Tidying

2018-02-28 23:17:49 +00:00 · 2018-02-28 23:17:49 +00:00 · fa8f96bfdb
parent 5479d49dc9
commit fa8f96bfdb
16 changed files with 3392 additions and 3370 deletions
--- a/src/freedombone-app-mediagoblin
+++ b/src/freedombone-app-mediagoblin
@ -71,7 +71,7 @@ function mediagoblin_fix_email {
    if ! grep -q 'import os' $mgfile; then
        sed -i '/import sys/a import os' $mgfile
    fi
-    sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
+    sed -i "s|return mhost.sendmail(from_addr, to_addrs, message.as_string())|return os.system(\"echo '\" + message_body + \"' \\| mail -s '\" + message['Subject'] + \"' \" + message['To'])|g" $mgfile
 }

 function install_interactive_mediagoblin {
@ -92,7 +92,7 @@ function configure_interactive_mediagoblin {
    dialog --title $"Mediagoblin" \
           --backtitle $"Freedombone Control Panel" \
           --defaultno \
-           --yesno $"\nAllow registration of new users?" 10 60
+           --yesno $"\\nAllow registration of new users?" 10 60
    sel=$?
    case $sel in
        0)
@ -139,7 +139,7 @@ function reconfigure_mediagoblin {
 }

 function upgrade_mediagoblin {
-    CURR_MEDIAGOBLIN_COMMIT=$(cat $COMPLETION_FILE | grep "mediagoblin commit" | awk -F ':' '{print $2}')
+    CURR_MEDIAGOBLIN_COMMIT=$(grep "mediagoblin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
    if [[ "$CURR_MEDIAGOBLIN_COMMIT" != "$MEDIAGOBLIN_COMMIT" ]]; then
        MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
        su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && git stash && git pull" - mediagoblin
@ -182,6 +182,7 @@ function restore_local_mediagoblin {
        else
            cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            function_check restore_directory_from_usb
            set_user_permissions
@ -195,6 +196,7 @@ function restore_local_mediagoblin {
        else
            cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            function_check set_user_permissions
            set_user_permissions
@ -214,24 +216,25 @@ function backup_remote_mediagoblin {
    MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
    if [ -d /etc/mediagoblin ]; then
        echo $"Backing up mediagoblin"
-        backup_directory_to_friend $MEDIAGOBLIN_BASE_DIR mediagoblin
+        backup_directory_to_friend "$MEDIAGOBLIN_BASE_DIR" mediagoblin
        backup_directory_to_friend /var/lib/mediagoblin mediagoblindata
    fi
 }

 function restore_remote_mediagoblin {
    MEDIAGOBLIN_BASE_DIR=/var/www/$MEDIAGOBLIN_DOMAIN_NAME/htdocs
-    if [ -d $SERVER_DIRECTORY/backup/mediagoblin ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/mediagoblin" ]; then
        temp_restore_dir=/root/tempmediagoblin
        function_check get_completion_param
        MEDIAGOBLIN_DOMAIN_NAME=$(get_completion_param "mediagoblin domain")
        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir mediagoblin
-        if [ -d ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR ]; then
-            cp -r ${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/* $MEDIAGOBLIN_BASE_DIR/
+        if [ -d "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR" ]; then
+            cp -r "${temp_restore_dir}$MEDIAGOBLIN_BASE_DIR/*" "$MEDIAGOBLIN_BASE_DIR/"
        else
-            cp -r ${temp_restore_dir}/* $MEDIAGOBLIN_BASE_DIR/
+            cp -r "${temp_restore_dir}/*" "$MEDIAGOBLIN_BASE_DIR/"
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            exit 264824
        fi
@ -241,12 +244,13 @@ function restore_remote_mediagoblin {
        else
            cp -r ${temp_restore_dir}2/* /var/lib/mediagoblin/
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            exit 268492
        fi
        rm -rf ${temp_restore_dir}
        rm -rf ${temp_restore_dir}2
-        chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
+        chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
        chown -hR mediagoblin:www-data /var/lib/mediagoblin
        chmod -R g+wx /var/lib/mediagoblin
    fi
@ -264,17 +268,17 @@ function remove_mediagoblin {

    function_check remove_onion_service
    remove_onion_service mediagoblin ${MEDIAGOBLIN_ONION_PORT}
-    nginx_dissite $MEDIAGOBLIN_DOMAIN_NAME
-    remove_certs $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_dissite "$MEDIAGOBLIN_DOMAIN_NAME"
+    remove_certs "$MEDIAGOBLIN_DOMAIN_NAME"
    if [ -d /var/lib/mediagoblin ]; then
        rm -rf /var/lib/mediagoblin
    fi
-    if [ -d $MEDIAGOBLIN_BASE_DIR ]; then
-        rm -rf $MEDIAGOBLIN_BASE_DIR
+    if [ -d "$MEDIAGOBLIN_BASE_DIR" ]; then
+        rm -rf "$MEDIAGOBLIN_BASE_DIR"
    fi
    remove_completion_param "install_mediagoblin"
    remove_completion_param "mediagoblin domain"
-    sed -i '/mediagoblin/d' $COMPLETION_FILE
+    sed -i '/mediagoblin/d' "$COMPLETION_FILE"

    remove_nodejs mediagoblin

@ -282,11 +286,11 @@ function remove_mediagoblin {
    userdel -r mediagoblin

    function_check remove_ddns_domain
-    remove_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+    remove_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"
 }

 function install_mediagoblin {
-    if [ ! $MEDIAGOBLIN_DOMAIN_NAME ]; then
+    if [ ! "$MEDIAGOBLIN_DOMAIN_NAME" ]; then
        return
    fi

@ -304,17 +308,17 @@ function install_mediagoblin {
    useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin
    usermod --append -G mediagoblin mediagoblin
    mkdir -p /var/lib/mediagoblin
-    mkdir -p $MEDIAGOBLIN_BASE_DIR
-    chown -hR mediagoblin:www-data $MEDIAGOBLIN_BASE_DIR
+    mkdir -p "$MEDIAGOBLIN_BASE_DIR"
+    chown -hR mediagoblin:www-data "$MEDIAGOBLIN_BASE_DIR"
    chown -hR mediagoblin:www-data /var/lib/mediagoblin
    chmod -R g+wx /var/lib/mediagoblin

    if [ -d /repos/mediagoblin ]; then
-        mkdir -p $MEDIAGOBLIN_BASE_DIR/mediagoblin
-        cp -r -p /repos/mediagoblin/. $MEDIAGOBLIN_BASE_DIR/mediagoblin
-        cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        mkdir -p "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
+        cp -r -p /repos/mediagoblin/. "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
+        cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 347593563
        git pull
-        chown -R mediagoblin:mediagoblin $MEDIAGOBLIN_BASE_DIR/mediagoblin
+        chown -R mediagoblin:mediagoblin "$MEDIAGOBLIN_BASE_DIR/mediagoblin"
    else
        su -c "cd $MEDIAGOBLIN_BASE_DIR && git clone $MEDIAGOBLIN_REPO $MEDIAGOBLIN_BASE_DIR/mediagoblin" - mediagoblin
    fi
@ -340,7 +344,7 @@ function install_mediagoblin {
            gstreamer1.0-plugins-ugly \
            gstreamer1.0-libav \
            python-gst-1.0 python3-gst-1.0
-    cd $MEDIAGOBLIN_BASE_DIR/mediagoblin
+    cd "$MEDIAGOBLIN_BASE_DIR/mediagoblin" || exit 76345672472
    su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.video]]' | tee -a mediagoblin_local.ini" - mediagoblin

    # Audio plugin
@ -349,14 +353,14 @@ function install_mediagoblin {
    su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && echo '[[mediagoblin.media_types.audio]]' | tee -a mediagoblin_local.ini" - mediagoblin
    su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin && bin/pip install scikits.audiolab" - mediagoblin

-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MEDIAGOBLIN_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MEDIAGOBLIN_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
-        if [ ! $MEDIAGOBLIN_ADMIN_PASSWORD ]; then
-            MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MEDIAGOBLIN_ADMIN_PASSWORD" ]; then
+            MEDIAGOBLIN_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
        fi
    fi
-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a mediagoblin -p "$MEDIAGOBLIN_ADMIN_PASSWORD"

    MEDIAGOBLIN_ONION_HOSTNAME=$(add_onion_service mediagoblin 80 ${MEDIAGOBLIN_ONION_PORT})
    set_completion_param "mediagoblin domain" "${MEDIAGOBLIN_DOMAIN_NAME}"
@ -365,157 +369,157 @@ function install_mediagoblin {

    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
-        nginx_http_redirect $MEDIAGOBLIN_DOMAIN_NAME
-        echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    default_type  application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        nginx_http_redirect "$MEDIAGOBLIN_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo '    include /etc/nginx/mime.types;';
+          echo '';
+          echo '    autoindex off;';
+          echo '    default_type  application/octet-stream;';
+          echo '    sendfile on;';
+          echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
        function_check nginx_ssl
-        nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
+        nginx_ssl "$MEDIAGOBLIN_DOMAIN_NAME"
        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+        nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
        function_check nginx_limits
-        nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "    server_name $MEDIAGOBLIN_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
+        { echo '';
+          echo '    client_header_timeout 10m;';
+          echo '    client_body_timeout 10m;';
+          echo '    send_timeout 10m;';
+          echo '';
+          echo '    fastcgi_read_timeout 600;';
+          echo '    fastcgi_send_timeout 600;';
+          echo '';
+          echo '    gzip on;';
+          echo '    gzip_min_length 1024;';
+          echo '    gzip_buffers 4 32k;';
+          echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
+          echo '';
+          echo "    server_name $MEDIAGOBLIN_DOMAIN_NAME;";
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';

-        echo '    location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-        echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+          echo '    location /mgoblin_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
+          echo '    }';
+          echo '';
+          echo '    location /mgoblin_media/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
+          echo '    }';
+          echo '';
+          echo '    location /theme_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
+          echo '    }';
+          echo '';
+          echo '    location /plugin_static/ {';
+          echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
+          echo '    }';
+          echo '';
+          echo '    location / {';
+          echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
+          echo '        include /etc/nginx/fastcgi_params;';
+          echo "        fastcgi_param PATH_INFO \$fastcgi_script_name;";
+          echo '        fastcgi_param SCRIPT_NAME "";';
+          echo '        fastcgi_read_timeout 30;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
    else
-        echo -n '' > /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+        echo -n '' > "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
    fi
-    echo 'server {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    include /etc/nginx/mime.types;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    autoindex off;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    default_type  application/octet-stream;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    sendfile on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${MEDIAGOBLIN_ONION_PORT} default_server;";
+      echo '    include /etc/nginx/mime.types;';
+      echo '';
+      echo '    autoindex off;';
+      echo '    default_type  application/octet-stream;';
+      echo '    sendfile on;';
+      echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
    function_check nginx_limits
-    nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    send_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    fastcgi_send_timeout 600;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip on;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_min_length 1024;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_buffers 4 32k;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "    server_name $MEDIAGOBLIN_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    error_log /dev/null;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+    nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
+    { echo '';
+      echo '    client_header_timeout 10m;';
+      echo '    client_body_timeout 10m;';
+      echo '    send_timeout 10m;';
+      echo '';
+      echo '    fastcgi_read_timeout 600;';
+      echo '    fastcgi_send_timeout 600;';
+      echo '';
+      echo '    gzip on;';
+      echo '    gzip_min_length 1024;';
+      echo '    gzip_buffers 4 32k;';
+      echo '    gzip_types text/plain application/x-javascript text/javascript text/xml text/css;';
+      echo '';
+      echo "    server_name $MEDIAGOBLIN_ONION_HOSTNAME;";
+      echo '    access_log /dev/null;';
+      echo '    error_log /dev/null;';
+      echo '';

-    echo '    location /mgoblin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /mgoblin_media/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /theme_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location /plugin_static/ {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;" >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        include /etc/nginx/fastcgi_params;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_param PATH_INFO $fastcgi_script_name;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_param SCRIPT_NAME "";' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '        fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
+      echo '    location /mgoblin_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin/static/;";
+      echo '    }';
+      echo '';
+      echo '    location /mgoblin_media/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/media/public/;";
+      echo '    }';
+      echo '';
+      echo '    location /theme_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/theme_static/;";
+      echo '    }';
+      echo '';
+      echo '    location /plugin_static/ {';
+      echo "        alias $MEDIAGOBLIN_BASE_DIR/mediagoblin/user_dev/plugin_static/;";
+      echo '    }';
+      echo '';
+      echo '    location / {';
+      echo "        fastcgi_pass 127.0.0.1:$MEDIAGOBLIN_PORT;";
+      echo '        include /etc/nginx/fastcgi_params;';
+      echo "        fastcgi_param PATH_INFO \$fastcgi_script_name;";
+      echo '        fastcgi_param SCRIPT_NAME "";';
+      echo '        fastcgi_read_timeout 30;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"

-    echo '[Unit]' > /etc/systemd/system/mediagoblin.service
-    echo 'Description=Media service' >> /etc/systemd/system/mediagoblin.service
-    echo 'Requires=network.target' >> /etc/systemd/system/mediagoblin.service
-    echo 'After=network.target' >> /etc/systemd/system/mediagoblin.service
-    echo '' >> /etc/systemd/system/mediagoblin.service
-    echo '[Service]' >> /etc/systemd/system/mediagoblin.service
-    echo 'Type=simple' >> /etc/systemd/system/mediagoblin.service
-    echo 'User=mediagoblin' >> /etc/systemd/system/mediagoblin.service
-    echo 'Group=mediagoblin' >> /etc/systemd/system/mediagoblin.service
-    echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/" >> /etc/systemd/system/mediagoblin.service
-    echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT" >> /etc/systemd/system/mediagoblin.service
-    echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true" >> /etc/systemd/system/mediagoblin.service
-    echo 'Restart=always' >> /etc/systemd/system/mediagoblin.service
-    echo 'RestartSec=10' >> /etc/systemd/system/mediagoblin.service
-    echo '' >> /etc/systemd/system/mediagoblin.service
-    echo '[Install]' >> /etc/systemd/system/mediagoblin.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mediagoblin.service
+    { echo '[Unit]';
+      echo 'Description=Media service';
+      echo 'Requires=network.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=mediagoblin';
+      echo 'Group=mediagoblin';
+      echo "WorkingDirectory=$MEDIAGOBLIN_BASE_DIR/mediagoblin/";
+      echo "ExecStart=$MEDIAGOBLIN_BASE_DIR/mediagoblin/lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=$MEDIAGOBLIN_PORT";
+      echo "Environment=MEDIAGOBLIN_CONFIG=$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini CELERY_ALWAYS_EAGER=true";
+      echo 'Restart=always';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/mediagoblin.service
    chmod +x /etc/systemd/system/mediagoblin.service

    su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg dbupdate" - mediagoblin
    su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg adduser --username $MY_USERNAME --password $MY_USERNAME $MEDIAGOBLIN_ADMIN_PASSWORD" - mediagoblin
    su -c "cd $MEDIAGOBLIN_BASE_DIR/mediagoblin/ && bin/gmg makeadmin $MY_USERNAME" - mediagoblin

-    sed -i 's|email_debug_mode.*|email_debug_mode = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-    sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    sed -i 's|email_debug_mode.*|email_debug_mode = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
+    sed -i "s|email_sender_address.*|email_sender_address = \"noreply@${DEFAULT_DOMAIN_NAME}\"|g" "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"

-    sed -i 's|allow_reporting.*|allow_reporting = false|g' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    sed -i 's|allow_reporting.*|allow_reporting = false|g' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"

-    if ! grep -q '[[[skip_transcode]]]' $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini; then
-        echo '[[[skip_transcode]]]' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'container_formats = Matroska, Ogg, ISO MP4/M4A' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'audio_codecs = Vorbis, MPEG-4 AAC' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
-        echo 'dimensions_match = false' >> $MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini
+    if ! grep -q '[[[skip_transcode]]]' "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"; then
+        { echo '[[[skip_transcode]]]';
+          echo 'mime_types = video/webm, video/ogg, video/mp4, audio/ogg, application/ogg, application/x-annodex';
+          echo 'container_formats = Matroska, Ogg, ISO MP4/M4A';
+          echo 'video_codecs = VP8 video, VP9 video, Theora, H.264, H.264 / AVC, MPEG-4 video';
+          echo 'audio_codecs = Vorbis, MPEG-4 AAC';
+          echo 'dimensions_match = false'; } >> "$MEDIAGOBLIN_BASE_DIR/mediagoblin/mediagoblin_local.ini"
    fi

    systemctl enable mediagoblin
@ -529,18 +533,18 @@ function install_mediagoblin {
    fi

    function_check create_site_certificate
-    create_site_certificate $MEDIAGOBLIN_DOMAIN_NAME 'yes'
+    create_site_certificate "$MEDIAGOBLIN_DOMAIN_NAME" 'yes'

    function_check configure_php
    configure_php

-    nginx_ensite $MEDIAGOBLIN_DOMAIN_NAME
+    nginx_ensite "$MEDIAGOBLIN_DOMAIN_NAME"

    systemctl restart php7.0-fpm
    systemctl restart nginx

    function_check add_ddns_domain
-    add_ddns_domain $MEDIAGOBLIN_DOMAIN_NAME
+    add_ddns_domain "$MEDIAGOBLIN_DOMAIN_NAME"

    chown -hR mediagoblin:www-data /var/lib/mediagoblin
    chmod -R g+wx /var/lib/mediagoblin
--- a/src/freedombone-app-movim
+++ b/src/freedombone-app-movim
@ -58,19 +58,19 @@ function logging_off_movim {
 function remove_user_movim {
    remove_username="$1"

-    ${PROJECT_NAME}-pass -u $remove_username --rmapp movim
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp movim
 }

 function add_user_movim {
    new_username="$1"
    new_user_password="$2"

-    ${PROJECT_NAME}-pass -u $new_username -a movim -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a movim -p "$new_user_password"
    echo '0'
 }

 function install_interactive_movim {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

@ -80,39 +80,38 @@ function install_interactive_movim {
        MOVIM_DETAILS_COMPLETE=
        while [ ! $MOVIM_DETAILS_COMPLETE ]
        do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Movim Configuration" \
-                       --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
+                       --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
                       $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                       $"Code:" 2 1 "$(grep 'MOVIM_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
            else
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Movim Configuration" \
-                       --form $"\nPlease enter your Movim details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
+                       --form $"\\nPlease enter your Movim details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 12 65 2 \
                       $"Domain:" 1 1 "$(grep 'MOVIM_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
            fi
            sel=$?
            case $sel in
                1) exit 1;;
                255) exit 1;;
            esac
-            MOVIM_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $MOVIM_DOMAIN_NAME ]; then
+            MOVIM_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$MOVIM_DOMAIN_NAME" ]; then
                TEST_DOMAIN_NAME=$MOVIM_DOMAIN_NAME
                validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $MOVIM_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$MOVIM_DOMAIN_NAME" ]]; then
                    MOVIM_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        MOVIM_CODE=$(cat $data | sed -n 2p)
+                        MOVIM_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$MOVIM_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                            MOVIM_DOMAIN_NAME=
                        fi
                    fi
@ -121,6 +120,7 @@ function install_interactive_movim {
            if [ $MOVIM_DOMAIN_NAME ]; then
                MOVIM_DETAILS_COMPLETE="yes"
            fi
+            rm -f "$data"
        done

        # save the results in the config file
@ -136,23 +136,23 @@ function change_password_movim {

    read_config_param 'MOVIM_DOMAIN_NAME'

-    ${PROJECT_NAME}-pass -u "$curr_username" -a movim -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a movim -p "$new_user_password"
 }

 function movim_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MOVIM_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MOVIM_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
-        if [ ! $MOVIM_ADMIN_PASSWORD ]; then
-            MOVIM_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
+            MOVIM_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
        fi
    fi
-    if [ ! $MOVIM_ADMIN_PASSWORD ]; then
+    if [ ! "$MOVIM_ADMIN_PASSWORD" ]; then
        return
    fi

    function_check create_database
-    create_database movim "$MOVIM_ADMIN_PASSWORD" $MY_USERNAME
+    create_database movim "$MOVIM_ADMIN_PASSWORD" "$MY_USERNAME"
 }

 function reconfigure_movim {
@ -165,35 +165,35 @@ function upgrade_movim {
        return
    fi

-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
        MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
    fi

    # update to the next commit
    function_check set_repo_commit
-    set_repo_commit /var/www/$MOVIM_DOMAIN_NAME/htdocs "movim commit" "$MOVIM_COMMIT" $MOVIM_REPO
+    set_repo_commit "/var/www/$MOVIM_DOMAIN_NAME/htdocs" "movim commit" "$MOVIM_COMMIT" "$MOVIM_REPO"

-    cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+    cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 6734824522
    php composer.phar install
    php mud.php db --set
-    chown -R www-data:www-data /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
 }


 function backup_local_movim {
    MOVIM_DOMAIN_NAME='movim'
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
        MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
    fi

-    source_directory=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
-    if [ -d $source_directory ]; then
+    source_directory="/var/www/${MOVIM_DOMAIN_NAME}/htdocs"
+    if [ -d "$source_directory" ]; then
        dest_directory=movim
        function_check suspend_site
-        suspend_site ${MOVIM_DOMAIN_NAME}
+        suspend_site "${MOVIM_DOMAIN_NAME}"

        function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"

        function_check backup_database_to_usb
        backup_database_to_usb movim
@ -204,28 +204,28 @@ function backup_local_movim {
 }

 function restore_local_movim {
-    if ! grep -q "movim domain" $COMPLETION_FILE; then
+    if ! grep -q "movim domain" "$COMPLETION_FILE"; then
        return
    fi
    MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
-    if [ $MOVIM_DOMAIN_NAME ]; then
+    if [ "$MOVIM_DOMAIN_NAME" ]; then
        echo $"Restoring movim"
        temp_restore_dir=/root/tempmovim
        movim_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
        # stop the daemons
-        cd $movim_dir
+        cd "$movim_dir" || exit 7856724252
        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data

        function_check movim_create_database
        movim_create_database

-        restore_database movim ${MOVIM_DOMAIN_NAME}
+        restore_database movim "${MOVIM_DOMAIN_NAME}"
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi

-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 2468724682
        sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
        MARIADB_PASSWORD=

@ -234,18 +234,18 @@ function restore_local_movim {
 }

 function backup_remote_movim {
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
        MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")
        temp_backup_dir=/var/www/${MOVIM_DOMAIN_NAME}/htdocs
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
            function_check suspend_site
-            suspend_site ${MOVIM_DOMAIN_NAME}
+            suspend_site "${MOVIM_DOMAIN_NAME}"

            function_check backup_database_to_friend
            backup_database_to_friend movim

            function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir movim
+            backup_directory_to_friend "$temp_backup_dir" movim

            function_check restart_site
            restart_site
@ -256,25 +256,25 @@ function backup_remote_movim {
 }

 function restore_remote_movim {
-    if grep -q "movim domain" $COMPLETION_FILE; then
+    if grep -q "movim domain" "$COMPLETION_FILE"; then
        echo $"Restoring movim"
        MOVIM_DOMAIN_NAME=$(get_completion_param "movim domain")

        # stop the daemons
-        cd /var/www/${MOVIM_DOMAIN_NAME}/htdocs
+        cd "/var/www/${MOVIM_DOMAIN_NAME}/htdocs" || exit 524792846827
        su -c "sh scripts/stopdaemons.sh" -s /bin/sh www-data

        function_check movim_create_database
        movim_create_database

        function_check restore_database_from_friend
-        restore_database_from_friend movim ${MOVIM_DOMAIN_NAME}
+        restore_database_from_friend movim "${MOVIM_DOMAIN_NAME}"
        if [ -d /root/tempmovim ]; then
            rm -rf /root/tempmovim
        fi

-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
-        cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 4242462487
        sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
        MARIADB_PASSWORD=

@ -298,14 +298,14 @@ function remove_movim {

    read_config_param "MY_USERNAME"
    echo "Removing $MOVIM_DOMAIN_NAME"
-    nginx_dissite $MOVIM_DOMAIN_NAME
-    remove_certs $MOVIM_DOMAIN_NAME
+    nginx_dissite "$MOVIM_DOMAIN_NAME"
+    remove_certs "$MOVIM_DOMAIN_NAME"

-    if [ -d /var/www/$MOVIM_DOMAIN_NAME ]; then
-        rm -rf /var/www/$MOVIM_DOMAIN_NAME
+    if [ -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$MOVIM_DOMAIN_NAME"
    fi
-    if [ -f /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$MOVIM_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME"
    fi
    function_check drop_database
    drop_database movim
@ -316,15 +316,15 @@ function remove_movim {
    fi
    remove_app movim
    remove_completion_param install_movim
-    sed -i '/movim/d' $COMPLETION_FILE
+    sed -i '/movim/d' "$COMPLETION_FILE"
    remove_backup_database_local movim

    function_check remove_ddns_domain
-    remove_ddns_domain $MOVIM_DOMAIN_NAME
+    remove_ddns_domain "$MOVIM_DOMAIN_NAME"
 }

 function install_movim {
-    if [ ! $MOVIM_DOMAIN_NAME ]; then
+    if [ ! "$MOVIM_DOMAIN_NAME" ]; then
        echo $'No domain name was given for movim'
        exit 72572
    fi
@ -333,7 +333,7 @@ function install_movim {
        return
    fi

-    movim_hourly_script movim $MOVIM_DOMAIN_NAME
+    movim_hourly_script movim "$MOVIM_DOMAIN_NAME"

    function_check install_mariadb
    install_mariadb
@ -347,221 +347,221 @@ function install_movim {
    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
    apt-get -yq install php-memcached php-intl exiftool php-imagick libfcgi0ldbl

-    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME ]; then
-        mkdir /var/www/$MOVIM_DOMAIN_NAME
+    if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$MOVIM_DOMAIN_NAME"
    fi
-    if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then

        if [ -d /repos/movim ]; then
-            mkdir /var/www/$MOVIM_DOMAIN_NAME/htdocs
-            cp -r -p /repos/movim/. /var/www/$MOVIM_DOMAIN_NAME/htdocs
-            cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/movim/. "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+            cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 3768568325
            git pull
        else
            function_check git_clone
-            git_clone $MOVIM_REPO /var/www/$MOVIM_DOMAIN_NAME/htdocs
+            git_clone "$MOVIM_REPO" "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
        fi

-        if [ ! -d /var/www/$MOVIM_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$MOVIM_DOMAIN_NAME/htdocs" ]; then
            echo $'Unable to clone movim repo'
            exit 76285
        fi
    fi

-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 7345247242
    git checkout $MOVIM_COMMIT -b $MOVIM_COMMIT
    set_completion_param "movim commit" "$MOVIM_COMMIT"

    # default login
-    if [ ! -f /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php ]; then
+    if [ ! -f "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php" ]; then
        echo $'Unable to find Config.php'
        exit 72352
    fi
-    sed -i "s|'admin'|'${MY_USERNAME}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php
-    sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" /var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php
+    sed -i "s|'admin'|'${MY_USERNAME}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"
+    sed -i "s|'password'|'${MOVIM_ADMIN_PASSWORD}'|g" "/var/www/$MOVIM_DOMAIN_NAME/htdocs/app/models/config/Config.php"

    # Fix typo
    sed -i 's|weksocket|websocket|g' app/widgets/AdminTest/admintest.js

-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs" || exit 784368245224
    install_composer

-    cd /var/www/$MOVIM_DOMAIN_NAME/htdocs/config
+    cd "/var/www/$MOVIM_DOMAIN_NAME/htdocs/config" || exit 6428764224
    cp db.example.inc.php db.inc.php
    sed -i "s|'username'.*|'username'    => 'root',|g" db.inc.php
    sed -i "s|'password'.*|'password'    => '$MARIADB_PASSWORD',|g" db.inc.php
    sed -i "s|'database'.*|'database'    => 'movim'|g" db.inc.php
    php mud.php db --set

-    chmod u+rwx /var/www/$MOVIM_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$MOVIM_DOMAIN_NAME/htdocs
+    chmod u+rwx "/var/www/$MOVIM_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$MOVIM_DOMAIN_NAME/htdocs"

    function_check movim_create_database
    movim_create_database

    function_check add_ddns_domain
-    add_ddns_domain $MOVIM_DOMAIN_NAME
+    add_ddns_domain "$MOVIM_DOMAIN_NAME"

    MOVIM_ONION_HOSTNAME=$(add_onion_service movim 80 ${MOVIM_ONION_PORT})

-    echo '[Unit]' > /etc/systemd/system/movim.service
-    echo 'Description=Movim daemon' >> /etc/systemd/system/movim.service
-    echo 'After=network.target nginx.target' >> /etc/systemd/system/movim.service
-    echo '' >> /etc/systemd/system/movim.service
-    echo '[Service]' >> /etc/systemd/system/movim.service
-    echo 'Type=simple' >> /etc/systemd/system/movim.service
-    echo 'User=www-data' >> /etc/systemd/system/movim.service
-    echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs" >> /etc/systemd/system/movim.service
+    { echo '[Unit]';
+      echo 'Description=Movim daemon';
+      echo 'After=network.target nginx.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo "WorkingDirectory=/var/www/$MOVIM_DOMAIN_NAME/htdocs"; } > /etc/systemd/system/movim.service
    if [[ $ONION_ONLY == 'no' ]]; then
        echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=https://$MOVIM_DOMAIN_NAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
    else
        echo "ExecStart=/usr/bin/php /var/www/$MOVIM_DOMAIN_NAME/htdocs/daemon.php start --url=http://$MOVIM_ONION_HOSTNAME --port=$MOVIM_DAEMON_PORT" >> /etc/systemd/system/movim.service
    fi
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/movim.service
-    echo 'SyslogIdentifier=movim' >> /etc/systemd/system/movim.service
-    echo 'PIDFile=/run/movim.pid' >> /etc/systemd/system/movim.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/movim.service
-    echo 'RestartSec=10' >> /etc/systemd/system/movim.service
-    echo '' >> /etc/systemd/system/movim.service
-    echo '[Install]' >> /etc/systemd/system/movim.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/movim.service
+    { echo 'StandardOutput=syslog';
+      echo 'SyslogIdentifier=movim';
+      echo 'PIDFile=/run/movim.pid';
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } >> /etc/systemd/system/movim.service
    systemctl enable movim
    systemctl daemon-reload

    movim_nginx_site=/etc/nginx/sites-available/$MOVIM_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
-        nginx_http_redirect $MOVIM_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $movim_nginx_site
-        echo '  listen 443 ssl;' >> $movim_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $movim_nginx_site
-        echo "  server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
+        nginx_http_redirect "$MOVIM_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $MOVIM_DOMAIN_NAME;";
+          echo ''; } >> "$movim_nginx_site"
        function_check nginx_compress
-        nginx_compress $MOVIM_DOMAIN_NAME
-        echo '' >> $movim_nginx_site
-        echo '  # Security' >> $movim_nginx_site
+        nginx_compress "$MOVIM_DOMAIN_NAME"
+        echo '' >> "$movim_nginx_site"
+        echo '  # Security' >> "$movim_nginx_site"
        function_check nginx_ssl
-        nginx_ssl $MOVIM_DOMAIN_NAME
+        nginx_ssl "$MOVIM_DOMAIN_NAME"

        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $MOVIM_DOMAIN_NAME
+        nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"

