACKUP_KEY_FILENAME" ]; then
+                    KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+                    BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
                     if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
 
                         PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=${PIN_MAX_AGE}; includeSubDomains';"
-                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
+                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$file"
                         echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
                     fi
                 fi
@@ -65,7 +65,7 @@ function pin_all_certs {
     done
 }
 
-if [[ $1 == "all" ]]; then
+if [[ "$1" == "all" ]]; then
     pin_all_certs
     systemctl restart nginx
     exit 0
@@ -77,7 +77,7 @@ KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
 BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
 SITE_FILENAME=$WEBSITES_DIRECTORY/${DOMAIN_NAME}
 
-if [ ! ${DOMAIN_NAME} ]; then
+if [ ! "${DOMAIN_NAME}" ]; then
     exit 0
 fi
 
@@ -86,8 +86,8 @@ if [ ! -f "$SITE_FILENAME" ]; then
 fi
 
 if [[ $REMOVE == "remove" ]]; then
-    if grep -q "Public-Key-Pins" $SITE_FILENAME; then
-        sed -i "/Public-Key-Pins/d" $SITE_FILENAME
+    if grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
+        sed -i "/Public-Key-Pins/d" "$SITE_FILENAME"
         echo $"Removed pinning for ${DOMAIN_NAME}"
         systemctl restart nginx
     fi
@@ -104,8 +104,8 @@ if [ ! -f "$BACKUP_KEY_FILENAME" ]; then
     exit 2
 fi
 
-KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
-BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+KEY_HASH=$(openssl rsa -in "$KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
+BACKUP_KEY_HASH=$(openssl rsa -in "$BACKUP_KEY_FILENAME" -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
 
 if [ ${#KEY_HASH} -lt 5 ]; then
     echo 'Pin hash unexpectedly short'
@@ -118,15 +118,15 @@ if [ ${#BACKUP_KEY_HASH} -lt 5 ]; then
 fi
 
 PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
-if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
-    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" $SITE_FILENAME
+if ! grep -q "Public-Key-Pins" "$SITE_FILENAME"; then
+    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" "$SITE_FILENAME"
 else
-    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
+    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" "$SITE_FILENAME"
 fi
 
 systemctl restart nginx
 
-if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then
+if ! grep -q "add_header Public-Key-Pins" "$SITE_FILENAME"; then
     echo $'Pinning failed'
 fi
 
diff --git a/src/freedombone-powerline b/src/freedombone-powerline
index 149397a2..d997553d 100755
--- a/src/freedombone-powerline
+++ b/src/freedombone-powerline
@@ -56,23 +56,23 @@ __powerline() {
   readonly WHITE_BRIGHT=15
 
   # Font effects
-  readonly DIM="\[$(tput dim)\]"
-  readonly REVERSE="\[$(tput rev)\]"
-  readonly RESET="\[$(tput sgr0)\]"
-  readonly BOLD="\[$(tput bold)\]"
+  readonly DIM="\\[$(tput dim)\\]"
+  readonly REVERSE="\\[$(tput rev)\\]"
+  readonly RESET="\\[$(tput sgr0)\\]"
+  readonly BOLD="\\[$(tput bold)\\]"
 
   # Generate terminal colour codes
   # $1 is an int (a colour) and $2 must be 'fg' or 'bg'
   __colour() {
     case "$2" in
       'fg'*)
-        echo "\[$(tput setaf "$1")\]"
+        echo "\\[$(tput setaf "$1")\\]"
         ;;
       'bg'*)
-        echo "\[$(tput setab "$1")\]"
+        echo "\\[$(tput setab "$1")\\]"
         ;;
       *)
-        echo "\[$(tput setab "$1")\]"
+        echo "\\[$(tput setab "$1")\\]"
         ;;
     esac
   }
@@ -288,7 +288,7 @@ __powerline() {
       if [ ! -z "${text+x}" ]; then
         text+="@"
       fi
-      text+="\h"
+      text+="\\h"
     fi
 
     if [ ! -z ${text+x} ]; then
diff --git a/src/freedombone-recoverkey b/src/freedombone-recoverkey
index 2c5e3c29..f14524a4 100755
--- a/src/freedombone-recoverkey
+++ b/src/freedombone-recoverkey
@@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale"
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 # include utils which allow function_check, go and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 FRIENDS_SERVERS_LIST=
@@ -78,69 +78,71 @@ do
     shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     show_help
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     echo $'No username given'
     exit 3578
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
+FRAGMENTS_DIR="/home/$MY_USERNAME/.gnupg_fragments"
 
 # if no remote backup list was given then assume recover from USB
-if [ ! $FRIENDS_SERVERS_LIST ]; then
+if [ ! "$FRIENDS_SERVERS_LIST" ]; then
     interactive_gpg_from_usb
     exit 0
 fi
 
 # obtain shares/fragments from remote locations
-if [ $FRIENDS_SERVERS_LIST ]; then
+if [ "$FRIENDS_SERVERS_LIST" ]; then
     # For each remote server
-    while read remote_server
+    while read -r remote_server
     do
         # Get the server and its password
         # Format is:
         #   username@domain:/home/username <port number> <ssh password>
         REMOTE_SERVER=$(echo "${remote_server}" | awk -F ' ' '{print $1}')
-        if [ $REMOTE_SERVER ]; then
+        if [ "$REMOTE_SERVER" ]; then
             REMOTE_SSH_PORT=$(echo "${remote_server}" | awk -F ' ' '{print $2}')
             REMOTE_PASSWORD=$(echo "${remote_server}" | awk -F ' ' '{print $3}')
 
             # create a directory if it doesn't exist
-            if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
-                mkdir -p /home/$MY_USERNAME/.gnupg_fragments
+            if [ ! -d "/home/$MY_USERNAME/.gnupg_fragments" ]; then
+                mkdir -p "/home/$MY_USERNAME/.gnupg_fragments"
             fi
 
             echo -n $"Starting key retrieval from $REMOTE_SERVER..."
-            /usr/bin/sshpass -p $REMOTE_PASSWORD \
-                             scp -r -P $REMOTE_SSH_PORT $REMOTE_SERVER/.gnupg_fragments/* /home/$MY_USERNAME/.gnupg_fragments
+            /usr/bin/sshpass -p "$REMOTE_PASSWORD" \
+                             scp -r -P "$REMOTE_SSH_PORT" "$REMOTE_SERVER/.gnupg_fragments/*" "/home/$MY_USERNAME/.gnupg_fragments"
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $'FAILED'
             else
                 echo $'Ok'
             fi
         fi
-    done < $FRIENDS_SERVERS_LIST
+    done < "$FRIENDS_SERVERS_LIST"
 fi
 
 # was a directory created?
-if [ ! -d $FRAGMENTS_DIR ]; then
+if [ ! -d "$FRAGMENTS_DIR" ]; then
     echo $'No fragments have been recovered, so the key cannot be recovered'
     exit 7483
 fi
 
 # was anything downloaded?
-cd $FRAGMENTS_DIR
+cd "$FRAGMENTS_DIR" || exit 24682468
+# shellcheck disable=SC2012
 no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
 if (( no_of_shares == 0 )); then
     echo $'No key fragments were retrieved'
@@ -148,14 +150,14 @@ if (( no_of_shares == 0 )); then
 fi
 
 # set permissions on the fragments
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg_fragments
+chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg_fragments"
 
 # decrypt the file
 KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
-cd $FRAGMENTS_DIR
-gfcombine $KEYS_FILE.*
+cd "$FRAGMENTS_DIR" || exit 482746874624
+gfcombine "$KEYS_FILE.*"
 
-if [ ! -f $KEYS_FILE ]; then
+if [ ! -f "$KEYS_FILE" ]; then
     echo $'Unable to decrypt key. This may mean that not enough fragments are available'
     exit 6283
 fi
@@ -163,15 +165,14 @@ fi
 echo $'Key fragments recombined'
 
 # import the gpg key
-gpg --homedir=/home/$MY_USERNAME/.gnupg --allow-secret-key-import --import $KEYS_FILE
-if [ ! "$?" = "0" ]; then
+if ! gpg --homedir="/home/$MY_USERNAME/.gnupg" --allow-secret-key-import --import "$KEYS_FILE"; then
     echo $'Unable to import gpg key'
-    shred -zu $KEYS_FILE
+    shred -zu "$KEYS_FILE"
     exit 3682
 fi
-shred -zu $KEYS_FILE
-chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
-chmod -R 600 /home/$MY_USERNAME/.gnupg
+shred -zu "$KEYS_FILE"
+chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
+chmod -R 600 "/home/$MY_USERNAME/.gnupg"
 
 echo $'GPG key was recovered'
 
diff --git a/src/freedombone-remote b/src/freedombone-remote
index 8089f82d..61233914 100755
--- a/src/freedombone-remote
+++ b/src/freedombone-remote
@@ -35,7 +35,7 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-remote
 export TEXTDOMAINDIR="/usr/share/locale"
 
-CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 # User to create the list for
 MY_USERNAME=$USER
@@ -44,7 +44,7 @@ MY_USERNAME=$USER
 FRIENDS_SERVERS_LIST=
 
 # Minimum password length in characters
-MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
+MINIMUM_PASSWORD_LENGTH=$(grep 'MINIMUM_PASSWORD_LENGTH=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords" | head -n 1 | awk -F '=' '{print $2}')
 
 # How many remote locations were specified
 entering_remote_backups_ctr=0
@@ -117,24 +117,24 @@ do
 done
 
 function interactive_config_remote_backups {
-    if [ ! $MY_USERNAME ]; then
+    if [ ! "$MY_USERNAME" ]; then
         echo $'Please specify a username with the -u option'
         exit 7356
     fi
 
-    if [ ! /home/$MY_USERNAME ]; then
+    if [ ! -d "/home/$MY_USERNAME" ]; then
         echo $"The user /home/$MY_USERNAME does not exist on the system"
         exit 3689
     fi
 
-    if [ ! $FRIENDS_SERVERS_LIST ]; then
+    if [ ! "$FRIENDS_SERVERS_LIST" ]; then
         FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
     fi
 
     # clear any existing list
-    if [ -f $FRIENDS_SERVERS_LIST ]; then
-        rm -f $FRIENDS_SERVERS_LIST
-        touch $FRIENDS_SERVERS_LIST
+    if [ -f "$FRIENDS_SERVERS_LIST" ]; then
+        rm -f "$FRIENDS_SERVERS_LIST"
+        touch "$FRIENDS_SERVERS_LIST"
     fi
     # number of entries made
     entering_remote_backups_ctr=1
@@ -148,57 +148,57 @@ function interactive_config_remote_backups {
     remote_ssh_reciprocal_password=""
     while [[ $entering_remote_backups_done == "no" ]]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
         if [[ $RECIPROCAL == "yes" ]]; then
             dialog --backtitle "Freedombone Configuration" \
                    --title "$TITLE ${entering_remote_backups_ctr}" \
-                   --form "\nPlease specify the SSH login details for the remote server\n\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \
+                   --form "\\nPlease specify the SSH login details for the remote server\\n\\nThe reciprocal entries are optional, and can be used if you wish to set up a user account on this system for whoever runs the remote server to also use for backups" 20 50 8 \
                    "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
                    "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
                    "SSH port:" 3 1 "2222" 3 23 5 4 \
                    "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
                    "Reciprocal Username:" 5 1 "$remote_ssh_reciprocal_username" 5 23 20 100 \
                    "Reciprocal Password:" 6 1 "$remote_ssh_reciprocal_password" 6 23 20 100 \
-                   2> $data
+                   2> "$data"
         else
             dialog --backtitle "Freedombone Configuration" \
                    --title "$TITLE ${entering_remote_backups_ctr}" \
-                   --form "\nPlease specify the SSH login details for the remote server" 15 50 4 \
+                   --form "\\nPlease specify the SSH login details for the remote server" 15 50 4 \
                    "Username:" 1 1 "$remote_ssh_username" 1 23 16 15 \
                    "Domain:" 2 1 "$remote_ssh_domain" 2 23 16 15 \
                    "SSH port:" 3 1 "2222" 3 23 5 4 \
                    "Password:" 4 1 "$remote_ssh_password" 4 23 20 100 \
-                   2> $data
+                   2> "$data"
         fi
         sel=$?
         case $sel in
             1) entering_remote_backups_done="yes";;
             255) entering_remote_backups_done="yes";;
         esac
-        remote_ssh_username=$(cat $data | sed -n 1p)
-        remote_ssh_domain=$(cat $data | sed -n 2p)
-        remote_ssh_port=$(cat $data | sed -n 3p)
-        remote_ssh_password=$(cat $data | sed -n 4p)
-        remote_ssh_reciprocal_username=$(cat $data | sed -n 5p)
-        remote_ssh_reciprocal_password=$(cat $data | sed -n 6p)
+        remote_ssh_username=$(sed -n 1p < "$data")
+        remote_ssh_domain=$(sed -n 2p < "$data")
+        remote_ssh_port=$(sed -n 3p < "$data")
+        remote_ssh_password=$(sed -n 4p < "$data")
+        remote_ssh_reciprocal_username=$(sed -n 5p < "$data")
+        remote_ssh_reciprocal_password=$(sed -n 6p < "$data")
+        rm -f "$data"
         if [[ $remote_ssh_username != "" && \
                     $remote_ssh_domain != "" && \
                     $remote_ssh_port != "" && \
                     $remote_ssh_password != "" ]]; then
 
-            if [ ${#remote_ssh_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+            if [ ${#remote_ssh_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                 dialog --title "Password quality check" --msgbox "The password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
             else
 
                 if [[ $RECIPROCAL == "yes" ]]; then
                     if [[ $remote_ssh_reciprocal_username != "" && \
                                 $remote_ssh_reciprocal_password != "" ]]; then
-                        if [ ${#remote_ssh_reciprocal_password} -lt $MINIMUM_PASSWORD_LENGTH ]; then
+                        if [ ${#remote_ssh_reciprocal_password} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
                             dialog --title "Password quality check" --msgbox "The reciprocal password given was too short. It must be at least $MINIMUM_PASSWORD_LENGTH characters" 6 40
                         else
-                            echo ${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash | newusers
-                            echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                            echo "${remote_ssh_reciprocal_username}:${remote_ssh_reciprocal_password}::::/home/${remote_ssh_reciprocal_username}:bash" | newusers
+                            echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                             remote_ssh_username=""
                             remote_ssh_domain=""
                             remote_ssh_port=""
@@ -208,7 +208,7 @@ function interactive_config_remote_backups {
                             entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
                         fi
                     else
-                        echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                        echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                         remote_ssh_username=""
                         remote_ssh_domain=""
                         remote_ssh_port=""
@@ -218,7 +218,7 @@ function interactive_config_remote_backups {
                         entering_remote_backups_ctr=$((entering_remote_backups_ctr + 1))
                     fi
                 else
-                    echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> $FRIENDS_SERVERS_LIST
+                    echo "$remote_ssh_username@$remote_ssh_domain $remote_ssh_port /home/$remote_ssh_username $remote_ssh_password" >> "$FRIENDS_SERVERS_LIST"
                     remote_ssh_username=""
                     remote_ssh_domain=""
                     remote_ssh_port=""
@@ -231,18 +231,18 @@ function interactive_config_remote_backups {
             entering_remote_backups_done="yes"
         fi
     done
-    if [ -f $FRIENDS_SERVERS_LIST ]; then
-        chown $MY_USERNAME:$MY_USERNAME $FRIENDS_SERVERS_LIST
+    if [ -f "$FRIENDS_SERVERS_LIST" ]; then
+        chown "$MY_USERNAME":"$MY_USERNAME" "$FRIENDS_SERVERS_LIST"
     fi
 }
 
 function show_result {
     clear
-    if (( $entering_remote_backups_ctr < 2 )); then
+    if (( "$entering_remote_backups_ctr" < 2 )); then
         echo $'No remote backup locations were specified'
         exit 0
     fi
-    if [ ! -f $FRIENDS_SERVERS_LIST ]; then
+    if [ ! -f "$FRIENDS_SERVERS_LIST" ]; then
         echo $"No remote backups list found: $FRIENDS_SERVERS_LIST"
         exit 7358
     fi
@@ -251,11 +251,11 @@ function show_result {
     echo ''
     echo $'Contents:'
     echo ''
-    cat $FRIENDS_SERVERS_LIST
+    cat "$FRIENDS_SERVERS_LIST"
     echo ''
 }
 
-if [ ! $FRIENDS_SERVERS_LIST ]; then
+if [ ! "$FRIENDS_SERVERS_LIST" ]; then
     FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
 fi
 
diff --git a/src/freedombone-renew-cert b/src/freedombone-renew-cert
index 2bb88dee..dd8fec62 100755
--- a/src/freedombone-renew-cert
+++ b/src/freedombone-renew-cert
@@ -59,8 +59,7 @@ function renew_letsencrypt {
         echo $"Renewing Let's Encrypt certificate"
     fi
 
-    ${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
-    if [ ! "$?" = "0" ]; then
+    if ! ${PROJECT_NAME}-addcert -e $HOSTNAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH; then
         echo $"Unable to add Let's encrypt certificate"
         exit 6328
     fi
@@ -195,7 +194,7 @@ esac
 shift
 done
 
-if [ ! $HOSTNAME ]; then
+if [ ! "$HOSTNAME" ]; then
     echo $'No hostname specified'
     exit 5748
 fi
@@ -206,7 +205,7 @@ if ! which openssl > /dev/null ;then
 fi
 
 # check that the web site exists
-if [ ! -f /etc/nginx/sites-available/$HOSTNAME ]; then
+if [ ! -f "/etc/nginx/sites-available/$HOSTNAME" ]; then
     echo $"/etc/nginx/sites-available/$HOSTNAME does not exist"
     exit 7598
 fi
diff --git a/src/freedombone-repair-database b/src/freedombone-repair-database
index 11b146b0..a18b19bc 100755
--- a/src/freedombone-repair-database
+++ b/src/freedombone-repair-database
@@ -29,16 +29,16 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 PROJECT_NAME='freedombone'
-COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
-CONFIG_FILE=$HOME/${PROJECT_NAME}.cfg
+COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
+CONFIG_FILE="$HOME/${PROJECT_NAME}.cfg"
 
 export TEXTDOMAIN=${PROJECT_NAME}-repair-databases
 export TEXTDOMAINDIR="/usr/share/locale"
 
 # The database to be repaired
-DATABASE=$1
+DATABASE="$1"
 
-ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')
+ADMIN_USERNAME=$(grep "Admin user" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
 ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
 
 # Frequency - daily/weekly
@@ -62,36 +62,36 @@ TEMPFILE=/root/repair-database-$DATABASE
 
 umask 0077
 
-if [ $2 ]; then
-    BACKUP_TYPE=$2
+if [ "$2" ]; then
+    BACKUP_TYPE="$2"
 fi
 
 # check the database
-mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE
+mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
 
 # Attempt to repair the database if it contains errors
 if grep -q "Error" "$TEMPFILE"; then
-    mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair $DATABASE
+    mysqlcheck -u root --password="$MYSQL_ROOT_PASSWORD" --auto-repair "$DATABASE"
 else
     # No errors were found, so exit
-    rm -f $TEMPFILE
+    rm -f "$TEMPFILE"
     exit 0
 fi
-rm -f $TEMPFILE
+rm -f "$TEMPFILE"
 
 # Check the database again
-mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE > $TEMPFILE
+mysqlcheck -c -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" > "$TEMPFILE"
 
 # If it still contains errors then restore from backup
 if grep -q "Error" "$TEMPFILE"; then
-    mysql -u root --password="$MYSQL_ROOT_PASSWORD" $DATABASE -o < /var/backups/${DATABASE}_${BACKUP_TYPE}.sql
+    mysql -u root --password="$MYSQL_ROOT_PASSWORD" "$DATABASE" -o < "/var/backups/${DATABASE}_${BACKUP_TYPE}.sql"
 
     # Send a warning email
-    echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" $ADMIN_EMAIL_ADDRESS
-    rm -f $TEMPFILE
+    echo $"$DATABASE database corruption could not be repaired. Restored from backup." | mail -s $"${PROJECT_NAME} database maintenance" "$ADMIN_EMAIL_ADDRESS"
+    rm -f "$TEMPFILE"
 
     exit 1
 fi
-rm -f $TEMPFILE
+rm -f "$TEMPFILE"
 
 exit 0
diff --git a/src/freedombone-restore-local b/src/freedombone-restore-local
index 74a89429..d2dee952 100755
--- a/src/freedombone-restore-local
+++ b/src/freedombone-restore-local
@@ -31,7 +31,7 @@
 PROJECT_NAME='freedombone'
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 MONGODB_APPS_FILE=$HOME/.mongodbapps
-CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
+CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 
 # whether to restore everything or just a specific application
@@ -67,10 +67,10 @@ please_wait
 source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
 
 # include utils which allow function_check, go and drive mount
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 clear
@@ -83,7 +83,7 @@ ADMIN_NAME=
 
 read_config_param USB_DRIVE
 
-if [ -f $COMPLETION_FILE ]; then
+if [ -f "$COMPLETION_FILE" ]; then
     ADMIN_USERNAME=$(get_completion_param "Admin user")
 fi
 
@@ -98,7 +98,7 @@ function check_backup_exists {
 
 function check_admin_user {
     echo $"Checking that admin user exists"
-    if [ ! -d /home/$ADMIN_USERNAME ]; then
+    if [ ! -d "/home/$ADMIN_USERNAME" ]; then
         echo $"Username $ADMIN_USERNAME not found. Reinstall ${PROJECT_NAME} with this username."
         set_user_permissions
         backup_unmount_drive
@@ -108,7 +108,7 @@ function check_admin_user {
 
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
-    cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
     gpg_set_permissions root
 }
 
@@ -185,12 +185,11 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
-            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
-            if [ ! "$?" = "0" ]; then
+        if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
+            if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
                 set_user_permissions
                 backup_unmount_drive
-                rm -rf $temp_restore_dir
+                rm -rf "$temp_restore_dir"
                 exit 859034853
             fi
         fi
@@ -210,12 +209,11 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
-            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
-            if [ ! "$?" = "0" ]; then
+        if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
+            if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
                 set_user_permissions
                 backup_unmount_drive
-                rm -rf $temp_restore_dir
+                rm -rf "$temp_restore_dir"
                 exit 62121
             fi
         fi
@@ -274,6 +272,7 @@ function restore_mariadb {
             else
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
@@ -283,6 +282,7 @@ function restore_mariadb {
                     mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 set_user_permissions
@@ -292,9 +292,9 @@ function restore_mariadb {
             echo $"Restarting database"
             systemctl restart mariadb
             echo $"Ensure MariaDB handles authentication"
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
             mariadb_fix_authentication
-            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
         fi
         rm -rf $temp_restore_dir
     fi
@@ -328,6 +328,7 @@ function restore_postgresql {
             else
                 mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
@@ -337,6 +338,7 @@ function restore_postgresql {
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 set_user_permissions
@@ -346,8 +348,8 @@ function restore_postgresql {
             echo $"Restarting database"
             systemctl restart postgresql
             echo $"Ensure postgresql handles authentication"
-            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
-            DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+            POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
+            DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
         fi
         rm -rf $temp_restore_dir
     fi
@@ -411,30 +413,30 @@ function restore_mutt_settings {
             fi
 
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring Mutt configurations for $USERNAME"
-                restore_directory_from_usb /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                restore_directory_from_usb "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
                 echo $"Restoring Mutt settings for $USERNAME"
                 temp_restore_dir=/root/tempmutt
-                restore_directory_from_usb $temp_restore_dir mutt/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then
-                    if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                restore_directory_from_usb "$temp_restore_dir" "mutt/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
+                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
-                    if [ -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    if [ -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
                         sed -i '/set sidebar_delim/d' /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 else
                     if [ -f $temp_restore_dir/.muttrc ]; then
-                        cp -f $temp_restore_dir/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                        cp -f "$temp_restore_dir/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
                     if [ -f $temp_restore_dir/Muttrc ]; then
                         cp -f $temp_restore_dir/Muttrc /etc/Muttrc
@@ -442,6 +444,7 @@ function restore_mutt_settings {
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -463,20 +466,21 @@ function restore_gpg {
         for d in $USB_MOUNT/backup/gnupg/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    "${PROJECT_NAME}-adduser" "$USERNAME"
                 fi
                 echo $"Restoring gnupg settings for $USERNAME"
                 temp_restore_dir=/root/tempgnupg
-                restore_directory_from_usb $temp_restore_dir gnupg/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.gnupg ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.gnupg /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "gnupg/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.gnupg" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.gnupg" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.gnupg ]; then
-                        mkdir /home/$USERNAME/.gnupg
+                    if [ ! -d "/home/$USERNAME/.gnupg" ]; then
+                        mkdir "/home/$USERNAME/.gnupg"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.gnupg/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.gnupg/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -484,10 +488,9 @@ function restore_gpg {
                     exit 276
                 fi
                 rm -rf $temp_restore_dir
-                gpg_set_permissions $USERNAME
+                gpg_set_permissions "$USERNAME"
                 if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
-                    cp -r /home/$USERNAME/.gnupg /root
-                    if [ ! "$?" = "0" ]; then
+                    if ! cp -r "/home/$USERNAME/.gnupg" /root; then
                         set_user_permissions
                         backup_unmount_drive
                         exit 283
@@ -509,18 +512,19 @@ function restore_procmail {
         for d in $USB_MOUNT/backup/procmail/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring procmail settings for $USERNAME"
                 temp_restore_dir=/root/tempprocmail
-                restore_directory_from_usb $temp_restore_dir procmail/$USERNAME
+                restore_directory_from_usb $temp_restore_dir "procmail/$USERNAME"
                 if [ -d $temp_restore_dir ]; then
-                    if [ -d $temp_restore_dir/home/$USERNAME/tempbackup ]; then
-                        cp -f $temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
+                    if [ -d "$temp_restore_dir/home/$USERNAME/tempbackup" ]; then
+                        cp -f "$temp_restore_dir/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
                     else
-                        cp -f $temp_restore_dir/.procmailrc /home/$USERNAME/.procmailrc
+                        cp -f "$temp_restore_dir/.procmailrc" "/home/$USERNAME/.procmailrc"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         rm -rf $temp_restore_dir
                         set_user_permissions
@@ -544,21 +548,22 @@ function restore_spamassassin {
         for d in $USB_MOUNT/backup/spamassassin/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d $USB_MOUNT/backup/spamassassin/$USERNAME ]; then
-                    if [ ! -d /home/$USERNAME ]; then
-                        ${PROJECT_NAME}-adduser $USERNAME
+                if [ -d "$USB_MOUNT/backup/spamassassin/$USERNAME" ]; then
+                    if [ ! -d "/home/$USERNAME" ]; then
+                        ${PROJECT_NAME}-adduser "$USERNAME"
                     fi
                     echo $"Restoring spamassassin settings for $USERNAME"
                     temp_restore_dir=/root/tempspamassassin
-                    restore_directory_from_usb $temp_restore_dir spamassassin/$USERNAME
-                    if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                        cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
+                    restore_directory_from_usb $temp_restore_dir "spamassassin/$USERNAME"
+                    if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                        cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
                     else
-                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
-                        mkdir /home/$USERNAME/.spamassassin
+                    if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
+                        mkdir "/home/$USERNAME/.spamassassin"
                     fi
-                        cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
+                        cp -rf "$temp_restore_dir/*" "/home/$USERNAME/.spamassassin/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         rm -rf $temp_restore_dir
                         set_user_permissions
@@ -583,19 +588,20 @@ function restore_admin_readme {
 
         # Make a backup of the original README file
         # incase old passwords need to be used
-        if [ -f /home/$ADMIN_USERNAME/README ]; then
-            if [ ! -f /home/$ADMIN_USERNAME/README_original ]; then
-                cp /home/$ADMIN_USERNAME/README /home/$ADMIN_USERNAME/README_original
+        if [ -f "/home/$ADMIN_USERNAME/README" ]; then
+            if [ ! -f "/home/$ADMIN_USERNAME/README_original" ]; then
+                cp "/home/$ADMIN_USERNAME/README" "/home/$ADMIN_USERNAME/README_original"
             fi
         fi
 
         temp_restore_dir=/root/tempreadme
         restore_directory_from_usb $temp_restore_dir readme
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
         else
-            cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README
+            cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             set_user_permissions
@@ -616,20 +622,21 @@ function restore_user_ssh_keys {
         for d in $USB_MOUNT/backup/ssh/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring ssh keys for $USERNAME"
                 temp_restore_dir=/root/tempssh
-                restore_directory_from_usb $temp_restore_dir ssh/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "ssh/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.ssh ]; then
-                        mkdir /home/$USERNAME/.ssh
+                    if [ ! -d "/home/$USERNAME/.ssh" ]; then
+                        mkdir "/home/$USERNAME/.ssh"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.ssh/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -652,20 +659,21 @@ function restore_user_config {
         for d in $USB_MOUNT/backup/config/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring config files for $USERNAME"
                 temp_restore_dir=/root/tempconfig
-                restore_directory_from_usb $temp_restore_dir config/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.config ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "config/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.config" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.config ]; then
-                        mkdir /home/$USERNAME/.config
+                    if [ ! -d "/home/$USERNAME/.config" ]; then
+                        mkdir "/home/$USERNAME/.config"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.config/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.config/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -688,20 +696,21 @@ function restore_user_monkeysphere {
         for d in $USB_MOUNT/backup/monkeysphere/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring monkeysphere ids for $USERNAME"
                 temp_restore_dir=/root/tempmonkeysphere
-                restore_directory_from_usb $temp_restore_dir monkeysphere/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "monkeysphere/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
-                        mkdir /home/$USERNAME/.monkeysphere
+                    if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
+                        mkdir "/home/$USERNAME/.monkeysphere"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -716,8 +725,8 @@ function restore_user_monkeysphere {
         MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
         read_config_param MY_EMAIL_ADDRESS
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
-        fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-        monkeysphere-authentication add-identity-certifier $fpr
+        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+        monkeysphere-authentication add-identity-certifier "$fpr"
         monkeysphere-authentication update-users
     fi
 }
@@ -732,20 +741,21 @@ function restore_user_fin {
         for d in $USB_MOUNT/backup/fin/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring fin files for $USERNAME"
                 temp_restore_dir=/root/tempfin
-                restore_directory_from_usb $temp_restore_dir fin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "fin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.fin ]; then
-                        mkdir /home/$USERNAME/.fin
+                    if [ ! -d "/home/$USERNAME/.fin" ]; then
+                        mkdir "/home/$USERNAME/.fin"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.fin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -768,20 +778,21 @@ function restore_user_local {
         for d in $USB_MOUNT/backup/local/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring local files for $USERNAME"
                 temp_restore_dir=/root/templocal
-                restore_directory_from_usb $temp_restore_dir local/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
+                restore_directory_from_usb $temp_restore_dir "local/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.local ]; then
-                        mkdir /home/$USERNAME/.local
+                    if [ ! -d "/home/$USERNAME/.local" ]; then
+                        mkdir "/home/$USERNAME/.local"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.local/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     set_user_permissions
@@ -809,6 +820,7 @@ function restore_certs {
         else
             cp -r /root/tempssl/* /etc/ssl/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -853,24 +865,25 @@ function restore_personal_settings {
         for d in $USB_MOUNT/backup/personal/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ -d $USB_MOUNT/backup/personal/$USERNAME ]; then
-                    if [ ! -d /home/$USERNAME ]; then
-                        ${PROJECT_NAME}-adduser $USERNAME
+                if [ -d "$USB_MOUNT/backup/personal/$USERNAME" ]; then
+                    if [ ! -d "/home/$USERNAME" ]; then
+                        ${PROJECT_NAME}-adduser "$USERNAME"
                     fi
                     echo $"Restoring personal settings for $USERNAME"
                     temp_restore_dir=/root/temppersonal
-                    restore_directory_from_usb $temp_restore_dir personal/$USERNAME
-                    if [ -d /home/$USERNAME/personal ]; then
-                        rm -rf /home/$USERNAME/personal
+                    restore_directory_from_usb $temp_restore_dir "personal/$USERNAME"
+                    if [ -d "/home/$USERNAME/personal" ]; then
+                        rm -rf "/home/$USERNAME/personal"
                     fi
-                    if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
-                        mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
+                    if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
+                        mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
                     else
-                        if [ ! -d /home/$USERNAME/personal ]; then
-                            mkdir /home/$USERNAME/personal
+                        if [ ! -d "/home/$USERNAME/personal" ]; then
+                            mkdir "/home/$USERNAME/personal"
                         fi
-                        cp -r $temp_restore_dir/* /home/$USERNAME/personal/
+                        cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
                     fi
+                    # shellcheck disable=SC2181
                     if [ ! "$?" = "0" ]; then
                         set_user_permissions
                         backup_unmount_drive
@@ -898,6 +911,7 @@ function restore_mailing_list {
         else
             cp -r $temp_restore_dir/* /var/spool/mlmmj/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             set_user_permissions
             backup_unmount_drive
@@ -917,20 +931,21 @@ function restore_email {
         for d in $USB_MOUNT/backup/mail/*/ ; do
             USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
             if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring emails for $USERNAME"
                 temp_restore_dir=/root/tempmail
-                restore_directory_from_usb $temp_restore_dir mail/$USERNAME
-                if [ ! -d /home/$USERNAME/Maildir ]; then
-                    mkdir /home/$USERNAME/Maildir
+                restore_directory_from_usb $temp_restore_dir "mail/$USERNAME"
+                if [ ! -d "/home/$USERNAME/Maildir" ]; then
+                    mkdir "/home/$USERNAME/Maildir"
                 fi
-                if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then
-                    tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
+                if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
+                    tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
                 else
                     tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     set_user_permissions
                     backup_unmount_drive
@@ -943,16 +958,16 @@ function restore_email {
 }
 
 function get_restore_app {
-    if [ ${1} ]; then
-        if [ ! -d /home/${1} ]; then
-            RESTORE_APP=${1}
+    if [ "${1}" ]; then
+        if [ ! -d "/home/${1}" ]; then
+            RESTORE_APP="${1}"
             echo $"Restore $RESTORE_APP"
         fi
     fi
 }
 
-get_restore_app ${2}
-backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
+get_restore_app "${2}"
+backup_mount_drive "${1}" "${ADMIN_USERNAME}" "${2}"
 check_backup_exists
 check_admin_user
 copy_gpg_keys
@@ -979,7 +994,7 @@ restore_certs
 restore_personal_settings
 restore_mailing_list
 restore_email
-restore_apps local $RESTORE_APP
+restore_apps local "$RESTORE_APP"
 set_user_permissions
 update_default_domain
 backup_unmount_drive
diff --git a/src/freedombone-restore-remote b/src/freedombone-restore-remote
index 4cc0be8c..d691d0d0 100755
--- a/src/freedombone-restore-remote
+++ b/src/freedombone-restore-remote
@@ -37,19 +37,19 @@ BACKUP_EXTRA_DIRECTORIES=/root/backup-extra-dirs.csv
 export TEXTDOMAIN=${PROJECT_NAME}-restore-remote
 export TEXTDOMAINDIR="/usr/share/locale"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-SERVER_NAME=$1
+SERVER_NAME="$1"
 
 # whether to restore everything or just a specific application
 RESTORE_APP='all'
 
-if [ ${2} ]; then
-    RESTORE_APP=${2}
+if [ "${2}" ]; then
+    RESTORE_APP="${2}"
 fi
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
@@ -60,46 +60,45 @@ SERVER_DIRECTORY=/root/remoterestore
 
 BACKUP_LIST=/home/${ADMIN_USERNAME}/backup.list
 
-if [ ! $SERVER_NAME ]; then
+if [ ! "$SERVER_NAME" ]; then
     echo $'restorefromfriend [server]'
     exit 1
 fi
 
-if [ ! -f $BACKUP_LIST ]; then
+if [ ! -f "$BACKUP_LIST" ]; then
     echo $"No friends list found at $BACKUP_LIST"
     exit 2
 fi
 
-if ! grep -q "$SERVER_NAME" $BACKUP_LIST; then
+if ! grep -q "$SERVER_NAME" "$BACKUP_LIST"; then
     echo $"Server not found within the friends list"
     exit 3
 fi
 
-REMOTE_SERVER=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $1}')
-REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $2}')
-REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $3}')
-REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" $BACKUP_LIST | awk -F ' ' '{print $4}')
+REMOTE_SERVER=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $1}')
+REMOTE_SSH_PORT=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $2}')
+REMOTE_DIRECTORY=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $3}')
+REMOTE_PASSWORD=$(grep -i "$SERVER_NAME" "$BACKUP_LIST" | awk -F ' ' '{print $4}')
 REMOTE_SERVER=$REMOTE_SERVER:$REMOTE_DIRECTORY
 
 NOW=$(date +"%Y-%m-%d %H:%M:%S")
 
 echo "$NOW Starting restore from $REMOTE_SERVER" >> /var/log/remotebackups.log
-rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" $REMOTE_SERVER/backup $SERVER_DIRECTORY
-if [ ! "$?" = "0" ]; then
+if ! rsync -ratlzv --rsh="/usr/bin/sshpass -p $REMOTE_PASSWORD ssh -p $REMOTE_SSH_PORT -o StrictHostKeyChecking=no" "$REMOTE_SERVER/backup" "$SERVER_DIRECTORY"; then
     echo "$NOW Restore from $REMOTE_SERVER failed" >> /var/log/remotebackups.log
     # Send a warning email
-    echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" $ADMIN_EMAIL_ADDRESS
+    echo "Restore from $REMOTE_SERVER failed" | mail -s "${PROJECT_NAME} restore from friend" "$ADMIN_EMAIL_ADDRESS"
     exit 790
 else
     echo "$NOW Restored encrypted data from $REMOTE_SERVER" >> /var/log/remotebackups.log
 fi
 
 # MariaDB password
-DATABASE_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+DATABASE_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
 
 function copy_gpg_keys {
     echo $"Copying GPG keys from admin user to root"
-    cp -r /home/$ADMIN_USERNAME/.gnupg /root
+    cp -r "/home/$ADMIN_USERNAME/.gnupg" /root
     gpg_set_permissions root
 }
 
@@ -110,7 +109,7 @@ function restore_blocklist {
         fi
     fi
 
-    if [ -d $USB_MOUNT/backup/blocklist ]; then
+    if [ -d "$USB_MOUNT/backup/blocklist" ]; then
         echo $"Restoring blocklist"
         temp_restore_dir=/root/tempblocklist
         restore_directory_from_friend $temp_restore_dir blocklist
@@ -173,9 +172,8 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f $temp_restore_dir$MONGODB_APPS_FILE ]; then
-            cp -f $temp_restore_dir$MONGODB_APPS_FILE $MONGODB_APPS_FILE
-            if [ ! "$?" = "0" ]; then
+        if [ -f "$temp_restore_dir$MONGODB_APPS_FILE" ]; then
+            if ! cp -f "$temp_restore_dir$MONGODB_APPS_FILE" "$MONGODB_APPS_FILE"; then
                 unmount_drive
                 rm -rf $temp_restore_dir
                 exit 7835335
@@ -196,9 +194,8 @@ function restore_configfiles {
         #    fi
         #fi
 
-        if [ -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ]; then
-            cp -f ${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES} ${BACKUP_EXTRA_DIRECTORIES}
-            if [ ! "$?" = "0" ]; then
+        if [ -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" ]; then
+            if ! cp -f "${temp_restore_dir}${BACKUP_EXTRA_DIRECTORIES}" "${BACKUP_EXTRA_DIRECTORIES}"; then
                 unmount_drive
                 rm -rf $temp_restore_dir
                 exit 62121
@@ -242,6 +239,7 @@ function restore_mariadb {
             else
                 mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
                 db_pass=$(${PROJECT_NAME}-pass -u root -a mariadb)
@@ -251,6 +249,7 @@ function restore_mariadb {
                     mysqlsuccess=$(mysql -u root --password="$db_pass" mysql -o < ${temp_restore_dir}/mysql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 exit 962
@@ -258,7 +257,7 @@ function restore_mariadb {
             echo $"Restarting database"
             systemctl restart mariadb
             echo $"Ensure MariaDB handles authentication"
-            MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+            MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
             mariadb_fix_authentication
         fi
         rm -rf ${temp_restore_dir}
@@ -293,15 +292,17 @@ function restore_postgresql {
             else
                 mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo $"Try again using the password obtained from backup"
-                db_pass=$(${PROJECT_NAME}-pass -u root -a postgresql)
+                db_pass=$("${PROJECT_NAME}-pass" -u root -a postgresql)
                 if [ -d ${temp_restore_dir}${temp_restore_dir} ]; then
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}${temp_restore_dir}/postgresql.sql)
                 else
                     mysqlsuccess=$(sudo -u postgres pg_restore ${temp_restore_dir}/postgresql.sql)
                 fi
             fi
+            # shellcheck disable=SC2181
             if [ ! "$?" = "0" ]; then
                 echo "$mysqlsuccess"
                 exit 962
@@ -309,7 +310,7 @@ function restore_postgresql {
             echo $"Restarting database"
             systemctl restart postgresql
             echo $"Ensure postgresql handles authentication"
-            POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+            POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
         fi
         rm -rf ${temp_restore_dir}
     fi
@@ -367,31 +368,31 @@ function restore_mutt_settings {
         fi
 
