Merge pull request #43 from bashclub/2022-01-14

Release 1.0
2022-01-16 01:26:06 +01:00
parent 50fa92b618 7d7063a242
commit f3a0ab1d66
40 changed files with 1618 additions and 314 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,5 @@
 *__pycache__*
-.vscode/*
+.vscode/*
 conf/*
 !conf/README.md
 !conf/zamba.conf.example
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,17 +0,0 @@
 **** Zamba LXC Toolbox main branch ****
 - added dhcp support
 - fixed hardcoded samba sharename in `zmb-standalone` script
 - added support for container id's larger than 999
 **** Zamba LXC Toolbox v0.1 ****
 - `locales` are now configured noninteractive #21
 - timezone is now configured with `pct set` command in `install.sh` #22
 - changed command sequence in `install.sh` - select container first, then start the installation
 - improved / updated documentation
 - replaced `just-lxc` container by `debian-priv` and `debian-unpriv` container
 - (un)privileged now defined as constant based on created service #6
 - improved log messages in `install.sh`
 - `mailpiler`: website is now also `default_host`, removed nginx default site, dns entry is still required
 - changed `mailpiler` version to 1.3.11
 - changed `element-web` version to 1.7.25
 - `LXC_AUTHORIZED_KEY` variable now defines an `authorized_keys` file, by default the configuration of you proxmox host will be inherited (`~/.ssh/authorized_keys`)
--- a/README.md
+++ b/README.md
@@ -7,13 +7,19 @@ The package also provides LXC container installers for `mailpiler`, `matrix-syna
 ### Requirements
 Proxmox VE Server with at least one configured ZFS Pool.
 ### Included services:
- `zmb-standalone` => ZMB (Samba) standalone server with ZFS volume snapshot support (previous versions)
+- `checkmk` => Check_MK 2.0 Monitoring Server
- `zmb-ad` => ZMB (Samba) Active Directory Domain Controller, DNS Backends `SAMBA_INTERNAL` and `BIND9_DLZ` are supported
+- `debian-priv` => Debian privileged container with basic toolset
- `zmb-member` => ZMB (Samba) AD member with ZFS volume snapshot support (previous versions)
+- `debian-unpriv` => Debian unprivileged container with basic toolset
 - `mailpiler` => mailpiler mail archive [mailpiler.org](https://www.mailpiler.org/)
 - `matrix` => Matrix Synapse Homeserver [matrix.org](https://matrix.org/docs/projects/server/synapse) with Element Web [Element on github](https://github.com/vector-im/element-web)
- `debian-unpriv` => Debian unprivileged container with basic toolset
+- `nextcloud` => Nextcloud Server [nextcloud.com](https://nextcloud.com/) with fail2ban und redis configuration
- `debian-priv` => Debian privileged container with basic toolset
+- `onlyoffice` => OnlyOffice [onlyoffice.com](https://onlyoffice.com)
 - `open3a` => Open3a web based accounting software [open3a.de](https://open3a.de)
 - `proxmox-pbs` => Proxmox Backup Server [proxmox.com](https://proxmox.com/en/proxmox-backup-server)
 - `urbackup` => UrBackup Server [urbackup.org](https://urbackup.org)
 - `zmb-ad` => ZMB (Samba) Active Directory Domain Controller, DNS Backends `SAMBA_INTERNAL` and `BIND9_DLZ` are supported
 - `zmb-member` => ZMB (Samba) AD member with ZFS volume snapshot support (previous versions)
 - `zmb-standalone` => ZMB (Samba) standalone server with ZFS volume snapshot support (previous versions)
 ## Usage
 Just ssh into your Proxmox machine and clone this git repository. Make sure you have installed `git`.
 ```bash
@@ -26,14 +32,24 @@ git clone https://github.com/bashclub/zamba-lxc-toolbox
 cd zamba-lxc-toolbox
 ```
 ### Configuration
-To fit your requirements, please edit the file `zamba.conf` with your favourite text editor (e.g. `vim` or `nano`).
+Copy `zamba.conf.example` located in `conf` directory to a new file (default: `zamba.conf`) and adjust your desired settings.
-The required adjustments are in the LXC container section and in the section for the service you want to launch.
+For further information about configuration variables, have a look at [conf/README.md](conf/README.md)
-For further information about the config variables, have a look at [zamba.conf.md](zamba.conf.md)
+```bash
 cp conf/zamba.conf.example conf/zamba.conf
 ```
 ### Installation
-After configuring, you are able to launch the script interactively:
+After configuring, you are able to launch the script interactively (only works with `conf/zamba.conf`):
 ```bash
 bash install.sh
 ```
 ### Advanced Usage
 You can set optional parameters (config file, service, container id):
 #### Example:
 ```bash
 bash install.sh -i 280 -c conf/my-zmb-service.conf -s zmb-member
 ```
 You can also view possible parameters with `install.sh -h`
 After container creation, you will be prompted to select the service to install and depending on the service there may be some more questions during installation.
 Once the script has finished, the container is installed and running and you can continue with the service specific configuration.
--- a/conf/README.md
+++ b/conf/README.md
@@ -1,4 +1,5 @@
-# `zamba.conf` options reference
+# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS
 # Configuration options reference
 This is the reference of all config options you can set in `zamba.conf`
 <br>
@@ -48,7 +49,7 @@ Defines the amount of swap space in MB your LXC container is allowed to use (def
 LXC_SWAP="1024"
 ```
 ### LXC_HOSTNAME
-Defines the hostname of your LXC container
+Defines the hostname of your LXC container (Default: Name of installed Service)
 ```bash
 LXC_SWAP="zamba"
 ```
@@ -92,7 +93,7 @@ LXC_VLAN="80"
 ### LXC_PWD
 Defines the `root` password of your LXC container. Please use 'single quotation marks' to avoid unexpected behaviour.
 ```bash
-LXC_PWD="S3cr3tp@ssw0rd"
+LXC_PWD="Start!123"
 ```
 ### LXC_AUTHORIZED_KEY
 Defines an authorized_keys file to push into the LXC container.
@@ -103,7 +104,7 @@ LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys"
 ### LXC_TOOLSET
 Define your (administrative) tools, you always want to have installed into your LXC container
 ```bash
-LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https"
+LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc"
 ```
 ### LXC_TIMEZONE
 Define the local timezone of your LXC container (default: Euroe/Berlin)
@@ -116,6 +117,13 @@ Define system language on LXC container (locales)
 LXC_LOCALE="de_DE.utf8"
 ```
 This parameter is not used yet, but will be integrated in future releases.
 ### LXC_VIM_BG_DARK
 Set dark background for vim syntax highlighting (0 or 1)
 ```bash
 LXC_VIM_BG_DARK=1
 ```
 <br>
 ## Zamba Server Section
@@ -132,11 +140,6 @@ Defines the domain name in your Active Directory or Workgroup (AD DC, AD member,
 ```bash
 ZMB_DOMAIN="ZMB"
 ```
 ### ZMB_DNS_BACKEND
 Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage
 ```bash
 ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 ```
 ### ZMB_ADMIN_USER
 Defines the name of your domain administrator account (AD DC, AD member, standalone)
 ```bash
@@ -145,7 +148,7 @@ ZMB_ADMIN_USER="Administrator"
 ### ZMB_ADMIN_PASS
 Defines the domain administrator's password (AD DC, AD member).
 ```bash
-ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
+ZMB_ADMIN_PASS='Start!123'
 ```
 Please use 'single quotation marks' to avoid unexpected behaviour.
 `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail.
@@ -168,22 +171,7 @@ PILER_FQDN="piler.zmb.rocks"
 ### PILER_SMARTHOST
 Defines the smarthost for piler mail archive
 ```bash
-PILER_SMARTHOST="10.10.80.20"
+PILER_SMARTHOST="your.mailserver.tld"
 ```
 ### PILER_VERSION
 Defines the version number of piler mail archive to install
 ```bash
 PILER_VERSION="1.3.10"
 ```
 ### PILER_SPHINX_VERSION
 Defines the version of sphinx to install
 ```bash
 PILER_SPHINX_VERSION="3.3.1"
 ```
 ### PILER_PHP_VERSION
 Defines the php version to install
 ```bash
 PILER_PHP_VERSION="7.4"
 ```
 <br>
@@ -202,13 +190,67 @@ Define the FQDN for the Element Web virtual host
 ```bash
 MATRIX_ELEMENT_FQDN="element.zmb.rocks"
 ```
-### MATRIX_ELEMENT_VERSION
+
-Define the version of Element Web
+### MATRIX_ADMIN_USER
 Define the administrative user of matrix service
 ```bash
-MATRIX_ELEMENT_VERSION="v1.7.24"
+MATRIX_ADMIN_USER="admin"
 ```
-### MATRIX_JITSI_FQDN
+
-Define the FQDN for the Jitsi Meet virtual host
+### MATRIX_ADMIN_PASSWORD
 Define the admin password
 ```bash
-MATRIX_JITSI_FQDN="meet.zmb.rocks"
+MATRIX_ADMIN_PASSWORD="Start!123"
-```
+```
 ## Nextcloud-Section
 ### NEXTCLOUD_FQDN
 Define the FQDN of your Nextcloud server
 ```bash
 NEXTCLOUD_FQDN="nc1.zmb.rocks"
 ```
 ### NEXTCLOUD_ADMIN_USR
 The initial admin-user which will be configured
 ```bash
 NEXTCLOUD_ADMIN_USR="zmb-admin"
 ```
 ### NEXTCLOUD_ADMIN_PWD
 Build a strong password for this user. Username and password will shown at the end of the instalation. 