-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Logs' >> $movim_nginx_site
-        echo '  access_log /dev/null;' >> $movim_nginx_site
-        echo '  error_log /dev/null;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Root' >> $movim_nginx_site
-        echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Index' >> $movim_nginx_site
-        echo '  index index.php;' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # PHP' >> $movim_nginx_site
-        echo '  location ~ \.php {' >> $movim_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Location' >> $movim_nginx_site
-        echo '  location / {' >> $movim_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$movim_nginx_site"
        function_check nginx_limits
-        nginx_limits $MOVIM_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @movim;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  location /ws/ {' >> $movim_nginx_site
-        echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site
-        echo '    proxy_http_version 1.1;' >> $movim_nginx_site
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site
-        echo '    proxy_set_header Connection "Upgrade";' >> $movim_nginx_site
-        echo '    proxy_set_header Host $host;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site
-        echo '    proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site
-        echo '    proxy_redirect off;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Fancy URLs' >> $movim_nginx_site
-        echo '  location @movim {' >> $movim_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $movim_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $movim_nginx_site
-        echo '    deny all;' >> $movim_nginx_site
-        echo '  }' >> $movim_nginx_site
-        echo '' >> $movim_nginx_site
-        echo '}' >> $movim_nginx_site
+        nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @movim;";
+          echo '  }';
+          echo '';
+          echo '  location /ws/ {';
+          echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection "Upgrade";';
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_set_header X-Forwarded-Proto https;';
+          echo '    proxy_redirect off;';
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @movim {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '}'; } >> "$movim_nginx_site"
    else
-        echo -n '' > $movim_nginx_site
+        echo -n '' > "$movim_nginx_site"
    fi
-    echo 'server {' >> $movim_nginx_site
-    echo "    listen 127.0.0.1:$MOVIM_ONION_PORT default_server;" >> $movim_nginx_site
-    echo "    server_name $MOVIM_DOMAIN_NAME;" >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$MOVIM_ONION_PORT default_server;";
+      echo "    server_name $MOVIM_DOMAIN_NAME;";
+      echo ''; } >> "$movim_nginx_site"
    function_check nginx_compress
-    nginx_compress $MOVIM_DOMAIN_NAME
-    echo '' >> $movim_nginx_site
+    nginx_compress "$MOVIM_DOMAIN_NAME"
+    echo '' >> "$movim_nginx_site"
    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $MOVIM_DOMAIN_NAME
-    echo '' >> $movim_nginx_site
-    echo '  # Logs' >> $movim_nginx_site
-    echo '  access_log /dev/null;' >> $movim_nginx_site
-    echo '  error_log /dev/null;' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Root' >> $movim_nginx_site
-    echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;" >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Index' >> $movim_nginx_site
-    echo '  index index.php;' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # PHP' >> $movim_nginx_site
-    echo '  location ~ \.php {' >> $movim_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $movim_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $movim_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Location' >> $movim_nginx_site
-    echo '  location / {' >> $movim_nginx_site
+    nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$MOVIM_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$movim_nginx_site"
    function_check nginx_limits
-    nginx_limits $MOVIM_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @movim;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  location /ws/ {' >> $movim_nginx_site
-    echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;" >> $movim_nginx_site
-    echo '    proxy_http_version 1.1;' >> $movim_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $movim_nginx_site
-    echo '    proxy_set_header Connection "Upgrade";' >> $movim_nginx_site
-    echo '    proxy_set_header Host $host;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $movim_nginx_site
-    echo '    proxy_set_header X-Forwarded-Proto https;' >> $movim_nginx_site
-    echo '    proxy_redirect off;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Fancy URLs' >> $movim_nginx_site
-    echo '  location @movim {' >> $movim_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $movim_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $movim_nginx_site
-    echo '    deny all;' >> $movim_nginx_site
-    echo '  }' >> $movim_nginx_site
-    echo '' >> $movim_nginx_site
-    echo '}' >> $movim_nginx_site
+    nginx_limits "$MOVIM_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @movim;";
+      echo '  }';
+      echo '';
+      echo '  location /ws/ {';
+      echo "    proxy_pass http://localhost:${MOVIM_DAEMON_PORT}/;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection "Upgrade";';
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_set_header X-Forwarded-Proto https;';
+      echo '    proxy_redirect off;';
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @movim {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '}'; } >> "$movim_nginx_site"

    function_check configure_php
    configure_php

    function_check create_site_certificate
-    create_site_certificate $MOVIM_DOMAIN_NAME 'yes'
+    create_site_certificate "$MOVIM_DOMAIN_NAME" 'yes'

    # Ensure that the database gets backed up locally, if remote
    # backups are not being used
@ -572,9 +572,9 @@ function install_movim {
    backup_database_local movim

    function_check nginx_ensite
-    nginx_ensite $MOVIM_DOMAIN_NAME
+    nginx_ensite "$MOVIM_DOMAIN_NAME"

-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a movim -p "$MOVIM_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a movim -p "$MOVIM_ADMIN_PASSWORD"

    set_completion_param "movim domain" "$MOVIM_DOMAIN_NAME"

--- a/src/freedombone-app-mumble
+++ b/src/freedombone-app-mumble
@ -86,7 +86,7 @@ function upgrade_mumble {
        usermod -a -G ssl-cert mumble-server
    fi

-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
        if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
            sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
            sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
@ -117,17 +117,18 @@ function backup_local_mumble {
 }

 function restore_local_mumble {
-    if [ -d $USB_MOUNT/backup/mumble ]; then
+    if [ -d "$USB_MOUNT/backup/mumble" ]; then
        echo $"Restoring mumble settings"
        temp_restore_dir=/root/tempmumble
        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir voip
        restore_directory_from_usb $temp_restore_dir mumble
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
        else
            cp -f $temp_restore_dir/mumble-server.ini /etc/
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            rm -rf $temp_restore_dir
            function_check set_user_permissions
@ -136,11 +137,12 @@ function restore_local_mumble {
            backup_unmount_drive
            exit 3679
        fi
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
        else
            cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            rm -rf $temp_restore_dir
            function_check set_user_permissions
@ -171,29 +173,27 @@ function backup_remote_mumble {
 }

 function restore_remote_mumble {
-    if [ -d $SERVER_DIRECTORY/backup/mumble ]; then
+    if [ -d "$SERVER_DIRECTORY/backup/mumble" ]; then
        echo $"Restoring Mumble settings"
        temp_restore_dir=/root/tempmumble
        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir mumble
-        if [ -d $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini /etc/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.ini" /etc/
        else
            cp -f $temp_restore_dir/mumble-server.ini /etc/
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            rm -rf $temp_restore_dir
            exit 7823
        fi
-        if [ ! "$?" = "0" ]; then
-            rm -rf $temp_restore_dir
-            exit 7823
-        fi
-        if [ $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup ]; then
-            cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite /var/lib/mumble-server/
+        if [ -d "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup" ]; then
+            cp -f "$temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/mumble-server.sqlite" /var/lib/mumble-server/
        else
            cp -f $temp_restore_dir/mumble-server.sqlite /var/lib/mumble-server/
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            rm -rf $temp_restore_dir
            exit 276
@ -221,7 +221,7 @@ function remove_mumble {
    fi
    function_check remove_onion_service
    remove_onion_service mumble ${MUMBLE_PORT}
-    sed -i '/mumble/d' $COMPLETION_FILE
+    sed -i '/mumble/d' "$COMPLETION_FILE"
 }

 function configure_firewall_for_mumble {
@ -238,34 +238,34 @@ function configure_firewall_for_mumble {
 function install_mumble {
    apt-get -yq install mumble-server

-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        MUMBLE_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        MUMBLE_SERVER_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
-        if [ ! $MUMBLE_SERVER_PASSWORD ]; then
-            MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
-            if [ ${#MUMBLE_SERVER_PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then
-                MUMBLE_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$MUMBLE_SERVER_PASSWORD" ]; then
+            MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+            if [ ${#MUMBLE_SERVER_PASSWORD} -lt "$MINIMUM_PASSWORD_LENGTH" ]; then
+                MUMBLE_SERVER_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
            fi
        fi
    fi

    if [[ ${ONION_ONLY} == 'no' ]]; then
-        if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
-            mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
+        if [ ! -d "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs" ]; then
+            mkdir "/var/www/${DEFAULT_DOMAIN_NAME}/htdocs"
        fi
-        if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-                rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
+        if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
+                rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt"
            fi
-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
-                rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam" ]; then
+                rm "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"
            fi
            echo $'Obtaining certificate for the main domain'
            function_check create_site_certificate
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
-            chmod 755 /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
+            create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
+            chmod 755 "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam"

-            if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
+            if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
                echo $'Incorrect certificate generated'
                exit 78352
            fi
@ -276,9 +276,9 @@ function install_mumble {


    # Make an ssl cert for the server
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
        if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
-            ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
+            "${PROJECT_NAME}-addcert" -h mumble --dhkey "$DH_KEYLENGTH"
            function_check check_certificates
            check_certificates mumble
        fi
@ -318,7 +318,7 @@ function install_mumble {
        echo 'allowping=False' >> /etc/mumble-server.ini
    fi
    sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
-    if [ ! -f /etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem ]; then
+    if [ ! -f "/etc/letsencrypt/live/${DEFAULT_DOMAIN_NAME}/fullchain.pem" ]; then
        sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
        sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
    else
@ -335,7 +335,8 @@ function install_mumble {
    sed -i 's|allowhtml=.*|allowhtml=False|g' /etc/mumble-server.ini
    sed -i "s|port=.*|port=${MUMBLE_PORT}|g" /etc/mumble-server.ini

-    MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT})
+    #MUMBLE_ONION_HOSTNAME=$(add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT})
+    add_onion_service mumble ${MUMBLE_PORT} ${MUMBLE_PORT}

    # turn off logs by default
    sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
--- a/src/freedombone-app-nextcloud
+++ b/src/freedombone-app-nextcloud
@ -60,14 +60,14 @@ function logging_off_nextcloud {
 function remove_user_nextcloud {
    remove_username="$1"

-    ${PROJECT_NAME}-pass -u $remove_username --rmapp nextcloud
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp nextcloud
 }

 function add_user_nextcloud {
    new_username="$1"
    new_user_password="$2"

-    ${PROJECT_NAME}-pass -u $new_username -a nextcloud -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a nextcloud -p "$new_user_password"
    echo '0'
 }

@ -76,12 +76,12 @@ function change_password_nextcloud {

    export OC_PASS="$2"
    su -s /bin/sh www-data -c "php occ user:resetpassword --password-from-env $curr_username"
-    ${PROJECT_NAME}-pass -u $curr_username -a nextcloud -p "$OC_PASS"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$OC_PASS"
    export OC_PASS=""
 }

 function install_interactive_nextcloud {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

@ -91,42 +91,40 @@ function install_interactive_nextcloud {
        NEXTCLOUD_DETAILS_COMPLETE=
        while [ ! $NEXTCLOUD_DETAILS_COMPLETE ]
        do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"NextCloud Configuration" \
-                       --form $"\nPlease enter your NextCloud details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
+                       --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
                       $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
                       $"Code:" 2 1 "$(grep 'NEXTCLOUD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
-                       2> $data
+                       2> "$data"
            else
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"NextCloud Configuration" \
-                       --form $"\nPlease enter your NextCloud details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
+                       --form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
                       $"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
-                       2> $data
+                       2> "$data"
            fi
            sel=$?
            case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
            esac
-            NEXTCLOUD_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ ${#img_url} -gt 1 ]; then
-                NEXTCLOUD_BACKGROUND_IMAGE_URL=$img_url
-            fi
-            if [ $NEXTCLOUD_DOMAIN_NAME ]; then
+            NEXTCLOUD_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
                TEST_DOMAIN_NAME=$NEXTCLOUD_DOMAIN_NAME
                validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $NEXTCLOUD_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$NEXTCLOUD_DOMAIN_NAME" ]]; then
                    NEXTCLOUD_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        NEXTCLOUD_CODE=$(cat $data | sed -n 2p)
+                        NEXTCLOUD_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$NEXTCLOUD_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                            NEXTCLOUD_DOMAIN_NAME=
                        fi
                    fi
@ -135,11 +133,12 @@ function install_interactive_nextcloud {
            if [ $NEXTCLOUD_DOMAIN_NAME ]; then
                NEXTCLOUD_DETAILS_COMPLETE="yes"
            fi
+            rm -f "$data"
        done

        # remove any invalid characters
        if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then
-            new_title=$(echo "$NEXTCLOUD_TITLE" | sed "s|'||g")
+            new_title=${"$NEXTCLOUD_TITLE"//\'//}
            NEXTCLOUD_TITLE="$new_title"
        fi

@ -156,23 +155,23 @@ function change_password_nextcloud {

    read_config_param ${NEXTCLOUD_DOMAIN_NAME}

-    ${PROJECT_NAME}-pass -u "$curr_username" -a nextcloud -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$new_user_password"
 }

 function nextcloud_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        NEXTCLOUD_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        NEXTCLOUD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
-        if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then
-            NEXTCLOUD_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
+            NEXTCLOUD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
        fi
    fi
-    if [ ! $NEXTCLOUD_ADMIN_PASSWORD ]; then
+    if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
        return
    fi

    function_check create_database
-    create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" $MY_USERNAME
+    create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" "$MY_USERNAME"
 }

 function reconfigure_nextcloud {
@ -186,7 +185,7 @@ function configure_interactive_nextcloud {
 function upgrade_nextcloud_base {
    chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
    chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data
-    cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 232547985
    sudo -u www-data ./occ maintenance:repair
    sudo -u www-data ./occ files:cleanup
    sudo -u www-data ./occ files:scan --all
@ -200,13 +199,13 @@ function upgrade_nextcloud {
        return
    fi

-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
        NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
    fi

    # update to the next commit
    function_check set_repo_commit
-    set_repo_commit /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs "nextcloud commit" "$NEXTCLOUD_COMMIT" $NEXTCLOUD_REPO
+    set_repo_commit "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" "nextcloud commit" "$NEXTCLOUD_COMMIT" "$NEXTCLOUD_REPO"

    upgrade_nextcloud_base
    sudo -u www-data ./occ upgrade
@ -215,22 +214,22 @@ function upgrade_nextcloud {

 function backup_local_nextcloud {
    NEXTCLOUD_DOMAIN_NAME='nextcloud'
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
        NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
    fi

    source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-    if [ -d $source_directory ]; then
+    if [ -d "$source_directory" ]; then
        function_check suspend_site
-        suspend_site ${NEXTCLOUD_DOMAIN_NAME}
+        suspend_site "${NEXTCLOUD_DOMAIN_NAME}"

        dest_directory=nextcloudfiles
        function_check backup_directory_to_usb
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"

        source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
        dest_directory=nextcloudconfig
-        backup_directory_to_usb $source_directory $dest_directory
+        backup_directory_to_usb "$source_directory" "$dest_directory"

        function_check backup_database_to_usb
        backup_database_to_usb nextcloud
@ -241,26 +240,26 @@ function backup_local_nextcloud {
 }

 function restore_local_nextcloud {
-    if ! grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if ! grep -q "nextcloud domain" "$COMPLETION_FILE"; then
        return
    fi
    NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
-    if [ $NEXTCLOUD_DOMAIN_NAME ]; then
+    if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then

        temp_restore_dir=/root/tempnextcloud
        function_check nextcloud_create_database
        nextcloud_create_database
-        restore_database nextcloud ${NEXTCLOUD_DOMAIN_NAME}
+        restore_database nextcloud "${NEXTCLOUD_DOMAIN_NAME}"

        temp_restore_dir=/root/tempnextcloudfiles
        restore_directory_from_usb $temp_restore_dir nextcloudfiles

-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
        else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
        fi
-
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            set_user_permissions
            backup_unmount_drive
@ -271,12 +270,13 @@ function restore_local_nextcloud {
        temp_restore_dir=/root/tempnextcloudconfig
        restore_directory_from_usb $temp_restore_dir nextcloudconfig

-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
        else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
        fi

+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            set_user_permissions
            backup_unmount_drive
@ -284,9 +284,9 @@ function restore_local_nextcloud {
        fi
        rm -rf ${temp_restore_dir}

-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        cd $nextcloud_dir
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+        cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 14893545875
        sudo -u www-data ./occ maintenance:repair
        sudo -u www-data ./occ files:cleanup
        sudo -u www-data ./occ files:scan --all
@ -294,21 +294,21 @@ function restore_local_nextcloud {
 }

 function backup_remote_nextcloud {
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
        NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
        temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        if [ -d $temp_backup_dir ]; then
+        if [ -d "$temp_backup_dir" ]; then
            function_check suspend_site
-            suspend_site ${NEXTCLOUD_DOMAIN_NAME}
+            suspend_site "${NEXTCLOUD_DOMAIN_NAME}"

            function_check backup_database_to_friend
            backup_database_to_friend nextcloud

            function_check backup_directory_to_friend
-            backup_directory_to_friend $temp_backup_dir nextclouddata
+            backup_directory_to_friend "$temp_backup_dir" nextclouddata

            temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
-            backup_directory_to_friend $temp_backup_dir nextcloudconfig
+            backup_directory_to_friend "$temp_backup_dir" nextcloudconfig

            function_check restart_site
            restart_site
@ -319,7 +319,7 @@ function backup_remote_nextcloud {
 }

 function restore_remote_nextcloud {
-    if grep -q "nextcloud domain" $COMPLETION_FILE; then
+    if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
        echo $"Restoring nextcloud"
        NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")

@ -327,7 +327,7 @@ function restore_remote_nextcloud {
        nextcloud_create_database

        function_check restore_database_from_friend
-        restore_database_from_friend nextcloud ${NEXTCLOUD_DOMAIN_NAME}
+        restore_database_from_friend nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
        if [ -d /root/tempnextcloud ]; then
            rm -rf /root/tempnextcloud
        fi
@ -335,12 +335,12 @@ function restore_remote_nextcloud {
        temp_restore_dir=/root/tempnextcloudfiles
        restore_directory_from_friend $temp_restore_dir nextcloudfiles

-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
        else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
        fi
-
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            exit 768254
        fi
@ -349,20 +349,21 @@ function restore_remote_nextcloud {
        temp_restore_dir=/root/tempnextcloudconfig
        restore_directory_from_friend $temp_restore_dir nextcloudconfig

-        if [ -d $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config ]; then
-            cp -r $temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
+            cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
        else
-            cp -r $temp_restore_dir/* /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/
+            cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
        fi

+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            exit 573427
        fi
        rm -rf ${temp_restore_dir}

-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
-        chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-        cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
+        chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+        cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2642846824
        sudo -u www-data ./occ maintenance:repair
        sudo -u www-data ./occ files:cleanup
        sudo -u www-data ./occ files:scan --all
@ -381,13 +382,13 @@ function remove_nextcloud {
    read_config_param "NEXTCLOUD_DOMAIN_NAME"
    read_config_param "MY_USERNAME"
    echo "Removing $NEXTCLOUD_DOMAIN_NAME"
-    nginx_dissite $NEXTCLOUD_DOMAIN_NAME
-    remove_certs $NEXTCLOUD_DOMAIN_NAME
-    if [ -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
-        rm -rf /var/www/$NEXTCLOUD_DOMAIN_NAME
+    nginx_dissite "$NEXTCLOUD_DOMAIN_NAME"
+    remove_certs "$NEXTCLOUD_DOMAIN_NAME"
+    if [ -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$NEXTCLOUD_DOMAIN_NAME"
    fi
-    if [ -f /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME"
    fi
    function_check drop_database
    drop_database nextcloud
@ -395,17 +396,17 @@ function remove_nextcloud {
    remove_onion_service nextcloud ${NEXTCLOUD_ONION_PORT}
    remove_app nextcloud
    remove_completion_param install_nextcloud
-    sed -i '/nextcloud/d' $COMPLETION_FILE
+    sed -i '/nextcloud/d' "$COMPLETION_FILE"
    remove_backup_database_local nextcloud

    function_check remove_ddns_domain
-    remove_ddns_domain $NEXTCLOUD_DOMAIN_NAME
+    remove_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
    systemctl restart nginx
    systemctl restart php7.0-fpm
 }

 function install_nextcloud_main {
-    if [ ! $NEXTCLOUD_DOMAIN_NAME ]; then
+    if [ ! "$NEXTCLOUD_DOMAIN_NAME" ]; then
        echo $'No domain name was given for nextcloud'
        exit 7359
    fi
@ -434,34 +435,34 @@ function install_nextcloud_main {
    fi
    sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf

-    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME ]; then
-        mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME
+    if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME"
    fi
-    if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then

        if [ -d /repos/nextcloud ]; then
-            mkdir /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-            cp -r -p /repos/nextcloud/. /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-            cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/nextcloud/. "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+            cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 2783539793
            git pull
        else
            function_check git_clone
-            git_clone $NEXTCLOUD_REPO /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+            git_clone "$NEXTCLOUD_REPO" "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
        fi

-        if [ ! -d /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
            echo $'Unable to clone nextcloud repo'
            exit 87525
        fi
    fi

-    cd /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 3468346834
    git submodule update --init
    git checkout $NEXTCLOUD_COMMIT -b $NEXTCLOUD_COMMIT
    set_completion_param "nextcloud commit" "$NEXTCLOUD_COMMIT"

-    chmod g+w /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"

    function_check nextcloud_create_database
    nextcloud_create_database
@ -474,154 +475,154 @@ function install_nextcloud_main {
    fi

    function_check add_ddns_domain
-    add_ddns_domain $NEXTCLOUD_DOMAIN_NAME
+    add_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"

    nextcloud_nginx_site=/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
-        nginx_http_redirect $NEXTCLOUD_DOMAIN_NAME
-        echo 'server {' >> $nextcloud_nginx_site
-        echo '  listen 443 ssl;' >> $nextcloud_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $nextcloud_nginx_site
-        echo "  server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Security' >> $nextcloud_nginx_site
+        nginx_http_redirect "$NEXTCLOUD_DOMAIN_NAME"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $NEXTCLOUD_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> "$nextcloud_nginx_site"
        function_check nginx_ssl
-        nginx_ssl $NEXTCLOUD_DOMAIN_NAME mobile
+        nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile

        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME
+        nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"

-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Logs' >> $nextcloud_nginx_site
-        echo '  access_log /dev/null;' >> $nextcloud_nginx_site
-        echo '  error_log /dev/null;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Root' >> $nextcloud_nginx_site
-        echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Index' >> $nextcloud_nginx_site
-        echo '  index index.php;' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';

-        # By default nextcloud advertises highly specific version information
-        # on status.php, which can obviously be used by adversaries.
-        # Blocking status.php prevents this information leak
-        echo '  location = /status.php {' >> $nextcloud_nginx_site
-        echo '    return 404;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
+          # By default nextcloud advertises highly specific version information
+          # on status.php, which can obviously be used by adversaries.
+          # Blocking status.php prevents this information leak
+          echo '  location = /status.php {';
+          echo '    return 404;';
+          echo '  }';
+          echo '';

-        echo '  # PHP' >> $nextcloud_nginx_site
-        echo '  location ~ \.php {' >> $nextcloud_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Location' >> $nextcloud_nginx_site
-        echo '  location / {' >> $nextcloud_nginx_site
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$nextcloud_nginx_site"
        function_check nginx_limits
-        nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Fancy URLs' >> $nextcloud_nginx_site
-        echo '  location @nextcloud {' >> $nextcloud_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $nextcloud_nginx_site
-        echo '    deny all;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  location = /.well-known/carddav {' >> $nextcloud_nginx_site
-        echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '  location = /.well-known/caldav {' >> $nextcloud_nginx_site
-        echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-        echo '  }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-        echo '  location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
-        echo '}' >> $nextcloud_nginx_site
+        nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @nextcloud;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @nextcloud {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '';
+          echo '  location = /.well-known/carddav {';
+          echo "    return 301 \$scheme://\$host/remote.php/dav;";
+          echo '  }';
+          echo '  location = /.well-known/caldav {';
+          echo "    return 301 \$scheme://\$host/remote.php/dav;";
+          echo '  }';
+          echo '';
+          echo '  location /.well-known/acme-challenge { }';
+          echo '}'; } >> "$nextcloud_nginx_site"
    else
-        echo -n '' > $nextcloud_nginx_site
+        echo -n '' > "$nextcloud_nginx_site"
    fi
-    echo 'server {' >> $nextcloud_nginx_site
-    echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;" >> $nextcloud_nginx_site
-    echo "    server_name $NEXTCLOUD_DOMAIN_NAME;" >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;";
+      echo "    server_name $NEXTCLOUD_DOMAIN_NAME;";
+      echo ''; } >> "$nextcloud_nginx_site"
    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $NEXTCLOUD_DOMAIN_NAME
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Logs' >> $nextcloud_nginx_site
-    echo '  access_log /dev/null;' >> $nextcloud_nginx_site
-    echo '  error_log /dev/null;' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Root' >> $nextcloud_nginx_site
-    echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;" >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Index' >> $nextcloud_nginx_site
-    echo '  index index.php;' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+    nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';

-    # By default nextcloud advertises highly specific version information
-    # on status.php, which can obviously be used by adversaries.
-    # Blocking status.php prevents this information leak
-    echo '  location = /status.php {' >> $nextcloud_nginx_site
-    echo '    return 404;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
+      # By default nextcloud advertises highly specific version information
+      # on status.php, which can obviously be used by adversaries.
+      # Blocking status.php prevents this information leak
+      echo '  location = /status.php {';
+      echo '    return 404;';
+      echo '  }';
+      echo '';

-    echo '  # PHP' >> $nextcloud_nginx_site
-    echo '  location ~ \.php {' >> $nextcloud_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $nextcloud_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $nextcloud_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Location' >> $nextcloud_nginx_site
-    echo '  location / {' >> $nextcloud_nginx_site
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$nextcloud_nginx_site"
    function_check nginx_limits
-    nginx_limits $NEXTCLOUD_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @nextcloud;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Fancy URLs' >> $nextcloud_nginx_site
-    echo '  location @nextcloud {' >> $nextcloud_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $nextcloud_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $nextcloud_nginx_site
-    echo '    deny all;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  location = /.well-known/carddav {' >> $nextcloud_nginx_site
-    echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '  location = /.well-known/caldav {' >> $nextcloud_nginx_site
-    echo '    return 301 $scheme://$host/remote.php/dav;' >> $nextcloud_nginx_site
-    echo '  }' >> $nextcloud_nginx_site
-    echo '' >> $nextcloud_nginx_site
-    echo '  location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
-    echo '}' >> $nextcloud_nginx_site
+    nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @nextcloud;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @nextcloud {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  location = /.well-known/carddav {';
+      echo "    return 301 \$scheme://\$host/remote.php/dav;";
+      echo '  }';
+      echo '  location = /.well-known/caldav {';
+      echo "    return 301 \$scheme://\$host/remote.php/dav;";
+      echo '  }';
+      echo '';
+      echo '  location /.well-known/acme-challenge { }';
+      echo '}'; } >> "$nextcloud_nginx_site"

-    sed -i 's| DENY;| SAMEORIGIN;|g' $nextcloud_nginx_site
+    sed -i 's| DENY;| SAMEORIGIN;|g' "$nextcloud_nginx_site"

    # NextCloud doesn't like content-security-policy at all
-    sed -i '/Content-Security-Policy/d' $nextcloud_nginx_site
+    sed -i '/Content-Security-Policy/d' "$nextcloud_nginx_site"

    function_check configure_php
    configure_php

    function_check create_site_certificate
-    create_site_certificate $NEXTCLOUD_DOMAIN_NAME 'yes'
+    create_site_certificate "$NEXTCLOUD_DOMAIN_NAME" 'yes'

-    if [[ $ONION_ONLY == "no" ]]; then
-        if [ ! -f /etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem ]; then
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        if [ ! -f "/etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem" ]; then
            echo $'Certificate not generated for nextcloud'
            exit 725762
        fi
@ -636,31 +637,18 @@ function install_nextcloud_main {
    backup_database_local nextcloud

    function_check nginx_ensite
-    nginx_ensite $NEXTCLOUD_DOMAIN_NAME
-
-    # NOTE: For the typical case always enable SSL and only
-    # disable it if in onion only mode. This is due to complexities
-    # with the way URLs are generated by nextcloud
-    nextcloud_ssl='always'
-    if [[ $ONION_ONLY != 'no' ]]; then
-        nextcloud_ssl='never'
-    fi
+    nginx_ensite "$NEXTCLOUD_DOMAIN_NAME"

    NEXTCLOUD_ONION_HOSTNAME=$(add_onion_service nextcloud 80 ${NEXTCLOUD_ONION_PORT})

-    NEXTCLOUD_SERVER=${NEXTCLOUD_DOMAIN_NAME}
-    if [[ $ONION_ONLY != 'no' ]]; then
-        NEXTCLOUD_SERVER=${NEXTCLOUD_ONION_HOSTNAME}
-    fi
-
    systemctl restart php7.0-fpm
    systemctl restart nginx

-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no

-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"

-    cd /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+    cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2467245247
    if [ -d config ]; then
        chown -R www-data:www-data config
    fi
@ -669,7 +657,7 @@ function install_nextcloud_main {
    fi

    chmod +x occ
-    ./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
+    ./occ maintenance:install --database-name nextcloud --admin-user "${MY_USERNAME}" --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
    if [ ! -d data ]; then
        echo $'Nextcloud data directory was not found. This probably means that the installation failed.'
        echo ''
@ -683,20 +671,19 @@ function install_nextcloud_main {
    sudo -u www-data ./occ status
    sudo -u www-data ./occ app:list
    sudo -u www-data ./occ app:enable encryption
-    sudo -u www-data ./occ encryption:enable
-    if [ ! "$?" = "0" ]; then
+    if ! sudo -u www-data ./occ encryption:enable; then
        echo $'Encryption not enabled'
        exit 73527
    fi
    sudo -u www-data ./occ encryption:status
    sudo -u www-data ./occ config:system:set appstoreenabled --value=false
-    chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
-    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
+    chmod g+w "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
+    chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
    chmod 0644 .htaccess
    chmod 0750 data
-    chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/data
-    sudo -u www-data ./occ config:system:set trusted_domains 1 --value=$NEXTCLOUD_DOMAIN_NAME
-    sudo -u www-data ./occ config:system:set trusted_domains 2 --value=$NEXTCLOUD_ONION_HOSTNAME
+    chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
+    sudo -u www-data ./occ config:system:set trusted_domains 1 --value="$NEXTCLOUD_DOMAIN_NAME"
+    sudo -u www-data ./occ config:system:set trusted_domains 2 --value="$NEXTCLOUD_ONION_HOSTNAME"
    sudo -u www-data ./occ files:cleanup
    sudo -u www-data ./occ files:scan --all
    sudo -u www-data ./occ maintenance:repair
@ -705,8 +692,8 @@ function install_nextcloud_main {
    systemctl restart mariadb

    # move the data directory
-    mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
-    sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
+    mv "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
+    sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"

    set_completion_param "nextcloud domain" "$NEXTCLOUD_DOMAIN_NAME"

@ -714,7 +701,7 @@ function install_nextcloud_main {
 }

 function install_nextcloud {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

--- a/src/freedombone-app-peertube
+++ b/src/freedombone-app-peertube
@ -55,14 +55,14 @@ peertube_variables=(PEERTUBE_DOMAIN_NAME
                    MY_EMAIL_ADDRESS)

 function peertube_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        PEERTUBE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        PEERTUBE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
-        if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then
-            PEERTUBE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
+            PEERTUBE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
        fi
    fi
-    if [ ! $PEERTUBE_ADMIN_PASSWORD ]; then
+    if [ ! "$PEERTUBE_ADMIN_PASSWORD" ]; then
        return
    fi

@ -82,7 +82,8 @@ function logging_off_peertube {
 }

 function remove_user_peertube {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }

 function add_user_peertube {
@ -91,14 +92,14 @@ function add_user_peertube {
        return
    fi

-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"

    echo '0'
 }

 function install_interactive_peertube {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

@ -113,15 +114,14 @@ function install_interactive_peertube {
 }

 function peertube_set_admin_email {
-    read_config_param $MY_EMAIL_ADDRESS
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    read_config_param "$MY_EMAIL_ADDRESS"
+    data=$(mktemp 2>/dev/null)
    dialog --title $"Set PeerTube administrator email address" \
           --backtitle $"Freedombone Control Panel" \
-           --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>$data
+           --inputbox $"Admin email address" 8 75 "$MY_EMAIL_ADDRESS" 2>"$data"
    sel=$?
    case $sel in
-        0)  peertube_email=$(<$data)
+        0)  peertube_email=$(<"$data")
            if [[ "$peertube_email" != *' '* && "$peertube_email" != *','* && "$peertube_email" != *';'* && "$peertube_email" == *'@'* && "$peertube_email" == *'.'* ]]; then
                if [ ${#peertube_email} -gt 8 ]; then
                    sed -i "s|email:.*|email: '${peertube_email}'|g" $PEERTUBE_DIR/config/production.yaml
@ -132,13 +132,13 @@ function peertube_set_admin_email {
            fi
            ;;
    esac
-    rm $data
+    rm -f "$data"
 }

 function peertube_disable_signups {
    dialog --title $"Disable PeerTube signups" \
           --backtitle $"Freedombone Control Panel" \
-           --yesno $"\nDo you wish to disable further PeerTube signups?" 8 75
+           --yesno $"\\nDo you wish to disable further PeerTube signups?" 8 75
    sel=$?
    case $sel in
        0) sed -i "0,/enabled:.*/s//enabled: false/" $PEERTUBE_DIR/config/production.yaml;;
@ -152,35 +152,36 @@ function peertube_disable_signups {
 function configure_interactive_peertube {
    while true
    do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"PeerTube" \
               --radiolist $"Choose an operation:" 10 70 4 \
               1 $"Set administrator email address" off \
               2 $"Disable or enable signups" off \
-               3 $"Exit" on 2> $data
+               3 $"Exit" on 2> "$data"
        sel=$?
        case $sel in
            1) break;;
            255) break;;
        esac
-        case $(cat $data) in
+        case $(cat "$data") in
            1) peertube_set_admin_email;;
            2) peertube_disable_signups;;
-            3) break;;
+            3) rm -f "$data"
+               break;;
        esac
+        rm -f "$data"
    done
 }

 function change_password_peertube {
-    PEERTUBE_USERNAME="$1"
+#    PEERTUBE_USERNAME="$1"
    PEERTUBE_PASSWORD="$2"
    if [ ${#PEERTUBE_PASSWORD} -lt 8 ]; then
        echo $'Peertube password is too short'
        return
    fi
-    #${PROJECT_NAME}-pass -u $PEERTUBE_USERNAME -a peertube -p "$PEERTUBE_PASSWORD"
+    #"${PROJECT_NAME}-pass" -u "$PEERTUBE_USERNAME" -a peertube -p "$PEERTUBE_PASSWORD"
 }

 function reconfigure_peertube {
@ -195,7 +196,7 @@ function upgrade_peertube {

    read_config_param PEERTUBE_DOMAIN_NAME
    systemctl stop peertube
-    cd $PEERTUBE_DIR
+    cd "$PEERTUBE_DIR" || exit 7824552627

    function_check set_repo_commit
    set_repo_commit $PEERTUBE_DIR "peertube commit" "$PEERTUBE_COMMIT" $PEERTUBE_REPO
@ -207,7 +208,7 @@ function upgrade_peertube {

 function backup_local_peertube {
    PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
        PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
    fi