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/mutt/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/mutt/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring Mutt configurations for $USERNAME"
-                restore_directory_from_friend /home/$USERNAME/.mutt mutt/${USERNAME}configs
+                restore_directory_from_friend "/home/$USERNAME/.mutt" "mutt/${USERNAME}configs"
                 echo $"Restoring Mutt settings for $USERNAME"
                 temp_restore_dir=/root/tempmutt
-                restore_directory_from_friend ${temp_restore_dir} mutt/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
-                    if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc ]; then
-                        cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                restore_directory_from_friend ${temp_restore_dir} "mutt/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
+                    if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" ]; then
+                        cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
-                    if [ -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc ]; then
-                        cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc /etc/Muttrc
+                    if [ -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" ]; then
+                        cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/Muttrc" /etc/Muttrc
                         sed -i '/set sidebar_delim/d' /etc/Muttrc
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 else
                     if [ -f ${temp_restore_dir}/.muttrc ]; then
-                        cp -f ${temp_restore_dir}/.muttrc /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_delim/d' /home/$USERNAME/.muttrc
-                        sed -i '/set sidebar_sort/d' /home/$USERNAME/.muttrc
+                        cp -f "${temp_restore_dir}/.muttrc" "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_delim/d' "/home/$USERNAME/.muttrc"
+                        sed -i '/set sidebar_sort/d' "/home/$USERNAME/.muttrc"
                     fi
                     if [ -f ${temp_restore_dir}/Muttrc ]; then
                         cp -f ${temp_restore_dir}/Muttrc /etc/Muttrc
@@ -399,6 +400,7 @@ function restore_mutt_settings {
                         sed -i '/set sidebar_sort/d' /etc/Muttrc
                     fi
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
@@ -417,29 +419,29 @@ function restore_gpg {
     for d in $SERVER_DIRECTORY/backup/gnupg/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/gnupg/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/gnupg/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring gnupg settings for $USERNAME"
                 temp_restore_dir=/root/tempgnupg
-                restore_directory_from_friend ${temp_restore_dir} gnupg/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/.gnupg ]; then
-                    cp -r ${temp_restore_dir}/home/$USERNAME/.gnupg /home/$USERNAME/
+                restore_directory_from_friend ${temp_restore_dir} "gnupg/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/.gnupg" ]; then
+                    cp -r "${temp_restore_dir}/home/$USERNAME/.gnupg" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.gnupg ]; then
-                        mkdir /home/$USERNAME/.gnupg
+                    if [ ! -d "/home/$USERNAME/.gnupg" ]; then
+                        mkdir "/home/$USERNAME/.gnupg"
                     fi
-                    cp -r ${temp_restore_dir}/* /home/$USERNAME/.gnupg/
+                    cp -r "${temp_restore_dir}/*" "/home/$USERNAME/.gnupg/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
                 fi
                 rm -rf ${temp_restore_dir}
                 if [[ "$USERNAME" == "$ADMIN_USERNAME" ]]; then
-                    cp -r /home/$USERNAME/.gnupg /root
-                    if [ ! "$?" = "0" ]; then
+                    if ! cp -r "/home/$USERNAME/.gnupg" /root; then
                         exit 283
                     fi
                     gpg_set_permissions root
@@ -458,18 +460,19 @@ function restore_procmail {
     for d in $SERVER_DIRECTORY/backup/procmail/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/procmail/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/procmail/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring procmail settings for $USERNAME"
                 temp_restore_dir=/root/tempprocmail
-                restore_directory_from_friend ${temp_restore_dir} procmail/$USERNAME
-                if [ -d ${temp_restore_dir}/home/$USERNAME/tempbackup ]; then
-                    cp -f ${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc /home/$USERNAME/
+                restore_directory_from_friend ${temp_restore_dir} "procmail/$USERNAME"
+                if [ -d "${temp_restore_dir}/home/$USERNAME/tempbackup" ]; then
+                    cp -f "${temp_restore_dir}/home/$USERNAME/tempbackup/.procmailrc" "/home/$USERNAME/"
                 else
-                    cp -f ${temp_restore_dir}/.procmailrc /home/$USERNAME/.procmailrc
+                    cp -f "${temp_restore_dir}/.procmailrc" "/home/$USERNAME/.procmailrc"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf ${temp_restore_dir}
                     exit 276
@@ -489,21 +492,22 @@ function restore_spamassassin {
     for d in $SERVER_DIRECTORY/backup/spamassassin/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/spamassassin/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/spamassassin/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring spamassassin settings for $USERNAME"
                 temp_restore_dir=/root/tempspamassassin
-                restore_directory_from_friend $temp_restore_dir spamassassin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                    cp -rf $temp_restore_dir/home/$USERNAME/.spamassassin /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "spamassassin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                    cp -rf "$temp_restore_dir/home/$USERNAME/.spamassassin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.spamassassin ]; then
-                        mkdir /home/$USERNAME/.spamassassin
+                    if [ ! -d "/home/$USERNAME/.spamassassin" ]; then
+                        mkdir "/home/$USERNAME/.spamassassin"
                     fi
-                    cp -rf $temp_restore_dir/* /home/$USERNAME/.spamassassin/
+                    cp -rf $temp_restore_dir/* "/home/$USERNAME/.spamassassin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 276
@@ -524,11 +528,12 @@ function restore_admin_readme {
         echo $"Restoring README"
         temp_restore_dir=/root/tempreadme
         restore_directory_from_friend $temp_restore_dir readme
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README /home/$ADMIN_USERNAME/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/README" "/home/$ADMIN_USERNAME/"
         else
-            cp -f $temp_restore_dir/README /home/$ADMIN_USERNAME/README
+            cp -f "$temp_restore_dir/README" "/home/$ADMIN_USERNAME/README"
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             rm -rf $temp_restore_dir
             exit 276
@@ -546,21 +551,22 @@ function restore_ssh_keys {
     for d in $SERVER_DIRECTORY/backup/ssh/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/ssh/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/ssh/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring ssh keys for $USERNAME"
                 temp_restore_dir=/root/tempssh
-                restore_directory_from_friend $temp_restore_dir ssh/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.ssh ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.ssh /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "ssh/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.ssh" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.ssh" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.ssh ]; then
-                        mkdir /home/$USERNAME/.ssh
+                    if [ ! -d "/home/$USERNAME/.ssh" ]; then
+                        mkdir "/home/$USERNAME/.ssh"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.ssh/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.ssh/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -580,21 +586,22 @@ function restore_user_config {
     for d in $SERVER_DIRECTORY/backup/config/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/config/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/config/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring config files for $USERNAME"
                 temp_restore_dir=/root/tempconfig
-                restore_directory_from_friend $temp_restore_dir config/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.config /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "config/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.config" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.config ]; then
-                        mkdir /home/$USERNAME/.config
+                    if [ ! -d "/home/$USERNAME/.config" ]; then
+                        mkdir "/home/$USERNAME/.config"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.config/
+                    cp -r "$temp_restore_dir/*" "/home/$USERNAME/.config/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -614,21 +621,22 @@ function restore_user_monkeysphere {
     for d in $SERVER_DIRECTORY/backup/monkeysphere/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/monkeysphere/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/monkeysphere/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring monkeysphere ids for $USERNAME"
                 temp_restore_dir=/root/tempmonkeysphere
-                restore_directory_from_friend $temp_restore_dir monkeysphere/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.monkeysphere ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.monkeysphere /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "monkeysphere/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.monkeysphere" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.monkeysphere" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.monkeysphere ]; then
-                        mkdir /home/$USERNAME/.monkeysphere
+                    if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
+                        mkdir "/home/$USERNAME/.monkeysphere"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.monkeysphere/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.monkeysphere/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -641,8 +649,8 @@ function restore_user_monkeysphere {
         MY_EMAIL_ADDRESS="${ADMIN_USERNAME}@${HOSTNAME}"
         read_config_param MY_EMAIL_ADDRESS
         MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$ADMIN_USERNAME" "$MY_EMAIL_ADDRESS")
-        fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-        monkeysphere-authentication add-identity-certifier $fpr
+        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+        monkeysphere-authentication add-identity-certifier "$fpr"
         monkeysphere-authentication update-users
     done
 }
@@ -656,21 +664,22 @@ function restore_user_fin {
     for d in $SERVER_DIRECTORY/backup/fin/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/fin/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/fin/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring fin files for $USERNAME"
                 temp_restore_dir=/root/tempfin
-                restore_directory_from_friend $temp_restore_dir fin/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.fin ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.fin /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "fin/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.fin" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.fin" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.fin ]; then
-                        mkdir /home/$USERNAME/.fin
+                    if [ ! -d "/home/$USERNAME/.fin" ]; then
+                        mkdir "/home/$USERNAME/.fin"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.fin/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.fin/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -690,21 +699,22 @@ function restore_user_local {
     for d in $SERVER_DIRECTORY/backup/local/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/local/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/local/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring local files for $USERNAME"
                 temp_restore_dir=/root/templocal
-                restore_directory_from_friend $temp_restore_dir local/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/.local ]; then
-                    cp -r $temp_restore_dir/home/$USERNAME/.local /home/$USERNAME/
+                restore_directory_from_friend $temp_restore_dir "local/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/.local" ]; then
+                    cp -r "$temp_restore_dir/home/$USERNAME/.local" "/home/$USERNAME/"
                 else
-                    if [ ! -d /home/$USERNAME/.local ]; then
-                        mkdir /home/$USERNAME/.local
+                    if [ ! -d "/home/$USERNAME/.local" ]; then
+                        mkdir "/home/$USERNAME/.local"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/.local/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/.local/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     rm -rf $temp_restore_dir
                     exit 664
@@ -729,6 +739,7 @@ function restore_certs {
         else
             cp -r /root/tempssl/* /etc/ssl/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 276
         fi
@@ -770,24 +781,25 @@ function restore_personal_settings {
     for d in $SERVER_DIRECTORY/backup/personal/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/personal/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/personal/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring personal settings for $USERNAME"
                 temp_restore_dir=/root/temppersonal
-                restore_directory_from_friend $temp_restore_dir personal/$USERNAME
-                if [ -d $temp_restore_dir/home/$USERNAME/personal ]; then
-                    if [ -d /home/$USERNAME/personal ]; then
-                        rm -rf /home/$USERNAME/personal
+                restore_directory_from_friend $temp_restore_dir "personal/$USERNAME"
+                if [ -d "$temp_restore_dir/home/$USERNAME/personal" ]; then
+                    if [ -d "/home/$USERNAME/personal" ]; then
+                        rm -rf "/home/$USERNAME/personal"
                     fi
-                    mv $temp_restore_dir/home/$USERNAME/personal /home/$USERNAME
+                    mv "$temp_restore_dir/home/$USERNAME/personal" "/home/$USERNAME"
                 else
-                    if [ ! -d /home/$USERNAME/personal ]; then
-                        mkdir /home/$USERNAME/personal
+                    if [ ! -d "/home/$USERNAME/personal" ]; then
+                        mkdir "/home/$USERNAME/personal"
                     fi
-                    cp -r $temp_restore_dir/* /home/$USERNAME/personal/
+                    cp -r $temp_restore_dir/* "/home/$USERNAME/personal/"
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     exit 18437643
                 fi
@@ -812,6 +824,7 @@ function restore_mailing_list {
         else
             cp -r $temp_restore_dir/* /var/spool/mlmmj/
         fi
+        # shellcheck disable=SC2181
         if [ ! "$?" = "0" ]; then
             exit 526
         fi
@@ -828,21 +841,22 @@ function restore_email {
     for d in $SERVER_DIRECTORY/backup/mail/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $6}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -d $SERVER_DIRECTORY/backup/mail/$USERNAME ]; then
-                if [ ! -d /home/$USERNAME ]; then
-                    ${PROJECT_NAME}-adduser $USERNAME
+            if [ -d "$SERVER_DIRECTORY/backup/mail/$USERNAME" ]; then
+                if [ ! -d "/home/$USERNAME" ]; then
+                    ${PROJECT_NAME}-adduser "$USERNAME"
                 fi
                 echo $"Restoring emails for $USERNAME"
                 temp_restore_dir=/root/tempmail
-                restore_directory_from_friend $temp_restore_dir mail/$USERNAME
-                if [ ! -d /home/$USERNAME/Maildir ]; then
-                    mkdir /home/$USERNAME/Maildir
+                restore_directory_from_friend $temp_restore_dir "mail/$USERNAME"
+                if [ ! -d "/home/$USERNAME/Maildir" ]; then
+                    mkdir "/home/$USERNAME/Maildir"
                 fi
-                if [ -d $temp_restore_dir/root/tempbackupemail/$USERNAME ]; then
-                    tar -xzvf $temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz -C /
+                if [ -d "$temp_restore_dir/root/tempbackupemail/$USERNAME" ]; then
+                    tar -xzvf "$temp_restore_dir/root/tempbackupemail/$USERNAME/maildir.tar.gz" -C /
                 else
                     tar -xzvf $temp_restore_dir/maildir.tar.gz -C /
                 fi
+                # shellcheck disable=SC2181
                 if [ ! "$?" = "0" ]; then
                     exit 927
                 fi
@@ -854,7 +868,7 @@ function restore_email {
 
 # Social key management
 # Recover any key fragments and reconstruct the gpg key
-${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
+${PROJECT_NAME}-recoverkey -u "${ADMIN_USERNAME}" -l "$BACKUP_LIST"
 
 copy_gpg_keys
 gpg_agent_setup root
diff --git a/src/freedombone-rmemail b/src/freedombone-rmemail
index 848d9ebf..a94d782d 100755
--- a/src/freedombone-rmemail
+++ b/src/freedombone-rmemail
@@ -70,11 +70,11 @@ if ! [[ $MYUSERNAME && $EMAILADDRESS ]]; then
     show_help
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
 PM=/home/$MYUSERNAME/.procmailrc
 
-if grep -q "Email rule for $EMAILADDRESS ->" $PM; then
-    sed -i "/# Email rule for $EMAILADDRESS ->.*/,/# End of rule/d" $PM
+if grep -q "Email rule for $EMAILADDRESS ->" "$PM"; then
+    sed -i "/# Email rule for $EMAILADDRESS ->.*/,/# End of rule/d" "$PM"
 fi
 
 exit 0
diff --git a/src/freedombone-rmlist b/src/freedombone-rmlist
index 1e0e241e..440988ac 100755
--- a/src/freedombone-rmlist
+++ b/src/freedombone-rmlist
@@ -77,15 +77,15 @@ if ! [[ $MYUSERNAME && $MAILINGLIST ]]; then
 fi
 
 MUTTRC=/home/$MYUSERNAME/.muttrc
-MUTT_MAILBOXES=$(grep "mailboxes =" $MUTTRC)
+MUTT_MAILBOXES=$(grep "mailboxes =" "$MUTTRC")
 if [[ $MUTT_MAILBOXES == *$MAILINGLIST* ]]; then
-    sed -i "s| =$MAILINGLIST||g" $MUTTRC
-    chown $MYUSERNAME:$MYUSERNAME $MUTTRC
+    sed -i "s| =$MAILINGLIST||g" "$MUTTRC"
+    chown "$MYUSERNAME":"$MYUSERNAME" "$MUTTRC"
 fi
 
-if [ $LIST_ADDRESS ]; then
-    if ! grep -q "unsubscribe $LIST_ADDRESS" $MUTTRC; then
-        sed -i "s|subscribe $LIST_ADDRESS|unsubscribe $LIST_ADDRESS|g" $MUTTRC
+if [ "$LIST_ADDRESS" ]; then
+    if ! grep -q "unsubscribe $LIST_ADDRESS" "$MUTTRC"; then
+        sed -i "s|subscribe $LIST_ADDRESS|unsubscribe $LIST_ADDRESS|g" "$MUTTRC"
     fi
 fi
 
diff --git a/src/freedombone-rmuser b/src/freedombone-rmuser
index 5f879ebe..c85544e7 100755
--- a/src/freedombone-rmuser
+++ b/src/freedombone-rmuser
@@ -36,16 +36,16 @@ export TEXTDOMAINDIR="/usr/share/locale"
 
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
-APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 for f in $APP_FILES
 do
-    source $f
+    source "$f"
 done
 
 read_config_param MY_USERNAME
@@ -53,7 +53,7 @@ read_config_param MY_USERNAME
 REMOVE_USERNAME=$1
 REMOVE_OPTIONS="$2"
 
-if [ ! $REMOVE_USERNAME ]; then
+if [ ! "$REMOVE_USERNAME" ]; then
     echo $'Please specify a username to remove'
     exit 1
 fi
@@ -68,35 +68,35 @@ if [[ $(is_valid_user "$REMOVE_USERNAME") == "0" ]]; then
     exit 3
 fi
 
-if [ ! -d /home/$REMOVE_USERNAME ]; then
+if [ ! -d "/home/$REMOVE_USERNAME" ]; then
     echo $"Home directory does not exist for $REMOVE_USERNAME"
     exit 4
 fi
 
-if [ ! -f $COMPLETION_FILE ]; then
+if [ ! -f "$COMPLETION_FILE" ]; then
     echo $"$COMPLETION_FILE not found"
     exit 5
 fi
 
-if ! grep -q "Admin user" $COMPLETION_FILE; then
+if ! grep -q "Admin user" "$COMPLETION_FILE"; then
     echo $"No admin user specified in $COMPLETION_FILE"
     exit 6
 fi
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
-if [ ! $ADMIN_USERNAME ]; then
+if [ ! "$ADMIN_USERNAME" ]; then
     echo $"No admin username specified in $COMPLETION_FILE"
     exit 7
 fi
 
-if [[ $REMOVE_USERNAME == $ADMIN_USERNAME ]]; then
+if [[ "$REMOVE_USERNAME" == "$ADMIN_USERNAME" ]]; then
     echo $"The administrator user cannot be removed"
     exit 8
 fi
 
 if [[ "$REMOVE_OPTIONS" != '-f' && "$REMOVE_OPTIONS" != '-y' && "$REMOVE_OPTIONS" != '--force' ]]; then
     echo $'>>> REMOVE USER <<<'
-    read -p $"Do you really wish to remove the user '$REMOVE_USERNAME' (y/n) ?" yn
+    read -r -p $"Do you really wish to remove the user '$REMOVE_USERNAME' (y/n) ?" yn
     if [[ $yn != 'y' && $yn != 'Y' && $yn != 'yes' && $yn != 'Yes' && $yn != 'YES' ]]; then
         echo $"User $REMOVE_USERNAME was not removed"
         exit 9
@@ -107,18 +107,18 @@ fi
 
 if [ -f /etc/nginx/.htpasswd ]; then
     if grep -q "${REMOVE_USERNAME}:" /etc/nginx/.htpasswd; then
-        htpasswd -D /etc/nginx/.htpasswd $REMOVE_USERNAME
+        htpasswd -D /etc/nginx/.htpasswd "$REMOVE_USERNAME"
     fi
 fi
 
 # remove gpg keys
-if [ -d /home/$REMOVE_USERNAME/.gnupg ]; then
-    shred -zu /home/$REMOVE_USERNAME/.gnupg/*
+if [ -d "/home/$REMOVE_USERNAME/.gnupg" ]; then
+    shred -zu "/home/$REMOVE_USERNAME/.gnupg/*"
 fi
 
 # remove ssh keys
-if [ -d /home/$REMOVE_USERNAME/.ssh ]; then
-    shred -zu /home/$REMOVE_USERNAME/.ssh/*
+if [ -d "/home/$REMOVE_USERNAME/.ssh" ]; then
+    shred -zu "/home/$REMOVE_USERNAME/.ssh/*"
 fi
 
 echo $'Detecting installed apps...'
@@ -126,25 +126,25 @@ detect_apps
 get_apps_installed_names
 for app_name in "${APPS_INSTALLED_NAMES[@]}"
 do
-    if [[ $(function_exists remove_user_${app_name}) == "1" ]]; then
+    if [[ $(function_exists "remove_user_${app_name}") == "1" ]]; then
         echo $"Removing user from ${app_name}"
-        app_load_variables ${app_name}
-        remove_user_${app_name} "$REMOVE_USERNAME"
-        if grep -q "${app_name}_${REMOVE_USERNAME}" $APP_USERS_FILE; then
-            sed -i "/${app_name}_${REMOVE_USERNAME}/d" $APP_USERS_FILE
+        app_load_variables "${app_name}"
+        "remove_user_${app_name}" "$REMOVE_USERNAME"
+        if grep -q "${app_name}_${REMOVE_USERNAME}" "$APP_USERS_FILE"; then
+            sed -i "/${app_name}_${REMOVE_USERNAME}/d" "$APP_USERS_FILE"
         fi
     fi
 done
 
 chmod 600 /etc/shadow
 chmod 600 /etc/gshadow
-userdel -r $REMOVE_USERNAME
-groupdel $REMOVE_USERNAME
+userdel -r "$REMOVE_USERNAME"
+groupdel "$REMOVE_USERNAME"
 chmod 0000 /etc/shadow
 chmod 0000 /etc/gshadow
 
-if [ -d /home/$REMOVE_USERNAME ]; then
-    rm -rf /home/$REMOVE_USERNAME
+if [ -d "/home/$REMOVE_USERNAME" ]; then
+    rm -rf "/home/${REMOVE_USERNAME:?}"
 fi
 
 echo $"User $REMOVE_USERNAME was removed"
diff --git a/src/freedombone-sec b/src/freedombone-sec
index 8d0420e1..6d5f2131 100755
--- a/src/freedombone-sec
+++ b/src/freedombone-sec
@@ -71,47 +71,43 @@ MY_USERNAME=
 
 function export_passwords {
     detect_usb_drive
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
     dialog --title $"Export passwords to USB drive $USB_DRIVE" \
            --backtitle $"Security Settings" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish to export passwords to a LUKS formatted USB drive. The drive should be plugged in." 10 60
+           --yesno $"\\nPlease confirm that you wish to export passwords to a LUKS formatted USB drive. The drive should be plugged in." 10 60
     sel=$?
     case $sel in
         1) return;;
         255) return;;
     esac
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
     dialog --title $"Export passwords to USB drive $USB_DRIVE" \
            --backtitle $"Security Settings" \
            --defaultno \
-           --yesno $"\nDo you need to format the drive as LUKS encrypted?" 12 60
+           --yesno $"\\nDo you need to format the drive as LUKS encrypted?" 12 60
     sel=$?
     case $sel in
-        0) ${PROJECT_NAME}-format $USB_DRIVE;;
+        0) ${PROJECT_NAME}-format "$USB_DRIVE";;
     esac
 
     clear
-    backup_mount_drive ${USB_DRIVE}
-    ${PROJECT_NAME}-pass --export ${USB_MOUNT}/${PROJECT_NAME}-passwords.xml
-    backup_unmount_drive ${USB_DRIVE}
+    backup_mount_drive "${USB_DRIVE}"
+    ${PROJECT_NAME}-pass --export "${USB_MOUNT}/${PROJECT_NAME}-passwords.xml"
+    backup_unmount_drive "${USB_DRIVE}"
 }
 
 function get_protocols_from_website {
-    if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
+    if [ ! -f "$WEBSITES_DIRECTORY/$1" ]; then
         return
     fi
-    SSL_PROTOCOLS=$(cat $WEBSITES_DIRECTORY/$1 | grep 'ssl_protocols ' | awk -F "ssl_protocols " '{print $2}' | awk -F ';' '{print $1}')
+    SSL_PROTOCOLS=$(grep 'ssl_protocols ' "$WEBSITES_DIRECTORY/$1" | awk -F "ssl_protocols " '{print $2}' | awk -F ';' '{print $1}')
 }
 
 function get_ciphers_from_website {
-    if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
+    if [ ! -f "$WEBSITES_DIRECTORY/$1" ]; then
         return
     fi
-    SSL_CIPHERS=$(cat $WEBSITES_DIRECTORY/$1 | grep 'ssl_ciphers ' | awk -F "ssl_ciphers " '{print $2}' | awk -F "'" '{print $2}')
+    SSL_CIPHERS=$(grep 'ssl_ciphers ' "$WEBSITES_DIRECTORY/$1" | awk -F "ssl_ciphers " '{print $2}' | awk -F "'" '{print $2}')
 }
 
 function get_imap_settings {
@@ -120,29 +116,29 @@ function get_imap_settings {
     fi
     # clear commented out cipher list
     sed -i "s|#ssl_cipher_list.*||g" $DOVECOT_CIPHERS
-    if [ $SSL_CIPHERS ]; then
+    if [ "$SSL_CIPHERS" ]; then
         return
     fi
     if [ ${#SSL_CIPHERS} -gt $MINIMUM_LENGTH ]; then
         return
     fi
-    SSL_CIPHERS=$(cat $DOVECOT_CIPHERS | grep 'ssl_cipher_list' | awk -F '=' '{print $2}' | awk -F "'" '{print $2}')
+    SSL_CIPHERS=$(grep 'ssl_cipher_list' "$DOVECOT_CIPHERS" | awk -F '=' '{print $2}' | awk -F "'" '{print $2}')
 }
 
 function get_xmpp_settings {
     if [ ! -f $XMPP_CONFIG ]; then
         return
     fi
-    XMPP_CIPHERS=$(cat $XMPP_CONFIG | grep 'ciphers ' | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
-    XMPP_ECC_CURVE=$(cat $XMPP_CONFIG | grep 'curve ' | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
+    XMPP_CIPHERS=$(grep 'ciphers ' "$XMPP_CONFIG" | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
+    XMPP_ECC_CURVE=$(grep 'curve ' "$XMPP_CONFIG" | awk -F '=' '{print $2}' | awk -F '"' '{print $2}')
 }
 
 function get_ssh_settings {
     if [ -f $SSH_CONFIG ]; then
-        SSH_PASSWORDS=$(cat $SSH_CONFIG | grep 'PasswordAuthentication ' | awk -F 'PasswordAuthentication ' '{print $2}')
+        SSH_PASSWORDS=$(grep 'PasswordAuthentication ' "$SSH_CONFIG" | awk -F 'PasswordAuthentication ' '{print $2}')
     fi
     if [ -f /etc/ssh/ssh_config ]; then
-        SSH_HOST_KEY_ALGORITHMS=$(cat /etc/ssh/ssh_config | grep 'HostKeyAlgorithms ' | awk -F 'HostKeyAlgorithms ' '{print $2}')
+        SSH_HOST_KEY_ALGORITHMS=$(grep 'HostKeyAlgorithms ' "/etc/ssh/ssh_config" | awk -F 'HostKeyAlgorithms ' '{print $2}')
     fi
 }
 
@@ -150,7 +146,7 @@ function change_website_settings {
     if [ ! "$SSL_PROTOCOLS" ]; then
         return
     fi
-    if [ ! $SSL_CIPHERS ]; then
+    if [ ! "$SSL_CIPHERS" ]; then
         return
     fi
     if [ ${#SSL_PROTOCOLS} -lt $MINIMUM_LENGTH ]; then
@@ -163,14 +159,14 @@ function change_website_settings {
         return
     fi
 
-    cd $WEBSITES_DIRECTORY
-    for file in `dir -d *` ; do
-        sed -i "s|ssl_protocols .*|ssl_protocols $SSL_PROTOCOLS;|g" $WEBSITES_DIRECTORY/$file
-        if ! grep -q "Mobile compatible ciphers" $WEBSITES_DIRECTORY/$file; then
+    cd $WEBSITES_DIRECTORY || exit 2468724628
+    for file in $(dir -d "*") ; do
+        sed -i "s|ssl_protocols .*|ssl_protocols $SSL_PROTOCOLS;|g" "$WEBSITES_DIRECTORY/$file"
+        if ! grep -q "Mobile compatible ciphers" "$WEBSITES_DIRECTORY/$file"; then
 
-            sed -i "s|ssl_ciphers .*|ssl_ciphers '$SSL_CIPHERS';|g" $WEBSITES_DIRECTORY/$file
+            sed -i "s|ssl_ciphers .*|ssl_ciphers '$SSL_CIPHERS';|g" "$WEBSITES_DIRECTORY/$file"
         else
-            sed -i "s|ssl_ciphers .*|ssl_ciphers '$SSL_CIPHERS_MOBILE';|g" $WEBSITES_DIRECTORY/$file
+            sed -i "s|ssl_ciphers .*|ssl_ciphers '$SSL_CIPHERS_MOBILE';|g" "$WEBSITES_DIRECTORY/$file"
         fi
     done
     systemctl restart nginx
@@ -181,7 +177,7 @@ function change_imap_settings {
     if [ ! -f $DOVECOT_CIPHERS ]; then
         return
     fi
-    if [ ! $SSL_CIPHERS ]; then
+    if [ ! "$SSL_CIPHERS" ]; then
         return
     fi
     if [ ${#SSL_CIPHERS} -lt $MINIMUM_LENGTH ]; then
@@ -195,7 +191,7 @@ function change_imap_settings {
 
 function change_ssh_settings {
     if [ -f /etc/ssh/ssh_config ]; then
-        if [ $SSH_HOST_KEY_ALGORITHMS ]; then
+        if [ "$SSH_HOST_KEY_ALGORITHMS" ]; then
             sed -i "s|HostKeyAlgorithms .*|HostKeyAlgorithms $SSH_HOST_KEY_ALGORITHMS|g" /etc/ssh/ssh_config
             echo $'ssh client security settings changed'
         fi
@@ -210,7 +206,7 @@ function change_ssh_settings {
         if [ ! $SSH_KEX ]; then
             return
         fi
-        if [ ! $SSH_PASSWORDS ]; then
+        if [ ! "$SSH_PASSWORDS" ]; then
             SSH_PASSWORDS='yes'
         fi
 
@@ -228,10 +224,10 @@ function change_xmpp_settings {
     if [ ! -f $XMPP_CONFIG ]; then
         return
     fi
-    if [ ! $XMPP_CIPHERS ]; then
+    if [ ! "$XMPP_CIPHERS" ]; then
         return
     fi
-    if [ ! $XMPP_ECC_CURVE ]; then
+    if [ ! "$XMPP_ECC_CURVE" ]; then
         return
     fi
     sed -i "s|ciphers =.*|ciphers = \"$XMPP_CIPHERS\";|g" $XMPP_CONFIG
@@ -243,7 +239,7 @@ function change_xmpp_settings {
 function allow_ssh_passwords {
     dialog --title $"SSH Passwords" \
            --backtitle $"Freedombone Security Configuration" \
-           --yesno $"\nAllow SSH login using passwords?" 7 60
+           --yesno $"\\nAllow SSH login using passwords?" 7 60
     sel=$?
     case $sel in
         0) SSH_PASSWORDS="yes";;
@@ -253,80 +249,84 @@ function allow_ssh_passwords {
 }
 
 function interactive_setup {
-    if [ $SSL_CIPHERS ]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+    if [ "$SSL_CIPHERS" ]; then
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Security Configuration" \
-               --form $"\nWeb/IMAP Ciphers:" 10 95 2 \
+               --form $"\\nWeb/IMAP Ciphers:" 10 95 2 \
                $"Protocols:" 1 1 "$SSL_PROTOCOLS" 1 15 90 90 \
                $"Ciphers:" 2 1 "$SSL_CIPHERS" 2 15 90 512 \
-               2> $data
+               2> "$data"
         sel=$?
         case $sel in
-            1) SSL_PROTOCOLS=$(cat $data | sed -n 1p)
-               SSL_CIPHERS=$(cat $data | sed -n 2p)
+            1) SSL_PROTOCOLS=$(sed -n 1p < "$data")
+               SSL_CIPHERS=$(sed -n 2p < "$data")
                ;;
-            255) exit 0;;
+            255) rm -f "$data"
+                 exit 0;;
         esac
+        rm -f "$data"
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
-    if [ $SSH_HOST_KEY_ALGORITHMS ]; then
+    data=$(mktemp 2>/dev/null)
+    if [ "$SSH_HOST_KEY_ALGORITHMS" ]; then
         dialog --backtitle $"Freedombone Security Configuration" \
-               --form $"\nSecure Shell Ciphers:" 13 95 4 \
+               --form $"\\nSecure Shell Ciphers:" 13 95 4 \
                $"Ciphers:" 1 1 "$SSH_CIPHERS" 1 15 90 512 \
                $"MACs:" 2 1 "$SSH_MACS" 2 15 90 512 \
                $"KEX:" 3 1 "$SSH_KEX" 3 15 90 512 \
                $"Host key algorithms:" 4 1 "$SSH_HOST_KEY_ALGORITHMS" 4 15 90 512 \
-               2> $data
+               2> "$data"
         sel=$?
         case $sel in
-            1) SSH_CIPHERS=$(cat $data | sed -n 1p)
-               SSH_MACS=$(cat $data | sed -n 2p)
-               SSH_KEX=$(cat $data | sed -n 3p)
-               SSH_HOST_KEY_ALGORITHMS=$(cat $data | sed -n 4p)
+            1) SSH_CIPHERS=$(sed -n 1p < "$data")
+               SSH_MACS=$(sed -n 2p < "$data")
+               SSH_KEX=$(sed -n 3p < "$data")
+               SSH_HOST_KEY_ALGORITHMS=$(sed -n 4p < "$data")
                ;;
-            255) exit 0;;
+            255) rm -f "$data"
+                 exit 0;;
         esac
     else
         dialog --backtitle $"Freedombone Security Configuration" \
-               --form $"\nSecure Shell Ciphers:" 11 95 3 \
+               --form $"\\nSecure Shell Ciphers:" 11 95 3 \
                $"Ciphers:" 1 1 "$SSH_CIPHERS" 1 15 90 512 \
                $"MACs:" 2 1 "$SSH_MACS" 2 15 90 512 \
                $"KEX:" 3 1 "$SSH_KEX" 3 15 90 512 \
-               2> $data
+               2> "$data"
         sel=$?
         case $sel in
-            1) SSH_CIPHERS=$(cat $data | sed -n 1p)
-               SSH_MACS=$(cat $data | sed -n 2p)
-               SSH_KEX=$(cat $data | sed -n 3p)
+            1) SSH_CIPHERS=$(sed -n 1p < "$data")
+               SSH_MACS=$(sed -n 2p < "$data")
+               SSH_KEX=$(sed -n 3p < "$data")
                ;;
-            255) exit 0;;
+            255) rm -f "$data"
+                 exit 0;;
         esac
     fi
+    rm -f "$data"
 
-    if [ $XMPP_CIPHERS ]; then
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+    if [ "$XMPP_CIPHERS" ]; then
+        data=$(mktemp 2>/dev/null)
         dialog --backtitle $"Freedombone Security Configuration" \
-               --form $"\nXMPP Ciphers:" 10 95 2 \
+               --form $"\\nXMPP Ciphers:" 10 95 2 \
                $"Ciphers:" 1 1 "$XMPP_CIPHERS" 1 15 90 512 \
                $"ECC Curve:" 2 1 "$XMPP_ECC_CURVE" 2 15 50 50 \
-               2> $data
+               2> "$data"
         sel=$?
         case $sel in
-            1) XMPP_CIPHERS=$(cat $data | sed -n 1p)
-               XMPP_ECC_CURVE=$(cat $data | sed -n 2p)
+            1) XMPP_CIPHERS=$(sed -n 1p < "$data")
+               XMPP_ECC_CURVE=$(sed -n 2p < "$data")
                ;;
-            255) exit 0;;
+            255) rm -f "$data"
+                 exit 0;;
         esac
+        rm -f "$data"
     fi
 
     dialog --title $"Final Confirmation" \
            --backtitle $"Freedombone Security Configuration" \
            --defaultno \
-           --yesno $"\nPlease confirm that you wish your security settings to be changed?\n\nWARNING: any mistakes made in the security settings could compromise your system, so be extra careful when answering 'yes'." 12 60
+           --yesno $"\\nPlease confirm that you wish your security settings to be changed?\\n\\nWARNING: any mistakes made in the security settings could compromise your system, so be extra careful when answering 'yes'." 12 60
     sel=$?
     case $sel in
         1) clear
@@ -345,11 +345,11 @@ function send_monkeysphere_server_keys_to_users {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ ! -d /home/$USERNAME/.monkeysphere ]; then
-                mkdir /home/$USERNAME/.monkeysphere
+            if [ ! -d "/home/$USERNAME/.monkeysphere" ]; then
+                mkdir "/home/$USERNAME/.monkeysphere"
             fi
-            echo $monkeysphere_server_keys > /home/$USERNAME/.monkeysphere/server_keys
-            chown -R $USERNAME:$USERNAME /home/$USERNAME/.monkeysphere
+            echo "$monkeysphere_server_keys" > "/home/$USERNAME/.monkeysphere/server_keys"
+            chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.monkeysphere"
         fi
     done
 }
@@ -365,9 +365,9 @@ function regenerate_ssh_host_keys {
     # update monkeysphere
     DEFAULT_DOMAIN_NAME=
     read_config_param "DEFAULT_DOMAIN_NAME"
-    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$DEFAULT_DOMAIN_NAME
-    SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
-    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://$SSH_ONION_HOSTNAME
+    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$DEFAULT_DOMAIN_NAME"
+    SSH_ONION_HOSTNAME=$(grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
+    monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$SSH_ONION_HOSTNAME"
     monkeysphere-host publish-key
     send_monkeysphere_server_keys_to_users
     echo $'updated monkeysphere ssh host key'
@@ -380,43 +380,45 @@ function regenerate_dh_keys {
         return
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle "Freedombone Security Configuration" \
            --title "Diffie-Hellman key length" \
            --radiolist "The smaller length is better suited to low power embedded systems:" 12 40 3 \
            1 "2048 bits" off \
            2 "3072 bits" on \
-           3 "4096 bits" off 2> $data
+           3 "4096 bits" off 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
-    case $(cat $data) in
+    case $(cat "$data") in
         1) DH_KEYLENGTH=2048;;
         2) DH_KEYLENGTH=3072;;
         3) DH_KEYLENGTH=4096;;
     esac
+    rm -f "$data"
 
     ${PROJECT_NAME}-dhparam --recalc yes -l ${DH_KEYLENGTH}
 }
 
 function renew_startssl {
     renew_domain=
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Renew a StartSSL certificate" \
            --backtitle $"Freedombone Security Settings" \
-           --inputbox $"Enter the domain name" 8 60 2>$data
+           --inputbox $"Enter the domain name" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            renew_domain=$(<$data)
+            renew_domain=$(<"$data")
             ;;
     esac
+    rm -f "$data"
 
-    if [ ! $renew_domain ]; then
+    if [ ! "$renew_domain" ]; then
         return
     fi
 
@@ -426,7 +428,7 @@ function renew_startssl {
         return
     fi
 
-    if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
+    if [ ! -f "/etc/ssl/certs/${renew_domain}.dhparam" ]; then
         dialog --title $"Renew a StartSSL certificate" \
                --msgbox $"An existing certificate for $renew_domain was not found" 6 40
         return
@@ -438,26 +440,26 @@ function renew_startssl {
         return
     fi
 
-    ${PROJECT_NAME}-renew-cert -h $renew_domain -p startssl
+    ${PROJECT_NAME}-renew-cert -h "$renew_domain" -p startssl
 
     exit 0
 }
 
 function renew_letsencrypt {
     renew_domain=
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Renew a Let's Encrypt certificate" \
            --backtitle $"Freedombone Security Settings" \
-           --inputbox $"Enter the domain name" 8 60 2>$data
+           --inputbox $"Enter the domain name" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            renew_domain=$(<$data)
+            renew_domain=$(<"$data")
             ;;
     esac
+    rm -f "$data"
 
-    if [ ! $renew_domain ]; then
+    if [ ! "$renew_domain" ]; then
         return
     fi
 
@@ -467,7 +469,7 @@ function renew_letsencrypt {
         return
     fi
 
-    if [ ! -f /etc/ssl/certs/${renew_domain}.dhparam ]; then
+    if [ ! -f "/etc/ssl/certs/${renew_domain}.dhparam" ]; then
         dialog --title $"Renew a Let's Encrypt certificate" \
                --msgbox $"An existing certificate for $renew_domain was not found" 6 40
         return
@@ -479,26 +481,26 @@ function renew_letsencrypt {
         return
     fi
 
-    ${PROJECT_NAME}-renew-cert -h $renew_domain -p 'letsencrypt'
+    ${PROJECT_NAME}-renew-cert -h "$renew_domain" -p 'letsencrypt'
 
     exit 0
 }
 
 function delete_letsencrypt {
     delete_domain=
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Delete a Let's Encrypt certificate" \
            --backtitle $"Freedombone Security Settings" \
-           --inputbox $"Enter the domain name" 8 60 2>$data
+           --inputbox $"Enter the domain name" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            delete_domain=$(<$data)
+            delete_domain=$(<"$data")
             ;;
     esac
+    rm -f "$data"
 
-    if [ ! $delete_domain ]; then
+    if [ ! "$delete_domain" ]; then
         return
     fi
 
@@ -508,7 +510,7 @@ function delete_letsencrypt {
         return
     fi
 
-    if [ ! -f /etc/ssl/certs/${delete_domain}.dhparam ]; then
+    if [ ! -f "/etc/ssl/certs/${delete_domain}.dhparam" ]; then
         dialog --title $"Delete a Let's Encrypt certificate" \
                --msgbox $"An existing certificate for $renew_domain was not found" 6 40
         return
@@ -523,10 +525,10 @@ function delete_letsencrypt {
     dialog --title $"Delete a Let's Encrypt certificate" \
            --backtitle $"Freedombone Security Settings" \
            --defaultno \
-           --yesno $"\nConfirm deletion of the TLS certificate for $delete_domain ?" 7 60
+           --yesno $"\\nConfirm deletion of the TLS certificate for $delete_domain ?" 7 60
     sel=$?
     case $sel in
-        0) ${PROJECT_NAME}-addcert -r $delete_domain;;
+        0) ${PROJECT_NAME}-addcert -r "$delete_domain";;
         255) exit 0;;
     esac
 
@@ -535,19 +537,19 @@ function delete_letsencrypt {
 
 function create_letsencrypt {
     new_domain=
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Create a new Let's Encrypt certificate" \
            --backtitle $"Freedombone Security Settings" \
-           --inputbox $"Enter the domain name" 8 60 2>$data
+           --inputbox $"Enter the domain name" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            new_domain=$(<$data)
+            new_domain=$(<"$data")
             ;;
     esac
+    rm -f "$data"
 
-    if [ ! $new_domain ]; then
+    if [ ! "$new_domain" ]; then
         return
     fi
 
@@ -563,14 +565,14 @@ function create_letsencrypt {
         return
     fi
 
-    if [ ! -d /var/www/${new_domain} ]; then
+    if [ ! -d "/var/www/${new_domain}" ]; then
         domain_found=
         if [ -f /etc/nginx/sites-available/radicale ]; then
             if grep -q "${new_domain}" /etc/nginx/sites-available/radicale; then
                 domain_found=1
             fi
         fi
-        if [ -f /etc/nginx/sites-available/${new_domain} ]; then
+        if [ -f "/etc/nginx/sites-available/${new_domain}" ]; then
             domain_found=1
         fi
         if [[ "${new_domain}" == "jitsi"* || "${new_domain}" == "meet"* ]]; then
@@ -583,7 +585,7 @@ function create_letsencrypt {
         fi
     fi
 
-    ${PROJECT_NAME}-addcert -e $new_domain -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
+    ${PROJECT_NAME}-addcert -e "$new_domain" -s "$LETSENCRYPT_SERVER" --dhkey "$DH_KEYLENGTH"
 
     exit 0
 }
@@ -614,13 +616,13 @@ function update_ciphersuite {
         return
     fi
 
-    cd $WEBSITES_DIRECTORY
-    for file in `dir -d *` ; do
-        sed -i "s|ssl_protocols .*|ssl_protocols $RECOMMENDED_SSL_PROTOCOLS;|g" $WEBSITES_DIRECTORY/$file
-        if ! grep -q "Mobile compatible ciphers" $WEBSITES_DIRECTORY/$file; then
-            sed -i "s|ssl_ciphers .*|ssl_ciphers '$RECOMMENDED_SSL_CIPHERS';|g" $WEBSITES_DIRECTORY/$file
+    cd $WEBSITES_DIRECTORY || exit 728425476
+    for file in $(dir -d "*") ; do
+        sed -i "s|ssl_protocols .*|ssl_protocols $RECOMMENDED_SSL_PROTOCOLS;|g" "$WEBSITES_DIRECTORY/$file"
+        if ! grep -q "Mobile compatible ciphers" "$WEBSITES_DIRECTORY/$file"; then
+            sed -i "s|ssl_ciphers .*|ssl_ciphers '$RECOMMENDED_SSL_CIPHERS';|g" "$WEBSITES_DIRECTORY/$file"
         else
-            sed -i "s|ssl_ciphers .*|ssl_ciphers '$SSL_CIPHERS_MOBILE';|g" $WEBSITES_DIRECTORY/$file
+            sed -i "s|ssl_ciphers .*|ssl_ciphers '$SSL_CIPHERS_MOBILE';|g" "$WEBSITES_DIRECTORY/$file"
         fi
     done
     systemctl restart nginx
@@ -646,7 +648,7 @@ function enable_monkeysphere {
     dialog --title $"GPG based authentication" \
            --backtitle $"Freedombone Security Configuration" \
            --defaultno \
-           --yesno $"\nEnable GPG based authentication with monkeysphere ?" 7 60
+           --yesno $"\\nEnable GPG based authentication with monkeysphere ?" 7 60
     sel=$?
     case $sel in
         0) monkey='yes';;
@@ -673,8 +675,8 @@ function enable_monkeysphere {
         monkeysphere-authentication update-users
 
         # The admin user is the identity certifier
-        fpr=$(gpg --with-colons --fingerprint $MY_GPG_PUBLIC_KEY_ID | grep fpr | head -n 1 | awk -F ':' '{print $10}')
-        monkeysphere-authentication add-identity-certifier $fpr
+        fpr=$(gpg --with-colons --fingerprint "$MY_GPG_PUBLIC_KEY_ID" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
+        monkeysphere-authentication add-identity-certifier "$fpr"
         monkeysphere-host publish-key
         send_monkeysphere_server_keys_to_users
     else
@@ -702,33 +704,31 @@ function register_website {
         return
     fi
 
-    if [ ! -f /etc/ssl/private/${domain}.key ]; then
+    if [ ! -f "/etc/ssl/private/${domain}.key" ]; then
         echo $"No SSL/TLS private key found for ${domain}"
         return
     fi
 
-    if [ ! -f /etc/nginx/sites-available/${domain} ]; then
+    if [ ! -f "/etc/nginx/sites-available/${domain}" ]; then
         echo $"No virtual host found for ${domain}"
         return
     fi
 
-    monkeysphere-host import-key /etc/ssl/private/${domain}.key https://${domain}
+    monkeysphere-host import-key "/etc/ssl/private/${domain}.key" "https://${domain}"
     monkeysphere-host publish-key
     echo "0"
 }
 
 function register_website_interactive {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Register a website with monkeysphere" \
            --backtitle $"Freedombone Security Settings" \
-           --inputbox $"Enter the website domain name (without https://)" 8 60 2>$data
+           --inputbox $"Enter the website domain name (without https://)" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            domain=$(<$data)
-            register_website "$domain"
-            if [ ! "$?" = "0" ]; then
+            domain=$(<"$data")
+            if ! register_website "$domain"; then
                 dialog --title $"Register a website with monkeysphere" \
                        --msgbox "$?" 6 40
             else
@@ -737,6 +737,7 @@ function register_website_interactive {
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function pin_all_tls_certs {
@@ -744,28 +745,27 @@ function pin_all_tls_certs {
 }
 
 function remove_pinning {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove pinning for a domain" \
            --backtitle $"Freedombone Security Settings" \
-           --inputbox $"Enter the website domain name (without https://)" 8 60 2>$data
+           --inputbox $"Enter the website domain name (without https://)" 8 60 2>"$data"
     sel=$?
     case $sel in
         0)
-            domain=$(<$data)
-            ${PROJECT_NAME}-pin-cert "$domain" remove
-            if [ ! "$?" = "0" ]; then
+            domain=$(<"$data")
+            if ! ${PROJECT_NAME}-pin-cert "$domain" remove; then
                 dialog --title $"Removed pinning from $domain" \
                        --msgbox "$?" 6 40
             fi
             ;;
     esac
+    rm -f "$data"
 }
 
 function store_passwords {
     dialog --title $"Store Passwords" \
            --backtitle $"Freedombone Security Configuration" \
-           --yesno $"\nDo you wish to store passwords on the system? Stored passwords are convenient but carry some additional security risk." 10 60
+           --yesno $"\\nDo you wish to store passwords on the system? Stored passwords are convenient but carry some additional security risk." 10 60
     sel=$?
     case $sel in
         0)
@@ -773,24 +773,24 @@ function store_passwords {
                 read_config_param "MY_USERNAME"
                 if [ ! -f /home/$MY_USERNAME/.ssh/authorized_keys ]; then
                     dialog --title $"Store Passwords" \
-                           --msgbox $"\nYou should first enable key based ssh login to improve security" 8 60
+                           --msgbox $"\\nYou should first enable key based ssh login to improve security" 8 60
                     return
                 fi
                 if [[ $SSH_PASSWORDS == 'yes' ]]; then
                     dialog --title $"Store Passwords" \
-                           --msgbox $"\nYou should disable ssh passwords to improve security" 8 60
+                           --msgbox $"\\nYou should disable ssh passwords to improve security" 8 60
                     return
                 fi
                 ${PROJECT_NAME}-pass --enable yes
                 dialog --title $"Store Passwords" \
-                       --msgbox $"\nUser passwords will now be stored on the system" 8 60
+                       --msgbox $"\\nUser passwords will now be stored on the system" 8 60
             fi
             return
             ;;
         1)
             ${PROJECT_NAME}-pass --clear yes
             dialog --title $"Passwords were removed and will not be stored" \
-                   --msgbox $"\nFor the best security you should now manually change passwords via web interfaces so that there is no possibility of them being recovered from the disk" 9 60
+                   --msgbox $"\\nFor the best security you should now manually change passwords via web interfaces so that there is no possibility of them being recovered from the disk" 9 60
             return
             ;;
         255) return;;
@@ -808,23 +808,25 @@ function show_tor_bridges {
 }
 
 function add_tor_bridge {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Add obfs4 Tor bridge" \
-           --form "\n" 9 60 4 \
+           --form "\\n" 9 60 4 \
            $"IP address:   " 1 1 "   .   .   .   " 1 17 16 16 \
            $"Port:         " 2 1 "" 2 17 8 8 \
            $"Key/Nickname: " 3 1 "" 3 17 250 250 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    bridge_ip_address=$(cat $data | sed -n 1p)
-    bridge_port=$(cat $data | sed -n 2p)
-    bridge_key=$(cat $data | sed -n 3p)
+    bridge_ip_address=$(sed -n 1p < "$data")
+    bridge_port=$(sed -n 2p < "$data")
+    bridge_key=$(sed -n 3p < "$data")
+    rm -f "$data"
     if [[ "${bridge_ip_address}" == *" "* ]]; then
         return
     fi
@@ -844,15 +846,14 @@ function add_tor_bridge {
 
 function remove_tor_bridge {
     bridge_removed=
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --title $"Remove obfs4 Tor bridge" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Enter the IP address, key or Nickname of the bridge" 8 65 2>$data
+           --inputbox $"Enter the IP address, key or Nickname of the bridge" 8 65 2>"$data"
     sel=$?
     case $sel in
         0)
-            response=$(<$data)
+            response=$(<"$data")
             if [ ${#response} -gt 2 ]; then
                 if [[ "${response}" != *" "* ]]; then
                     if [[ "${response}" == *"."* ]]; then
@@ -870,6 +871,7 @@ function remove_tor_bridge {
             fi
             ;;
     esac
+    rm -f "$data"
     if [ $bridge_removed ]; then
         dialog --title $"Remove obfs4 Tor bridge" \
                --msgbox $"Bridge removed" 6 40
@@ -882,22 +884,24 @@ function add_tor_bridge_relay {
 