 ```bash
 NEXTCLOUD_ADMIN_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
 ```
 ### NEXTCLOUD_DATA
 Defines the data directory, which will be createt under LXC_SHAREFS_MOUNTPOINT
 ```bash
 NEXTCLOUD_DATA="nc_data"
 ```
 ### NEXTCLOUD_REVPROX
 Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban
 ```bash
 NEXTCLOUD_REVPROX="192.168.100.254"
 ```
 ## Check_MK-Section
 ### CMK_INSTANCE
 Define the name of your checkmk instance
 ```bash
 CMK_INSTANCE=zmbrocks
 ```
 ### CMK_ADMIN_PW
 Define the password of user 'cmkadmin'
 ```bash
 CMK_ADMIN_PW='Start!123'
 ```
 ### CMK_EDITION
 checkmk edition (raw or free)
 - raw = completely free
 - free = limited version of the enterprise edition (25 hosts, 1 instance)
 ```bash
 CMK_EDITION=raw
 ```
--- a/conf/zamba.conf.example
+++ b/conf/zamba.conf.example
@@ -34,7 +34,7 @@ LXC_MEM="1024"
 LXC_SWAP="1024"
 # Defines the hostname of your LXC container
-LXC_HOSTNAME="zamba"
+LXC_HOSTNAME="${service}"
 # Defines the domain name / search domain of your LXC container
 LXC_DOMAIN="zmb.rocks"
@@ -60,38 +60,39 @@ LXC_BRIDGE="vmbr0"
 LXC_VLAN=
 # Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour.
-LXC_PWD='S3cr3tp@ssw0rd'
+LXC_PWD='Start!123'
 # Defines an authorized_keys file to push into the LXC container.
 # By default the authorized_keys will be inherited from your proxmox host.
 LXC_AUTHORIZED_KEY=~/.ssh/authorized_keys
 # Define your (administrative) tools, you always want to have installed into your LXC container
-LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https"
+LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc"
 # Define the local timezone of your LXC container (default: Euroe/Berlin)
 LXC_TIMEZONE="Europe/Berlin"
 # Define system language on LXC container (locales)
-LXC_LOCALE=de_DE.UTF-8
+# With this paramater you can generate additional locales, the default language will be inherited from proxmox host.
 # en_US.UTF-8  english
 # de_DE.UTF-8  german (default)
 LXC_LOCALE="de_DE.UTF-8"
 # Set dark background for vim syntax highlighting (0 or 1)
 LXC_VIM_BG_DARK=1
 ############### Zamba-Server-Section ###############
 # Defines the REALM for the Active Directory (AD DC, AD member)
 # IMPORTANT NOTE: ZMB_REALM is case sensitive and the value needs to be written completely in capital letters, otherwise Kerberos will fail
 ZMB_REALM="ZMB.ROCKS"
 # Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
 # IMPORTANT NOTE: ZMB_DOMAIN is case sensitive and the value needs to be written completely in capital letters
 ZMB_DOMAIN="ZMB"
 # Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage
 ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 # Defines the name of your domain administrator account (AD DC, AD member, standalone)
 ZMB_ADMIN_USER="administrator"
 # The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour
 # `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail
-ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
+ZMB_ADMIN_PASS='Start!123'
 # Defines the name of your Zamba share
 ZMB_SHARE="share"
@@ -102,12 +103,6 @@ ZMB_SHARE="share"
 PILER_FQDN="piler.zmb.rocks"
 # Defines the smarthost for piler mail archive
 PILER_SMARTHOST="your.mailserver.tld"
 # Defines the version number of piler mail archive to install
 PILER_VERSION="1.3.11"
 # Defines the version of sphinx to install
 PILER_SPHINX_VERSION="3.3.1"
 # Defines the php version to install
 PILER_PHP_VERSION="7.4"
 ############### Matrix-Section ###############
@@ -117,8 +112,38 @@ MATRIX_FQDN="matrix.zmb.rocks"
 # Define the FQDN for the Element Web virtual host
 MATRIX_ELEMENT_FQDN="element.zmb.rocks"
-# Define the version of Element Web
+# Define the administrative user of matrix service
-MATRIX_ELEMENT_VERSION="v1.7.25"
+MATRIX_ADMIN_USER="admin"
-# Define the FQDN for the Jitsi Meet virtual host
+# Define the admin password
-MATRIX_JITSI_FQDN="meet.zmb.rocks"
+MATRIX_ADMIN_PASSWORD="Start!123"
 ############### Nextcloud-Section ###############
 # Define the FQDN of your Nextcloud server
 NEXTCLOUD_FQDN="nc1.zmb.rocks"
 # The initial admin-user which will be configured
 NEXTCLOUD_ADMIN_USR="zmb-admin"
 # Build a strong password for this user. Username and password will shown at the end of the instalation. 
 NEXTCLOUD_ADMIN_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
 # Defines the data directory, which will be createt under LXC_SHAREFS_MOUNTPOINT
 NEXTCLOUD_DATA="nc_data"
 # Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban
 NEXTCLOUD_REVPROX="192.168.100.254"
 ############### Check_MK-Section ###############
 # Define the name of your checkmk instance
 CMK_INSTANCE=zmbrocks
 # Define the password of user 'cmkadmin'
 CMK_ADMIN_PW='Start!123'
 # checkmk edition (raw or free)
 # raw = completely free
 # free = limited version of the enterprise edition (25 hosts, 1 instance)
 CMK_EDITION=raw
--- a/debian-priv.sh
+++ b/debian-priv.sh
@@ -1,20 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET
 sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc
--- a/debian-unpriv.sh
+++ b/debian-unpriv.sh
@@ -1,18 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 dpkg-reconfigure locales
 source /root/zamba.conf
 # Set Timezone
 ln -sf /usr/share/zoneinfo/$LXC_TIMEZONE /etc/localtime
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET
 sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc
--- a/install.sh
+++ b/install.sh
@@ -15,78 +15,102 @@
 # Please adjust th settings in 'zamba.conf' to your needs before running the script
 ############### ZAMBA INSTALL SCRIPT ###############
 prog="$(basename "$0")"
 usage() {
 	cat >&2 <<-EOF
 	usage: $prog [-h] [-i CTID] [-s SERVICE] [-c CFGFILE]
 	  installs a preconfigured lxc container on your proxmox server
    -i CTID      provide a container id instead of auto detection
    -s SERVICE   provide the service name and skip the selection dialog
    -c CFGFILE   use a different config file than 'zamba.conf'
    -h           displays this help text
  ---------------------------------------------------------------------------
    (C) 2021     zamba-lxc-toolbox by bashclub (https://github.com/bashclub)
  ---------------------------------------------------------------------------
 	EOF
 	exit $1
 }
 ctid=0
 service=ask
 config=$PWD/conf/zamba.conf
 verbose=0
 while getopts "hi:s:c:" opt; do
  case $opt in
    h) usage 0 ;;
    i) ctid=$OPTARG ;;
    s) service=$OPTARG ;;
    c) config=$OPTARG ;;
    *) usage 1 ;;
  esac
 done
 shift $((OPTIND-1))
 # Load configuration file
-source $PWD/zamba.conf
+echo "Loading config file '$config'..."
 source $config
-LXC_MP="0"
+OPTS=$(ls -d $PWD/src/*/ | grep -v __ | xargs basename -a)
 LXC_UNPRIVILEGED="1"
 LXC_NESTING="0"
-select opt in zmb-standalone zmb-ad zmb-member mailpiler matrix debian-unpriv debian-priv quit; do
+valid=0
-  case $opt in
+if [[ "$service" == "ask" ]]; then
-    debian-unpriv)
+  select svc in $OPTS quit; do
-      echo "Debian-only LXC container unprivileged mode selected"
+    if [[ "$svc" != "quit" ]]; then
-      break
+       for line in $(echo $OPTS); do
-      ;;
+        if [[ "$svc" == "$line" ]]; then
-    debian-priv)
+          service=$svc
-      echo "Debian-only LXC container privileged mode selected"
+          echo "Installation of $service selected."
-      LXC_UNPRIVILEGED="0"
+          valid=1
-      break
+          break
-      ;;
+        fi
-    zmb-standalone)
+      done
-      echo "Configuring LXC container '$opt'!"
+    else
-      LXC_MP="1"
+      echo "Selected 'quit' exiting without action..."
      LXC_UNPRIVILEGED="0"
      break
      ;;
    zmb-member)
      echo "Configuring LXC container '$opt'!"
      LXC_MP="1"
      LXC_UNPRIVILEGED="0"
      break
      ;;
    zmb-ad)
      echo "Selected Zamba AD DC"
      LXC_NESTING="1"
      LXC_UNPRIVILEGED="0"
      break
      ;;
    mailpiler)
      echo "Configuring LXC container for '$opt'!"
      LXC_NESTING="1"
      break
      ;;
    matrix)
      echo "Install Matrix chat server and element web service"
      break
      ;;
    quit)
      echo "Script aborted by user interaction."
      exit 0
-      ;;
+    fi
-    *)
+    if [[ "$valid" == "1" ]]; then
-      echo "Invalid option! Exiting..."