@ -219,7 +220,7 @@ function backup_local_peertube {

    peertube_path=$PEERTUBE_DIR/videos
    if [ -d $peertube_path ]; then
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
        systemctl stop peertube
        backup_directory_to_usb $peertube_path peertubevideos
        systemctl start peertube
@ -229,11 +230,11 @@ function backup_local_peertube {

 function restore_local_peertube {
    PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
        PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
    fi
-    if [ $PEERTUBE_DOMAIN_NAME ]; then
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+    if [ "$PEERTUBE_DOMAIN_NAME" ]; then
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
        systemctl stop peertube

        USE_POSTGRESQL=1
@ -259,7 +260,7 @@ function restore_local_peertube {

 function backup_remote_peertube {
    PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
        PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
    fi

@ -272,7 +273,7 @@ function backup_remote_peertube {
    temp_backup_dir=$PEERTUBE_DIR/videos
    if [ -d $temp_backup_dir ]; then
        systemctl stop peertube
-        suspend_site ${PEERTUBE_DOMAIN_NAME}
+        suspend_site "${PEERTUBE_DOMAIN_NAME}"
        backup_directory_to_friend $temp_backup_dir peertubevideos
        restart_site
        systemctl start peertube
@ -284,13 +285,14 @@ function backup_remote_peertube {

 function restore_remote_peertube {
    PEERTUBE_DOMAIN_NAME='peertube.local'
-    if grep -q "peertube domain" $COMPLETION_FILE; then
+    if grep -q "peertube domain" "$COMPLETION_FILE"; then
        PEERTUBE_DOMAIN_NAME=$(get_completion_param "peertube domain")
    fi
-    suspend_site ${PEERTUBE_DOMAIN_NAME}
+    suspend_site "${PEERTUBE_DOMAIN_NAME}"

    systemctl stop peertube

+    # shellcheck disable=SC2034
    USE_POSTGRESQL=1
    function_check restore_database_from_friend
    restore_database_from_friend peertube
@ -326,20 +328,20 @@ function remove_peertube {
    remove_nodejs peertube

    read_config_param "PEERTUBE_DOMAIN_NAME"
-    nginx_dissite $PEERTUBE_DOMAIN_NAME
-    remove_certs ${PEERTUBE_DOMAIN_NAME}
-    if [ -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME ]; then
-        rm -f /etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME
+    nginx_dissite "$PEERTUBE_DOMAIN_NAME"
+    remove_certs "${PEERTUBE_DOMAIN_NAME}"
+    if [ -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME" ]; then
+        rm -f "/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME"
    fi
-    if [ -d /var/www/$PEERTUBE_DOMAIN_NAME ]; then
-        rm -rf /var/www/$PEERTUBE_DOMAIN_NAME
+    if [ -d "/var/www/$PEERTUBE_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PEERTUBE_DOMAIN_NAME"
    fi
    remove_config_param PEERTUBE_DOMAIN_NAME
    remove_config_param PEERTUBE_CODE
    function_check remove_onion_service
    remove_onion_service peertube ${PEERTUBE_ONION_PORT}
    remove_completion_param "install_peertube"
-    sed -i '/peertube/d' $COMPLETION_FILE
+    sed -i '/peertube/d' "$COMPLETION_FILE"

    function_check drop_database_postgresql
    drop_database_postgresql peertube peertube
@ -352,188 +354,189 @@ function remove_peertube {
    fi

    function_check remove_ddns_domain
-    remove_ddns_domain $PEERTUBE_DOMAIN_NAME
+    remove_ddns_domain "$PEERTUBE_DOMAIN_NAME"
 }

 function peertube_setup_web {
    peertube_nginx_file=/etc/nginx/sites-available/$PEERTUBE_DOMAIN_NAME

    if [[ $ONION_ONLY == "no" ]]; then
-        echo 'server {' > $peertube_nginx_file
-        echo '  listen 80;' >> $peertube_nginx_file
-        echo '  listen [::]:80;' >> $peertube_nginx_file
-        echo "  server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file
-        echo '  rewrite ^ https://$server_name$request_uri? permanent;' >> $peertube_nginx_file
-        echo '}' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo 'server {' >> $peertube_nginx_file
-        echo '  listen 443 ssl http2;' >> $peertube_nginx_file
-        echo '  #listen [::]:443 ssl http2;' >> $peertube_nginx_file
-        echo "  server_name $PEERTUBE_DOMAIN_NAME;" >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
+        { echo 'server {';
+          echo '  listen 80;';
+          echo '  listen [::]:80;';
+          echo "  server_name $PEERTUBE_DOMAIN_NAME;";
+          echo "  rewrite ^ https://\$server_name\$request_uri? permanent;";
+          echo '}';
+          echo '';
+          echo 'server {';
+          echo '  listen 443 ssl http2;';
+          echo '  #listen [::]:443 ssl http2;';
+          echo "  server_name $PEERTUBE_DOMAIN_NAME;";
+          echo ''; } > "$peertube_nginx_file"
        function_check nginx_ssl
-        nginx_ssl $PEERTUBE_DOMAIN_NAME mobile
+        nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile

        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $PEERTUBE_DOMAIN_NAME
+        nginx_disable_sniffing "$PEERTUBE_DOMAIN_NAME"

-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  location / {' >> $peertube_nginx_file
-        echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-        echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '    # For the video upload' >> $peertube_nginx_file
-        echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  location /static/webseed {' >> $peertube_nginx_file
-        echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-        echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-        echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-        echo '      return 204;' >> $peertube_nginx_file
-        echo '    }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-        echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-        echo '    }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '' >> $peertube_nginx_file
-        echo '  # Websocket tracker' >> $peertube_nginx_file
-        echo '  location /tracker/socket {' >> $peertube_nginx_file
-        echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-        echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-        echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-        echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-        echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-        echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-        echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-        echo '  }' >> $peertube_nginx_file
-        echo '}' >> $peertube_nginx_file
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  location / {';
+          echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '';
+          echo '    # For the video upload';
+          echo '    client_max_body_size 2G;';
+          echo '  }';
+          echo '';
+          echo '  location /static/webseed {';
+          echo "    if (\$request_method = 'OPTIONS') {";
+          echo "      add_header 'Access-Control-Allow-Origin' '*';";
+          echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+          echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+          echo "      add_header 'Access-Control-Max-Age' 1728000;";
+          echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+          echo "      add_header 'Content-Length' 0;";
+          echo '      return 204;';
+          echo '    }';
+          echo '';
+          echo "    if (\$request_method = 'GET') {";
+          echo "      add_header 'Access-Control-Allow-Origin' '*';";
+          echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+          echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+          echo '    }';
+          echo '';
+          echo "    alias $PEERTUBE_DIR/videos;";
+          echo '  }';
+          echo '';
+          echo '  # Websocket tracker';
+          echo '  location /tracker/socket {';
+          echo '    # Peers send a message to the tracker every 15 minutes';
+          echo '    # Dont close the websocket before this time';
+          echo '    proxy_read_timeout 1200s;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection "upgrade";';
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+          echo '  }';
+          echo '}'; } >> "$peertube_nginx_file"
    else
-        echo -n '' > $peertube_nginx_file
+        echo -n '' > "$peertube_nginx_file"
    fi
-    echo 'server {' >> $peertube_nginx_file
-    echo "  listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;" >> $peertube_nginx_file
-    echo "  server_name $PEERTUBE_ONION_HOSTNAME;" >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location / {' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '    # For the video upload' >> $peertube_nginx_file
-    echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location /static/webseed {' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-    echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-    echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-    echo '      return 204;' >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  # Websocket tracker' >> $peertube_nginx_file
-    echo '  location /tracker/socket {' >> $peertube_nginx_file
-    echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-    echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-    echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-    echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-    echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '}' >> $peertube_nginx_file
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$PEERTUBE_ONION_PORT default_server;";
+      echo "  server_name $PEERTUBE_ONION_HOSTNAME;";
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # For the video upload';
+      echo '    client_max_body_size 2G;';
+      echo '  }';
+      echo '';
+      echo '  location /static/webseed {';
+      echo "    if (\$request_method = 'OPTIONS') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo "      add_header 'Access-Control-Max-Age' 1728000;";
+      echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+      echo "      add_header 'Content-Length' 0;";
+      echo '      return 204;';
+      echo '    }';
+      echo '';
+      echo "    if (\$request_method = 'GET') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo '    }';
+      echo '';
+      echo "    alias $PEERTUBE_DIR/videos;";
+      echo '  }';
+      echo '';
+      echo '  # Websocket tracker';
+      echo '  location /tracker/socket {';
+      echo '    # Peers send a message to the tracker every 15 minutes';
+      echo '    # Dont close the websocket before this time';
+      echo '    proxy_read_timeout 1200s;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection "upgrade";';
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo '  }';
+      echo '}'; } >> "$peertube_nginx_file"

    # CSP currently causes an error
-    sed -i '/Content-Security-Policy/d' $peertube_nginx_file
+    sed -i '/Content-Security-Policy/d' "$peertube_nginx_file"

    function_check create_site_certificate
-    create_site_certificate $PEERTUBE_DOMAIN_NAME 'yes'
+    create_site_certificate "$PEERTUBE_DOMAIN_NAME" 'yes'

    function_check nginx_ensite
-    nginx_ensite $PEERTUBE_DOMAIN_NAME
+    nginx_ensite "$PEERTUBE_DOMAIN_NAME"
 }

 function mesh_peertube_setup_web {
+    # shellcheck disable=SC2154
    peertube_nginx_file=$rootdir/etc/nginx/sites-available/peertube

-    echo 'server {' >> $peertube_nginx_file
-    echo "  listen $MESH_PEERTUBE_PORT http2;" >> $peertube_nginx_file
-    echo '  listen [::]:$MESH_PEERTUBE_PORT http2;' >> $peertube_nginx_file
-    echo '  server_name $HOSTNAME;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location / {' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '    # For the video upload' >> $peertube_nginx_file
-    echo '    client_max_body_size 2G;' >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  location /static/webseed {' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'OPTIONS') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Max-Age' 1728000;" >> $peertube_nginx_file
-    echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';" >> $peertube_nginx_file
-    echo "      add_header 'Content-Length' 0;" >> $peertube_nginx_file
-    echo '      return 204;' >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    if (\$request_method = 'GET') {" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Origin' '*';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';" >> $peertube_nginx_file
-    echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';" >> $peertube_nginx_file
-    echo '    }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo "    alias $PEERTUBE_DIR/videos;" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '' >> $peertube_nginx_file
-    echo '  # Websocket tracker' >> $peertube_nginx_file
-    echo '  location /tracker/socket {' >> $peertube_nginx_file
-    echo '    # Peers send a message to the tracker every 15 minutes' >> $peertube_nginx_file
-    echo '    # Dont close the websocket before this time' >> $peertube_nginx_file
-    echo '    proxy_read_timeout 1200s;' >> $peertube_nginx_file
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $peertube_nginx_file
-    echo '    proxy_set_header Connection "upgrade";' >> $peertube_nginx_file
-    echo '    proxy_http_version 1.1;' >> $peertube_nginx_file
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $peertube_nginx_file
-    echo '    proxy_set_header Host $host;' >> $peertube_nginx_file
-    echo "    proxy_pass http://localhost:${PEERTUBE_PORT};" >> $peertube_nginx_file
-    echo '  }' >> $peertube_nginx_file
-    echo '}' >> $peertube_nginx_file
+    { echo 'server {';
+      echo "  listen $MESH_PEERTUBE_PORT http2;";
+      echo "  listen [::]:\$MESH_PEERTUBE_PORT http2;";
+      echo "  server_name \$HOSTNAME;";
+      echo '';
+      echo '  location / {';
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '';
+      echo '    # For the video upload';
+      echo '    client_max_body_size 2G;';
+      echo '  }';
+      echo '';
+      echo '  location /static/webseed {';
+      echo "    if (\$request_method = 'OPTIONS') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo "      add_header 'Access-Control-Max-Age' 1728000;";
+      echo "      add_header 'Content-Type' 'text/plain charset=UTF-8';";
+      echo "      add_header 'Content-Length' 0;";
+      echo '      return 204;';
+      echo '    }';
+      echo '';
+      echo "    if (\$request_method = 'GET') {";
+      echo "      add_header 'Access-Control-Allow-Origin' '*';";
+      echo "      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';";
+      echo "      add_header 'Access-Control-Allow-Headers' 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';";
+      echo '    }';
+      echo '';
+      echo "    alias $PEERTUBE_DIR/videos;";
+      echo '  }';
+      echo '';
+      echo '  # Websocket tracker';
+      echo '  location /tracker/socket {';
+      echo '    # Peers send a message to the tracker every 15 minutes';
+      echo '    # Dont close the websocket before this time';
+      echo '    proxy_read_timeout 1200s;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo "    proxy_set_header Connection \"upgrade\";";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_pass http://localhost:${PEERTUBE_PORT};";
+      echo '  }';
+      echo '}'; } > "$peertube_nginx_file"
 }

 function peertube_create_config {
@ -541,84 +544,84 @@ function peertube_create_config {

    peertube_config_file=$peertube_prefix$PEERTUBE_DIR/config/production.yaml

-    echo 'listen:' > $peertube_config_file
-    echo "  port: $PEERTUBE_PORT" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo '# Correspond to your reverse proxy "listen" configuration' >> $peertube_config_file
-    echo 'webserver:' >> $peertube_config_file
-    if [ ! $peertube_prefix ]; then
-        if [[ $ONION_ONLY == 'no' ]]; then
-            echo '  https: true' >> $peertube_config_file
-            echo "  hostname: '$PEERTUBE_DOMAIN_NAME'" >> $peertube_config_file
-            echo '  port: 443' >> $peertube_config_file
+    { echo 'listen:';
+      echo "  port: $PEERTUBE_PORT";
+      echo '';
+      echo '# Correspond to your reverse proxy "listen" configuration';
+      echo 'webserver:'; } > "$peertube_config_file"
+    if [ ! "$peertube_prefix" ]; then
+        if [[ "$ONION_ONLY" == 'no' ]]; then
+            { echo '  https: true';
+              echo "  hostname: '$PEERTUBE_DOMAIN_NAME'";
+              echo '  port: 443'; } >> "$peertube_config_file"
        else
-            echo '  https: false' >> $peertube_config_file
-            echo "  hostname: '$PEERTUBE_ONION_HOSTNAME'" >> $peertube_config_file
-            echo '  port: 80' >> $peertube_config_file
+            { echo '  https: false';
+              echo "  hostname: '$PEERTUBE_ONION_HOSTNAME'";
+              echo '  port: 80'; } >> "$peertube_config_file"
        fi
    else
-        echo '  https: false' >> $peertube_config_file
-        echo "  hostname: ''" >> $peertube_config_file
-        echo "  port: $MESH_PEERTUBE_PORT" >> $peertube_config_file
+        { echo '  https: false';
+          echo "  hostname: ''";
+          echo "  port: $MESH_PEERTUBE_PORT"; } >> "$peertube_config_file"
    fi
-    echo '' >> $peertube_config_file
-    echo '# Your database name will be "peertube"+database.suffix' >> $peertube_config_file
-    echo 'database:' >> $peertube_config_file
-    echo "  hostname: 'localhost'" >> $peertube_config_file
-    echo '  port: 5432' >> $peertube_config_file
-    echo "  suffix: ''" >> $peertube_config_file
-    echo "  username: 'peertube'" >> $peertube_config_file
-    if [ ! $peertube_prefix ]; then
-        echo "  password: '$PEERTUBE_ADMIN_PASSWORD'" >> $peertube_config_file
+    { echo '';
+      echo '# Your database name will be "peertube"+database.suffix';
+      echo 'database:';
+      echo "  hostname: 'localhost'";
+      echo '  port: 5432';
+      echo "  suffix: ''";
+      echo "  username: 'peertube'"; } >> "$peertube_config_file"
+    if [ ! "$peertube_prefix" ]; then
+        echo "  password: '$PEERTUBE_ADMIN_PASSWORD'" >> "$peertube_config_file"
    else
-        echo "  password: ''" >> $peertube_config_file
+        echo "  password: ''" >> "$peertube_config_file"
    fi
-    echo '' >> $peertube_config_file
-    echo '# From the project root directory' >> $peertube_config_file
-    echo 'storage:' >> $peertube_config_file
-    echo "  certs: 'certs/'" >> $peertube_config_file
-    echo "  videos: 'videos/'" >> $peertube_config_file
-    echo "  logs: 'logs/'" >> $peertube_config_file
-    echo "  previews: 'previews/'" >> $peertube_config_file
-    echo "  thumbnails: 'thumbnails/'" >> $peertube_config_file
-    echo "  torrents: 'torrents/'" >> $peertube_config_file
-    echo "  cache: 'cache/'" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'cache:' >> $peertube_config_file
-    echo '  previews:' >> $peertube_config_file
-    echo '    size: 10 # Max number of previews you want to cache' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'admin:' >> $peertube_config_file
-    # This is deliberately a dummy email address
-    echo "  email: 'testuser@testdomain.net'" >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'signup:' >> $peertube_config_file
-    echo '  enabled: true' >> $peertube_config_file
-    echo '  limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo 'user:' >> $peertube_config_file
-    echo '  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).' >> $peertube_config_file
-    echo '  # -1 == unlimited' >> $peertube_config_file
-    echo '  video_quota: -1' >> $peertube_config_file
-    echo '' >> $peertube_config_file
-    echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag' >> $peertube_config_file
-    echo '# Uses a lot of CPU!' >> $peertube_config_file
-    echo 'transcoding:' >> $peertube_config_file
-    echo '  enabled: true' >> $peertube_config_file
-    echo '  threads: 2' >> $peertube_config_file
-    echo '  resolutions: # Only created if the original video has a higher resolution' >> $peertube_config_file
-    echo '    240p: true' >> $peertube_config_file
-    echo '    360p: false' >> $peertube_config_file
-    echo '    480p: false' >> $peertube_config_file
-    echo '    720p: false' >> $peertube_config_file
-    echo '    1080p: false' >> $peertube_config_file
+    { echo '';
+      echo '# From the project root directory';
+      echo 'storage:';
+      echo "  certs: 'certs/'";
+      echo "  videos: 'videos/'";
+      echo "  logs: 'logs/'";
+      echo "  previews: 'previews/'";
+      echo "  thumbnails: 'thumbnails/'";
+      echo "  torrents: 'torrents/'";
+      echo "  cache: 'cache/'";
+      echo '';
+      echo 'cache:';
+      echo '  previews:';
+      echo '    size: 10 # Max number of previews you want to cache';
+      echo '';
+      echo 'admin:';
+      # This is deliberately a dummy email address
+      echo "  email: 'testuser@testdomain.net'";
+      echo '';
+      echo 'signup:';
+      echo '  enabled: true';
+      echo '  limit: 5 # When the limit is reached, registrations are disabled. -1 == unlimited';
+      echo '';
+      echo 'user:';
+      echo '  # Default value of maximum video BYTES the user can upload (does not take into account transcoded files).';
+      echo '  # -1 == unlimited';
+      echo '  video_quota: -1';
+      echo '';
+      echo '# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag';
+      echo '# Uses a lot of CPU!';
+      echo 'transcoding:';
+      echo '  enabled: true';
+      echo '  threads: 2';
+      echo '  resolutions: # Only created if the original video has a higher resolution';
+      echo '    240p: true';
+      echo '    360p: false';
+      echo '    480p: false';
+      echo '    720p: false';
+      echo '    1080p: false'; } >> "$peertube_config_file"
 }

 function mesh_install_peertube {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
        return
    fi
-    if [[ $ARCHITECTURE != 'x86_64' && $ARCHITECTURE != 'amd64' ]]; then
+    if [[ "$ARCHITECTURE" != 'x86_64' && "$ARCHITECTURE" != 'amd64' ]]; then
        return
    fi

@ -627,22 +630,21 @@ function mesh_install_peertube {
    function_check install_postgresql
    install_postgresql

-    if [ -d $rootdir$PEERTUBE_DIR ]; then
-        rm -rf $rootdir$PEERTUBE_DIR
+    if [ -d "$rootdir$PEERTUBE_DIR" ]; then
+        rm -rf "$rootdir$PEERTUBE_DIR"
    fi

-    git clone $PEERTUBE_REPO $rootdir$PEERTUBE_DIR
+    git clone "$PEERTUBE_REPO" "$rootdir$PEERTUBE_DIR"

    chroot "$rootdir" groupadd peertube
    chroot "$rootdir" useradd -c "PeerTube system account" -d $PEERTUBE_DIR -m -r -g peertube peertube

-    cd $rootdir$PEERTUBE_DIR
+    cd "$rootdir$PEERTUBE_DIR" || exit 246824524
    git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT

-
    get_npm_arch

-    cat <<EOF > $rootdir/usr/bin/install_peertube
+    cat <<EOF > "$rootdir/usr/bin/install_peertube"
 #!/bin/bash
 cd $PEERTUBE_DIR
 curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
@ -683,34 +685,33 @@ if [ ! "\$?" = "0" ]; then
    exit 5293593
 fi
 EOF
-    chmod +x $rootdir/usr/bin/install_peertube
-    chroot "$rootdir" /usr/bin/install_peertube
-    if [ ! "$?" = "0" ]; then
+    chmod +x "$rootdir/usr/bin/install_peertube"
+    if ! chroot "$rootdir" /usr/bin/install_peertube; then
        echo $'PeerTube install failed'
        exit 735638
    fi

-    echo '[Unit]' > $rootdir/etc/systemd/system/peertube.service
-    echo 'Description=PeerTube Decentralized video streaming platform' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/peertube.service
-    echo '' >> $rootdir/etc/systemd/system/peertube.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'User=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'Group=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo "WorkingDirectory=$PEERTUBE_DIR" >> $rootdir/etc/systemd/system/peertube.service
-    echo "ExecStart=/usr/local/bin/npm start" >> $rootdir/etc/systemd/system/peertube.service
-    echo "ExecStop=/usr/local/bin/npm stop" >> $rootdir/etc/systemd/system/peertube.service
-    echo 'StandardOutput=syslog' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'StandardError=syslog' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'SyslogIdentifier=peertube' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'Restart=always' >> $rootdir/etc/systemd/system/peertube.service
-    echo "Environment=NODE_ENV=production" >> $rootdir/etc/systemd/system/peertube.service
-    echo '' >> $rootdir/etc/systemd/system/peertube.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/peertube.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/peertube.service
+    { echo '[Unit]';
+      echo 'Description=PeerTube Decentralized video streaming platform';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=peertube';
+      echo 'Group=peertube';
+      echo "WorkingDirectory=$PEERTUBE_DIR";
+      echo "ExecStart=/usr/local/bin/npm start";
+      echo "ExecStop=/usr/local/bin/npm stop";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=peertube';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/peertube.service"

-    peertube_create_config $rootdir
+    peertube_create_config "$rootdir"

    chroot "$rootdir" chown -R peertube:peertube $PEERTUBE_DIR

@ -730,7 +731,7 @@ function install_peertube {
        ONION_ONLY='no'
    fi

-    if [ ! $PEERTUBE_DOMAIN_NAME ]; then
+    if [ ! "$PEERTUBE_DOMAIN_NAME" ]; then
        echo $'The peertube domain name was not specified'
        exit 783523
    fi
@ -740,8 +741,8 @@ function install_peertube {
    function_check install_postgresql
    install_postgresql

-    if [ ! -d /var/www/$PEERTUBE_DOMAIN_NAME/htdocs ]; then
-        mkdir -p /var/www/$PEERTUBE_DOMAIN_NAME/htdocs
+    if [ ! -d "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs" ]; then
+        mkdir -p "/var/www/$PEERTUBE_DOMAIN_NAME/htdocs"
    fi

    if [ -d $PEERTUBE_DIR ]; then
@ -759,60 +760,56 @@ function install_peertube {
    if [ -d /repos/peertube ]; then
        mkdir -p $PEERTUBE_DIR
        cp -r -p /repos/peertube/. $PEERTUBE_DIR
-        cd $PEERTUBE_DIR
+        cd "$PEERTUBE_DIR" || exit 642874682
        git pull
    else
        function_check git_clone
        git_clone $PEERTUBE_REPO $PEERTUBE_DIR
    fi

-    cd $PEERTUBE_DIR
+    cd "$PEERTUBE_DIR" || exit 27492742
    git checkout $PEERTUBE_COMMIT -b $PEERTUBE_COMMIT
    set_completion_param "peertube commit" "$PEERTUBE_COMMIT"

-    npm install -g yarn
-    if [ ! "$?" = "0" ]; then
+    if ! npm install -g yarn; then
        echo $'Failed to install yarn'
        exit 79353234
    fi
    yarn add -D webpack --network-concurrency 1
-    yarn install
-    if [ ! "$?" = "0" ]; then
+    if ! yarn install; then
        echo $'Failed to run yarn install'
        exit 63754235
    fi
-    npm install
-    if [ ! "$?" = "0" ]; then
+    if ! npm install; then
        echo $'Failed to install peertube'
        exit 7835243
    fi
-    npm run build
-    if [ ! "$?" = "0" ]; then
+    if ! npm run build; then
        echo $'Failed to build peertube'
        exit 5293593
    fi

    PEERTUBE_ONION_HOSTNAME=$(add_onion_service peertube 80 ${PEERTUBE_ONION_PORT})

-    echo '[Unit]' > /etc/systemd/system/peertube.service
-    echo 'Description=PeerTube Decentralized video streaming platform' >> /etc/systemd/system/peertube.service
-    echo 'After=syslog.target' >> /etc/systemd/system/peertube.service
-    echo 'After=network.target' >> /etc/systemd/system/peertube.service
-    echo '' >> /etc/systemd/system/peertube.service
-    echo '[Service]' >> /etc/systemd/system/peertube.service
-    echo 'User=peertube' >> /etc/systemd/system/peertube.service
-    echo 'Group=peertube' >> /etc/systemd/system/peertube.service
-    echo "WorkingDirectory=$PEERTUBE_DIR" >> /etc/systemd/system/peertube.service
-    echo "ExecStart=/usr/local/bin/npm start" >> /etc/systemd/system/peertube.service
-    echo "ExecStop=/usr/local/bin/npm stop" >> /etc/systemd/system/peertube.service
-    echo 'StandardOutput=syslog' >> /etc/systemd/system/peertube.service
-    echo 'StandardError=syslog' >> /etc/systemd/system/peertube.service
-    echo 'SyslogIdentifier=peertube' >> /etc/systemd/system/peertube.service
-    echo 'Restart=always' >> /etc/systemd/system/peertube.service
-    echo "Environment=NODE_ENV=production" >> /etc/systemd/system/peertube.service
-    echo '' >> /etc/systemd/system/peertube.service
-    echo '[Install]' >> /etc/systemd/system/peertube.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/peertube.service
+    { echo '[Unit]';
+      echo 'Description=PeerTube Decentralized video streaming platform';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=peertube';
+      echo 'Group=peertube';
+      echo "WorkingDirectory=$PEERTUBE_DIR";
+      echo "ExecStart=/usr/local/bin/npm start";
+      echo "ExecStop=/usr/local/bin/npm stop";
+      echo 'StandardOutput=syslog';
+      echo 'StandardError=syslog';
+      echo 'SyslogIdentifier=peertube';
+      echo 'Restart=always';
+      echo "Environment=NODE_ENV=production";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/peertube.service

    peertube_create_config

@ -820,10 +817,10 @@ function install_peertube {

    peertube_setup_web

-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a peertube -p "$PEERTUBE_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a peertube -p "$PEERTUBE_ADMIN_PASSWORD"

    function_check add_ddns_domain
-    add_ddns_domain $PEERTUBE_DOMAIN_NAME
+    add_ddns_domain "$PEERTUBE_DOMAIN_NAME"

    systemctl enable peertube
    systemctl daemon-reload
--- a/src/freedombone-app-pelican
+++ b/src/freedombone-app-pelican
@ -50,12 +50,12 @@ pelican_variables=(MY_USERNAME
                   PELICAN_BLOG_CODE)

 function pelican_remove_bad_blog_links {
-    find ./ -type f -name *.css -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/googleapi/d' {} \;
-    find ./ -type f -name *.css -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.scss -exec sed -i -e '/bootstrapcdn/d' {} \;
-    find ./ -type f -name *.html -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/googleapi/d' {} \;
+    find ./ -type f -name "*.css" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.scss" -exec sed -i -e '/bootstrapcdn/d' {} \;
+    find ./ -type f -name "*.html" -exec sed -i -e '/bootstrapcdn/d' {} \;
 }

 function logging_on_pelican {
@ -73,104 +73,104 @@ function install_pelican_website {
    fi
    function_check nginx_http_redirect
    nginx_http_redirect $PELICAN_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    #listen [::]:443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    { echo 'server {';
+      echo '    listen 443 ssl;';
+      echo '    #listen [::]:443 ssl;';
+      echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
+      echo "    server_name ${PELICAN_DOMAIN_NAME};";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
    function_check nginx_ssl
-    nginx_ssl $PELICAN_DOMAIN_NAME
+    nginx_ssl "$PELICAN_DOMAIN_NAME"
    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
    function_check nginx_limits
-    nginx_limits $PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_limits "$PELICAN_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}';
+      echo ''; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"

    function_check create_site_certificate
-    create_site_certificate $PELICAN_DOMAIN_NAME 'yes'
+    create_site_certificate "$PELICAN_DOMAIN_NAME" 'yes'
 }

 function install_pelican_website_onion {
-    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    { echo 'server {';
+      echo "    listen 127.0.0.1:${PELICAN_ONION_PORT} default_server;";
+      echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;";
+      echo "    server_name ${PELICAN_DOMAIN_NAME};";
+      echo '    access_log /dev/null;';
+      echo "    error_log /dev/null;";
+      echo '    index index.html;';
+      echo '    charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
-    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
+    { echo '    add_header Strict-Transport-Security "max-age=0;";';
+      echo '';
+      echo '    location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
    function_check nginx_limits
-    nginx_limits $PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_limits "$PELICAN_DOMAIN_NAME"
+    { echo '    }';
+      echo '';
+      echo '    # block these file types';
+      echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    # deny access to all dot files';
+      echo '    location ~ /\. {';
+      echo '        deny all;';
+      echo '    }';
+      echo '';
+      echo '    location ~ /(data|conf|bin|inc)/ {';
+      echo '      deny all;';
+      echo '    }';
+      echo '    location ~ /\.ht {';
+      echo '      deny  all;';
+      echo '    }';
+      echo '}'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
 }

 function pelican_editor_config {
    if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican ]; then
-        echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq org-support-shift-select t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq standard-indent 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq-default tab-width 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq c-basic-offset 4)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(mouse-wheel-mode t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq make-backup-files t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq version-control t)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(setq default-major-mode 'text-mode)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(dolist (hook '(text-mode-hook))" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '    (add-hook hook (lambda () (flyspell-mode 1))))' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq-default fill-column 72)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo '(setq auto-fill-mode 0)' >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
-        echo "(setq-default auto-fill-function 'do-auto-fill)" >> $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
+        { echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)";
+          echo '(setq org-support-shift-select t)';
+          echo '(setq standard-indent 4)';
+          echo '(setq-default tab-width 4)';
+          echo '(setq c-basic-offset 4)';
+          echo '(mouse-wheel-mode t)';
+          echo '(setq make-backup-files t)';
+          echo '(setq version-control t)';
+          echo '(setq backup-directory-alist (quote ((".*" . "~/.emacs_backups/"))))';
+          echo "(setq default-major-mode 'text-mode)";
+          echo "(dolist (hook '(text-mode-hook))";
+          echo '    (add-hook hook (lambda () (flyspell-mode 1))))';
+          echo '(setq-default fill-column 72)';
+          echo '(setq auto-fill-mode 0)';
+          echo "(add-hook 'text-mode-hook 'turn-on-auto-fill)";
+          echo "(setq-default auto-fill-function 'do-auto-fill)"; } > "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican"
    fi
 }

@ -179,7 +179,7 @@ function pelican_regenerate_blog {
    echo ''
    echo $'Regenerating blog...'