     # remove any previous bridge port from the firewall
     if [ ${#TOR_BRIDGE_PORT} -gt 0 ]; then
-        firewall_remove $TOR_BRIDGE_PORT tcp
+        firewall_remove "$TOR_BRIDGE_PORT" tcp
     fi
 
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Become an obfs4 Tor bridge relay" \
-           --form "\n" 8 60 2 \
+           --form "\\n" 8 60 2 \
            $"Bridge Nickname: " 1 1 "$TOR_BRIDGE_NICKNAME" 1 20 250 250 \
-           2> $data
+           2> "$data"
     sel=$?
     case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
     esac
-    bridge_nickname=$(cat $data | sed -n 1p)
+    bridge_nickname=$(sed -n 1p < "$data")
+    rm -f "$data"
     if [[ "${bridge_nickname}" == *" "* ]]; then
         return
     fi
@@ -910,7 +914,7 @@ function add_tor_bridge_relay {
     write_config_param 'TOR_BRIDGE_PORT' "$TOR_BRIDGE_PORT"
     tor_create_bridge_relay
     dialog --title $"You are now an obfs4 Tor bridge relay" \
-           --msgbox $"\nIP address: $(get_ipv4_address)\n\nPort: ${TOR_BRIDGE_PORT}\n\nNickname: ${TOR_BRIDGE_NICKNAME}" 10 65
+           --msgbox $"\\nIP address: $(get_ipv4_address)\\n\\nPort: ${TOR_BRIDGE_PORT}\\n\\nNickname: ${TOR_BRIDGE_NICKNAME}" 10 65
 }
 
 function remove_tor_bridge_relay {
@@ -920,8 +924,7 @@ function remove_tor_bridge_relay {
 }
 
 function menu_tor_bridges {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Tor Bridges" \
            --radiolist $"Choose an operation:" 14 50 6 \
@@ -930,43 +933,51 @@ function menu_tor_bridges {
            3 $"Remove a bridge" off \
            4 $"Make this system into a bridge" off \
            5 $"Stop being a bridge" off \
-           6 $"Go Back/Exit" on 2> $data
+           6 $"Go Back/Exit" on 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
 
-    case $(cat $data) in
+    case $(cat "$data") in
         1)
             show_tor_bridges
+            rm -f "$data"
             exit 0
             ;;
         2)
             add_tor_bridge
+            rm -f "$data"
             exit 0
             ;;
         3)
             remove_tor_bridge
+            rm -f "$data"
             exit 0
             ;;
         4)
             add_tor_bridge_relay
+            rm -f "$data"
             exit 0
             ;;
         5)
             remove_tor_bridge_relay
+            rm -f "$data"
             exit 0
             ;;
         6)
+            rm -f "$data"
             exit 0
             ;;
     esac
+    rm -f "$data"
 }
 
 function menu_security_settings {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Security Settings" \
            --radiolist $"Choose an operation:" 23 76 23 \
@@ -985,11 +996,13 @@ function menu_security_settings {
            13 $"Enable GPG based authentication (monkeysphere)" off \
            14 $"Register a website with monkeysphere" off \
            15 $"Allow ssh login with passwords" off \
-           16 $"Go Back/Exit" on 2> $data
+           16 $"Go Back/Exit" on 2> "$data"
     sel=$?
     case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
     esac
 
     clear
@@ -1006,12 +1019,13 @@ function menu_security_settings {
     import_settings
     export_settings
 
-    case $(cat $data) in
+    case $(cat "$data") in
         1)
             clear
             echo $'Running STIG tests...'
             echo ''
             ${PROJECT_NAME}-tests --stig showall
+            rm -f "$data"
             exit 0
             ;;
         2)
@@ -1020,23 +1034,28 @@ function menu_security_settings {
             echo ''
             ${PROJECT_NAME}-tests --stig fix
             echo $'Fixes applied. You will need to run the STIG tests again to be sure that they were all fixed.'
+            rm -f "$data"
             exit 0
             ;;
         3)
             dialog --title $"SSH host public keys" \
                    --msgbox "\n$(get_ssh_server_key)" 12 60
+            rm -f "$data"
             exit 0
             ;;
         4)
             menu_tor_bridges
+            rm -f "$data"
             exit 0
             ;;
         5)
             store_passwords
+            rm -f "$data"
             exit 0
             ;;
         6)
             export_passwords
+            rm -f "$data"
             exit 0
             ;;
         7)
@@ -1067,12 +1086,15 @@ function menu_security_settings {
         15)
             allow_ssh_passwords
             change_ssh_settings
+            rm -f "$data"
             exit 0
             ;;
         16)
+            rm -f "$data"
             exit 0
             ;;
     esac
+    rm -f "$data"
 
     change_website_settings
     change_imap_settings
@@ -1081,7 +1103,7 @@ function menu_security_settings {
 }
 
 function import_settings {
-    cd $CURRENT_DIR
+    cd "$CURRENT_DIR" || exit 2468724684
 
     if [ ! $IMPORT_FILE ]; then
         return
@@ -1153,34 +1175,34 @@ function export_settings {
         return
     fi
 
-    cd $CURRENT_DIR
+    cd "$CURRENT_DIR" || exit 92465274527
 
     if [ ! -f $EXPORT_FILE ]; then
         if [ "$SSL_PROTOCOLS" ]; then
             echo "SSL_PROTOCOLS=$SSL_PROTOCOLS" >> $EXPORT_FILE
         fi
-        if [ $SSL_CIPHERS ]; then
+        if [ "$SSL_CIPHERS" ]; then
             echo "SSL_CIPHERS=$SSL_CIPHERS" >> $EXPORT_FILE
         fi
-        if [ $SSH_CIPHERS ]; then
+        if [ "$SSH_CIPHERS" ]; then
             echo "SSH_CIPHERS=$SSH_CIPHERS" >> $EXPORT_FILE
         fi
-        if [ $SSH_MACS ]; then
+        if [ "$SSH_MACS" ]; then
             echo "SSH_MACS=$SSH_MACS" >> $EXPORT_FILE
         fi
-        if [ $SSH_KEX ]; then
+        if [ "$SSH_KEX" ]; then
             echo "SSH_KEX=$SSH_KEX" >> $EXPORT_FILE
         fi
-        if [ $SSH_HOST_KEY_ALGORITHMS ]; then
+        if [ "$SSH_HOST_KEY_ALGORITHMS" ]; then
             echo "SSH_HOST_KEY_ALGORITHMS=$SSH_HOST_KEY_ALGORITHMS" >> $EXPORT_FILE
         fi
-        if [ $SSH_PASSWORDS ]; then
+        if [ "$SSH_PASSWORDS" ]; then
             echo "SSH_PASSWORDS=$SSH_PASSWORDS" >> $EXPORT_FILE
         fi
-        if [ $XMPP_CIPHERS ]; then
+        if [ "$XMPP_CIPHERS" ]; then
             echo "XMPP_CIPHERS=$XMPP_CIPHERS" >> $EXPORT_FILE
         fi
-        if [ $XMPP_ECC_CURVE ]; then
+        if [ "$XMPP_ECC_CURVE" ]; then
             echo "XMPP_ECC_CURVE=$XMPP_ECC_CURVE" >> $EXPORT_FILE
         fi
         echo "Security settings exported to $EXPORT_FILE"
@@ -1194,56 +1216,56 @@ function export_settings {
             echo "SSL_PROTOCOLS=$SSL_PROTOCOLS" >> $EXPORT_FILE
         fi
     fi
-    if [ $SSL_CIPHERS ]; then
+    if [ "$SSL_CIPHERS" ]; then
         if grep -q "SSL_CIPHERS" $EXPORT_FILE; then
             sed -i "s|SSL_CIPHERS=.*|SSL_CIPHERS=$SSL_CIPHERS|g" $EXPORT_FILE
         else
             echo "SSL_CIPHERS=$SSL_CIPHERS" >> $EXPORT_FILE
         fi
     fi
-    if [ $SSH_CIPHERS ]; then
+    if [ "$SSH_CIPHERS" ]; then
         if grep -q "SSH_CIPHERS" $EXPORT_FILE; then
             sed -i "s|SSH_CIPHERS=.*|SSH_CIPHERS=$SSH_CIPHERS|g" $EXPORT_FILE
         else
             echo "SSH_CIPHERS=$SSH_CIPHERS" >> $EXPORT_FILE
         fi
     fi
-    if [ $SSH_MACS ]; then
+    if [ "$SSH_MACS" ]; then
         if grep -q "SSH_MACS" $EXPORT_FILE; then
             sed -i "s|SSH_MACS=.*|SSH_MACS=$SSH_MACS|g" $EXPORT_FILE
         else
             echo "SSH_MACS=$SSH_MACS" >> $EXPORT_FILE
         fi
     fi
-    if [ $SSH_KEX ]; then
+    if [ "$SSH_KEX" ]; then
         if grep -q "SSH_KEX" $EXPORT_FILE; then
             sed -i "s|SSH_KEX=.*|SSH_KEX=$SSH_KEX|g" $EXPORT_FILE
         else
             echo "SSH_KEX=$SSH_KEX" >> $EXPORT_FILE
         fi
     fi
-    if [ $SSH_HOST_KEY_ALGORITHMS ]; then
+    if [ "$SSH_HOST_KEY_ALGORITHMS" ]; then
         if grep -q "SSH_HOST_KEY_ALGORITHMS" $EXPORT_FILE; then
             sed -i "s|SSH_HOST_KEY_ALGORITHMS=.*|SSH_HOST_KEY_ALGORITHMS=$SSH_HOST_KEY_ALGORITHMS|g" $EXPORT_FILE
         else
             echo "SSH_HOST_KEY_ALGORITHMS=$SSH_HOST_KEY_ALGORITHMS" >> $EXPORT_FILE
         fi
     fi
-    if [ $SSH_PASSWORDS ]; then
+    if [ "$SSH_PASSWORDS" ]; then
         if grep -q "SSH_PASSWORDS" $EXPORT_FILE; then
             sed -i "s|SSH_PASSWORDS=.*|SSH_PASSWORDS=$SSH_PASSWORDS|g" $EXPORT_FILE
         else
             echo "SSH_PASSWORDS=$SSH_PASSWORDS" >> $EXPORT_FILE
         fi
     fi
-    if [ $XMPP_CIPHERS ]; then
+    if [ "$XMPP_CIPHERS" ]; then
         if grep -q "XMPP_CIPHERS" $EXPORT_FILE; then
             sed -i "s|XMPP_CIPHERS=.*|XMPP_CIPHERS=$XMPP_CIPHERS|g" $EXPORT_FILE
         else
             echo "XMPP_CIPHERS=$XMPP_CIPHERS" >> $EXPORT_FILE
         fi
     fi
-    if [ $XMPP_ECC_CURVE ]; then
+    if [ "$XMPP_ECC_CURVE" ]; then
         if grep -q "XMPP_ECC_CURVE" $EXPORT_FILE; then
             sed -i "s|XMPP_ECC_CURVE=.*|XMPP_ECC_CURVE=$XMPP_ECC_CURVE|g" $EXPORT_FILE
         else
@@ -1258,7 +1280,7 @@ function refresh_gpg_keys {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            su -c 'gpg --refresh-keys' - $USERNAME
+            su -c 'gpg --refresh-keys' - "$USERNAME"
         fi
     done
     exit 0
@@ -1266,27 +1288,26 @@ function refresh_gpg_keys {
 
 function monkeysphere_sign_server_keys {
     server_keys_file=/home/$USER/.monkeysphere/server_keys
-    if [ ! -f $server_keys_file ]; then
+    if [ ! -f "$server_keys_file" ]; then
         exit 0
     fi
 
     keys_signed=
-    while read line; do
-        echo $line
+    while read -r line; do
+        echo "$line"
         if [ ${#line} -gt 2 ]; then
             fpr=$(gpg --with-colons --fingerprint "$line" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
             if [ ${#fpr} -gt 2 ]; then
-                gpg --sign-key $fpr
-                if [ "$?" = "0" ]; then
+                if gpg --sign-key "$fpr"; then
                     gpg --update-trustdb
                     keys_signed=1
                 fi
             fi
         fi
-    done <$server_keys_file
+    done <"$server_keys_file"
 
     if [ $keys_signed ]; then
-        rm $server_keys_file
+        rm "$server_keys_file"
     fi
     exit 0
 }
@@ -1296,14 +1317,14 @@ function htmly_hash {
     pass="$1"
     HTMLYHASH_FILENAME=/usr/bin/htmlyhash
 
-    echo '<?php' > $HTMLYHASH_FILENAME
-    echo 'parse_str(implode("&", array_slice($argv, 1)), $_GET);' >> $HTMLYHASH_FILENAME
-    echo '$password = $_GET["password"];' >> $HTMLYHASH_FILENAME
-    echo '$hash = password_hash($password, PASSWORD_BCRYPT);' >> $HTMLYHASH_FILENAME
-    echo 'if (password_verify($password, $hash)) {' >> $HTMLYHASH_FILENAME
-    echo '  echo $hash;' >> $HTMLYHASH_FILENAME
-    echo '}' >> $HTMLYHASH_FILENAME
-    echo '?>' >> $HTMLYHASH_FILENAME
+    { echo '<?php';
+      echo "parse_str(implode(\"&\", array_slice(\$argv, 1)), \$_GET);";
+      echo "\$password = \$_GET[\"password\"];";
+      echo "\$hash = password_hash(\$password, PASSWORD_BCRYPT);";
+      echo "if (password_verify(\$password, \$hash)) {";
+      echo "  echo \$hash;";
+      echo '}';
+      echo '?>'; } > "$HTMLYHASH_FILENAME"
 
     php $HTMLYHASH_FILENAME password="$pass"
 }
diff --git a/src/freedombone-splitkey b/src/freedombone-splitkey
index 22270a79..229f740d 100755
--- a/src/freedombone-splitkey
+++ b/src/freedombone-splitkey
@@ -90,37 +90,37 @@ esac
 shift
 done
 
-if [ ! $MY_USERNAME ]; then
+if [ ! "$MY_USERNAME" ]; then
     show_help
 fi
-if [ ! -d /home/$MY_USERNAME ]; then
+if [ ! -d "/home/$MY_USERNAME" ]; then
     echo $"User $MY_USERNAME does not exist on the system"
     exit 7270
 fi
 
-if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
+if [ ! -d "/home/$MY_USERNAME/.gnupg" ]; then
     echo $'No gpg key found'
     exit 5393
 fi
 
-if [ $PASSWORD_FILE ]; then
-    if [ ! -f $PASSWORD_FILE ]; then
+if [ "$PASSWORD_FILE" ]; then
+    if [ ! -f "$PASSWORD_FILE" ]; then
         echo $'Password file not found'
         exit 62952
     fi
 fi
 
 FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
-if [ -d $FRAGMENTS_DIR ]; then
+if [ -d "$FRAGMENTS_DIR" ]; then
     exit 0
 fi
 
 # get the gpg key ID
-if [ ! $MY_EMAIL_ADDRESS ]; then
+if [ ! "$MY_EMAIL_ADDRESS" ]; then
     MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
 fi
 
-KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS" - $MY_USERNAME | sed -n '2p' | sed 's/^[ \t]*//')
+KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS" - "$MY_USERNAME" | sed -n '2p' | sed 's/^[ \t]*//')
 if [ ${#KEYID} -lt 4 ]; then
     echo $"gpg key for $MY_EMAIL_ADDRESS was not found"
     exit 3682
@@ -133,72 +133,70 @@ if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
 fi
 
 # create the key file
-mkdir -p $FRAGMENTS_DIR
-chown $MY_USERNAME:$MY_USERNAME $FRAGMENTS_DIR
-KEYS_FILE=$FRAGMENTS_DIR/keyshare.asc
-gpg --output $FRAGMENTS_DIR/pubkey.txt --armor --export $KEYID
-if [ ! "$?" = "0" ]; then
+mkdir -p "$FRAGMENTS_DIR"
+chown "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"
+KEYS_FILE="$FRAGMENTS_DIR/keyshare.asc"
+if ! gpg --output "$FRAGMENTS_DIR/pubkey.txt" --armor --export "$KEYID"; then
     echo $"Unable to extract public key for $KEYID"
     exit 7835
 fi
-if [ ! $PASSWORD_FILE ]; then
-    gpg --output $FRAGMENTS_DIR/privkey.txt \
-        --armor --export-secret-key $KEYID
+if [ ! "$PASSWORD_FILE" ]; then
+    gpg --output "$FRAGMENTS_DIR/privkey.txt" \
+        --armor --export-secret-key "$KEYID"
 else
-    echo "$(printf `cat $PASSWORD_FILE`)" | \
+    # shellcheck disable=SC2005
+    echo "$(printf "%s" "$(cat "$PASSWORD_FILE")")" | \
         gpg --batch --passphrase-fd 0 \
-        --output $FRAGMENTS_DIR/privkey.txt \
-        --armor --export-secret-key $KEYID
+        --output "$FRAGMENTS_DIR/privkey.txt" \
+        --armor --export-secret-key "$KEYID"
 fi
+# shellcheck disable=SC2181
 if [ ! "$?" = "0" ]; then
     echo $"Unable to extract private key for $KEYID"
     exit 7823
 fi
-gpg --output $FRAGMENTS_DIR/backup_pubkey.txt \
-    --armor --export $MY_BACKUP_KEY_ID
-if [ ! "$?" = "0" ]; then
-    shred -zu $FRAGMENTS_DIR/privkey.txt
+if ! gpg --output "$FRAGMENTS_DIR/backup_pubkey.txt" \
+    --armor --export "$MY_BACKUP_KEY_ID"; then
+    shred -zu "$FRAGMENTS_DIR/privkey.txt"
     echo $"Unable to extract backup public key for $MY_BACKUP_KEY_ID"
     exit 62928
 fi
 echo "$BACKUP_DUMMY_PASSWORD" | \
-    gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+if ! gpg --output "$FRAGMENTS_DIR/backup_privkey.txt" \
         --batch --passphrase-fd 0 \
-        --armor --export-secret-key $MY_BACKUP_KEY_ID
-if [ ! "$?" = "0" ]; then
-    shred -zu $FRAGMENTS_DIR/privkey.txt
+        --armor --export-secret-key "$MY_BACKUP_KEY_ID"; then
+    shred -zu "$FRAGMENTS_DIR/privkey.txt"
     echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
     exit 13783
 fi
 
 # Ensure there aren't any permissions problems when running cat
-chmod +r $FRAGMENTS_DIR/privkey.txt
-chmod +r $FRAGMENTS_DIR/backup_privkey.txt
+chmod +r "$FRAGMENTS_DIR/privkey.txt"
+chmod +r "$FRAGMENTS_DIR/backup_privkey.txt"
 
-cat $FRAGMENTS_DIR/pubkey.txt \
-    $FRAGMENTS_DIR/privkey.txt \
-    $FRAGMENTS_DIR/backup_pubkey.txt \
-    $FRAGMENTS_DIR/backup_privkey.txt > $KEYS_FILE
-shred -zu $FRAGMENTS_DIR/privkey.txt
-shred -zu $FRAGMENTS_DIR/pubkey.txt
-shred -zu $FRAGMENTS_DIR/backup_privkey.txt
-shred -zu $FRAGMENTS_DIR/backup_pubkey.txt
+cat "$FRAGMENTS_DIR/pubkey.txt" \
+    "$FRAGMENTS_DIR/privkey.txt" \
+    "$FRAGMENTS_DIR/backup_pubkey.txt" \
+    "$FRAGMENTS_DIR/backup_privkey.txt" > "$KEYS_FILE"
+shred -zu "$FRAGMENTS_DIR/privkey.txt"
+shred -zu "$FRAGMENTS_DIR/pubkey.txt"
+shred -zu "$FRAGMENTS_DIR/backup_privkey.txt"
+shred -zu "$FRAGMENTS_DIR/backup_pubkey.txt"
 
 KEY_SHARES=$((KEY_FRAGMENTS * 2))
-gfsplit -n $KEY_FRAGMENTS -m $KEY_SHARES $KEYS_FILE
-if [ ! "$?" = "0" ]; then
+if ! gfsplit -n "$KEY_FRAGMENTS" -m "$KEY_SHARES $KEYS_FILE"; then
     echo $"Unable to split the gpg key"
-    rm -rf $FRAGMENTS_DIR
-    if [ -f $KEYS_FILE ]; then
-        shred -zu $KEYS_FILE
+    rm -rf "$FRAGMENTS_DIR"
+    if [ -f "$KEYS_FILE" ]; then
+        shred -zu "$KEYS_FILE"
     fi
     exit 63028
 fi
-shred -zu $KEYS_FILE
+shred -zu "$KEYS_FILE"
 
 # set permissions
-chown -R $MY_USERNAME:$MY_USERNAME $FRAGMENTS_DIR
-chmod -R 600 $FRAGMENTS_DIR
+chown -R "$MY_USERNAME":"$MY_USERNAME" "$FRAGMENTS_DIR"
+chmod -R 600 "$FRAGMENTS_DIR"
 
 echo $"$KEY_SHARES key shares created"
 
diff --git a/src/freedombone-syncthing b/src/freedombone-syncthing
index 5a9a082c..6042230e 100755
--- a/src/freedombone-syncthing
+++ b/src/freedombone-syncthing
@@ -36,10 +36,10 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=$PROJECT_NAME-syncthing
 export TEXTDOMAINDIR="/usr/share/locale"
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-  source $f
+    source "$f"
 done
 
 # File which keeps track of what has already been installed
@@ -68,13 +68,14 @@ function new_syncthing_id {
     for i in {1..8}
     do
         v=""
+        # shellcheck disable=SC2034
         for j in {1..2}
         do
-            v2=`echo "obase=16;$RANDOM" | bc`
+            v2=$(echo "obase=16;$RANDOM" | bc)
             v=$v$v2
         done
         v=$(echo "$v" | cut -c1-7)
-        if [[ ${i} < 8 ]]; then
+        if [ "${i}" -lt 8 ]; then
             v=$v"-"
         fi
         echo -n "$v"
@@ -83,11 +84,11 @@ function new_syncthing_id {
 }
 
 function create_syncthing_config {
-    if grep -q "syncthing ID" $COMPLETION_FILE; then
+    if grep -q "syncthing ID" "$COMPLETION_FILE"; then
         SYNCTHING_ID=$(get_completion_param "syncthing ID")
     else
         if [ -f $SYNCTHING_CONFIG_FILE ]; then
-            SYNCTHING_ID=$(cat $SYNCTHING_CONFIG_FILE | grep "device id=" | head -n 1 | awk -F '"' '{print $2}')
+            SYNCTHING_ID=$(grep "device id=" "$SYNCTHING_CONFIG_FILE" | head -n 1 | awk -F '"' '{print $2}')
         else
             SYNCTHING_ID=$(new_syncthing_id)
         fi
@@ -109,7 +110,7 @@ function create_syncthing_config {
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             echo "    <folder id=\"$USERNAME\" path=\"/home/$USERNAME/Sync/\" ro=\"false\" rescanIntervalS=\"60\" ignorePerms=\"false\" autoNormalize=\"true\">" >> $SYNCTHING_CONFIG_FILE
             # include any specified device IDs for this user
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 echo "" > $TEMP_IDS_FILE
                 while read -r line || [[ -n "$line" ]]; do
                     line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
@@ -121,23 +122,23 @@ function create_syncthing_config {
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
                 rm $TEMP_IDS_FILE
             fi
-            echo "        <device id=\"$SYNCTHING_ID\"></device>" >> $SYNCTHING_CONFIG_FILE
-            echo '        <minDiskFreePct>1</minDiskFreePct>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <versioning></versioning>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <copiers>0</copiers>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <pullers>0</pullers>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <hashers>0</hashers>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <order>random</order>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <ignoreDelete>false</ignoreDelete>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <scanProgressIntervalS>0</scanProgressIntervalS>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <pullerSleepS>0</pullerSleepS>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <pullerPauseS>0</pullerPauseS>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <maxConflicts>10</maxConflicts>' >> $SYNCTHING_CONFIG_FILE
-            echo '        <disableSparseFiles>false</disableSparseFiles>' >> $SYNCTHING_CONFIG_FILE
-            echo '    </folder>' >> $SYNCTHING_CONFIG_FILE
+            { echo "        <device id=\"$SYNCTHING_ID\"></device>";
+              echo '        <minDiskFreePct>1</minDiskFreePct>';
+              echo '        <versioning></versioning>';
+              echo '        <copiers>0</copiers>';
+              echo '        <pullers>0</pullers>';
+              echo '        <hashers>0</hashers>';
+              echo '        <order>random</order>';
+              echo '        <ignoreDelete>false</ignoreDelete>';
+              echo '        <scanProgressIntervalS>0</scanProgressIntervalS>';
+              echo '        <pullerSleepS>0</pullerSleepS>';
+              echo '        <pullerPauseS>0</pullerPauseS>';
+              echo '        <maxConflicts>10</maxConflicts>';
+              echo '        <disableSparseFiles>false</disableSparseFiles>';
+              echo '    </folder>'; } >> "$SYNCTHING_CONFIG_FILE"
         fi
     done
 
@@ -147,7 +148,7 @@ function create_syncthing_config {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
                     line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
                     if [[ $line2 != *"#"* && $line2 != *"*"* && $line2 != *'/'*  && $line2 == *"-"* ]]; then
@@ -158,96 +159,95 @@ function create_syncthing_config {
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
             fi
         fi
     done
     rm $TEMP_IDS_FILE
-    echo "        <device id=\"$SYNCTHING_ID\"></device>" >> $SYNCTHING_CONFIG_FILE
-    echo '        <minDiskFreePct>1</minDiskFreePct>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <versioning></versioning>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <copiers>0</copiers>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <pullers>0</pullers>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <hashers>0</hashers>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <order>random</order>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <ignoreDelete>false</ignoreDelete>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <scanProgressIntervalS>0</scanProgressIntervalS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <pullerSleepS>0</pullerSleepS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <pullerPauseS>0</pullerPauseS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <maxConflicts>10</maxConflicts>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <disableSparseFiles>false</disableSparseFiles>' >> $SYNCTHING_CONFIG_FILE
-    echo '    </folder>' >> $SYNCTHING_CONFIG_FILE
+    { echo "        <device id=\"$SYNCTHING_ID\"></device>";
+      echo '        <minDiskFreePct>1</minDiskFreePct>';
+      echo '        <versioning></versioning>';
+      echo '        <copiers>0</copiers>';
+      echo '        <pullers>0</pullers>';
+      echo '        <hashers>0</hashers>';
+      echo '        <order>random</order>';
+      echo '        <ignoreDelete>false</ignoreDelete>';
+      echo '        <scanProgressIntervalS>0</scanProgressIntervalS>';
+      echo '        <pullerSleepS>0</pullerSleepS>';
+      echo '        <pullerPauseS>0</pullerPauseS>';
+      echo '        <maxConflicts>10</maxConflicts>';
+      echo '        <disableSparseFiles>false</disableSparseFiles>';
+      echo '    </folder>';
 
-
-    echo "    <device id=\"$SYNCTHING_ID\" name=\"${PROJECT_NAME}\" compression=\"metadata\" introducer=\"false\">" >> $SYNCTHING_CONFIG_FILE
-    echo '        <address>dynamic</address>' >> $SYNCTHING_CONFIG_FILE
-    echo '    </device>' >> $SYNCTHING_CONFIG_FILE
+      echo "    <device id=\"$SYNCTHING_ID\" name=\"${PROJECT_NAME}\" compression=\"metadata\" introducer=\"false\">";
+      echo '        <address>dynamic</address>';
+      echo '    </device>'; } >> "$SYNCTHING_CONFIG_FILE"
 
     echo "" > $TEMP_IDS_FILE
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
                     line2="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
                     if [[ $line2 != *"#"* && $line2 != *"*"* && $line2 != *'/'*  && $line2 == *"-"* ]]; then
                         if [ ${#line2} -gt 10 ]; then
                             if ! grep -q "$line2" $TEMP_IDS_FILE; then
-                                echo "    <device id=\"$line2\" name=\"${USERNAME}\" compression=\"metadata\" introducer=\"false\">" >> $SYNCTHING_CONFIG_FILE
+                                echo "    <device id=\"$line2\" name=\"${USERNAME}\" compression=\"metadata\" introducer=\"false\">" >> "$SYNCTHING_CONFIG_FILE"
                                 echo '        <address>dynamic</address>' >> $SYNCTHING_CONFIG_FILE
                                 echo '    </device>' >> $SYNCTHING_CONFIG_FILE
                                 echo "$line2" >> $TEMP_IDS_FILE
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
             fi
         fi
     done
     rm $TEMP_IDS_FILE
 
-    echo '    <options>' >> $SYNCTHING_CONFIG_FILE
-    echo "        <listenAddress>tcp://0.0.0.0:$SYNCTHING_PORT</listenAddress>" >> $SYNCTHING_CONFIG_FILE
-    echo '        <globalAnnounceServer>default</globalAnnounceServer>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <globalAnnounceEnabled>true</globalAnnounceEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <localAnnounceEnabled>true</localAnnounceEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <localAnnouncePort>21027</localAnnouncePort>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>' >> $SYNCTHING_CONFIG_FILE
-    echo "        <relayServer>dynamic+$SYNCTHING_RELAY_SERVER</relayServer>" >> $SYNCTHING_CONFIG_FILE
-    echo '        <maxSendKbps>0</maxSendKbps>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <maxRecvKbps>0</maxRecvKbps>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <reconnectionIntervalS>60</reconnectionIntervalS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <relaysEnabled>true</relaysEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <relayReconnectIntervalM>10</relayReconnectIntervalM>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <startBrowser>true</startBrowser>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpEnabled>true</upnpEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpLeaseMinutes>60</upnpLeaseMinutes>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpRenewalMinutes>30</upnpRenewalMinutes>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <upnpTimeoutSeconds>10</upnpTimeoutSeconds>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urAccepted>-1</urAccepted>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urUniqueID></urUniqueID>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urURL>https://data.syncthing.net/newdata</urURL>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urPostInsecurely>false</urPostInsecurely>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <urInitialDelayS>1800</urInitialDelayS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <restartOnWakeup>true</restartOnWakeup>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <keepTemporariesH>24</keepTemporariesH>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <cacheIgnoredFiles>true</cacheIgnoredFiles>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <progressUpdateIntervalS>5</progressUpdateIntervalS>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <symlinksEnabled>true</symlinksEnabled>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <limitBandwidthInLan>false</limitBandwidthInLan>' >> $SYNCTHING_CONFIG_FILE
-    echo '        <minHomeDiskFreePct>1</minHomeDiskFreePct>' >> $SYNCTHING_CONFIG_FILE
-    echo "        <releasesURL>$SYNCTHING_RELEASES</releasesURL>" >> $SYNCTHING_CONFIG_FILE
-    echo '    </options>' >> $SYNCTHING_CONFIG_FILE
-    echo '</configuration>' >> $SYNCTHING_CONFIG_FILE
+    { echo '    <options>';
+      echo "        <listenAddress>tcp://0.0.0.0:$SYNCTHING_PORT</listenAddress>";
+      echo '        <globalAnnounceServer>default</globalAnnounceServer>';
+      echo '        <globalAnnounceEnabled>true</globalAnnounceEnabled>';
+      echo '        <localAnnounceEnabled>true</localAnnounceEnabled>';
+      echo '        <localAnnouncePort>21027</localAnnouncePort>';
+      echo '        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>';
+      echo "        <relayServer>dynamic+$SYNCTHING_RELAY_SERVER</relayServer>";
+      echo '        <maxSendKbps>0</maxSendKbps>';
+      echo '        <maxRecvKbps>0</maxRecvKbps>';
+      echo '        <reconnectionIntervalS>60</reconnectionIntervalS>';
+      echo '        <relaysEnabled>true</relaysEnabled>';
+      echo '        <relayReconnectIntervalM>10</relayReconnectIntervalM>';
+      echo '        <startBrowser>true</startBrowser>';
+      echo '        <upnpEnabled>true</upnpEnabled>';
+      echo '        <upnpLeaseMinutes>60</upnpLeaseMinutes>';
+      echo '        <upnpRenewalMinutes>30</upnpRenewalMinutes>';
+      echo '        <upnpTimeoutSeconds>10</upnpTimeoutSeconds>';
+      echo '        <urAccepted>-1</urAccepted>';
+      echo '        <urUniqueID></urUniqueID>';
+      echo '        <urURL>https://data.syncthing.net/newdata</urURL>';
+      echo '        <urPostInsecurely>false</urPostInsecurely>';
+      echo '        <urInitialDelayS>1800</urInitialDelayS>';
+      echo '        <restartOnWakeup>true</restartOnWakeup>';
+      echo '        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>';
+      echo '        <keepTemporariesH>24</keepTemporariesH>';
+      echo '        <cacheIgnoredFiles>true</cacheIgnoredFiles>';
+      echo '        <progressUpdateIntervalS>5</progressUpdateIntervalS>';
+      echo '        <symlinksEnabled>true</symlinksEnabled>';
+      echo '        <limitBandwidthInLan>false</limitBandwidthInLan>';
+      echo '        <minHomeDiskFreePct>1</minHomeDiskFreePct>';
+      echo "        <releasesURL>$SYNCTHING_RELEASES</releasesURL>";
+      echo '    </options>';
+      echo '</configuration>'; } >> "$SYNCTHING_CONFIG_FILE"
 
     # give each user account a file containing the device id for this server
     # This allows it to appear within the user control panel
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            echo "$SYNCTHING_ID" > /home/$USERNAME/.syncthing-server-id
-            chown $USERNAME:$USERNAME /home/$USERNAME/.syncthing-server-id
+            echo "$SYNCTHING_ID" > "/home/$USERNAME/.syncthing-server-id"
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.syncthing-server-id"
         fi
     done
 }
@@ -266,7 +266,7 @@ function user_devices_changed {
 
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ ! -f /home/$USERNAME/.syncthing-server-id ]; then
+        if [ ! -f "/home/$USERNAME/.syncthing-server-id" ]; then
             CHANGED=1
             return
         fi
@@ -275,11 +275,11 @@ function user_devices_changed {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if [ -f /home/$USERNAME/$SYNCTHING_UPDATE_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_UPDATE_FILE" ]; then
                 CHANGED=1
             fi
 
-            if [ -f /home/$USERNAME/$SYNCTHING_USER_IDS_FILE ]; then
+            if [ -f "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE" ]; then
                 while read -r line || [[ -n "$line" ]]; do
                     if [[ $line != *"#"* && $line != *"*"* && $line != *'/'*  && $line == *"-"* ]]; then
                         if [ ${#line} -gt 10 ]; then
@@ -288,15 +288,15 @@ function user_devices_changed {
                             fi
                         fi
                     fi
-                done < /home/$USERNAME/$SYNCTHING_USER_IDS_FILE
+                done < "/home/$USERNAME/$SYNCTHING_USER_IDS_FILE"
             fi
 
             # Permissions on user Sync directories
-            if [ -d /home/$USERNAME/Sync ]; then
-                chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/Sync
+            if [ -d "/home/$USERNAME/Sync" ]; then
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/Sync"
             fi
-            if [ -d /home/$USERNAME/SyncShared ]; then
-                chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/SyncShared
+            if [ -d "/home/$USERNAME/SyncShared" ]; then
+                chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/SyncShared"
             fi
         fi
     done
@@ -305,11 +305,11 @@ function user_devices_changed {
 function syncthing_set_permissions {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
-        if [ -d /home/$USERNAME/Sync ]; then
-            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/Sync
+        if [ -d "/home/$USERNAME/Sync" ]; then
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/Sync"
         fi
-        if [ -d /home/$USERNAME/SyncShared ]; then
-            chown $USERNAME:$USERNAME /home/$USERNAME /home/$USERNAME/SyncShared
+        if [ -d "/home/$USERNAME/SyncShared" ]; then
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME" "/home/$USERNAME/SyncShared"
         fi
     done
 }
diff --git a/src/freedombone-template b/src/freedombone-template
index 52728414..e5c083d7 100755
--- a/src/freedombone-template
+++ b/src/freedombone-template
@@ -85,9 +85,9 @@ do
         -a|--app|--appname)
             shift
             app_name="$1"
-            app_name_lower=$(echo ${app_name} | tr '[:upper:]' '[:lower:]')
+            app_name_lower=$(echo "${app_name}" | tr '[:upper:]' '[:lower:]')
             app_name=$app_name_lower
-            app_name_upper=$(echo ${app_name} | tr '[:lower:]' '[:upper:]')
+            app_name_upper=$(echo "${app_name}" | tr '[:lower:]' '[:upper:]')
             ;;
         -r|--repo)
             shift
@@ -226,14 +226,14 @@ fi
 echo ''
 echo "${app_name_upper}_DOMAIN_NAME="
 echo "${app_name_upper}_CODE="
-if [ $app_port ]; then
+if [ "$app_port" ]; then
     echo "${app_name_upper}_PORT=$app_port"
 fi
 echo "${app_name_upper}_ONION_PORT=$(( ( RANDOM % 1000 )  + 9010 ))"
 echo "${app_name_upper}_REPO=\"${app_repo}\""
 echo "${app_name_upper}_COMMIT='${app_repo_commit}'"
 if [ $app_daemon ]; then
-    if [ ! $app_port_internal ]; then
+    if [ ! "$app_port_internal" ]; then
         echo "${app_name_upper}_PORT_INTERNAL=TODO"
     else
         echo "${app_name_upper}_PORT_INTERNAL=$app_port_internal"
@@ -255,14 +255,14 @@ echo "    echo -n ''"
 echo '}'
 echo ''
 echo "function remove_user_${app_name} {"
-echo '    remove_username="$1"'
+echo "    remove_username=\"\$1\""
 echo ''
 echo "    \${PROJECT_NAME}-pass -u \$remove_username --rmapp ${app_name}"
 echo '}'
 echo ''
 echo "function add_user_${app_name} {"
-echo '    new_username="$1"'
-echo '    new_user_password="$2"'
+echo "    new_username=\"\$1\""
+echo "    new_user_password=\"\$2\""
 echo ''
 echo "    \${PROJECT_NAME}-pass -u \$new_username -a ${app_name} -p \"\$new_user_password\""
 echo "    echo '0'"
@@ -270,11 +270,11 @@ echo '}'
 echo ''
 echo "function install_interactive_${app_name} {"
 if [ ! $app_onion_only ]; then
-    echo '    if [ ! $ONION_ONLY ]; then'
+    echo "    if [ ! \$ONION_ONLY ]; then"
     echo "        ONION_ONLY='no'"
     echo '    fi'
     echo ''
-    echo '    if [[ $ONION_ONLY != "no" ]]; then'
+    echo "    if [[ \$ONION_ONLY != \"no\" ]]; then"
     echo "        ${app_name_upper}_DOMAIN_NAME='${app_name}.local'"
     echo "        write_config_param \"${app_name_upper}_DOMAIN_NAME\" \"\$${app_name_upper}_DOMAIN_NAME\""
     echo '    else'
@@ -287,8 +287,8 @@ echo '    APP_INSTALLED=1'
 echo '}'
 echo ''
 echo "function change_password_${app_name} {"
-echo '    curr_username="$1"'
-echo '    new_user_password="$2"'
+echo "    curr_username=\"\$1\""
+echo "    new_user_password=\"\$2\""
 echo ''
 echo "    read_config_param '${app_name_upper}_DOMAIN_NAME'"
 echo ''
@@ -298,8 +298,8 @@ echo '}'
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" || "$database_type" == "postgres"* ]]; then
     echo ''
     echo "function ${app_name}_create_database {"
-    echo '    if [ -f $IMAGE_PASSWORD_FILE ]; then'
-    echo "        ${app_name_upper}_ADMIN_PASSWORD=\"\$(printf `cat $IMAGE_PASSWORD_FILE`)\""
+    echo "    if [ -f \$IMAGE_PASSWORD_FILE ]; then"
+    echo "        ${app_name_upper}_ADMIN_PASSWORD=\"\$(printf \"%d\" \"\$(cat \"$IMAGE_PASSWORD_FILE\")\")\""
     echo '    else'
     echo "        if [ ! \$${app_name_upper}_ADMIN_PASSWORD ]; then"
     echo "            ${app_name_upper}_ADMIN_PASSWORD=\"\$(create_password \${MINIMUM_PASSWORD_LENGTH})\""
@@ -329,26 +329,29 @@ echo ''
 echo "function configure_interactive_${app_name} {"
 echo '    while true'
 echo '    do'
-echo '        data=$(tempfile 2>/dev/null)'
-echo '        trap "rm -f $data" 0 1 2 5 15'
+echo "        data=\$(mktemp 2>/dev/null)"
 echo "        dialog --backtitle \$\"Freedombone Control Panel\" \\"
 echo "               --title \$\"${app_name}\" \\"
 echo "               --radiolist \$\"Choose an operation:\" 16 70 3 \\"
-echo '               1 $"Option 1" off \'
-echo '               2 $"Option 2" off \'
-echo '               3 $"Exit" on 2> $data'
+echo "               1 \$\"Option 1\" off \\"
+echo "               2 \$\"Option 2\" off \\"
+echo "               3 \$\"Exit\" on 2> \"\$data\""
 echo '        sel=$?'
-echo '        case $sel in'
-echo '            1) return;;'
-echo '            255) return;;'
+echo "        case \$sel in"
+echo "            1) rm -f \"\$data\""
+echo '               return;;'
+echo "            255) rm -f \"\$data\""
+echo '                 return;;'
 echo '        esac'
-echo '        case $(cat $data) in'
+echo "        case \$(cat \"\$data\") in"
 echo '            1) # call some function for option 1'
 echo '               ;;'
 echo '            2) # call some function for option 2'
 echo '               ;;'
-echo '            3) break;;'
+echo "            3) rm -f \"\$data\""
+echo '               break;;'
 echo '        esac'
+echo "        rm -f \"\$data\""
 echo '    done'
 echo '}'
 echo ''
@@ -363,7 +366,7 @@ echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name
 echo '    fi'
 echo ''
 echo '    # update to the next commit'
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    set_repo_commit /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs \"${app_name} commit\" \"\$${app_name_upper}_COMMIT\" \$${app_name_upper}_REPO"
     echo "    chown -R www-data:www-data /var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
@@ -378,7 +381,7 @@ echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
 echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo '    fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "    source_directory=${app_dir}"
@@ -387,7 +390,7 @@ echo ''
 echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
 echo ''
 echo "    dest_directory=${app_name}"
-echo '    backup_directory_to_usb $source_directory $dest_directory'
+echo "    backup_directory_to_usb \$source_directory \$dest_directory"
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    backup_database_to_usb ${app_name}"
@@ -408,7 +411,7 @@ echo '    fi'
 echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
 echo "        temp_restore_dir=/root/temp${app_name}"
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "        ${app_name}_dir=${app_dir}"
@@ -418,8 +421,8 @@ if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "        ${app_name}_create_database"
     echo ''
     echo "        restore_database ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
@@ -428,13 +431,13 @@ if [[ "$database_type" == "postgres"* ]]; then
     echo ''
     echo '        USE_POSTGRESQL=1'
     echo "        restore_database ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
 echo "        restore_directory_from_usb \$temp_restore_dir ${app_name}"
-echo '        if [ -d $temp_restore_dir ]; then'
+echo "        if [ -d \$temp_restore_dir ]; then"
 echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
 echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
 echo '            else'
@@ -444,7 +447,7 @@ echo '                fi'
 echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
 echo '            fi'
 echo "            chown -R www-data:www-data \$${app_name}_dir"
-echo '            rm -rf $temp_restore_dir'
+echo "            rm -rf \$temp_restore_dir"
 echo '        fi'
 echo ''
 echo '    fi'
@@ -456,7 +459,7 @@ echo "    if grep -q \"${app_name} domain\" \$COMPLETION_FILE; then"
 echo "        ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo '    fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    source_directory=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "    source_directory=${app_dir}"
@@ -465,7 +468,7 @@ echo ''
 echo "    suspend_site \${${app_name_upper}_DOMAIN_NAME}"
 echo ''
 echo "    dest_directory=${app_name}"
-echo '    backup_directory_to_friend $source_directory $dest_directory'
+echo "    backup_directory_to_friend \$source_directory \$dest_directory"
 echo ''
 if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "    backup_database_to_friend ${app_name}"
@@ -486,7 +489,7 @@ echo '    fi'
 echo "    ${app_name_upper}_DOMAIN_NAME=\$(get_completion_param \"${app_name} domain\")"
 echo "    if [ \$${app_name_upper}_DOMAIN_NAME ]; then"
 echo "        temp_restore_dir=/root/temp${app_name}"
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "        ${app_name}_dir=/var/www/\${${app_name_upper}_DOMAIN_NAME}/htdocs"
 else
     echo "        ${app_name}_dir=${app_dir}"
@@ -496,8 +499,8 @@ if [[ "$database_type" == "mariadb" || "$database_type" == "mysql" ]]; then
     echo "        ${app_name}_create_database"
     echo ''
     echo "        restore_database_from_friend ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
@@ -506,13 +509,13 @@ if [[ "$database_type" == "postgres"* ]]; then
     echo ''
     echo '        USE_POSTGRESQL=1'
     echo "        restore_database_from_friend ${app_name}"
-    echo '        if [ -d $temp_restore_dir ]; then'
-    echo '            rm -rf $temp_restore_dir'
+    echo "        if [ -d \$temp_restore_dir ]; then"
+    echo "            rm -rf \$temp_restore_dir"
     echo '        fi'
     echo ''
 fi
 echo "        restore_directory_from_friend \$temp_restore_dir ${app_name}"
-echo '        if [ -d $temp_restore_dir ]; then'
+echo "        if [ -d \$temp_restore_dir ]; then"
 echo "            if [ -d cp \$temp_restore_dir\$${app_name}_dir ]; then"
 echo "                cp -rp \$temp_restore_dir\$${app_name}_dir/* \$${app_name}_dir/"
 echo '            else'
@@ -522,7 +525,7 @@ echo '                fi'
 echo "                cp -rp \$temp_restore_dir/* \$${app_name}_dir/"
 echo '            fi'
 echo "            chown -R www-data:www-data \$${app_name}_dir"
-echo '            rm -rf $temp_restore_dir'
+echo "            rm -rf \$temp_restore_dir"
 echo '        fi'
 echo ''
 echo '    fi'
@@ -564,7 +567,7 @@ echo '    fi'
 echo "    remove_app ${app_name}"
 echo "    remove_completion_param install_${app_name}"
 echo "    sed -i '/${app_name}/d' \$COMPLETION_FILE"
-if [ $app_port ]; then
+if [ "$app_port" ]; then
     echo ''
     echo "    firewall_remove ${app_port} tcp"
 fi
@@ -597,7 +600,7 @@ echo '    fi'
 echo "    if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
 echo "        if [ -d /repos/${app_name} ]; then"
 echo "            mkdir /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "            cp -r -p /repos/${app_name}/. /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
     echo "            cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
 else
@@ -606,14 +609,14 @@ else
 fi
 echo '            git pull'
 echo '        else'
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "            git_clone \$${app_name_upper}_REPO /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
 else
     echo "            git_clone \$${app_name_upper}_REPO ${app_dir}"
 fi
 echo '        fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "        if [ ! -d /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs ]; then"
 else
     echo "        if [ ! -d ${app_dir} ]; then"
@@ -623,7 +626,7 @@ echo '            exit 87525'
 echo '        fi'
 echo '    fi'
 echo ''
-if [ ! $app_dir ]; then
+if [ ! "$app_dir" ]; then
     echo "    cd /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs"
 else
     echo "    cd ${app_dir}"
@@ -646,7 +649,7 @@ echo ''
 echo "    ${app_name}_nginx_site=/etc/nginx/sites-available/\$${app_name_upper}_DOMAIN_NAME"
 