+      break
-      exit 1
+    fi
-      ;;
+  done
-    esac
+else
-done
+  for line in $(echo $OPTS); do
    if [[ "$service" == "$line" ]]; then
      echo "Installation of $service selected."
      valid=1
      break
    fi
  done
 fi
 if [[ "$valid" != "1" ]]; then
  echo "Invalid option, exiting..."
  usage 1
 fi
 source $PWD/src/$service/constants-service.conf
 # CHeck is the newest template available, else download it.
-DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep debian-10-standard | cut -d'_' -f2)
+DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep $LXC_TEMPLATE_VERSION | cut -d'_' -f2)
-DEB_REP=$(pveam available --section system | grep debian-10-standard | cut -d'_' -f2)
+DEB_REP=$(pveam available --section system | grep $LXC_TEMPLATE_VERSION | cut -d'_' -f2)
 if [[ $DEB_LOC == $DEB_REP ]];
 then
-  echo "Newest Version of Debian 10 Standard $DEP_REP exists.";
+  echo "Newest Version of $LXC_TEMPLATE_VERSION $DEP_REP exists.";
 else
-  echo "Will now download newest Debian 10 Standard $DEP_REP.";
+  echo "Will now download newest $LXC_TEMPLATE_VERSION $DEP_REP.";
-  pveam download $LXC_TEMPLATE_STORAGE debian-10-standard_$DEB_REP\_amd64.tar.gz
+  pveam download $LXC_TEMPLATE_STORAGE "$LXC_TEMPLATE_VERSION"_$DEB_REP\_amd64.tar.gz
 fi
-# Get next free LXC-number
+if [ $ctid -gt 99 ]; then
-LXC_LST=$( lxc-ls -1 | tail -1 )
+  LXC_CHK=$ctid
-LXC_CHK=$((LXC_LST+1));
+else
  # Get next free LXC-number
  LXC_LST=$( lxc-ls -1 | tail -1 )
  LXC_CHK=$((LXC_LST+1));
 fi
 if  [ $LXC_CHK -lt 100 ] || [ -f /etc/pve/qemu-server/$LXC_CHK.conf ]; then
  LXC_NBR=$(pvesh get /cluster/nextid);
@@ -96,15 +120,11 @@ fi
 echo "Will now create LXC Container $LXC_NBR!";
 # Create the container
-pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/debian-10-standard_$DEB_REP\_amd64.tar.gz -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE;
+pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/"$LXC_TEMPLATE_VERSION"_$DEB_REP\_amd64.tar.gz -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE;
 sleep 2;
 # Check vlan configuration
-if [[ $LXC_VLAN != "" ]];then
+if [[ $LXC_VLAN != "" ]];then VLAN=",tag=$LXC_VLAN"; else VLAN=""; fi
  VLAN=",tag=$LXC_VLAN"
 else
 VLAN=""
 fi
 # Reconfigure conatiner
 pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME -onboot 1 -timezone $LXC_TIMEZONE -features nesting=$LXC_NESTING;
 if [ $LXC_DHCP == true ]; then
@@ -124,23 +144,22 @@ PS3="Select the Server-Function: "
 pct start $LXC_NBR;
 sleep 5;
 # Set the root password and key
 echo "Setting root password"
 echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd;
 echo "Creating /root/.ssh"
 lxc-attach -n$LXC_NBR mkdir /root/.ssh;
 echo "Copying authorized_keys"
 pct push $LXC_NBR $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys
-echo "Copying sources.list"
+pct push $LXC_NBR $config /root/zamba.conf
-pct push $LXC_NBR ./sources.list /etc/apt/sources.list
+pct push $LXC_NBR $PWD/src/constants.conf /root/constants.conf
-echo "Copying zamba.conf"
+pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh
-pct push $LXC_NBR ./zamba.conf /root/zamba.conf
+pct push $LXC_NBR $PWD/src/$service/install-service.sh /root/install-service.sh
-echo "Copying install script"
+pct push $LXC_NBR $PWD/src/$service/constants-service.conf /root/constants-service.conf
 pct push $LXC_NBR ./$opt.sh /root/$opt.sh
 echo "Install '$opt'!"
 lxc-attach -n$LXC_NBR bash /root/$opt.sh
-if [[ $opt == "zmb-ad" ]]; then
+echo "Installing basic container setup..."
 lxc-attach -n$LXC_NBR bash /root/lxc-base.sh
 echo "Install '$service'!"
 lxc-attach -n$LXC_NBR bash /root/install-service.sh
 if [[ $service == "zmb-ad" ]]; then
  pct stop $LXC_NBR
  pct set $LXC_NBR \-nameserver $(echo $LXC_IP | cut -d'/' -f 1)
  pct start $LXC_NBR
-fi
+fi
--- a/new-config.py
+++ b/new-config.py
@@ -0,0 +1,136 @@
 #!/usr/bin/python3
 import os
 from src import config_base, menu
 # Check installation of zfs-auto-snapshot, if not installed, just notify user
 config_base.check_zfs_autosnapshot()
 cfg = {}
 # set template storage
 t_storages = config_base.get_pve_storages(content=config_base.PveStorageContent.vztmpl)
 if len(t_storages.keys()) > 1:
    t_stors={}
    for st in t_storages.keys():
        t_stors[st] = f"driver: {t_storages[st]['driver']}\tfree space: {int(t_storages[st]['available'])/1024/1024:.2f} GB"
    cfg['LXC_TEMPLATE_STORAGE'] = menu.radiolist("Select container template storage", "Please choose the storage, where your container templates are stored.", t_stors)
 elif len(t_storages.keys()) == 1:
    cfg['LXC_TEMPLATE_STORAGE'] = next(iter(t_storages))
 else:
    print("Could not find any storage enabled for container templates. Please ensure your storages are configured properly.")
    os._exit(1)
 # get zmb service
 cfg['ZMB_SERVICE'] = menu.radiolist("Select service","Please choose the service to install:", config_base.get_zmb_services())
 # get static ct features
 ct_features = config_base.get_ct_features(cfg["ZMB_SERVICE"])
 cfg['LXC_UNPRIVILEGED'] = ct_features['unprivileged']
 # get ct id
 cfg['LXC_NBR'] = menu.question("Container ID", f"Please select an ID for the {cfg['ZMB_SERVICE']} container.", menu.qType.Integer, config_base.get_ct_id(), config_base.validate_ct_id)
 # configure rootfs
 r_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir)
 if len(r_storages.keys()) > 1:
    r_stors = {}
    for st in r_storages.keys():
        r_stors[st] = f"driver: {r_storages[st]['driver']}\tfree space: {int(r_storages[st]['available'])/1024/1024:.2f} GB"
    cfg['LXC_ROOTFS_STORAGE'] = menu.radiolist("Select rootfs storage", "Please choose the storage for your container's rootfs",r_stors)
 elif len(r_storages.keys()) == 1:
    cfg['LXC_ROOTFS_STORAGE'] = next(iter(r_storages))
 else:
    print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.")
    os._exit(1)
 cfg['LXC_ROOTFS_SIZE'] = menu.question("Set rootfs size","Please type in the desired rootfs size (GB)", menu.qType.Integer,32)
 # create additional mountpoints
 if 'size' in ct_features['sharefs'].keys():
    f_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir)
    if len(f_storages.keys()) > 1:
        f_stors = {}
        for st in f_storages.keys():
            f_stors[st] = f"driver: {f_storages[st]['driver']}\tfree space: {int(f_storages[st]['available'])/1024/1024:.2f} GB"
        cfg['LXC_SHAREFS_STORAGE'] = menu.radiolist("Select sharefs storage", "Please choose the storage of your shared filesystem", f_stors)
    elif len(r_storages.keys()) == 1:
        cfg['LXC_SHAREFS_STORAGE'] = next(iter(f_storages))
    else:
        print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.")
        os._exit(1)
    cfg['LXC_SHAREFS_SIZE'] = menu.question("Select sharefs size","Please type in the desired size (GB) of your shared filesystem", menu.qType.Integer,ct_features['sharefs']['size'])
    cfg['LXC_SHAREFS_MOUNTPOINT'] = menu.question("Select sharefs mountpoint","Please type in the folder where to mount your shared filesystem inside the container.", menu.qType.String,ct_features['sharefs']['mountpoint'])
 # configure ram and swap
 cfg['LXC_MEM'] = menu.question("Set container RAM", "Please type in the desired amount of RAM for the container (MB)",menu.qType.Integer,ct_features["mem"])
 cfg['LXC_SWAP'] = menu.question("Set container Swap", "Please type in the desired amount of Swap for the container (MB)",menu.qType.Integer,ct_features["swap"])
 cfg['LXC_HOSTNAME'] = menu.question("Set container Hostname", "Please type in the desired hostname of the container",menu.qType.String,ct_features['hostname'])
 cfg['LXC_DOMAIN'] = menu.question("Set container search domain", "Please type in the search domain of your network.", menu.qType.String,ct_features['domain'])
 cfg['LXC_TIMEZONE'] = 'host' # TODO
 cfg['LXC_LOCALE'] = "de_DE.utf8" # TODO
 # get pve bridge
 bridges = config_base.get_pve_bridges()
 if len(bridges) > 1:
    cfg['LXC_BRIDGE'] = menu.radiolist("Select PVE Network Bridge", f"Please select the network bridge to connect the {cfg['ZMB_SERVICE']} container",bridges)
 elif len(bridges) == 1:
    cfg['LXC_BRIDGE'] = bridges[0]
 else:
    print("Could not find any bridge device to connect container. Please ensure your networksettings are configured properly.")