-    cd $PELICAN_BLOG_INSTALL_DIR
+    cd "$PELICAN_BLOG_INSTALL_DIR" || exit 463856348
    make html
    cp -r $PELICAN_BLOG_INSTALL_DIR/output/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
    chown -R www-data:www-data /var/www/$PELICAN_DOMAIN_NAME/htdocs
@ -189,19 +189,19 @@ function pelican_new_blog {
    DATESTR=$(date "+%Y-%m-%d %H:%M:%S")

    if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry ]; then
-        echo $'Title: Blog Post Title' > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $"Date: ${DATESTR}" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $"Author: $(toxid --showuser)" >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Category: default' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Tags: blog, tag' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'Add your text here' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo -n $'To include an image copy it into the /etc/blog/content/images directory, ' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'then link to it with:' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo $'![My image]({filename}images/myimage.jpg)' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
-        echo  '' >> $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
+        { echo $'Title: Blog Post Title';
+          echo $"Date: ${DATESTR}";
+          echo $"Author: $(toxid --showuser)";
+          echo $'Category: default';
+          echo $'Tags: blog, tag';
+          echo  '';
+          echo $'Add your text here';
+          echo  '';
+          echo -n $'To include an image copy it into the /etc/blog/content/images directory, ';
+          echo $'then link to it with:';
+          echo  '';
+          echo $'![My image]({filename}images/myimage.jpg)';
+          echo  ''; } > $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry
    fi

    if [ -f /usr/bin/emacs ]; then
@ -222,7 +222,7 @@ function pelican_new_blog {

    # move to the content directory
    CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
-    mv $PELICAN_BLOG_INSTALL_DIR/.new-blog-entry $BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md
+    mv "$PELICAN_BLOG_INSTALL_DIR/.new-blog-entry" "$BLOG_CONTENT_PATH/${CURRENT_INDEX}_post.md"

    # increment the index
    CURRENT_INDEX=$((CURRENT_INDEX + 1))
@ -238,14 +238,14 @@ function pelican_edit_blog {
    CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
    PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
    LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
-    if [ ! -f $LAST_BLOG_ENTRY ]; then
+    if [ ! -f "$LAST_BLOG_ENTRY" ]; then
        return
    fi

    if [ -f /usr/bin/emacs ]; then
-        emacs -q --load $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican $LAST_BLOG_ENTRY
+        emacs -q --load "$PELICAN_BLOG_INSTALL_DIR/.emacs-pelican" "$LAST_BLOG_ENTRY"
    else
-        editor $LAST_BLOG_ENTRY
+        editor "$LAST_BLOG_ENTRY"
    fi

    pelican_regenerate_blog
@ -258,18 +258,18 @@ function pelican_delete_blog {
    CURRENT_INDEX=$(cat $PELICAN_CURRENT_BLOG_INDEX)
    PREVIOUS_INDEX=$((CURRENT_INDEX - 1))
    LAST_BLOG_ENTRY=$BLOG_CONTENT_PATH/${PREVIOUS_INDEX}_post.md
-    if [ ! -f $LAST_BLOG_ENTRY ]; then
+    if [ ! -f "$LAST_BLOG_ENTRY" ]; then
        return
    fi

    dialog --title $"Delete the previous blog entry" \
           --backtitle $"Freedombone Mesh" \
           --defaultno \
-           --yesno $"\nAre you sure that you wish to delete the previous blog entry?" 8 60
+           --yesno $"\\nAre you sure that you wish to delete the previous blog entry?" 8 60
    sel=$?
    case $sel in
-        0) rm $LAST_BLOG_ENTRY
-           if [ $CURRENT_INDEX -gt 0 ]; then
+        0) rm "$LAST_BLOG_ENTRY"
+           if [ "$CURRENT_INDEX" -gt 0 ]; then
               CURRENT_INDEX=$PREVIOUS_INDEX
               echo "$CURRENT_INDEX" > $PELICAN_CURRENT_BLOG_INDEX
           else
@ -297,8 +297,8 @@ function pelican_change_theme {
    for a in "${THEMES[@]}"
    do
        is_selected='off'
-        if [ $curr_theme_index ]; then
-            if [ $n -eq $curr_theme_index ]; then
+        if [ "$curr_theme_index" ]; then
+            if [ $n -eq "$curr_theme_index" ]; then
                is_selected='on'
            fi
        else
@ -308,28 +308,30 @@ function pelican_change_theme {
        fi

        themelist="$themelist $n $a $is_selected"
-        n=$[n+1]
-        theme_index=$[theme_index+1]
+        n=$((n+1))
+        theme_index=$((theme_index+1))
    done

-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
    dialog --backtitle $"Freedombone Mesh" \
           --title $"Select Blog Theme" \
           --radiolist $'Choose:' \
-           80 40 20 $themelist 2> $data
+           80 40 20 "$themelist" 2> "$data"
    sel=$?
    case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
    esac
-    CHOSEN_THEME_INDEX=$(cat $data)
+    CHOSEN_THEME_INDEX=$(cat "$data")
+    rm -f "$data"
    echo "$CHOSEN_THEME_INDEX" > $PELICAN_BLOG_INSTALL_DIR/.blog-theme-index
    CHOSEN_THEME_INDEX=$((CHOSEN_THEME_INDEX - 1))

    CHOSEN_THEME=${THEMES[$CHOSEN_THEME_INDEX]}

-    cd $PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME
+    cd "$PELICAN_BLOG_INSTALL_DIR/themes/$CHOSEN_THEME" || exit 2648268284
    pelican_remove_bad_blog_links

    if grep -q "THEME=" $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py; then
@ -341,8 +343,7 @@ function pelican_change_theme {
 }

 function configure_interactive_pelican {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
    dialog --backtitle $"Freedombone Configuration" \
           --title $"Pelican Blogging" \
           --radiolist $"Choose an operation:" 18 50 11 \
@ -350,23 +351,25 @@ function configure_interactive_pelican {
           2 $"Edit the previous blog entry" off \
           3 $"Delete the previous blog entry" off \
           4 $"Change theme" off \
-           5 $"Exit" off 2> $data
+           5 $"Exit" off 2> "$data"
    sel=$?
    case $sel in
-        1) return;;
-        255) return;;
+        1) rm -f "$data"
+           return;;
+        255) rm -f "$data"
+             return;;
    esac
-    case $(cat $data) in
+    case $(cat "$data") in
        1) pelican_new_blog;;
        2) pelican_edit_blog;;
        3) pelican_delete_blog;;
        4) pelican_change_theme;;
-        5) break;;
    esac
+    rm -f "$data"
 }

 function install_interactive_pelican {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

@ -376,42 +379,43 @@ function install_interactive_pelican {
        PELICAN_DETAILS_COMPLETE=
        while [ ! $PELICAN_DETAILS_COMPLETE ]
        do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Pelican Blog Configuration" \
-                       --form $"\nPlease enter your blog details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your blog details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                       $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                       $"Code:" 2 1 "$(grep 'PELICAN_BLOG_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
-                       2> $data
+                       2> "$data"
            else
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Pelican Blog Configuration" \
-                       --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your GNU Social details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                       $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       2> $data
+                       2> "$data"
            fi
            sel=$?
            case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
            esac
-            PELICAN_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $PELICAN_DOMAIN_NAME ]; then
+            PELICAN_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$PELICAN_DOMAIN_NAME" ]; then
                if [[ $PELICAN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
                    PELICAN_DOMAIN_NAME=""
                fi
                TEST_DOMAIN_NAME=$PELICAN_DOMAIN_NAME
                validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PELICAN_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$PELICAN_DOMAIN_NAME" ]]; then
                    PELICAN_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        PELICAN_BLOG_CODE=$(cat $data | sed -n 2p)
+                        PELICAN_BLOG_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$PELICAN_BLOG_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                            PELICAN_DOMAIN_NAME=
                        fi
                    fi
@ -420,6 +424,7 @@ function install_interactive_pelican {
            if [ $PELICAN_DOMAIN_NAME ]; then
                PELICAN_DETAILS_COMPLETE="yes"
            fi
+            rm -f "$data"
        done

        # save the results in the config file
@ -454,7 +459,7 @@ function backup_local_pelican {

 function restore_local_pelican {
    if [ -d /etc/blog ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/pelican ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/pelican" ]; then
            temp_restore_dir=/root/temppelican
            function_check restore_directory_from_usb
            restore_directory_from_usb $temp_restore_dir pelican
@ -463,6 +468,7 @@ function restore_local_pelican {
            else
                cp -r $temp_restore_dir/* /etc/blog/
            fi
+            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                rm -rf $temp_restore_dir
                function_check set_user_permissions
@ -475,7 +481,7 @@ function restore_local_pelican {
        fi
    fi
    if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
-        if [ -d $USB_MOUNT_DLNA/backup/pelican-site ]; then
+        if [ -d "$USB_MOUNT_DLNA/backup/pelican-site" ]; then
            temp_restore_dir=/root/temppelican-site
            function_check restore_directory_from_usb
            restore_directory_from_usb $temp_restore_dir pelican-site
@ -484,6 +490,7 @@ function restore_local_pelican {
            else
                cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
            fi
+            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                rm -rf $temp_restore_dir
                function_check set_user_permissions
@ -508,7 +515,7 @@ function backup_remote_pelican {

 function restore_remote_pelican {
    if [ -d /etc/blog ]; then
-        if [ -d $SERVER_DIRECTORY/backup/pelican ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/pelican" ]; then
            temp_restore_dir=/root/temppelican
            function_check restore_directory_from_friend
            restore_directory_from_friend $temp_restore_dir pelican
@ -517,6 +524,7 @@ function restore_remote_pelican {
            else
                cp -r $temp_restore_dir/* /etc/blog/
            fi
+            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                exit 782352
            fi
@ -524,7 +532,7 @@ function restore_remote_pelican {
        fi
    fi
    if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
-        if [ -d $SERVER_DIRECTORY/backup/pelican-site ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/pelican-site" ]; then
            temp_restore_dir=/root/temppelican-site
            function_check restore_directory_from_friend
            restore_directory_from_friend $temp_restore_dir pelican-site
@ -533,6 +541,7 @@ function restore_remote_pelican {
            else
                cp -r $temp_restore_dir/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
            fi
+            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                exit 76382562
            fi
@ -561,112 +570,112 @@ function remove_pelican {
 }

 function create_pelican_conf {
-    STATIC_BLOG_FILE=$1
+    STATIC_BLOG_FILE="$1"

-    echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE
-    echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE
-    echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "AUTHOR=u\"$MY_USERNAME\"" >> $STATIC_BLOG_FILE
-    echo "SITENAME=u'$DEFAULT_BLOG_TITLE'" >> $STATIC_BLOG_FILE
-    echo "SITEURL=''" >> $STATIC_BLOG_FILE
-    echo "PATH='content'" >> $STATIC_BLOG_FILE
-    echo 'TIMEZONE=u"Europe/London"' >> $STATIC_BLOG_FILE
-    echo "DEFAULT_LANG=u'en'" >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'FEED_ALL_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'CATEGORY_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'TRANSLATION_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'AUTHOR_FEED_ATOM=None' >> $STATIC_BLOG_FILE
-    echo 'AUTHOR_FEED_RSS=None' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DEFAULT_PAGINATION=False' >> $STATIC_BLOG_FILE
-    echo 'RELATIVE_URLS=True' >> $STATIC_BLOG_FILE
-    echo "THEME='themes/nice-blog'" >> $STATIC_BLOG_FILE
+    { echo '#!/usr/bin/env python';
+      echo '# -*- coding: utf-8 -*- #';
+      echo 'from __future__ import unicode_literals';
+      echo '';
+      echo "AUTHOR=u\"$MY_USERNAME\"";
+      echo "SITENAME=u'$DEFAULT_BLOG_TITLE'";
+      echo "SITEURL=''";
+      echo "PATH='content'";
+      echo 'TIMEZONE=u"Europe/London"';
+      echo "DEFAULT_LANG=u'en'";
+      echo '';
+      echo 'FEED_ALL_ATOM=None';
+      echo 'CATEGORY_FEED_ATOM=None';
+      echo 'TRANSLATION_FEED_ATOM=None';
+      echo 'AUTHOR_FEED_ATOM=None';
+      echo 'AUTHOR_FEED_RSS=None';
+      echo '';
+      echo 'DEFAULT_PAGINATION=False';
+      echo 'RELATIVE_URLS=True';
+      echo "THEME='themes/nice-blog'"; } > "$STATIC_BLOG_FILE"
 }

 function create_pelican_makefile {
-    STATIC_BLOG_FILE=$1
+    STATIC_BLOG_FILE="$1"

-    echo 'PY?=python' > $STATIC_BLOG_FILE
-    echo 'PELICAN?=pelican' >> $STATIC_BLOG_FILE
-    echo 'PELICANOPTS=' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'BASEDIR=$(CURDIR)' >> $STATIC_BLOG_FILE
-    echo 'INPUTDIR=$(BASEDIR)/content' >> $STATIC_BLOG_FILE
-    echo "OUTPUTDIR=$PELICAN_BLOG_PATH" >> $STATIC_BLOG_FILE
-    echo 'CONFFILE=$(BASEDIR)/pelicanconf.py' >> $STATIC_BLOG_FILE
-    echo 'PUBLISHCONF=$(BASEDIR)/publishconf.py' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DEBUG ?= 0' >> $STATIC_BLOG_FILE
-    echo 'ifeq ($(DEBUG), 1)' >> $STATIC_BLOG_FILE
-    echo -e '\tPELICANOPTS += -D' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'RELATIVE ?= 0' >> $STATIC_BLOG_FILE
-    echo 'ifeq ($(RELATIVE), 1)' >> $STATIC_BLOG_FILE
-    echo -e '\tPELICANOPTS += --relative-urls' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'html:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'clean:' >> $STATIC_BLOG_FILE
-    echo -e '\t[ ! -d $(OUTPUTDIR) ] || rm -rf $(OUTPUTDIR)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'regenerate:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) -r $(INPUTDIR) -o $(OUTPUTDIR) -s $(CONFFILE) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'serve:' >> $STATIC_BLOG_FILE
-    echo 'ifdef PORT' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server $(PORT)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'serve-global:' >> $STATIC_BLOG_FILE
-    echo 'ifdef SERVER' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 $(SERVER)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\tcd $(OUTPUTDIR) && $(PY) -m pelican.server 80 0.0.0.0' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'devserver:' >> $STATIC_BLOG_FILE
-    echo 'ifdef PORT' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh restart $(PORT)' >> $STATIC_BLOG_FILE
-    echo 'else' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh restart' >> $STATIC_BLOG_FILE
-    echo 'endif' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'stopserver:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(BASEDIR)/develop_server.sh stop' >> $STATIC_BLOG_FILE
-    echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'publish:' >> $STATIC_BLOG_FILE
-    echo -e '\t$(PELICAN) $(INPUTDIR) -o $(OUTPUTDIR) -s $(PUBLISHCONF) $(PELICANOPTS)' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo '.PHONY: html clean regenerate serve serve-global devserver publish' >> $STATIC_BLOG_FILE
+    { echo 'PY?=python';
+      echo 'PELICAN?=pelican';
+      echo 'PELICANOPTS=';
+      echo '';
+      echo "BASEDIR=\$(CURDIR)";
+      echo "INPUTDIR=\$(BASEDIR)/content";
+      echo "OUTPUTDIR=$PELICAN_BLOG_PATH";
+      echo "CONFFILE=\$(BASEDIR)/pelicanconf.py";
+      echo "PUBLISHCONF=\$(BASEDIR)/publishconf.py";
+      echo '';
+      echo 'DEBUG ?= 0';
+      echo "ifeq (\$(DEBUG), 1)";
+      echo -e '\tPELICANOPTS += -D';
+      echo 'endif';
+      echo '';
+      echo 'RELATIVE ?= 0';
+      echo "ifeq (\$(RELATIVE), 1)";
+      echo -e '\tPELICANOPTS += --relative-urls';
+      echo 'endif';
+      echo '';
+      echo 'html:';
+      echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
+      echo '';
+      echo 'clean:';
+      echo -e "\\t[ ! -d \$(OUTPUTDIR) ] || rm -rf \$(OUTPUTDIR)";
+      echo '';
+      echo 'regenerate:';
+      echo -e "\\t\$(PELICAN) -r \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(CONFFILE) \$(PELICANOPTS)";
+      echo '';
+      echo 'serve:';
+      echo 'ifdef PORT';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server \$(PORT)";
+      echo 'else';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server";
+      echo 'endif';
+      echo '';
+      echo 'serve-global:';
+      echo 'ifdef SERVER';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 \$(SERVER)";
+      echo 'else';
+      echo -e "\\tcd \$(OUTPUTDIR) && \$(PY) -m pelican.server 80 0.0.0.0";
+      echo 'endif';
+      echo '';
+      echo 'devserver:';
+      echo 'ifdef PORT';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh restart \$(PORT)";
+      echo 'else';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh restart";
+      echo 'endif';
+      echo '';
+      echo 'stopserver:';
+      echo -e "\\t\$(BASEDIR)/develop_server.sh stop";
+      echo -e '\t@echo "Stopped Pelican and SimpleHTTPServer processes running in background."';
+      echo '';
+      echo 'publish:';
+      echo -e "\\t\$(PELICAN) \$(INPUTDIR) -o \$(OUTPUTDIR) -s \$(PUBLISHCONF) \$(PELICANOPTS)";
+      echo '';
+      echo '.PHONY: html clean regenerate serve serve-global devserver publish'; } > "$STATIC_BLOG_FILE"
 }

 function create_pelican_publish_conf {
    STATIC_BLOG_FILE=$1

-    echo '#!/usr/bin/env python' > $STATIC_BLOG_FILE
-    echo '# -*- coding: utf-8 -*- #' >> $STATIC_BLOG_FILE
-    echo 'from __future__ import unicode_literals' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'import os' >> $STATIC_BLOG_FILE
-    echo 'import sys' >> $STATIC_BLOG_FILE
-    echo 'sys.path.append(os.curdir)' >> $STATIC_BLOG_FILE
-    echo 'from pelicanconf import *' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "SITEURL = ''" >> $STATIC_BLOG_FILE
-    echo 'RELATIVE_URLS = True' >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'" >> $STATIC_BLOG_FILE
-    echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'" >> $STATIC_BLOG_FILE
-    echo '' >> $STATIC_BLOG_FILE
-    echo 'DELETE_OUTPUT_DIRECTORY = True' >> $STATIC_BLOG_FILE
+    { echo '#!/usr/bin/env python';
+      echo '# -*- coding: utf-8 -*- #';
+      echo 'from __future__ import unicode_literals';
+      echo '';
+      echo 'import os';
+      echo 'import sys';
+      echo 'sys.path.append(os.curdir)';
+      echo 'from pelicanconf import *';
+      echo '';
+      echo "SITEURL = ''";
+      echo 'RELATIVE_URLS = True';
+      echo '';
+      echo "FEED_ALL_ATOM = 'feeds/all.atom.xml'";
+      echo "CATEGORY_FEED_ATOM = 'feeds/%s.atom.xml'";
+      echo '';
+      echo 'DELETE_OUTPUT_DIRECTORY = True'; } > "$STATIC_BLOG_FILE"
 }

 function pelican_themes {
@ -747,10 +756,11 @@ function pelican_themes {
 }

 function mesh_install_pelican {
-    if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then
+    if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" && "$VARIANT" != "usb" ]]; then
        return
    fi

+    # shellcheck disable=SC2154
    chroot "$rootdir" apt-get -yq install python-pip
    chroot "$rootdir" pip install ipython
    chroot "$rootdir" pip install Markdown
@ -760,34 +770,34 @@ function mesh_install_pelican {
    PELICAN_BLOG_INSTALL_DIR=/home/$MY_USERNAME/CreateBlog
    PELICAN_BLOG_PATH=/home/$MY_USERNAME/Public/Blog

-    if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR
+    if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR"
    fi

-    if [ ! -d $rootdir$PELICAN_BLOG_PATH ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_PATH
+    if [ ! -d "$rootdir$PELICAN_BLOG_PATH" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_PATH"
    fi

-    if [ ! -d $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images ]; then
-        mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/content/images
+    if [ ! -d "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images" ]; then
+        mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/content/images"
    fi

-    create_pelican_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py
-    create_pelican_makefile $rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile
-    create_pelican_publish_conf $rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py
+    create_pelican_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
+    create_pelican_makefile "$rootdir$PELICAN_BLOG_INSTALL_DIR/Makefile"
+    create_pelican_publish_conf "$rootdir$PELICAN_BLOG_INSTALL_DIR/publishconf.py"

-    mkdir -p $rootdir$PELICAN_BLOG_INSTALL_DIR/themes
-    cd $rootdir$PELICAN_BLOG_INSTALL_DIR/themes
+    mkdir -p "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes"
+    cd "$rootdir$PELICAN_BLOG_INSTALL_DIR/themes" || exit 74624524
    pelican_themes

    #git clone --recursive $PELICAN_PLUGINS_REPO $rootdir$PELICAN_BLOG_INSTALL_DIR/plugins

-    chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR
-    chroot "$rootdir" chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Public
+    chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
+    chroot "$rootdir" chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/Public"
 }

 function install_pelican {
-    if [ $INSTALLING_MESH ]; then
+    if [ "$INSTALLING_MESH" ]; then
        mesh_install_pelican
        return
    fi
@ -800,29 +810,29 @@ function install_pelican {

    PELICAN_BLOG_PATH=/var/www/$PELICAN_DOMAIN_NAME/htdocs

-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR ]; then
-        mkdir -p $PELICAN_BLOG_INSTALL_DIR
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR" ]; then
+        mkdir -p "$PELICAN_BLOG_INSTALL_DIR"
    fi

    if [ ! -d $PELICAN_BLOG_PATH ]; then
        mkdir -p $PELICAN_BLOG_PATH
    fi

-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR/content ]; then
-        mkdir -p $PELICAN_BLOG_INSTALL_DIR/content
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/content" ]; then
+        mkdir -p "$PELICAN_BLOG_INSTALL_DIR/content"
    fi

-    create_pelican_conf $PELICAN_BLOG_INSTALL_DIR/pelicanconf.py
-    create_pelican_makefile $PELICAN_BLOG_INSTALL_DIR/Makefile
-    create_pelican_publish_conf $PELICAN_BLOG_INSTALL_DIR/publishconf.py
+    create_pelican_conf "$PELICAN_BLOG_INSTALL_DIR/pelicanconf.py"
+    create_pelican_makefile "$PELICAN_BLOG_INSTALL_DIR/Makefile"
+    create_pelican_publish_conf "$PELICAN_BLOG_INSTALL_DIR/publishconf.py"

-    mkdir -p $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes
-    cd $PELICAN_THEMES_REPO $PELICAN_BLOG_INSTALL_DIR/themes
+    mkdir -p "$PELICAN_THEMES_REPO" "$PELICAN_BLOG_INSTALL_DIR/themes"
+    cd "$PELICAN_BLOG_INSTALL_DIR/themes" || exit 45357282883
    pelican_themes

    #git clone --recursive $PELICAN_PLUGINS_REPO $PELICAN_BLOG_INSTALL_DIR/plugins

-    chown -R $MY_USERNAME:$MY_USERNAME $PELICAN_BLOG_INSTALL_DIR
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "$PELICAN_BLOG_INSTALL_DIR"
    chown -R www-data:www-data $PELICAN_BLOG_PATH

    pelican_editor_config
@ -834,7 +844,7 @@ function install_pelican {
    install_pelican_website_onion

    pelican_regenerate_blog
-    if [ ! -d $PELICAN_BLOG_INSTALL_DIR/output ]; then
+    if [ ! -d "$PELICAN_BLOG_INSTALL_DIR/output" ]; then
        echo $'Failed to generate pelican blog'
        exit 521892
    fi
--- a/src/freedombone-app-pihole
+++ b/src/freedombone-app-pihole
@ -66,17 +66,17 @@ function pihole_copy_files {
    if [ ! -d /etc/.pihole ]; then
        mkdir /etc/.pihole
    fi
-    cp $INSTALL_DIR/pihole/adlists.default /etc/.pihole/adlists.default
-    cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default
+    cp "$INSTALL_DIR/pihole/adlists.default" /etc/.pihole/adlists.default
+    cp "$INSTALL_DIR/pihole/adlists.default" $piholeDir/adlists.default
    if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then
-        cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_CUSTOM_ADLIST
+        cp "$INSTALL_DIR/pihole/adlists.default" $PIHOLE_CUSTOM_ADLIST
    fi
-    cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
+    cp "$INSTALL_DIR/pihole/advanced/Scripts/*" /opt/$piholeBasename
    if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then
        rm /etc/dnsmasq.d/01-pihole.conf
    fi
-    cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
-    cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
+    cp "$INSTALL_DIR/pihole/advanced/pihole.cron" /etc/cron.d/pihole
+    cp "$INSTALL_DIR/pihole/gravity.sh" /opt/$piholeBasename
    chmod +x /opt/pihole/*.sh
 }

@ -95,7 +95,7 @@ function pihole_update {
        return
    fi

-    if [ ! -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then
+    if [ ! -f "$HOME/${PROJECT_NAME}-wifi.cfg" ]; then
        PIHOLE_IFACE=eth0
    else
        read_config_param WIFI_INTERFACE
@ -114,13 +114,13 @@ function pihole_update {
    echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
    echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}

-    echo 'domain-needed' > /etc/dnsmasq.conf
-    echo 'bogus-priv' >> /etc/dnsmasq.conf
-    echo 'no-resolv' >> /etc/dnsmasq.conf
-    echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf
-    echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
-    echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
-    echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
+    { echo 'domain-needed';
+      echo 'bogus-priv';
+      echo 'no-resolv';
+      echo "server=${PIHOLE_DNS1}";
+      echo "server=${PIHOLE_DNS2}";
+      echo "interface=${PIHOLE_IFACE}";
+      echo 'listen-address=127.0.0.1'; } > /etc/dnsmasq.conf

    pihole -g
    systemctl restart dnsmasq
@ -132,8 +132,7 @@ function pihole_update {
 }

 function pihole_change_upstream_dns {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
    dialog --backtitle $"Ad Blocker Upstream DNS" \
           --radiolist $"Pick a domain name service (DNS):" 28 50 19 \
           1 $"Digital Courage" on \
@ -154,13 +153,15 @@ function pihole_change_upstream_dns {
           16 $"DNS.Watch" off \
           17 $"uncensoreddns.org" off \
           18 $"Lorraine Data Network" off \
-           19 $"Google" off 2> $data
+           19 $"Google" off 2> "$data"
    sel=$?
    case $sel in
-        1) exit 1;;
-        255) exit 1;;
+        1) rm -f "$data"
+           exit 1;;
+        255) rm -f "$data"
+             exit 1;;
    esac
-    case $(cat $data) in
+    case $(cat "$data") in
        1) PIHOLE_DNS1='85.214.73.63'
           PIHOLE_DNS2='213.73.91.35'
           ;;
@ -218,10 +219,12 @@ function pihole_change_upstream_dns {
        19) PIHOLE_DNS1='8.8.8.8'
            PIHOLE_DNS2='4.4.4.4'
            dialog --title $"WARNING" \
-                   --msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
+                   --msgbox $"\\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\\n\\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
            ;;
-        255) exit 1;;
+        255) rm -f "$data"
+             exit 1;;
    esac
+    rm -f "$data"
    write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
    write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
 }
@ -252,8 +255,7 @@ function pihole_resume {
 function configure_interactive_pihole {
    while true
    do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"Ad Blocker" \
               --radiolist $"Choose an operation:" 16 70 7 \
@ -263,13 +265,15 @@ function configure_interactive_pihole {
               4 $"Change upstream DNS servers" off \
               5 $"Pause blocker" off \
               6 $"Resume blocker" off \
-               7 $"Exit" on 2> $data
+               7 $"Exit" on 2> "$data"
        sel=$?
        case $sel in
-            1) exit 1;;
-            255) exit 1;;
+            1) rm -f "$data"
+               exit 1;;
+            255) rm -f "$data"
+                 exit 1;;
        esac
-        case $(cat $data) in
+        case $(cat "$data") in
            1) editor $PIHOLE_CUSTOM_ADLIST
               update_pihole_interactive
               ;;
@ -286,8 +290,10 @@ function configure_interactive_pihole {
               ;;
            6) pihole_resume
               ;;
-            7) break;;
+            7) rm -f "$data"
+               break;;
        esac
+        rm -f "$data"
    done
 }

@ -306,7 +312,7 @@ function upgrade_pihole {
    fi

    function_check set_repo_commit
-    set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
+    set_repo_commit "$INSTALL_DIR/pihole" "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO

    pihole_copy_files
    pihole_update
@ -367,8 +373,8 @@ function remove_pihole {
        rm /etc/cron.d/pihole
    fi

-    if [ -d $INSTALL_DIR/pihole ]; then
-        rm -rf $INSTALL_DIR/pihole
+    if [ -d "$INSTALL_DIR/pihole" ]; then
+        rm -rf "$INSTALL_DIR/pihole"
    fi

    firewall_remove 53
@ -391,27 +397,27 @@ function install_pihole {

    systemctl enable dnsmasq

-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
    fi

-    if [ ! -d $INSTALL_DIR/pihole ]; then
-        cd $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR/pihole" ]; then
+        cd "$INSTALL_DIR" || exit 78245624527

        if [ -d /repos/pihole ]; then
            mkdir pihole
            cp -r -p /repos/pihole/. pihole
-            cd pihole
+            cd pihole || exit 24572424684
            git pull
        else
            git_clone $PIHOLE_REPO pihole
        fi

-        if [ ! -d $INSTALL_DIR/pihole ]; then
+        if [ ! -d "$INSTALL_DIR/pihole" ]; then
            exit 523925
        fi
-        cd $INSTALL_DIR/pihole
-        git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT
+        cd "$INSTALL_DIR/pihole" || exit 2682468242
+        git checkout "$PIHOLE_COMMIT" -b "$PIHOLE_COMMIT"
        set_completion_param "pihole commit" "$PIHOLE_COMMIT"
    fi

@ -420,21 +426,21 @@ function install_pihole {
    fi

    # blank file which takes the place of ads
-    echo '<html>' > /var/www/pihole/htdocs/index.html
-    echo '<body>' >> /var/www/pihole/htdocs/index.html
-    echo '</body>' >> /var/www/pihole/htdocs/index.html
-    echo '</html>' >> /var/www/pihole/htdocs/index.html
+    { echo '<html>';
+      echo '<body>';
+      echo '</body>';
+      echo '</html>'; } > /var/www/pihole/htdocs/index.html

-    if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then
+    if [ ! -f "$INSTALL_DIR/pihole/gravity.sh" ]; then
        exit 26738
    fi
-    cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh
+    cp "$INSTALL_DIR/pihole/gravity.sh" /usr/local/bin/gravity.sh
    chmod 755 /usr/local/bin/gravity.sh

-    if [ ! -f $INSTALL_DIR/pihole/pihole ]; then
+    if [ ! -f "$INSTALL_DIR/pihole/pihole" ]; then
        exit 52935
    fi
-    cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole
+    cp "$INSTALL_DIR/pihole/pihole" /usr/local/bin/pihole
    chmod 755 /usr/local/bin/pihole

    if [ ! -d $piholeDir ]; then
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
--- a/src/freedombone-app-postactiv
+++ b/src/freedombone-app-postactiv
@ -66,12 +66,12 @@ function logging_off_postactiv {
 function postactiv_customise_logo {
    domain_name=$1

-    if [ -f /var/www/${domain_name}/htdocs/static/logo.png ]; then
+    if [ -f "/var/www/${domain_name}/htdocs/static/logo.png" ]; then
        if [ -f ~/freedombone/img/postactiv.png ]; then
-            cp ~/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png
+            cp ~/freedombone/img/postactiv.png "/var/www/${domain_name}/htdocs/static/logo.png"
        else
-            if [ -f /home/$MY_USERNAME/freedombone/img/postactiv.png ]; then
-                cp /home/$MY_USERNAME/freedombone/img/postactiv.png /var/www/${domain_name}/htdocs/static/logo.png
+            if [ -f "/home/$MY_USERNAME/freedombone/img/postactiv.png" ]; then
+                cp "/home/$MY_USERNAME/freedombone/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
            fi
        fi
    fi
@ -80,13 +80,13 @@ function postactiv_customise_logo {
 function remove_user_postactiv {
    remove_username="$1"

-    ${PROJECT_NAME}-pass -u $remove_username --rmapp postactiv
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp postactiv

    function_check get_completion_param
    POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-        php scripts/deleteprofile.php -n $remove_username -y
+    if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
+        cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 3658254254
+        php scripts/deleteprofile.php -n "$remove_username" -y
    fi
 }