 if [ $app_onion_only ]; then
-    echo '    if [[ $ONION_ONLY == "no" ]]; then'
+    echo "    if [[ \"\$ONION_ONLY\" == \"no\" ]]; then"
     if [[ "$app_php" == 'yes' ]]; then
         echo "        nginx_http_redirect \$${app_name_upper}_DOMAIN_NAME \"index index.php\""
     else
@@ -675,7 +678,7 @@ if [ $app_onion_only ]; then
     echo "        echo '' >> \$${app_name}_nginx_site"
     if [[ "$app_php" == 'yes' ]]; then
         echo "        echo '  index index.php;' >> \$${app_name}_nginx_site"
-        echo "        echo '  location ~ \.php {' >> \$${app_name}_nginx_site"
+        echo "        echo '  location ~ \\.php {' >> \$${app_name}_nginx_site"
         echo "        echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
         echo "        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
         echo "        echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
@@ -717,7 +720,7 @@ echo "    echo \"  root /var/www/\$${app_name_upper}_DOMAIN_NAME/htdocs;\" >> \$
 echo "    echo '' >> \$${app_name}_nginx_site"
 if [[ "$app_php" == 'yes' ]]; then
     echo "    echo '  index index.php;' >> \$${app_name}_nginx_site"
-    echo "    echo '  location ~ \.php {' >> \$${app_name}_nginx_site"
+    echo "    echo '  location ~ \\.php {' >> \$${app_name}_nginx_site"
     echo "    echo '    include snippets/fastcgi-php.conf;' >> \$${app_name}_nginx_site"
     echo "    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> \$${app_name}_nginx_site"
     echo "    echo '    fastcgi_read_timeout 30;' >> \$${app_name}_nginx_site"
@@ -753,7 +756,7 @@ if [ $app_daemon ]; then
     echo "    echo 'Type=simple' >> /etc/systemd/system/${app_name}.service"
     echo "    echo 'User=${app_name}' >> /etc/systemd/system/${app_name}.service"
     echo "    echo 'Group=${app_name}' >> /etc/systemd/system/${app_name}.service"
-    if [ ! $app_dir ]; then
+    if [ ! "$app_dir" ]; then
         echo "    echo 'WorkingDirectory=TODO' >> /etc/systemd/system/${app_name}.service"
     else
         echo "    echo 'WorkingDirectory=${app_dir}' >> /etc/systemd/system/${app_name}.service"
@@ -765,7 +768,7 @@ if [ $app_daemon ]; then
     echo "    echo '[Install]' >> /etc/systemd/system/${app_name}.service"
     echo "    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/${app_name}.service"
     echo "    systemctl enable ${app_name}"
-    if [ $app_dir ]; then
+    if [ "$app_dir" ]; then
         echo "    chown -R ${app_name}:${app_name} ${app_dir}"
     fi
     echo "    systemctl start ${app_name}"
@@ -785,7 +788,7 @@ echo '    systemctl restart nginx'
 echo ''
 echo "    \${PROJECT_NAME}-pass -u \$MY_USERNAME -a ${app_name} -p \"\$${app_name_upper}_ADMIN_PASSWORD\""
 echo "    set_completion_param \"${app_name} domain\" \"\$${app_name_upper}_DOMAIN_NAME\""
-if [ $app_port ]; then
+if [ "$app_port" ]; then
     echo ''
     echo "    firewall_add ${app_name} ${app_port} tcp"
 fi
diff --git a/src/freedombone-tests b/src/freedombone-tests
index 7ab50e9d..04370b07 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -56,8 +56,8 @@ function test_app_function_type {
     filename=$1
     fn_type=$2
     app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-    app_function=$(cat "${filename}" | grep "function ${fn_type}_${app_name} {" | awk -F "${fn_type}_" '{print $2}' | awk -F ' ' '{print $1}')
-    if [ ! ${app_function} ]; then
+    app_function=$(grep "function ${fn_type}_${app_name} {" "${filename}" | awk -F "${fn_type}_" '{print $2}' | awk -F ' ' '{print $1}')
+    if [ ! "${app_function}" ]; then
         echo $"Application ${app_name} does not contain a function called '${fn_type}_${app_name}'"
         echo ''
         echo "See ${filename}"
@@ -69,7 +69,7 @@ function test_app_functions {
     if [ $RUN_STIG ]; then
         return
     fi
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     # check that these functions exist
     interface_functions=( install remove backup_local backup_remote restore_local restore_remote upgrade reconfigure )
@@ -80,7 +80,7 @@ function test_app_functions {
         # for each expected interface function
         for f in "${interface_functions[@]}"
         do
-            test_app_function_type ${filename} $f
+            test_app_function_type ${filename} "$f"
         done
     done
 }
@@ -91,12 +91,12 @@ function test_unique_onion_ports {
     fi
 
     # test that some services are not assigned the same onion port
-    FILES=src/${PROJECT_NAME}-app-*
-    ports=$(grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}')
-    unique_ports=$(grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
+    FILES="src/${PROJECT_NAME}-app-*"
+    ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}')
+    unique_ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
     if [[ "$ports" != "$unique_ports" ]]; then
         echo $'Some onion ports are clashing'
-        grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq
+        grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq
         exit 637252
     fi
 }
@@ -110,7 +110,7 @@ function stig_log_msg {
     NORMAL=$(tput sgr0)
     MSG="$2"
 
-    if [ $ESTATUS -eq 0 ];then
+    if [ "$ESTATUS" -eq 0 ];then
         printf "%s %s"  "$GREEN$BOLD[ PASS ]$NORMAL" "$MSG"
         echo
     else
@@ -123,19 +123,20 @@ function stig_spinner {
 
     local pid=$1
     local delay=0.1
+    # shellcheck disable=SC2143
     while [ "$(ps -a | awk '{print $1}' | grep "$pid")" ];
     do
         sleep $delay
     done
-    printf " \b"
-    wait $1
+    printf " \\b"
+    wait "$1"
 }
 
 function disallow_package {
     package_name=$1
 
     if service --status-all | grep "+.*${package_name}";then
-        apt-get -yq remove --purge ${package_name}
+        apt-get -yq remove --purge "${package_name}"
         apt -yq autoremove
     fi
 }
@@ -164,7 +165,7 @@ function test_stig {
     CATCOLOR=1
     SETLANG="en"
 
-    source $STIG_TESTS_DIR/output.sh
+    source "$STIG_TESTS_DIR/output.sh"
 
     ##RHEL-06-000001
     ##The system must use a separate file system for /tmp.
@@ -249,6 +250,7 @@ function test_stig {
     ##RHEL-06-000033
     ##The /etc/shadow file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/shadow | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -258,6 +260,7 @@ function test_stig {
     ##RHEL-06-000034
     ##The /etc/shadow file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/shadow | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -267,6 +270,7 @@ function test_stig {
     ##RHEL-06-000035
     ##The /etc/shadow file must have mode 0000.
 
+    # shellcheck disable=SC2012
     ls -l /etc/shadow | awk '{print $1}' | grep "^----------$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -276,6 +280,7 @@ function test_stig {
     ##RHEL-06-000036
     ##The /etc/gshadow file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/gshadow | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -285,6 +290,7 @@ function test_stig {
     ##RHEL-06-000037
     ##The /etc/gshadow file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/gshadow | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -294,6 +300,7 @@ function test_stig {
     ##RHEL-06-000038
     ##The /etc/gshadow file must have mode 0000.
 
+    # shellcheck disable=SC2012
     ls -l /etc/gshadow | awk '{print $1}' | grep "^----------$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -303,6 +310,7 @@ function test_stig {
     ##RHEL-06-000039
     ##The /etc/passwd file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/passwd | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -312,6 +320,7 @@ function test_stig {
     ##RHEL-06-000040
     ##The /etc/passwd file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/passwd | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -330,6 +339,7 @@ function test_stig {
     ##RHEL-06-000042
     ##The /etc/group file must be owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/group | awk '{print $3}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -339,6 +349,7 @@ function test_stig {
     ##RHEL-06-000043
     ##The /etc/group file must be group-owned by root.
 
+    # shellcheck disable=SC2012
     ls -l /etc/group | awk '{print $4}' | grep "^root$" > /dev/null 2>&1 &
 
     stig_spinner $!
@@ -1202,7 +1213,7 @@ function test_stig {
     if [ $SHOW_ALL_TESTS ]; then
         show_passes_fails=1
     else
-        if [ $FAILS -gt 0 ]; then
+        if [ "$FAILS" -gt 0 ]; then
             show_passes_fails=1
         fi
     fi
@@ -1211,7 +1222,7 @@ function test_stig {
         echo ''
         echo $"Passes: $PASSES"
         echo $"Fails:  $FAILS"
-        if [ $FAILS -gt 0 ]; then
+        if [ "$FAILS" -gt 0 ]; then
             exit 792353
         fi
     fi
@@ -1239,7 +1250,7 @@ do
     shift
 done
 
-if [ ! $RUN_STIG ]; then
+if [ ! "$RUN_STIG" ]; then
     echo $'Running tests'
 fi
 
diff --git a/src/freedombone-unignore b/src/freedombone-unignore
index e0cb3c12..202cf726 100755
--- a/src/freedombone-unignore
+++ b/src/freedombone-unignore
@@ -79,20 +79,20 @@ if ! [[ $MYUSERNAME && $EMAIL_ADDRESS ]]; then
     fi
 fi
 
-MUTTRC=/home/$MYUSERNAME/.muttrc
+MUTTRC="/home/$MYUSERNAME/.muttrc"
 PM=/home/$MYUSERNAME/.procmailrc
 
 # unignore if subject line contains text
-if [ $SUBJECT_TEXT ]; then
-    if grep -q "Ignore rule for $SUBJECT_TEXT" $PM; then
-        sed -i "/# Ignore rule for $SUBJECT_TEXT/,/# End of ignore rule/d" $PM
+if [ "$SUBJECT_TEXT" ]; then
+    if grep -q "Ignore rule for $SUBJECT_TEXT" "$PM"; then
+        sed -i "/# Ignore rule for $SUBJECT_TEXT/,/# End of ignore rule/d" "$PM"
     fi
 fi
 
 # unignore an email address
-if [ $EMAIL_ADDRESS ]; then
-    if grep -q "Ignore rule for $EMAIL_ADDRESS" $PM; then
-        sed -i "/# Ignore rule for $EMAIL_ADDRESS/,/# End of ignore rule/d" $PM
+if [ "$EMAIL_ADDRESS" ]; then
+    if grep -q "Ignore rule for $EMAIL_ADDRESS" "$PM"; then
+        sed -i "/# Ignore rule for $EMAIL_ADDRESS/,/# End of ignore rule/d" "$PM"
     fi
 fi
 
diff --git a/src/freedombone-upgrade b/src/freedombone-upgrade
index 035a7d5d..ea4280c9 100755
--- a/src/freedombone-upgrade
+++ b/src/freedombone-upgrade
@@ -42,10 +42,10 @@ CURRENT_BRANCH=master
 # clear temporary files
 rm -rf /tmp/*
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 read_config_param PROJECT_REPO
@@ -68,14 +68,14 @@ fi
 
 #update-ca-certificates
 
-if [ ! -d $PROJECT_DIR ]; then
-    git_clone $PROJECT_REPO $PROJECT_DIR
+if [ ! -d "$PROJECT_DIR" ]; then
+    git_clone "$PROJECT_REPO" "$PROJECT_DIR"
 fi
 
-if [ -d $PROJECT_DIR ]; then
-    if [ -f $CONFIGURATION_FILE ]; then
-        cd $PROJECT_DIR
-        rm -rf $PROJECT_DIR/locale/*
+if [ -d "$PROJECT_DIR" ]; then
+    if [ -f "$CONFIGURATION_FILE" ]; then
+        cd "$PROJECT_DIR" || exit 246823484
+        rm -rf "$PROJECT_DIR/locale/*"
         if [[ "$CURRENT_BRANCH" == *"master" ]]; then
             git_pull $PROJECT_REPO
         else
@@ -88,8 +88,7 @@ if [ -d $PROJECT_DIR ]; then
             chmod -R +r /usr/share/${PROJECT_NAME}
         fi
 
-        ${PROJECT_NAME} -c $CONFIGURATION_FILE
-        if [ ! "$?" = "0" ]; then
+        if ! ${PROJECT_NAME} -c "$CONFIGURATION_FILE"; then
             exit 453536
         fi
 
diff --git a/src/freedombone-usb-canary b/src/freedombone-usb-canary
index c31f01ad..a1aca394 100755
--- a/src/freedombone-usb-canary
+++ b/src/freedombone-usb-canary
@@ -30,12 +30,12 @@
 
 PROJECT_NAME=freedombone
 
-UPTIME=$(cat /proc/uptime | awk -F '.' '{print $1}')
-if [ $UPTIME -gt 120 ]; then
-    ADMIN_USER=$(cat /root/${PROJECT_NAME}-completed.txt | grep 'Admin user' | awk -F ':' '{print $2}')
+UPTIME=$(awk -F '.' '{print $1}' < "/proc/uptime")
+if [ "$UPTIME" -gt 120 ]; then
+    ADMIN_USER=$(grep 'Admin user' /root/${PROJECT_NAME}-completed.txt | awk -F ':' '{print $2}')
     MY_EMAIL_ADDRESS=${ADMIN_USER}@$(cat /etc/hostname)
-    echo "USB device connected on ${DEVPATH}" | mail -s "${PROJECT_NAME} USB canary" ${MY_EMAIL_ADDRESS}
+    echo "USB device connected on ${DEVPATH}" | mail -s "${PROJECT_NAME} USB canary" "${MY_EMAIL_ADDRESS}"
     echo "${ACTION}" > /tmp/usb-canary
     echo "${MY_EMAIL_ADDRESS}" >> /tmp/usb-canary
-    echo "$(date)" >> /tmp/usb-canary
+    date >> /tmp/usb-canary
 fi
diff --git a/src/meshavahi b/src/meshavahi
index 423002de..c39ab9fc 100755
--- a/src/meshavahi
+++ b/src/meshavahi
@@ -71,17 +71,17 @@ function ipfs_publish {
     # include some subdirectories
     for dir in $DIR_TO_CHECK/*/
     do
-        REALLY_NEW_STAT="$NEW_STAT$(stat -t $dir)"
+        REALLY_NEW_STAT="$NEW_STAT$(stat -t "$dir")"
         NEW_STAT="$REALLY_NEW_STAT"
 
         for dir2 in "$dir"/*/
         do
-            REALLY_NEW_STAT="$NEW_STAT$(stat -t $dir2)"
+            REALLY_NEW_STAT="$NEW_STAT$(stat -t "$dir2")"
             NEW_STAT="$REALLY_NEW_STAT"
 
             for dir3 in "$dir2"/*/
             do
-                REALLY_NEW_STAT="$NEW_STAT$(stat -t $dir3)"
+                REALLY_NEW_STAT="$NEW_STAT$(stat -t "$dir3")"
                 NEW_STAT="$REALLY_NEW_STAT"
             done
         done
@@ -101,7 +101,7 @@ function ipfs_publish {
 
 function ipfs_bootstrap {
     # TODO switch to ipv6
-    cat $TEMPFILE_BASE | grep "ipfs_id\|hostname =\|address =\|port =\|txt =" > $TEMPFILE
+    grep "ipfs_id\\|hostname =\\|address =\\|port =\\|txt =" "$TEMPFILE_BASE" > "$TEMPFILE"
 
     state=0
     address=""
@@ -126,13 +126,13 @@ function ipfs_bootstrap {
         fi
         if [ ${state} -eq "2" ]; then
             if [[ $line == *"address ="* ]]; then
-                address=$(echo $line | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
+                address=$(echo "$line" | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
                 state=3
             fi
         fi
         if [ ${state} -eq "1" ]; then
             if [[ $line == *"hostname ="* ]]; then
-                peer=$(echo $line | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
+                peer=$(echo "$line" | awk -F '[' '{print $2}' | awk -F ']' '{print $1}')
                 state=2
             fi
         fi
@@ -144,7 +144,7 @@ function ipfs_bootstrap {
     # Create a list of user sites, in alphabetical order by Tox nick
     if [ -d /home/$MY_USERNAME/Desktop ]; then
         if [ -f ${IPFS_USERS_FILE}.new ]; then
-            sites_list=$(cat ${IPFS_USERS_FILE}.new | sort -d)
+            sites_list=$(sort -d < "${IPFS_USERS_FILE}.new")
             echo "${sites_list}" > ${IPFS_USERS_FILE}
             chown $MY_USERNAME:$MY_USERNAME ${IPFS_USERS_FILE}
             rm ${IPFS_USERS_FILE}.new
@@ -155,7 +155,7 @@ function ipfs_bootstrap {
 function detect_new_tox_users {
     CURRENT_USERS_FILE=$1
 
-    if [ ! -f $CURRENT_USERS_FILE ]; then
+    if [ ! -f "$CURRENT_USERS_FILE" ]; then
         return
     fi
 
@@ -170,10 +170,11 @@ function detect_new_tox_users {
             if [[ $line != "Failed*" && $line != "data "* && $line != "Anon "* && $line != "anon "* && $line != "anonymous "* && $line != "Anonymous "* ]]; then
                 if ! grep -q "$line" $PREV_TOX_USERS_FILE; then
                     # get the nick of the user
-                    toxidstr=$(echo "$line" | awk -F ' ' '{print $(NF)}')
-                    toxuser=$(echo "$line" | sed "s| $toxidstr||g")
+                    toxidstr=$(awk -F ' ' '{print $(NF)}' < "$line")
+                    toxuser=$(sed "s| $toxidstr||g" < "$line")
 
                     if [ -r "/home/$MESH_USERNAME/.dbus/Xdbus" ]; then
+                        # shellcheck disable=SC1090
                         . "/home/$MESH_USERNAME/.dbus/Xdbus"
                     fi
                     export DISPLAY=:0.0
@@ -186,28 +187,28 @@ function detect_new_tox_users {
     fi
 
     # Store the previous tox users list
-    cp -f $CURRENT_USERS_FILE $PREV_TOX_USERS_FILE
+    cp -f "$CURRENT_USERS_FILE" "$PREV_TOX_USERS_FILE"
 }
 
 function detect_tox_users {
     # don't show the first peer field
-    lstox | awk -F ' ' '{$1=""; print $0}' | sed -e 's/^[[:space:]]*//' | sort -d > $TEMPFILE
+    lstox | awk -F ' ' '{$1=""; print $0}' | sed -e 's/^[[:space:]]*//' | sort -d > "$TEMPFILE"
 
-    detect_new_tox_users $TEMPFILE
+    detect_new_tox_users "$TEMPFILE"
 }
 
 function avahi_extract_info {
     # Create a list of bootstrap nodes
-    avahi-browse -atr > $TEMPFILE_BASE
-    cat $TEMPFILE_BASE | grep "hostname =\|address =\|port =" > $TEMPFILE
-    if [ ! -f $TEMPFILE ]; then
+    avahi-browse -atr > "$TEMPFILE_BASE"
+    grep "hostname =\\|address =\\|port =" "$TEMPFILE_BASE" > "$TEMPFILE"
+    if [ ! -f "$TEMPFILE" ]; then
         exit 1
     fi
 }
 
 function avahi_remove_info {
-    rm -f $TEMPFILE_BASE
-    rm -f $TEMPFILE
+    rm -f "$TEMPFILE_BASE"
+    rm -f "$TEMPFILE"
 }
 
 if [ ! -d /etc/avahi ]; then

From 1de2c88d04716c0daf8d878818813d02cae7c005 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:34:44 +0000
Subject: [PATCH 22/67] Include static analysis in tests

---
 src/freedombone-tests | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 04370b07..37443af4 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -65,6 +65,30 @@ function test_app_function_type {
     fi
 }
 
+function test_static_analysis {
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-*"
+
+    for filename in $FILES
+    do
+        if ! shellcheck --exclude SC2034,SC1090 "$filename"; then
+            echo ''
+            echo $"${filename} failed static analysis"
+            exit 24687242
+        fi
+    done
+
+    FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-*"
+
+    for filename in $FILES
+    do
+        if ! shellcheck --exclude SC2034,SC1090 "$filename"; then
+            echo ''
+            echo $"${filename} failed static analysis"
+            exit 24687242
+        fi
+    done
+}
+
 function test_app_functions {
     if [ $RUN_STIG ]; then
         return
@@ -1255,6 +1279,7 @@ if [ ! "$RUN_STIG" ]; then
 fi
 
 test_app_functions
+test_static_analysis
 test_unique_onion_ports
 remove_management_engine_interface
 freedombone-pass --test yes

From 087115fa238b5675f24b74e5dbd6b61b472c4a7f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:36:51 +0000
Subject: [PATCH 23/67] Install shellcheck if needed

---
 src/freedombone-tests | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 37443af4..6b30ed50 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -66,6 +66,10 @@ function test_app_function_type {
 }
 
 function test_static_analysis {
+    if [ ! -f /usr/bin/shellcheck ]; then
+        apt-get -yq install shellcheck
+    fi
+
     FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-*"
 
     for filename in $FILES

From c4b091c281ab81950be0090a5a8eaab77be35fbb Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:39:00 +0000
Subject: [PATCH 24/67] Fix static analysis failures

---
 src/freedombone-app-bdsmail | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-app-bdsmail b/src/freedombone-app-bdsmail
index 1c9163da..6aa179b8 100755
--- a/src/freedombone-app-bdsmail
+++ b/src/freedombone-app-bdsmail
@@ -125,7 +125,7 @@ function change_password_bdsmail {
             sed -i "s|set smtp_url=.*|set smtp_url=smtp://${curr_username}:${new_user_password}@127.0.0.1:$I2P_SMTP_PORT/" "/home/${USERNAME}/.mutt/bdsmail"
             sed -i "s|set from=.*|set from=${USERNAME}@$(bdsmail_domain)|g" "/home/${USERNAME}/.mutt/bdsmail"
             chown "${USERNAME}":"${USERNAME}" "/home/${USERNAME}/.mutt/bdsmail"
-            cd $BDSMAIL_DIR
+            cd $BDSMAIL_DIR || exit 2468246
             $BDSMAIL_DIR/bin/mailtool $BDSMAIL_DIR/config.ini "$curr_username" "/home/$curr_username/Maildir/i2p" "$new_user_password"
         fi
     done
@@ -319,7 +319,7 @@ function install_bdsmail {
     if [ -d /repos/bdsmail ]; then
         mkdir $BDSMAIL_DIR
         cp -r -p /repos/bdsmail/. $BDSMAIL_DIR
-        cd $BDSMAIL_DIR
+        cd $BDSMAIL_DIR || exit 24687246
         git pull
     else
         git_clone "$BDSMAIL_REPO" "$BDSMAIL_DIR"
@@ -330,7 +330,7 @@ function install_bdsmail {
         exit 5735735
     fi
 
-    cd $BDSMAIL_DIR
+    cd $BDSMAIL_DIR || exit 2468246
     git checkout "$BDSMAIL_COMMIT" -b "$BDSMAIL_COMMIT"
     set_completion_param "bdsmail commit" "$BDSMAIL_COMMIT"
 

From 4060c44e4e4fdb3b4a02150e97d325f3c1b070af Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:44:18 +0000
Subject: [PATCH 25/67] Fix static analysis failures

---
 src/freedombone-app-cryptpad | 1 +
 src/freedombone-app-peertube | 1 +
 src/freedombone-app-pelican  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/src/freedombone-app-cryptpad b/src/freedombone-app-cryptpad
index 4f0731ca..090bc875 100755
--- a/src/freedombone-app-cryptpad
+++ b/src/freedombone-app-cryptpad
@@ -339,6 +339,7 @@ function cryptpad_create_config {
 }
 
 function mesh_install_cryptpad {
+    # shellcheck disable=SC2153
     if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi
diff --git a/src/freedombone-app-peertube b/src/freedombone-app-peertube
index 632064f8..0289364a 100755
--- a/src/freedombone-app-peertube
+++ b/src/freedombone-app-peertube
@@ -618,6 +618,7 @@ function peertube_create_config {
 }
 
 function mesh_install_peertube {
+    # shellcheck disable=SC2153
     if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi
diff --git a/src/freedombone-app-pelican b/src/freedombone-app-pelican
index 6019b1cf..9c053c1a 100755
--- a/src/freedombone-app-pelican
+++ b/src/freedombone-app-pelican
@@ -756,6 +756,7 @@ function pelican_themes {
 }
 
 function mesh_install_pelican {
+    # shellcheck disable=SC2153
     if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" && "$VARIANT" != "usb" ]]; then
         return
     fi

From 5b9c77cc8d0c9fd7887caea09852354ce0f7e5f0 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:45:05 +0000
Subject: [PATCH 26/67] Fix static analysis failures

---
 src/freedombone-app-dlna | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-dlna b/src/freedombone-app-dlna
index ab06378f..c3218fd5 100755
--- a/src/freedombone-app-dlna
+++ b/src/freedombone-app-dlna
@@ -63,7 +63,7 @@ function configure_interactive_dlna {
             255) rm -f "$data"
                  break;;
         esac
-        case $(cat $data) in
+        case $(cat "$data") in
             1) attach-music;;
             2) remove-music;;
             3) rm -f "$data"

From 82ca75d2fa444b0877c934e48c66b2e5459462e7 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:45:59 +0000
Subject: [PATCH 27/67] Fix static analysis failures

---
 src/freedombone-app-dokuwiki | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-app-dokuwiki b/src/freedombone-app-dokuwiki
index c998fbe7..0c47b474 100755
--- a/src/freedombone-app-dokuwiki
+++ b/src/freedombone-app-dokuwiki
@@ -79,9 +79,9 @@ function change_password_dokuwiki {
         HASHED_DOKUWIKI_PASSWORD=$(echo -n "$new_user_password" | md5sum | awk -F ' ' '{print $1}')
         existing_user=$(grep "$curr_username:" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" | hean -n 1)
         if [[ "$existing_user" == *":admin,"* ]]; then
-            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:admin,user,upload|g" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
         else
-            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php
+            sed -i "s|$curr_username:.*|$curr_username:$HASHED_DOKUWIKI_PASSWORD:$curr_username:$curr_username@$HOSTNAME:user,upload|g" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php"
         fi
         cp "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/lib/plugins/acl/users.auth.php" "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"
         chmod 640 "/var/www/$DOKUWIKI_DOMAIN_NAME/htdocs/conf/users.auth.php"

From 02627accb1c65020898cece67183bb35d55d82b0 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:47:04 +0000
Subject: [PATCH 28/67] Fix static analysis failures

---
 src/freedombone-app-friendica | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-app-friendica b/src/freedombone-app-friendica
index 7eee5abe..fab6bcf0 100755
--- a/src/freedombone-app-friendica
+++ b/src/freedombone-app-friendica
@@ -116,7 +116,7 @@ function friendica_channel_directory_server {
     data=$(mktemp 2>/dev/null)
     dialog --title $"Friendica channel directory server" \
            --backtitle $"Freedombone Control Panel" \
-           --inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>$data
+           --inputbox $"When you click on 'channel directory' this is where Friendica will obtain its list from" 8 60 "$CURR_DIR_SERVER" 2>"$data"
     sel=$?
     case $sel in
         0)
@@ -521,7 +521,7 @@ function install_friendica {
           echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
           echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
           echo "        # another machine. And then cross your fingers that you won't get hacked.";
-          echo '        try_files $uri $uri/ /index.php;';
+          echo "        try_files \$uri \$uri/ /index.php;";
           echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
           echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
           echo '        # With php-cgi alone:';

From fcc87c9bf7d4f21c443c7bada970c1c3db604ea7 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:52:07 +0000
Subject: [PATCH 29/67] quotes

---
 src/freedombone-app-ipfs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-app-ipfs b/src/freedombone-app-ipfs
index d5859ae0..fca4cbfc 100755
--- a/src/freedombone-app-ipfs
+++ b/src/freedombone-app-ipfs
@@ -369,7 +369,7 @@ function install_ipfs_js {
     systemctl restart ${IPFS_DAEMON_NAME}
 
     if [ -d /etc/avahi ]; then
-        su -c "echo $($IPFS_PATH/jsipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
+        su -c "echo $($IPFS_PATH/jsipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - "$MY_USERNAME"
         if [ ! -f /tmp/ipfsid ]; then
             echo 'No IPFS identity was created'
             exit 37895
@@ -586,7 +586,7 @@ function install_ipfs_go {
     systemctl restart ipfs
 
     if [ -d /etc/avahi ]; then
-        su -c "echo $($IPFS_PATH/ipfs id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - $MY_USERNAME
+        su -c "echo $("$IPFS_PATH/ipfs" id | grep '\"ID\":' | awk -F '\"' '{print $4}') > /tmp/ipfsid" - "$MY_USERNAME"
         if [ ! -f /tmp/ipfsid ]; then
             echo 'No IPFS identity was created'
             exit 37895

From e053de23aff15fca631a8523b9444e4a423429c7 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:54:04 +0000
Subject: [PATCH 30/67] quotes

---
 src/freedombone-app-pleroma | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index 8cf2135c..eb2ebb1a 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -275,7 +275,7 @@ function add_user_pleroma {
     new_username="$1"
     new_user_password="$2"
 
-    ${PROJECT_NAME}-pass -u $new_username -a pleroma -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a pleroma -p "$new_user_password"
 
     echo '0'
 }
@@ -304,10 +304,10 @@ function install_interactive_pleroma {
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pleroma Configuration" \
-                       --form $"\nPlease enter your Pleroma details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your Pleroma details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                        $"Domain:" 1 1 "$(grep 'PLEROMA_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$PLEROMA_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$PLEROMA_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       $"Title:" 2 1 "$(grep "$PLEROMA_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$PLEROMA_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
                        2> "$data"
             fi
             sel=$?

From f13c18092ff0a20ef84c898e965375c1b3630a2a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 19:55:56 +0000
Subject: [PATCH 31/67] Removing trap

---
 src/freedombone-app-postactiv | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-app-postactiv b/src/freedombone-app-postactiv
index a0addb23..74d5ec77 100755
--- a/src/freedombone-app-postactiv
+++ b/src/freedombone-app-postactiv
@@ -119,7 +119,6 @@ function install_interactive_postactiv {
         while [ ! $POSTACTIV_DETAILS_COMPLETE ]
         do
             data=$(mktemp 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
             if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"PostActiv Configuration" \
@@ -140,8 +139,10 @@ function install_interactive_postactiv {
             fi
             sel=$?
             case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
             esac
             POSTACTIV_DOMAIN_NAME=$(sed -n 1p < "$data")
             title=$(sed -n 2p < "$data")
@@ -174,6 +175,7 @@ function install_interactive_postactiv {
             if [ $POSTACTIV_DOMAIN_NAME ]; then
                 POSTACTIV_DETAILS_COMPLETE="yes"
             fi
+            rm -f "$data"
         done
 
         # remove any invalid characters

From c44d07bd2f7608fb8f26d80b4c4f4745c51fb9eb Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:07:54 +0000
Subject: [PATCH 32/67] wifi utils static analysis

---
 src/freedombone-app-syncthing |   1 -
 src/freedombone-utils-wifi    | 259 +++++++++++++++++-----------------
 2 files changed, 128 insertions(+), 132 deletions(-)

diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing
index 7d46f794..46db9d9c 100755
--- a/src/freedombone-app-syncthing
+++ b/src/freedombone-app-syncthing
@@ -112,7 +112,6 @@ function syncthing_add_id {
     syncthing_create_ids_file
 
     data=$(mktemp 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
     dialog --backtitle $"Freedombone User Control Panel" \
            --title $"Add a Syncthing device ID" \
            --form $"Paste the device ID for your laptop/desktop/netbook/phone/tablet below" 9 80 2 \
diff --git a/src/freedombone-utils-wifi b/src/freedombone-utils-wifi
index ecef691e..663bf8b9 100755
--- a/src/freedombone-utils-wifi
+++ b/src/freedombone-utils-wifi
@@ -74,10 +74,10 @@ function wifi_static_network_interface {
     else
         read_config_param "LOCAL_NETWORK_STATIC_IP_ADDRESS"
         read_config_param "ROUTER_IP_ADDRESS"
-        echo 'iface default inet static' > /etc/network/interfaces.d/static
-        echo "    address ${LOCAL_NETWORK_STATIC_IP_ADDRESS}" >> /etc/network/interfaces.d/static
-        echo '    netmask 255.255.255.0' >> /etc/network/interfaces.d/static
-        echo "    gateway ${ROUTER_IP_ADDRESS}" >> /etc/network/interfaces.d/static
+        { echo 'iface default inet static';
+          echo "    address ${LOCAL_NETWORK_STATIC_IP_ADDRESS}";
+          echo '    netmask 255.255.255.0';
+          echo "    gateway ${ROUTER_IP_ADDRESS}"; } > /etc/network/interfaces.d/static
     fi
 }
 
@@ -98,14 +98,14 @@ function setup_wifi_atheros {
     else
         atheros_drivers_file=$(pwd)/$atheros_drivers_file
     fi
-    dpkg -i $atheros_drivers_file
+    dpkg -i "$atheros_drivers_file"
     reset_usb_devices
     update_wifi_adaptors
-    if [ $IFACE ]; then
-        wpa_action ${IFACE} stop
-        wpa_cli -i ${IFACE} terminate
+    if [ "$IFACE" ]; then
+        wpa_action "${IFACE}" stop
+        wpa_cli -i "${IFACE}" terminate
         #ifconfig $IFACE up
-        ifup $IFACE
+        ifup "$IFACE"
     fi
 }
 
@@ -129,8 +129,8 @@ function setup_wifi {
         HOTSPOT='yes'
     fi
 
-    if [ -f $WIFI_NETWORKS_FILE ]; then
-        ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE
+    if [ -f "$WIFI_NETWORKS_FILE" ]; then
+        "${PROJECT_NAME}-wifi" --networks "$WIFI_NETWORKS_FILE"
         mark_complete "${FUNCNAME[0]}"
         return
     fi
@@ -144,9 +144,9 @@ function setup_wifi {
             echo $'Wifi passphrase was too short'
             return
         fi
-        ${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $HOTSPOT --networks $WIFI_NETWORKS_FILE
+        "${PROJECT_NAME}-wifi" -s "$WIFI_SSID" -t "$WIFI_TYPE" -p "$WIFI_PASSPHRASE" --hotspot "$HOTSPOT" --networks "$WIFI_NETWORKS_FILE"
     else
-        ${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE --hotspot $HOTSPOT --networks $WIFI_NETWORKS_FILE
+        "${PROJECT_NAME}-wifi" -s "$WIFI_SSID" -t "$WIFI_TYPE" --hotspot "$HOTSPOT" --networks "$WIFI_NETWORKS_FILE"
     fi
     mark_completed "${FUNCNAME[0]}"
 }
@@ -156,13 +156,13 @@ function install_atheros_wifi {
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
-    if [ $INSTALLING_ON_BBB != "yes" ]; then
+    if [ "$INSTALLING_ON_BBB" != "yes" ]; then
         return
     fi
     if [[ $ENABLE_BATMAN != "yes" ]]; then
         return
     fi
-    if [ -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
+    if [ -d "$INSTALL_DIR/open-ath9k-htc-firmware" ]; then
         return
     fi
     # have drivers already been installed ?
@@ -170,32 +170,28 @@ function install_atheros_wifi {
         return
     fi
     apt-get -yq install build-essential cmake git m4 texinfo
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
-    cd $INSTALL_DIR
-    if [ ! -d $INSTALL_DIR/open-ath9k-htc-firmware ]; then
+    cd "$INSTALL_DIR" || exit 24678246
+    if [ ! -d "$INSTALL_DIR/open-ath9k-htc-firmware" ]; then
         function_check git_clone
-        git_clone $ATHEROS_WIFI_REPO $INSTALL_DIR/open-ath9k-htc-firmware
-        if [ ! "$?" = "0" ]; then
-            rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
+        if ! git_clone "$ATHEROS_WIFI_REPO" "$INSTALL_DIR/open-ath9k-htc-firmware"; then
+            rm -rf "$INSTALL_DIR/open-ath9k-htc-firmware"
             exit 74283
         fi
     fi
-    cd $INSTALL_DIR/open-ath9k-htc-firmware
+    cd "$INSTALL_DIR/open-ath9k-htc-firmware" || exit 24682468
     git checkout 1.4.0
-    make toolchain
-    if [ ! "$?" = "0" ]; then
-        rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
+    if ! make toolchain; then
+        rm -rf "$INSTALL_DIR/open-ath9k-htc-firmware"
         exit 24820
     fi
-    make firmware
-    if [ ! "$?" = "0" ]; then
-        rm -rf $INSTALL_DIR/open-ath9k-htc-firmware
+    if ! make firmware; then
+        rm -rf "$INSTALL_DIR/open-ath9k-htc-firmware"
         exit 63412
     fi
-    cp target_firmware/*.fw /lib/firmware/
-    if [ ! "$?" = "0" ]; then
+    if ! cp target_firmware/*.fw /lib/firmware/; then
         exit 74681
     fi
     mark_completed "${FUNCNAME[0]}"
@@ -206,7 +202,7 @@ function update_wifi_adaptors {
     IFACE_SECONDARY=
 
     for i in $(seq 10 -1 0); do
-        ifdown --force wlan${i} 2> /dev/null
+        ifdown --force "wlan${i}" 2> /dev/null
     done
 
     for i in $(seq 10 -1 0); do
@@ -226,7 +222,7 @@ function wifi_get_psk {
     passphrase=$2
 
     psk=$(wpa_passphrase "$ssid" "$passphrase" | grep 'psk=' | sed -n 2p | awk -F '=' '{print $2}')
-    echo $psk
+    echo "$psk"
 }
 
 function hotspot_off {
@@ -274,34 +270,34 @@ function hotspot_on {
 
     sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
 
-    echo '### Wireless network name ###' > /etc/hostapd/hostapd.conf
-    echo "interface=$WIFI_INTERFACE" >> /etc/hostapd/hostapd.conf
-    echo '' >> /etc/hostapd/hostapd.conf
-    echo '### Set your bridge name ###' >> /etc/hostapd/hostapd.conf
-    echo 'bridge=br0' >> /etc/hostapd/hostapd.conf
-    echo '' >> /etc/hostapd/hostapd.conf
-    echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
-    echo "country_code=UK" >> /etc/hostapd/hostapd.conf
-    echo "ssid=$WIFI_SSID" >> /etc/hostapd/hostapd.conf
-    echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
-    echo 'channel=6' >> /etc/hostapd/hostapd.conf
-    echo 'wpa=2' >> /etc/hostapd/hostapd.conf
-    echo "wpa_passphrase=$WIFI_PASSPHRASE" >> /etc/hostapd/hostapd.conf
-    echo '' >> /etc/hostapd/hostapd.conf
-    echo '## Key management algorithms ##' >> /etc/hostapd/hostapd.conf
-    echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
-    echo '' >> /etc/hostapd/hostapd.conf
-    echo '## Set cipher suites (encryption algorithms) ##' >> /etc/hostapd/hostapd.conf
-    echo '## TKIP = Temporal Key Integrity Protocol' >> /etc/hostapd/hostapd.conf
-    echo '## CCMP = AES in Counter mode with CBC-MAC' >> /etc/hostapd/hostapd.conf
-    echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
-    echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
-    echo '' >> /etc/hostapd/hostapd.conf
-    echo '## Shared Key Authentication ##'
-    echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
-    echo '' >> /etc/hostapd/hostapd.conf
-    echo '## Accept all MAC address ###' >> /etc/hostapd/hostapd.conf
-    echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
+    { echo '### Wireless network name ###';
+      echo "interface=$WIFI_INTERFACE";
+      echo '';
+      echo '### Set your bridge name ###';
+      echo 'bridge=br0';
+      echo '';
+      echo 'driver=nl80211';
+      echo "country_code=UK";
+      echo "ssid=$WIFI_SSID";
+      echo 'hw_mode=g';
+      echo 'channel=6';
+      echo 'wpa=2';
+      echo "wpa_passphrase=$WIFI_PASSPHRASE";
+      echo '';
+      echo '## Key management algorithms ##';
+      echo 'wpa_key_mgmt=WPA-PSK';
+      echo '';
+      echo '## Set cipher suites (encryption algorithms) ##';
+      echo '## TKIP = Temporal Key Integrity Protocol';
+      echo '## CCMP = AES in Counter mode with CBC-MAC';
+      echo 'wpa_pairwise=TKIP';
+      echo 'rsn_pairwise=CCMP';
+      echo '';
+      echo '## Shared Key Authentication ##'
+      echo 'auth_algs=1';
+      echo '';
+      echo '## Accept all MAC address ###';
+      echo 'macaddr_acl=0'; } > /etc/hostapd/hostapd.conf
 
     if [ ! -f /etc/network/interfaces_original_static ]; then
         if [ -f /etc/network/interfaces.d/static ]; then
@@ -365,7 +361,7 @@ function wifi_wpa2_psk {
     echo "  wpa-roam $WIFI_CONFIG" >> /etc/network/interfaces.d/wifi
     wifi_static_network_interface
 
