Disabled systemd-resolved (zmb-ad)

2021-11-11 12:08:58 +01:00
70 changed files with 1507 additions and 1777 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,23 @@
 **** Zamba LXC Toolbox devel branch ****
 - added dhcp support
 - fixed hardcoded samba sharename in `zmb-standalone` script
 - added support for container id's larger than 999
 - added optional parameters for ct id, service and config file
 - mailpiler version now configured to download `latest` version
 - added `conf` folder to store user configs
 - splitted basic container setup and service installation into multiple scripts
 - created `constants` to minimize config variables
 - added `wsdd` to `zmb-standalone` service
 **** Zamba LXC Toolbox v0.1 ****
 - `locales` are now configured noninteractive #21
 - timezone is now configured with `pct set` command in `install.sh` #22
 - changed command sequence in `install.sh` - select container first, then start the installation
 - improved / updated documentation
 - replaced `just-lxc` container by `debian-priv` and `debian-unpriv` container
 - (un)privileged now defined as constant based on created service #6
 - improved log messages in `install.sh`
 - `mailpiler`: website is now also `default_host`, removed nginx default site, dns entry is still required
 - changed `mailpiler` version to 1.3.11
 - changed `element-web` version to 1.7.25
 - `LXC_AUTHORIZED_KEY` variable now defines an `authorized_keys` file, by default the configuration of you proxmox host will be inherited (`~/.ssh/authorized_keys`)
--- a/README.md
+++ b/README.md
@ -1,30 +1,23 @@
 # Zamba LXC Toolbox
 # IMPORTANT NOTE:
 `devel` branch is still under heavy development, do not use this on a productive machine!
 ## About
 Zamba LXC Toolbox is a collection of scripts to easily install Debian LXC containers with preconfigured services on Proxmox with ZFS.
 The main feature is `Zamba`, the fusion of ZFS and Samba in three different flavours (standalone, active directory dc or active directory member), preconfigured to access ZFS snapshots by "Windows Previous Versions" to easily recover encrypted by ransomware files, accidently deleted files or just to revert changes.
 The package also provides LXC container installers for `mailpiler`, `matrix-synapse` + `element-web` and more services will follow in future releases.
 ### Requirements
-Proxmox VE Server (>=6.30) with at least one configured ZFS Pool.
+Proxmox VE Server with at least one configured ZFS Pool.
 ### Included services:
- `checkmk` => Check_MK 2.0 Monitoring Server
+- `zmb-standalone` => ZMB (Samba) standalone server with ZFS volume snapshot support (previous versions)
- `debian-priv` => Debian privileged container with basic toolset
+- `zmb-ad` => ZMB (Samba) Active Directory Domain Controller, DNS Backends `SAMBA_INTERNAL` and `BIND9_DLZ` are supported
- `debian-unpriv` => Debian unprivileged container with basic toolset
+- `zmb-member` => ZMB (Samba) AD member with ZFS volume snapshot support (previous versions)
 - `gitea`=> Lightweight and fast self-hosted git service [gitea.io](https://gitea.io)
 - `kopano-core` => Kopano Core Grouoware [kopano.io](https://kopano.io/)
 - `mailpiler` => mailpiler mail archive [mailpiler.org](https://www.mailpiler.org/)
 - `matrix` => Matrix Synapse Homeserver [matrix.org](https://matrix.org/docs/projects/server/synapse) with Element Web [Element on github](https://github.com/vector-im/element-web)
 - `nextcloud` => Nextcloud Server [nextcloud.com](https://nextcloud.com/) with fail2ban und redis configuration
- `onlyoffice` => OnlyOffice [onlyoffice.com](https://onlyoffice.com)
+- `debian-unpriv` => Debian unprivileged container with basic toolset
- `open3a` => Open3a web based accounting software [open3a.de](https://open3a.de)
+- `debian-priv` => Debian privileged container with basic toolset
 - `proxmox-pbs` => Proxmox Backup Server [proxmox.com](https://proxmox.com/en/proxmox-backup-server)
 - `urbackup` => UrBackup Server [urbackup.org](https://urbackup.org)
 - `zabbix` => Zabbix Monitoring server [zabbix.com](https://www.zabbix.com)
 - `zammad` => Zammad Helpdesk and Ticketing Software [zammad.org](https://zammad.org/)
 - `zmb-ad` => ZMB (Samba) Active Directory Domain Controller, DNS Backends `SAMBA_INTERNAL` and `BIND9_DLZ` are supported
 - `zmb-ad-join` => Additional Active Directory Domain Controller joining an existing Domain
 - `zmb-member` => ZMB (Samba) AD member with ZFS volume snapshot support (previous versions)
 - `zmb-standalone` => ZMB (Samba) standalone server with ZFS volume snapshot support (previous versions)
 ## Usage
 Just ssh into your Proxmox machine and clone this git repository. Make sure you have installed `git`.