@ -94,13 +94,13 @@ function add_user_postactiv {
    new_username="$1"
    new_user_password="$2"

-    ${PROJECT_NAME}-pass -u $new_username -a postactiv -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a postactiv -p "$new_user_password"

    POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-        php scripts/registeruser.php -n $new_username -w "$new_user_password" -e "$new_username@$HOSTNAME"
-        ${PROJECT_NAME}-addemail -u $new_username -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
+    if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs" ]; then
+        cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 346846834
+        php scripts/registeruser.php -n "$new_username" -w "$new_user_password" -e "$new_username@$HOSTNAME"
+        "${PROJECT_NAME}-addemail" -u "$new_username" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
        echo '0'
    else
        echo '1'
@ -108,7 +108,7 @@ function add_user_postactiv {
 }

 function install_interactive_postactiv {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

@ -118,54 +118,54 @@ function install_interactive_postactiv {
        POSTACTIV_DETAILS_COMPLETE=
        while [ ! $POSTACTIV_DETAILS_COMPLETE ]
        do
-            data=$(tempfile 2>/dev/null)
+            data=$(mktemp 2>/dev/null)
            trap "rm -f $data" 0 1 2 5 15
            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"PostActiv Configuration" \
-                       --form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                       $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
                       $"Code:" 4 1 "$(grep 'POSTACTIV_CODE' temp.cfg | awk -F '=' '{print $2}')" 4 25 33 255 \
-                       2> $data
+                       2> "$data"
            else
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"PostActiv Configuration" \
-                       --form $"\nPlease enter your PostActiv details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
+                       --form $"\\nPlease enter your PostActiv details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 16 65 4 \
                       $"Domain:" 1 1 "$(grep 'POSTACTIV_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
-                       $"Title:" 2 1 "$(grep '$POSTACTIV_TITLE' temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
-                       $"Background image URL:" 3 1 "$(grep '$POSTACTIV_BACKGROUND_IMAGE_URL' temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
-                       2> $data
+                       $"Title:" 2 1 "$(grep "$POSTACTIV_TITLE" temp.cfg | awk -F '=' '{print $2}')" 2 25 255 255 \
+                       $"Background image URL:" 3 1 "$(grep "$POSTACTIV_BACKGROUND_IMAGE_URL" temp.cfg | awk -F '=' '{print $2}')" 3 25 255 255 \
+                       2> "$data"
            fi
            sel=$?
            case $sel in
                1) exit 1;;
                255) exit 1;;
            esac
-            POSTACTIV_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            title=$(cat $data | sed -n 2p)
+            POSTACTIV_DOMAIN_NAME=$(sed -n 1p < "$data")
+            title=$(sed -n 2p < "$data")
            if [ ${#title} -gt 1 ]; then
-                POSTACTIV_TITLE=$welcome_msg
+                POSTACTIV_TITLE=$title
            fi
-            img_url=$(cat $data | sed -n 3p)
+            img_url=$(sed -n 3p < "$data")
            if [ ${#img_url} -gt 1 ]; then
                POSTACTIV_BACKGROUND_IMAGE_URL=$img_url
            fi
-            if [ $POSTACTIV_DOMAIN_NAME ]; then
-                if [[ $POSTACTIV_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            if [ "$POSTACTIV_DOMAIN_NAME" ]; then
+                if [[ "$POSTACTIV_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                    POSTACTIV_DOMAIN_NAME=""
                fi
                TEST_DOMAIN_NAME=$POSTACTIV_DOMAIN_NAME
                validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $POSTACTIV_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$POSTACTIV_DOMAIN_NAME" ]]; then
                    POSTACTIV_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        POSTACTIV_CODE=$(cat $data | sed -n 4p)
+                        POSTACTIV_CODE=$(sed -n 4p < "$data")
                        validate_freedns_code "$POSTACTIV_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                            POSTACTIV_DOMAIN_NAME=
                        fi
                    fi
@ -178,7 +178,7 @@ function install_interactive_postactiv {

        # remove any invalid characters
        if [ ${#POSTACTIV_TITLE} -gt 0 ]; then
-            new_title=$(echo "$POSTACTIV_TITLE" | sed "s|'||g")
+            new_title=${"$POSTACTIV_TITLE"//\'//}
            POSTACTIV_TITLE="$new_title"
        fi

@ -197,26 +197,26 @@ function change_password_postactiv {

    read_config_param 'POSTACTIV_DOMAIN_NAME'

-    cd /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts
+    cd "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts" || exit 246824682
    php setpassword.php "$curr_username" "$new_user_password"

-    ${PROJECT_NAME}-pass -u "$curr_username" -a postactiv -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a postactiv -p "$new_user_password"
 }

 function postactiv_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        POSTACTIV_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        POSTACTIV_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
-        if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then
-            POSTACTIV_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then
+            POSTACTIV_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
        fi
    fi
-    if [ ! $POSTACTIV_ADMIN_PASSWORD ]; then
+    if [ ! "$POSTACTIV_ADMIN_PASSWORD" ]; then
        return
    fi

    function_check create_database
-    create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" $MY_USERNAME
+    create_database postactiv "$POSTACTIV_ADMIN_PASSWORD" "$MY_USERNAME"
 }

 function postactiv_running_script {
@ -235,64 +235,63 @@ function reconfigure_postactiv {
 function postactiv_set_background_image {
    POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")

-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
    dialog --title $"PostActiv" \
           --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a background image URL' 10 60 2>$data
+           --inputbox $'Set a background image URL' 10 60 2>"$data"
    sel=$?
    case $sel in
        0)
-            temp_background=$(<$data)
+            temp_background=$(<"$data")
            if [ ${#temp_background} -gt 0 ]; then
                POSTACTIV_BACKGROUND_IMAGE_URL="$temp_background"
                write_config_param "POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_BACKGROUND_IMAGE_URL"

-                if [[ $(pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then
+                if [[ $(pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE" | tail -n 1) == "0" ]]; then
                    dialog --title $"Set PostActiv background" \
                           --msgbox $"The background image has been set" 6 60
                fi
            fi
           ;;
    esac
+    rm -f "$data"
 }

 function postactiv_set_title {
-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
    dialog --title $"PostActiv" \
           --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set a title' 10 60 2>$data
+           --inputbox $'Set a title' 10 60 2>"$data"
    sel=$?
    case $sel in
        0)
-            new_title=$(<$data)
+            new_title=$(<"$data")
            if [ ${#new_title} -gt 0 ]; then
                POSTACTIV_TITLE="$new_title"
                POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
                write_config_param "POSTACTIV_TITLE" "$POSTACTIV_TITLE"
-                cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static
+                cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/static" || exit 782452452
                sed -i "s|\"name\":.*|\"name\": \"${POSTACTIV_TITLE}\",|g" config.json
                dialog --title $"Set PostActiv title" \
                       --msgbox $"The title has been set" 6 60
            fi
           ;;
    esac
+    rm -f "$data"
 }

 function postactiv_set_expire_months {
    POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
    read_config_param "POSTACTIV_EXPIRE_MONTHS"

-    data=$(tempfile 2>/dev/null)
-    trap "rm -f $data" 0 1 2 5 15
+    data=$(mktemp 2>/dev/null)
    dialog --title $"PostActiv" \
           --backtitle $"Freedombone Control Panel" \
-           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>$data
+           --inputbox $'Set an expiry period for posts in months. Anything older will be deleted. Lower values help to keep the database size small and as fast as possible.' 12 60 "$POSTACTIV_EXPIRE_MONTHS" 2>"$data"
    sel=$?
    case $sel in
        0)
-            new_expiry_months=$(<$data)
+            new_expiry_months=$(<"$data")
            if [ ${#new_expiry_months} -gt 0 ]; then
                # should contain no spaces
                if [[ "$new_expiry_months" == *" "* ]]; then
@ -312,14 +311,14 @@ function postactiv_set_expire_months {
            fi
           ;;
    esac
+    rm -f "$data"
 }

 function configure_interactive_postactiv {
    read_config_param "POSTACTIV_EXPIRE_MONTHS"
    while true
    do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"PostActiv" \
               --radiolist $"Choose an operation:" 16 70 7 \
@ -329,21 +328,25 @@ function configure_interactive_postactiv {
               4 $"Select Qvitter user interface" off \
               5 $"Select Pleroma user interface" off \
               6 $"Select Classic user interface" off \
-               7 $"Exit" on 2> $data
+               7 $"Exit" on 2> "$data"
        sel=$?
        case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
        esac
-        case $(cat $data) in
+        case $(cat "$data") in
            1) postactiv_set_background_image;;
            2) postactiv_set_title;;
            3) postactiv_set_expire_months;;
            4) gnusocial_use_qvitter postactiv;;
            5) gnusocial_use_pleroma postactiv;;
            6) gnusocial_use_classic postactiv;;
-            7) break;;
+            7) rm -f "$data"
+               break;;
        esac
+        rm -f "$data"
    done
 }

@ -353,22 +356,22 @@ function upgrade_postactiv {
        return
    fi

-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if grep -q "postactiv domain" "$COMPLETION_FILE"; then
        POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
    fi

    # update to the next commit
    function_check set_repo_commit
-    set_repo_commit /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO
+    set_repo_commit "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "postactiv commit" "$POSTACTIV_COMMIT" $POSTACTIV_REPO

    # Ensure that installation script is removed
-    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then
-        rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php
+    if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then
+        rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php"
    fi

-    if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php ]; then
-        if [ -f /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php ]; then
-            mv /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php
+    if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php" ]; then
+        if [ -f "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" ]; then
+            mv "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index.php" "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/index_qvitter.php"
        fi
    fi

@ -379,16 +382,16 @@ function upgrade_postactiv {
    gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME"

    upgrade_pleroma_frontend "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
-    postactiv_customise_logo
+    postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME"
    install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
-    chown -R www-data:www-data /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
+    chown -R www-data:www-data "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs"
    systemctl restart mariadb
 }


 function backup_local_postactiv {
    POSTACTIV_DOMAIN_NAME='postactiv'
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if grep -q "postactiv domain" "$COMPLETION_FILE"; then
        POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
    fi

@ -396,24 +399,24 @@ function backup_local_postactiv {
    /etc/cron.daily/postactiv-expire

    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
    fi
-    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory"
    fi

    function_check suspend_site
-    suspend_site ${POSTACTIV_DOMAIN_NAME}
+    suspend_site "${POSTACTIV_DOMAIN_NAME}"

    function_check backup_directory_to_usb
    dest_directory=postactivconfig
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"

    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
    dest_directory=postactivfile
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"

    function_check backup_database_to_usb
    backup_database_to_usb postactiv
@ -423,16 +426,16 @@ function backup_local_postactiv {
 }

 function restore_local_postactiv {
-    if ! grep -q "postactiv domain" $COMPLETION_FILE; then
+    if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then
        return
    fi
    POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ $POSTACTIV_DOMAIN_NAME ]; then
+    if [ "$POSTACTIV_DOMAIN_NAME" ]; then
        echo $"Restoring postactiv"
        temp_restore_dir=/root/temppostactiv
        postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
        # stop the daemons
-        cd $postactiv_dir
+        cd "$postactiv_dir" || exit 468246242
        scripts/stopdaemons.sh

        function_check postactiv_create_database
@ -446,36 +449,36 @@ function restore_local_postactiv {
        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir postactivconfig
        if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir ]; then
-                cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
-                cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir" ]; then
+                cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/"
+                cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/"
            else
-                cp $temp_restore_dir/backup/config.php $postactiv_dir/
-                if [ ! -d $postactiv_dir/static ]; then
-                    mkdir $postactiv_dir/static
+                cp "$temp_restore_dir/backup/config.php" "$postactiv_dir/"
+                if [ ! -d "$postactiv_dir/static" ]; then
+                    mkdir "$postactiv_dir/static"
                fi
-                cp -rp $temp_restore_dir/static/* $postactiv_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/"
            fi
-            chown www-data:www-data $postactiv_dir/config.php
-            chown -R www-data:www-data $postactiv_dir/static
+            chown www-data:www-data "$postactiv_dir/config.php"
+            chown -R www-data:www-data "$postactiv_dir/static"
            rm -rf $temp_restore_dir
        fi

        restore_directory_from_usb $temp_restore_dir postactivfile
        if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir/file ]; then
-                cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then
+                cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/"
            else
-                if [ ! -d $postactiv_dir/file ]; then
-                    mkdir $postactiv_dir/file
+                if [ ! -d "$postactiv_dir/file" ]; then
+                    mkdir "$postactiv_dir/file"
                fi
-                cp -rp $temp_restore_dir/* $postactiv_dir/file/
+                cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/"
            fi
-            chown -R www-data:www-data $postactiv_dir/file
+            chown -R www-data:www-data "$postactiv_dir/file"
            rm -rf $temp_restore_dir
        fi

-        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
+        gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}"

        echo $"Restore of postactiv complete"
    fi
@ -483,7 +486,7 @@ function restore_local_postactiv {

 function backup_remote_postactiv {
    POSTACTIV_DOMAIN_NAME='postactiv'
-    if grep -q "postactiv domain" $COMPLETION_FILE; then
+    if grep -q "postactiv domain" "$COMPLETION_FILE"; then
        POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
    fi

@ -491,24 +494,24 @@ function backup_remote_postactiv {
    /etc/cron.daily/postactiv-expire

    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/backup
-    if [ ! -d $source_directory ]; then
-        mkdir $source_directory
+    if [ ! -d "$source_directory" ]; then
+        mkdir "$source_directory"
    fi
-    cp -p /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php $source_directory
-    if [ -d /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static ]; then
-        cp -rp /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static $source_directory
+    cp -p "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/config.php" "$source_directory"
+    if [ -d "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" ]; then
+        cp -rp "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static" "$source_directory"
    fi

    function_check suspend_site
-    suspend_site ${POSTACTIV_DOMAIN_NAME}
+    suspend_site "${POSTACTIV_DOMAIN_NAME}"

    function_check backup_directory_to_friend
    dest_directory=postactivconfig
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"

    source_directory=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/file
    dest_directory=postactivfile
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"

    function_check backup_database_to_friend
    backup_database_to_friend postactiv
@ -518,16 +521,16 @@ function backup_remote_postactiv {
 }

 function restore_remote_postactiv {
-    if ! grep -q "postactiv domain" $COMPLETION_FILE; then
+    if ! grep -q "postactiv domain" "$COMPLETION_FILE"; then
        return
    fi
    POSTACTIV_DOMAIN_NAME=$(get_completion_param "postactiv domain")
-    if [ $POSTACTIV_DOMAIN_NAME ]; then
+    if [ "$POSTACTIV_DOMAIN_NAME" ]; then
        echo $"Restoring postactiv"
        temp_restore_dir=/root/temppostactiv
        postactiv_dir=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs
        # stop the daemons
-        cd $postactiv_dir
+        cd "$postactiv_dir" || exit 24682464
        scripts/stopdaemons.sh

        function_check postactiv_create_database
@ -542,36 +545,36 @@ function restore_remote_postactiv {
        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir postactivconfig
        if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir ]; then
-                cp $temp_restore_dir$postactiv_dir/backup/config.php $postactiv_dir/
-                cp -rp $temp_restore_dir$postactiv_dir/static $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir" ]; then
+                cp "$temp_restore_dir$postactiv_dir/backup/config.php" "$postactiv_dir/"
+                cp -rp "$temp_restore_dir$postactiv_dir/static" "$postactiv_dir/"
            else
-                cp $temp_restore_dir/config.php $postactiv_dir/
-                if [ ! -d $postactiv_dir/static ]; then
-                    mkdir $postactiv_dir/static
+                cp "$temp_restore_dir/config.php" "$postactiv_dir/"
+                if [ ! -d "$postactiv_dir/static" ]; then
+                    mkdir "$postactiv_dir/static"
                fi
-                cp -rp $temp_restore_dir/static/* $postactiv_dir/static/
+                cp -rp "$temp_restore_dir/static/*" "$postactiv_dir/static/"
            fi
-            chown www-data:www-data $postactiv_dir/config.php
-            chown -R www-data:www-data $postactiv_dir/static
+            chown www-data:www-data "$postactiv_dir/config.php"
+            chown -R www-data:www-data "$postactiv_dir/static"
            rm -rf $temp_restore_dir
        fi

        restore_directory_from_friend $temp_restore_dir postactivfile
        if [ -d $temp_restore_dir ]; then
-            if [ -d $temp_restore_dir$postactiv_dir/file ]; then
-                cp -rp $temp_restore_dir$postactiv_dir/file $postactiv_dir/
+            if [ -d "$temp_restore_dir$postactiv_dir/file" ]; then
+                cp -rp "$temp_restore_dir$postactiv_dir/file" "$postactiv_dir/"
            else
-                if [ ! -d $postactiv_dir/file ]; then
-                    mkdir $postactiv_dir/file
+                if [ ! -d "$postactiv_dir/file" ]; then
+                    mkdir "$postactiv_dir/file"
                fi
-                cp -rp $temp_restore_dir/* $postactiv_dir/file/
+                cp -rp "$temp_restore_dir/*" "$postactiv_dir/file/"
            fi
-            chown -R www-data:www-data $postactiv_dir/file
+            chown -R www-data:www-data "$postactiv_dir/file"
            rm -rf $temp_restore_dir
        fi

-        gnusocial_update_after_restore postactiv ${POSTACTIV_DOMAIN_NAME}
+        gnusocial_update_after_restore postactiv "${POSTACTIV_DOMAIN_NAME}"

        echo $"Restore of postactiv complete"
    fi
@ -587,23 +590,23 @@ function remove_postactiv {
    read_config_param "POSTACTIV_DOMAIN_NAME"
    read_config_param "MY_USERNAME"
    echo "Removing $POSTACTIV_DOMAIN_NAME"
-    nginx_dissite $POSTACTIV_DOMAIN_NAME
-    remove_certs $POSTACTIV_DOMAIN_NAME
+    nginx_dissite "$POSTACTIV_DOMAIN_NAME"
+    remove_certs "$POSTACTIV_DOMAIN_NAME"
    if [ -f /etc/cron.hourly/postactiv-daemons ]; then
        rm /etc/cron.hourly/postactiv-daemons
    fi
-    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh ]; then
-        cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+    if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/stopdaemons.sh" ]; then
+        cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 2467245248
        scripts/stopdaemons.sh
    fi
-    kill_pid=$(ps aux | grep /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php | awk -F ' ' '{print $2}' | head -n 1)
-    kill -9 $kill_pid
+    kill_pid=$(pgrep "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
+    kill -9 "$kill_pid"

-    if [ -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
-        rm -rf /var/www/$POSTACTIV_DOMAIN_NAME
+    if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
    fi
-    if [ -f /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME"
    fi
    function_check drop_database
    drop_database postactiv
@ -614,17 +617,17 @@ function remove_postactiv {
    fi
    remove_app postactiv
    remove_completion_param install_postactiv
-    sed -i '/postactiv/d' $COMPLETION_FILE
+    sed -i '/postactiv/d' "$COMPLETION_FILE"
    remove_backup_database_local postactiv

    sed -i '/postactiv-firewall/d' /etc/crontab

    function_check remove_ddns_domain
-    remove_ddns_domain $POSTACTIV_DOMAIN_NAME
+    remove_ddns_domain "$POSTACTIV_DOMAIN_NAME"
 }

 function install_postactiv_main {
-    if [ ! $POSTACTIV_DOMAIN_NAME ]; then
+    if [ ! "$POSTACTIV_DOMAIN_NAME" ]; then
        echo $'No domain name was given for postactiv'
        exit 7359
    fi
@ -648,38 +651,38 @@ function install_postactiv_main {
    apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl

-    if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME ]; then
-        mkdir /var/www/$POSTACTIV_DOMAIN_NAME
+    if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$POSTACTIV_DOMAIN_NAME"
    fi
-    if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then

        if [ -d /repos/postactiv ]; then
-            mkdir /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-            cp -r -p /repos/postactiv/. /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-            cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/postactiv/. "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+            cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46824682682
            git pull
        else
            function_check git_clone
-            git_clone $POSTACTIV_REPO /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+            git_clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
        fi

-        if [ ! -d /var/www/$POSTACTIV_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
            echo $'Unable to clone postactiv repo'
            exit 87525
        fi
    fi

-    cd /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
+    cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46287462828
    git checkout $POSTACTIV_COMMIT -b $POSTACTIV_COMMIT
    set_completion_param "postactiv commit" "$POSTACTIV_COMMIT"

-    chmod g+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-    chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar
-    chmod a+w /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file
-    chown -R www-data:www-data /var/www/$POSTACTIV_DOMAIN_NAME/htdocs
-    chmod +x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php
-    chmod 755 /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
-    chmod -x /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
+    chmod g+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+    chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/avatar"
+    chmod a+w "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/file"
+    chown -R www-data:www-data "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
+    chmod +x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/maildaemon.php"
+    chmod 755 "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php"
+    chmod -x "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/extlib/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php"

    function_check postactiv_create_database
    postactiv_create_database
@ -695,118 +698,118 @@ function install_postactiv_main {
    fi

    function_check add_ddns_domain
-    add_ddns_domain $POSTACTIV_DOMAIN_NAME
+    add_ddns_domain "$POSTACTIV_DOMAIN_NAME"

    POSTACTIV_ONION_HOSTNAME=$(add_onion_service postactiv 80 ${POSTACTIV_ONION_PORT})

    postactiv_nginx_site=/etc/nginx/sites-available/$POSTACTIV_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
-        nginx_http_redirect $POSTACTIV_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $postactiv_nginx_site
-        echo '  listen 443 ssl;' >> $postactiv_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $postactiv_nginx_site
-        echo "  server_name $POSTACTIV_DOMAIN_NAME;" >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
+        nginx_http_redirect "$POSTACTIV_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $POSTACTIV_DOMAIN_NAME;";
+          echo ''; } >> "$postactiv_nginx_site"
        function_check nginx_compress
-        nginx_compress $POSTACTIV_DOMAIN_NAME
-        echo '' >> $postactiv_nginx_site
-        echo '  # Security' >> $postactiv_nginx_site
+        nginx_compress "$POSTACTIV_DOMAIN_NAME"
+        echo '' >> "$postactiv_nginx_site"
+        echo '  # Security' >> "$postactiv_nginx_site"
        function_check nginx_ssl
-        nginx_ssl $POSTACTIV_DOMAIN_NAME
+        nginx_ssl "$POSTACTIV_DOMAIN_NAME"

        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME
+        nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"

-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Logs' >> $postactiv_nginx_site
-        echo '  access_log /dev/null;' >> $postactiv_nginx_site
-        echo '  error_log /dev/null;' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Root' >> $postactiv_nginx_site
-        echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Index' >> $postactiv_nginx_site
-        echo '  index index.php;' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # PHP' >> $postactiv_nginx_site
-        echo '  location ~ \.php {' >> $postactiv_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Location' >> $postactiv_nginx_site
-        echo '  location / {' >> $postactiv_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  # Index';
+          echo '  index index.php;';
+          echo '';
+          echo '  # PHP';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$postactiv_nginx_site"
        function_check nginx_limits
-        nginx_limits $POSTACTIV_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Fancy URLs' >> $postactiv_nginx_site
-        echo '  location @postactiv {' >> $postactiv_nginx_site
-        echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
-        echo '    deny all;' >> $postactiv_nginx_site
-        echo '  }' >> $postactiv_nginx_site
-        echo '}' >> $postactiv_nginx_site
+        nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m'
+        { echo "    try_files \$uri \$uri/ @postactiv;";
+          echo '  }';
+          echo '';
+          echo '  # Fancy URLs';
+          echo '  location @postactiv {';
+          echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}'; } >> "$postactiv_nginx_site"
    else
-        echo -n '' > $postactiv_nginx_site
+        echo -n '' > "$postactiv_nginx_site"
    fi
-    echo 'server {' >> $postactiv_nginx_site
-    echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;" >> $postactiv_nginx_site
-    echo "    server_name $POSTACTIV_ONION_HOSTNAME;" >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;";
+      echo "    server_name $POSTACTIV_ONION_HOSTNAME;";
+      echo ''; } >> "$postactiv_nginx_site"
    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $POSTACTIV_DOMAIN_NAME
-    echo '' >> $postactiv_nginx_site
+    nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
+    echo '' >> "$postactiv_nginx_site"
    function_check nginx_compress
-    nginx_compress $POSTACTIV_DOMAIN_NAME
-    echo '' >> $postactiv_nginx_site
-    echo '  # Logs' >> $postactiv_nginx_site
-    echo '  access_log /dev/null;' >> $postactiv_nginx_site
-    echo '  error_log /dev/null;' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Root' >> $postactiv_nginx_site
-    echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;" >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Index' >> $postactiv_nginx_site
-    echo '  index index.php;' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # PHP' >> $postactiv_nginx_site
-    echo '  location ~ \.php {' >> $postactiv_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $postactiv_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $postactiv_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Location' >> $postactiv_nginx_site
-    echo '  location / {' >> $postactiv_nginx_site
+    nginx_compress "$POSTACTIV_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$POSTACTIV_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  # Index';
+      echo '  index index.php;';
+      echo '';
+      echo '  # PHP';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$postactiv_nginx_site"
    function_check nginx_limits
-    nginx_limits $POSTACTIV_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @postactiv;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Fancy URLs' >> $postactiv_nginx_site
-    echo '  location @postactiv {' >> $postactiv_nginx_site
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $postactiv_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
-    echo '    deny all;' >> $postactiv_nginx_site
-    echo '  }' >> $postactiv_nginx_site
-    echo '}' >> $postactiv_nginx_site
+    nginx_limits "$POSTACTIV_DOMAIN_NAME" '15m'
+    { echo "    try_files \$uri \$uri/ @postactiv;";
+      echo '  }';
+      echo '';
+      echo '  # Fancy URLs';
+      echo '  location @postactiv {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$postactiv_nginx_site"

    function_check configure_php
    configure_php

    function_check create_site_certificate
-    create_site_certificate $POSTACTIV_DOMAIN_NAME 'yes'
+    create_site_certificate "$POSTACTIV_DOMAIN_NAME" 'yes'

    # Ensure that the database gets backed up locally, if remote
    # backups are not being used
@ -817,7 +820,7 @@ function install_postactiv_main {
    backup_database_local postactiv

    function_check nginx_ensite
-    nginx_ensite $POSTACTIV_DOMAIN_NAME
+    nginx_ensite "$POSTACTIV_DOMAIN_NAME"

    # NOTE: For the typical case always enable SSL and only
    # disable it if in onion only mode. This is due to complexities
@ -834,8 +837,8 @@ function install_postactiv_main {

    # Create the configuration
    postactiv_installer=/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/scripts/install_cli.php
-    if [ ! -f $postactiv_installer ]; then
-        rm -rf /var/www/$POSTACTIV_DOMAIN_NAME
+    if [ ! -f "$postactiv_installer" ]; then
+        rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
        echo $'No postactiv commandline installer found'
        exit 53026
    fi
@ -856,45 +859,45 @@ function install_postactiv_main {
    #fi

    # check postactiv has a config file
-    postactiv_config_file=/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php
-    if [ ! -f $postactiv_config_file ]; then
+    postactiv_config_file="/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/config.php"
+    if [ ! -f "$postactiv_config_file" ]; then
        drop_database postactiv
-        rm -rf /var/www/$POSTACTIV_DOMAIN_NAME
+        rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
        echo $'Postactiv config.php not found'
        exit 87586
    fi

    # Some useful settings
-    if ! grep -q "Recommended postactiv settings" $postactiv_config_file; then
-        echo "" >> $postactiv_config_file
-        echo "// Recommended postactiv settings" >> $postactiv_config_file
-        echo "\$config['thumbnail']['maxsize'] = 3000;" >> $postactiv_config_file
-        echo "\$config['profile']['delete'] = true;" >> $postactiv_config_file
-        echo "\$config['profile']['changenick'] = true;" >> $postactiv_config_file
-        echo "\$config['public']['localonly'] = false;" >> $postactiv_config_file
-        echo "addPlugin('StoreRemoteMedia');" >> $postactiv_config_file
-        echo "\$config['queue']['enabled'] = true;" >> $postactiv_config_file
-        echo "\$config['queue']['daemon'] = true;" >> $postactiv_config_file
-        echo "\$config['ostatus']['hub_retries'] = 3;" >> $postactiv_config_file
+    if ! grep -q "Recommended postactiv settings" "$postactiv_config_file"; then
+        { echo "";
+          echo "// Recommended postactiv settings";
+          echo "\$config['thumbnail']['maxsize'] = 3000;";
+          echo "\$config['profile']['delete'] = true;";
+          echo "\$config['profile']['changenick'] = true;";
+          echo "\$config['public']['localonly'] = false;";
+          echo "addPlugin('StoreRemoteMedia');";
+          echo "\$config['queue']['enabled'] = true;";
+          echo "\$config['queue']['daemon'] = true;";
+          echo "\$config['ostatus']['hub_retries'] = 3;"; } >> "$postactiv_config_file"
    fi

-    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> $postactiv_config_file
+    echo "\$config['mail']['domain'] = '${DEFAULT_DOMAIN_NAME}';" >> "$postactiv_config_file"

    # This improves performance
-    sed -i "s|//\$config\['db'\]\['schemacheck'\].*|\$config\['db'\]\['schemacheck'\] = 'script';|g" $postactiv_config_file
+    sed -i "s|//\$config\\['db'\\]\\['schemacheck'\\].*|\$config\\['db'\\]\\['schemacheck'\\] = 'script';|g" "$postactiv_config_file"

    # remove the install script
-    if [ -f /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php ]; then
-        rm /var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php
+    if [ -f "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php" ]; then
+        rm "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/install.php"
    fi

    systemctl restart mariadb
    systemctl restart php7.0-fpm
    systemctl restart nginx

-    ${PROJECT_NAME}-addemail -u $MY_USERNAME -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$POSTACTIV_DOMAIN_NAME" -g postactiv --public no

-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a postactiv -p "$POSTACTIV_ADMIN_PASSWORD"

    gnusocial_block_user_script
    gnusocial_block_domain_script postactiv "$POSTACTIV_DOMAIN_NAME"
@ -905,7 +908,7 @@ function install_postactiv_main {
 }

 function install_postactiv {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

@ -925,8 +928,8 @@ function install_postactiv {
        install_nodejs pleroma-gnusocial
        install_pleroma_front_end "postactiv" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
        install_gnusocial_default_background "postactiv" "$POSTACTIV_DOMAIN_NAME"
-        postactiv_customise_logo
-        sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' /var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json
+        postactiv_customise_logo "$POSTACTIV_DOMAIN_NAME"
+        sed -i 's|"theme":.*|"theme": "base16-harmonic16-light.css",|g' "/var/www/${POSTACTIV_DOMAIN_NAME}/htdocs/static/config.json"
    fi

    expire_gnusocial_posts "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_EXPIRE_MONTHS"
@ -940,8 +943,8 @@ function install_postactiv {
    # And doesn't forget logins
    gnusocial_use_qvitter postactiv

-    if [ $POSTACTIV_BACKGROUND_IMAGE_URL ]; then
-        pleroma_set_background_image_from_url /var/www/$POSTACTIV_DOMAIN_NAME/htdocs "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
+    if [ "$POSTACTIV_BACKGROUND_IMAGE_URL" ]; then
+        pleroma_set_background_image_from_url "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" "$POSTACTIV_DOMAIN_NAME" "$POSTACTIV_BACKGROUND_IMAGE_URL" "$POSTACTIV_TITLE"
    fi

    APP_INSTALLED=1
--- a/src/freedombone-app-privatebin
+++ b/src/freedombone-app-privatebin
@ -56,7 +56,7 @@ function secure_privatebin {
    find "${pbpath}/" -type d -print0 | xargs -0 chmod 0550

    chown -R ${rootuser}:${htgroup} "${pbpath}/"
-    chown -R www-data:www-data ${pbdata}
+    chown -R www-data:www-data "${pbdata}"
 }

 function logging_on_privatebin {
@ -68,63 +68,65 @@ function logging_off_privatebin {
 }

 function remove_user_privatebin {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }

 function add_user_privatebin {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"

    echo '0'
 }

 function install_interactive_privatebin {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