-    wpa_passphrase "$ssid" "$passphrase" > $WIFI_CONFIG
+    wpa_passphrase "$ssid" "$passphrase" > "$WIFI_CONFIG"
 
     systemctl restart network-manager
     ifup $WIFI_INTERFACE
@@ -385,24 +381,23 @@ function wifi_none {
 
     wifi_static_network_interface
 
-    echo 'ctrl_interface=/run/wpa_supplicant' > $WIFI_CONFIG
-    echo 'update_config=1' >> $WIFI_CONFIG
-    echo 'eapol_version=1' >> $WIFI_CONFIG
-    echo '' >> $WIFI_CONFIG
-
-    echo 'network={' >> $WIFI_CONFIG
+    { echo 'ctrl_interface=/run/wpa_supplicant';
+      echo 'update_config=1';
+      echo 'eapol_version=1';
+      echo '';
+      echo 'network={'; } > "$WIFI_CONFIG"
     if [[ "${ssid}" != $'any' && "${ssid}" != $'all' && "${ssid}" != $'open' ]]; then
-        echo "  ssid=\"${ssid}\"" >> $WIFI_CONFIG
+        echo "  ssid=\"${ssid}\"" >> "$WIFI_CONFIG"
     fi
-    echo '  key_mgmt=NONE' >> $WIFI_CONFIG
-    echo '}' >> $WIFI_CONFIG
+    echo '  key_mgmt=NONE' >> "$WIFI_CONFIG"
+    echo '}' >> "$WIFI_CONFIG"
 
     systemctl restart network-manager
     ifup $WIFI_INTERFACE
 }
 
 function networks_from_file {
-    if [ ! -f $WIFI_NETWORKS_FILE ]; then
+    if [ ! -f "$WIFI_NETWORKS_FILE" ]; then
         exit 4
     fi
 
@@ -416,21 +411,21 @@ function networks_from_file {
     echo 'allow-hotplug eth0' > /etc/network/interfaces.d/static
     echo 'iface eth0 inet dhcp' >> /etc/network/interfaces.d/static
 
-    echo "allow-hotplug ${WIFI_INTERFACE}" >> /etc/network/interfaces.d/wifi
-    echo "iface ${WIFI_INTERFACE} inet manual" >> /etc/network/interfaces.d/wifi
-    echo "  wpa-roam $WIFI_CONFIG" >> /etc/network/interfaces.d/wifi
+    { echo "allow-hotplug ${WIFI_INTERFACE}";
+      echo "iface ${WIFI_INTERFACE} inet manual";
+      echo "  wpa-roam $WIFI_CONFIG"; } > /etc/network/interfaces.d/wifi
 
     wifi_static_network_interface
 
     # remove wpa_supplicant.conf if it exists
-    if [ -f $WIFI_CONFIG ]; then
-        rm -f $WIFI_CONFIG
+    if [ -f "$WIFI_CONFIG" ]; then
+        rm -f "$WIFI_CONFIG"
     fi
 
-    echo 'ctrl_interface=/run/wpa_supplicant' > $WIFI_CONFIG
-    echo 'update_config=1' >> $WIFI_CONFIG
-    echo 'eapol_version=1' >> $WIFI_CONFIG
-    echo '' >> $WIFI_CONFIG
+    { echo 'ctrl_interface=/run/wpa_supplicant';
+      echo 'update_config=1';
+      echo 'eapol_version=1';
+      echo ''; } > "$WIFI_CONFIG"
 
     ctr=0
     while read -r line
@@ -443,19 +438,19 @@ function networks_from_file {
                 if [ $ctr -eq 1 ]; then
                     WIFI_TYPE="$line"
                     if [[ $WIFI_TYPE == $'none' || $WIFI_TYPE == $'open' ]]; then
-                        echo 'network={' >> $WIFI_CONFIG
+                        echo 'network={' >> "$WIFI_CONFIG"
                         if [[ "${WIFI_SSID}" != $'any' && "${WIFI_SSID}" != $'all' && "${WIFI_SSID}" != $'open' ]]; then
-                            echo "  ssid=\"${WIFI_SSID}\"" >> $WIFI_CONFIG
+                            echo "  ssid=\"${WIFI_SSID}\"" >> "$WIFI_CONFIG"
                         fi
-                        echo '  key_mgmt=NONE' >> $WIFI_CONFIG
-                        echo '}' >> $WIFI_CONFIG
+                        echo '  key_mgmt=NONE' >> "$WIFI_CONFIG"
+                        echo '}' >> "$WIFI_CONFIG"
                         ctr=0
                         continue
                     fi
                 fi
                 if [ $ctr -eq 2 ]; then
                     WIFI_PASSPHRASE="$line"
-                    wpa_passphrase "$WIFI_SSID" "$WIFI_PASSPHRASE" >> $WIFI_CONFIG
+                    wpa_passphrase "$WIFI_SSID" "$WIFI_PASSPHRASE" >> "$WIFI_CONFIG"
                     ctr=0
                     continue
                 fi
@@ -463,7 +458,7 @@ function networks_from_file {
                 ctr=$((ctr + 1))
             fi
         fi
-    done < $WIFI_NETWORKS_FILE
+    done < "$WIFI_NETWORKS_FILE"
 
     systemctl restart network-manager
     #ifconfig ${WIFI_INTERFACE} up
@@ -471,27 +466,27 @@ function networks_from_file {
 }
 
 function wifi_networks_file_header {
-    echo $'# Add wifi networks as follows:' > $WIFI_NETWORKS_FILE
-    echo '#' >> $WIFI_NETWORKS_FILE
-    echo $'# MySSID' >> $WIFI_NETWORKS_FILE
-    echo $'# wpa2-psk' >> $WIFI_NETWORKS_FILE
-    echo $'# myWifiPassphrase' >> $WIFI_NETWORKS_FILE
-    echo '#' >> $WIFI_NETWORKS_FILE
-    echo $'# AnotherSSID' >> $WIFI_NETWORKS_FILE
-    echo $'# none' >> $WIFI_NETWORKS_FILE
-    echo '#' >> $WIFI_NETWORKS_FILE
+    { echo $'# Add wifi networks as follows:';
+      echo '#';
+      echo $'# MySSID';
+      echo $'# wpa2-psk';
+      echo $'# myWifiPassphrase';
+      echo '#';
+      echo $'# AnotherSSID';
+      echo $'# none';
+      echo '#'; } > "$WIFI_NETWORKS_FILE"
 }
 
 function create_networks_interactive {
     remove_config_param "WIFI_INTERFACE"
     update_wifi_adaptors
-    if [ ! $IFACE ]; then
+    if [ ! "$IFACE" ]; then
         # Don't try to configure wifi if there are no adaptors
         return
     fi
 
-    if [ -f $WIFI_NETWORKS_FILE ]; then
-        rm $WIFI_NETWORKS_FILE
+    if [ -f "$WIFI_NETWORKS_FILE" ]; then
+        rm "$WIFI_NETWORKS_FILE"
     fi
 
     # By default connect to any open wifi
@@ -503,11 +498,10 @@ function create_networks_interactive {
     wifi_settings_defined=
     while [ ! $wifi_networks_done ]
     do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
-        wifistr=$"\nTo use this system via wifi (eg. USB dongle) enter the details below, otherwise just select Ok:"
+        data=$(mktemp 2>/dev/null)
+        wifistr=$"\\nTo use this system via wifi (eg. USB dongle) enter the details below, otherwise just select Ok:"
         if [ -f /root/.wifi-only ]; then
-            wifistr=$"\nEnter your wifi login details below."
+            wifistr=$"\\nEnter your wifi login details below."
         fi
         dialog --backtitle $"Freedombone Configuration" \
                --title $"Wifi Settings ${wifi_ctr}" \
@@ -515,15 +509,18 @@ function create_networks_interactive {
                $"SSID (can be 'any'):" 1 1 "$WIFI_SSID" 1 24 30 30 \
                $"Type (open/wpa2-psk):" 2 1 "$WIFI_TYPE" 2 24 10 10 \
                $"Passphrase:" 3 1 "$WIFI_PASSPHRASE" 3 24 50 50 \
-               2> $data
+               2> "$data"
         sel=$?
         case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
         esac
-        WIFI_SSID=$(cat $data | sed -n 1p)
-        WIFI_TYPE=$(cat $data | sed -n 2p)
-        WIFI_PASSPHRASE=$(cat $data | sed -n 3p)
+        WIFI_SSID=$(sed -n 1p < "$data")
+        WIFI_TYPE=$(sed -n 2p < "$data")
+        WIFI_PASSPHRASE=$(sed -n 3p < "$data")
+        rm -f "$data"
 
         # If the wifi-only indicator is present then wifi details must
         # be specified, otherwise they're optional
@@ -539,16 +536,16 @@ function create_networks_interactive {
             fi
         fi
 
-        if [ ! -f $WIFI_NETWORKS_FILE ]; then
+        if [ ! -f "$WIFI_NETWORKS_FILE" ]; then
             wifi_networks_file_header
         fi
 
         # update the wifi networks file
-        echo '' >> $WIFI_NETWORKS_FILE
-        echo "$WIFI_SSID" >> $WIFI_NETWORKS_FILE
-        echo "$WIFI_TYPE" >> $WIFI_NETWORKS_FILE
+        { echo '';
+          echo "$WIFI_SSID";
+          echo "$WIFI_TYPE"; } >> "$WIFI_NETWORKS_FILE"
         if [ ${#WIFI_PASSPHRASE} -gt 1 ]; then
-            echo "$WIFI_PASSPHRASE" >> $WIFI_NETWORKS_FILE
+            echo "$WIFI_PASSPHRASE" >> "$WIFI_NETWORKS_FILE"
         fi
 
         if [ ${#WIFI_SSID} -gt 1 ]; then
@@ -626,28 +623,28 @@ function remove_wifi_startup_script {
         systemctl disable wifistart
         rm $systemd_file
     fi
-    if [ -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then
-        rm $HOME/${PROJECT_NAME}-wifi.cfg
+    if [ -f "$HOME/${PROJECT_NAME}-wifi.cfg" ]; then
+        rm "$HOME/${PROJECT_NAME}-wifi.cfg"
     fi
 }
 
 function create_wifi_startup_script {
     systemd_file=/etc/systemd/system/wifistart.service
-    echo '[Unit]' > $systemd_file
-    echo 'Description=WifiStartup (Start wifi networking)' >> $systemd_file
-    echo 'After=syslog.target' >> $systemd_file
-    echo 'After=network.target' >> $systemd_file
-    echo 'After=remote-fs.target' >> $systemd_file
-    echo '' >> $systemd_file
-    echo '[Service]' >> $systemd_file
-    echo 'Type=simple' >> $systemd_file
-    echo 'User=root' >> $systemd_file
-    echo 'Group=root' >> $systemd_file
-    echo 'WorkingDirectory=/root' >> $systemd_file
-    echo "ExecStart=/usr/local/bin/${PROJECT_NAME}-wifi --wait 5 2> /dev/null" >> $systemd_file
-    echo '' >> $systemd_file
-    echo '[Install]' >> $systemd_file
-    echo 'WantedBy=multi-user.target' >> $systemd_file
+    { echo '[Unit]';
+      echo 'Description=WifiStartup (Start wifi networking)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=remote-fs.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'WorkingDirectory=/root';
+      echo "ExecStart=/usr/local/bin/${PROJECT_NAME}-wifi --wait 5 2> /dev/null";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $systemd_file
 
     systemctl enable wifistart
     systemctl daemon-reload

From 24f38c53f3c67f24c1f10a990771419bc6b51832 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:09:25 +0000
Subject: [PATCH 33/67] Fix static analysis failures

---
 src/freedombone-app-privatebin | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-app-privatebin b/src/freedombone-app-privatebin
index 0667cd84..49a78a0e 100755
--- a/src/freedombone-app-privatebin
+++ b/src/freedombone-app-privatebin
@@ -374,7 +374,7 @@ function install_privatebin {
           echo '  location / {'; } >> "$privatebin_nginx_site"
         function_check nginx_limits
         nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
-        { echo '    try_files $uri $uri/ @privatebin;';
+        { echo "    try_files \$uri \$uri/ @privatebin;";
           echo '  }';
           echo '';
           echo '  # Restrict access that is unnecessary anyway';
@@ -414,7 +414,7 @@ function install_privatebin {
       echo '  location / {'; } >> "$privatebin_nginx_site"
     function_check nginx_limits
     nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
-    { echo '    try_files $uri $uri/ @privatebin;';
+    { echo "    try_files \$uri \$uri/ @privatebin;";
       echo '  }';
       echo '';
       echo '  # Restrict access that is unnecessary anyway';

From 453ce1fa37eed6e2585c893361d87f166b7626f7 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:10:21 +0000
Subject: [PATCH 34/67] Fix static analysis failures

---
 src/freedombone-app-profanity | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-profanity b/src/freedombone-app-profanity
index 604d388f..349c0a4c 100755
--- a/src/freedombone-app-profanity
+++ b/src/freedombone-app-profanity
@@ -269,7 +269,7 @@ function install_profanity {
 
     mkdir -p /etc/skel/.local/share/profanity/plugins
     cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /etc/skel/.local/share/profanity/plugins
-    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /home/$MY_USERNAME/.local/share/profanity/plugins
+    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/home/$MY_USERNAME/.local/share/profanity/plugins"
     chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
 
     XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity

From a9a2e749059f25e02fefbf582d629e8628d2c443 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:15:39 +0000
Subject: [PATCH 35/67] Fix static analysis failures

---
 src/freedombone-app-radicale | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-app-radicale b/src/freedombone-app-radicale
index 6d37c502..19cfe5b3 100755
--- a/src/freedombone-app-radicale
+++ b/src/freedombone-app-radicale
@@ -552,8 +552,8 @@ function install_radicale {
     else
         # alter the existing site config
         if ! grep -q "# Start radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"; then
-            sed -i "/]:443/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host $host;\\n    proxy_set_header X-Real-IP $remote_addr;\\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto $scheme;\\n  }\\n\\n  location \\/radicale {\\n      try_files $uri @radicale;\\n  }\n\n  location \\/.well-known\\/carddav {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files $uri @radicale;\\n  }\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
-            sed -i "/listen localhost/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host $host;\\n    proxy_set_header X-Real-IP $remote_addr;\\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto $scheme;\\n  }\\n\\n  location \/radicale {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/carddav {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files $uri @radicale;\\n  }\\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
+            sed -i "/]:443/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host \$host;\\n    proxy_set_header X-Real-IP \$remote_addr;\\n    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto \$scheme;\\n  }\\n\\n  location \\/radicale {\\n      try_files \$uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/carddav {\\n      try_files \$uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files \$uri @radicale;\\n  }\\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
+            sed -i "/listen localhost/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host \$host;\\n    proxy_set_header X-Real-IP \$remote_addr;\\n    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto \$scheme;\\n  }\\n\\n  location \\/radicale {\\n      try_files \$uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/carddav {\\n      try_files \$uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files \$uri @radicale;\\n  }\\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
         fi
     fi
 

From 20bab2e9d7e59c1f334e8f4c346426a07a29ec01 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:16:53 +0000
Subject: [PATCH 36/67] Fix static analysis failures

---
 src/freedombone-app-rss | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-app-rss b/src/freedombone-app-rss
index 8ee2f7ea..53728c09 100755
--- a/src/freedombone-app-rss
+++ b/src/freedombone-app-rss
@@ -196,12 +196,12 @@ function restore_local_rss {
                 exit 528823
             fi
             if [ -d /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME} ]; then
-                ln -s /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${2}.key
-                ln -s /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${2}.pem
+                ln -s "/etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${2}.key"
+                ln -s "/etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${2}.pem"
             else
                 # Ensure that the bundled SSL cert is being used
                 if [ -f /etc/ssl/certs/${RSS_READER_DOMAIN_NAME}.bundle.crt ]; then
-                    sed -i "s|${RSS_READER_DOMAIN_NAME}.crt|${RSS_READER_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${2}
+                    sed -i "s|${RSS_READER_DOMAIN_NAME}.crt|${RSS_READER_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${2}"
                 fi
             fi
         fi

From a9153dbf15f9e6ba903e543e990cede3fc594c26 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:18:08 +0000
Subject: [PATCH 37/67] Quotes

---
 src/freedombone-app-searx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-searx b/src/freedombone-app-searx
index 74e2c8c6..f2b9be11 100755
--- a/src/freedombone-app-searx
+++ b/src/freedombone-app-searx
@@ -279,7 +279,7 @@ function create_searx_config {
       echo '    templates_path : "" # Custom templates path - leave it blank if you didnt change';
       echo '    themes_path : "" # Custom ui themes path';
       echo '    default_theme : courgette # ui theme';
-      echo '    default_locale : "" # Default interface locale - leave blank to detect from browser information or use codes from the 'locales' config section';
+      echo '    default_locale : "" # Default interface locale - leave blank to detect from browser information or use codes from the "locales" config section';
       echo '';
       echo 'outgoing: # communication with search engines';
       echo '    request_timeout : 10.0 # seconds';

From c6a76d2393134fe666d9cd94eb843dbebe6f1b04 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:19:43 +0000
Subject: [PATCH 38/67] Fix static analysis failures

---
 src/freedombone-app-syncthing | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/freedombone-app-syncthing b/src/freedombone-app-syncthing
index 46db9d9c..479671e4 100755
--- a/src/freedombone-app-syncthing
+++ b/src/freedombone-app-syncthing
@@ -544,22 +544,22 @@ function install_syncthing {
 
     # This probably does need to run as root so that it can access the Sync directories
     # in each user's home directory
-    echo '[Unit]' > /etc/systemd/system/syncthing.service
-    echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
-    echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
-    echo 'After=network.target' >> /etc/systemd/system/syncthing.service
-    echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
-    echo '' >> /etc/systemd/system/syncthing.service
-    echo '[Service]' >> /etc/systemd/system/syncthing.service
-    echo 'User=root' >> /etc/systemd/system/syncthing.service
-    echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
-    echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
-    echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
-    echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
-    echo '' >> /etc/systemd/system/syncthing.service
-    echo '[Install]' >> /etc/systemd/system/syncthing.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
+    { echo '[Unit]';
+      echo 'Description=Syncthing - Open Source Continuous File Synchronization';
+      echo 'Documentation=man:syncthing(1)';
+      echo 'After=network.target';
+      echo 'Wants=syncthing-inotify@.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=root';
+      echo "Environment='all_proxy=socks5://localhost:9050'";
+      echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0';
+      echo 'Restart=on-failure';
+      echo 'SuccessExitStatus=3 4';
+      echo 'RestartForceExitStatus=3 4';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/syncthing.service
     systemctl enable syncthing
     systemctl daemon-reload
     systemctl start syncthing

From 8744b1ef6b8bf7f377bcee07864c51fda4b30706 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:20:58 +0000
Subject: [PATCH 39/67] Fix static analysis failures

---
 src/freedombone-app-tahoelafs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-tahoelafs b/src/freedombone-app-tahoelafs
index f6fcbc9b..fb96aa19 100755
--- a/src/freedombone-app-tahoelafs
+++ b/src/freedombone-app-tahoelafs
@@ -694,7 +694,7 @@ function install_tahoelafs {
     client_nick=${MY_USERNAME}-client
 
     # create an onion address for storage node
-    TAHOELAFS_STORAGE_ONION_HOSTNAME=$(add_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_PORT} ${TAHOELAFS_STORAGE_ONION_PORT} ${node_nick})
+    TAHOELAFS_STORAGE_ONION_HOSTNAME=$(add_onion_service storage-tahoelafs ${TAHOELAFS_STORAGE_PORT} ${TAHOELAFS_STORAGE_ONION_PORT} "${node_nick}")
 
     # create an onion address for client node
     TAHOELAFS_ONION_HOSTNAME=$(add_onion_service tahoelafs 80 ${TAHOELAFS_ONION_PORT})

From 67c939cab64caaf5dce178b30d619e68dac573be Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:21:55 +0000
Subject: [PATCH 40/67] Fix static analysis failures

---
 src/freedombone-app-tox | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-app-tox b/src/freedombone-app-tox
index 3763d6dd..04b7ce57 100755
--- a/src/freedombone-app-tox
+++ b/src/freedombone-app-tox
@@ -185,7 +185,7 @@ function upgrade_tox {
     set_repo_commit "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT" $TOXCORE_REPO
     if [[ $(commit_has_changed "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
         cd "$INSTALL_DIR/toxcore" || exit 53683563
-        sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' $rootdir/etc/systemd/system/tox-bootstrapd.service
+        sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
         autoreconf -i
         ./configure --enable-daemon
         make

From 0bac095afe7b983163b6cdb436a0d8b542979374 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:23:29 +0000
Subject: [PATCH 41/67] Fix static analysis failures

---
 src/freedombone-app-turtl | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/freedombone-app-turtl b/src/freedombone-app-turtl
index 415d68ce..2017377d 100755
--- a/src/freedombone-app-turtl
+++ b/src/freedombone-app-turtl
@@ -635,20 +635,20 @@ __ENDCONFIG__
     fi
 
     # config
-    echo '(defvar *enabled-cors-resources* "resource://turtl-at-lyonbros-dot-com"' > $TURTL_BASE_DIR/api/config/config.footer
-    echo '  "When set, will enable CORS for resource:// origins if they match the given' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '   string. Entries should be comma separated (this string is passed verbatim in' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '   the Access-Control-Allow-Origin header).")' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '(defparameter *public-actions*' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "  \`((:post . ,(concatenate 'string *api-path* \"/users\"))" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "    (:post . ,(concatenate 'string *api-path* \"/log/error\"))" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '    (:post . "/cla/sign")' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '    (:get  . "/ping")' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '    (:get  . "/admin")' >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "    (:get . ,(cl-ppcre:create-scanner (concatenate 'string *api-path* \"/invites/codes/([0-9a-f-]+)\"))))" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "  \"A list of public resources/actions that do not require authentication.\")" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo "(defvar *analytics* '(:enabled t" >> $TURTL_BASE_DIR/api/config/config.footer
-    echo '                      :db "analytics"))' >> $TURTL_BASE_DIR/api/config/config.footer
+    { echo '(defvar *enabled-cors-resources* "resource://turtl-at-lyonbros-dot-com"';
+      echo '  "When set, will enable CORS for resource:// origins if they match the given';
+      echo '   string. Entries should be comma separated (this string is passed verbatim in';
+      echo '   the Access-Control-Allow-Origin header).")';
+      echo '(defparameter *public-actions*';
+      echo "  \`((:post . ,(concatenate 'string *api-path* \"/users\"))";
+      echo "    (:post . ,(concatenate 'string *api-path* \"/log/error\"))";
+      echo '    (:post . "/cla/sign")';
+      echo '    (:get  . "/ping")';
+      echo '    (:get  . "/admin")';
+      echo "    (:get . ,(cl-ppcre:create-scanner (concatenate 'string *api-path* \"/invites/codes/([0-9a-f-]+)\"))))";
+      echo "  \"A list of public resources/actions that do not require authentication.\")";
+      echo "(defvar *analytics* '(:enabled t";
+      echo '                      :db "analytics"))'; } > "$TURTL_BASE_DIR/api/config/config.footer"
 
     cp $TURTL_BASE_DIR/asdf.lisp $TURTL_BASE_DIR/api
     echo '(load (compile-file "asdf.lisp"))' > $TURTL_BASE_DIR/api/launch.lisp

From c08e56d3cd4f0f112785b2655a879e36c13ae05c Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:25:09 +0000
Subject: [PATCH 42/67] Fix static analysis failures

---
 src/freedombone-app-xmpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index d34ad4e6..9f925a95 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -771,9 +771,9 @@ function xmpp_create_config {
         echo "    certificate = \"/etc/ssl/certs/xmpp.crt\";" >> /etc/prosody/prosody.cfg.lua
         echo "    key = \"/etc/ssl/private/xmpp.key\";" >> /etc/prosody/prosody.cfg.lua
     fi
-    echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
-    echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
-    echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
+    { echo "    curve = $XMPP_ECC_CURVE;";
+      echo "    ciphers = $XMPP_CIPHERS;";
+      echo '    options = {"no_sslv2", "no_sslv3" };'; } >> /etc/prosody/prosody.cfg.lua
     if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
         echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     else

From b654a4705929e0201e52f665918938b9015b6c9f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:26:40 +0000
Subject: [PATCH 43/67] Exit on failure

---
 src/freedombone-utils-cryptopp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-utils-cryptopp b/src/freedombone-utils-cryptopp
index 4ead2b1c..8d64619d 100755
--- a/src/freedombone-utils-cryptopp
+++ b/src/freedombone-utils-cryptopp
@@ -66,7 +66,7 @@ function install_cryptopp {
     if [ -d "$INSTALL_DIR/cryptopp" ]; then
         if ! grep -q "Crypto++ commit:$CRYPTOPP_COMMIT" "$COMPLETION_FILE"; then
             set_repo_commit "$INSTALL_DIR/cryptopp" "Crypto++ commit" "$CRYPTOPP_COMMIT" "$CRYPTOPP_REPO"
-            cd $INSTALL_DIR/cryptopp/build
+            cd "$INSTALL_DIR/cryptopp/build" || exit 27482468
             cmake ..
             if ! make; then
                 exit 72581

From dd2faeb37c7b153eb9a47bfae9a11bd5e1520f9a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:28:26 +0000
Subject: [PATCH 44/67] Fix static analysis failures

---
 src/freedombone-utils-monkeysphere | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-utils-monkeysphere b/src/freedombone-utils-monkeysphere
index d1883571..4e82a9f9 100755
--- a/src/freedombone-utils-monkeysphere
+++ b/src/freedombone-utils-monkeysphere
@@ -46,7 +46,7 @@ function install_monkeysphere {
         exit 76295
     fi
     monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$DEFAULT_DOMAIN_NAME"
-    SSH_ONION_HOSTNAME=$(cat ${COMPLETION_FILE} | grep 'ssh onion domain' | awk -F ':' '{print $2}')
+    SSH_ONION_HOSTNAME=$(grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
     monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key "ssh://$SSH_ONION_HOSTNAME"
 
     if [ ! "$MY_GPG_PUBLIC_KEY_ID" ]; then

From 65ded7b2eb42ad43db76ac820f692a67bf489981 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:33:00 +0000
Subject: [PATCH 45/67] Fix static analysis failures

---
 src/freedombone-utils-nodejs | 77 ++++++++++++++++++------------------
 1 file changed, 38 insertions(+), 39 deletions(-)

diff --git a/src/freedombone-utils-nodejs b/src/freedombone-utils-nodejs
index f83be531..28b13cb2 100755
--- a/src/freedombone-utils-nodejs
+++ b/src/freedombone-utils-nodejs
@@ -62,7 +62,7 @@ function get_npm_arch {
 
 function mesh_install_nodejs {
     mesh_install_nodejs_prefix=
-    if [ $rootdir ]; then
+    if [ "$rootdir" ]; then
         mesh_install_nodejs_prefix="chroot $rootdir"
     fi
 
@@ -70,46 +70,46 @@ function mesh_install_nodejs {
     $mesh_install_nodejs_prefix apt-get -yq install libxext-dev libxtst-dev libxkbfile-dev
     $mesh_install_nodejs_prefix apt-get -yq install apt-transport-https
     $mesh_install_nodejs_prefix wget https://deb.nodesource.com/gpgkey/nodesource.gpg.key -O /root/node.gpg.key
-    if [ ! -f $rootdir/root/node.gpg.key ]; then
+    if [ ! -f "$rootdir/root/node.gpg.key" ]; then
         echo $'Unable to obtain gpg key for nodejs repo'
         exit 6389252
     fi
     $mesh_install_nodejs_prefix apt-key add /root/node.gpg.key
-    echo "deb https://deb.nodesource.com/node_6.x stretch main" > $rootdir/etc/apt/sources.list.d/nodesource.list
-    echo "deb-src https://deb.nodesource.com/node_6.x stretch main" >> $rootdir/etc/apt/sources.list.d/nodesource.list
+    echo "deb https://deb.nodesource.com/node_6.x stretch main" > "$rootdir/etc/apt/sources.list.d/nodesource.list"
+    echo "deb-src https://deb.nodesource.com/node_6.x stretch main" >> "$rootdir/etc/apt/sources.list.d/nodesource.list"
 
     $mesh_install_nodejs_prefix apt-get update
     $mesh_install_nodejs_prefix apt-get -yq remove --purge nodejs
 
-    if [ -d $rootdir/usr/local/lib/node_modules ]; then
-        rm -rf $rootdir/usr/local/lib/node_modules
+    if [ -d "$rootdir/usr/local/lib/node_modules" ]; then
+        rm -rf "$rootdir/usr/local/lib/node_modules"
     fi
-    if [ -f $rootdir/usr/local/bin/node ]; then
-        rm $rootdir/usr/local/bin/node
+    if [ -f "$rootdir/usr/local/bin/node" ]; then
+        rm "$rootdir/usr/local/bin/node"
     fi
-    if [ -f $rootdir/usr/bin/node ]; then
+    if [ -f "$rootdir/usr/bin/node" ]; then
         rm /usr/bin/node
     fi
-    if [ -f $rootdir/usr/bin/nodejs ]; then
-        rm $rootdir/usr/bin/nodejs
+    if [ -f "$rootdir/usr/bin/nodejs" ]; then
+        rm "$rootdir/usr/bin/nodejs"
     fi
 
     $mesh_install_nodejs_prefix apt-get -yq install nodejs
 
-    if [ -f $rootdir/usr/bin/nodejs ]; then
-        cp $rootdir/usr/bin/nodejs $rootdir/usr/bin/node
+    if [ -f "$rootdir/usr/bin/nodejs" ]; then
+        cp "$rootdir/usr/bin/nodejs" "$rootdir/usr/bin/node"
     fi
 
-    if [ ! -f ${rootdir}/usr/bin/node ]; then
-        if [ ! -f ${rootdir}/usr/local/bin/node ]; then
-            if [ ! -f ${rootdir}/usr/bin/nodejs ]; then
+    if [ ! -f "${rootdir}/usr/bin/node" ]; then
+        if [ ! -f "${rootdir}/usr/local/bin/node" ]; then
+            if [ ! -f "${rootdir}/usr/bin/nodejs" ]; then
                 echo $'nodejs was not installed'
                 exit 63962
             fi
         fi
     fi
 
-    if [ ! -f $rootdir/usr/bin/node ]; then
+    if [ ! -f "$rootdir/usr/bin/node" ]; then
         echo $'/usr/bin/node not found'
         exit 7235728
     fi
@@ -118,25 +118,25 @@ function mesh_install_nodejs {
 
     $mesh_install_nodejs_prefix npm config set unsafe-perm true
     $mesh_install_nodejs_prefix npm install --arch=$NPM_ARCH -g npm@${NPM_VERSION} --save
-    if [ -f $rootdir/usr/local/bin/npm ]; then
-        cp $rootdir/usr/local/bin/npm /usr/bin/npm
+    if [ -f "$rootdir/usr/local/bin/npm" ]; then
+        cp "$rootdir/usr/local/bin/npm" /usr/bin/npm
     fi
-    cp $rootdir/usr/bin/npm $rootdir/root/npm
+    cp "$rootdir/usr/bin/npm" "$rootdir/root/npm"
 
     # update from the old debian nodejs version
     $mesh_install_nodejs_prefix npm install --arch=$NPM_ARCH -g n@${NODEJS_N_VERSION} --save
     $mesh_install_nodejs_prefix n --arch $N_ARCH ${NODEJS_VERSION}
-    cp $rootdir/root/npm $rootdir/usr/bin/npm
+    cp "$rootdir/root/npm" "$rootdir/usr/bin/npm"
 
     # deliberate second install of npm
     $mesh_install_nodejs_prefix npm install --arch=$NPM_ARCH -g npm@${NPM_VERSION} --save
-    if [ -f $rootdir/usr/local/bin/npm ]; then
-        cp $rootdir/usr/local/bin/npm /usr/bin/npm
+    if [ -f "$rootdir/usr/local/bin/npm" ]; then
+        cp "$rootdir/usr/local/bin/npm" /usr/bin/npm
     fi
-    cp $rootdir/usr/bin/npm $rootdir/root/npm
+    cp "$rootdir/usr/bin/npm" "$rootdir/root/npm"
 
     # check the version numbers
-    cat <<EOF > $rootdir/usr/bin/test_nodejs_install
+    cat <<EOF > "$rootdir/usr/bin/test_nodejs_install"
 #!/bin/bash
 node_version=\$(node -v)
 if [[ "\$node_version" != "v${NODEJS_VERSION}" ]]; then
@@ -149,25 +149,24 @@ if [[ "\$npm_version" != "${NPM_VERSION}" ]]; then
     exit 2
 fi
 EOF
-    chmod +x $rootdir/usr/bin/test_nodejs_install
-    $mesh_install_nodejs_prefix /usr/bin/test_nodejs_install
-    if [ ! "$?" = "0" ]; then
+    chmod +x "$rootdir/usr/bin/test_nodejs_install"
+    if ! $mesh_install_nodejs_prefix /usr/bin/test_nodejs_install; then
         echo $"nodejs version numbers did not match. Architecture is $NPM_ARCH."
         exit 76835282
     fi
-    rm $rootdir/usr/bin/test_nodejs_install
+    rm "$rootdir/usr/bin/test_nodejs_install"
 }
 
 function remove_nodejs {
-    if [ ! $1 ]; then
+    if [ ! "$1" ]; then
         return
     fi
-    if [ ! -f $NODEJS_INSTALLED_APPS_FILE ]; then
+    if [ ! -f "$NODEJS_INSTALLED_APPS_FILE" ]; then
         #remove_app nodejs
         return
     fi
-    sed -i "/install_${1}/d" $NODEJS_INSTALLED_APPS_FILE
-    if ! grep -q "install_" $NODEJS_INSTALLED_APPS_FILE; then
+    sed -i "/install_${1}/d" "$NODEJS_INSTALLED_APPS_FILE"
+    if ! grep -q "install_" "$NODEJS_INSTALLED_APPS_FILE"; then
         apt-get -yq remove --purge nodejs
 
         if [ -f /usr/bin/nodejs ]; then
@@ -188,7 +187,7 @@ function remove_nodejs {
 
         remove_app nodejs
 
-        rm $NODEJS_INSTALLED_APPS_FILE
+        rm "$NODEJS_INSTALLED_APPS_FILE"
 
         apt-get -yq autoremove
     fi
@@ -218,7 +217,7 @@ function upgrade_nodejs {
 }
 
 function install_nodejs {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_nodejs
         return
     fi
@@ -227,7 +226,7 @@ function install_nodejs {
         return
     fi
 
-    if [ ! $ARCHITECTURE ]; then
+    if [ ! "$ARCHITECTURE" ]; then
         ARCHITECTURE=$(uname -m)
     fi
     rootdir=
@@ -250,9 +249,9 @@ function install_nodejs {
         exit 5274527
     fi
 
-    if [ $1 ]; then
-        if ! grep -q "install_${1}" $NODEJS_INSTALLED_APPS_FILE; then
-            echo "install_${1}" >> $NODEJS_INSTALLED_APPS_FILE
+    if [ "$1" ]; then
+        if ! grep -q "install_${1}" "$NODEJS_INSTALLED_APPS_FILE"; then
+            echo "install_${1}" >> "$NODEJS_INSTALLED_APPS_FILE"
         fi
     fi
 

From 9a6aee1de775fb98dfbf09aed58fc062c3dc903c Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 20:40:59 +0000
Subject: [PATCH 46/67] Fix static analysis failures

---
 src/freedombone-utils-onion | 104 ++++++++++++++++++------------------
 1 file changed, 52 insertions(+), 52 deletions(-)

diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index c1996be0..484afb09 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -36,9 +36,9 @@ HIDDEN_SERVICE_PATH='/var/lib/tor/hidden_service_'
 
 function add_email_hostname {
     extra_email_hostname="$1"
-    email_hostnames=$(cat /etc/exim4/update-exim4.conf.conf | grep "dc_other_hostnames" | awk -F "'" '{print $2}')
+    email_hostnames=$(grep "dc_other_hostnames" /etc/exim4/update-exim4.conf.conf | awk -F "'" '{print $2}')
     if [[ "$email_hostnames" != *"$extra_email_hostname"* ]]; then
-        sed -i "s|dc_other_hostnames=.*|dc_other_hostnames='$emailhostnames;extra_email_hostname'|g" /etc/exim4/update-exim4.conf.conf
+        sed -i "s|dc_other_hostnames=.*|dc_other_hostnames='$email_hostnames;extra_email_hostname'|g" /etc/exim4/update-exim4.conf.conf
         update-exim4.conf
         dpkg-reconfigure --frontend noninteractive exim4-config
         systemctl restart saslauthd
@@ -54,7 +54,7 @@ function wait_for_onion_service_base {
     onion_service_name="$1"
 
     sleep_ctr=0
-    while [ ! -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; do
+    while [ ! -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; do
         sleep 1
         sleep_ctr=$((sleep_ctr + 1))
         if [ $sleep_ctr -gt 10 ]; then
@@ -66,12 +66,12 @@ function wait_for_onion_service_base {
 function wait_for_onion_service {
     onion_service_name="$1"
 
-    wait_for_onion_service_base ${onion_service_name}
+    wait_for_onion_service_base "${onion_service_name}"
 
-    if [ ! -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; then
+    if [ ! -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; then
         # try a second time
         onion_update
-        wait_for_onion_service_base ${onion_service_name}
+        wait_for_onion_service_base "${onion_service_name}"
     fi
     sync
 }
@@ -87,22 +87,22 @@ function remove_onion_service {
     sed -i "/hidden_service_${onion_service_name}/,+1 d" /etc/tor/torrc
     sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" /etc/tor/torrc
     sed -i "/127.0.0.1:${onion_service_port_to}/d" /etc/tor/torrc
-    if [ $3 ]; then
+    if [ "$3" ]; then
         sed -i "/127.0.0.1:${3}/d" /etc/tor/torrc
-        if [ $4 ]; then
+        if [ "$4" ]; then
             sed -i "/127.0.0.1:${4}/d" /etc/tor/torrc
-            if [ $5 ]; then
+            if [ "$5" ]; then
                 sed -i "/127.0.0.1:${5}/d" /etc/tor/torrc
             fi
         fi
     fi
-    if [ -d ${HIDDEN_SERVICE_PATH}${onion_service_name} ]; then
-        shred -zu ${HIDDEN_SERVICE_PATH}${onion_service_name}/*
-        rm -rf ${HIDDEN_SERVICE_PATH}${onion_service_name}
+    if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}" ]; then
+        shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}/*"
+        rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}"
     fi
-    if [ -d ${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile ]; then
-        shred -zu ${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/*
-        rm -rf ${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile
+    if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" ]; then
+        shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/*"
+        rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile"
     fi
     remove_completion_param "${onion_service_name} onion domain"
     onion_update
@@ -114,8 +114,8 @@ function add_onion_service {
     onion_service_port_to=$3
     onion_stealth_name="$4"
 
-    if [ -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; then
-        echo $(cat ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname)
+    if [ -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; then
+        cat "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname"
         USE_V2_ONION_ADDRESS=
         return
     fi
@@ -143,20 +143,20 @@ function add_onion_service {
     onion_update
 
     function_check wait_for_onion_service
-    wait_for_onion_service ${onion_service_name}
+    wait_for_onion_service "${onion_service_name}"
 
-    if [ ! -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; then
-        ls -lh ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname
+    if [ ! -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; then
+        ls -lh "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname"
         echo $"${onion_service_name} onion site hostname not found"
         exit 763624
     fi
 
-    onion_address=$(cat ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname)
+    onion_address=$(cat "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname")
 
     # Record the domain in the completion file
     set_completion_param "${onion_service_name} onion domain" "${onion_address}"
 
-    echo $onion_address
+    echo "$onion_address"
 }
 
 function set_default_onion_domains {
@@ -184,19 +184,19 @@ function create_avahi_onion_domains {
     fi
     if [ $GNUSOCIAL_DOMAIN_NAME ]; then
         function_check create_avahi_service
-        create_avahi_service gnusocial http tcp $GNUSOCIAL_ONION_PORT
+        create_avahi_service gnusocial http tcp "$GNUSOCIAL_ONION_PORT"
     fi
     if [ $HTMLY_DOMAIN_NAME ]; then
         function_check create_avahi_service
-        create_avahi_service blog http tcp $HTMLY_ONION_PORT
+        create_avahi_service blog http tcp "$HTMLY_ONION_PORT"
     fi
     if [ $GIT_DOMAIN_NAME ]; then
         function_check create_avahi_service
-        create_avahi_service git http tcp $GIT_ONION_PORT
+        create_avahi_service git http tcp "$GIT_ONION_PORT"
     fi
     if [ $DOKUWIKI_DOMAIN_NAME ]; then
         function_check create_avahi_service
-        create_avahi_service dokuwiki http tcp $DOKUWIKI_ONION_PORT
+        create_avahi_service dokuwiki http tcp "$DOKUWIKI_ONION_PORT"
     fi
 }
 
@@ -204,16 +204,16 @@ function allow_ssh_to_onion_address {
     if [[ $SYSTEM_TYPE == "mesh"* ]]; then
         return
     fi
-    if [ ! -d /home/$MY_USERNAME/.ssh ]; then
-        mkdir /home/$MY_USERNAME/.ssh
+    if [ ! -d "/home/$MY_USERNAME/.ssh" ]; then
+        mkdir "/home/$MY_USERNAME/.ssh"
     fi
     if [ ! -d /etc/tor ]; then
         echo $'Tor not found when updating ssh'
         exit 528257
     fi
-    if ! grep -q "onion" /home/$MY_USERNAME/.ssh/config; then
-        echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
-        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
+    if ! grep -q "onion" "/home/$MY_USERNAME/.ssh/config"; then
+        echo 'Host *.onion' >> "/home/$MY_USERNAME/.ssh/config"
+        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> "/home/$MY_USERNAME/.ssh/config"
     fi
 }
 
@@ -225,14 +225,14 @@ function enable_ssh_via_onion {
         return
     fi
     apt-get -yq install tor connect-proxy
-    if ! grep -q 'Host *.onion' /home/$MY_USERNAME/.ssh/config; then
-        if [ ! -d /home/$MY_USERNAME/.ssh ]; then
-            mkdir /home/$MY_USERNAME/.ssh
+    if ! grep -q 'Host *.onion' "/home/$MY_USERNAME/.ssh/config"; then
+        if [ ! -d "/home/$MY_USERNAME/.ssh" ]; then
+            mkdir "/home/$MY_USERNAME/.ssh"
         fi
-        echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
-        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
-        chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh/config
+        echo 'Host *.onion' >> "/home/$MY_USERNAME/.ssh/config"
+        echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> "/home/$MY_USERNAME/.ssh/config"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.ssh"
+        chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.ssh/config"
     fi
     if ! grep -q 'Host *.onion' /root/.ssh/config; then
         if [ ! -d /root/.ssh ]; then
@@ -259,7 +259,7 @@ function configure_ssh_onion {
         return
     fi
 
-    SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT})
+    SSH_ONION_HOSTNAME=$(add_onion_service ssh "${SSH_PORT}" "${SSH_PORT}")
     if [[ "$SSH_ONION_HOSTNAME" != *'.onion' ]]; then
         echo $'ssh onion site not generated'
         exit 624128
@@ -313,9 +313,9 @@ function resolve_dns_via_tor {
 
     # resolve DNS via tor
     if ! grep -q 'DNSPort 53' /etc/tor/torrc; then
-        echo 'DNSPort 53' >> /etc/tor/torrc
-        echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
-        echo 'AutomapHostsSuffixes .exit,.onion' >> /etc/tor/torrc
+        { echo 'DNSPort 53';
+          echo 'AutomapHostsOnResolve 1';
+          echo 'AutomapHostsSuffixes .exit,.onion'; } >> /etc/tor/torrc
         onion_update
     fi
 
@@ -361,8 +361,8 @@ function route_outgoing_traffic_through_tor {
 
     # Allow clearnet access for hosts in $_non_tor
     for _clearnet in $_non_tor; do
-        iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
-        iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
+        iptables -t nat -A OUTPUT -d "$_clearnet" -j RETURN
+        iptables -t nat -A PREROUTING -i $_int_if -d "$_clearnet" -j RETURN
     done
 
     # Redirect all other pre-routing and output to Tor
@@ -375,7 +375,7 @@ function route_outgoing_traffic_through_tor {
 
     # Allow clearnet access for hosts in $_non_tor
     for _clearnet in $_non_tor 127.0.0.0/8; do
-        iptables -A OUTPUT -d $_clearnet -j ACCEPT
+        iptables -A OUTPUT -d "$_clearnet" -j ACCEPT
     done
 
     # Allow only Tor output
@@ -438,9 +438,9 @@ function get_app_onion_address {
     if [ ${#mobilestr} -gt 0 ]; then
         app_name="mobile${app_name}"
     fi
-    if grep -q "${app_name} onion domain" $COMPLETION_FILE; then
-        if grep -q "${app_name} onion domain" $COMPLETION_FILE; then
-            echo $(cat ${COMPLETION_FILE} | grep "${app_name} onion domain" | head -n 1 | awk -F ':' '{print $2}')
+    if grep -q "${app_name} onion domain" "$COMPLETION_FILE"; then
+        if grep -q "${app_name} onion domain" "$COMPLETION_FILE"; then
+            grep "${app_name} onion domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}'
             return
         fi
     fi
@@ -521,7 +521,7 @@ function tor_remove_bridge {
 function tor_create_bridge_relay {
     read_config_param 'TOR_BRIDGE_PORT'
     read_config_param 'TOR_BRIDGE_NICKNAME'
-    if [ ! $TOR_BRIDGE_PORT ]; then
+    if [ ! "$TOR_BRIDGE_PORT" ]; then
         return
     fi
     if [ ${#TOR_BRIDGE_PORT} -eq 0 ]; then
@@ -548,11 +548,11 @@ function tor_create_bridge_relay {
     read_config_param 'MY_EMAIL_ADDRESS'
 
     sed -i "s|#ContactInfo.*|ContactInfo $MY_EMAIL_ADDRESS|g" /etc/tor/torrc
-    if [ $TOR_BRIDGE_NICKNAME ]; then
+    if [ "$TOR_BRIDGE_NICKNAME" ]; then
         sed -i "s|#Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
         sed -i "s|Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
     fi
-    firewall_add tor_bridge $TOR_BRIDGE_PORT tcp
+    firewall_add tor_bridge "$TOR_BRIDGE_PORT" tcp
     systemctl restart tor
 }
 