 ```bash
@ -37,24 +30,14 @@ git clone https://github.com/bashclub/zamba-lxc-toolbox
 cd zamba-lxc-toolbox
 ```
 ### Configuration
-Copy `zamba.conf.example` located in `conf` directory to a new file (default: `zamba.conf`) and adjust your desired settings.
+To fit your requirements, please edit the file `zamba.conf` with your favourite text editor (e.g. `vim` or `nano`).
-For further information about configuration variables, have a look at [conf/README.md](conf/README.md)
+The required adjustments are in the LXC container section and in the section for the service you want to launch.
-```bash
+For further information about the config variables, have a look at [zamba.conf.md](zamba.conf.md)
 cp conf/zamba.conf.example conf/zamba.conf
 ```
 ### Installation
-After configuring, you are able to launch the script interactively (only works with `conf/zamba.conf`):
+After configuring, you are able to launch the script interactively:
 ```bash
 bash install.sh
 ```
 ### Advanced Usage
 You can set optional parameters (config file, service, container id):
 #### Example:
 ```bash
 bash install.sh -i 280 -c conf/my-zmb-service.conf -s zmb-member
 ```
 You can also view possible parameters with `install.sh -h`
 After container creation, you will be prompted to select the service to install and depending on the service there may be some more questions during installation.
 Once the script has finished, the container is installed and running and you can continue with the service specific configuration.
--- a/archive/debian-priv.sh
+++ b/archive/debian-priv.sh
@ -0,0 +1,20 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET
 sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc
--- a/archive/debian-unpriv.sh
+++ b/archive/debian-unpriv.sh
@ -0,0 +1,25 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 source /root/proxmox.conf
 sed -i "s/^#.$HOST_LOCALE/$HOST_LOCALE/" /etc/locale.gen
 locale-gen $HOST_LOCALE
 sed -i "s/^#.$LXC_LOCALE/$LXC_LOCALE/" /etc/locale.gen
 locale-gen $LXC_LOCALE
 echo LANG=$LXC_LOCALE > /etc/default/locale
 echo LANGUAGE=$LXC_LOCALE >> /etc/default/locale
 export LANG=$LXC_LOCALE
 export LANGUAGE=$LXC_LOCALE
 export LC_CTYPE=C
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET
 sed -i "s|\"syntax on|syntax on|g" /etc/vim/vimrc
--- a/archive/mailpiler.sh
+++ b/archive/mailpiler.sh
@ -0,0 +1,187 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 HOSTNAME=$(hostname -f)
 echo "Ensure your Hostname is set to your Piler FQDN!"
 echo $HOSTNAME
 if 
    [ "$HOSTNAME" != "$PILER_FQDN" ]
 then
        echo "Hostname doesn't match PILER_FQDNain! Check install.sh, /etc/hosts, /etc/hostname." && exit
 else
        echo "Hostname matches PILER_FQDNAIN, so starting installation."