    os._exit(1)
 cfg['LXC_VLAN'] = menu.question("Set vlan tag", "You you want to tag your container's network to a vlan? (0 = untagged, 1 - 4094 = tagged vlan id)",menu.qType.Integer,0, config_base.validate_vlan)
 # configure network interface
 if  cfg['ZMB_SERVICE'] != 'zmb-ad':
    enable_dhcp = menu.question("Set network mode", "Do you want to configure the network interface in dhcp mode?",menu.qType.Boolean,default=True)
 else:
    enable_dhcp = False
 if enable_dhcp == True:
    cfg["LXC_NET_MODE"] = 'dhcp'
 else:
    cfg["LXC_NET_MODE"] = 'static'
    cfg["LXC_IP"] = menu.question("Set interface IP Addess", "Pleace type in the containers IP address (CIDR Format).",menu.qType.String,default='10.10.10.10/8')
    cfg["LXC_GW"] = menu.question("Set interface default gateway", "Pleace type in the containers default gateway.",menu.qType.String,default='10.10.10.1')
 cfg['LXC_DNS']  = menu.question("Set containers dns server", "Pleace type in the containers dns server. ZMB AD will use this as dns forwarder",menu.qType.String,default='10.10.10.1')
 cfg['LXC_PWD'] = menu.question("Set root password", "Please type in the containers root password", menu.qType.String,default='')
 cfg['LXC_AUTHORIZED_KEY'] = menu.question ("Set authorized_keys file to import", "Please select authorized_keys file to import.", menu.qType.String, default='~/.ssh/authorized_keys')
 os.system('clear')
 print (f"#### Zamba LXC Toolbox ####\n")
 print (f"GLOBAL CONFIGURATION:")
 print (f"\tct template storage:\t{cfg['LXC_TEMPLATE_STORAGE']}")
 print (f"\nCONTAINER CONFIGURATION:")
 print (f"\tzmb service:\t\t{cfg['ZMB_SERVICE']}")
 print (f"\tcontainer id:\t\t{cfg['LXC_NBR']}")
 print (f"\tunprivileged:\t\t{cfg['LXC_UNPRIVILEGED']}")
 for feature in ct_features['features'].keys():
    if feature == 'nesting':
        cfg['LXC_NESTING'] = ct_features['features'][feature]
        print (f"\t{feature}:\t\t{cfg['LXC_NESTING']}")
 print (f"\tcontainer memory:\t{cfg['LXC_MEM']} MB")
 print (f"\tcontainer swap:\t\t{cfg['LXC_SWAP']} MB")
 print (f"\tcontainer hostname:\t{cfg['LXC_HOSTNAME']}")
 print (f"\tct search domain:\t{cfg['LXC_DOMAIN']}")
 print (f"\tcontainer timezone\t{cfg['LXC_TIMEZONE']}")
 print (f"\tcontainer language\t{cfg['LXC_LOCALE']}")
 print (f"\nSTORAGE CONFIGURATION:")
 print (f"\trootfs storage:\t\t{cfg['LXC_ROOTFS_STORAGE']}")
 print (f"\trootfs size:\t\t{cfg['LXC_ROOTFS_SIZE']} GB")
 if 'size' in ct_features['sharefs'].keys():
    print (f"\tsharefs storage:\t{cfg['LXC_SHAREFS_STORAGE']}")
    print (f"\tsharefs size:\t\t{cfg['LXC_SHAREFS_SIZE']} GB")
    print (f"\tsharefs mountpoint:\t{cfg['LXC_SHAREFS_MOUNTPOINT']}")
 print (f"\nNETWORK CONFIGURATION:")
 print (f"\tpve bridge:\t\t{cfg['LXC_BRIDGE']}")
 if cfg['LXC_VLAN'] > 0:
    print (f"\tcontainer vlan:\t\t{cfg['LXC_VLAN']}")
 else:
    print (f"\tcontainer vlan:\t\tuntagged")
 print (f"\tnetwork mode:\t\t{cfg['LXC_NET_MODE']}")
 if enable_dhcp == False:
    print (f"\tip address (CIDR):\t{cfg['LXC_IP']}")
    print (f"\tdefault gateway:\t{cfg['LXC_GW']}")
    print (f"\tdns server / forwarder:\t{cfg['LXC_GW']}")
 print (f"\nCONTAINER CREDENTIALS:")
 print (f"\troot password:\t\t{cfg['LXC_PWD']}")
 print (f"\tauthorized ssh keys:\t{cfg['LXC_AUTHORIZED_KEY']}")
--- a/proxmox.conf
+++ b/proxmox.conf
@@ -0,0 +1 @@
 HOST_LOCALE=de_DE.UTF-8
--- a/src/checkmk/constants-service.conf
+++ b/src/checkmk/constants-service.conf
@@ -0,0 +1,25 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # checkmk version
 CMK_VERSION=2.0.0p18
 # build number of the debian package (needs to start with underscore)
 CMK_BUILD=_0
--- a/src/checkmk/install-service.sh
+++ b/src/checkmk/install-service.sh
@@ -0,0 +1,37 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 source /root/constants-service.conf
 cd /tmp
 wget https://download.checkmk.com/checkmk/$CMK_VERSION/check-mk-$CMK_EDITION-$CMK_VERSION$CMK_BUILD.$(lsb_release -cs)_amd64.deb
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ./check-mk-$CMK_EDITION-$CMK_VERSION$CMK_BUILD.$(lsb_release -cs)_amd64.deb
 omd create --admin-password $CMK_ADMIN_PW $CMK_INSTANCE
 cat << EOF > /etc/apache2/sites-available/000-default.conf
 <VirtualHost *:80>
 	RewriteEngine On
 	RewriteCond %{HTTPS} !=on
 	RewriteRule ^/?(.*) https://%{SERVER_NAME}/$CMK_INSTANCE [R,L]
 </VirtualHost>
 EOF
 a2enmod ssl
 a2enmod rewrite
 a2ensite default-ssl
 systemctl restart apache2.service
 omd start $CMK_INSTANCE
 # install matrix notification plugin
 wget -O /opt/omd/sites/$CMK_INSTANCE/local/share/check_mk/notifications/matrix.py https://github.com/bashclub/check_mk_matrix_notifications/raw/master/matrix.py
 chmod +x /opt/omd/sites/$CMK_INSTANCE/local/share/check_mk/notifications/matrix.py
 chown $CMK_INSTANCE /opt/omd/sites/$CMK_INSTANCE/local/share/check_mk/notifications/matrix.py
--- a/src/constants.conf
+++ b/src/constants.conf
@@ -0,0 +1,11 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on container level
 # Define your (administrative) tools, you always want to have installed into your LXC container
 LXC_TOOLSET_BASE="lsb-release curl git gnupg2 apt-transport-https software-properties-common"
--- a/src/debian-priv/constants-service.conf
+++ b/src/debian-priv/constants-service.conf
@@ -0,0 +1,20 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
--- a/src/debian-priv/install-service.sh
+++ b/src/debian-priv/install-service.sh
@@ -0,0 +1,8 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 echo "'debian-priv' is ready to use!"
--- a/src/debian-unpriv/constants-service.conf
+++ b/src/debian-unpriv/constants-service.conf
@@ -0,0 +1,20 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
--- a/src/debian-unpriv/install-service.sh
+++ b/src/debian-unpriv/install-service.sh
@@ -0,0 +1,8 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 echo "'debian-unpriv' is ready to use!"
--- a/src/lxc-base.sh
+++ b/src/lxc-base.sh
@@ -0,0 +1,66 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # load configuration
 echo "Loading configuration..."
 source /root/zamba.conf
 source /root/constants.conf
 source /root/constants-service.conf
 echo "Updating locales"
 # update locales
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE 
 # Generate sources
 if [ "$LXC_TEMPLATE_VERSION" == "debian-11-standard" ] ; then
 cat << EOF > /etc/apt/sources.list
 deb http://ftp.de.debian.org/debian bullseye main contrib
 deb http://ftp.de.debian.org/debian bullseye-updates main contrib
 # security updates
 deb http://security.debian.org bullseye-security main contrib
 EOF
 elif [ "$LXC_TEMPLATE_VERSION" == "debian-10-standard" ] ; then
 cat << EOF > /etc/apt/sources.list
 deb http://ftp.de.debian.org/debian buster main contrib
 deb http://ftp.de.debian.org/debian buster-updates main contrib
 # security updates
 deb http://security.debian.org buster/updates main contrib
 EOF
 else echo "LXC Debian Version false. Please check configuration files!" ; exit
 fi
 # update package lists
 echo "Updating package database..."
 apt --allow-releaseinfo-change update
 # install latest packages
 echo "Installing latest updates"
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 # install toolset
 echo "Installing preconfigured toolset..."
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET_BASE $LXC_TOOLSET
 echo "Enabling vim syntax highlighting..."
 sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc
 if [ $LXC_VIM_BG_DARK -gt 0 ]; then
    sed -i "s|\"set background=dark|set background=dark|g" /etc/vim/vimrc
 fi
 echo "Basic container setup finished, continuing with service installation..."
--- a/src/mailpiler/constants-service.conf
+++ b/src/mailpiler/constants-service.conf
@@ -0,0 +1,27 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest')
 PILER_VERSION="latest"
 # Defines the version of sphinx to install
 PILER_SPHINX_VERSION="3.3.1"
 # Defines the php version to install
 PILER_PHP_VERSION="7.4"
--- a/src/mailpiler/install-service.sh
+++ b/src/mailpiler/install-service.sh
@@ -6,13 +6,7 @@
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
-
+source /root/constants-service.conf
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 HOSTNAME=$(hostname -f)
@@ -23,22 +17,26 @@ echo $HOSTNAME
 if 
    [ "$HOSTNAME" != "$PILER_FQDN" ]
 then
-        echo "Hostname doesn't match PILER_FQDNain! Check install.sh, /etc/hosts, /etc/hostname." && exit
+        echo "Hostname doesn't match $PILER_FQDN! Check install.sh, /etc/hosts, /etc/hostname." && exit
 else
-        echo "Hostname matches PILER_FQDNAIN, so starting installation."