@@ -573,7 +573,7 @@ function tor_remove_bridge_relay {
         sed -i "s|Nickname |#Nickname |g" /etc/tor/torrc
     fi
     read_config_param 'TOR_BRIDGE_PORT'
-    firewall_remove $TOR_BRIDGE_PORT tcp
+    firewall_remove "$TOR_BRIDGE_PORT" tcp
     systemctl restart tor
 }
 

From ec6e2e5851e066bc6994d29e94478d4463c932a2 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:20:49 +0000
Subject: [PATCH 47/67] Tidying

---
 src/freedombone-utils-passwords  |   2 +-
 src/freedombone-utils-postgresql |  63 +--
 src/freedombone-utils-repos      |  66 +--
 src/freedombone-utils-rng        |  16 +-
 src/freedombone-utils-selector   | 171 +++----
 src/freedombone-utils-setup      |  84 ++--
 src/freedombone-utils-tracker    |  67 +--
 src/freedombone-utils-turn       | 165 +++----
 src/freedombone-utils-upgrade    |  54 +--
 src/freedombone-utils-watchdog   |  34 +-
 src/freedombone-utils-web        | 802 +++++++++++++++----------------
 src/freedombone-utils-zram       |   4 +-
 12 files changed, 767 insertions(+), 761 deletions(-)

diff --git a/src/freedombone-utils-passwords b/src/freedombone-utils-passwords
index a4d420ea..c289dfb4 100755
--- a/src/freedombone-utils-passwords
+++ b/src/freedombone-utils-passwords
@@ -51,7 +51,7 @@ function enforce_good_passwords {
 }
 
 function create_password {
-    openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${1} ; echo -n ''
+    openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c "${1}" ; echo -n ''
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-postgresql b/src/freedombone-utils-postgresql
index 4aa271b8..5f0267e0 100755
--- a/src/freedombone-utils-postgresql
+++ b/src/freedombone-utils-postgresql
@@ -35,14 +35,14 @@ POSTGRESQL_PACKAGES='postgresql-9.6 postgresql-contrib-9.6 postgresql-client'
 function store_original_postgresql_password {
     if [ ! -f /root/.postgresqloriginal ]; then
         echo $'Storing original postgresql password'
-        ORIGINAL_POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+        ORIGINAL_POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
         # We can store this in plaintext because it will soon be of historical interest only
         echo -n "$ORIGINAL_POSTGRESQL_PASSWORD" > /root/.postgresqloriginal
     fi
 }
 
 function get_postgresql_password {
-    POSTGRESQL_PASSWORD=$(${PROJECT_NAME}-pass -u root -a postgresql)
+    POSTGRESQL_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a postgresql)
     if [[ "$POSTGRESQL_PASSWORD" == *'failed'* ]]; then
         echo $'Could not obtain postgresql password'
         exit 7835272
@@ -50,14 +50,15 @@ function get_postgresql_password {
 }
 
 function mesh_install_postgresql {
-    chroot "$rootdir" apt-get -yq install $POSTGRESQL_PACKAGES
+    # shellcheck disable=SC2154
+    chroot "$rootdir" apt-get -yq install "$POSTGRESQL_PACKAGES"
 
-    if [ ! -d $rootdir/etc/postgresql ]; then
+    if [ ! -d "$rootdir/etc/postgresql" ]; then
         echo $"ERROR: postgresql does not appear to have installed."
         exit 78352
     fi
 
-    if [ ! -f $rootdir/usr/bin/psql ]; then
+    if [ ! -f "$rootdir/usr/bin/psql" ]; then
         echo $"ERROR: psql command does not appear to have installed."
         exit 835290
     fi
@@ -75,16 +76,16 @@ function install_postgresql {
 
     function_check get_postgresql_password
     get_postgresql_password
-    if [ ! $POSTGRESQL_PASSWORD ]; then
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
-            POSTGRESQL_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ ! "$POSTGRESQL_PASSWORD" ]; then
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+            POSTGRESQL_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
         else
-            POSTGRESQL_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
+            POSTGRESQL_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
         fi
     fi
-    ${PROJECT_NAME}-pass -u root -a postgresql -p "$POSTGRESQL_PASSWORD"
+    "${PROJECT_NAME}-pass" -u root -a postgresql -p "$POSTGRESQL_PASSWORD"
 
-    apt-get -yq install $POSTGRESQL_PACKAGES
+    apt-get -yq install "$POSTGRESQL_PACKAGES"
     apt-get -yq remove --purge apache2-bin*
     if [ -d /etc/apache2 ]; then
         rm -rf /etc/apache2
@@ -107,7 +108,7 @@ function install_postgresql {
 function add_postgresql_user {
     postgresql_username=$1
     postgresql_password=$2
-    cd /etc/postgresql
+    cd /etc/postgresql || exit 2468246
     if [[ "$3" != 'encrypt'* ]]; then
         sudo -u postgres psql -c "create user $postgresql_username password '$postgresql_password';"
     else
@@ -118,14 +119,14 @@ function add_postgresql_user {
 
 function remove_postgresql_user {
     postgresql_username=$1
-    cd /etc/postgresql
+    cd /etc/postgresql || exit 24624624
     sudo -u postgres psql -c "drop user $postgresql_username"
 }
 
 function drop_database_postgresql {
     database_name="$1"
     database_owner_name="$2"
-    cd /etc/postgresql
+    cd /etc/postgresql || exit 2482468242
     sudo -u postgres psql -c "drop database $database_name"
     if [ ${#database_owner_name} -gt 0 ]; then
         sudo -u postgres psql -c "drop user $database_owner_name"
@@ -134,31 +135,31 @@ function drop_database_postgresql {
 
 function run_system_query_postgresql {
     query=$1
-    cd /etc/postgresql
+    cd /etc/postgresql || exit 24624649846
     sudo -u postgres psql -c "$query"
 }
 
 function run_query_postgresql {
     database_name=$1
     database_query=$2
-    cd /etc/postgresql
-    sudo -u postgres psql -d $database_name -c "$database_query"
+    cd /etc/postgresql || exit 2492464684
+    sudo -u postgres psql -d "$database_name" -c "$database_query"
 }
 
 function run_query_postgresql_with_output {
     database_name=$1
     database_query=$2
-    cd /etc/postgresql
-    output=$(sudo -u postgres psql -d $database_name -c "$database_query")
+    cd /etc/postgresql || exit 2482462846
+    output=$(sudo -u postgres psql -d "$database_name" -c "$database_query")
     echo "$output"
 }
 
 function initialise_database_postgresql {
     database_name=$1
     database_file=$2
-    cd /etc/postgresql
-    sudo -u postgres psql $database_name < $database_file
-    if [ ! "$?" = "0" ]; then
+    cd /etc/postgresql || exit 239246992469
+    # shellcheck disable=SC2024
+    if ! sudo -u postgres psql "$database_name" < "$database_file"; then
         exit 7238525
     fi
 }
@@ -167,10 +168,10 @@ function create_database_postgresql {
     app_name="$1"
     app_admin_password="$2"
     app_admin_username=$3
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
-    if [ ! $app_admin_username ]; then
+    if [ ! "$app_admin_username" ]; then
         app_admin_username=${app_name}admin
     fi
 
@@ -178,9 +179,11 @@ function create_database_postgresql {
 CREATE USER '$app_admin_username@localhost' IDENTIFIED BY '${app_admin_password}';
 GRANT ALL PRIVILEGES ON ${app_name}.* TO '$app_admin_username@localhost';
 flush privileges;
-quit" > $INSTALL_DIR/batch.sql
-    chmod 600 $INSTALL_DIR/batch.sql
-    cd /etc/postgresql
-    sudo -u postgres psql -d $database_name --file=$INSTALL_DIR/batch.sql
-    shred -zu $INSTALL_DIR/batch.sql
+quit" > "$INSTALL_DIR/batch.sql"
+    chmod 600 "$INSTALL_DIR/batch.sql"
+    cd /etc/postgresql || exit 247284684
+    sudo -u postgres psql -d "$database_name" --file="$INSTALL_DIR/batch.sql"
+    shred -zu "$INSTALL_DIR/batch.sql"
 }
+
+# NOTE: deliberately there is no "exit 0"
diff --git a/src/freedombone-utils-repos b/src/freedombone-utils-repos
index 2dc70abe..d2fc59f7 100755
--- a/src/freedombone-utils-repos
+++ b/src/freedombone-utils-repos
@@ -38,17 +38,17 @@ function create_repo_sources {
     rm -rf /var/lib/apt/lists/*
     apt-get clean
 
-    echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main" > /etc/apt/sources.list
-    echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main" >> /etc/apt/sources.list
-    echo '' >> /etc/apt/sources.list
-    echo "deb http://security.debian.org/ ${DEBIAN_VERSION}/updates main" >> /etc/apt/sources.list
-    echo "deb-src http://security.debian.org/ ${DEBIAN_VERSION}/updates main" >> /etc/apt/sources.list
-    echo '' >> /etc/apt/sources.list
-    echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main" >> /etc/apt/sources.list
-    echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main" >> /etc/apt/sources.list
-    echo '' >> /etc/apt/sources.list
-    echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> /etc/apt/sources.list
-    echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> /etc/apt/sources.list
+    { echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main";
+      echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION} main";
+      echo '';
+      echo "deb http://security.debian.org/ ${DEBIAN_VERSION}/updates main";
+      echo "deb-src http://security.debian.org/ ${DEBIAN_VERSION}/updates main";
+      echo '';
+      echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main";
+      echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-updates main";
+      echo '';
+      echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main";
+      echo "deb-src http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main"; } > /etc/apt/sources.list
 
     apt-get update
     apt-get -yq install apt-transport-https
@@ -63,28 +63,28 @@ function create_git_project {
     fi
     apt-get -yq install git
 
-    echo '#!/bin/bash' > /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo 'GIT_PROJECT_NAME=$1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo 'if [ ! $GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo '  echo "Please specify a project name, without any spaces"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo '  exit 1' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo 'if [ ! -d /home/$USER/projects/$GIT_PROJECT_NAME ]; then' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo '  mkdir -p /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo 'fi' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo 'cd /home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo 'git init --bare' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo -n 'echo "Your project has been created, ' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo 'use the following command to clone the repository"' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo -n "  git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT" >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo '/home/$USER/projects/$GIT_PROJECT_NAME' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo '' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    echo 'exit 0' >> /usr/bin/$CREATE_GIT_PROJECT_COMMAND
-    chmod +x /usr/bin/$CREATE_GIT_PROJECT_COMMAND
+    { echo '#!/bin/bash';
+      echo '';
+      echo "GIT_PROJECT_NAME=\$1";
+      echo "if [ ! \$GIT_PROJECT_NAME ]; then";
+      echo '  echo "Please specify a project name, without any spaces"';
+      echo '  exit 1';
+      echo 'fi';
+      echo '';
+      echo "if [ ! -d /home/\$USER/projects/\$GIT_PROJECT_NAME ]; then";
+      echo "  mkdir -p /home/\$USER/projects/\$GIT_PROJECT_NAME";
+      echo 'fi';
+      echo '';
+      echo "cd /home/\$USER/projects/\$GIT_PROJECT_NAME";
+      echo 'git init --bare';
+      echo '';
+      echo -n 'echo "Your project has been created, ';
+      echo 'use the following command to clone the repository"';
+      echo -n "  git clone ssh://$MY_USERNAME@$DEFAULT_DOMAIN_NAME:$SSH_PORT";
+      echo "/home/\$USER/projects/\$GIT_PROJECT_NAME";
+      echo '';
+      echo 'exit 0'; } > "/usr/bin/$CREATE_GIT_PROJECT_COMMAND"
+    chmod +x "/usr/bin/$CREATE_GIT_PROJECT_COMMAND"
 
     mark_completed "${FUNCNAME[0]}"
 }
diff --git a/src/freedombone-utils-rng b/src/freedombone-utils-rng
index cb61fb4f..0c31378a 100755
--- a/src/freedombone-utils-rng
+++ b/src/freedombone-utils-rng
@@ -66,11 +66,11 @@ function check_onerng_verification {
         return
     fi
     echo $'Checking OneRNG firmware verification'
-    last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
+    last_onerng_validation=$(grep "OneRNG: firmware verification" /var/log/syslog.1 | awk '/./{line=$0} END{print line}')
     if [[ $last_onerng_validation != *"passed OK"* ]]; then
-        last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
+        last_onerng_validation=$(grep "OneRNG: firmware verification" /var/log/syslog | awk '/./{line=$0} END{print line}')
         if [[ $last_onerng_validation != *"passed OK"* ]]; then
-            echo $last_onerng_validation
+            echo "$last_onerng_validation"
             echo $'OneRNG firmware verification failed'
             exit 735026
         fi
@@ -85,14 +85,14 @@ function install_onerng {
     apt-get -yq install rng-tools at python-gnupg
 
     # Move to the installation directory
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 24762464
 
     # Download the package
     if [ ! -f $ONERNG_PACKAGE ]; then
-        wget $ONERNG_PACKAGE_DOWNLOAD
+        wget "$ONERNG_PACKAGE_DOWNLOAD"
         mv "$ONERNG_PACKAGE?raw=true" $ONERNG_PACKAGE
     fi
     if [ ! -f $ONERNG_PACKAGE ]; then
@@ -102,7 +102,7 @@ function install_onerng {
 
     # Check the hash
     hash=$(sha256sum $ONERNG_PACKAGE | awk -F ' ' '{print $1}')
-    if [[ $hash != $ONERNG_PACKAGE_HASH ]]; then
+    if [[ "$hash" != "$ONERNG_PACKAGE_HASH" ]]; then
         echo $"OneRNG package: $ONERNG_PACKAGE"
         echo $"Hash does not match. This could indicate that the package has been tampered with."
         echo $"OneRNG expected package hash: $ONERNG_PACKAGE_HASH"
diff --git a/src/freedombone-utils-selector b/src/freedombone-utils-selector
index 431767a5..8eea0926 100755
--- a/src/freedombone-utils-selector
+++ b/src/freedombone-utils-selector
@@ -49,8 +49,8 @@ INSTALLED_APPS_LIST=/usr/share/${PROJECT_NAME}/installed.txt
 # so that when a new app is added existing users can be added
 APP_USERS_FILE=$HOME/app_users.txt
 
-if [ ! $COMPLETION_FILE ]; then
-    COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
+if [ ! "$COMPLETION_FILE" ]; then
+    COMPLETION_FILE="$HOME/${PROJECT_NAME}-completed.txt"
 fi
 
 # Loads variables defined at the beginning of an app script
@@ -58,16 +58,20 @@ function app_load_variables {
     app_name=$1
 
     config_var_name=${app_name}_variables
+    # shellcheck disable=SC2086
     if [ ! ${!config_var_name} ]; then
         echo $"${app_name}_variables was not found"
         return
     fi
 
+    #shellcheck disable=SC1087,SC2125,SC2178
     configvarname=$config_var_name[@]
+
+    #shellcheck disable=SC2206
     configvarname=( ${!configvarname} )
     for v in "${configvarname[@]}"
     do
-        read_config_param $v
+        read_config_param "$v"
     done
 }
 
@@ -76,22 +80,26 @@ function app_save_variables {
     app_name=$1
 
     config_var_name=${app_name}_variables
+    #shellcheck disable=SC2086
     if [ ! ${!config_var_name} ]; then
         return
     fi
 
+    #shellcheck disable=SC1087,SC2125,SC2178
     configvarname=$config_var_name[@]
+
+    #shellcheck disable=SC2206
     configvarname=( ${!configvarname} )
     for v in "${configvarname[@]}"
     do
-        write_config_param $v "${!v}"
+        write_config_param "$v" "${!v}"
     done
 }
 
 # gets the variants list from an app script
 function app_variants {
     filename=$1
-    variants_line=$(cat ${filename} | grep 'VARIANTS=')
+    variants_line=$(grep 'VARIANTS=' "${filename}")
     if [[ "$variants_line" == *"'"* ]]; then
         variants_list=$(echo "$variants_line" | awk -F '=' '{print $2}' | awk -F "'" '{print $2}')
     else
@@ -112,21 +120,22 @@ function item_in_array {
 function available_system_variants {
     function_check item_in_array
 
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     new_available_variants_list=()
     for filename in $FILES
     do
-        system_variants_list=$(app_variants $filename)
+        system_variants_list=$(app_variants "$filename")
+        # shellcheck disable=SC2206
         variants_array=($system_variants_list)
         for variant_str in "${variants_array[@]}"
         do
-            item_in_array "${variant_str}" "${new_available_variants_list[@]}"
-            if [[ $? != 0 ]]; then
+            if ! item_in_array "${variant_str}" "${new_available_variants_list[@]}"; then
                 new_available_variants_list+=("$variant_str")
             fi
         done
     done
+    # shellcheck disable=SC2207
     available_variants_list=($(sort <<<"${new_available_variants_list[*]}"))
 }
 
@@ -167,11 +176,11 @@ function remove_app {
     if ! grep -Fxq "_${app_name}_" $REMOVED_APPS_FILE; then
         echo "_${app_name}_" >> $REMOVED_APPS_FILE
     fi
-    if grep -Fxq "install_${app_name}" $COMPLETION_FILE; then
-        sed -i "/install_${app_name}/d" $COMPLETION_FILE
+    if grep -Fxq "install_${app_name}" "$COMPLETION_FILE"; then
+        sed -i "/install_${app_name}/d" "$COMPLETION_FILE"
     fi
-    if grep -Fxq "install_${app_name}" $INSTALLED_APPS_LIST; then
-        sed -i "/install_${app_name}/d" $INSTALLED_APPS_LIST
+    if grep -Fxq "install_${app_name}" "$INSTALLED_APPS_LIST"; then
+        sed -i "/install_${app_name}/d" "$INSTALLED_APPS_LIST"
     fi
 }
 
@@ -196,7 +205,7 @@ function reinstall_app {
     if [ ! -f $REMOVED_APPS_FILE ]; then
         return
     fi
-    if [[ $(app_is_removed $app_name) == "1" ]]; then
+    if [[ $(app_is_removed "$app_name") == "1" ]]; then
         sed -i "/_${app_name}_/d" $REMOVED_APPS_FILE
     fi
 }
@@ -207,8 +216,8 @@ function app_is_installed {
 
     # Why does this secondary file exist, apart from COMPLETION_FILE ?
     # It's so that it is visible to unprivileged users from the user control panel
-    if [ -f $INSTALLED_APPS_LIST ]; then
-        if ! grep -Fxq "install_${app_name}" $INSTALLED_APPS_LIST; then
+    if [ -f "$INSTALLED_APPS_LIST" ]; then
+        if ! grep -Fxq "install_${app_name}" "$INSTALLED_APPS_LIST"; then
             echo "0"
         else
             echo "1"
@@ -217,12 +226,12 @@ function app_is_installed {
     fi
 
     # check the completion file to see if it was installed
-    if [ ! -f $COMPLETION_FILE ]; then
+    if [ ! -f "$COMPLETION_FILE" ]; then
         echo "0"
         return
     fi
 
-    if ! grep -Fxq "install_${app_name}" $COMPLETION_FILE; then
+    if ! grep -Fxq "install_${app_name}" "$COMPLETION_FILE"; then
         echo "0"
     else
         echo "1"
@@ -231,11 +240,11 @@ function app_is_installed {
 
 # called at the end of the install section of an app script
 function install_completed {
-    if [ ! ${1} ]; then
+    if [ ! "${1}" ]; then
         exit 673935
     fi
-    if ! grep -Fxq "install_${1}" $COMPLETION_FILE; then
-        echo "install_${1}" >> $COMPLETION_FILE
+    if ! grep -Fxq "install_${1}" "$COMPLETION_FILE"; then
+        echo "install_${1}" >> "$COMPLETION_FILE"
     fi
 }
 
@@ -243,7 +252,7 @@ function install_completed {
 function get_apps_installed {
     for a in "${APPS_AVAILABLE[@]}"
     do
-        APPS_INSTALLED+=("$(app_is_installed $a)")
+        APPS_INSTALLED+=("$(app_is_installed "$a")")
     done
 }
 
@@ -252,7 +261,7 @@ function get_apps_installed_names {
     APPS_INSTALLED_NAMES=()
     for a in "${APPS_AVAILABLE[@]}"
     do
-        if [[ $(app_is_installed $a) == "1" ]]; then
+        if [[ $(app_is_installed "$a") == "1" ]]; then
             APPS_INSTALLED_NAMES+=("$a")
         fi
     done
@@ -260,7 +269,7 @@ function get_apps_installed_names {
 
 # detects what apps are available
 function detect_apps {
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     function_check item_in_array
 
@@ -272,8 +281,7 @@ function detect_apps {
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
 
-        item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"
-        if [[ $? != 0 ]]; then
+        if ! item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"; then
             APPS_AVAILABLE+=("${app_name}")
             APPS_CHOSEN+=("0")
         fi
@@ -288,7 +296,7 @@ function detect_apps {
 # If the variants list within an app script is an empty string then
 # it is considered to be too experimental to be installable
 function detect_installable_apps {
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     APPS_AVAILABLE=()
     APPS_CHOSEN=()
@@ -304,15 +312,14 @@ function detect_installable_apps {
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
 
-        item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"
-        if [[ $? != 0 ]]; then
-            variants_list=$(app_variants $filename)
+        if ! item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"; then
+            variants_list=$(app_variants "$filename")
             # check for empty string
             if [ ${#variants_list} -gt 0 ]; then
                 APPS_AVAILABLE+=("${app_name}")
                 APPS_CHOSEN+=("0")
-                APPS_INSTALLED+=("$(app_is_installed $app_name)")
-                if [[ $(app_is_installed $app_name) == "1" ]]; then
+                APPS_INSTALLED+=("$(app_is_installed "$app_name")")
+                if [[ $(app_is_installed "$app_name") == "1" ]]; then
                     APPS_INSTALLED_NAMES+=("$app_name")
                 fi
             fi
@@ -321,7 +328,7 @@ function detect_installable_apps {
 }
 
 function detect_installed_apps {
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     APPS_AVAILABLE=()
     APPS_INSTALLED=()
@@ -336,10 +343,9 @@ function detect_installed_apps {
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
 
-        if [[ $(app_is_installed $app_name) == "1" ]]; then
-            item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"
-            if [[ $? != 0 ]]; then
-                variants_list=$(app_variants $filename)
+        if [[ $(app_is_installed "$app_name") == "1" ]]; then
+            if ! item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"; then
+                variants_list=$(app_variants "$filename")
                 if [ ${#variants_list} -gt 0 ]; then
                     APPS_AVAILABLE+=("${app_name}")
                     APPS_INSTALLED_NAMES+=("$app_name")
@@ -363,7 +369,7 @@ function choose_apps_for_variant {
         exit 237567
     fi
 
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     APPS_CHOSEN=()
 
@@ -372,16 +378,15 @@ function choose_apps_for_variant {
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
 
-        item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"
-        if [[ $? == 0 ]]; then
-            if grep -q "VARIANTS=" ${filename}; then
-                variants_list=$(app_variants $filename)
+        if item_in_array "${app_name}" "${APPS_AVAILABLE[@]}"; then
+            if grep -q "VARIANTS=" "${filename}"; then
+                variants_list=$(app_variants "$filename")
                 if [[ "${variants_list}" == 'all'* || \
                       "${variants_list}" == "$variant_name" || \
                       "${variants_list}" == "$variant_name "* || \
                       "${variants_list}" == *" $variant_name "* || \
                       "${variants_list}" == *" $variant_name" ]]; then
-                    if [[ $(app_is_removed ${a}) == "0" ]]; then
+                    if [[ $(app_is_removed "${a}") == "0" ]]; then
                         #echo $"${app_name} chosen"
                         APPS_CHOSEN+=("1")
                     else
@@ -408,7 +413,7 @@ function list_chosen_apps {
         if [[ ${APPS_CHOSEN[$app_index]} == "1" ]]; then
             echo $"${a}"
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 }
 
@@ -421,23 +426,23 @@ function remove_apps {
                 echo $"Removing users for application: ${a}"
 
                 function_check remove_users_for_app
-                remove_users_for_app ${a}
+                remove_users_for_app "${a}"
 
                 echo $"Removing application: ${a}"
 
                 function_check app_load_variables
-                app_load_variables ${a}
+                app_load_variables "${a}"
 
                 function_check remove_app
-                remove_app ${a}
+                remove_app "${a}"
 
-                function_check remove_${a}
-                remove_${a}
+                function_check "remove_${a}"
+                "remove_${a}"
 
                 echo $"${a} was removed"
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
     update_installed_apps_list
 }
@@ -450,13 +455,13 @@ function install_apps_interactive {
         if [[ ${APPS_INSTALLED[$app_index]} == "0" ]]; then
             if [[ ${APPS_CHOSEN[$app_index]} == "1" ]]; then
                 # interactively obtain settings for this app
-                if [[ $(function_exists install_interactive_${a}) == "1" ]]; then
-                    install_interactive_${a}
+                if [[ $(function_exists "install_interactive_${a}") == "1" ]]; then
+                    "install_interactive_${a}"
                 fi
             fi
         fi
 
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
     echo $"Interactive settings complete"
 }
@@ -466,8 +471,8 @@ function user_added_to_app {
     app_name="$2"
 
     if [[ $(is_valid_user "$user_name") == "1" ]]; then
-        if [[ $(function_exists add_user_${app_name}) == "1" ]]; then
-            if grep -Fxq "${app_name}_${user_name}" $APP_USERS_FILE; then
+        if [[ $(function_exists "add_user_${app_name}") == "1" ]]; then
+            if grep -Fxq "${app_name}_${user_name}" "$APP_USERS_FILE"; then
                 echo "1"
                 return
             fi
@@ -482,7 +487,7 @@ function add_users_after_install {
     read_config_param MY_USERNAME
 
     # ensure a minimum password length
-    if [ ! $MINIMUM_PASSWORD_LENGTH ]; then
+    if [ ! "$MINIMUM_PASSWORD_LENGTH" ]; then
         MINIMUM_PASSWORD_LENGTH=20
     fi
     if [ ${#MINIMUM_PASSWORD_LENGTH} -lt 20 ]; then
@@ -490,7 +495,7 @@ function add_users_after_install {
     fi
 
     ADMIN_USERNAME=$(get_completion_param "Admin user")
-    if [ ! $ADMIN_USERNAME ]; then
+    if [ ! "$ADMIN_USERNAME" ]; then
         ADMIN_USERNAME=$MY_USERNAME
     fi
 
@@ -501,8 +506,8 @@ function add_users_after_install {
                 if [[ $(user_added_to_app "${USERNAME}" "${app_name}") == "0" ]]; then
                     valstr=$"Login for user ${USERNAME}="
                     app_password="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-                    add_user_${app_name} "${USERNAME}" "${app_password}"
-                    echo "${app_name}_${USERNAME}" >> $APP_USERS_FILE
+                    "add_user_${app_name}" "${USERNAME}" "${app_password}"
+                    echo "${app_name}_${USERNAME}" >> "$APP_USERS_FILE"
                 fi
             fi
         fi
@@ -519,10 +524,10 @@ function remove_users_for_app {
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
             if [[ "$USERNAME" != "$MY_USERNAME" ]]; then
                 if [[ $(user_added_to_app "${USERNAME}" "${app_name}") == "1" ]]; then
-                    if [[ $(function_exists remove_user_${app_name}) == "1" ]]; then
-                        remove_user_${app_name} "${USERNAME}"
+                    if [[ $(function_exists "remove_user_${app_name}") == "1" ]]; then
+                        "remove_user_${app_name}" "${USERNAME}"
                     fi
-                    sed -i "/${app_name}_${USERNAME}/d" $APP_USERS_FILE
+                    sed -i "/${app_name}_${USERNAME}/d" "$APP_USERS_FILE"
                 fi
             fi
         fi
@@ -535,7 +540,7 @@ function install_apps {
     APP_INSTALLED_SUCCESS=1
 
     # interactive install configuration for each app
-    if [ ${is_interactive} ]; then
+    if [ "${is_interactive}" ]; then
         install_apps_interactive
     fi
 
@@ -549,69 +554,69 @@ function install_apps {
                 # remove any temp files
                 rm -rf /tmp/*
 
-                if [ ${is_interactive} ]; then
+                if [ "${is_interactive}" ]; then
                     # clears any removal indicator
                     function_check reinstall_app
-                    reinstall_app ${a}
+                    reinstall_app "${a}"
 
                     function_check app_load_variables
-                    app_load_variables ${a}
+                    app_load_variables "${a}"
 
-                    if [[ $(app_is_installed ${a}) == "1" ]]; then
+                    if [[ $(app_is_installed "${a}") == "1" ]]; then
                         echo $"Upgrading application from interactive: ${a}"
-                        upgrade_${a}
+                        "upgrade_${a}"
                         echo $"${a} was upgraded from interactive"
                     else
                         echo $"Installing application from interactive: ${a}"
                         APP_INSTALLED=
-                        install_${a}
+                        "install_${a}"
                         if [ $APP_INSTALLED ]; then
                             function_check app_save_variables
-                            app_save_variables ${a}
+                            app_save_variables "${a}"
 
                             function_check add_users_after_install
-                            add_users_after_install ${a}
+                            add_users_after_install "${a}"
 
                             function_check lockdown_permissions
                             lockdown_permissions
 
                             function_check install_completed
-                            install_completed ${a}
+                            install_completed "${a}"
                             echo $"${a} was installed from interactive"
                         else
-                            echo "Failed to install: ${a}" >> /var/log/${PROJECT_NAME}.log
+                            echo "Failed to install: ${a}" >> "/var/log/${PROJECT_NAME}.log"
                             APP_INSTALLED_SUCCESS=
                             echo $"${a} was not installed from interactive"
                         fi
                     fi
                 else
                     # check if the app was removed
-                    if [[ $(app_is_removed ${a}) == "0" ]]; then
+                    if [[ $(app_is_removed "${a}") == "0" ]]; then
                         function_check app_load_variables
-                        app_load_variables ${a}
-                        if [[ $(app_is_installed ${a}) == "1" ]]; then
+                        app_load_variables "${a}"
+                        if [[ $(app_is_installed "${a}") == "1" ]]; then
                             echo $"Upgrading application: ${a}"
-                            upgrade_${a}
+                            "upgrade_${a}"
                             echo $"${a} was upgraded"
                         else
                             echo $"Installing application: ${a}"
                             APP_INSTALLED=
-                            install_${a}
+                            "install_${a}"
                             if [ $APP_INSTALLED ]; then
                                 function_check app_save_variables
-                                app_save_variables ${a}
+                                app_save_variables "${a}"
 
                                 function_check add_users_after_install
-                                add_users_after_install ${a}
+                                add_users_after_install "${a}"
 
                                 function_check lockdown_permissions
                                 lockdown_permissions
 
                                 function_check install_completed
-                                install_completed ${a}
+                                install_completed "${a}"
                                 echo $"${a} was installed"
                             else
-                                echo "Failed to install: ${a}" >> /var/log/${PROJECT_NAME}.log
+                                echo "Failed to install: ${a}" >> "/var/log/${PROJECT_NAME}.log"
                                 APP_INSTALLED_SUCCESS=
                                 echo $"${a} was not installed"
                             fi
@@ -622,7 +627,7 @@ function install_apps {
                 fi
             fi
         fi
-        app_index=$[app_index+1]
+        app_index=$((app_index+1))
     done
 
     function_check update_installed_apps_list
diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup
index 77522207..2c45362e 100755
--- a/src/freedombone-utils-setup
+++ b/src/freedombone-utils-setup
@@ -63,7 +63,7 @@ BACKUP_MAX_DAYS=30
 # file containing a list of remote locations to backup to
 # Format: [username@friendsdomain//home/username] [ssh_password]
 # With the only space character being between the server and the password
-FRIENDS_SERVERS_LIST=/home/$MY_USERNAME/backup.list
+FRIENDS_SERVERS_LIST="/home/$MY_USERNAME/backup.list"
 
 export DEBIAN_FRONTEND=noninteractive
 
@@ -103,9 +103,9 @@ function detect_usb_drive {
     # which is likely to be the last drive connected
     read_config_param USB_DRIVE
     partition_number='1'
-    if [[ "$1" == "nopath" ]]; then
-        partition_number=''
-    fi
+    #if [[ "$1" == "nopath" ]]; then
+    #    partition_number=''
+    #fi
     if [ -b /dev/sda${partition_number} ]; then
         USB_DRIVE=/dev/sda${partition_number}
     fi
@@ -139,7 +139,7 @@ function separate_tmp_filesystem {
         mkdir -p /tmp
     fi
     if ! grep -q '/tmp' /etc/fstab; then
-        mount -t tmpfs -o size=${tmp_filesystem_size_mb}m tmpfs /tmp
+        mount -t tmpfs -o size="${tmp_filesystem_size_mb}m" tmpfs /tmp
         echo "tmpfs       /tmp tmpfs   nodev,nosuid,noexec,nodiratime,size=${tmp_filesystem_size_mb}M   0 0" >> /etc/fstab
     fi
 }
@@ -183,7 +183,7 @@ function remove_bluetooth {
         bluetooth_changed=1
     fi
     if [ $bluetooth_changed ]; then
-        update-initramfs -u -k `uname -r` -v
+        update-initramfs -u -k "$(uname -r)" -v
         update-rc.d bluetooth remove
     fi
 }
@@ -199,7 +199,7 @@ function running_as_root {
 function reset_usb_devices {
     for xhci in /sys/bus/pci/drivers/?hci-pci ; do
 
-        if ! cd $xhci ; then
+        if ! cd "$xhci" ; then
             return
         fi
 
@@ -219,7 +219,7 @@ function install_backports_kernel {
 
     if [[ "$architecture_type" == *"amd64"* ]]; then
         package_installed=$(dpkg-query -W -f='${Package}\n' linux-image-amd64 2>/dev/null)
-        if [ ! $package_installed ]; then
+        if [ ! "$package_installed" ]; then
             apt-get -yq install linux-image-amd64
         fi
     fi
@@ -279,8 +279,8 @@ function initial_setup {
         apt-get -yq install grub2 lvm2
     fi
 
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
     fi
 
     mark_completed "${FUNCNAME[0]}"
@@ -308,8 +308,9 @@ function setup_grub {
 }
 
 function admin_user_sudo {
-    if ! grep -q "$MY_USERNAME  ALL=(ALL) ALL" $rootdir/etc/sudoers; then
-        echo "$MY_USERNAME  ALL=(ALL) ALL" >> $rootdir/etc/sudoers
+    # shellcheck disable=SC2154
+    if ! grep -q "$MY_USERNAME  ALL=(ALL) ALL" "$rootdir/etc/sudoers"; then
+        echo "$MY_USERNAME  ALL=(ALL) ALL" >> "$rootdir/etc/sudoers"
     fi
 }
 
@@ -338,11 +339,11 @@ function search_for_attached_usb_drive {
 
         if [ -f $USB_MOUNT/private_key.gpg ]; then
             echo $'GPG private key found on USB drive'
-            MY_GPG_PRIVATE_KEY=$USB_MOUNT/private_key.gpg
+            MY_GPG_PRIVATE_KEY="$USB_MOUNT/private_key.gpg"
         fi
         if [ -f $USB_MOUNT/public_key.gpg ]; then
             echo $'GPG public key found on USB drive'
-            MY_GPG_PUBLIC_KEY=$USB_MOUNT/public_key.gpg
+            MY_GPG_PUBLIC_KEY="$USB_MOUNT/public_key.gpg"
         fi
 
         if [ -f $USB_MOUNT/letsencrypt ]; then
@@ -431,8 +432,8 @@ function remove_default_user {
 }
 
 function create_completion_file {
-    if [ ! -f $COMPLETION_FILE ]; then
-        touch $COMPLETION_FILE
+    if [ ! -f "$COMPLETION_FILE" ]; then
+        touch "$COMPLETION_FILE"
     fi
 }
 
@@ -467,7 +468,7 @@ function remove_management_engine_interface {
 }
 
 function set_login_umask {
-    logindefs_umask=$(cat /etc/login.defs | grep UMASK | grep -v '#')
+    logindefs_umask=$(grep UMASK /etc/login.defs | grep -v '#')
     if [[ "$logindefs_umask" != *'077' ]]; then
         sed -i 's|UMASK\t.*|UMASK\t\t077|g' /etc/login.defs
     fi
@@ -489,7 +490,7 @@ function set_max_login_tries {
     max_tries=$1
 
     if ! grep -q ' deny=' /etc/pam.d/common-auth; then
-        sed -i "/pam_deny.so/a auth    required\t\t\tpam_tally.so    onerr=fail no_lock_time per_user deny=$max_tries" /etc/pam.d/common-auth
+        sed -i "/pam_deny.so/a auth    required\\t\\t\\tpam_tally.so    onerr=fail no_lock_time per_user deny=$max_tries" /etc/pam.d/common-auth
     else
         if ! grep -q " deny=$max_tries" /etc/pam.d/common-auth; then
             sed -i "s| deny=.*| deny=$max_tries|g" /etc/pam.d/common-auth
@@ -503,19 +504,19 @@ function set_max_login_tries {
 
 function limit_user_logins {
     # overall max logins
-    if ! grep -q '* hard maxsyslogins' /etc/security/limits.conf; then
+    if ! grep -q '\* hard maxsyslogins' /etc/security/limits.conf; then
         echo '* hard maxsyslogins 10' >> /etc/security/limits.conf
     else
-        if ! grep -q '* hard maxsyslogins 10' /etc/security/limits.conf; then
+        if ! grep -q '\* hard maxsyslogins 10' /etc/security/limits.conf; then
             sed -i 's|hard maxsyslogins.*|hard maxsyslogins 10|g' /etc/security/limits.conf
         fi
     fi
 
     # Max logins for each user
-    if ! grep -q '* hard maxlogins' /etc/security/limits.conf; then
+    if ! grep -q '\* hard maxlogins' /etc/security/limits.conf; then
         echo '* hard maxlogins 2' >> /etc/security/limits.conf
     else
-        if ! grep -q '* hard maxlogins 2' /etc/security/limits.conf; then
+        if ! grep -q '\* hard maxlogins 2' /etc/security/limits.conf; then
             sed -i 's|hard maxlogins.*|hard maxlogins 2|g' /etc/security/limits.conf
         fi
     fi
@@ -532,7 +533,7 @@ function set_sticky_bits {
     world_writable=$(find / -xdev -type d -perm -002 \! -perm -1000)
     for w in $world_writable; do
         echo "Setting sticky bit on $w"
-        chmod +t $w
+        chmod +t "$w"
     done
 }
 
@@ -655,10 +656,10 @@ function lockdown_permissions {
 }
 
 function disable_core_dumps {
-    if ! grep -q '* hard core' /etc/security/limits.conf; then
+    if ! grep -q '\* hard core' /etc/security/limits.conf; then
         echo '* hard core 0' >> /etc/security/limits.conf
     else
-        if ! grep -q '* hard core 0' /etc/security/limits.conf; then
+        if ! grep -q '\* hard core 0' /etc/security/limits.conf; then
             sed -i 's|hard core.*|hard core 0|g' /etc/security/limits.conf
         fi
     fi
@@ -1097,24 +1098,23 @@ function upgrade_apps {
     create_completion_file
 
     APPS_COMPLETED=()
-    FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
 
     # for all the app scripts
     for filename in $FILES
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
 
-        item_in_array "${app_name}" "${APPS_COMPLETED[@]}"
-        if [[ $? != 0 ]]; then
+        if ! item_in_array "${app_name}" "${APPS_COMPLETED[@]}"; then
             function_check app_is_installed
-            if [[ "$(app_is_installed $app_name)" == "1" ]]; then
+            if [[ "$(app_is_installed "$app_name")" == "1" ]]; then
                 echo ''
                 echo ''
                 echo $"Upgrading $app_name"
-                app_load_variables ${app_name}
+                app_load_variables "${app_name}"
                 APPS_COMPLETED+=("${app_name}")
-                function_check upgrade_${app_name}
-                upgrade_${app_name}
+                function_check "upgrade_${app_name}"
+                "upgrade_${app_name}"
             fi
         fi
     done
@@ -1145,7 +1145,7 @@ function setup_apps {
     if [[ $is_interactive == "noninteractive" || $is_interactive == "headless" ]]; then
         function_check install_apps
         install_apps
-        if [ ! $APP_INSTALLED_SUCCESS ]; then
+        if [ ! "$APP_INSTALLED_SUCCESS" ]; then
             echo $'One or more apps failed to install'
         fi
     fi
@@ -1155,28 +1155,28 @@ function combine_all_scripts {
     combined_filename=$1
 
     # initial variables
-    cp $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars $combined_filename
+    cp "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars" "$combined_filename"
 
     # utilities
-    UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+    UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
     for f in $UTILS_FILES
     do
         # this removes the first line, which is #!/bin/bash
-        tail -n +2 "$f" >> $combined_filename
+        tail -n +2 "$f" >> "$combined_filename"
     done
 
     # base system
-    BASE_SYSTEM_FILES=/usr/share/${PROJECT_NAME}/base/${PROJECT_NAME}-base-*
+    BASE_SYSTEM_FILES="/usr/share/${PROJECT_NAME}/base/${PROJECT_NAME}-base-*"
     for f in $BASE_SYSTEM_FILES
     do
-        tail -n +2 "$f" >> $combined_filename
+        tail -n +2 "$f" >> "$combined_filename"
     done
 
     # apps
-    APP_FILES=/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*
+    APP_FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
     for f in $APP_FILES
     do
-        tail -n +2 "$f" >> $combined_filename
+        tail -n +2 "$f" >> "$combined_filename"
     done
 }
 
@@ -1185,8 +1185,8 @@ function check_ram_availability {
     minimum_ram_bytes=$((minimum_ram_MB * 1024))
 
     ram_available=$(grep MemTotal /proc/meminfo | awk '{print $2}')
-    if [ $ram_available -lt $minimum_ram_bytes ]; then
-        echo $"Need at least ${minimum_ram_gb}MB RAM to install this app"
+    if [ "$ram_available" -lt "$minimum_ram_bytes" ]; then
+        echo $"Need at least ${minimum_ram_MB}MB RAM to install this app"
         exit 783524
     fi
 }
diff --git a/src/freedombone-utils-tracker b/src/freedombone-utils-tracker
index 15fcf758..449948b4 100755
--- a/src/freedombone-utils-tracker
+++ b/src/freedombone-utils-tracker
@@ -31,28 +31,29 @@
 TRACKER_PORT=6969
 
 function mesh_install_tracker {
+    # shellcheck disable=SC2154
     chroot "$rootdir" apt-get -yq install bittornado nginx
 
     TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
-    echo '[Unit]' > $TRACKER_DAEMON
-    echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
-    echo 'After=syslog.target' >> $TRACKER_DAEMON
-    echo 'After=network.target' >> $TRACKER_DAEMON
-    echo '[Service]' >> $TRACKER_DAEMON
-    echo 'Type=simple' >> $TRACKER_DAEMON
-    echo 'User=tracker' >> $TRACKER_DAEMON
-    echo 'Group=tracker' >> $TRACKER_DAEMON
-    echo "WorkingDirectory=/var/lib/tracker" >> $TRACKER_DAEMON
-    echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /var/lib/tracker/dstate --logfile /var/lib/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo 'TimeoutSec=300' >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo '[Install]' >> $TRACKER_DAEMON
-    echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
+    { echo '[Unit]'
+      echo 'Description=Torrent Tracker';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=tracker';
+      echo 'Group=tracker';
+      echo "WorkingDirectory=/var/lib/tracker";
+      echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /var/lib/tracker/dstate --logfile /var/lib/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$TRACKER_DAEMON"
 
     chroot "$rootdir" useradd -d /var/lib/tracker/ -s /bin/false tracker
-    if [ ! -d $rootdir/var/lib/tracker ]; then
-        mkdir $rootdir/var/lib/tracker
+    if [ ! -d "$rootdir/var/lib/tracker" ]; then
+        mkdir "$rootdir/var/lib/tracker"
     fi
     chroot "$rootdir" chown -R tracker:tracker /var/lib/tracker
 
@@ -60,7 +61,7 @@ function mesh_install_tracker {
 }
 
 function install_tracker {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_install_tracker
         return
     fi
@@ -72,21 +73,21 @@ function install_tracker {
     apt-get -yq install bittornado nginx
 