-    if [[ $ONION_ONLY != "no" ]]; then
+    if [[ "$ONION_ONLY" != "no" ]]; then
        PRIVATEBIN_DOMAIN_NAME='privatebin.local'
    else
        PRIVATEBIN_DETAILS_COMPLETE=
        while [ ! $PRIVATEBIN_DETAILS_COMPLETE ]
        do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"PrivateBin Configuration" \
-                       --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                       $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
                       $"Code:" 2 1 "$(grep 'PRIVATEBIN_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 33 255 \
-                       2> $data
+                       2> "$data"
            else
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"PrivateBin Configuration" \
-                       --form $"\nPlease enter your PrivateBin details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
+                       --form $"\\nPlease enter your PrivateBin details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
                       $"Domain:" 1 1 "$(grep 'PRIVATEBIN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 33 40 \
-                       2> $data
+                       2> "$data"
            fi
            sel=$?
            case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
            esac
-            PRIVATEBIN_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $PRIVATEBIN_DOMAIN_NAME ]; then
-                if [[ $PRIVATEBIN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+            PRIVATEBIN_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
+                if [[ "$PRIVATEBIN_DOMAIN_NAME" == "$HUBZILLA_DOMAIN_NAME" ]]; then
                    PRIVATEBIN_DOMAIN_NAME=""
                fi
                TEST_DOMAIN_NAME=$PRIVATEBIN_DOMAIN_NAME
                validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PRIVATEBIN_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$PRIVATEBIN_DOMAIN_NAME" ]]; then
                    PRIVATEBIN_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        PRIVATEBIN_CODE=$(cat $data | sed -n 2p)
+                        PRIVATEBIN_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$PRIVATEBIN_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                            PRIVATEBIN_DOMAIN_NAME=
                        fi
                    fi
@ -133,6 +135,7 @@ function install_interactive_privatebin {
            if [ $PRIVATEBIN_DOMAIN_NAME ]; then
                PRIVATEBIN_DETAILS_COMPLETE="yes"
            fi
+            rm -f "$data"
        done

        write_config_param "PRIVATEBIN_CODE" "$PRIVATEBIN_CODE"
@ -142,8 +145,9 @@ function install_interactive_privatebin {
 }

 function change_password_privatebin {
-    curr_username="$1"
-    new_user_password="$2"
+#    curr_username="$1"
+#    new_user_password="$2"
+    echo -n ''
 }

 function reconfigure_privatebin {
@ -156,13 +160,13 @@ function upgrade_privatebin {
        return
    fi

-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
        PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
    fi

    # update to the next commit
    function_check set_repo_commit
-    set_repo_commit /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs "privatebin commit" "$PRIVATEBIN_COMMIT" $PRIVATEBIN_REPO
+    set_repo_commit "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" "privatebin commit" "$PRIVATEBIN_COMMIT" "$PRIVATEBIN_REPO"

    secure_privatebin
 }
@ -170,40 +174,40 @@ function upgrade_privatebin {

 function backup_local_privatebin {
    PRIVATEBIN_DOMAIN_NAME='privatebin'
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
        PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
    fi

-    source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"

    function_check suspend_site
-    suspend_site ${PRIVATEBIN_DOMAIN_NAME}
+    suspend_site "${PRIVATEBIN_DOMAIN_NAME}"

    function_check backup_directory_to_usb
    dest_directory=privatebin
-    backup_directory_to_usb $source_directory $dest_directory
+    backup_directory_to_usb "$source_directory" "$dest_directory"

    function_check restart_site
    restart_site
 }

 function restore_local_privatebin {
-    if ! grep -q "privatebin domain" $COMPLETION_FILE; then
+    if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
        return
    fi
    PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    if [ $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
        echo $"Restoring privatebin"
        temp_restore_dir=/root/tempprivatebin
-        privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+        privatebin_dir="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"

        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir privatebin
        if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$privatebin_dir ]; then
-                cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
+            if [ -d "$temp_restore_dir$privatebin_dir" ]; then
+                cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
            else
-                cp -rp $temp_restore_dir/* $privatebin_dir/
+                cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
            fi
            secure_privatebin
            rm -rf $temp_restore_dir
@ -215,39 +219,39 @@ function restore_local_privatebin {

 function backup_remote_privatebin {
    PRIVATEBIN_DOMAIN_NAME='privatebin'
-    if grep -q "privatebin domain" $COMPLETION_FILE; then
+    if grep -q "privatebin domain" "$COMPLETION_FILE"; then
        PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
    fi

-    source_directory=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data
+    source_directory="/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data"

    function_check suspend_site
-    suspend_site ${PRIVATEBIN_DOMAIN_NAME}
+    suspend_site "${PRIVATEBIN_DOMAIN_NAME}"

    function_check backup_directory_to_friend
    dest_directory=privatebin
-    backup_directory_to_friend $source_directory $dest_directory
+    backup_directory_to_friend "$source_directory" "$dest_directory"

    function_check restart_site
    restart_site
 }

 function restore_remote_privatebin {
-    if ! grep -q "privatebin domain" $COMPLETION_FILE; then
+    if ! grep -q "privatebin domain" "$COMPLETION_FILE"; then
        return
    fi
    PRIVATEBIN_DOMAIN_NAME=$(get_completion_param "privatebin domain")
-    if [ $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ "$PRIVATEBIN_DOMAIN_NAME" ]; then
        temp_restore_dir=/root/tempprivatebin
        privatebin_dir=/var/www/${PRIVATEBIN_DOMAIN_NAME}/htdocs/data

        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir privatebin
        if [ -d $temp_restore_dir ]; then
-            if [ -d cp $temp_restore_dir$privatebin_dir ]; then
-                cp -rp $temp_restore_dir$privatebin_dir/* $privatebin_dir/
+            if [ -d "$temp_restore_dir$privatebin_dir" ]; then
+                cp -rp "$temp_restore_dir$privatebin_dir/*" "$privatebin_dir/"
            else
-                cp -rp $temp_restore_dir/* $privatebin_dir/
+                cp -rp "$temp_restore_dir/*" "$privatebin_dir/"
            fi
            secure_privatebin
            rm -rf $temp_restore_dir
@ -262,14 +266,14 @@ function remove_privatebin {
    read_config_param "PRIVATEBIN_DOMAIN_NAME"
    read_config_param "MY_USERNAME"
    echo "Removing $PRIVATEBIN_DOMAIN_NAME"
-    nginx_dissite $PRIVATEBIN_DOMAIN_NAME
-    remove_certs $PRIVATEBIN_DOMAIN_NAME
+    nginx_dissite "$PRIVATEBIN_DOMAIN_NAME"
+    remove_certs "$PRIVATEBIN_DOMAIN_NAME"

-    if [ -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
-        rm -rf /var/www/$PRIVATEBIN_DOMAIN_NAME
+    if [ -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$PRIVATEBIN_DOMAIN_NAME"
    fi
-    if [ -f /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME ]; then
-        rm /etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
+    if [ -f "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME"
    fi
    function_check remove_onion_service
    remove_onion_service privatebin ${PRIVATEBIN_ONION_PORT}
@ -278,18 +282,18 @@ function remove_privatebin {
    fi
    remove_app privatebin
    remove_completion_param install_privatebin
-    sed -i '/privatebin/d' $COMPLETION_FILE
+    sed -i '/privatebin/d' "$COMPLETION_FILE"

    function_check remove_ddns_domain
-    remove_ddns_domain $PRIVATEBIN_DOMAIN_NAME
+    remove_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"
 }

 function install_privatebin {
-    if [ ! $ONION_ONLY ]; then
+    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

-    if [ ! $PRIVATEBIN_DOMAIN_NAME ]; then
+    if [ ! "$PRIVATEBIN_DOMAIN_NAME" ]; then
        echo $'No domain name was given for privatebin'
        exit 7359
    fi
@ -298,153 +302,153 @@ function install_privatebin {
    apt-get -yq install memcached php-memcached php-intl exiftool libfcgi0ldbl
    apt-get -yq install php-libsodium libsodium18 php-mcrypt

-    if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME ]; then
-        mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME
+    if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME"
    fi
-    if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
+    if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then

        if [ -d /repos/privatebin ]; then
-            mkdir /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-            cp -r -p /repos/privatebin/. /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-            cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+            mkdir "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+            cp -r -p /repos/privatebin/. "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+            cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 3468246824
            git pull
        else
            function_check git_clone
-            git_clone $PRIVATEBIN_REPO /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+            git_clone "$PRIVATEBIN_REPO" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
        fi

-        if [ ! -d /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs ]; then
+        if [ ! -d "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" ]; then
            echo $'Unable to clone privatebin repo'
            exit 63763873
        fi
    fi

-    cd /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-    git checkout $PRIVATEBIN_COMMIT -b $PRIVATEBIN_COMMIT
+    cd "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs" || exit 24682462
+    git checkout "$PRIVATEBIN_COMMIT" -b "$PRIVATEBIN_COMMIT"
    set_completion_param "privatebin commit" "$PRIVATEBIN_COMMIT"

-    chmod g+w /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
-    chown -R www-data:www-data /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs
+    chmod g+w "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"
+    chown -R www-data:www-data "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs"

    function_check add_ddns_domain
-    add_ddns_domain $PRIVATEBIN_DOMAIN_NAME
+    add_ddns_domain "$PRIVATEBIN_DOMAIN_NAME"

    PRIVATEBIN_ONION_HOSTNAME=$(add_onion_service privatebin 80 ${PRIVATEBIN_ONION_PORT})

    privatebin_nginx_site=/etc/nginx/sites-available/$PRIVATEBIN_DOMAIN_NAME
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
-        nginx_http_redirect $PRIVATEBIN_DOMAIN_NAME "index index.php"
-        echo 'server {' >> $privatebin_nginx_site
-        echo '  listen 443 ssl;' >> $privatebin_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $privatebin_nginx_site
-        echo "  server_name $PRIVATEBIN_DOMAIN_NAME;" >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
+        nginx_http_redirect "$PRIVATEBIN_DOMAIN_NAME" "index index.php"
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $PRIVATEBIN_DOMAIN_NAME;";
+          echo ''; } >> "$privatebin_nginx_site"
        function_check nginx_compress
-        nginx_compress $PRIVATEBIN_DOMAIN_NAME
-        echo '' >> $privatebin_nginx_site
-        echo '  # Security' >> $privatebin_nginx_site
+        nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
+        echo '' >> "$privatebin_nginx_site"
+        echo '  # Security' >> "$privatebin_nginx_site"
        function_check nginx_ssl
-        nginx_ssl $PRIVATEBIN_DOMAIN_NAME
+        nginx_ssl "$PRIVATEBIN_DOMAIN_NAME"

        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
+        nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"

-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Logs' >> $privatebin_nginx_site
-        echo '  access_log /dev/null;' >> $privatebin_nginx_site
-        echo '  error_log /dev/null;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  index index.php;' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  location ~ \.php {' >> $privatebin_nginx_site
-        echo '    include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
-        echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
-        echo '    fastcgi_read_timeout 30;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Location' >> $privatebin_nginx_site
-        echo '  location / {' >> $privatebin_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.php;';
+          echo '';
+          echo '  location ~ \.php {';
+          echo '    include snippets/fastcgi-php.conf;';
+          echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+          echo '    fastcgi_read_timeout 30;';
+          echo '  }';
+          echo '';
+          echo '  # Location';
+          echo '  location / {'; } >> "$privatebin_nginx_site"
        function_check nginx_limits
-        nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
-        echo '    try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
-        echo '  # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
-        echo '  location ~ /\.(ht|git) {' >> $privatebin_nginx_site
-        echo '    deny all;' >> $privatebin_nginx_site
-        echo '  }' >> $privatebin_nginx_site
-        echo '}' >> $privatebin_nginx_site
-        echo '' >> $privatebin_nginx_site
+        nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
+        { echo '    try_files $uri $uri/ @privatebin;';
+          echo '  }';
+          echo '';
+          echo '  # Restrict access that is unnecessary anyway';
+          echo '  location ~ /\.(ht|git) {';
+          echo '    deny all;';
+          echo '  }';
+          echo '}';
+          echo ''; } >> "$privatebin_nginx_site"
    else
-        echo -n '' > $privatebin_nginx_site
+        echo -n '' > "$privatebin_nginx_site"
    fi
-    echo 'server {' >> $privatebin_nginx_site
-    echo "    listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;" >> $privatebin_nginx_site
-    echo "    server_name $PRIVATEBIN_ONION_HOSTNAME;" >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$PRIVATEBIN_ONION_PORT default_server;";
+      echo "    server_name $PRIVATEBIN_ONION_HOSTNAME;";
+      echo ''; } >> "$privatebin_nginx_site"
    function_check nginx_compress
-    nginx_compress $PRIVATEBIN_DOMAIN_NAME
-    echo '' >> $privatebin_nginx_site
+    nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
+    echo '' >> "$privatebin_nginx_site"
    function_check nginx_disable_sniffing
-    nginx_disable_sniffing $PRIVATEBIN_DOMAIN_NAME
-    echo '' >> $privatebin_nginx_site
-    echo '  # Logs' >> $privatebin_nginx_site
-    echo '  access_log /dev/null;' >> $privatebin_nginx_site
-    echo '  error_log /dev/null;' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;" >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  index index.php;' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  location ~ \.php {' >> $privatebin_nginx_site
-    echo '    include snippets/fastcgi-php.conf;' >> $privatebin_nginx_site
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> $privatebin_nginx_site
-    echo '    fastcgi_read_timeout 30;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  # Location' >> $privatebin_nginx_site
-    echo '  location / {' >> $privatebin_nginx_site
+    nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo "  root /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  # Location';
+      echo '  location / {'; } >> "$privatebin_nginx_site"
    function_check nginx_limits
-    nginx_limits $PRIVATEBIN_DOMAIN_NAME '15m'
-    echo '    try_files $uri $uri/ @privatebin;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '' >> $privatebin_nginx_site
-    echo '  # Restrict access that is unnecessary anyway' >> $privatebin_nginx_site
-    echo '  location ~ /\.(ht|git) {' >> $privatebin_nginx_site
-    echo '    deny all;' >> $privatebin_nginx_site
-    echo '  }' >> $privatebin_nginx_site
-    echo '}' >> $privatebin_nginx_site
+    nginx_limits "$PRIVATEBIN_DOMAIN_NAME" '15m'
+    { echo '    try_files $uri $uri/ @privatebin;';
+      echo '  }';
+      echo '';
+      echo '  # Restrict access that is unnecessary anyway';
+      echo '  location ~ /\.(ht|git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '}'; } >> "$privatebin_nginx_site"

    function_check configure_php
    configure_php

    function_check create_site_certificate
-    create_site_certificate $PRIVATEBIN_DOMAIN_NAME 'yes'
+    create_site_certificate "$PRIVATEBIN_DOMAIN_NAME" 'yes'

    function_check nginx_ensite
-    nginx_ensite $PRIVATEBIN_DOMAIN_NAME
+    nginx_ensite "$PRIVATEBIN_DOMAIN_NAME"

-    cp /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
+    cp "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.sample.php" "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"

    # Change some defaults
-    sed -i 's|; qrcode|qrcode|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|default =.*|default = "1day"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|languagedefault =.*|languagedefault = "en"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1week =|; 1week =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1month =|; 1month =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|1year =|; 1year =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|never =|; never =|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|limit = 10|limit = 30|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|limit = 300|limit = 0|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|batchsize =.*|batchsize = 100|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|sizelimit =.*|sizelimit = 32768|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
-    sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php
+    sed -i 's|; qrcode|qrcode|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|default =.*|default = "1day"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|languagedefault =.*|languagedefault = "en"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1week =|; 1week =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1month =|; 1month =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|1year =|; 1year =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|never =|; never =|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|limit = 10|limit = 30|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|limit = 300|limit = 0|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|batchsize =.*|batchsize = 100|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|sizelimit =.*|sizelimit = 32768|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"
+    sed -i 's|defaultformatter =.*|defaultformatter = "markdown"|g' "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/cfg/conf.php"

-    mkdir -p /var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data
+    mkdir -p "/var/www/$PRIVATEBIN_DOMAIN_NAME/htdocs/data"

    secure_privatebin

--- a/src/freedombone-app-profanity
+++ b/src/freedombone-app-profanity
@ -57,12 +57,13 @@ function logging_off_profanity {
 }

 function remove_user_profanity {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }

 function add_user_profanity {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"

    echo '0'
 }
@ -82,19 +83,19 @@ function change_password_profanity {

    read_config_param DEFAULT_DOMAIN_NAME

-    ${PROJECT_NAME}-pass -u $curr_username -a xmpp -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$curr_username" -a xmpp -p "$new_user_password"

    # TODO: this is currently interactive. Really there needs to be a
    # non-interactive password change option for prosodyctl
    clear
    echo ''
    echo $'Currently Prosody requires password changes to be done interactively'
-    prosodyctl passwd ${curr_username}@${DEFAULT_DOMAIN_NAME}
+    prosodyctl passwd "${curr_username}@${DEFAULT_DOMAIN_NAME}"

    XMPP_CLIENT_DIR=/home/$curr_username/.local/share/profanity
    XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-    if [ -f $XMPP_CLIENT_ACCOUNTS ]; then
-        sed -i "s|password=.*|password=$new_user_password|g" $XMPP_CLIENT_ACCOUNTS
+    if [ -f "$XMPP_CLIENT_ACCOUNTS" ]; then
+        sed -i "s|password=.*|password=$new_user_password|g" "$XMPP_CLIENT_ACCOUNTS"
    fi
 }

@ -110,11 +111,11 @@ function upgrade_profanity {

    rm -rf /tmp/*

-    CURR_LIBMESODE_COMMIT=$(cat $COMPLETION_FILE | grep "libmesode commit" | awk -F ':' '{print $2}')
+    CURR_LIBMESODE_COMMIT=$(grep "libmesode commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
    if [[ "$CURR_LIBMESODE_COMMIT" != "$LIBMESODE_COMMIT" ]]; then
        function_check set_repo_commit
-        set_repo_commit $INSTALL_DIR/libmesode "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO
-        cd $INSTALL_DIR/libmesode
+        set_repo_commit "$INSTALL_DIR/libmesode" "libmesode commit" "$LIBMESODE_COMMIT" $LIBMESODE_REPO
+        cd "$INSTALL_DIR/libmesode" || exit 42682682
        ./bootstrap.sh
        ./configure
        make
@ -124,42 +125,42 @@ function upgrade_profanity {

    rm -rf /tmp/*

-    CURR_PROFANITY_COMMIT=$(cat $COMPLETION_FILE | grep "profanity commit" | awk -F ':' '{print $2}')
+    CURR_PROFANITY_COMMIT=$(grep "profanity commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
    if [[ "$CURR_PROFANITY_COMMIT" != "$PROFANITY_COMMIT" ]]; then
        function_check set_repo_commit
-        set_repo_commit $INSTALL_DIR/profanity "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO
-        cd $INSTALL_DIR/profanity
+        set_repo_commit "$INSTALL_DIR/profanity" "profanity commit" "$PROFANITY_COMMIT" $PROFANITY_REPO
+        cd "$INSTALL_DIR/profanity" || exit 248242684
        ./bootstrap.sh
        ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
        make
        make install
    fi

-    CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(cat $COMPLETION_FILE | grep "profanity omemo plugin commit" | awk -F ':' '{print $2}')
+    CURR_PROFANITY_OMEMO_PLUGIN_COMMIT=$(grep "profanity omemo plugin commit" "$COMPLETION_FILE" | awk -F ':' '{print $2}')
    if [[ "$CURR_PROFANITY_OMEMO_PLUGIN_COMMIT" != "$PROFANITY_OMEMO_PLUGIN_COMMIT" ]]; then
        # upgrade omemo plugins for all users
-        set_repo_commit $INSTALL_DIR/profanity-omemo-plugin "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO
-        cd $INSTALL_DIR/profanity-omemo-plugin
-        sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh
+        set_repo_commit "$INSTALL_DIR/profanity-omemo-plugin" "profanity omemo plugin commit" "$PROFANITY_OMEMO_PLUGIN_COMMIT" $PROFANITY_OMEMO_PLUGIN_REPO
+        cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 2468246284
+        sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
        pip uninstall -y profanity-omemo-plugin
        ./install.sh
        for d in /home/*/ ; do
            USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
            if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-                if [ ! -d /home/$USERNAME/.local/share/profanity/plugins ]; then
-                    mkdir -p /home/$USERNAME/.local/share/profanity/plugins
+                if [ ! -d "/home/$USERNAME/.local/share/profanity/plugins" ]; then
+                    mkdir -p "/home/$USERNAME/.local/share/profanity/plugins"
                fi
-                if [ -f $INSTALL_DIR/profanity-omemo-plugin/omemo.py ]; then
-                    rm $INSTALL_DIR/profanity-omemo-plugin/omemo.*
+                if [ -f "$INSTALL_DIR/profanity-omemo-plugin/omemo.py" ]; then
+                    rm "$INSTALL_DIR/profanity-omemo-plugin/omemo.*"
                fi
-                cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$USERNAME/.local/share/profanity/plugins
-                chown -R $USERNAME:$USERNAME /home/$USERNAME/.local
+                cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/home/$USERNAME/.local/share/profanity/plugins"
+                chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/.local"
            fi
        done
        if [ -f /etc/skel/.local/share/profanity/plugins/omemo.py ]; then
            rm /etc/skel/.local/share/profanity/plugins/omemo.*
        fi
-        cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins
+        cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" "/etc/skel/.local/share/profanity/plugins"
    fi

    chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
@ -183,11 +184,11 @@ function restore_remote_profanity {

 function remove_profanity {
    if [ -f /usr/local/bin/profanity ]; then
-        cd $INSTALL_DIR/profanity
+        cd "$INSTALL_DIR/profanity" || exit 4628462848
        make uninstall

        remove_completion_param install_profanity
-        sed -i '/profanity/d' $COMPLETION_FILE
+        sed -i '/profanity/d' "$COMPLETION_FILE"
    fi
 }

@ -197,8 +198,8 @@ function install_profanity {
        return
    fi
    # install profanity from source in order to get OMEMO support
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
    fi

    apt-get -yq install automake autoconf autoconf-archive libtool build-essential
@ -207,15 +208,15 @@ function install_profanity {

    # dependency for profanity not available in debian
    if [ -d /repos/libmesode ]; then
-        mkdir $INSTALL_DIR/libmesode
-        cp -r -p /repos/libmesode/. $INSTALL_DIR/libmesode
-        cd $INSTALL_DIR/libmesode
+        mkdir "$INSTALL_DIR/libmesode"
+        cp -r -p /repos/libmesode/. "$INSTALL_DIR/libmesode"
+        cd "$INSTALL_DIR/libmesode" || exit 46287642846872
        git pull
    else
-        git_clone $LIBMESODE_REPO $INSTALL_DIR/libmesode
+        git_clone "$LIBMESODE_REPO" "$INSTALL_DIR/libmesode"
    fi

-    cd $INSTALL_DIR/libmesode
+    cd "$INSTALL_DIR/libmesode" || exit 2468246284
    git checkout $LIBMESODE_COMMIT -b $LIBMESODE_COMMIT
    ./bootstrap.sh
    ./configure
@ -225,15 +226,15 @@ function install_profanity {

    # build profanity
    if [ -d /repos/profanity ]; then
-        mkdir $INSTALL_DIR/profanity
-        cp -r -p /repos/profanity/. $INSTALL_DIR/profanity
-        cd $INSTALL_DIR/profanity
+        mkdir "$INSTALL_DIR/profanity"
+        cp -r -p /repos/profanity/. "$INSTALL_DIR/profanity"
+        cd "$INSTALL_DIR/profanity" || exit 2468246824
        git pull
    else
-        git_clone $PROFANITY_REPO $INSTALL_DIR/profanity
+        git_clone "$PROFANITY_REPO" "$INSTALL_DIR/profanity"
    fi

-    cd $INSTALL_DIR/profanity
+    cd "$INSTALL_DIR/profanity" || exit 54287452858
    git checkout $PROFANITY_COMMIT -b $PROFANITY_COMMIT
    ./bootstrap.sh
    ./configure --disable-notifications --disable-icons --enable-otr --enable-pgp --enable-plugins --enable-c-plugins --enable-python-plugins --without-xscreensaver
@ -249,116 +250,116 @@ function install_profanity {
    apt-get -yq install python-pip python-setuptools clang libffi-dev libssl-dev python-dev

    if [ -d /repos/profanity-omemo ]; then
-        mkdir $INSTALL_DIR/profanity-omemo-plugin
-        cp -r -p /repos/profanity-omemo/. $INSTALL_DIR/profanity-omemo-plugin
-        cd $INSTALL_DIR/profanity-omemo-plugin
+        mkdir "$INSTALL_DIR/profanity-omemo-plugin"
+        cp -r -p /repos/profanity-omemo/. "$INSTALL_DIR/profanity-omemo-plugin"
+        cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 24682462842
        git pull
    else
-        git_clone $PROFANITY_OMEMO_PLUGIN_REPO $INSTALL_DIR/profanity-omemo-plugin
+        git_clone "$PROFANITY_OMEMO_PLUGIN_REPO" "$INSTALL_DIR/profanity-omemo-plugin"
    fi

-    cd $INSTALL_DIR/profanity-omemo-plugin
+    cd "$INSTALL_DIR/profanity-omemo-plugin" || exit 6428468248
    git checkout $PROFANITY_OMEMO_PLUGIN_COMMIT -b $PROFANITY_OMEMO_PLUGIN_COMMIT
-    if [ ! -f $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py ]; then
+    if [ ! -f "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" ]; then
        echo $'prof_omemo_plugin.py not found'
        exit 389225
    fi
-    sed -i 's|python setup.py|python2.7 setup.py|g' $INSTALL_DIR/profanity-omemo-plugin/install.sh
+    sed -i 's|python setup.py|python2.7 setup.py|g' "$INSTALL_DIR/profanity-omemo-plugin/install.sh"
    ./install.sh

    mkdir -p /etc/skel/.local/share/profanity/plugins
-    cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /etc/skel/.local/share/profanity/plugins
-    cp $INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py /home/$MY_USERNAME/.local/share/profanity/plugins
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
+    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /etc/skel/.local/share/profanity/plugins
+    cp "$INSTALL_DIR/profanity-omemo-plugin/deploy/prof_omemo_plugin.py" /home/$MY_USERNAME/.local/share/profanity/plugins
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"

    XMPP_CLIENT_DIR=/home/$MY_USERNAME/.local/share/profanity
    XMPP_CLIENT_ACCOUNTS=$XMPP_CLIENT_DIR/accounts
-    if [ ! -d $XMPP_CLIENT_DIR ]; then
-        mkdir -p $XMPP_CLIENT_DIR
+    if [ ! -d "$XMPP_CLIENT_DIR" ]; then
+        mkdir -p "$XMPP_CLIENT_DIR"
    fi

    XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
-    MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME")
+    #MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_USERNAME@$DEFAULT_DOMAIN_NAME")

    if [[ $ONION_ONLY == 'no' ]]; then
-        echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]" > $XMPP_CLIENT_ACCOUNTS
-        echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
-        echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
-        # There is a bug where profanity doesn't refresh the screen
-        # after gpg-agent has asked for a password, so for now
-        # don't set the gpg key by default
-        #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
-        echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+        { echo "[${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}]";
+          echo 'enabled=true';
+          echo "jid=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}";
+          echo "server=$XMPP_ONION_HOSTNAME";
+          # There is a bug where profanity doesn't refresh the screen
+          # after gpg-agent has asked for a password, so for now
+          # don't set the gpg key by default
+          #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
+          echo "pgp.keyid=";
+          echo 'resource=profanity';
+          echo "muc.service=chat.${DEFAULT_DOMAIN_NAME}";
+          echo "muc.nick=${MY_USERNAME}";
+          echo 'presence.last=online';
+          echo 'presence.login=online';
+          echo 'priority.online=0';
+          echo 'priority.chat=0';
+          echo 'priority.away=0';
+          echo 'priority.xa=0';
+          echo 'priority.dnd=0'; } > "$XMPP_CLIENT_ACCOUNTS"
        if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-            echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+            echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
        fi
    fi

    if [ -f /var/lib/tor/hidden_service_xmpp/hostname ]; then
-        echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> $XMPP_CLIENT_ACCOUNTS
+        echo "[${MY_USERNAME}@${XMPP_ONION_HOSTNAME}]" >> "$XMPP_CLIENT_ACCOUNTS"
        if [[ $ONION_ONLY == 'no' ]]; then
-            echo 'enabled=false' >> $XMPP_CLIENT_ACCOUNTS
+            echo 'enabled=false' >> "$XMPP_CLIENT_ACCOUNTS"
        else
-            echo 'enabled=true' >> $XMPP_CLIENT_ACCOUNTS
+            echo 'enabled=true' >> "$XMPP_CLIENT_ACCOUNTS"
        fi
-        echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "server=$XMPP_ONION_HOSTNAME" >> $XMPP_CLIENT_ACCOUNTS
-        # There is a bug where profanity doesn't refresh the screen
-        # after gpg-agent has asked for a password, so for now
-        # don't set the gpg key by default
-        #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID" >> $XMPP_CLIENT_ACCOUNTS
-        echo "pgp.keyid=" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'resource=profanity' >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.service=${XMPP_ONION_HOSTNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo "muc.nick=${MY_USERNAME}" >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.last=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'presence.login=online' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.online=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.chat=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.away=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.xa=0' >> $XMPP_CLIENT_ACCOUNTS
-        echo 'priority.dnd=0' >> $XMPP_CLIENT_ACCOUNTS
+        { echo "jid=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}";
+          echo "server=$XMPP_ONION_HOSTNAME";
+          # There is a bug where profanity doesn't refresh the screen
+          # after gpg-agent has asked for a password, so for now
+          # don't set the gpg key by default
+          #echo "pgp.keyid=$MY_GPG_PUBLIC_KEY_ID";
+          echo "pgp.keyid=";
+          echo 'resource=profanity';
+          echo "muc.service=${XMPP_ONION_HOSTNAME}";
+          echo "muc.nick=${MY_USERNAME}";
+          echo 'presence.last=online';
+          echo 'presence.login=online';
+          echo 'priority.online=0';
+          echo 'priority.chat=0';
+          echo 'priority.away=0';
+          echo 'priority.xa=0';
+          echo 'priority.dnd=0'; } >> "$XMPP_CLIENT_ACCOUNTS"
        if [ ${#XMPP_PASSWORD} -gt 2 ]; then
-            echo "password=$XMPP_PASSWORD" >> $XMPP_CLIENT_ACCOUNTS
+            echo "password=$XMPP_PASSWORD" >> "$XMPP_CLIENT_ACCOUNTS"
        fi
    fi

-    if [ ! -d /home/$MY_USERNAME/.config/profanity ]; then
-        mkdir -p /home/$MY_USERNAME/.config/profanity
+    if [ ! -d "/home/$MY_USERNAME/.config/profanity" ]; then
+        mkdir -p "/home/$MY_USERNAME/.config/profanity"
    fi
-    echo '[connection]' > /home/$MY_USERNAME/.config/profanity/profrc
+    echo '[connection]' > "/home/$MY_USERNAME/.config/profanity/profrc"
    if [[ $ONION_ONLY == 'no' ]]; then
-        echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+        echo "account=${MY_USERNAME}@${DEFAULT_DOMAIN_NAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
    else
-        echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> /home/$MY_USERNAME/.config/profanity/profrc
+        echo "account=${MY_USERNAME}@${XMPP_ONION_HOSTNAME}" >> "/home/$MY_USERNAME/.config/profanity/profrc"
    fi
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[plugins]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'load=prof_omemo_plugin.py;' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[otr]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'policy=opportunistic' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[pgp]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'log=off' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo '[ui]' >> /home/$MY_USERNAME/.config/profanity/profrc
-    echo 'enc.warn=true' >> /home/$MY_USERNAME/.config/profanity/profrc
+    { echo '';
+      echo '[plugins]';
+      echo 'load=prof_omemo_plugin.py;';
+      echo '';
+      echo '[otr]';
+      echo 'policy=opportunistic';
+      echo 'log=off';
+      echo '';
+      echo '[pgp]';
+      echo 'log=off';
+      echo '';
+      echo '[ui]';
+      echo 'enc.warn=true'; } >> "/home/$MY_USERNAME/.config/profanity/profrc"

-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.local
-    chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.local"
+    chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.config"

    chmod -R 700 /root/.local/lib/python3.4/site-packages/python_axolotl_*
    APP_INSTALLED=1
--- a/src/freedombone-app-radicale
+++ b/src/freedombone-app-radicale
@ -61,15 +61,15 @@ function logging_off_radicale {
 function remove_user_radicale {
    remove_username="$1"

-    ${PROJECT_NAME}-pass -u $remove_username --rmapp radicale
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp radicale

    if grep -q "${remove_username}:" ${RADICALE_USERS}; then
        sed -i "/${remove_username}:/d" ${RADICALE_USERS}
-        if [ -d /var/www/radicale/collections/${remove_username} ]; then
-            rm -rf /var/www/radicale/collections/${remove_username}
+        if [ -d "/var/www/radicale/collections/${remove_username}" ]; then
+            rm -rf "/var/www/radicale/collections/${remove_username}"
        fi
-        if [ -f /var/www/radicale/collections/${remove_username}.props ]; then
-            rm /var/www/radicale/collections/${remove_username}.props
+        if [ -f "/var/www/radicale/collections/${remove_username}.props" ]; then
+            rm "/var/www/radicale/collections/${remove_username}.props"
        fi
        systemctl restart radicale
    fi
@ -79,7 +79,7 @@ function add_user_radicale {
    new_username="$1"
    new_user_password="$2"