+        echo "Hostname matches $PILER_FQDN, so starting installation."
 fi
 apt update && apt full-upgrade -y
 apt install -y $LXC_TOOLSET build-essential libwrap0-dev libpst-dev tnef libytnef0-dev unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 software-properties-common libpoppler-dev openssl libssl-dev memcached telnet nginx mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23
 # install php
 wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
 echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
-apt update && apt install -y php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
+apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
 add-apt-repository "deb [arch=amd64] https://mirror.wtnet.de/mariadb/repo/10.5/debian $(lsb_release -cs) main"
-apt purge -y postfix
+apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq build-essential libwrap0-dev libpst-dev tnef libytnef0-dev \
 unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 libpoppler-dev openssl libssl-dev memcached telnet nginx \
 mariadb-server default-libmysqlclient-dev python3-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23 \
 php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt remove --purge -y -qq postfix
 cat > /etc/mysql/conf.d/mailpiler.conf <<EOF
 innodb_buffer_pool_size=256M
@@ -61,7 +59,13 @@ useradd -g piler -m -s /bin/bash -d /var/piler piler
 usermod -L piler
 chmod 755 /var/piler
-wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz
+if [[ "$PILER_VERSION" == "latest" ]]; then
        URL=$(curl -s https://www.mailpiler.org/wiki/download | grep "https://bitbucket.org/jsuto/piler/downloads/piler-" | cut -d '"' -f2)
        PILER_VERSION=$(echo $URL | cut -d'-' -f2 | cut -d'.' -f1-3)
        wget -O piler-$PILER_VERSION.tar.gz $URL
 else
        wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz
 fi
 tar -xvzf piler-$PILER_VERSION.tar.gz
 cd piler-$PILER_VERSION/
 ./configure --localstatedir=/var --with-database=mysql --enable-tcpwrappers --enable-memcached
@@ -94,7 +98,7 @@ cd /etc/nginx/sites-available
 cp /tmp/piler-$PILER_VERSION/contrib/webserver/piler-nginx.conf /etc/nginx/sites-available/
 ln -s /etc/nginx/sites-available/piler-nginx.conf /etc/nginx/sites-enabled/piler-nginx.conf
-sed -i "s|PILER_HOST|$PILER_FQDN default_host|g" /etc/nginx/sites-available/piler-nginx.conf
+sed -i "s|PILER_HOST|$PILER_FQDN|g" /etc/nginx/sites-available/piler-nginx.conf
 sed -i "s|/var/run/php/php7.4-fpm.sock|/var/run/php/php$PILER_PHP_VERSION-fpm.sock|g" /etc/nginx/sites-available/piler-nginx.conf
 sed -i "/server_name.*/a \\
@@ -114,12 +118,14 @@ sed -i "/server_name.*/a \\
 sed -i "/^server {.*/i\
 server {\n\
        listen 80;\n\
-        server_name $PILER_FQDN default_host;\n\
+        server_name _;\n\
        server_tokens off;\n\
        # HTTP to HTTPS redirect.\n\
-        return 301 https://\$host\$request_uri;\n\
+        return 301 https://$PILER_FQDN;\n\
 }" /etc/nginx/sites-available/piler-nginx.conf
 unlink /etc/nginx/sites-enabled/default
 cp /usr/local/etc/piler/config-site.php /usr/local/etc/piler/config-site.php.bak
 sed -i "s|\$config\['SITE_URL'\] = .*|\$config\['SITE_URL'\] = 'https://$PILER_FQDN/';|" /usr/local/etc/piler/config-site.php
 cat >> /usr/local/etc/piler/config-site.php <<EOF
@@ -137,7 +143,7 @@ cat >> /usr/local/etc/piler/config-site.php <<EOF
 \$config['ENABLE_ON_THE_FLY_VERIFICATION'] = 1;
 // general settings.
-\$config['TIMEZONE'] = '$LXC_TIMEZONE';
+\$config['TIMEZONE'] = 'Europe/Berlin';
 // authentication
 // Enable authentication against an imap server
@@ -179,9 +185,4 @@ cat >> /usr/local/etc/piler/config-site.php <<EOF
 \$config['SPHINX_STRICT_SCHEMA'] = 1; // required for Sphinx $PILER_SPHINX_VERSION, see https://bitbucket.org/jsuto/piler/issues/1085/sphinx-331.
 EOF
 rm /etc/nginx/sites-enabled/default
 nginx -t && systemctl restart nginx
 apt autoremove -y
 apt clean -y
--- a/src/matrix/constants-service.conf
+++ b/src/matrix/constants-service.conf
@@ -0,0 +1,23 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Define the version of Element Web
 MATRIX_ELEMENT_VERSION="v1.9.8"
--- a/src/matrix/install-service.sh
+++ b/src/matrix/install-service.sh
@@ -6,13 +6,7 @@
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
-
+source /root/constants-service.conf
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 MRX_PKE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
@@ -20,13 +14,12 @@ ELE_DBNAME="synapse_db"
 ELE_DBUSER="synapse_user"
 ELE_DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
-apt update && apt full-upgrade -y
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq nginx postgresql python3-psycopg2
-apt install -y $LXC_TOOLSET apt-transport-https gpg software-properties-common nginx postgresql python3-psycopg2
+wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
 wget wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
 echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list
-apt update && apt install -y matrix-synapse-py3
+apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq matrix-synapse-py3
 systemctl enable matrix-synapse
 ss -tulpen
@@ -94,7 +87,7 @@ cat > /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <<EOF
 server {
    listen 80;
    listen [::]:80;
-    server_name $MATRIX_ELEMENT_FQDN;
+    server_name _;
    return 301 https://$MATRIX_ELEMENT_FQDN;
 }
@@ -114,6 +107,7 @@ server {
 EOF
 unlink /etc/nginx/sites-enabled/default
 ln -s /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN /etc/nginx/sites-enabled/$MATRIX_ELEMENT_FQDN
 systemctl restart nginx
@@ -143,19 +137,17 @@ EOF
 cd /
 sed -i "s|#registration_shared_secret: <PRIVATE STRING>|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|server_name:|server_name: $MATRIX_FQDN|g" /etc/matrix-synapse/conf.d/server_name.yaml
 sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n    user: $ELE_DBUSER\n    password: $ELE_DBPASS\n    host: 127.0.0.1\n    cp_min: 5\n    cp_max: 10|" /etc/matrix-synapse/homeserver.yaml
 systemctl restart matrix-synapse
-register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008
+register_new_matrix_user -a -u $MATRIX_ADMIN_USER -p '$MATRIX_ADMIN_PASSWORD' -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008
 #curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
 #echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
 #apt update
-#apt install -y jitsi-meet
+#apt install -y jitsi-meet
--- a/src/nextcloud/constants-service.conf
+++ b/src/nextcloud/constants-service.conf
@@ -0,0 +1,41 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest')
 NEXTCLOUD_VERSION="latest"
 # Defines the php version to install
 NEXTCLOUD_PHP_VERSION="8.0"
 # Defines the IP from the SQL server
 NEXTCLOUD_DB_IP="127.0.0.1"
 # Defines the PORT from the SQL server
 NEXTCLOUD_DB_PORT="5432"
 # Defines the name from the SQL database
 NEXTCLOUD_DB_NAME="nextcloud_db"
 # Defines the name from the SQL user
 NEXTCLOUD_DB_USR="nextcloud"
 # Build a strong password for the SQL user - could be overwritten with something fixed 
 NEXTCLOUD_DB_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
--- a/src/nextcloud/install-service.sh
+++ b/src/nextcloud/install-service.sh
@@ -0,0 +1,443 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 source /root/constants-service.conf
 HOSTNAME=$(hostname -f)
 wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add -
 echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list
 wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add -
 echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list
 wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
 echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils nfs-common cifs-utils redis-server imagemagick \
 postgresql-13 nginx php$NEXTCLOUD_PHP_VERSION-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline}
 timedatectl set-timezone Europe/Berlin
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 #### Create database for nextcloud ####
 su - postgres <<EOF
 psql -c "CREATE USER $NEXTCLOUD_DB_USR WITH PASSWORD '$NEXTCLOUD_DB_PWD';"
 psql -c "CREATE DATABASE $NEXTCLOUD_DB_NAME ENCODING UTF8 TEMPLATE template0 OWNER $NEXTCLOUD_DB_USR;"
 echo "Postgres User $NEXTCLOUD_DB_USR and database $NEXTCLOUD_DB_NAME created."