     TRACKER_DAEMON=/etc/systemd/system/tracker.service
-    echo '[Unit]' > $TRACKER_DAEMON
-    echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
-    echo 'After=syslog.target' >> $TRACKER_DAEMON
-    echo 'After=network.target' >> $TRACKER_DAEMON
-    echo '[Service]' >> $TRACKER_DAEMON
-    echo 'Type=simple' >> $TRACKER_DAEMON
-    echo 'User=tracker' >> $TRACKER_DAEMON
-    echo 'Group=tracker' >> $TRACKER_DAEMON
-    echo "WorkingDirectory=/var/lib/tracker" >> $TRACKER_DAEMON
-    echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /var/lib/tracker/dstate --logfile /var/lib/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo 'TimeoutSec=300' >> $TRACKER_DAEMON
-    echo '' >> $TRACKER_DAEMON
-    echo '[Install]' >> $TRACKER_DAEMON
-    echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
+    { echo '[Unit]';
+      echo 'Description=Torrent Tracker';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=tracker';
+      echo 'Group=tracker';
+      echo "WorkingDirectory=/var/lib/tracker";
+      echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile /var/lib/tracker/dstate --logfile /var/lib/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0";
+      echo '';
+      echo 'TimeoutSec=300';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$TRACKER_DAEMON"
 
     useradd -d /var/lib/tracker/ -s /bin/false tracker
     if [ ! -d /var/lib/tracker ]; then
diff --git a/src/freedombone-utils-turn b/src/freedombone-utils-turn
index 74de0dd1..d85b79f7 100755
--- a/src/freedombone-utils-turn
+++ b/src/freedombone-utils-turn
@@ -36,10 +36,10 @@ function generate_turn_key {
     local turnkey="${1}"
     local filepath="${2}"
 
-    echo "lt-cred-mech" > "${filepath}"
-    echo "use-auth-secret" >> "${filepath}"
-    echo "static-auth-secret=${turnkey}" >> "${filepath}"
-    echo "realm=turn.${DEFAULT_DOMAIN_NAME}" >> "${filepath}"
+    { echo "lt-cred-mech";
+      echo "use-auth-secret";
+      echo "static-auth-secret=${turnkey}";
+      echo "realm=turn.${DEFAULT_DOMAIN_NAME}"; } > "${filepath}"
     if [[ $ONION_ONLY == 'no' ]]; then
         echo "cert=$MATRIX_DATA_DIR/${DEFAULT_DOMAIN_NAME}.tls.crt" >> "${filepath}"
         echo "pkey=$MATRIX_DATA_DIR/${DEFAULT_DOMAIN_NAME}.tls.key" >> "${filepath}"
@@ -58,7 +58,7 @@ function remove_turn {
 
     apt-get -y remove coturn
     rm -rf /var/lib/turn
-    sed -i "/# TURN Server/,/# End of TURN Server/d" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+    sed -i "/# TURN Server/,/# End of TURN Server/d" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
     remove_onion_service turn ${TURN_ONION_PORT}
     rm /etc/avahi/services/turn.service
     systemctl restart nginx
@@ -69,62 +69,62 @@ function install_turn {
 
     # append the matrix server to the web site config
     turn_nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME
-    if ! grep -q '# End of TURN Server' $turn_nginx_site; then
-        if [[ $ONION_ONLY == "no" ]]; then
-            echo '# TURN Server' >> $turn_nginx_site
-            echo 'server {' >> $turn_nginx_site
-            echo "  listen ${TURN_HTTP_PORT} ssl;" >> $turn_nginx_site
-            echo "  listen [::]:${TURN_HTTP_PORT} ssl;" >> $turn_nginx_site
-            echo "  server_name ${DEFAULT_DOMAIN_NAME};" >> $turn_nginx_site
-            echo '' >> $turn_nginx_site
-            echo '  # Security' >> $turn_nginx_site
+    if ! grep -q '# End of TURN Server' "$turn_nginx_site"; then
+        if [[ "$ONION_ONLY" == "no" ]]; then
+            { echo '# TURN Server';
+              echo 'server {';
+              echo "  listen ${TURN_HTTP_PORT} ssl;";
+              echo "  listen [::]:${TURN_HTTP_PORT} ssl;";
+              echo "  server_name ${DEFAULT_DOMAIN_NAME};";
+              echo '';
+              echo '  # Security'; } >> "$turn_nginx_site"
             function_check nginx_ssl
-            nginx_ssl ${DEFAULT_DOMAIN_NAME}
+            nginx_ssl "${DEFAULT_DOMAIN_NAME}"
 
             function_check nginx_disable_sniffing
-            nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
+            nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
 
-            echo '  add_header Strict-Transport-Security max-age=15768000;' >> $turn_nginx_site
-            echo '' >> $turn_nginx_site
-            echo '  # Logs' >> $turn_nginx_site
-            echo '  access_log /dev/null;' >> $turn_nginx_site
-            echo '  error_log /dev/null;' >> $turn_nginx_site
-            echo '' >> $turn_nginx_site
-            echo '  # Index' >> $turn_nginx_site
-            echo '  index index.html;' >> $turn_nginx_site
-            echo '' >> $turn_nginx_site
-            echo '  # Location' >> $turn_nginx_site
-            echo '  location / {' >> $turn_nginx_site
+            { echo '  add_header Strict-Transport-Security max-age=15768000;';
+              echo '';
+              echo '  # Logs';
+              echo '  access_log /dev/null;';
+              echo '  error_log /dev/null;';
+              echo '';
+              echo '  # Index';
+              echo '  index index.html;';
+              echo '';
+              echo '  # Location';
+              echo '  location / {'; } >> "$turn_nginx_site"
             function_check nginx_limits
-            nginx_limits ${DEFAULT_DOMAIN_NAME} '15m'
-            echo "      proxy_pass http://localhost:${TURN_PORT};" >> $turn_nginx_site
-            echo '      proxy_set_header X-Forwarded-For $remote_addr;' >> $turn_nginx_site
-            echo '  }' >> $turn_nginx_site
-            echo '}' >> $turn_nginx_site
-            echo '' >> $turn_nginx_site
+            nginx_limits "${DEFAULT_DOMAIN_NAME}" '15m'
+            { echo "      proxy_pass http://localhost:${TURN_PORT};";
+              echo "      proxy_set_header X-Forwarded-For \$remote_addr;";
+              echo '  }';
+              echo '}';
+              echo ''; } >> "$turn_nginx_site"
         else
-            echo '# TURN Server' >> $turn_nginx_site
+            echo '# TURN Server' >> "$turn_nginx_site"
         fi
-        echo 'server {' >> $turn_nginx_site
-        echo "    listen 127.0.0.1:$TURN_ONION_PORT default_server;" >> $turn_nginx_site
-        echo "    server_name $DEFAULT_DOMAIN_NAME;" >> $turn_nginx_site
-        echo '' >> $turn_nginx_site
+        { echo 'server {';
+          echo "    listen 127.0.0.1:$TURN_ONION_PORT default_server;";
+          echo "    server_name $DEFAULT_DOMAIN_NAME;";
+          echo ''; } >> "$turn_nginx_site"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
-        echo '' >> $turn_nginx_site
-        echo '  # Logs' >> $turn_nginx_site
-        echo '  access_log /dev/null;' >> $turn_nginx_site
-        echo '  error_log /dev/null;' >> $turn_nginx_site
-        echo '' >> $turn_nginx_site
-        echo '  # Location' >> $turn_nginx_site
-        echo '  location / {' >> $turn_nginx_site
+        nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
+        { echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$turn_nginx_site"
         function_check nginx_limits
-        nginx_limits $DEFAULT_DOMAIN_NAME '15m'
-        echo "      proxy_pass http://localhost:${TURN_PORT};" >> $turn_nginx_site
-        echo '      proxy_set_header X-Forwarded-For $remote_addr;' >> $turn_nginx_site
-        echo '  }' >> $turn_nginx_site
-        echo '}' >> $turn_nginx_site
-        echo '# End of TURN Server' >> $turn_nginx_site
+        nginx_limits "$DEFAULT_DOMAIN_NAME" '15m'
+        { echo "      proxy_pass http://localhost:${TURN_PORT};";
+          echo "      proxy_set_header X-Forwarded-For \$remote_addr;";
+          echo '  }';
+          echo '}';
+          echo '# End of TURN Server'; } >> "$turn_nginx_site"
     fi
 
     export DEBIAN_FRONTEND=noninteractive
@@ -151,26 +151,26 @@ function install_turn {
     fi
 
     turnkey="$(create_password 30)"
-    generate_turn_key $turnkey /var/lib/turn/turnserver.conf
+    generate_turn_key "$turnkey" /var/lib/turn/turnserver.conf
 
     chmod -R 700 /var/lib/turn/turnserver.conf
     chown -R matrix:matrix /var/lib/turn
 
-    echo '[Unit]' > /etc/systemd/system/turn.service
-    echo 'Description=TURN server' >> /etc/systemd/system/turn.service
-    echo 'After=network.target nginx.target' >> /etc/systemd/system/turn.service
-    echo '' >> /etc/systemd/system/turn.service
-    echo '[Service]' >> /etc/systemd/system/turn.service
-    echo 'Type=simple' >> /etc/systemd/system/turn.service
-    echo 'User=matrix' >> /etc/systemd/system/turn.service
-    echo "WorkingDirectory=/var/lib/turn" >> /etc/systemd/system/turn.service
-    echo "ExecStart=/usr/bin/turnserver -c /var/lib/turn/turnserver.conf --pidfile /var/lib/matrix/homeserver.pid" >> /etc/systemd/system/turn.service
-    echo "Environment=REPORT_STATS=\"no\"" >> /etc/systemd/system/turn.service
-    echo 'Restart=always' >> /etc/systemd/system/turn.service
-    echo 'RestartSec=10' >> /etc/systemd/system/turn.service
-    echo '' >> /etc/systemd/system/turn.service
-    echo '[Install]' >> /etc/systemd/system/turn.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turn.service
+    { echo '[Unit]';
+      echo 'Description=TURN server';
+      echo 'After=network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=matrix';
+      echo "WorkingDirectory=/var/lib/turn";
+      echo "ExecStart=/usr/bin/turnserver -c /var/lib/turn/turnserver.conf --pidfile /var/lib/matrix/homeserver.pid";
+      echo "Environment=REPORT_STATS=\"no\"";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/turn.service
     systemctl enable turn
     systemctl daemon-reload
     systemctl start turn
@@ -178,21 +178,22 @@ function install_turn {
     firewall_add turn ${TURN_PORT}
     firewall_add turn-http ${TURN_HTTP_PORT}
 
-    TURN_ONION_HOSTNAME=$(add_onion_service turn ${TURN_PORT} ${TURN_ONION_PORT})
+    #TURN_ONION_HOSTNAME=$(add_onion_service turn ${TURN_PORT} ${TURN_ONION_PORT})
+    add_onion_service turn ${TURN_PORT} ${TURN_ONION_PORT}
 
-    echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > /etc/avahi/services/turn.service
-    echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> /etc/avahi/services/turn.service
-    echo '<service-group>' >> /etc/avahi/services/turn.service
-    echo '  <name replace-wildcards="yes">%h TURN</name>' >> /etc/avahi/services/turn.service
-    echo '  <service>' >> /etc/avahi/services/turn.service
-    echo '    <type>_turn._tcp</type>' >> /etc/avahi/services/turn.service
-    echo "    <port>$TURN_PORT</port>" >> /etc/avahi/services/turn.service
-    echo '  </service>' >> /etc/avahi/services/turn.service
-    echo '  <service>' >> /etc/avahi/services/turn.service
-    echo '    <type>_turn._udp</type>' >> /etc/avahi/services/turn.service
-    echo "    <port>$TURN_PORT</port>" >> /etc/avahi/services/turn.service
-    echo '  </service>' >> /etc/avahi/services/turn.service
-    echo '</service-group>' >> /etc/avahi/services/turn.service
+    { echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->';
+      echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">';
+      echo '<service-group>';
+      echo '  <name replace-wildcards="yes">%h TURN</name>';
+      echo '  <service>';
+      echo '    <type>_turn._tcp</type>';
+      echo "    <port>$TURN_PORT</port>";
+      echo '  </service>';
+      echo '  <service>';
+      echo '    <type>_turn._udp</type>';
+      echo "    <port>$TURN_PORT</port>";
+      echo '  </service>';
+      echo '</service-group>'; } > /etc/avahi/services/turn.service
 
     systemctl restart avahi-daemon
     systemctl restart nginx
diff --git a/src/freedombone-utils-upgrade b/src/freedombone-utils-upgrade
index e8e5eb4e..114815a6 100755
--- a/src/freedombone-utils-upgrade
+++ b/src/freedombone-utils-upgrade
@@ -32,14 +32,14 @@
 UPGRADE_SCRIPT_NAME="${PROJECT_NAME}-upgrade"
 
 function create_upgrade_script {
-    upgrade_command_file=$(which ${PROJECT_NAME}-upgrade)
-    if [ ! -f /etc/cron.weekly/$UPGRADE_SCRIPT_NAME ]; then
-        cp $upgrade_command_file /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
+    upgrade_command_file=$(which "${PROJECT_NAME}-upgrade")
+    if [ ! -f "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME" ]; then
+        cp "$upgrade_command_file" "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME"
     else
-        HASH1=$(sha256sum $upgrade_command_file | awk -F ' ' '{print $1}')
-        HASH2=$(sha256sum /etc/cron.weekly/$UPGRADE_SCRIPT_NAME | awk -F ' ' '{print $1}')
+        HASH1=$(sha256sum "$upgrade_command_file" | awk -F ' ' '{print $1}')
+        HASH2=$(sha256sum "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME" | awk -F ' ' '{print $1}')
         if [[ "$HASH1" != "$HASH2" ]]; then
-            cp $upgrade_command_file /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
+            cp "$upgrade_command_file" "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME"
         fi
     fi
 
@@ -53,7 +53,7 @@ function create_upgrade_script {
 }
 
 function upgrade_installation_from_previous_versions {
-    if [ ! -f $COMPLETION_FILE ]; then
+    if [ ! -f "$COMPLETION_FILE" ]; then
         return
     fi
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
@@ -61,27 +61,27 @@ function upgrade_installation_from_previous_versions {
     fi
 
     # upgrade from previous versions
-    sed -i 's|configure_email|install_email|g' $COMPLETION_FILE
-    sed -i 's|install_dlna_server|install_dlna|g' $COMPLETION_FILE
-    sed -i 's|install_gnu_social_theme|install_gnusocial_theme|g' $COMPLETION_FILE
-    sed -i 's|install_gnu_social|install_gnusocial|g' $COMPLETION_FILE
-    sed -i 's|install_irc_server|install_irc|g' $COMPLETION_FILE
-    sed -i 's|voip_turn|turn|g' $COMPLETION_FILE
-    sed -i 's|install_voip|install_mumble|g' $COMPLETION_FILE
-    sed -i 's|install_rss_reader|install_rss|g' $COMPLETION_FILE
-    sed -i 's|install_tox_node|install_tox|g' $COMPLETION_FILE
-    sed -i 's|intrusion_detection|install_tripwire|g' $COMPLETION_FILE
+    sed -i 's|configure_email|install_email|g' "$COMPLETION_FILE"
+    sed -i 's|install_dlna_server|install_dlna|g' "$COMPLETION_FILE"
+    sed -i 's|install_gnu_social_theme|install_gnusocial_theme|g' "$COMPLETION_FILE"
+    sed -i 's|install_gnu_social|install_gnusocial|g' "$COMPLETION_FILE"
+    sed -i 's|install_irc_server|install_irc|g' "$COMPLETION_FILE"
+    sed -i 's|voip_turn|turn|g' "$COMPLETION_FILE"
+    sed -i 's|install_voip|install_mumble|g' "$COMPLETION_FILE"
+    sed -i 's|install_rss_reader|install_rss|g' "$COMPLETION_FILE"
+    sed -i 's|install_tox_node|install_tox|g' "$COMPLETION_FILE"
+    sed -i 's|intrusion_detection|install_tripwire|g' "$COMPLETION_FILE"
 
-    sed -i 's|GNU Social|gnusocial|g' $COMPLETION_FILE
-    sed -i 's|XMPP|xmpp|g' $COMPLETION_FILE
-    sed -i 's|voip|mumble|g' $COMPLETION_FILE
-    sed -i 's|VoIP|mumble|g' $COMPLETION_FILE
-    sed -i 's|Blog|htmly|g' $COMPLETION_FILE
-    sed -i 's|Hubzilla|hubzilla|g' $COMPLETION_FILE
-    sed -i 's|Gogs|gogs|g' $COMPLETION_FILE
-    sed -i 's|Wiki|dokuwiki|g' $COMPLETION_FILE
-    sed -i 's|RSS|rss|g' $COMPLETION_FILE
-    sed -i 's|Zeronet|zeronet|g' $COMPLETION_FILE
+    sed -i 's|GNU Social|gnusocial|g' "$COMPLETION_FILE"
+    sed -i 's|XMPP|xmpp|g' "$COMPLETION_FILE"
+    sed -i 's|voip|mumble|g' "$COMPLETION_FILE"
+    sed -i 's|VoIP|mumble|g' "$COMPLETION_FILE"
+    sed -i 's|Blog|htmly|g' "$COMPLETION_FILE"
+    sed -i 's|Hubzilla|hubzilla|g' "$COMPLETION_FILE"
+    sed -i 's|Gogs|gogs|g' "$COMPLETION_FILE"
+    sed -i 's|Wiki|dokuwiki|g' "$COMPLETION_FILE"
+    sed -i 's|RSS|rss|g' "$COMPLETION_FILE"
+    sed -i 's|Zeronet|zeronet|g' "$COMPLETION_FILE"
 
     if [ -f /usr/local/bin/zeronetavahi ]; then
         rm /usr/local/bin/zeronetavahi
diff --git a/src/freedombone-utils-watchdog b/src/freedombone-utils-watchdog
index 8b05cf35..f0965639 100755
--- a/src/freedombone-utils-watchdog
+++ b/src/freedombone-utils-watchdog
@@ -37,9 +37,9 @@ function install_watchdog_script {
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
     fi
-    echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    { echo '#!/bin/bash';
+      echo 'LOGFILE=/var/log/keepon.log';
+      echo "CURRENT_DATE=\$(date)"; } > "/usr/bin/$WATCHDOG_SCRIPT_NAME"
     # application specific stuff is added later
     chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME
 
@@ -50,28 +50,28 @@ function install_watchdog_script {
 }
 
 function daemon_is_running {
-    daemon_name=$1
-    systemctl is-active ${daemon_name} >/dev/null 2>&1 && echo Running
+    daemon_name="$1"
+    systemctl is-active "${daemon_name}" >/dev/null 2>&1 && echo Running
 }
 
 function add_watchdog_daemon {
-    daemon_name=$1
+    daemon_name="$1"
 
-    echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo "# keep ${daemon_name} daemon running" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo "RUNNING=\$(systemctl is-active ${daemon_name} >/dev/null 2>&1 && echo Running)" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'if [ ! $RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo "  systemctl start ${daemon_name}" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo '  echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo "  echo \"${daemon_name} daemon restarted\" >> \$LOGFILE" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
-    echo "# End of ${daemon_name}" >> /usr/bin/$WATCHDOG_SCRIPT_NAME
+    { echo '';
+      echo "# keep ${daemon_name} daemon running";
+      echo "RUNNING=\$(systemctl is-active ${daemon_name} >/dev/null 2>&1 && echo Running)";
+      echo "if [ ! \$RUNNING ]; then";
+      echo "  systemctl start ${daemon_name}";
+      echo "  echo -n \$CURRENT_DATE >> \$LOGFILE";
+      echo "  echo \"${daemon_name} daemon restarted\" >> \$LOGFILE";
+      echo 'fi';
+      echo "# End of ${daemon_name}"; } >> "/usr/bin/$WATCHDOG_SCRIPT_NAME"
 }
 
 function remove_watchdog_daemon {
-    daemon_name=$1
+    daemon_name="$1"
 
-    sed -i "/# keep ${daemon_name} daemon running/,/# End of ${daemon_name}/d" /usr/bin/$WATCHDOG_SCRIPT_NAME
+    sed -i "/# keep ${daemon_name} daemon running/,/# End of ${daemon_name}/d" "/usr/bin/$WATCHDOG_SCRIPT_NAME"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index 3cb0d34d..04925d12 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -63,10 +63,10 @@ function validate_domain_name {
     # count the number of dots in the domain name
     dots=${TEST_DOMAIN_NAME//[^.]}
     no_of_dots=${#dots}
-    if (( $no_of_dots > 3 )); then
+    if (( no_of_dots > 3 )); then
         TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has too many subdomains. It should be of the type w.x.y.z, x.y.z or y.z"
     fi
-    if (( $no_of_dots == 0 )); then
+    if (( no_of_dots == 0 )); then
         TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has no top level domain. It should be of the type w.x.y.z, x.y.z or y.z"
     fi
 }
@@ -74,64 +74,64 @@ function validate_domain_name {
 function nginx_disable_sniffing {
     domain_name=$1
     filename=/etc/nginx/sites-available/$domain_name
-    echo '    add_header X-Frame-Options DENY;' >> $filename
-    echo '    add_header X-Content-Type-Options nosniff;' >> $filename
-    echo '' >> $filename
+    { echo '    add_header X-Frame-Options DENY;';
+      echo '    add_header X-Content-Type-Options nosniff;';
+      echo ''; } >> "$filename"
 }
 
 function nginx_limits {
     domain_name=$1
     max_body='20m'
-    if [ $2 ]; then
+    if [ "$2" ]; then
         max_body=$2
     fi
     filename=/etc/nginx/sites-available/$domain_name
-    echo "    client_max_body_size ${max_body};" >> $filename
-    echo '    client_body_buffer_size 128k;' >> $filename
-    echo '' >> $filename
-    echo '    limit_conn conn_limit_per_ip 10;' >> $filename
-    echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> $filename
-    echo '' >> $filename
+    { echo "    client_max_body_size ${max_body};";
+      echo '    client_body_buffer_size 128k;';
+      echo '';
+      echo '    limit_conn conn_limit_per_ip 10;';
+      echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;';
+      echo ''; } >> "$filename"
 }
 
 function nginx_stapling {
-    domain_name=$1
+    domain_name="$1"
     filename=/etc/nginx/sites-available/$domain_name
-    echo "    ssl_stapling on;" >> $filename
-    echo '    ssl_stapling_verify on;' >> $filename
-    echo '    ssl_trusted_certificate /etc/ssl/certs/${domain_name}.pem;' >> $filename
-    echo '' >> $filename
+    { echo "    ssl_stapling on;";
+      echo '    ssl_stapling_verify on;';
+      echo "    ssl_trusted_certificate /etc/ssl/certs/${domain_name}.pem;";
+      echo ''; } >> "$filename"
 }
 
 function nginx_http_redirect {
     # redirect port 80 to https
     domain_name=$1
     filename=/etc/nginx/sites-available/$domain_name
-    echo 'server {' > $filename
-    echo '    listen 80;' >> $filename
-    echo '    listen [::]:80;' >> $filename
-    echo "    server_name ${domain_name};" >> $filename
-    echo "    root /var/www/${domain_name}/htdocs;" >> $filename
-    echo '    access_log /dev/null;' >> $filename
-    echo "    error_log /dev/null;" >> $filename
+    { echo 'server {';
+      echo '    listen 80;';
+      echo '    listen [::]:80;';
+      echo "    server_name ${domain_name};";
+      echo "    root /var/www/${domain_name}/htdocs;";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;"; } > "$filename"
     function_check nginx_limits
-    nginx_limits $domain_name
+    nginx_limits "$domain_name"
     if [ ${#2} -gt 0 ]; then
-        echo "    $2;" >> $filename
+        echo "    $2;" >> "$filename"
     fi
-    echo '    rewrite ^ https://$server_name$request_uri? permanent;' >> $filename
-    echo '}' >> $filename
-    echo '' >> $filename
+    { echo "    rewrite ^ https://\$server_name\$request_uri? permanent;";
+      echo '}';
+      echo ''; } >> "$filename"
 }
 
 function nginx_compress {
     domain_name=$1
     filename=/etc/nginx/sites-available/$domain_name
 
-    echo '    gzip            on;' >> $filename
-    echo '    gzip_min_length 1000;' >> $filename
-    echo '    gzip_proxied    expired no-cache no-store private auth;' >> $filename
-    echo '    gzip_types      text/plain application/xml;' >> $filename
+    { echo '    gzip            on;';
+      echo '    gzip_min_length 1000;';
+      echo '    gzip_proxied    expired no-cache no-store private auth;';
+      echo '    gzip_types      text/plain application/xml;'; } >> "$filename"
 }
 
 function nginx_ssl {
@@ -140,40 +140,40 @@ function nginx_ssl {
     mobile_ciphers=$2
     filename=/etc/nginx/sites-available/$domain_name
 
-    echo '    ssl_stapling off;' >> $filename
-    echo '    ssl_stapling_verify off;' >> $filename
-    echo '    ssl on;' >> $filename
-    echo "    ssl_certificate /etc/letsencrypt/live/${domain_name}/fullchain.pem;" >> $filename
-    echo "    ssl_certificate_key /etc/letsencrypt/live/${domain_name}/privkey.pem;" >> $filename
-    echo "    ssl_dhparam /etc/ssl/certs/${domain_name}.dhparam;" >> $filename
-    echo '' >> $filename
-    echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;' >> $filename
-    echo '    ssl_session_timeout 60m;' >> $filename
-    echo '    ssl_prefer_server_ciphers on;' >> $filename
-    echo "    ssl_protocols $SSL_PROTOCOLS;" >> $filename
-    if [ $mobile_ciphers ]; then
-        echo "    # Mobile compatible ciphers" >> $filename
-        echo "    ssl_ciphers '$SSL_CIPHERS_MOBILE';" >> $filename
+    { echo '    ssl_stapling off;';
+      echo '    ssl_stapling_verify off;';
+      echo '    ssl on;';
+      echo "    ssl_certificate /etc/letsencrypt/live/${domain_name}/fullchain.pem;";
+      echo "    ssl_certificate_key /etc/letsencrypt/live/${domain_name}/privkey.pem;";
+      echo "    ssl_dhparam /etc/ssl/certs/${domain_name}.dhparam;";
+      echo '';
+      echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;';
+      echo '    ssl_session_timeout 60m;';
+      echo '    ssl_prefer_server_ciphers on;';
+      echo "    ssl_protocols $SSL_PROTOCOLS;"; } >> "$filename"
+    if [ "$mobile_ciphers" ]; then
+        echo "    # Mobile compatible ciphers" >> "$filename"
+        echo "    ssl_ciphers '$SSL_CIPHERS_MOBILE';" >> "$filename"
     else
-        echo "    ssl_ciphers '$SSL_CIPHERS';" >> $filename
+        echo "    ssl_ciphers '$SSL_CIPHERS';" >> "$filename"
     fi
-    echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";" >> $filename
-    echo '    add_header X-XSS-Protection "1; mode=block";' >> $filename
-    echo '    add_header X-Robots-Tag none;' >> $filename
-    echo '    add_header X-Download-Options noopen;' >> $filename
-    echo '    add_header X-Permitted-Cross-Domain-Policies none;' >> $filename
+    { echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";";
+      echo '    add_header X-XSS-Protection "1; mode=block";';
+      echo '    add_header X-Robots-Tag none;';
+      echo '    add_header X-Download-Options noopen;';
+      echo '    add_header X-Permitted-Cross-Domain-Policies none;'; } >> "$filename"
 
     #nginx_stapling $1
 }
 
 # check an individual domain name
 function test_domain_name {
-    if [ $1 ]; then
+    if [ "$1" ]; then
         TEST_DOMAIN_NAME=$1
         if [[ $TEST_DOMAIN_NAME != 'ttrss' ]]; then
             function_check validate_domain_name
             validate_domain_name
-            if [[ $TEST_DOMAIN_NAME != $1 ]]; then
+            if [[ "$TEST_DOMAIN_NAME" != "$1" ]]; then
                 echo $"Invalid domain name $TEST_DOMAIN_NAME"
                 exit 8528
             fi
@@ -183,40 +183,40 @@ function test_domain_name {
 
 # Checks whether certificates were generated for the given hostname
 function check_certificates {
-    if [ ! $1 ]; then
+    if [ ! "$1" ]; then
         return
     fi
     USE_LETSENCRYPT='no'
-    if [ $2 ]; then
-        USE_LETSENCRYPT=$2
+    if [ "$2" ]; then
+        USE_LETSENCRYPT="$2"
     fi
     if [[ $USE_LETSENCRYPT == 'no' ]]; then
-        if [ ! -f /etc/ssl/private/${1}.key ]; then
+        if [ ! -f "/etc/ssl/private/${1}.key" ]; then
             echo $"Private certificate for ${CHECK_HOSTNAME} was not created"
             exit 63959
         fi
-        if [ ! -f /etc/ssl/certs/${1}.crt ]; then
+        if [ ! -f "/etc/ssl/certs/${1}.crt" ]; then
             echo $"Public certificate for ${CHECK_HOSTNAME} was not created"
             exit 7679
         fi
 
-        if grep -q "${1}.pem" /etc/nginx/sites-available/${1}; then
-            sed -i "s|${1}.pem|${1}.crt|g" /etc/nginx/sites-available/${1}
+        if grep -q "${1}.pem" "/etc/nginx/sites-available/${1}"; then
+            sed -i "s|${1}.pem|${1}.crt|g" "/etc/nginx/sites-available/${1}"
         fi
     else
-        if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then
+        if [ ! -f "/etc/letsencrypt/live/${1}/privkey.pem" ]; then
             echo $"Private certificate for ${CHECK_HOSTNAME} was not created"
             exit 6282
         fi
-        if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then
+        if [ ! -f "/etc/letsencrypt/live/${1}/fullchain.pem" ]; then
             echo $"Public certificate for ${CHECK_HOSTNAME} was not created"
             exit 5328
         fi
-        if grep -q "${1}.crt" /etc/nginx/sites-available/${1}; then
-            sed -i "s|${1}.crt|${1}.pem|g" /etc/nginx/sites-available/${1}
+        if grep -q "${1}.crt" "/etc/nginx/sites-available/${1}"; then
+            sed -i "s|${1}.crt|${1}.pem|g" "/etc/nginx/sites-available/${1}"
         fi
     fi
-    if [ ! -f /etc/ssl/certs/${1}.dhparam ]; then
+    if [ ! -f "/etc/ssl/certs/${1}.dhparam" ]; then
         echo $"Diffie–Hellman parameters for ${CHECK_HOSTNAME} were not created"
         exit 5989
     fi
@@ -224,13 +224,13 @@ function check_certificates {
 
 function cert_exists {
     cert_type='dhparam'
-    if [ $2 ]; then
+    if [ "$2" ]; then
         cert_type="$2"
     fi
-    if [ -f /etc/ssl/certs/${1}.${cert_type} ]; then
+    if [ -f "/etc/ssl/certs/${1}.${cert_type}" ]; then
         echo "1"
     else
-        if [ -f /etc/letsencrypt/live/${1}/fullchain.${cert_type} ]; then
+        if [ -f "/etc/letsencrypt/live/${1}/fullchain.${cert_type}" ]; then
             echo "1"
         else
             echo "0"
@@ -239,23 +239,22 @@ function cert_exists {
 }
 
 function create_self_signed_cert {
-    ${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH}
+    "${PROJECT_NAME}-addcert" -h "${SITE_DOMAIN_NAME}" --dhkey "${DH_KEYLENGTH}"
     function_check check_certificates
-    check_certificates ${SITE_DOMAIN_NAME}
+    check_certificates "${SITE_DOMAIN_NAME}"
 }
 
 function create_letsencrypt_cert {
-    ${PROJECT_NAME}-addcert -e ${SITE_DOMAIN_NAME} -s ${LETSENCRYPT_SERVER} --dhkey ${DH_KEYLENGTH} --email ${MY_EMAIL_ADDRESS}
-    if [ ! "$?" = "0" ]; then
+    if ! "${PROJECT_NAME}-addcert" -e "${SITE_DOMAIN_NAME}" -s "${LETSENCRYPT_SERVER}" --dhkey "${DH_KEYLENGTH}" --email "${MY_EMAIL_ADDRESS}"; then
         if [[ ${NO_SELF_SIGNED} == 'no' ]]; then
             echo $"Lets Encrypt failed for ${SITE_DOMAIN_NAME}, so try making a self-signed cert"
-            ${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH}
+            "${PROJECT_NAME}-addcert" -h "${SITE_DOMAIN_NAME}" --dhkey "${DH_KEYLENGTH}"
             function_check check_certificates
-            check_certificates ${SITE_DOMAIN_NAME}
+            check_certificates "${SITE_DOMAIN_NAME}"
         else
             echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
-            if [ -f /etc/nginx/sites-available/$SITE_DOMAIN_NAME ]; then
-                nginx_dissite $SITE_DOMAIN_NAME
+            if [ -f "/etc/nginx/sites-available/$SITE_DOMAIN_NAME" ]; then
+                nginx_dissite "$SITE_DOMAIN_NAME"
                 systemctl restart nginx
             fi
             exit 682529
@@ -264,7 +263,7 @@ function create_letsencrypt_cert {
     fi
 
     function_check check_certificates
-    check_certificates ${SITE_DOMAIN_NAME} 'yes'
+    check_certificates "${SITE_DOMAIN_NAME}" 'yes'
 }
 
 function create_site_certificate {
@@ -272,12 +271,12 @@ function create_site_certificate {
 
     # if yes then only "valid" certs are allowed, not self-signed
     NO_SELF_SIGNED='no'
-    if [ $2 ]; then
+    if [ "$2" ]; then
         NO_SELF_SIGNED="$2"
     fi
 
     if [[ $ONION_ONLY == "no" ]]; then
-        if [[ "$(cert_exists ${SITE_DOMAIN_NAME})" == "0" ]]; then
+        if [[ "$(cert_exists "${SITE_DOMAIN_NAME}")" == "0" ]]; then
             if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
                 create_self_signed_cert
             else
@@ -285,7 +284,7 @@ function create_site_certificate {
             fi
         else
             if [[ $LETSENCRYPT_ENABLED == "yes" ]]; then
-                if [[ "$(cert_exists ${SITE_DOMAIN_NAME} pem)" == "0" ]]; then
+                if [[ "$(cert_exists "${SITE_DOMAIN_NAME}" pem)" == "0" ]]; then
                     create_letsencrypt_cert
                 fi
             fi
@@ -305,42 +304,42 @@ function letsencrypt_renewals {
     renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
 
     # the main script tries to renew once per month
-    echo '#!/bin/bash' > $renewals_script
-    echo '' >> $renewals_script
-    echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script
-    echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script
-    echo '' >> $renewals_script
-    echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script
-    echo '    if [ -f ~/letsencrypt_failed ]; then' >> $renewals_script
-    echo '        rm ~/letsencrypt_failed' >> $renewals_script
-    echo '    fi' >> $renewals_script
-    echo -n '    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script
-    echo -n "awk -F ':' '{print " >> $renewals_script
-    echo -n '$2' >> $renewals_script
-    echo "}')" >> $renewals_script
-    echo '    ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_script
-    echo '    for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_script
-    echo -n '        LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_script
-    echo -n "awk -F '/' '{print " >> $renewals_script
-    echo -n '$5' >> $renewals_script
-    echo "}')" >> $renewals_script
-    echo '        if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_script
-    echo '            ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_script
-    echo '            if [ ! "$?" = "0" ]; then' >> $renewals_script
-    echo "                echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_script
-    echo '                echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_script
-    echo '                ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_script
-    echo -n "                cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script
-    echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script
-    echo '                rm ~/temp_renewletsencrypt.txt' >> $renewals_script
-    echo '                if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_script
-    echo '                    touch ~/letsencrypt_failed' >> $renewals_script
-    echo '                fi' >> $renewals_script
-    echo '            fi' >> $renewals_script
-    echo '        fi' >> $renewals_script
-    echo '    done' >> $renewals_script
-    echo 'fi' >> $renewals_script
-    chmod +x $renewals_script
+    { echo '#!/bin/bash';
+      echo '';
+      echo "PROJECT_NAME='${PROJECT_NAME}'";
+      echo "COMPLETION_FILE=\$HOME/\${PROJECT_NAME}-completed.txt";
+      echo '';
+      echo 'if [ -d /etc/letsencrypt ]; then';
+      echo '    if [ -f ~/letsencrypt_failed ]; then';
+      echo '        rm ~/letsencrypt_failed';
+      echo '    fi';
+      echo -n "    ADMIN_USERNAME=\$(cat \$COMPLETION_FILE | grep \"Admin user\" | ";
+      echo -n "awk -F ':' '{print ";
+      echo -n "\$2";
+      echo "}')";
+      echo "    ADMIN_EMAIL_ADDRESS=\$ADMIN_USERNAME@\$HOSTNAME";
+      echo '    for d in /etc/letsencrypt/live/*/ ; do';
+      echo -n "        LETSENCRYPT_DOMAIN=\$(echo \"\$d\" | ";
+      echo -n "awk -F '/' '{print ";
+      echo -n "\$5";
+      echo "}')";
+      echo "        if [ -f /etc/nginx/sites-available/\$LETSENCRYPT_DOMAIN ]; then";
+      echo "            \${PROJECT_NAME}-renew-cert -h \$LETSENCRYPT_DOMAIN -p letsencrypt";
+      echo '            if [ ! "$?" = "0" ]; then';
+      echo "                echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt";
+      echo '                echo "" >> ~/temp_renewletsencrypt.txt';
+      echo "                \${PROJECT_NAME}-renew-cert -h \$LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt";
+      echo -n "                cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" ";
+      echo "\$ADMIN_EMAIL_ADDRESS";
+      echo '                rm ~/temp_renewletsencrypt.txt';
+      echo '                if [ ! -f ~/letsencrypt_failed ]; then';
+      echo '                    touch ~/letsencrypt_failed';
+      echo '                fi';
+      echo '            fi';
+      echo '        fi';
+      echo '    done';
+      echo 'fi'; } > "$renewals_script"
+    chmod +x "$renewals_script"
 
     if [ ! -f /etc/cron.monthly/letsencrypt ]; then
         cp $renewals_script /etc/cron.monthly/letsencrypt
@@ -354,42 +353,42 @@ function letsencrypt_renewals {
     rm $renewals_script
 
     # a secondary script keeps trying to renew after a failure
-    echo '#!/bin/bash' > $renewals_retry_script
-    echo '' >> $renewals_retry_script
-    echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_retry_script
-    echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_retry_script
-    echo '' >> $renewals_retry_script
-    echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_retry_script
-    echo '    if [ -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
-    echo '        rm ~/letsencrypt_failed' >> $renewals_retry_script
-    echo -n '        ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_retry_script
-    echo -n "awk -F ':' '{print " >> $renewals_retry_script
-    echo -n '$2' >> $renewals_retry_script
-    echo "}')" >> $renewals_retry_script
-    echo '        ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_retry_script
-    echo '        for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_retry_script
-    echo -n '            LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_retry_script
-    echo -n "awk -F '/' '{print " >> $renewals_retry_script
-    echo -n '$5' >> $renewals_retry_script
-    echo "}')" >> $renewals_retry_script
-    echo '            if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_retry_script
-    echo '                ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_retry_script
-    echo '                if [ ! "$?" = "0" ]; then' >> $renewals_retry_script
-    echo "                    echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_retry_script
-    echo '                    echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
-    echo '                    ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
-    echo -n "                    cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_retry_script
-    echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_retry_script
-    echo '                    rm ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
-    echo '                    if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
-    echo '                        touch ~/letsencrypt_failed' >> $renewals_retry_script
-    echo '                    fi' >> $renewals_retry_script
-    echo '                fi' >> $renewals_retry_script
-    echo '            fi' >> $renewals_retry_script
-    echo '        done' >> $renewals_retry_script
-    echo '    fi' >> $renewals_retry_script
-    echo 'fi' >> $renewals_retry_script
-    chmod +x $renewals_retry_script
+    { echo '#!/bin/bash';
+      echo '';
+      echo "PROJECT_NAME='${PROJECT_NAME}'";
+      echo "COMPLETION_FILE=\$HOME/\${PROJECT_NAME}-completed.txt";
+      echo '';
+      echo 'if [ -d /etc/letsencrypt ]; then';
+      echo '    if [ -f ~/letsencrypt_failed ]; then';
+      echo '        rm ~/letsencrypt_failed';
+      echo -n "        ADMIN_USERNAME=\$(cat \$COMPLETION_FILE | grep \"Admin user\" | ";
+      echo -n "awk -F ':' '{print ";
+      echo -n "\$2";
+      echo "}')";
+      echo "        ADMIN_EMAIL_ADDRESS=\$ADMIN_USERNAME@\$HOSTNAME";
+      echo '        for d in /etc/letsencrypt/live/*/ ; do';
+      echo -n "            LETSENCRYPT_DOMAIN=\$(echo \"\$d\" | ";
+      echo -n "awk -F '/' '{print ";
+      echo -n "\$5";
+      echo "}')";
+      echo "            if [ -f /etc/nginx/sites-available/\$LETSENCRYPT_DOMAIN ]; then";
+      echo "                \${PROJECT_NAME}-renew-cert -h \$LETSENCRYPT_DOMAIN -p letsencrypt";
+      echo '                if [ ! "$?" = "0" ]; then';
+      echo "                    echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt";
+      echo '                    echo "" >> ~/temp_renewletsencrypt.txt';
+      echo "                    \${PROJECT_NAME}-renew-cert -h \$LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt";
+      echo -n "                    cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" ";
+      echo "\$ADMIN_EMAIL_ADDRESS";
+      echo '                    rm ~/temp_renewletsencrypt.txt';
+      echo '                    if [ ! -f ~/letsencrypt_failed ]; then';
+      echo '                        touch ~/letsencrypt_failed';
+      echo '                    fi';
+      echo '                fi';
+      echo '            fi';
+      echo '        done';
+      echo '    fi';
+      echo 'fi'; } > "$renewals_retry_script"
+    chmod +x "$renewals_retry_script"
 
     if [ ! -f /etc/cron.daily/letsencrypt ]; then
         cp $renewals_retry_script /etc/cron.daily/letsencrypt
@@ -413,10 +412,10 @@ function configure_php {
 
 function install_web_server_access_control {
     if [ ! -f /etc/pam.d/nginx ]; then
-        echo '#%PAM-1.0' > /etc/pam.d/nginx
-        echo '@include common-auth' >> /etc/pam.d/nginx
-        echo '@include common-account' >> /etc/pam.d/nginx
-        echo '@include common-session' >> /etc/pam.d/nginx
+        { echo '#%PAM-1.0';
+          echo '@include common-auth';
+          echo '@include common-account';
+          echo '@include common-session'; } > /etc/pam.d/nginx
     fi
 }
 
@@ -435,7 +434,7 @@ function install_dynamicdns {
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/inadyn "inadyn commit" "$INADYN_COMMIT" $INADYN_REPO
+    set_repo_commit "$INSTALL_DIR/inadyn" "inadyn commit" "$INADYN_COMMIT" "$INADYN_REPO"
 
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
@@ -448,36 +447,33 @@ function install_dynamicdns {
     # https version 1.99.8
 
     apt-get -yq install build-essential curl libgnutls28-dev automake1.11
-    if [ ! -d $INSTALL_DIR/inadyn ]; then
+    if [ ! -d "$INSTALL_DIR/inadyn" ]; then
         if [ -d /repos/inadyn ]; then
-            mkdir $INSTALL_DIR/inadyn
-            cp -r -p /repos/inadyn/. $INSTALL_DIR/inadyn
-            cd $INSTALL_DIR/inadyn
+            mkdir "$INSTALL_DIR/inadyn"
+            cp -r -p /repos/inadyn/. "$INSTALL_DIR/inadyn"
+            cd "$INSTALL_DIR/inadyn" || exit 2462874684
             git pull
         else
-            git_clone $INADYN_REPO $INSTALL_DIR/inadyn
+            git_clone "$INADYN_REPO" "$INSTALL_DIR/inadyn"
         fi
     fi
-    if [ ! -d $INSTALL_DIR/inadyn ]; then
+    if [ ! -d "$INSTALL_DIR/inadyn" ]; then
         echo 'inadyn repo not cloned'
         echo -n | openssl s_client -showcerts -connect github.com:443 -CApath /etc/ssl/certs
         exit 6785
     fi
-    cd $INSTALL_DIR/inadyn
-    git checkout $INADYN_COMMIT -b $INADYN_COMMIT
+    cd "$INSTALL_DIR/inadyn" || exit 246824684
+    git checkout "$INADYN_COMMIT" -b "$INADYN_COMMIT"
     set_completion_param "inadyn commit" "$INADYN_COMMIT"
 
     #./autogen.sh
-    ./configure
-    if [ ! "$?" = "0" ]; then
+    if ! ./configure; then
         exit 74890
     fi
-    USE_OPENSSL=1 make
-    if [ ! "$?" = "0" ]; then
+    if ! USE_OPENSSL=1 make; then
         exit 74858
     fi
-    make install
-    if [ ! "$?" = "0" ]; then
+    if ! make install; then
         exit 3785
     fi
 
@@ -489,25 +485,25 @@ function install_dynamicdns {
     #chmod 0000 /etc/gshadow
 
     # create a configuration file
-    echo 'background' > /etc/inadyn.conf
-    echo 'verbose        1' >> /etc/inadyn.conf
-    echo 'period         300' >> /etc/inadyn.conf
-    echo 'startup-delay  60' >> /etc/inadyn.conf
-    echo 'cache-dir      /run/inadyn' >> /etc/inadyn.conf
-    echo 'logfile        /dev/null' >> /etc/inadyn.conf
+    { echo 'background';
+      echo 'verbose        1';
+      echo 'period         300';
+      echo 'startup-delay  60';
+      echo 'cache-dir      /run/inadyn';
+      echo 'logfile        /dev/null'; } > /etc/inadyn.conf
     chmod 600 /etc/inadyn.conf
 