 fi
 apt update && apt full-upgrade -y
 apt install -y $LXC_TOOLSET build-essential libwrap0-dev libpst-dev tnef libytnef0-dev unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 software-properties-common libpoppler-dev openssl libssl-dev memcached telnet nginx mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23
 # install php
 wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
 echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
 apt update && apt install -y php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
 apt purge -y postfix
 cat > /etc/mysql/conf.d/mailpiler.conf <<EOF
 innodb_buffer_pool_size=256M
 innodb_flush_log_at_trx_commit=1
 innodb_log_buffer_size=64M
 innodb_log_file_size=16M
 query_cache_size=0
 query_cache_type=0
 query_cache_limit=2M
 EOF
 systemctl restart mariadb
 cd /tmp
 wget https://download.mailpiler.com/generic-local/sphinx-$PILER_SPHINX_VERSION-bin.tar.gz
 tar -xvzf sphinx-$PILER_SPHINX_VERSION-bin.tar.gz -C /
 groupadd piler
 useradd -g piler -m -s /bin/bash -d /var/piler piler
 usermod -L piler
 chmod 755 /var/piler
 wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz
 tar -xvzf piler-$PILER_VERSION.tar.gz
 cd piler-$PILER_VERSION/
 ./configure --localstatedir=/var --with-database=mysql --enable-tcpwrappers --enable-memcached
 make
 make install
 ldconfig
 cp util/postinstall.sh util/postinstall.sh.bak
 sed -i "s/   PILER_SMARTHOST=.*/   PILER_SMARTHOST="\"$PILER_SMARTHOST\""/" util/postinstall.sh
 sed -i 's/   WWWGROUP=.*/   WWWGROUP="www-data"/' util/postinstall.sh
 make postinstall
 cp /usr/local/etc/piler/piler.conf /usr/local/etc/piler/piler.conf.bak
 sed -i "s/hostid=.*/hostid=$PILER_FQDN/" /usr/local/etc/piler/piler.conf
 sed -i "s/update_counters_to_memcached=.*/update_counters_to_memcached=1/" /usr/local/etc/piler/piler.conf
 su piler -c "indexer --all --config /usr/local/etc/piler/sphinx.conf"
 /etc/init.d/rc.piler start
 /etc/init.d/rc.searchd start
 update-rc.d rc.piler defaults
 update-rc.d rc.searchd defaults
 mkdir -p /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/piler.key -out /etc/nginx/ssl/piler.crt -subj "/CN=$PILER_FQDN" -addext "subjectAltName=DNS:$PILER_FQDN"
 cd /etc/nginx/sites-available
 cp /tmp/piler-$PILER_VERSION/contrib/webserver/piler-nginx.conf /etc/nginx/sites-available/
 ln -s /etc/nginx/sites-available/piler-nginx.conf /etc/nginx/sites-enabled/piler-nginx.conf
 sed -i "s|PILER_HOST|$PILER_FQDN default_host|g" /etc/nginx/sites-available/piler-nginx.conf
 sed -i "s|/var/run/php/php7.4-fpm.sock|/var/run/php/php$PILER_PHP_VERSION-fpm.sock|g" /etc/nginx/sites-available/piler-nginx.conf
 sed -i "/server_name.*/a \\
        listen 443 ssl http2;\n\n\
        ssl_certificate /etc/nginx/ssl/piler.crt;\n\
        ssl_certificate_key /etc/nginx/ssl/piler.key;\n\n\
        ssl_session_timeout 1d;\n\
        ssl_session_cache shared:SSL:15m;\n\
        ssl_session_tickets off;\n\n\
        # modern configuration of Mozilla SSL configurator. Tweak to your needs.\n\
        ssl_protocols TLSv1.2 TLSv1.3;\n\
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n\
        ssl_prefer_server_ciphers off;\n\n\
        add_header X-Frame-Options SAMEORIGIN;\n\
        add_header X-Content-Type-Options nosniff;" /etc/nginx/sites-available/piler-nginx.conf
 sed -i "/^server {.*/i\
 server {\n\
        listen 80;\n\
        server_name $PILER_FQDN default_host;\n\
        server_tokens off;\n\
        # HTTP to HTTPS redirect.\n\
        return 301 https://\$host\$request_uri;\n\
 }" /etc/nginx/sites-available/piler-nginx.conf
 cp /usr/local/etc/piler/config-site.php /usr/local/etc/piler/config-site.php.bak
 sed -i "s|\$config\['SITE_URL'\] = .*|\$config\['SITE_URL'\] = 'https://$PILER_FQDN/';|" /usr/local/etc/piler/config-site.php
 cat >> /usr/local/etc/piler/config-site.php <<EOF
 // CUSTOM
 \$config['PROVIDED_BY'] = '$PILER_FQDN';
 \$config['SUPPORT_LINK'] = 'https://$PILER_FQDN';
 \$config['COMPATIBILITY'] = '';
 // fancy features.