 EOF
 #### Adjust php settings ####
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php-fpm.conf /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php-fpm.conf.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini.bak
 cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
 sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.max_children =.*/pm.max_children = 120/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.start_servers =.*/pm.start_servers = 12/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.min_spare_servers =.*/pm.min_spare_servers = 6/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.max_spare_servers =.*/pm.max_spare_servers = 18/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;pm.max_requests =.*/pm.max_requests = 1000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/allow_url_fopen =.*/allow_url_fopen = 1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/memory_limit = 128M/memory_limit = 1024M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 echo -e '\napc.enable_cli=1' >> /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini
 sed -i "s/rights=\"none\" pattern=\"PS\"/rights=\"read|write\" pattern=\"PS\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"EPS\"/rights=\"read|write\" pattern=\"EPS\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"PDF\"/rights=\"read|write\" pattern=\"PDF\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"XPS\"/rights=\"read|write\" pattern=\"XPS\"/" /etc/ImageMagick-6/policy.xml
 #### Adjust nginx settings ####
 mkdir -p /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/nextcloud.key -out /etc/ssl/certs/nextcloud.crt -subj "/CN=$NEXTCLOUD_FQDN" -addext "subjectAltName=DNS:$NEXTCLOUD_FQDN"
 openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
 mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
 cat > /etc/nginx/nginx.conf <<EOF
 user www-data;
 worker_processes auto;
 pid /var/run/nginx.pid;
 events {
 worker_connections 1024;
 multi_accept on; use epoll;
 }
 http {
 server_names_hash_bucket_size 64;
 access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log warn;
 set_real_ip_from 127.0.0.1;
 #optional, Sie können das eigene Subnetz ergänzen, bspw.:
 # set_real_ip_from $LXC_IP;
 real_ip_header X-Forwarded-For;
 real_ip_recursive on;
 include /etc/nginx/mime.types;
 default_type application/octet-stream;
 sendfile on;
 send_timeout 3600;
 tcp_nopush on;
 tcp_nodelay on;
 open_file_cache max=500 inactive=10m;
 open_file_cache_errors on;
 keepalive_timeout 65;
 reset_timedout_connection on;
 server_tokens off;
 resolver 127.0.0.53 valid=30s;
 resolver_timeout 5s;
 include /etc/nginx/conf.d/*.conf;
 }
 EOF
 [ -f /etc/nginx/conf.d/default.conf ] && mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
 touch /etc/nginx/conf.d/default.conf
 cat > /etc/nginx/conf.d/http.conf << EOF
 upstream php-handler {
 server unix:/run/php/php$NEXTCLOUD_PHP_VERSION-fpm.sock;
 }
 server {
 listen 80 default_server;
 listen [::]:80 default_server;
 server_name $NEXTCLOUD_FQDN;
 root /var/www;
 location / {
 return 301 https://\$host\$request_uri;
 }
 }
 EOF
 cat > /etc/nginx/conf.d/nextcloud.conf << EOF
 server {
 listen 443      ssl http2;
 listen [::]:443 ssl http2;
 server_name $NEXTCLOUD_FQDN;
 ssl_certificate /etc/ssl/certs/nextcloud.crt;
 ssl_certificate_key /etc/ssl/private/nextcloud.key;
 ssl_trusted_certificate /etc/ssl/certs/nextcloud.crt;
 #ssl_certificate /etc/letsencrypt/rsa-certs/fullchain.pem;
 #ssl_certificate_key /etc/letsencrypt/rsa-certs/privkey.pem;
 #ssl_certificate /etc/letsencrypt/ecc-certs/fullchain.pem;
 #ssl_certificate_key /etc/letsencrypt/ecc-certs/privkey.pem;
 #ssl_trusted_certificate /etc/letsencrypt/ecc-certs/chain.pem;
 ssl_dhparam /etc/ssl/certs/dhparam.pem;
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_session_tickets off;
 ssl_protocols TLSv1.3 TLSv1.2;
 ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384';
 ssl_ecdh_curve X448:secp521r1:secp384r1;
 ssl_prefer_server_ciphers on;
 ssl_stapling on;
 ssl_stapling_verify on;
 client_max_body_size 5120M;
 fastcgi_buffers 64 4K;
 gzip on;
 gzip_vary on;
 gzip_comp_level 4;
 gzip_min_length 256;
 gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
 gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 add_header Strict-Transport-Security            "max-age=15768000; includeSubDomains; preload;" always;
 add_header Permissions-Policy                   "interest-cohort=()";
 add_header Referrer-Policy                      "no-referrer"   always;
 add_header X-Content-Type-Options               "nosniff"       always;
 add_header X-Download-Options                   "noopen"        always;
 add_header X-Frame-Options                      "SAMEORIGIN"    always;
 add_header X-Permitted-Cross-Domain-Policies    "none"          always;
 add_header X-Robots-Tag                         "none"          always;
 add_header X-XSS-Protection                     "1; mode=block" always;
 fastcgi_hide_header X-Powered-By;
 fastcgi_read_timeout 3600;
 fastcgi_send_timeout 3600;
 fastcgi_connect_timeout 3600;
 root /var/www/nextcloud;
 index index.php index.html /index.php\$request_uri;
 expires 1m;
 location = / {
 if ( \$http_user_agent ~ ^DavClnt ) {
 return 302 /remote.php/webdav/\$is_args\$args;
 }
 }
 location = /robots.txt {
 allow all;
 log_not_found off;
 access_log off;
 }
 location ^~ /apps/rainloop/app/data {
 deny all;
 }
 location ^~ /.well-known {
 location = /.well-known/carddav     { return 301 /remote.php/dav/; }
 location = /.well-known/caldav      { return 301 /remote.php/dav/; }
 location ^~ /.well-known            { return 301 /index.php/\$uri; }
 try_files \$uri \$uri/ =404;
 }
 location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:\$|/)  { return 404; }
 location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
 location ~ \.php(?:\$|/) {
 rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
 fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
 set \$path_info \$fastcgi_path_info;
 try_files \$fastcgi_script_name =404;
 include fastcgi_params;
 fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
 fastcgi_param PATH_INFO \$path_info;
 fastcgi_param HTTPS on;
 fastcgi_param modHeadersAvailable true;
 fastcgi_param front_controller_active true;
 fastcgi_pass php-handler;
 fastcgi_intercept_errors on;
 fastcgi_request_buffering off;
 }
 location ~ \.(?:css|js|svg|gif)\$ {
 try_files \$uri /index.php\$request_uri;
 expires 6M;
 access_log off;
 }
 location ~ \.woff2?\$ {
 try_files \$uri /index.php\$request_uri;
 expires 7d;
 access_log off;
 }
 location / {
 try_files \$uri \$uri/ /index.php\$request_uri;
 }
 location /push/ {
 proxy_pass http://localhost:7867/;
 proxy_http_version 1.1;
 proxy_set_header Upgrade \$http_upgrade;
 proxy_set_header Connection "Upgrade";
 proxy_set_header Host \$host;
 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
 }
 }
 EOF
 systemctl restart php$NEXTCLOUD_PHP_VERSION-fpm nginx
 #### Adjust redis settings ####
 cp /etc/redis/redis.conf /etc/redis/redis.conf.bak
 sed -i "s/port 6379/port 0/" /etc/redis/redis.conf
 sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf
 sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf
 sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf
 usermod -aG redis www-data
 #### Adjust sysctl.conf settings ####
 cp /etc/sysctl.conf /etc/sysctl.conf.bak
 echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf
 systemctl restart redis
 #### HIER MÜSSTE EIN REBOOT REIN ####
 #### Install nextcloud ####
 cd /usr/local/src
 wget https://download.nextcloud.com/server/releases/latest.tar.bz2
 wget https://download.nextcloud.com/server/releases/latest.tar.bz2.md5
 md5sum -c latest.tar.bz2.md5 < latest.tar.bz2
 tar -xjf latest.tar.bz2 -C /var/www && chown -R www-data:www-data /var/www/ && rm -f latest.tar.bz2
 cat > /root/permissions.sh << EOF
 #!/bin/bash
 find /var/www/ -type f -print0 | xargs -0 chmod 0640
 find /var/www/ -type d -print0 | xargs -0 chmod 0750
 chown -R www-data:www-data /var/www 
 chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA
 chmod 0644 /var/www/nextcloud/.htaccess
 chmod 0644 /var/www/nextcloud/.user.ini
 exit 0
 EOF
 chmod +x /root/permissions.sh
 /root/permissions.sh
 #### install fail2ban ####
 cat <<EOF >/etc/fail2ban/filter.d/nextcloud.conf
 [Definition]
 _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
 failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
 datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
 EOF
 cat > /etc/fail2ban/jail.d/nextcloud.local << EOF
 [nextcloud]
 backend = auto
 enabled = true
 port = 80,443
 protocol = tcp
 filter = nextcloud
 maxretry = 5
 bantime = 3600
 findtime = 36000
 logpath = /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/nextcloud.log 
 EOF
 systemctl restart fail2ban
 #### Create configuration script for nextcloud, which will be executet as user www-data
 cat > /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/config_nextcloud.sh << DFOE
 #!/bin/bash 
 php /var/www/nextcloud/occ maintenance:install --database pgsql \
 --database-host $NEXTCLOUD_DB_IP \
 --database-port $NEXTCLOUD_DB_PORT \
 --database-name $NEXTCLOUD_DB_NAME \
 --database-user $NEXTCLOUD_DB_USR \
 --database-pass $NEXTCLOUD_DB_PWD \
 --admin-user $NEXTCLOUD_ADMIN_USR \
 --admin-pass $NEXTCLOUD_ADMIN_PWD \
 --data-dir /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA
 php /var/www/nextcloud/occ config:system:set trusted_domains 0 --value=$NEXTCLOUD_FQDN