-    ${PROJECT_NAME}-pass -u $new_username -a radicale -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a radicale -p "$new_user_password"

    if [ ! -f ${RADICALE_USERS} ]; then
        touch ${RADICALE_USERS}
@ -88,13 +88,13 @@ function add_user_radicale {
    if ! grep -q "$new_username:" ${RADICALE_USERS}; then
        htpasswd -bd ${RADICALE_USERS} "$new_username" "$new_user_password"

-        echo '{"ICAL:calendar-color": "#9e50df"}' > /var/www/radicale/collections/${new_username}.props
-        mkdir /var/www/radicale/collections/${new_username}
-        echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > /var/www/radicale/collections/${new_username}/calendar.props
-        echo 'BEGIN:VCALENDAR' > /var/www/radicale/collections/${new_username}/calendar
-        echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN' >> /var/www/radicale/collections/${new_username}/calendar
-        echo 'VERSION:2.0' >> /var/www/radicale/collections/${new_username}/calendar
-        echo 'END:VCALENDAR' >> /var/www/radicale/collections/${new_username}/calendar
+        echo '{"ICAL:calendar-color": "#9e50df"}' > "/var/www/radicale/collections/${new_username}.props"
+        mkdir "/var/www/radicale/collections/${new_username}"
+        echo '{"ICAL:calendar-color": "#de631a", "tag": "VCALENDAR"}' > "/var/www/radicale/collections/${new_username}/calendar.props"
+        { echo 'BEGIN:VCALENDAR';
+          echo 'PRODID:-//Radicale//NONSGML Radicale Server//EN';
+          echo 'VERSION:2.0';
+          echo 'END:VCALENDAR'; } >> "/var/www/radicale/collections/${new_username}/calendar"

        chown -R www-data:www-data /var/www/radicale
        chmod -R 755 /var/www/radicale/*
@ -107,7 +107,7 @@ function change_password_radicale {
    existing_username="$1"
    new_user_password="$2"

-    ${PROJECT_NAME}-pass -u $existing_username -a radicale -p "$new_user_password"
+    "${PROJECT_NAME}-pass" -u "$existing_username" -a radicale -p "$new_user_password"

    if grep -q "${existing_username}:" ${RADICALE_USERS}; then
        sed -i "/${existing_username}:/d" ${RADICALE_USERS}
@ -127,14 +127,14 @@ function reconfigure_radicale {
    rm -rf /var/log/radicale/*

    # create an admin password
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
-        RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
    fi
    add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"

-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"

    touch /var/log/radicale/radicale.log
    chown -R www-data:www-data /var/log/radicale
@ -145,7 +145,7 @@ function upgrade_radicale {
        return
    fi

-    if ! grep -q "radicale version:" $COMPLETION_FILE; then
+    if ! grep -q "radicale version:" "$COMPLETION_FILE"; then
        return
    fi

@ -155,7 +155,7 @@ function upgrade_radicale {
    fi

    # get the source
-    cd /var/www/radicale
+    cd /var/www/radicale || exit 62784628468
    wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz

    # check the hash
@ -170,7 +170,7 @@ function upgrade_radicale {
        exit 73529
    fi
    rm Radicale-${RADICALE_VERSION}.tar.gz
-    cd Radicale-${RADICALE_VERSION}
+    cd "Radicale-${RADICALE_VERSION}" || exit 264824684

    # move the old command
    mv /usr/local/bin/radicale /usr/local/bin/radicale_previous
@ -186,9 +186,9 @@ function upgrade_radicale {
    fi

    # remove the old source
-    rm -rf Radicale-${CURR_RADICALE_VERSION}
+    rm -rf "Radicale-${CURR_RADICALE_VERSION}" || exit 6842684282

-    sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|radicale version.*|radicale version:$RADICALE_VERSION|g" "${COMPLETION_FILE}"
    chown -R www-data:www-data /var/www/radicale
    systemctl restart radicale
    systemctl restart nginx
@ -219,6 +219,7 @@ function restore_local_radicale {
        else
            cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            function_check backup_unmount_drive
            backup_unmount_drive
@ -233,6 +234,7 @@ function restore_local_radicale {
        else
            cp -r $temp_restore_dir/* /var/www/radicale/*
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            function_check backup_unmount_drive
            backup_unmount_drive
@ -264,6 +266,7 @@ function restore_remote_radicale {
        else
            cp -r $temp_restore_dir/* ${RADICALE_DIRECTORY}/
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            exit 236746
        fi
@ -276,6 +279,7 @@ function restore_remote_radicale {
        else
            cp -r $temp_restore_dir/* /var/www/radicale
        fi
+        # shellcheck disable=SC2181
        if [ ! "$?" = "0" ]; then
            exit 3674284
        fi
@ -332,17 +336,17 @@ function remove_radicale {
    fi

    remove_completion_param install_radicale
-    sed -i '/radicale/d' $COMPLETION_FILE
-    sed -i '/# Start radicale/,/# End radicale/d' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+    sed -i '/radicale/d' "$COMPLETION_FILE"
+    sed -i '/# Start radicale/,/# End radicale/d' "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
    systemctl restart nginx
 }

 function install_radicale {
    if [[ $ONION_ONLY == 'no' ]]; then
        # obtain a cert for the default domain
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+        if [[ "$(cert_exists "${DEFAULT_DOMAIN_NAME}" pem)" == "0" ]]; then
            echo $'Obtaining certificate for the main domain'
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
+            create_site_certificate "${DEFAULT_DOMAIN_NAME}" 'yes'
        fi
    fi

@ -368,7 +372,7 @@ function install_radicale {
    fi

    # get the source
-    cd /var/www/radicale
+    cd /var/www/radicale || exit 462874628
    wget ${RADICALE_DOWNLOAD_URL}${RADICALE_VERSION}.tar.gz

    # check the hash
@ -383,7 +387,7 @@ function install_radicale {
        exit 623252
    fi
    rm Radicale-${RADICALE_VERSION}.tar.gz
-    cd Radicale-${RADICALE_VERSION}
+    cd "Radicale-${RADICALE_VERSION}" || exit 872462842
    python setup.py install
    if [ ! -f /usr/local/bin/radicale ]; then
        echo $'Radicale did not install'
@ -398,52 +402,52 @@ function install_radicale {
    fi

    # create the configuration
-    echo '[server]' >  ${RADICALE_DIRECTORY}/config
-    echo 'hosts=localhost:52322' >> ${RADICALE_DIRECTORY}/config
-    echo 'ssl = False' >> ${RADICALE_DIRECTORY}/config
-    echo 'daemon = False' >> ${RADICALE_DIRECTORY}/config
-    echo 'base_prefix=/radicale/' >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[storage]' >> ${RADICALE_DIRECTORY}/config
-    echo 'type = filesystem' >> ${RADICALE_DIRECTORY}/config
-    echo "filesystem_folder = /var/www/radicale/collections" >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[well-known]' >> ${RADICALE_DIRECTORY}/config
-    echo "caldav = '/%(user)s/caldav/'" >> ${RADICALE_DIRECTORY}/config
-    echo "carddav = '/%(user)s/carddav/'" >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '#[auth]' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_hostname = localhost' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_port = 143' >> ${RADICALE_DIRECTORY}/config
-    echo '#imap_ssl = False' >> ${RADICALE_DIRECTORY}/config
-    echo '' >> ${RADICALE_DIRECTORY}/config
-    echo '[logging]' >> ${RADICALE_DIRECTORY}/config
-    echo 'debug = False' >> ${RADICALE_DIRECTORY}/config
+    { echo '[server]';
+      echo 'hosts=localhost:52322';
+      echo 'ssl = False';
+      echo 'daemon = False';
+      echo 'base_prefix=/radicale/';
+      echo '';
+      echo '[storage]';
+      echo 'type = filesystem';
+      echo "filesystem_folder = /var/www/radicale/collections";
+      echo '';
+      echo '[well-known]';
+      echo "caldav = '/%(user)s/caldav/'";
+      echo "carddav = '/%(user)s/carddav/'";
+      echo '';
+      echo '#[auth]';
+      echo '#imap_hostname = localhost';
+      echo '#imap_port = 143';
+      echo '#imap_ssl = False';
+      echo '';
+      echo '[logging]';
+      echo 'debug = False'; } > "${RADICALE_DIRECTORY}/config"

    # create an admin password
    if [ ${#RADICALE_PASSWORD} -lt 8 ]; then
-        if [ -f $IMAGE_PASSWORD_FILE ]; then
-            RADICALE_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+        if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+            RADICALE_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
        else
-            RADICALE_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+            RADICALE_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
        fi
    fi
    add_user_radicale "$MY_USERNAME" "$RADICALE_PASSWORD"

-    echo '[Unit]' > /etc/systemd/system/radicale.service
-    echo 'Description=Radicale CalDAV Server' >> /etc/systemd/system/radicale.service
-    echo 'After=network.target' >> /etc/systemd/system/radicale.service
-    echo '' >> /etc/systemd/system/radicale.service
-    echo '[Service]' >> /etc/systemd/system/radicale.service
-    echo 'Type=simple' >> /etc/systemd/system/radicale.service
-    echo 'User=www-data' >> /etc/systemd/system/radicale.service
-    echo 'Group=www-data' >> /etc/systemd/system/radicale.service
-    echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config" >> /etc/systemd/system/radicale.service
-    echo 'Restart=on-failure' >> /etc/systemd/system/radicale.service
-    echo 'RestartSec=10' >> /etc/systemd/system/radicale.service
-    echo '' >> /etc/systemd/system/radicale.service
-    echo '[Install]' >> /etc/systemd/system/radicale.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/radicale.service
+    { echo '[Unit]';
+      echo 'Description=Radicale CalDAV Server';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=www-data';
+      echo 'Group=www-data';
+      echo "ExecStart=/usr/local/bin/radicale --config ${RADICALE_DIRECTORY}/config";
+      echo 'Restart=on-failure';
+      echo 'RestartSec=10';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/radicale.service

    addresses_str=$"Addresses"
    echo "{\"tag\": \"VADDRESSBOOK\", \"D:displayname\": \"${addresses_str}\"}" > /var/www/radicale/collections/addresses.props
@ -461,107 +465,107 @@ function install_radicale {
    systemctl enable radicale
    systemctl start radicale

-    if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then
+    if [ ! -f "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}" ]; then
        # create a new site config
        RADICALE_ONION_HOSTNAME=$(add_onion_service radicale 80 ${RADICALE_ONION_PORT})

        if [[ $ONION_ONLY == 'no' ]]; then
-            echo 'server {' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    listen 443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    #listen [::]:443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            { echo 'server {';
+              echo "    listen 443 ssl;";
+              echo "    #listen [::]:443 ssl;";
+              echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
            function_check nginx_ssl
-            nginx_ssl ${DEFAULT_DOMAIN_NAME} mobile
+            nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile
            function_check nginx_disable_sniffing
-            nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "    server_name ${DEFAULT_DOMAIN_NAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
+            { echo '';
+              echo "    server_name ${DEFAULT_DOMAIN_NAME};";

-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+              echo '';
+              echo '    access_log /dev/null;';
+              echo '    error_log /dev/null;';
+              echo '';
+              echo '    # Start radicale';
+              echo '    location @radicale {';
+              echo '        auth_basic "Radicale";';
+              echo '        auth_basic_user_file /var/www/radicale/users;';
+              echo '        proxy_pass http://localhost:52322;';
+              echo '        proxy_buffering off;';
+              echo "        proxy_set_header Host \$host;";
+              echo "        proxy_set_header X-Real-IP \$remote_addr;";
+              echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+              echo "        proxy_set_header X-Forwarded-Proto \$scheme;";
+              echo '    }';
+              echo '';
+              echo '    location /radicale {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '';
+              echo '    location /.well-known/carddav {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '';
+              echo '    location /.well-known/caldav {';
+              echo "        try_files \$uri @radicale;";
+              echo '    }';
+              echo '    # End radicale';
+              echo '}';
+              echo ''; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
        else
-            echo -n '' > /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo -n '' > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
        fi
-        echo 'server {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo "    listen localhost:${RADICALE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo "    server_name ${RADICALE_ONION_HOSTNAME};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        { echo 'server {';
+          echo "    listen localhost:${RADICALE_ONION_PORT} default_server;";
+          echo '';
+          echo "    server_name ${RADICALE_ONION_HOSTNAME};";
+          echo '';
+          echo '    access_log /dev/null;';
+          echo '    error_log /dev/null;';
+          echo '';
+          echo '    # Start radicale';
+          echo '    location @radicale {';
+          echo '        auth_basic "Radicale";';
+          echo '        auth_basic_user_file /var/www/radicale/users;';
+          echo '        proxy_pass http://localhost:52322;';
+          echo '        proxy_buffering off;';
+          echo "        proxy_set_header Host \$host;";
+          echo "        proxy_set_header X-Real-IP \$remote_addr;";
+          echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo "        proxy_set_header X-Forwarded-Proto \$scheme;";
+          echo '    }';
+          echo '';
+          echo '    location /radicale {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '';
+          echo '    location /.well-known/carddav {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '';
+          echo '    location /.well-known/caldav {';
+          echo "        try_files \$uri @radicale;";
+          echo '    }';
+          echo '    # End radicale';
+          echo '}'; } >> "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"

        set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}"
    else
        # alter the existing site config
-        if ! grep -q "# Start radicale" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
-            sed -i '/]:443/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file \/var\/www\/radicale\/users;\n    proxy_pass http:\/\/localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location \/radicale {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/carddav {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/caldav {\n      try_files $uri @radicale;\n  }\n  # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            sed -i '/listen localhost/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file \/var\/www\/radicale\/users;\n    proxy_pass http:\/\/localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location \/radicale {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/carddav {\n      try_files $uri @radicale;\n  }\n\n  location \/.well-known\/caldav {\n      try_files $uri @radicale;\n  }\n  # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        if ! grep -q "# Start radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"; then
+            sed -i "/]:443/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host $host;\\n    proxy_set_header X-Real-IP $remote_addr;\\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto $scheme;\\n  }\\n\\n  location \\/radicale {\\n      try_files $uri @radicale;\\n  }\n\n  location \\/.well-known\\/carddav {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files $uri @radicale;\\n  }\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
+            sed -i "/listen localhost/a    # Start radicale\\n  location @radicale {\\n    auth_basic \"Radicale\";\\n    auth_basic_user_file \\/var\\/www\\/radicale\\/users;\\n    proxy_pass http:\\/\\/localhost:52322;\\n    proxy_buffering off;\\n    proxy_set_header Host $host;\\n    proxy_set_header X-Real-IP $remote_addr;\\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\\n    proxy_set_header X-Forwarded-Proto $scheme;\\n  }\\n\\n  location \/radicale {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/carddav {\\n      try_files $uri @radicale;\\n  }\\n\\n  location \\/.well-known\\/caldav {\\n      try_files $uri @radicale;\\n  }\\n  # End radicale" "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
        fi
    fi

    # create a certificate
-    if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
-            ${PROJECT_NAME}-addcert -h $DEFAULT_DOMAIN_NAME --dhkey ${DH_KEYLENGTH}
-            check_certificates $DEFAULT_DOMAIN_NAME
+    if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
+        if [ ! -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" ]; then
+            "${PROJECT_NAME}-addcert" -h "$DEFAULT_DOMAIN_NAME" --dhkey "${DH_KEYLENGTH}"
+            check_certificates "$DEFAULT_DOMAIN_NAME"
        fi
    fi

-    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+    if [ -f "/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" ]; then
        sed -i "s|radicale.crt|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
        sed -i "s|radicale.pem|${DEFAULT_DOMAIN_NAME}.pem|g" /etc/nginx/sites-available/radicale
    fi
@ -572,13 +576,13 @@ function install_radicale {

    systemctl restart nginx

-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a radicale -p "$RADICALE_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a radicale -p "$RADICALE_PASSWORD"

    # keep track of the version so we can check for upgrades
-    if ! grep -q "radicale version:" ${COMPLETION_FILE}; then
-        echo "radicale version:${RADICALE_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "radicale version:" "${COMPLETION_FILE}"; then
+        echo "radicale version:${RADICALE_VERSION}" >> "${COMPLETION_FILE}"
    else
-        sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|radicale version.*|radicale version:${RADICALE_VERSION}|g" "${COMPLETION_FILE}"
    fi

    APP_INSTALLED=1
--- a/src/freedombone-app-riot
+++ b/src/freedombone-app-riot
@ -76,39 +76,40 @@ function install_interactive_riot {
        RIOT_DETAILS_COMPLETE=
        while [ ! $RIOT_DETAILS_COMPLETE ]
        do
-            data=$(tempfile 2>/dev/null)
-            trap "rm -f $data" 0 1 2 5 15
+            data=$(mktemp 2>/dev/null)
            if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Riot Web user interface for Matrix" \
-                       --form $"\nPlease enter your details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
+                       --form $"\\nPlease enter your details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
                       $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
                       $"Code:" 2 1 "$(grep 'RIOT_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
-                       2> $data
+                       2> "$data"
            else
                dialog --backtitle $"Freedombone Configuration" \
                       --title $"Riot Web user interface for Matrix" \
-                       --form $"\nPlease enter your details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
+                       --form $"\\nPlease enter your details. The background image URL can be left blank.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
                       $"Domain:" 1 1 "$(grep 'RIOT_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
-                       2> $data
+                       2> "$data"
            fi
            sel=$?
            case $sel in
-                1) exit 1;;
-                255) exit 1;;
+                1) rm -f "$data"
+                   exit 1;;
+                255) rm -f "$data"
+                     exit 1;;
            esac
-            RIOT_DOMAIN_NAME=$(cat $data | sed -n 1p)
-            if [ $RIOT_DOMAIN_NAME ]; then
+            RIOT_DOMAIN_NAME=$(sed -n 1p < "$data")
+            if [ "$RIOT_DOMAIN_NAME" ]; then
                TEST_DOMAIN_NAME=$RIOT_DOMAIN_NAME
                validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $RIOT_DOMAIN_NAME ]]; then
+                if [[ "$TEST_DOMAIN_NAME" != "$RIOT_DOMAIN_NAME" ]]; then
                    RIOT_DOMAIN_NAME=
                    dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                else
                    if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
-                        RIOT_CODE=$(cat $data | sed -n 2p)
+                        RIOT_CODE=$(sed -n 2p < "$data")
                        validate_freedns_code "$RIOT_CODE"
-                        if [ ! $VALID_CODE ]; then
+                        if [ ! "$VALID_CODE" ]; then
                            RIOT_DOMAIN_NAME=
                        fi
                    fi
@ -117,6 +118,7 @@ function install_interactive_riot {
            if [ $RIOT_DOMAIN_NAME ]; then
                RIOT_DETAILS_COMPLETE="yes"
            fi
+            rm -f "$data"
        done

        # save the results in the config file
@ -132,14 +134,14 @@ function reconfigure_riot {

 function riot_download {
    # download
-    if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then
-        wget ${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz -O $INSTALL_DIR/${RIOT_FILENAME}.tar.gz
+    if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
+        wget "${RIOT_DOWNLOAD_URL}/${RIOT_FILENAME}.tar.gz" -O "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz"
    fi
-    if [ ! -f $INSTALL_DIR/${RIOT_FILENAME}.tar.gz ]; then
+    if [ ! -f "$INSTALL_DIR/${RIOT_FILENAME}.tar.gz" ]; then
        echo $'Unable to download Riot Web from releases'
        exit 62836
    fi
-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 2468724628

    # check the hash
    curr_hash=$(sha256sum ${RIOT_FILENAME}.tar.gz | awk -F ' ' '{print $1}')
@ -149,17 +151,17 @@ function riot_download {
    fi

    tar -xzvf ${RIOT_FILENAME}.tar.gz
-    if [ ! -d $INSTALL_DIR/${RIOT_FILENAME} ]; then
+    if [ ! -d "$INSTALL_DIR/${RIOT_FILENAME}" ]; then
        echo $'Unable to extract Riot Web tarball'
        exit 542826
    fi
-    cp -r $INSTALL_DIR/${RIOT_FILENAME}/* /var/www/$RIOT_DOMAIN_NAME/htdocs
+    cp -r "$INSTALL_DIR/${RIOT_FILENAME}/*" "/var/www/$RIOT_DOMAIN_NAME/htdocs"

-    chown -R www-data:www-data /var/www/$RIOT_DOMAIN_NAME/htdocs
+    chown -R www-data:www-data "/var/www/$RIOT_DOMAIN_NAME/htdocs"
 }

 function upgrade_riot {
-    if ! grep -q 'riot version:' $COMPLETION_FILE; then
+    if ! grep -q 'riot version:' "$COMPLETION_FILE"; then
        return
    fi

@ -171,7 +173,7 @@ function upgrade_riot {
    fi

    riot_download
-    sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" ${COMPLETION_FILE}
+    sed -i "s|riot version.*|riot version:$RIOT_VERSION|g" "${COMPLETION_FILE}"
    riot_remove_bad_links

    systemctl restart nginx
@ -207,7 +209,7 @@ function remove_riot {
    fi

    remove_completion_param install_riot
-    sed -i '/riot /d' $COMPLETION_FILE
+    sed -i '/riot /d' "$COMPLETION_FILE"
 }

 function install_riot {
@ -216,7 +218,7 @@ function install_riot {
    fi

    # check that matrix has been installed
-    if [ ! $MATRIX_DOMAIN_NAME ]; then
+    if [ ! "$MATRIX_DOMAIN_NAME" ]; then
        exit 687292
    fi
    if [[ "$MATRIX_DOMAIN_NAME" != *'.'* ]]; then
@ -235,32 +237,32 @@ function install_riot {
        mkdir -p /var/www/$RIOT_DOMAIN_NAME/htdocs
    fi

-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir "$INSTALL_DIR"
    fi

    riot_download

-    cd /var/www/$RIOT_DOMAIN_NAME/htdocs
+    cd "/var/www/$RIOT_DOMAIN_NAME/htdocs" || exit 4628462876

-    if [[ $ONION_ONLY == 'no' ]]; then
+    if [[ "$ONION_ONLY" == 'no' ]]; then
        riot_config_file="config.${RIOT_DOMAIN_NAME}.json"
        cp config.sample.json $riot_config_file
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" $riot_config_file
-        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," $riot_config_file
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
+        sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," "$riot_config_file"
    else
        riot_config_file="config.${MATRIX_ONION_DOMAIN_NAME}.json"
-        cp config.sample.json $riot_config_file
-        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" $riot_config_file
-        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" $riot_config_file
-        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," $riot_config_file
+        cp config.sample.json "$riot_config_file"
+        sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" "$riot_config_file"
+        sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" "$riot_config_file"
+        sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," "$riot_config_file"
    fi
-    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" $riot_config_file
-    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" $riot_config_file
-    sed -i 's|https://piwik.riot.im/||g' $riot_config_file
+    sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" "$riot_config_file"
+    sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" "$riot_config_file"
+    sed -i 's|https://piwik.riot.im/||g' "$riot_config_file"

    RIOT_ONION_HOSTNAME=$(add_onion_service riot 80 ${RIOT_ONION_PORT})

@ -268,68 +270,68 @@ function install_riot {
    if [[ $ONION_ONLY == "no" ]]; then
        function_check nginx_http_redirect
        nginx_http_redirect $RIOT_DOMAIN_NAME
-        echo 'server {' >> $riot_nginx_site
-        echo '  listen 443 ssl;' >> $riot_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $riot_nginx_site
-        echo "  server_name $RIOT_DOMAIN_NAME;" >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Security' >> $riot_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $RIOT_DOMAIN_NAME;";
+          echo '';
+          echo '  # Security'; } >> $riot_nginx_site
        function_check nginx_ssl
        nginx_ssl $RIOT_DOMAIN_NAME

        function_check nginx_disable_sniffing
        nginx_disable_sniffing $RIOT_DOMAIN_NAME

-        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Logs' >> $riot_nginx_site
-        echo '  access_log /dev/null;' >> $riot_nginx_site
-        echo '  error_log /dev/null;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  # Root' >> $riot_nginx_site
-        echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  index index.html;' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        echo '  location / {' >> $riot_nginx_site
+        { echo '  add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '  # Logs';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  # Root';
+          echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
+          echo '';
+          echo '  index index.html;';
+          echo '';
+          echo '  location / {'; } >> $riot_nginx_site
        function_check nginx_limits
        nginx_limits $RIOT_DOMAIN_NAME '15m'
-        echo '  }' >> $riot_nginx_site
-        echo '}' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
+        { echo '  }';
+          echo '}';
+          echo ''; } >> $riot_nginx_site
    else
        echo -n '' > $riot_nginx_site
    fi
-    echo 'server {' >> $riot_nginx_site
-    echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;" >> $riot_nginx_site
-    echo "    server_name $RIOT_ONION_HOSTNAME;" >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
+    { echo 'server {';
+      echo "    listen 127.0.0.1:$RIOT_ONION_PORT default_server;";
+      echo "    server_name $RIOT_ONION_HOSTNAME;";
+      echo ''; } >> $riot_nginx_site
    function_check nginx_disable_sniffing
    nginx_disable_sniffing $RIOT_DOMAIN_NAME
-    echo '' >> $riot_nginx_site
-    echo '  # Logs' >> $riot_nginx_site
-    echo '  access_log /dev/null;' >> $riot_nginx_site
-    echo '  error_log /dev/null;' >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  # Root' >> $riot_nginx_site
-    echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;" >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  index index.html;' >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    echo '  location / {' >> $riot_nginx_site
+    { echo '';
+      echo '  # Logs';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  # Root';
+      echo "  root /var/www/$RIOT_DOMAIN_NAME/htdocs;";
+      echo '';
+      echo '  index index.html;';
+      echo '';
+      echo '  location / {'; } >> $riot_nginx_site
    function_check nginx_limits
    nginx_limits $RIOT_DOMAIN_NAME '15m'
-    echo '  }' >> $riot_nginx_site
-    echo '}' >> $riot_nginx_site
+    echo '  }' >> "$riot_nginx_site"
+    echo '}' >> "$riot_nginx_site"

-    sed '/Content-Security-Policy/d' $riot_nginx_site
-    sed -i 's| DENY;| SAMEORIGIN;|g' $riot_nginx_site
-    sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' $riot_nginx_site
-    sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' $riot_nginx_site
+    sed '/Content-Security-Policy/d' "$riot_nginx_site"
+    sed -i 's| DENY;| SAMEORIGIN;|g' "$riot_nginx_site"
+    sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' "$riot_nginx_site"
+    sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=20 nodelay;|g' "$riot_nginx_site"

    function_check create_site_certificate
-    if [ ! -f /etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem ]; then
-        create_site_certificate $RIOT_DOMAIN_NAME 'yes'
+    if [ ! -f "/etc/ssl/certs/${RIOT_DOMAIN_NAME}.pem" ]; then
+        create_site_certificate "$RIOT_DOMAIN_NAME" 'yes'
    fi

    function_check nginx_ensite
@ -344,10 +346,10 @@ function install_riot {
    systemctl restart nginx

    set_completion_param "riot domain" "$RIOT_DOMAIN_NAME"
-    if ! grep -q "riot version:" ${COMPLETION_FILE}; then
-        echo "riot version:${RIOT_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "riot version:" "${COMPLETION_FILE}"; then
+        echo "riot version:${RIOT_VERSION}" >> "${COMPLETION_FILE}"
    else
-        sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|riot version.*|riot version:${RIOT_VERSION}|g" "${COMPLETION_FILE}"
    fi
    APP_INSTALLED=1
 }
--- a/src/freedombone-app-rss
+++ b/src/freedombone-app-rss
@ -62,12 +62,13 @@ function logging_off_rss {
 }

 function remove_user_rss {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }

 function add_user_rss {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
    echo '0'
 }

@ -77,26 +78,27 @@ function install_interactive_rss {
 }

 function change_password_rss {
-    curr_username="$1"
-    new_user_password="$2"
+    echo -n ''
+#    curr_username="$1"
+#    new_user_password="$2"

    #${PROJECT_NAME}-pass -u "$curr_username" -a rss -p "$new_user_password"
 }

 function rss_create_database {
-    if [ -f $IMAGE_PASSWORD_FILE ]; then
-        RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        RSS_READER_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
-        if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
-            RSS_READER_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+        if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
+            RSS_READER_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
        fi
    fi
-    if [ ! $RSS_READER_ADMIN_PASSWORD ]; then
+    if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
        return
    fi

    function_check create_database
-    create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME
+    create_database ttrss "$RSS_READER_ADMIN_PASSWORD" "$MY_USERNAME"
 }

 function reconfigure_rss {
@ -131,8 +133,8 @@ function upgrade_rss {
        # remove any previous install
        if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
            if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
-                sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-                sed -i '/rss mobile reader commit/d' $COMPLETION_FILE
+                sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
+                sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
                rm -rf $RSS_READER_PATH/g2ttree-mobile
            fi
        fi
@ -184,6 +186,7 @@ function restore_local_rss {
                fi
                cp -r $temp_restore_dir/* /etc/share/tt-rss/
            fi
+            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                function_check set_user_permissions
                set_user_permissions
@ -207,14 +210,14 @@ function restore_local_rss {
    function_check rss_modifications
    rss_modifications

-    if [ -d $USB_MOUNT/backup/ttrss ]; then
+    if [ -d "$USB_MOUNT/backup/ttrss" ]; then
        chown -R www-data:www-data /etc/share/tt-rss
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi
    fi

-    MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+    MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
    sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
    MARIADB_PASSWORD=
 }
@ -245,7 +248,7 @@ function backup_remote_rss {

 function restore_remote_rss {
    temp_restore_dir=/root/tempttrss
-    if grep -q "rss reader domain" $COMPLETION_FILE; then
+    if grep -q "rss reader domain" "$COMPLETION_FILE"; then
        echo $"Restoring ttrss"
        function_check get_mariadb_password
        get_mariadb_password
@ -263,6 +266,7 @@ function restore_remote_rss {
                fi
                cp -r $temp_restore_dir/* /etc/share/tt-rss/
            fi
+            # shellcheck disable=SC2181
            if [ ! "$?" = "0" ]; then
                exit 6391
            fi
@ -280,14 +284,14 @@ function restore_remote_rss {
        function_check rss_modifications
        rss_modifications

-        if [ -d $SERVER_DIRECTORY/backup/ttrss ]; then
+        if [ -d "$SERVER_DIRECTORY/backup/ttrss" ]; then
            chown -R www-data:www-data /etc/share/tt-rss
        fi
        if [ -d /root/tempttrss ]; then
            rm -rf /root/tempttrss
        fi

-        MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb)
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
        sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
        MARIADB_PASSWORD=

@ -313,9 +317,9 @@ function remove_rss {
    function_check drop_database
    drop_database ttrss
    remove_completion_param install_rss
-    sed -i '/RSS /d' $COMPLETION_FILE
-    sed -i '/rss /d' $COMPLETION_FILE
-    sed -i '/rss_/d' $COMPLETION_FILE
+    sed -i '/RSS /d' "$COMPLETION_FILE"
+    sed -i '/rss /d' "$COMPLETION_FILE"
+    sed -i '/rss_/d' "$COMPLETION_FILE"
    remove_backup_database_local ttrss
 }

@ -329,15 +333,15 @@ function rss_modifications {

    # ensure that socks5 proxy is used
    if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/plugins/af_unburn/init.php; then
-        sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/plugins/af_unburn/init.php
+        sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/plugins/af_unburn/init.php"
        rss_modified=1
    fi
    if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/include/functions.php; then
-        sed -i '/curl_setopt($ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\t\t\t\tcurl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);' $RSS_READER_PATH/include/functions.php
+        sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/include/functions.php"
        rss_modified=1
    fi
    if [ $rss_modified ]; then
-        cd $RSS_READER_PATH
+        cd $RSS_READER_PATH || exit 564286428
        git commit -a -m"Modify for Tor proxying"
    fi
    chown -R www-data:www-data $RSS_READER_PATH
@ -358,12 +362,12 @@ function install_rss_main {
    if [ ! -d /etc/share ]; then
        mkdir /etc/share
    fi
-    cd /etc/share
+    cd /etc/share || exit 46284628

    if [ -d /repos/rss ]; then
        mkdir tt-rss
        cp -r -p /repos/rss/. tt-rss
-        cd tt-rss
+        cd tt-rss || exit 462846822
        git pull
    else
        function_check git_clone
@ -374,7 +378,7 @@ function install_rss_main {
        echo $'Could not clone RSS reader repo'
        exit 52925
    fi
-    cd $RSS_READER_PATH
+    cd $RSS_READER_PATH || exit 42479825792593
    git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
    set_completion_param "rss reader commit" "$RSS_READER_COMMIT"

@ -397,151 +401,151 @@ function install_rss_main {
    USE_V2_ONION_ADDRESS=1
    RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT})