-    echo '[Unit]' > /etc/systemd/system/inadyn.service
-    echo 'Description=inadyn (DynDNS updater)' >> /etc/systemd/system/inadyn.service
-    echo 'After=network.target' >> /etc/systemd/system/inadyn.service
-    echo '' >> /etc/systemd/system/inadyn.service
-    echo '[Service]' >> /etc/systemd/system/inadyn.service
-    echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf' >> /etc/systemd/system/inadyn.service
-    echo 'Restart=always' >> /etc/systemd/system/inadyn.service
-    echo 'Type=forking' >> /etc/systemd/system/inadyn.service
-    echo '' >> /etc/systemd/system/inadyn.service
-    echo '[Install]' >> /etc/systemd/system/inadyn.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/inadyn.service
+    { echo '[Unit]';
+      echo 'Description=inadyn (DynDNS updater)';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf';
+      echo 'Restart=always';
+      echo 'Type=forking';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/inadyn.service
     systemctl enable inadyn
     systemctl start inadyn
     systemctl daemon-reload
@@ -519,18 +515,18 @@ function update_default_search_engine {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-            if ! grep -q "WWW_HOME" /home/$USERNAME/.bashrc; then
-                if ! grep -q 'controluser' /home/$USERNAME/.bashrc; then
-                    if ! grep -q 'export WWW_HOME=' /home/$USERNAME/.bashrc; then
-                        echo "export WWW_HOME=$DEFAULT_SEARCH" >> /home/$USERNAME/.bashrc
+            if ! grep -q "WWW_HOME" "/home/$USERNAME/.bashrc"; then
+                if ! grep -q 'controluser' "/home/$USERNAME/.bashrc"; then
+                    if ! grep -q 'export WWW_HOME=' "/home/$USERNAME/.bashrc"; then
+                        echo "export WWW_HOME=$DEFAULT_SEARCH" >> "/home/$USERNAME/.bashrc"
                     else
-                        sed -i "s|export WWW_HOME=.*|export WWW_HOME=$DEFAULT_SEARCH|g" /home/$USERNAME/.bashrc
+                        sed -i "s|export WWW_HOME=.*|export WWW_HOME=$DEFAULT_SEARCH|g" "/home/$USERNAME/.bashrc"
                     fi
                 else
-                    if ! grep -q 'export WWW_HOME=' /home/$USERNAME/.bashrc; then
-                        sed -i "/controluser/i export WWW_HOME=$DEFAULT_SEARCH" /home/$USERNAME/.bashrc
+                    if ! grep -q 'export WWW_HOME=' "/home/$USERNAME/.bashrc"; then
+                        sed -i "/controluser/i export WWW_HOME=$DEFAULT_SEARCH" "/home/$USERNAME/.bashrc"
                     else
-                        sed -i "s|export WWW_HOME=.*|export WWW_HOME=$DEFAULT_SEARCH|g" /home/$USERNAME/.bashrc
+                        sed -i "s|export WWW_HOME=.*|export WWW_HOME=$DEFAULT_SEARCH|g" "/home/$USERNAME/.bashrc"
                     fi
                 fi
             fi
@@ -550,27 +546,28 @@ function install_command_line_browser {
 
 function mesh_web_server {
     if [ -d /etc/apache2 ]; then
+        # shellcheck disable=SC2154
         chroot "$rootdir" apt-get -yq remove --purge apache2
         chroot "$rootdir" rm -rf /etc/apache2
     fi
 
     chroot "$rootdir" apt-get -yq install nginx
 
-    if [ ! -d $rootdir/etc/nginx ]; then
+    if [ ! -d "$rootdir/etc/nginx" ]; then
         echo $'Unable to install web server'
         exit 346825
     fi
 }
 
 function install_web_server {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
         mesh_web_server
         return
     fi
 
     # update to the next commit
     function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/nginx_ensite "nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO
+    set_repo_commit "$INSTALL_DIR/nginx_ensite" "nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO
 
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
         return
@@ -600,12 +597,12 @@ function install_web_server {
     sed -i 's|process_control_timeout.*|process_control_timeout = 10s|g' /etc/php/7.0/fpm/php-fpm.conf
 
     if ! grep -q "pm.max_children" /etc/php/7.0/fpm/php-fpm.conf; then
-        echo 'pm = static' >> /etc/php/7.0/fpm/php-fpm.conf
-        echo 'pm.max_children = 10' >> /etc/php/7.0/fpm/php-fpm.conf
-        echo 'pm.start_servers = 2' >> /etc/php/7.0/fpm/php-fpm.conf
-        echo 'pm.min_spare_servers = 2' >> /etc/php/7.0/fpm/php-fpm.conf
-        echo 'pm.max_spare_servers = 5' >> /etc/php/7.0/fpm/php-fpm.conf
-        echo 'pm.max_requests = 10' >> /etc/php/7.0/fpm/php-fpm.conf
+        { echo 'pm = static';
+          echo 'pm.max_children = 10';
+          echo 'pm.start_servers = 2';
+          echo 'pm.min_spare_servers = 2';
+          echo 'pm.max_spare_servers = 5';
+          echo 'pm.max_requests = 10'; } >> /etc/php/7.0/fpm/php-fpm.conf
     fi
     if ! grep -q "request_terminate_timeout" /etc/php/7.0/fpm/php-fpm.conf; then
         echo 'request_terminate_timeout = 30' >> /etc/php/7.0/fpm/php-fpm.conf
@@ -620,91 +617,91 @@ function install_web_server {
     fi
 
     # Nginx settings
-    echo 'user www-data;' > /etc/nginx/nginx.conf
-    #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf
-    echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo 'events {' >> /etc/nginx/nginx.conf
-    echo '        worker_connections 50;' >> /etc/nginx/nginx.conf
-    echo '        # multi_accept on;' >> /etc/nginx/nginx.conf
-    echo '}' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo 'http {' >> /etc/nginx/nginx.conf
-    echo '        # limit the number of connections per single IP' >> /etc/nginx/nginx.conf
-    echo '        limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        # limit the number of requests for a given session' >> /etc/nginx/nginx.conf
-    echo '        limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf
-    echo '        client_body_buffer_size  128k;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf
-    echo '        client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf
-    echo '        large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf
-    echo '        client_body_timeout   3m;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf
-    echo '        client_header_timeout 3m;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        ##' >> /etc/nginx/nginx.conf
-    echo '        # Basic Settings' >> /etc/nginx/nginx.conf
-    echo '        ##' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        sendfile on;' >> /etc/nginx/nginx.conf
-    echo '        tcp_nopush on;' >> /etc/nginx/nginx.conf
-    echo '        tcp_nodelay on;' >> /etc/nginx/nginx.conf
-    echo '        keepalive_timeout 65;' >> /etc/nginx/nginx.conf
-    echo '        types_hash_max_size 2048;' >> /etc/nginx/nginx.conf
-    echo '        server_tokens off;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf
-    echo '        # server_name_in_redirect off;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf
-    echo '        default_type application/octet-stream;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        ##' >> /etc/nginx/nginx.conf
-    echo '        # Logging Settings' >> /etc/nginx/nginx.conf
-    echo '        ##' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        access_log /dev/null;' >> /etc/nginx/nginx.conf
-    echo '        error_log /dev/null;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        ###' >> /etc/nginx/nginx.conf
-    echo '        # Gzip Settings' >> /etc/nginx/nginx.conf
-    echo '        ##' >> /etc/nginx/nginx.conf
-    echo '        gzip on;' >> /etc/nginx/nginx.conf
-    echo '        gzip_disable "msie6";' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        # gzip_vary on;' >> /etc/nginx/nginx.conf
-    echo '        # gzip_proxied any;' >> /etc/nginx/nginx.conf
-    echo '        # gzip_comp_level 6;' >> /etc/nginx/nginx.conf
-    echo '        # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf
-    echo '        # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf
-    echo '        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        ##' >> /etc/nginx/nginx.conf
-    echo '        # Virtual Host Configs' >> /etc/nginx/nginx.conf
-    echo '        ##' >> /etc/nginx/nginx.conf
-    echo '' >> /etc/nginx/nginx.conf
-    echo '        include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf
-    echo '        include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf
-    echo '}' >> /etc/nginx/nginx.conf
+    { echo 'user www-data;';
+      #echo "worker_processes; $CPU_CORES";
+      echo 'pid /run/nginx.pid;';
+      echo '';
+      echo 'events {';
+      echo '        worker_connections 50;';
+      echo '        # multi_accept on;';
+      echo '}';
+      echo '';
+      echo 'http {';
+      echo '        # limit the number of connections per single IP';
+      echo "        limit_conn_zone \$binary_remote_addr zone=conn_limit_per_ip:10m;";
+      echo '';
+      echo '        # limit the number of requests for a given session';
+      echo "        limit_req_zone \$binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;";
+      echo '';
+      echo '        # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file';
+      echo '        client_body_buffer_size  128k;';
+      echo '';
+      echo '        # headerbuffer size for the request header from client, its set for testing purpose';
+      echo '        client_header_buffer_size 3m;';
+      echo '';
+      echo '        # maximum number and size of buffers for large headers to read from client request';
+      echo '        large_client_header_buffers 4 256k;';
+      echo '';
+      echo '        # read timeout for the request body from client, its set for testing purpose';
+      echo '        client_body_timeout   3m;';
+      echo '';
+      echo '        # how long to wait for the client to send a request header, its set for testing purpose';
+      echo '        client_header_timeout 3m;';
+      echo '';
+      echo '        ##';
+      echo '        # Basic Settings';
+      echo '        ##';
+      echo '';
+      echo '        sendfile on;';
+      echo '        tcp_nopush on;';
+      echo '        tcp_nodelay on;';
+      echo '        keepalive_timeout 65;';
+      echo '        types_hash_max_size 2048;';
+      echo '        server_tokens off;';
+      echo '';
+      echo '        # server_names_hash_bucket_size 64;';
+      echo '        # server_name_in_redirect off;';
+      echo '';
+      echo '        include /etc/nginx/mime.types;';
+      echo '        default_type application/octet-stream;';
+      echo '';
+      echo '        ##';
+      echo '        # Logging Settings';
+      echo '        ##';
+      echo '';
+      echo '        access_log /dev/null;';
+      echo '        error_log /dev/null;';
+      echo '';
+      echo '        ###';
+      echo '        # Gzip Settings';
+      echo '        ##';
+      echo '        gzip on;';
+      echo '        gzip_disable "msie6";';
+      echo '';
+      echo '        # gzip_vary on;';
+      echo '        # gzip_proxied any;';
+      echo '        # gzip_comp_level 6;';
+      echo '        # gzip_buffers 16 8k;';
+      echo '        # gzip_http_version 1.1;';
+      echo '        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;';
+      echo '';
+      echo '        ##';
+      echo '        # Virtual Host Configs';
+      echo '        ##';
+      echo '';
+      echo '        include /etc/nginx/conf.d/*.conf;';
+      echo '        include /etc/nginx/sites-enabled/*;';
+      echo '}'; } > /etc/nginx/nginx.conf
 
     # install a script to easily enable and disable nginx virtual hosts
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
     fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 2798462846827
     function_check git_clone
-    git_clone $NGINX_ENSITE_REPO $INSTALL_DIR/nginx_ensite
-    cd $INSTALL_DIR/nginx_ensite
-    git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT
+    git_clone "$NGINX_ENSITE_REPO" "$INSTALL_DIR/nginx_ensite"
+    cd "$INSTALL_DIR/nginx_ensite" || exit 2468748223
+    git checkout "$NGINX_ENSITE_COMMIT" -b "$NGINX_ENSITE_COMMIT"
 
     set_completion_param "nginx-ensite commit" "$NGINX_ENSITE_COMMIT"
 
@@ -720,24 +717,24 @@ function install_web_server {
 function remove_certs {
     domain_name=$1
 
-    if [ ! $domain_name ]; then
+    if [ ! "$domain_name" ]; then
         return
     fi
 
-    if [ -f /etc/ssl/certs/${domain_name}.dhparam ]; then
-        rm /etc/ssl/certs/${domain_name}.dhparam
+    if [ -f "/etc/ssl/certs/${domain_name}.dhparam" ]; then
+        rm "/etc/ssl/certs/${domain_name}.dhparam"
     fi
 
-    if [ -f /etc/ssl/certs/${domain_name}.pem ]; then
-        rm /etc/ssl/certs/${domain_name}.pem
+    if [ -f "/etc/ssl/certs/${domain_name}.pem" ]; then
+        rm "/etc/ssl/certs/${domain_name}.pem"
     fi
 
-    if [ -f /etc/ssl/certs/${domain_name}.crt ]; then
-        rm /etc/ssl/certs/${domain_name}.crt
+    if [ -f "/etc/ssl/certs/${domain_name}.crt" ]; then
+        rm "/etc/ssl/certs/${domain_name}.crt"
     fi
 
-    if [ -f /etc/ssl/private/${domain_name}.key ]; then
-        rm /etc/ssl/private/${domain_name}.key
+    if [ -f "/etc/ssl/private/${domain_name}.key" ]; then
+        rm "/etc/ssl/private/${domain_name}.key"
     fi
 }
 
@@ -761,7 +758,7 @@ function update_default_domain {
     echo $'Updating default domain'
     if [[ $ONION_ONLY == 'no' ]]; then
         if [ -f /etc/mumble-server.ini ]; then
-            if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+            if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
                 if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
                     sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
                     sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
@@ -783,7 +780,7 @@ function update_default_domain {
             fi
             cp /etc/ssl/private/xmpp* /etc/prosody/certs
             cp /etc/ssl/certs/xmpp* /etc/prosody/certs
-            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+            if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
                 usermod -a -G ssl-cert prosody
                 if grep -q "/etc/prosody/certs/xmpp.key" /etc/prosody/conf.avail/xmpp.cfg.lua; then
                     sed -i "s|/etc/prosody/certs/xmpp.key|/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
@@ -819,9 +816,9 @@ function update_default_domain {
             chown -R prosody:default /etc/prosody
             chmod -R 700 /etc/prosody/certs/*
             chmod 600 /etc/prosody/prosody.cfg.lua
-            if [ -d $INSTALL_DIR/prosody-modules ]; then
-                cp -r $INSTALL_DIR/prosody-modules/* /var/lib/prosody/prosody-modules/
-                cp -r $INSTALL_DIR/prosody-modules/* /usr/lib/prosody/modules/
+            if [ -d "$INSTALL_DIR/prosody-modules" ]; then
+                cp -r "$INSTALL_DIR/prosody-modules/*" /var/lib/prosody/prosody-modules/
+                cp -r "$INSTALL_DIR/prosody-modules/*" /usr/lib/prosody/modules/
             fi
             chown -R prosody:prosody /var/lib/prosody/prosody-modules
             chown -R prosody:prosody /usr/lib/prosody/modules
@@ -830,9 +827,9 @@ function update_default_domain {
 
         if [ -d /home/znc/.znc ]; then
             echo $'znc found'
-            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+            if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
                 pkill znc
-                cat /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key > /home/znc/.znc/znc.pem
+                cat "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" "/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" > /home/znc/.znc/znc.pem
                 chown znc:znc /home/znc/.znc/znc.pem
                 chmod 700 /home/znc/.znc/znc.pem
 
@@ -847,7 +844,7 @@ function update_default_domain {
         fi
 
         if [ ${#DEFAULT_DOMAIN_NAME} -gt 0 ]; then
-            if [ -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+            if [ -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
                 if [ -d /etc/dovecot ]; then
                     if ! grep -q "ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/dovecot/conf.d/10-ssl.conf; then
                         sed -i "s|#ssl_cert =.*|ssl_cert = </etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem|g" /etc/dovecot/conf.d/10-ssl.conf
@@ -858,7 +855,7 @@ function update_default_domain {
 
                 if [ -d /etc/exim4 ]; then
                     # Unfortunately there doesn't appear to be any other way than copying certs here
-                    cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem /etc/exim4/
+                    cp "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/{fullchain,privkey}.pem" /etc/exim4/
                     chown root:Debian-exim /etc/exim4/*.pem
                     chmod 640 /etc/exim4/*.pem
 
@@ -875,17 +872,17 @@ function update_default_domain {
 }
 
 function create_default_web_site {
-    if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then
+    if [ ! -f "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" ]; then
         # create a web site for the default domain
-        if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
-            mkdir -p /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
-            if [ -d /root/${PROJECT_NAME} ]; then
-                cd /root/${PROJECT_NAME}/website
-                ./deploy.sh EN /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
+        if [ ! -d "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs" ]; then
+            mkdir -p "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs"
+            if [ -d "/root/${PROJECT_NAME}" ]; then
+                cd "/root/${PROJECT_NAME}/website" || exit 24687246468
+                ./deploy.sh EN "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs"
             else
-                if [ -d /home/${MY_USERNAME}/${PROJECT_NAME} ]; then
-                    cd /home/${MY_USERNAME}/${PROJECT_NAME}
-                    ./deploy.sh EN /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
+                if [ -d "/home/${MY_USERNAME}/${PROJECT_NAME}" ]; then
+                    cd "/home/${MY_USERNAME}/${PROJECT_NAME}" || exit 2462874624
+                    ./deploy.sh EN "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs"
                 fi
             fi
         fi
@@ -894,94 +891,93 @@ function create_default_web_site {
         nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME
         if [[ $ONION_ONLY == "no" ]]; then
             function_check nginx_http_redirect
-            nginx_http_redirect $DEFAULT_DOMAIN_NAME
-            echo 'server {' >> $nginx_site
-            echo '  listen 443 ssl;' >> $nginx_site
-            echo '  #listen [::]:443 ssl;' >> $nginx_site
-            echo "  server_name $DEFAULT_DOMAIN_NAME;" >> $nginx_site
-            echo '' >> $nginx_site
-            echo '  # Security' >> $nginx_site
+            nginx_http_redirect "$DEFAULT_DOMAIN_NAME"
+            { echo 'server {';
+              echo '  listen 443 ssl;';
+              echo '  #listen [::]:443 ssl;';
+              echo "  server_name $DEFAULT_DOMAIN_NAME;";
+              echo '';
+              echo '  # Security'; } >> "$nginx_site"
             function_check nginx_ssl
-            nginx_ssl $DEFAULT_DOMAIN_NAME mobile
+            nginx_ssl "$DEFAULT_DOMAIN_NAME" mobile
 
             function_check nginx_disable_sniffing
-            nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
+            nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
 
-            echo '  add_header Strict-Transport-Security max-age=15768000;' >> $nginx_site
-            echo '' >> $nginx_site
-            echo '  # Logs' >> $nginx_site
-            echo '  access_log /dev/null;' >> $nginx_site
-            echo '  error_log /dev/null;' >> $nginx_site
-            echo '' >> $nginx_site
-            echo '  # Root' >> $nginx_site
-            echo "  root /var/www/$DEFAULT_DOMAIN_NAME/htdocs;" >> $nginx_site
-            echo '' >> $nginx_site
-            echo '  # Index' >> $nginx_site
-            echo '  index index.html;' >> $nginx_site
-            echo '' >> $nginx_site
-            echo '  # Location' >> $nginx_site
-            echo '  location / {' >> $nginx_site
+            { echo '  add_header Strict-Transport-Security max-age=15768000;';
+              echo '';
+              echo '  # Logs';
+              echo '  access_log /dev/null;';
+              echo '  error_log /dev/null;';
+              echo '';
+              echo '  # Root';
+              echo "  root /var/www/$DEFAULT_DOMAIN_NAME/htdocs;";
+              echo '';
+              echo '  # Index';
+              echo '  index index.html;';
+              echo '';
+              echo '  # Location';
+              echo '  location / {'; } >> "$nginx_site"
             function_check nginx_limits
-            nginx_limits $DEFAULT_DOMAIN_NAME '15m'
-            echo '  }' >> $nginx_site
-            echo '' >> $nginx_site
-            echo '  # Restrict access that is unnecessary anyway' >> $nginx_site
-            echo '  location ~ /\.(ht|git) {' >> $nginx_site
-            echo '    deny all;' >> $nginx_site
-            echo '  }' >> $nginx_site
-            echo '}' >> $nginx_site
+            nginx_limits "$DEFAULT_DOMAIN_NAME" '15m'
+            { echo '  }';
+              echo '';
+              echo '  # Restrict access that is unnecessary anyway';
+              echo '  location ~ /\.(ht|git) {';
+              echo '    deny all;';
+              echo '  }';
+              echo '}'; } >> "$nginx_site"
         else
-            echo -n '' > $nginx_site
+            echo -n '' > "$nginx_site"
         fi
-        echo 'server {' >> $nginx_site
-        echo "    listen 127.0.0.1:$DEFAULT_DOMAIN_ONION_PORT default_server;" >> $nginx_site
-        echo "    server_name $DEFAULT_DOMAIN_NAME;" >> $nginx_site
-        echo '' >> $nginx_site
+        { echo 'server {';
+          echo "    listen 127.0.0.1:$DEFAULT_DOMAIN_ONION_PORT default_server;";
+          echo "    server_name $DEFAULT_DOMAIN_NAME;";
+          echo ''; } >> "$nginx_site"
         function_check nginx_disable_sniffing
-        nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
-        echo '' >> $nginx_site
-        echo '  # Logs' >> $nginx_site
-        echo '  access_log /dev/null;' >> $nginx_site
-        echo '  error_log /dev/null;' >> $nginx_site
-        echo '' >> $nginx_site
-        echo '  # Root' >> $nginx_site
-        echo "  root /var/www/$DEFAULT_DOMAIN_NAME/htdocs;" >> $nginx_site
-        echo '' >> $nginx_site
-        echo '  # Location' >> $nginx_site
-        echo '  location / {' >> $nginx_site
+        nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
+        { echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$DEFAULT_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$nginx_site"
         function_check nginx_limits
-        nginx_limits $DEFAULT_DOMAIN_NAME '15m'
-        echo '  }' >> $nginx_site
-        echo '' >> $nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $nginx_site
-        echo '    deny all;' >> $nginx_site
-        echo '  }' >> $nginx_site
-        echo '}' >> $nginx_site
+        nginx_limits "$DEFAULT_DOMAIN_NAME" '15m'
+        { echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}'; } >> "$nginx_site"
 
-        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
             function_check create_site_certificate
-            create_site_certificate $DEFAULT_DOMAIN_NAME 'yes'
+            create_site_certificate "$DEFAULT_DOMAIN_NAME" 'yes'
         fi
 
-        nginx_ensite $DEFAULT_DOMAIN_NAME
+        nginx_ensite "$DEFAULT_DOMAIN_NAME"
     fi
 }
 
 function install_composer {
     # curl -sS https://getcomposer.org/installer | php
-    if [ -f ~/${PROJECT_NAME}/image_build/composer_install ]; then
-        cat ~/${PROJECT_NAME}/image_build/composer_install | php
+    if [ -f "${HOME}/${PROJECT_NAME}/image_build/composer_install" ]; then
+        php < "${HOME}/${PROJECT_NAME}/image_build/composer_install"
     else
-        if [ -f /home/$MY_USERNAME/${PROJECT_NAME}/image_build/composer_install ]; then
-            cat /home/$MY_USERNAME/${PROJECT_NAME}/image_build/composer_install | php
+        if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/image_build/composer_install" ]; then
+            php < "/home/$MY_USERNAME/${PROJECT_NAME}/image_build/composer_install"
         fi
     fi
     if [ -f composer.phar ]; then
         cp composer.phar composer
     fi
-    php composer.phar install
-    if [ ! "$?" = "0" ]; then
+    if ! php composer.phar install; then
         echo $'Unable to run composer install'
         exit 7252198
     fi
@@ -1007,7 +1003,7 @@ function email_install_tls {
         tls_auth_config_file=$tls_config_file
     fi
     if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
-        ${PROJECT_NAME}-addcert -h exim --dhkey $DH_KEYLENGTH
+        "${PROJECT_NAME}-addcert" -h exim --dhkey "$DH_KEYLENGTH"
         check_certificates exim
         cp /etc/ssl/certs/exim.dhparam /etc/exim4
         chown root:Debian-exim /etc/exim4/exim.dhparam
@@ -1015,7 +1011,7 @@ function email_install_tls {
         email_config_changed=1
     fi
     if ! grep -q 'MAIN_TLS_ENABLE = true' $tls_config_file; then
-        sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\MAIN_HARDCODE_PRIMARY_HOSTNAME =\nMAIN_TLS_ENABLE = true" $tls_config_file
+        sed -i "/.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME/i\\MAIN_HARDCODE_PRIMARY_HOSTNAME =\\nMAIN_TLS_ENABLE = true" "$tls_config_file"
         email_config_changed=1
     fi
     if ! grep -q "tls_on_connect_ports=465" $tls_config_file; then
@@ -1026,23 +1022,23 @@ function email_install_tls {
         sed -i '/login_saslauthd_server/,/.endif/ s/# *//' $tls_auth_config_file
         email_config_changed=1
     fi
-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem /etc/exim4/
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
+        cp "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" /etc/exim4/
         chown root:Debian-exim /etc/exim4/*.pem
         chmod 640 /etc/exim4/*.pem
 
         if ! grep -q "MAIN_TLS_CERTIFICATE = /etc/exim4/fullchain.pem" $tls_config_file; then
-            sed -i "/.ifdef MAIN_TLS_CERTKEY/i\MAIN_TLS_CERTIFICATE = /etc/exim4/fullchain.pem" $tls_config_file
+            sed -i "/.ifdef MAIN_TLS_CERTKEY/i\\MAIN_TLS_CERTIFICATE = /etc/exim4/fullchain.pem" $tls_config_file
             email_config_changed=1
         fi
     fi
-    if [ -f /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key ]; then
-        cp /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem /etc/exim4/
+    if [ -f "/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" ]; then
+        cp "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/privkey.pem" /etc/exim4/
         chown root:Debian-exim /etc/exim4/*.pem
         chmod 640 /etc/exim4/*.pem
 
         if ! grep -q "MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem" $tls_config_file; then
-            sed -i "/.ifndef MAIN_TLS_PRIVATEKEY/i\MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem" $tls_config_file
+            sed -i "/.ifndef MAIN_TLS_PRIVATEKEY/i\\MAIN_TLS_PRIVATEKEY = /etc/exim4/privkey.pem" $tls_config_file
             email_config_changed=1
         fi
     fi
@@ -1060,25 +1056,25 @@ function install_web_local_user_interface {
     # TODO
     # This is intended as a placeholder for a potential local web user interface
     # similar to Plinth or the yunohost admin interface
-    local_hostname=$(cat /etc/avahi/avahi-daemon.conf | grep 'host-name' | awk -F '=' '{print $2}').local
+    local_hostname=$(grep 'host-name' /etc/avahi/avahi-daemon.conf | awk -F '=' '{print $2}').local
 
-    mkdir -p /var/www/${local_hostname}/htdocs
-    echo '<html>' > /var/www/${local_hostname}/htdocs/index.html
-    echo '  <body>' >> /var/www/${local_hostname}/htdocs/index.html
-    echo "  This is a test on $local_hostname" >> /var/www/${local_hostname}/htdocs/index.html
-    echo '  </body>' >> /var/www/${local_hostname}/htdocs/index.html
-    echo '</html>' >> /var/www/${local_hostname}/htdocs/index.html
-    chown -R www-data:www-data /var/www/${local_hostname}/htdocs
+    mkdir -p "/var/www/${local_hostname}/htdocs"
+    { echo '<html>';
+      echo '  <body>';
+      echo "  This is a test on $local_hostname";
+      echo '  </body>';
+      echo '</html>'; } > "/var/www/${local_hostname}/htdocs/index.html"
+    chown -R www-data:www-data "/var/www/${local_hostname}/htdocs"
 
     nginx_file=/etc/nginx/sites-available/$local_hostname
-    echo 'server {' > $nginx_file
-    echo '  listen 80;' >> $nginx_file
-    echo '  listen [::]:80;' >> $nginx_file
-    echo "  server_name ${local_hostname};" >> $nginx_file
-    echo "  root /var/www/${local_hostname}/htdocs;" >> $nginx_file
-    echo '  index index.html;' >> $nginx_file
-    echo '}' >> $nginx_file
-    nginx_ensite $local_hostname
+    { echo 'server {';
+      echo '  listen 80;';
+      echo '  listen [::]:80;';
+      echo "  server_name ${local_hostname};";
+      echo "  root /var/www/${local_hostname}/htdocs;";
+      echo '  index index.html;';
+      echo '}'; } > "$nginx_file"
+    nginx_ensite "$local_hostname"
 }
 
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-zram b/src/freedombone-utils-zram
index 1c225804..4c15d100 100755
--- a/src/freedombone-utils-zram
+++ b/src/freedombone-utils-zram
@@ -34,11 +34,11 @@ function enable_zram {
     fi
 
     if [[ $INSTALLED_WITHIN_DOCKER == "yes" || $INSTALLING_ON_BBB != "yes" ]]; then
-        ${PROJECT_NAME}-zram off
+        "${PROJECT_NAME}-zram" off
         return
     fi
 
-    ${PROJECT_NAME}-zram on
+    "${PROJECT_NAME}-zram" on
 
     mark_completed "${FUNCNAME[0]}"
 }

From 44dd4e3ec69e82fa6725657820e55eb8136c2762 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:22:34 +0000
Subject: [PATCH 48/67] Fix static analysis failures

---
 src/freedombone-utils-setup | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup
index 2c45362e..66148ebf 100755
--- a/src/freedombone-utils-setup
+++ b/src/freedombone-utils-setup
@@ -28,23 +28,23 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-if [ ! $PROJECT_NAME ]; then
+if [ ! "$PROJECT_NAME" ]; then
     PROJECT_NAME='freedombone'
 fi
 
-if [ ! $LOCAL_NAME ]; then
+if [ ! "$LOCAL_NAME" ]; then
     LOCAL_NAME=${PROJECT_NAME}
 fi
 
 DEFAULT_DOMAIN_NAME=
 DEFAULT_DOMAIN_CODE=
 MY_USERNAME=
-if [ ! $SYSTEM_TYPE ]; then
+if [ ! "$SYSTEM_TYPE" ]; then
     SYSTEM_TYPE="full"
 fi
 
 # An optional configuration file which overrides some of these variables
-if [ ! $CONFIGURATION_FILE ]; then
+if [ ! "$CONFIGURATION_FILE" ]; then
     CONFIGURATION_FILE="$HOME/${PROJECT_NAME}.cfg"
 fi
 

From e7b3c1f10b551fdd4e8a38992cb34aff4f0ca7b8 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:27:58 +0000
Subject: [PATCH 49/67] static analysis of freedombone commands

---
 src/freedombone-tests | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 6b30ed50..1a777acb 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -88,7 +88,18 @@ function test_static_analysis {
         if ! shellcheck --exclude SC2034,SC1090 "$filename"; then
             echo ''
             echo $"${filename} failed static analysis"
-            exit 24687242
+            exit 3857395935
+        fi
+    done
+
+    FILES="/usr/local/bin/${PROJECT_NAME}-*"
+
+    for filename in $FILES
+    do
+        if ! shellcheck --exclude SC2034,SC1090 "$filename"; then
+            echo ''
+            echo $"${filename} failed static analysis"
+            exit 784243468435
         fi
     done
 }

From 1d568eecea197cb5c57ed04d8478006d4ac61887 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:31:57 +0000
Subject: [PATCH 50/67] Remove existing commands before installing

---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 6012874e..153d8125 100644
--- a/Makefile
+++ b/Makefile
@@ -23,6 +23,7 @@ install:
 	mkdir -p ${DESTDIR}/usr/share/${APP}/utils
 	mkdir -p ${DESTDIR}/usr/share/${APP}/avatars
 	mkdir -p ${DESTDIR}/etc/${APP}
+	rm -f ${DESTDIR}/${PREFIX}/bin/${APP}-*
 	cp -r image_build/* ${DESTDIR}/etc/${APP}
 	cp img/backgrounds/${APP}_*.png ${DESTDIR}${PREFIX}/share
 	cp img/avatars/* ${DESTDIR}/usr/share/${APP}/avatars

From 52ca718a4b71efdaafed7293718c47d44ce86eae Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:32:35 +0000
Subject: [PATCH 51/67] Quotes

---
 src/freedombone-backup-remote | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-backup-remote b/src/freedombone-backup-remote
index 213cafb8..948c40bf 100755
--- a/src/freedombone-backup-remote
+++ b/src/freedombone-backup-remote
@@ -59,7 +59,7 @@ SERVER_DIRECTORY=/root/remotebackup
 GO_VERSION=$(grep 'GO_VERSION=' "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-go" | head -n 1 | awk -F '=' '{print $2}')
 
 ADMIN_USERNAME=$(get_completion_param "Admin user")
-ADMIN_NAME=$(getent passwd $ADMIN_USERNAME | cut -d: -f5 | cut -d, -f1)
+ADMIN_NAME=$(getent passwd "$ADMIN_USERNAME" | cut -d: -f5 | cut -d, -f1)
 ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}
 if [ ! -f /etc/ssl/private/backup.key ]; then
     echo $"Creating backup key"

From 8d8aaf9ef9244ba6a95cbcc54cd8d80479f83a6d Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:34:33 +0000
Subject: [PATCH 52/67] greater than

---
 src/freedombone-client | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-client b/src/freedombone-client
index 370f7167..88ca7ad0 100755
--- a/src/freedombone-client
+++ b/src/freedombone-client
@@ -295,7 +295,7 @@ function verify_ssh_server_key {
     kill ${pid}
 }
 
-while [[ $# > 0 ]]
+while [ $# -gt 0 ]
 do
     key="$1"
 

From 52188a30a5adf5e47d92069d2b8ff6b6f5ce4508 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:37:18 +0000
Subject: [PATCH 53/67] Ignore config file

---
 src/freedombone-tests | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 1a777acb..26c75a94 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -96,6 +96,10 @@ function test_static_analysis {
 
     for filename in $FILES
     do
+        if [[ "$filename" == *"-config-qtox" ]]; then
+           continue
+        fi
+
         if ! shellcheck --exclude SC2034,SC1090 "$filename"; then
             echo ''
             echo $"${filename} failed static analysis"

From 651809c32c60ec53cfcc1aba58dc91c5b11b3de6 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:39:47 +0000
Subject: [PATCH 54/67] Fix static analysis failures

---
 src/freedombone-controlpanel | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index 4ab07fd2..b238a8c8 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -1054,7 +1054,7 @@ function create_keydrive_master {
 
 function create_keydrive_fragment {
     select_user
-    if [ ! $SELECTED_USERNAME ]; then
+    if [ ! "$SELECTED_USERNAME" ]; then
         return
     fi
     dialog --title $"USB Fragment Keydrive" \
@@ -1415,6 +1415,7 @@ function format_drive {
 
 function remove_backups {
     detect_usb_drive
+    # shellcheck disable=SC2154
     dialog --title $"Remove backups from a USB drive $USB_DRIVE" \
            --backtitle $"Freedombone Control Panel" \
            --defaultno \

From 9d9a45663ad60fbbf7f2ff56426a3d7e12da67f2 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:41:58 +0000
Subject: [PATCH 55/67] No echo

---
 src/freedombone-image | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-image b/src/freedombone-image
index 7e02335f..3c9bb862 100755
--- a/src/freedombone-image
+++ b/src/freedombone-image
@@ -64,7 +64,7 @@ GENERIC_IMAGE_PASSWORD='freedombone'
 
 IMAGE_TYPE='beaglebone'
 CURR_DIR=$(pwd)
-CURR_USER=$(echo $USER)
+CURR_USER="$USER"
 TEMPBUILD_DIR=~/.tmp_${PROJECT_NAME}_build
 VMDEBOOTSTRAP_REPO=git://git.liw.fi/vmdebootstrap
 VMDEBOOTSTRAP_VERSION=0.8
@@ -73,7 +73,7 @@ IMAGE_SIZE=7.9G
 IMAGE_SIZE_SPECIFIED=
 IMAGE_NAME='full'
 
-USERNAME=$(echo $USER)
+USERNAME="$USER"
 PASSWORD=
 
 # IP address of the router (gateway)

From 7aea3f0f7c46c5674c1344bd4da2edce494c6351 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:45:32 +0000
Subject: [PATCH 56/67] Ignore makefile

---
 src/freedombone-tests | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 26c75a94..6a3b7e71 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -96,7 +96,7 @@ function test_static_analysis {
 
     for filename in $FILES
     do
-        if [[ "$filename" == *"-config-qtox" ]]; then
+        if [[ "$filename" == *"-config-qtox" || "$filename" == *"-image-make" ]]; then
            continue
         fi
 

From 9786dd93e4d8704d53141c149de3b17c8e9756c7 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:47:44 +0000
Subject: [PATCH 57/67] Ignore makefile

---
 src/freedombone-tests | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 6a3b7e71..1b300fa4 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -96,7 +96,7 @@ function test_static_analysis {
 
     for filename in $FILES
     do
-        if [[ "$filename" == *"-config-qtox" || "$filename" == *"-image-make" ]]; then
+        if [[ "$filename" == *"-config-qtox" || "$filename" == *"-image-make"* ]]; then
            continue
         fi
 

From d5d74165c0ad56eacbdc7190b4df2fbdd4ebfd14 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:50:39 +0000
Subject: [PATCH 58/67] quotes

---
 src/freedombone-keydrive | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-keydrive b/src/freedombone-keydrive
index 7f36e610..eddd0689 100755
--- a/src/freedombone-keydrive
+++ b/src/freedombone-keydrive
@@ -142,8 +142,8 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
     export GPG_TTY
 
     USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
-    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
-    GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
+    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
+    GPG_BACKUP_ID=$(su -m root -c "gpg --list-keys \"(backup key)\" | sed -n '2p' | sed 's/^[ \\t]*//'" - "$MY_USERNAME")
 
     gpgerrstr=$'error'
     gpgkey=$(gpg --homedir="/home/$MY_USERNAME/.gnupg" --armor --export "$GPG_ID")

From efadadad13443b23eebf8b542555d645fa9d5f82 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:54:51 +0000
Subject: [PATCH 59/67] start function

---
 src/freedombone-mesh-batman | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman
index f52e6def..1dd8730c 100755
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -82,6 +82,7 @@ function stop {
     systemctl stop dnsmasq
     systemctl disable dnsmasq
 
+    # shellcheck disable=SC2153
     if [ "$EIFACE" ]; then
         brctl delif "$BRIDGE" bat0
         ifconfig "$BRIDGE" down || true
@@ -165,6 +166,7 @@ function add_wifi_interface {
     ifconfig "$ifname" up
 }
 
+# shellcheck disable=SC2120
 function start {
     update_wifi_adaptors
 
@@ -351,6 +353,7 @@ function monitor {
     echo $'*** Restarting the network daemon. This may take a while. ***'
     echo ''
 
+    # shellcheck disable=SC2119
     start
 }
 
@@ -375,6 +378,7 @@ case "$1" in
         echo ''
         echo $'*** Starting mesh network connection ***'
         echo ''
+        # shellcheck disable=SC2119
         start
         ;;
     ping)

From 8174c563fa611e4a4de9b667c122bba43417ec2f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:56:38 +0000
Subject: [PATCH 60/67] Fix static analysis failures

---
 src/freedombone-recoverkey | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-recoverkey b/src/freedombone-recoverkey
index f14524a4..7f58a68f 100755
--- a/src/freedombone-recoverkey
+++ b/src/freedombone-recoverkey
@@ -33,7 +33,7 @@ PROJECT_NAME='freedombone'
 export TEXTDOMAIN=${PROJECT_NAME}-recoverkey
 export TEXTDOMAINDIR="/usr/share/locale"
 
-source $PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars
+source "$PROJECT_INSTALL_DIR/${PROJECT_NAME}-vars"
 
 # include utils which allow function_check, go and drive mount
 UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"

From 76e460380872a3d290fddb326fc174ab387855c5 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 22:58:38 +0000
Subject: [PATCH 61/67] Fix static analysis failures

---
 src/freedombone-sec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-sec b/src/freedombone-sec
index 6d5f2131..144f82c5 100755
--- a/src/freedombone-sec
+++ b/src/freedombone-sec
@@ -36,10 +36,10 @@ export TEXTDOMAINDIR="/usr/share/locale"
 CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg
 COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt
 
-UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*
+UTILS_FILES="/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-*"
 for f in $UTILS_FILES
 do
-    source $f
+    source "$f"
 done
 
 SSL_PROTOCOLS=

From 6210aaf40094765974fe1f256a298d5eb76edc4b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 23:00:56 +0000
Subject: [PATCH 62/67] Fix static analysis failures

---
 src/freedombone-template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-template b/src/freedombone-template
index e5c083d7..be5b11b3 100755
--- a/src/freedombone-template
+++ b/src/freedombone-template
@@ -31,9 +31,9 @@
 PROJECT_NAME='freedombone'
 
 app_name='noapp'
-app_name_lower=$(echo ${app_name} | tr '[:upper:]' '[:lower:]')
+app_name_lower=$(echo "${app_name}" | tr '[:upper:]' '[:lower:]')
 app_name=$app_name_lower
-app_name_upper=$(echo ${app_name} | tr '[:lower:]' '[:upper:]')
+app_name_upper=$(echo "${app_name}" | tr '[:lower:]' '[:upper:]')
 echo "test: $app_name_upper"
 app_repo="TODO"
 app_repo_commit='TODO'

From 3f4c390a5d5d8d739700ce8245bffe2e690cb397 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 23:02:43 +0000
Subject: [PATCH 63/67] Fix static analysis failures

---
 src/freedombone-tests | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 1b300fa4..45fb2632 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -123,7 +123,7 @@ function test_app_functions {
         # for each expected interface function
         for f in "${interface_functions[@]}"
         do
-            test_app_function_type ${filename} "$f"
+            test_app_function_type "${filename}" "$f"
         done
     done
 }
@@ -1305,7 +1305,7 @@ freedombone-pass --test yes
 fix_stig
 test_stig
 
-if [ ! $RUN_STIG ]; then
+if [ ! "$RUN_STIG" ]; then
     echo $'All tests passed'
 fi
 

From a4086b9e797806528dc9dcd05c857187a9400bea Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 23:06:15 +0000
Subject: [PATCH 64/67] onion port test files

---
 src/freedombone-tests | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 45fb2632..31e9fcd8 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -134,7 +134,7 @@ function test_unique_onion_ports {
     fi
 
     # test that some services are not assigned the same onion port
-    FILES="src/${PROJECT_NAME}-app-*"
+    FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-*"
     ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}')
     unique_ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
     if [[ "$ports" != "$unique_ports" ]]; then

From 5ab9a4cb05a53c23371ce5e593d3e7aac2584fc4 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 23:12:14 +0000
Subject: [PATCH 65/67] Disable quotes

---
 src/freedombone-tests | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 31e9fcd8..3a2383c7 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -135,8 +135,10 @@ function test_unique_onion_ports {
 
     # test that some services are not assigned the same onion port
     FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-*"
-    ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}')
-    unique_ports=$(grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
+    # shellcheck disable=SC2086
+    ports=$(grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}')
+    # shellcheck disable=SC2086
+    unique_ports=$(grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
     if [[ "$ports" != "$unique_ports" ]]; then
         echo $'Some onion ports are clashing'
         grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq

From 9801333767c70a384a3445fb3189c0610bd43c25 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 2 Mar 2018 23:23:55 +0000
Subject: [PATCH 66/67] Remove quotes

---
 src/freedombone-tests | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 3a2383c7..4042b4b4 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -141,7 +141,8 @@ function test_unique_onion_ports {
     unique_ports=$(grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq | awk -F '=' '{print $2}' | uniq)
     if [[ "$ports" != "$unique_ports" ]]; then
         echo $'Some onion ports are clashing'
-        grep -r "_ONION_PORT=" "$FILES" | awk -F ':' '{print $2}' | uniq
+        # shellcheck disable=SC2086
+        grep -r "_ONION_PORT=" $FILES | awk -F ':' '{print $2}' | uniq
         exit 637252
     fi
 }

From 6e84c5fdace4443a132ec481fc4a5703d7a5bf6c Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 3 Mar 2018 09:55:51 +0000
Subject: [PATCH 67/67] Excluded static analysis tests

---
 src/freedombone-tests | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-tests b/src/freedombone-tests
index 4042b4b4..be10b287 100755
--- a/src/freedombone-tests
+++ b/src/freedombone-tests
@@ -70,11 +70,13 @@ function test_static_analysis {
         apt-get -yq install shellcheck
     fi
 
+    STATIC_ANALYSIS_EXCLUDED='SC2034,SC1090'
+
     FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-*"
 
     for filename in $FILES
     do
-        if ! shellcheck --exclude SC2034,SC1090 "$filename"; then
+        if ! shellcheck --exclude "$STATIC_ANALYSIS_EXCLUDED" "$filename"; then
             echo ''
             echo $"${filename} failed static analysis"
             exit 24687242
@@ -85,7 +87,7 @@ function test_static_analysis {
 
     for filename in $FILES
     do
-        if ! shellcheck --exclude SC2034,SC1090 "$filename"; then
+        if ! shellcheck --exclude "$STATIC_ANALYSIS_EXCLUDED" "$filename"; then
             echo ''
             echo $"${filename} failed static analysis"
             exit 3857395935
@@ -100,7 +102,7 @@ function test_static_analysis {
            continue
         fi
 
-        if ! shellcheck --exclude SC2034,SC1090 "$filename"; then
+        if ! shellcheck --exclude "$STATIC_ANALYSIS_EXCLUDED" "$filename"; then
             echo ''
             echo $"${filename} failed static analysis"
             exit 784243468435