 php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://$NEXTCLOUD_FQDN
 cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak
 sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php
 sed -i '/);/d' /var/www/nextcloud/config/config.php
 cat >> /var/www/nextcloud/config/config.php << EOF
 'activity_expire_days' => 14,
 'auth.bruteforce.protection.enabled' => true,
 'blacklisted_files' => 
 array (
 0 => '.htaccess',
 1 => 'Thumbs.db',
 2 => 'thumbs.db',
 ),
 'cron_log' => true,
 'default_phone_region' => 'DE',
 'enable_previews' => true,
 'enabledPreviewProviders' => 
 array (
 0 => 'OC\Preview\PNG',
 1 => 'OC\Preview\JPEG',
 2 => 'OC\Preview\GIF',
 3 => 'OC\Preview\BMP',
 4 => 'OC\Preview\XBitmap',
 5 => 'OC\Preview\Movie',
 6 => 'OC\Preview\PDF',
 7 => 'OC\Preview\MP3',
 8 => 'OC\Preview\TXT',
 9 => 'OC\Preview\MarkDown',
 ),
 'filesystem_check_changes' => 0,
 'filelocking.enabled' => 'true',
 'htaccess.RewriteBase' => '/',
 'integrity.check.disabled' => false,
 'knowledgebaseenabled' => false,
 'logfile' => '/var/$NEXTCLOUD_DATA/nextcloud.log',
 'loglevel' => 2,
 'logtimezone' => 'Europe/Berlin',
 'log_rotate_size' => 104857600,
 'maintenance' => false,
 'memcache.local' => '\OC\Memcache\APCu',
 'memcache.locking' => '\OC\Memcache\Redis',
 'overwriteprotocol' => 'https',
 'preview_max_x' => 1024,
 'preview_max_y' => 768,
 'preview_max_scale_factor' => 1,
 'redis' => 
 array (
 'host' => '/var/run/redis/redis-server.sock',
 'port' => 0,
 'timeout' => 0.0,
 ),
 'quota_include_external_storage' => false,
 'share_folder' => '/Freigaben',
 'skeletondirectory' => '',
 'theme' => '',
 'trashbin_retention_obligation' => 'auto, 7',
 'updater.release.channel' => 'stable',
 'trusted_proxies' => 
 array (
 '$NEXTCLOUD_REVPROX'
 ),
 );
 EOF
 sed -i "s/output_buffering=.*/output_buffering=0/" /var/www/nextcloud/.user.ini
 php /var/www/nextcloud/occ app:disable survey_client
 php /var/www/nextcloud/occ app:disable firstrunwizard
 php /var/www/nextcloud/occ app:enable admin_audit
 php /var/www/nextcloud/occ app:enable notify_push
 php /var/www/nextcloud/occ app:enable files_pdfviewer
 php /var/www/nextcloud/occ background:cron
 DFOE
 /root/permissions.sh
 su -s /bin/bash www-data <<EOF
 bash /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/config_nextcloud.sh
 EOF
 #### Create file for high performance backend
 cat > /etc/systemd/system/notify_push.service << EOF
 [Unit]
 Description = Push daemon for Nextcloud clients
 [Service]
 Environment=PORT=7867
 Environment=NEXTCLOUD_URL=https://$NEXTCLOUD_FQDN
 Environment=ALLOW_SELF_SIGNED=true
 ExecStart=/var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/nextcloud/config/config.php
 User=www-data
 [Install]
 WantedBy = multi-user.target
 EOF
 systemctl daemon-reload
 systemctl enable --now notify_push
 echo "*/5 * * * * www-data /usr/bin/php -f /var/www/nextcloud/cron.php > /dev/null 2>&1" > /etc/cron.d/nextcloud
 echo -e "\n######################################################################\n\n    Please note this user and password for the nextcloud login:\n        '$NEXTCLOUD_ADMIN_USR' / '$NEXTCLOUD_ADMIN_PWD'\n                Enjoy your Nextcloud intallation.\n\n######################################################################"
 shutdown -r now
--- a/src/onlyoffice/constants-service.conf
+++ b/src/onlyoffice/constants-service.conf
@@ -0,0 +1,26 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 ONLYOFFICE_DB_HOST=localhost
 ONLYOFFICE_DB_NAME=onlyoffice
 ONLYOFFICE_DB_USER=onlyoffice
--- a/src/onlyoffice/install-service.sh
+++ b/src/onlyoffice/install-service.sh
@@ -0,0 +1,43 @@
 source /root/zamba.conf
 source /root/constants-service.conf
 ONLYOFFICE_DB_PASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
 echo "deb https://download.onlyoffice.com/repo/debian squeeze main" > /etc/apt/sources.list.d/onlyoffice.list
 apt update 
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq postgresql rabbitmq-server libstdc++6 supervisor
 su postgres <<EOF
 psql -c "CREATE USER $ONLYOFFICE_DB_USER WITH PASSWORD '$ONLYOFFICE_DB_PASS';"
 psql -c "CREATE DATABASE $ONLYOFFICE_DB_NAME ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $ONLYOFFICE_DB_USER;"
 echo "Postgres User '$ONLYOFFICE_DB_USER' and database '$ONLYOFFICE_DB_NAME' created."
 EOF
 echo onlyoffice-documentserver onlyoffice/ds-port select 80 | debconf-set-selections
 echo onlyoffice-documentserver onlyoffice/db-host string $ONLYOFFICE_DB_HOST | debconf-set-selections
 echo onlyoffice-documentserver onlyoffice/db-user string $ONLYOFFICE_DB_NAME | debconf-set-selections
 echo onlyoffice-documentserver onlyoffice/db-name string $ONLYOFFICE_DB_USER | debconf-set-selections
 echo onlyoffice-documentserver onlyoffice/db-pwd password $ONLYOFFICE_DB_PASS | debconf-set-selections
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ttf-mscorefonts-installer onlyoffice-documentserver
 cat << EOF > /root/onlyoffice.credentials
 ONLYOFFICE_DB_HOST=$ONLYOFFICE_DB_HOST
 ONLYOFFICE_DB_NAME=$ONLYOFFICE_DB_NAME
 ONLYOFFICE_DB_USER=$ONLYOFFICE_DB_USER
 ONLYOFFICE_DB_PASS=$ONLYOFFICE_DB_PASS
 EOF
 mkdir /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/onlyoffice.key -out /etc/nginx/ssl/onlyoffice.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
 rm /etc/nginx/conf.d/ds.conf
 cp /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds-ssl.conf
 ln -sf /etc/onlyoffice/documentserver/nginx/ds-ssl.conf /etc/nginx/conf.d/ds-ssl.conf
 sed -i "s|ssl_certificate {{SSL_CERTIFICATE_PATH}}|ssl_certificate /etc/nginx/ssl/onlyoffice.crt|" /etc/nginx/conf.d/ds-ssl.conf
 sed -i "s|ssl_certificate_key {{SSL_KEY_PATH}}|ssl_certificate_key /etc/nginx/ssl/onlyoffice.key|" /etc/nginx/conf.d/ds-ssl.conf
 systemctl restart nginx
--- a/src/open3a/constants-service.conf
+++ b/src/open3a/constants-service.conf
@@ -0,0 +1,20 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
--- a/src/open3a/install-service.sh
+++ b/src/open3a/install-service.sh
@@ -0,0 +1,72 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 source /root/constants-service.conf
 webroot=/var/www/html
 MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)"
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd
 mkdir /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/open3a.key -out /etc/nginx/ssl/open3a.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
 cat << EOF > /etc/nginx/sites-available/default
 server {
    listen 80;
    listen [::]:80;
    server_name _;
    return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN;
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name $LXC_HOSTNAME.$LXC_DOMAIN;
    root $webroot;
    index index.php;
    ssl on;
    ssl_certificate /etc/nginx/ssl/open3a.crt;
    ssl_certificate_key /etc/nginx/ssl/open3a.key;
    location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }
 }
 EOF
 mysql -uroot -e "CREATE USER 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD';
 GRANT USAGE ON * . * TO 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 CREATE DATABASE IF NOT EXISTS open3a;
 GRANT ALL PRIVILEGES ON open3a . * TO 'open3a'@'localhost';"
 cd $webroot
 wget https://www.open3a.de/download/open3A%203.5.zip -O $webroot/open3a.zip
 unzip open3a.zip
 rm open3a.zip
 chmod 666 system/DBData/Installation.pfdb.php
 chmod -R 777 specifics/
 chmod -R 777 system/Backup
 chown -R www-data:www-data $webroot
 echo "sudo -u www-data /usr/bin/php $webroot/plugins/Installation/backup.php; for backup in \$(ls -r1 $webroot/system/Backup/*.gz | /bin/grep -v \$(date +%Y%m%d)); do /bin/rm \$backup;done" > /etc/cron.daily/open3a-backup
 chmod +x /etc/cron.daily/open3a-backup
 systemctl enable --now php7.4-fpm
 systemctl restart php7.4-fpm nginx
 echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a"
--- a/src/proxmox-pbs/constants-service.conf
+++ b/src/proxmox-pbs/constants-service.conf
@@ -0,0 +1,23 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Backup ubdir where Urbackup will store backups
 PBS_DATA="backup"
--- a/src/proxmox-pbs/install-service.sh
+++ b/src/proxmox-pbs/install-service.sh
@@ -0,0 +1,22 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 source /root/constants-service.conf
 cat << EOF > /etc/apt/sources.list.d/pbs-no-subscription.list 
 # PBS pbs-no-subscription repository provided by proxmox.com,
 # NOT recommended for production use
 deb http://download.proxmox.com/debian/pbs $(lsb_release -cs) pbs-no-subscription
 EOF
 wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg
 apt update && apt upgrade -y
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" proxmox-backup-server
 proxmox-backup-manager datastore create $PBS_DATA /$LXC_SHAREFS_MOUNTPOINT/$PBS_DATA
--- a/src/sources.list
+++ b/src/sources.list
@@ -0,0 +1,6 @@
 deb http://ftp.de.debian.org/debian buster main contrib
 deb http://ftp.de.debian.org/debian buster-updates main contrib
 # security updates
 deb http://security.debian.org buster/updates main contrib
--- a/src/urbackup/constants-service.conf
+++ b/src/urbackup/constants-service.conf
@@ -0,0 +1,26 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-10-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Backup ubdir where Urbackup will store backups
 URBACKUP_DATA="urbackup"
 # OS codename for opensuse / urbackup repo
 REPO_CODENAME="Debian_10"
--- a/src/urbackup/install-service.sh
+++ b/src/urbackup/install-service.sh
@@ -0,0 +1,63 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 source /root/constants-service.conf
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/tmp