 \$config['ENABLE_INSTANT_SEARCH'] = 1;
 \$config['ENABLE_TABLE_RESIZE'] = 1;
 \$config['ENABLE_DELETE'] = 1;
 \$config['ENABLE_ON_THE_FLY_VERIFICATION'] = 1;
 // general settings.
 \$config['TIMEZONE'] = '$LXC_TIMEZONE';
 // authentication
 // Enable authentication against an imap server
 //\$config['ENABLE_IMAP_AUTH'] = 1;
 //\$config['RESTORE_OVER_IMAP'] = 1;
 //\$config['IMAP_RESTORE_FOLDER_INBOX'] = 'INBOX';
 //\$config['IMAP_RESTORE_FOLDER_SENT'] = 'Sent';
 //\$config['IMAP_HOST'] = '$PILER_SMARTHOST';
 //\$config['IMAP_PORT'] =  993;
 //\$config['IMAP_SSL'] = true;
 // authentication against an ldap directory (disabled by default)
 //\$config['ENABLE_LDAP_AUTH'] = 1;
 //\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
 //\$config['LDAP_PORT'] = 389;
 //\$config['LDAP_HELPER_DN'] = 'cn=administrator,cn=users,dc=mydomain,dc=local';
 //\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
 //\$config['LDAP_MAIL_ATTR'] = 'mail';
 //\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
 //\$config['LDAP_ADMIN_MEMBER_DN'] = '';
 //\$config['LDAP_BASE_DN'] = 'ou=Benutzer,dc=krs,dc=local';
 // authentication against an Uninvention based ldap directory 
 //\$config['ENABLE_LDAP_AUTH'] = 1;
 //\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
 //\$config['LDAP_PORT'] = 7389;
 //\$config['LDAP_HELPER_DN'] = 'uid=ldap-search-user,cn=users,dc=mydomain,dc=local';
 //\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
 //\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
 //\$config['LDAP_ADMIN_MEMBER_DN'] = '';
 //\$config['LDAP_BASE_DN'] = 'cn=users,dc=mydomain,dc=local';
 //\$config['LDAP_MAIL_ATTR'] = 'mailPrimaryAddress';
 //\$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'person';
 //\$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'person';
 //\$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'mailAlternativeAddress';
 // special settings.
 \$config['MEMCACHED_ENABLED'] = 1;
 \$config['SPHINX_STRICT_SCHEMA'] = 1; // required for Sphinx $PILER_SPHINX_VERSION, see https://bitbucket.org/jsuto/piler/issues/1085/sphinx-331.