-    echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  root /etc/share/ttrss-mobile;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  index index.html index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location /tt-rss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss_base;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.html?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss_base {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo 'server {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "  server_name $RSS_READER_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  access_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  error_log /dev/null;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  root /etc/share/tt-rss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_read_timeout 30;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  ## chi http_user_agent for mobile / smart phones ##' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-)") {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    set $mobile_rewrite perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  if ($mobile_rewrite = perform) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    break;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  location ~ /\.(git) {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '    deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '  client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
-    echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
+    { echo 'server {';
+      echo "  listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;";
+      echo "  server_name $RSS_MOBILE_READER_ONION_HOSTNAME;";
+      echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /etc/share/ttrss-mobile;';
+      echo '  index index.html index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    try_files \$uri \$uri/ @ttrss;";
+      echo '  }';
+      echo '  location /tt-rss {';
+      echo "    try_files \$uri \$uri/ @ttrss_base;";
+      echo '  }';
+      echo '';
+      echo '  location @ttrss {';
+      echo "    rewrite ^(.*)\$ /index.html?p=\$1 last;";
+      echo '  }';
+      echo '  location @ttrss_base {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Permitted-Cross-Domain-Policies none;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  client_max_body_size 15m;';
+      echo '}';
+      echo '';
+      echo 'server {';
+      echo "  listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;";
+      echo "  server_name $RSS_READER_ONION_HOSTNAME;";
+      echo '';
+      echo '  access_log /dev/null;';
+      echo '  error_log /dev/null;';
+      echo '';
+      echo '  root /etc/share/tt-rss;';
+      echo '  index index.php;';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '    fastcgi_read_timeout 30;';
+      echo '  }';
+      echo '';
+      echo "  set \$mobile_rewrite do_not_perform;";
+      echo '';
+      echo '  ## chi http_user_agent for mobile / smart phones ##';
+      echo "  if (\$http_user_agent ~* \"(android|bb\\d+|meego).+mobile|avantgo|bada\\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino\") {";
+      echo "    set \$mobile_rewrite perform;";
+      echo '  }';
+      echo '';
+      echo "  if (\$http_user_agent ~* \"^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\\-(n|u)|c55\\/|capi|ccwa|cdm\\-|cell|chtm|cldc|cmd\\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\\-s|devi|dica|dmob|do(c|p)o|ds(12|\\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\\-|_)|g1 u|g560|gene|gf\\-5|g\\-mo|go(\\.w|od)|gr(ad|un)|haie|hcit|hd\\-(m|p|t)|hei\\-|hi(pt|ta)|hp( i|ip)|hs\\-c|ht(c(\\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\\-(20|go|ma)|i230|iac( |\\-|\\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\\/)|klon|kpt |kwc\\-|kyo(c|k)|le(no|xi)|lg( g|\\/(k|l|u)|50|54|\\-[a-w])|libw|lynx|m1\\-w|m3ga|m50\\/|ma(te|ui|xo)|mc(01|21|ca)|m\\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\\-2|po(ck|rt|se)|prox|psio|pt\\-g|qa\\-a|qc(07|12|21|32|60|\\-[2-7]|i\\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\\-|oo|p\\-)|sdk\\/|se(c(\\-|0|1)|47|mc|nd|ri)|sgh\\-|shar|sie(\\-|m)|sk\\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\\-|v\\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\\-|tdg\\-|tel(i|m)|tim\\-|t\-mo|to(pl|sh)|ts(70|m\\-|m3|m5)|tx\\-9|up(\\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\\-|your|zeto|zte\\-)\") {";
+      echo "    set \$mobile_rewrite perform;";
+      echo '  }';
+      echo '';
+      echo "  if (\$mobile_rewrite = perform) {";
+      echo "    rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;";
+      echo '    break;';
+      echo '  }';
+      echo '';
+      echo '  location ~ \.php {';
+      echo '    include snippets/fastcgi-php.conf;';
+      echo '    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
+      echo '  }';
+      echo '';
+      echo '  location / {';
+      echo "    try_files \$uri \$uri/ @ttrss;";
+      echo '  }';
+      echo '';
+      echo '  location @ttrss {';
+      echo "    rewrite ^(.*)\$ /index.php?p=\$1 last;";
+      echo '  }';
+      echo '';
+      echo '  location ~ /\.(git) {';
+      echo '    deny all;';
+      echo '  }';
+      echo '';
+      echo '  add_header X-XSS-Protection "1; mode=block";';
+      echo '  add_header X-Robots-Tag none;';
+      echo '  add_header X-Download-Options noopen;';
+      echo '  add_header X-Permitted-Cross-Domain-Policies none;';
+      echo '  add_header X-Frame-Options SAMEORIGIN;';
+      echo '  add_header X-Content-Type-Options nosniff;';
+      echo '  client_max_body_size 15m;';
+      echo '}'; } > "/etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME"

    if [ ! -f $RSS_READER_PATH/config.php ]; then
        # generate a config file
        RSS_FEED_CRYPT_KEY="$(create_password 24)"
-        echo '<?php' > $RSS_READER_PATH/config.php
-        echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_TYPE', 'mysql');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_HOST', 'localhost');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_USER', 'root');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_NAME', 'ttrss');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_PASS', '${MARIADB_PASSWORD}');" >> $RSS_READER_PATH/config.php
-        echo "  define('DB_PORT', '3306');" >> $RSS_READER_PATH/config.php
-        echo "  define('MYSQL_CHARSET', 'UTF8');" >> $RSS_READER_PATH/config.php
-        echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');" >> $RSS_READER_PATH/config.php
-        echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');" >> $RSS_READER_PATH/config.php
-        echo "  define('SINGLE_USER_MODE', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('SIMPLE_UPDATE_MODE', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('PHP_EXECUTABLE', '/usr/bin/php');" >> $RSS_READER_PATH/config.php
-        echo "  define('LOCK_DIRECTORY', 'lock');" >> $RSS_READER_PATH/config.php
-        echo "  define('CACHE_DIR', 'cache');" >> $RSS_READER_PATH/config.php
-        echo "  define('ICONS_DIR', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-        echo "  define('ICONS_URL', \"feed-icons\");" >> $RSS_READER_PATH/config.php
-        echo "  define('AUTH_AUTO_CREATE', true);" >> $RSS_READER_PATH/config.php
-        echo "  define('AUTH_AUTO_LOGIN', true);" >> $RSS_READER_PATH/config.php
-        echo "  define('FORCE_ARTICLE_PURGE', 0);" >> $RSS_READER_PATH/config.php
-        echo "  define('PUBSUBHUBBUB_HUB', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('PUBSUBHUBBUB_ENABLED', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('SPHINX_SERVER', 'localhost:9312');" >> $RSS_READER_PATH/config.php
-        echo "  define('SPHINX_INDEX', 'ttrss, delta');" >> $RSS_READER_PATH/config.php
-        echo "  define('ENABLE_REGISTRATION', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');" >> $RSS_READER_PATH/config.php
-        echo "  define('REG_MAX_USERS', 10);" >> $RSS_READER_PATH/config.php
-        echo "  define('SESSION_COOKIE_LIFETIME', 86400);" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');" >> $RSS_READER_PATH/config.php
-        echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_SERVER', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_LOGIN', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_PASSWORD', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('SMTP_SECURE', '');" >> $RSS_READER_PATH/config.php
-        echo "  define('CHECK_FOR_UPDATES', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('ENABLE_GZIP_OUTPUT', false);" >> $RSS_READER_PATH/config.php
-        echo "  define('PLUGINS', 'auth_internal, note, gnusocial');" >> $RSS_READER_PATH/config.php
-        echo "  define('LOG_DESTINATION', 'sql');" >> $RSS_READER_PATH/config.php
-        echo "  define('CONFIG_VERSION', 26);" >> $RSS_READER_PATH/config.php
+        { echo '<?php';
+          echo "  define('_CURL_HTTP_PROXY', '127.0.0.1:9050');";
+          echo "  define('DB_TYPE', 'mysql');";
+          echo "  define('DB_HOST', 'localhost');";
+          echo "  define('DB_USER', 'root');";
+          echo "  define('DB_NAME', 'ttrss');";
+          echo "  define('DB_PASS', '${MARIADB_PASSWORD}');";
+          echo "  define('DB_PORT', '3306');";
+          echo "  define('MYSQL_CHARSET', 'UTF8');";
+          echo "  define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');";
+          echo "  define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');";
+          echo "  define('SINGLE_USER_MODE', false);";
+          echo "  define('SIMPLE_UPDATE_MODE', false);";
+          echo "  define('PHP_EXECUTABLE', '/usr/bin/php');";
+          echo "  define('LOCK_DIRECTORY', 'lock');";
+          echo "  define('CACHE_DIR', 'cache');";
+          echo "  define('ICONS_DIR', \"feed-icons\");";
+          echo "  define('ICONS_URL', \"feed-icons\");";
+          echo "  define('AUTH_AUTO_CREATE', true);";
+          echo "  define('AUTH_AUTO_LOGIN', true);";
+          echo "  define('FORCE_ARTICLE_PURGE', 0);";
+          echo "  define('PUBSUBHUBBUB_HUB', '');";
+          echo "  define('PUBSUBHUBBUB_ENABLED', false);";
+          echo "  define('SPHINX_SERVER', 'localhost:9312');";
+          echo "  define('SPHINX_INDEX', 'ttrss, delta');";
+          echo "  define('ENABLE_REGISTRATION', false);";
+          echo "  define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');";
+          echo "  define('REG_MAX_USERS', 10);";
+          echo "  define('SESSION_COOKIE_LIFETIME', 86400);";
+          echo "  define('SMTP_FROM_NAME', 'Tiny Tiny RSS');";
+          echo "  define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');";
+          echo "  define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');";
+          echo "  define('SMTP_SERVER', '');";
+          echo "  define('SMTP_LOGIN', '');";
+          echo "  define('SMTP_PASSWORD', '');";
+          echo "  define('SMTP_SECURE', '');";
+          echo "  define('CHECK_FOR_UPDATES', false);";
+          echo "  define('ENABLE_GZIP_OUTPUT', false);";
+          echo "  define('PLUGINS', 'auth_internal, note, gnusocial');";
+          echo "  define('LOG_DESTINATION', 'sql');";
+          echo "  define('CONFIG_VERSION', 26);"; } > $RSS_READER_PATH/config.php
    fi

    # initialize the database
@ -569,28 +573,28 @@ function install_rss_main {
    systemctl restart nginx

    # daemon to update feeds
-    echo '[Unit]' > /etc/systemd/system/ttrss.service
-    echo 'Description=ttrss_backend' >> /etc/systemd/system/ttrss.service
-    echo 'After=network.target mariadb.service' >> /etc/systemd/system/ttrss.service
-    echo 'After=tor.service' >> /etc/systemd/system/ttrss.service
-    echo '' >> /etc/systemd/system/ttrss.service
-    echo '[Service]' >> /etc/systemd/system/ttrss.service
-    echo 'User=www-data' >> /etc/systemd/system/ttrss.service
-    echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon" >> /etc/systemd/system/ttrss.service
-    echo '' >> /etc/systemd/system/ttrss.service
-    echo '[Install]' >> /etc/systemd/system/ttrss.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ttrss.service
+    { echo '[Unit]';
+      echo 'Description=ttrss_backend';
+      echo 'After=network.target mariadb.service';
+      echo 'After=tor.service';
+      echo '';
+      echo '[Service]';
+      echo 'User=www-data';
+      echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon";
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ttrss.service
    systemctl enable ttrss
    systemctl daemon-reload
    systemctl start ttrss

-    ${PROJECT_NAME}-pass -u $MY_USERNAME -a rss -p "$RSS_READER_ADMIN_PASSWORD"
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a rss -p "$RSS_READER_ADMIN_PASSWORD"

    install_completed rss_main
 }

 function install_rss_gnusocial {
-    if [ ! $GNUSOCIAL_DOMAIN_NAME ]; then
+    if [ ! "$GNUSOCIAL_DOMAIN_NAME" ]; then
        return
    fi

@ -608,19 +612,19 @@ function install_rss_gnusocial {
        return
    fi

-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+    if [ ! -d "$INSTALL_DIR" ]; then
+        mkdir -p "$INSTALL_DIR"
    fi

-    cd $INSTALL_DIR
+    cd "$INSTALL_DIR" || exit 7246284
    function_check git_clone
    git_clone $RSS_READER_GNUSOCIAL_REPO ttrss-gnusocial
-    if [ ! -d $INSTALL_DIR/ttrss-gnusocial ]; then
+    if [ ! -d "$INSTALL_DIR/ttrss-gnusocial" ]; then
        echo $'Could not clone repo for RSS reader gnusocial plugin'
        exit 52838
    fi
-    cp -r $INSTALL_DIR/ttrss-gnusocial $RSS_READER_GNUSOCIAL_PATH
-    cd $RSS_READER_GNUSOCIAL_PATH
+    cp -r "$INSTALL_DIR/ttrss-gnusocial" $RSS_READER_GNUSOCIAL_PATH
+    cd "$RSS_READER_GNUSOCIAL_PATH" || exit 782462424
    git checkout $RSS_READER_GNUSOCIAL_COMMIT -b $RSS_READER_GNUSOCIAL_COMMIT
    set_completion_param "rss reader gnusocial commit" "$RSS_READER_GNUSOCIAL_COMMIT"
    chown -R www-data:www-data $RSS_READER_GNUSOCIAL_PATH
@ -642,8 +646,8 @@ function install_rss_mobile_reader {
    # remove any previous install
    if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
        if [[ $(is_completed "install_rss_mobile_reader") == "1" ]]; then
-            sed -i '/install_rss_mobile_reader/d' $COMPLETION_FILE
-            sed -i '/rss mobile reader commit/d' $COMPLETION_FILE
+            sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
+            sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
            rm -rf $RSS_READER_PATH/g2ttree-mobile
        fi
    fi
@ -652,12 +656,12 @@ function install_rss_mobile_reader {
        return
    fi

-    cd /etc/share
+    cd /etc/share || exit 7498264462

    if [ -d /repos/rss-mobile ]; then
        mkdir ttrss-mobile
        cp -r -p /repos/rss-mobile/. ttrss-mobile
-        cd ttrss-mobile
+        cd ttrss-mobile || exit 462846284682
        git pull
    else
        function_check git_clone
@ -668,7 +672,7 @@ function install_rss_mobile_reader {
        echo $'Could not clone RSS mobile reader repo'
        exit 24816
    fi
-    cd $RSS_MOBILE_READER_PATH
+    cd "$RSS_MOBILE_READER_PATH" || exit 462846246824
    git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
    set_completion_param "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT"

--- a/src/freedombone-app-scuttlebot
+++ b/src/freedombone-app-scuttlebot
@ -61,39 +61,44 @@ function scuttlebot_create_invite {
    invite_string=$(su -c "sbot invite.create 1" - scuttlebot | sed 's/"//g')

    clear
-    echo -e '\n\nYour Scuttlebot invite code is:\n\n'${invite_string}'\n\n'
+    echo -e "\\n\\nYour Scuttlebot invite code is:\\n\\n${invite_string}\\n\\n"
+    # shellcheck disable=SC2034
    read -n1 -r -p $"Press any key to continue..." key
 }

 function configure_interactive_scuttlebot {
    while true
    do
-        data=$(tempfile 2>/dev/null)
-        trap "rm -f $data" 0 1 2 5 15
+        data=$(mktemp 2>/dev/null)
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"Scuttlebot" \
               --radiolist $"Choose an operation:" 10 50 2 \
               1 $"Create an invite" off \
-               2 $"Exit" on 2> $data
+               2 $"Exit" on 2> "$data"
        sel=$?
        case $sel in
-            1) return;;
-            255) return;;
+            1) rm -f "$data"
+               return;;
+            255) rm -f "$data"
+                 return;;
        esac
-        case $(cat $data) in
+        case $(cat "$data") in
            1) scuttlebot_create_invite;;
-            2) break;;
+            2) rm -f "$data"
+               break;;
        esac
+        rm -f "$data"
    done
 }

 function remove_user_scuttlebot {
-    remove_username="$1"
+    echo -n ''
+#    remove_username="$1"
 }

 function add_user_scuttlebot {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
    echo '0'
 }

@ -109,8 +114,8 @@ function install_interactive_scuttlebot {
 }

 function change_password_scuttlebot {
-    new_username="$1"
-    new_user_password="$2"
+#    new_username="$1"
+#    new_user_password="$2"
    echo '0'
 }

@ -123,7 +128,7 @@ function reconfigure_scuttlebot {
 }

 function upgrade_scuttlebot {
-    if ! grep -q 'scuttlebot version:' $COMPLETION_FILE; then
+    if ! grep -q 'scuttlebot version:' $"COMPLETION_FILE"; then
        return
    fi

@ -134,11 +139,10 @@ function upgrade_scuttlebot {
        return
    fi

-    npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save
-    if [ ! "$?" = "0" ]; then
+    if ! npm upgrade -g scuttlebot@${SCUTTLEBOT_VERSION} --save; then
        return
    fi
-    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
+    sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
 }

 function backup_local_scuttlebot {
@ -218,71 +222,72 @@ function remove_scuttlebot {
    fi

    remove_completion_param install_scuttlebot
-    sed -i '/scuttlebot /d' $COMPLETION_FILE
+    sed -i '/scuttlebot /d' "$COMPLETION_FILE"
 }

 function git_ssb_script {
    if [[ "$1" == "mesh" ]]; then
+        # shellcheck disable=SC2154
        git_ssb_script_name=$rootdir/usr/bin/git-ssb-create
        git_ssb_daemon_filename=$rootdir/etc/systemd/system/git_ssb.service
    else
        git_ssb_script_name=/usr/bin/git-ssb-create
        git_ssb_daemon_filename=/etc/systemd/system/git_ssb.service
    fi
-    echo '#!/bin/bash' > $git_ssb_script_name
-    echo 'reponame="$1"' >> $git_ssb_script_name
-    echo '' >> $git_ssb_script_name
-    echo 'if [[ "$reponame" != "" ]]; then' >> $git_ssb_script_name
-    echo '  mkdir $reponame' >> $git_ssb_script_name
-    echo '  cd $reponame' >> $git_ssb_script_name
-    echo '  git init' >> $git_ssb_script_name
-    echo '  git ssb create ssb $reponame' >> $git_ssb_script_name
-    echo '  git push --tags ssb master' >> $git_ssb_script_name
-    echo 'fi' >> $git_ssb_script_name
-    echo 'exit 0' >> $git_ssb_script_name
+    { echo '#!/bin/bash';
+      echo "reponame=\"\$1\"";
+      echo '';
+      echo "if [[ \"\$reponame\" != \"\" ]]; then";
+      echo "  mkdir \$reponame";
+      echo "  cd \$reponame";
+      echo '  git init';
+      echo "  git ssb create ssb \$reponame";
+      echo '  git push --tags ssb master';
+      echo 'fi';
+      echo 'exit 0'; } > $git_ssb_script_name
    chmod +x $git_ssb_script_name

-    echo '[Unit]' > $git_ssb_daemon_filename
-    echo 'Description=Git SSB (SSB git web interface)' >> $git_ssb_daemon_filename
-    echo 'After=syslog.target' >> $git_ssb_daemon_filename
-    echo 'After=network.target' >> $git_ssb_daemon_filename
-    echo 'After=scuttlebot.target' >> $git_ssb_daemon_filename
-    echo '' >> $git_ssb_daemon_filename
-    echo '[Service]' >> $git_ssb_daemon_filename
-    echo 'Type=simple' >> $git_ssb_daemon_filename
-    echo 'User=scuttlebot' >> $git_ssb_daemon_filename
-    echo 'Group=scuttlebot' >> $git_ssb_daemon_filename
-    echo "WorkingDirectory=/etc/scuttlebot" >> $git_ssb_daemon_filename
-    echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT" >> $git_ssb_daemon_filename
-    echo 'Restart=always' >> $git_ssb_daemon_filename
-    echo 'Environment="USER=scuttlebot"' >> $git_ssb_daemon_filename
-    echo '' >> $git_ssb_daemon_filename
-    echo '[Install]' >> $git_ssb_daemon_filename
-    echo 'WantedBy=multi-user.target' >> $git_ssb_daemon_filename
+    { echo '[Unit]';
+      echo 'Description=Git SSB (SSB git web interface)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=scuttlebot.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo "ExecStart=/usr/bin/git ssb web --public localhost:$GIT_SSB_PORT";
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > $git_ssb_daemon_filename
 }

 function scuttlebot_git_setup {
    if [[ "$1" == "mesh" ]]; then
-        if [ ! -d $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight ]; then
-            mkdir $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight
+        if [ ! -d "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight" ]; then
+            mkdir "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight"
        fi
-        if [ ! -f $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css ]; then
+        if [ ! -f "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" ]; then
            echo $'Could not find foundation.css'
            exit 347687245
        fi
-        cp $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css $rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css
+        cp "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/highlight.js/styles/foundation.css" "$rootdir/usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web/highlight/foundation.css"

        git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
-        echo 'server {' > $git_ssb_nginx_site
-        echo "  listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site
-        echo "  server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
-        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
-        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
-        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
+        { echo 'server {';
+          echo "  listen $NGINX_GIT_SSB_PORT default_server;";
+          echo "  server_name P${PEER_ID}.local;";
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  add_header X-XSS-Protection "1; mode=block";';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header X-Frame-Options SAMEORIGIN;'; } > "$git_ssb_nginx_site"
    else
        if [ ! $SCUTTLEBOT_DOMAIN_NAME ]; then
            exit 7357225
@ -300,15 +305,15 @@ function scuttlebot_git_setup {
        git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
        function_check nginx_http_redirect
        nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
-        echo 'server {' >> $git_ssb_nginx_site
-        echo '  listen 443 ssl;' >> $git_ssb_nginx_site
-        echo '  #listen [::]:443 ssl;' >> $git_ssb_nginx_site
-        echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
+        { echo 'server {';
+          echo '  listen 443 ssl;';
+          echo '  #listen [::]:443 ssl;';
+          echo "  server_name $SCUTTLEBOT_DOMAIN_NAME;";
+          echo ''; } >> $git_ssb_nginx_site
        function_check nginx_compress
        nginx_compress $SCUTTLEBOT_DOMAIN_NAME
-        echo '' >> $git_ssb_nginx_site
-        echo '  # Security' >> $git_ssb_nginx_site
+        echo '' >> "$git_ssb_nginx_site"
+        echo '  # Security' >> "$git_ssb_nginx_site"
        function_check nginx_ssl
        nginx_ssl $SCUTTLEBOT_DOMAIN_NAME

@ -316,45 +321,45 @@ function scuttlebot_git_setup {
        nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
    fi

-    echo '' >> $git_ssb_nginx_site
-    echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site
-    echo '' >> $git_ssb_nginx_site
-    echo '  location = / {' >> $git_ssb_nginx_site
-    echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
-    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
-    echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
-    echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
-    echo '  }' >> $git_ssb_nginx_site
-    echo '}' >> $git_ssb_nginx_site
+    { echo '';
+      echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+      echo '';
+      echo '  location = / {';
+      echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
+      echo "    proxy_set_header X-Real-IP \$remote_addr;";
+      echo "    proxy_set_header Host \$host;";
+      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+      echo '    proxy_http_version 1.1;';
+      echo "    proxy_set_header Upgrade \$http_upgrade;";
+      echo '    proxy_set_header Connection upgrade;';
+      echo '  }';
+      echo '}'; } >> $git_ssb_nginx_site

-    if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then
-        echo '' >> $git_ssb_nginx_site
-        echo 'server {' >> $git_ssb_nginx_site
-        echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site
-        echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  access_log /dev/null;' >> $git_ssb_nginx_site
-        echo '  error_log /dev/null;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
-        echo '  add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
-        echo '  add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;' >> $git_ssb_nginx_site
-        echo '' >> $git_ssb_nginx_site
-        echo '  location = / {' >> $git_ssb_nginx_site
-        echo "    proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
-        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Host $host;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
-        echo '    proxy_http_version 1.1;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
-        echo '    proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
-        echo '  }' >> $git_ssb_nginx_site
-        echo '}' >> $git_ssb_nginx_site
+    if [ "$SCUTTLEBOT_ONION_HOSTNAME" ]; then
+        { echo '';
+          echo 'server {';
+          echo "  listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;";
+          echo "  server_name ${SCUTTLEBOT_ONION_HOSTNAME};";
+          echo '';
+          echo '  access_log /dev/null;';
+          echo '  error_log /dev/null;';
+          echo '';
+          echo '  add_header X-XSS-Protection "1; mode=block";';
+          echo '  add_header X-Content-Type-Options nosniff;';
+          echo '  add_header X-Frame-Options SAMEORIGIN;';
+          echo '';
+          echo '  root /usr/local/lib/node_modules/git-ssb/node_modules/git-ssb-web;';
+          echo '';
+          echo '  location = / {';
+          echo "    proxy_pass http://localhost:${GIT_SSB_PORT};";
+          echo "    proxy_set_header X-Real-IP \$remote_addr;";
+          echo "    proxy_set_header Host \$host;";
+          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
+          echo '    proxy_http_version 1.1;';
+          echo "    proxy_set_header Upgrade \$http_upgrade;";
+          echo '    proxy_set_header Connection upgrade;';
+          echo '  }';
+          echo '}'; } >> $git_ssb_nginx_site
    fi
    if [[ "$1" != "mesh" ]]; then
        nginx_ensite git_ssb
@ -364,23 +369,23 @@ function scuttlebot_git_setup {
 function mesh_install_dat {
    get_npm_arch

-    cat <<EOF > $rootdir/usr/bin/install_dat
+    cat <<EOF > "$rootdir/usr/bin/install_dat"
 #!/bin/bash
 npm install --arch=$NPM_ARCH -g dat
 npm install --arch=$NPM_ARCH -g @garbados/dat-boi
 npm install --arch=$NPM_ARCH -g add-to-systemd
-add-to-systemd dat-boi --user $(whoami) `which dat-boi`
+add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
 EOF
    chroot "$rootdir" /bin/chmod +x /usr/bin/install_dat
    chroot "$rootdir" /usr/bin/install_dat
-    rm $rootdir/usr/bin/install_dat
+    rm "$rootdir/usr/bin/install_dat"
 }

 function install_dat {
    npm install -g dat
    npm install -g @garbados/dat-boi
    npm install -g add-to-systemd
-    add-to-systemd dat-boi --user $(whoami) `which dat-boi`
+    add-to-systemd dat-boi --user "$(whoami)" "$(which dat-boi)"
 }

 function mesh_install_scuttlebot {
@ -390,7 +395,7 @@ function mesh_install_scuttlebot {

    get_npm_arch

-    cat <<EOF > $rootdir/usr/bin/install_scuttlebot
+    cat <<EOF > "$rootdir/usr/bin/install_scuttlebot"
 #!/bin/bash
 npm install --arch=$NPM_ARCH -g scuttlebot@${SCUTTLEBOT_VERSION}
 npm install --arch=$NPM_ARCH -g git-ssb
@ -398,37 +403,37 @@ npm install --arch=$NPM_ARCH -g git-remote-ssb
 EOF
    chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
    chroot "$rootdir" /usr/bin/install_scuttlebot
-    rm $rootdir/usr/bin/install_scuttlebot
+    rm "$rootdir/usr/bin/install_scuttlebot"

-    if [ ! -f $rootdir/usr/local/bin/sbot ]; then
+    if [ ! -f "$rootdir/usr/local/bin/sbot" ]; then
        echo $'Scuttlebot was not installed'
        exit 528253
    fi

-    if [ ! -d $rootdir/etc/scuttlebot ]; then
-        mkdir -p $rootdir/etc/scuttlebot
+    if [ ! -d "$rootdir/etc/scuttlebot" ]; then
+        mkdir -p "$rootdir/etc/scuttlebot"
    fi

    # an unprivileged user to run as
    chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot

    # daemon
-    echo '[Unit]' > $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Description=Scuttlebot (messaging system)' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'After=syslog.target' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'After=network.target' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '[Service]' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Type=simple' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'User=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Group=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo "WorkingDirectory=/etc/scuttlebot" >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'ExecStart=/usr/local/bin/sbot server' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Restart=always' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'Environment="USER=scuttlebot"' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service
-    echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service
+    { echo '[Unit]';
+      echo 'Description=Scuttlebot (messaging system)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/scuttlebot.service"

    scuttlebot_git_setup mesh
    git_ssb_script mesh
@ -455,22 +460,22 @@ function install_scuttlebot {
    useradd -d /etc/scuttlebot/ scuttlebot

    # daemon
-    echo '[Unit]' > /etc/systemd/system/scuttlebot.service
-    echo 'Description=Scuttlebot (messaging system)' >> /etc/systemd/system/scuttlebot.service
-    echo 'After=syslog.target' >> /etc/systemd/system/scuttlebot.service
-    echo 'After=network.target' >> /etc/systemd/system/scuttlebot.service
-    echo '' >> /etc/systemd/system/scuttlebot.service
-    echo '[Service]' >> /etc/systemd/system/scuttlebot.service
-    echo 'Type=simple' >> /etc/systemd/system/scuttlebot.service
-    echo 'User=scuttlebot' >> /etc/systemd/system/scuttlebot.service
-    echo 'Group=scuttlebot' >> /etc/systemd/system/scuttlebot.service
-    echo "WorkingDirectory=/etc/scuttlebot" >> /etc/systemd/system/scuttlebot.service
-    echo 'ExecStart=/usr/local/bin/sbot server' >> /etc/systemd/system/scuttlebot.service
-    echo 'Restart=always' >> /etc/systemd/system/scuttlebot.service
-    echo 'Environment="USER=scuttlebot"' >> /etc/systemd/system/scuttlebot.service
-    echo '' >> /etc/systemd/system/scuttlebot.service
-    echo '[Install]' >> /etc/systemd/system/scuttlebot.service
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/scuttlebot.service
+    { echo '[Unit]';
+      echo 'Description=Scuttlebot (messaging system)';
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=scuttlebot';
+      echo 'Group=scuttlebot';
+      echo "WorkingDirectory=/etc/scuttlebot";
+      echo 'ExecStart=/usr/local/bin/sbot server';
+      echo 'Restart=always';
+      echo 'Environment="USER=scuttlebot"';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/scuttlebot.service

    chown -R scuttlebot:scuttlebot /etc/scuttlebot

@ -489,24 +494,24 @@ function install_scuttlebot {
        exit 73528
    fi

-    echo '{' > /etc/scuttlebot/.ssb/config
-    echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\"," >> /etc/scuttlebot/.ssb/config
-    echo "  \"port\": ${SCUTTLEBOT_PORT}," >> /etc/scuttlebot/.ssb/config
-    echo '  "timeout": 30000,' >> /etc/scuttlebot/.ssb/config
-    echo '  "pub": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "local": true,' >> /etc/scuttlebot/.ssb/config
-    echo '  "friends": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "dunbar": 150,' >> /etc/scuttlebot/.ssb/config
-    echo '    "hops": 3' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "gossip": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "connections": 2' >> /etc/scuttlebot/.ssb/config
-    echo '  },' >> /etc/scuttlebot/.ssb/config
-    echo '  "master": [],' >> /etc/scuttlebot/.ssb/config
-    echo '  "logging": {' >> /etc/scuttlebot/.ssb/config
-    echo '    "level": "error"' >> /etc/scuttlebot/.ssb/config
-    echo '  }' >> /etc/scuttlebot/.ssb/config
-    echo '}' >> /etc/scuttlebot/.ssb/config
+    { echo '{';
+      echo "  \"host\": \"${DEFAULT_DOMAIN_NAME}\",";
+      echo "  \"port\": ${SCUTTLEBOT_PORT},";
+      echo '  "timeout": 30000,';
+      echo '  "pub": true,';
+      echo '  "local": true,';
+      echo '  "friends": {';
+      echo '    "dunbar": 150,';
+      echo '    "hops": 3';
+      echo '  },';
+      echo '  "gossip": {';
+      echo '    "connections": 2';
+      echo '  },';
+      echo '  "master": [],';
+      echo '  "logging": {';
+      echo '    "level": "error"';
+      echo '  }';
+      echo '}'; } > /etc/scuttlebot/.ssb/config
    chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
    systemctl restart scuttlebot.service

@ -527,10 +532,10 @@ function install_scuttlebot {

    systemctl restart nginx

-    if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then
-        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE}
+    if ! grep -q "scuttlebot version:" "${COMPLETION_FILE}"; then
+        echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> "${COMPLETION_FILE}"
    else
-        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" ${COMPLETION_FILE}
+        sed -i "s|scuttlebot version.*|scuttlebot version:${SCUTTLEBOT_VERSION}|g" "${COMPLETION_FILE}"
    fi

    APP_INSTALLED=1
--- a/src/freedombone-app-searx
+++ b/src/freedombone-app-searx