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA
 mkdir /etc/urbackup
 echo "/$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA" > /etc/urbackup/backupfolder
 echo "deb http://download.opensuse.org/repositories/home:/uroni/$REPO_CODENAME/ /" | tee /etc/apt/sources.list.d/urbackup.list
 curl -fsSL https://download.opensuse.org/repositories/home:uroni/$REPO_CODENAME/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/home_uroni.gpg > /dev/null
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y --no-install-recommends -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" urbackup-server nginx
 mkdir /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/urbackup.key -out /etc/nginx/ssl/urbackup.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
 ln -s /usr/share/urbackup/www /var/www/urbackup
 cat << EOF > /etc/nginx/sites-available/default
 server {
    listen 80;
    listen [::]:80;
    server_name _;
    return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN;
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name $LXC_HOSTNAME.$LXC_DOMAIN;
    root /var/www/urbackup;
    index index.htm;
    ssl on;
    ssl_certificate /etc/nginx/ssl/urbackup.crt;
    ssl_certificate_key /etc/nginx/ssl/urbackup.key;
    location /x {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass 127.0.0.1:55413;
    }
 }
 EOF
 sed -i "s/DAEMON_TMPDIR=\"\/tmp\"/DAEMON_TMPDIR=\"\/$LXC_SHAREFS_MOUNTPOINT\/tmp\"/g" /etc/default/urbackupsrv
 sed -i "s/HTTP_SERVER=\"true\"/HTTP_SERVER=\"false\"/g" /etc/default/urbackupsrv
 chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/tmp
 chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA
 systemctl restart urbackupsrv nginx
--- a/src/zmb-ad/constants-service.conf
+++ b/src/zmb-ad/constants-service.conf
@@ -0,0 +1,32 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
 # add optional features to samba ad dc
 # CURRENTLY SUPPORTED:
 # wsdd = add windows service discovery
 # splitdns = add nginx to redirect to website www.domain.tld in splitdns setup
 # bind9dlz = Set ZMB_DNS_BACKEND to BIND9_DLZ
 # Example:
 # OPTIONAL_FEATURES=(wsdd)
 # OPTIONAL_FEATURES=(wsdd splitdns)
 OPTIONAL_FEATURES=()
--- a/src/zmb-ad/install-service.sh
+++ b/src/zmb-ad/install-service.sh
@@ -6,17 +6,27 @@
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 source /root/constants-service.conf
-sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
+ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
-if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
+for f in ${OPTIONAL_FEATURES[@]}; do
-  BINDNINE=bind9
+  if [[ "$f" == "wsdd" ]]; then
-fi
+    ADDITIONAL_PACKAGES="wsdd $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
    apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
    echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
  elif [[ "$f" == "splitdns" ]]; then
    ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES"
  elif [[ "$f" == "bind9dlz" ]]; then
    ZMB_DNS_BACKEND="BIND9_DLZ"
    ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES"
  else
    echo "Unsupported optional feature $f"
  fi
 done
 ## configure ntp
 cat << EOF > /etc/ntp.conf
@@ -52,9 +62,19 @@ EOF
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 # install required packages
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl attr ntpdate nginx-full rpl net-tools dnsutils ntp samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils $BINDNINE
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES acl attr ntpdate rpl net-tools dnsutils ntp samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils
-if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
+if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
  cat << EOF > /etc/nginx/sites-available/default
 server {
    listen 80 default_server;
    server_name _;
    return 301 http://www.$LXC_DOMAIN\$request_uri;
 }
 EOF
 fi
 if  [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then
  # configure bind dns service
  cat << EOF > /etc/default/bind9
 #
@@ -65,7 +85,7 @@ RESOLVCONF=no
 OPTIONS="-4 -u bind"
 EOF
-cat << EOF > /etc/bind/named.conf.local
+  cat << EOF > /etc/bind/named.conf.local
 //
 // Do any local configuration here
 //
@@ -101,9 +121,10 @@ EOF
  mkdir -p /var/lib/samba/bind-dns/dns
 fi
 # stop + disable samba services and remove default config
-systemctl stop smbd nmbd winbind
+systemctl disable --now smbd nmbd winbind systemd-resolved
 systemctl disable smbd nmbd winbind
 rm -f /etc/samba/smb.conf
 rm -f /etc/krb5.conf
@@ -113,7 +134,7 @@ samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAI
 cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
 systemctl unmask samba-ad-dc
-systemctl enable samba-ad-dc $BINDNINE
+systemctl enable samba-ad-dc
-systemctl restart samba-ad-dc $BINDNINE
+systemctl restart samba-ad-dc $ADDITIONAL_SERVICES
-exit 0
+exit 0
--- a/src/zmb-member/constants-service.conf
+++ b/src/zmb-member/constants-service.conf
@@ -0,0 +1,20 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
--- a/src/zmb-member/install-service.sh
+++ b/src/zmb-member/install-service.sh
@@ -6,17 +6,15 @@
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 source /root/constants-service.conf
-sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
+# add wsdd package repo
-cat << EOF > /etc/default/locale
+apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
-LANG="$LXC_LOCALE"
+echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 apt update
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
+
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules 
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules wsdd
 mv /etc/krb5.conf /etc/krb5.conf.bak
 cat > /etc/krb5.conf <<EOF
@@ -70,12 +68,11 @@ cat > /etc/samba/smb.conf <<EOF
 	printing = bsd
 	disable spoolss = Yes
 	allow trusted domains = No
 	dns proxy = No
 	shadow: snapdir = .zfs/snapshot
 	shadow: sort = desc
 	shadow: format = -%Y-%m-%d-%H%M
-	shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
+	shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(weekly\)\{0,1\}\(monthly\)\{0,1\}\(backup\)\{0,1\}\(manual\)\{0,1\}
 	shadow: delimiter = -20
 [$ZMB_SHARE]
@@ -86,8 +83,6 @@ cat > /etc/samba/smb.conf <<EOF
 	directory mask = 0770
 	inherit acls = Yes
 EOF
 systemctl restart smbd
@@ -109,5 +104,4 @@ chown "$ZMB_ADMIN_USER" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 setfacl -Rm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 setfacl -Rdm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
-systemctl restart smbd nmbd winbind
+systemctl restart smbd nmbd winbind wsdd
--- a/src/zmb-standalone/constants-service.conf
+++ b/src/zmb-standalone/constants-service.conf
@@ -0,0 +1,20 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
--- a/src/zmb-standalone/install-service.sh
+++ b/src/zmb-standalone/install-service.sh
@@ -0,0 +1,51 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 source /root/constants-service.conf
 # add wsdd package repo
 apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
 echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
 echo "deb http://ftp.de.debian.org/debian $(lsb_release -cs)-backports main contrib" > /etc/apt/sources.list.d/$(lsb_release -cs)-backports.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-dsdb-modules samba-vfs-modules wsdd
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends -t $(lsb_release -cs)-backports cockpit
 mkdir /usr/share/cockpit/smb
 wget https://raw.githubusercontent.com/enira/cockpit-smb-plugin/master/index.html -O /usr/share/cockpit/smb/index.html
 wget https://raw.githubusercontent.com/enira/cockpit-smb-plugin/master/manifest.json -O /usr/share/cockpit/smb/manifest.json
 wget https://raw.githubusercontent.com/enira/cockpit-smb-plugin/master/smb.js -O /usr/share/cockpit/smb/smb.js
 USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}')
 useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER
 echo "$USER:$ZMB_ADMIN_PASS" | chpasswd
 smbpasswd -x $USER
 (echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER
 cat << EOF >> /etc/samba/smb.conf
 [$ZMB_SHARE]
    comment = Main Share
    path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
    read only = No
    vfs objects = shadow_copy2
 	create mask = 0660
 	directory mask = 0770
    shadow: snapdir = .zfs/snapshot
    shadow: sort = desc
    shadow: format = -%Y-%m-%d-%H%M
    shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(weekly\)\{0,1\}\(monthly\)\{0,1\}\(backup\)\{0,1\}\(manual\)\{0,1\}
    shadow: delimiter = -20
 EOF
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 systemctl restart smbd nmbd wsdd
--- a/zmb-standalone.sh
+++ b/zmb-standalone.sh
@@ -1,44 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl samba samba-dsdb-modules samba-vfs-modules 
 USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}')
 useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER
 echo "$USER:$ZMB_ADMIN_PASS" | chpasswd
 smbpasswd -x $USER
 (echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER
 cat << EOF >> /etc/samba/smb.conf
 [$ZMB_SHARE]
    comment = Main Share
    path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
    read only = No
    vfs objects = shadow_copy2
    shadow: snapdir = .zfs/snapshot
    shadow: sort = desc
    shadow: format = -%Y-%m-%d-%H%M
    shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
    shadow: delimiter = -20
 EOF
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 systemctl restart smbd nmbd