 EOF
 rm /etc/nginx/sites-enabled/default
 nginx -t && systemctl restart nginx
 apt autoremove -y
 apt clean -y
--- a/archive/matrix.sh
+++ b/archive/matrix.sh
@ -0,0 +1,161 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 MRX_PKE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
 ELE_DBNAME="synapse_db"
 ELE_DBUSER="synapse_user"
 ELE_DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
 apt update && apt full-upgrade -y
 apt install -y $LXC_TOOLSET apt-transport-https gpg software-properties-common nginx postgresql python3-psycopg2
 wget wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
 echo "deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/matrix-org.list
 apt update && apt install -y matrix-synapse-py3
 systemctl enable matrix-synapse
 ss -tulpen
 mkdir /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/matrix.key -out /etc/nginx/ssl/matrix.crt -subj "/CN=$MATRIX_FQDN" -addext "subjectAltName=DNS:$MATRIX_FQDN"
 cat > /etc/nginx/sites-available/$MATRIX_FQDN <<EOF
 # Virtual Host configuration for example.com
 #
 # You can move that to a different file under sites-available/ and symlink that
 # to sites-enabled/ to enable it.
 server {
    listen 80;
    listen [::]:80;
    server_name $MATRIX_FQDN;
    return 301 https://$MATRIX_FQDN;
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name $MATRIX_FQDN;
    ssl on;
    ssl_certificate /etc/nginx/ssl/matrix.crt;
    ssl_certificate_key /etc/nginx/ssl/matrix.key;
    location / {
      proxy_pass http://127.0.0.1:8008;
      proxy_set_header X-Forwarded-For \$remote_addr;
    }
 }
 server {
    listen 8448 ssl;
    listen [::]:8448 ssl;
    server_name $MATRIX_FQDN;
    ssl on;
    ssl_certificate /etc/nginx/ssl/matrix.crt;
    ssl_certificate_key /etc/nginx/ssl/matrix.key;
    # If you don't wanna serve a site, comment this out
    root /var/www/$MATRIX_FQDN;
    index index.html index.htm;
    location / {
        proxy_pass http://127.0.0.1:8008;
        proxy_set_header X-Forwarded-For \$remote_addr;
    }
 }
 EOF
 ln -s /etc/nginx/sites-available/$MATRIX_FQDN /etc/nginx/sites-enabled/$MATRIX_FQDN
 cat > /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <<EOF
 # Virtual Host configuration for example.com
 #
 # You can move that to a different file under sites-available/ and symlink that
 # to sites-enabled/ to enable it.
 server {
    listen 80;
    listen [::]:80;
    server_name $MATRIX_ELEMENT_FQDN;
    return 301 https://$MATRIX_ELEMENT_FQDN;
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name $MATRIX_ELEMENT_FQDN;
    ssl on;
    ssl_certificate /etc/nginx/ssl/matrix.crt;
    ssl_certificate_key /etc/nginx/ssl/matrix.key;
    # If you don't wanna serve a site, comment this out
    root /var/www/$MATRIX_ELEMENT_FQDN/element;
    index index.html index.htm;
 } 
 EOF
 ln -s /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN /etc/nginx/sites-enabled/$MATRIX_ELEMENT_FQDN
 systemctl restart nginx
 mkdir /var/www/$MATRIX_ELEMENT_FQDN
 cd /var/www/$MATRIX_ELEMENT_FQDN
 wget https://packages.riot.im/element-release-key.asc
 gpg --import element-release-key.asc
 wget https://github.com/vector-im/element-web/releases/download/$MATRIX_ELEMENT_VERSION/element-$MATRIX_ELEMENT_VERSION.tar.gz
 wget https://github.com/vector-im/element-web/releases/download/$MATRIX_ELEMENT_VERSION/element-$MATRIX_ELEMENT_VERSION.tar.gz.asc
 gpg --verify element-$MATRIX_ELEMENT_VERSION.tar.gz.asc
 tar -xzvf element-$MATRIX_ELEMENT_VERSION.tar.gz
 ln -s element-$MATRIX_ELEMENT_VERSION element
 chown www-data:www-data -R element
 cp ./element/config.sample.json ./element/config.json
 sed -i "s|https://matrix-client.matrix.org|https://$MATRIX_FQDN|" ./element/config.json
 sed -i "s|\"server_name\": \"matrix.org\"|\"server_name\": \"$MATRIX_FQDN\"|" ./element/config.json
 su postgres <<EOF
 psql -c "CREATE USER $ELE_DBUSER WITH PASSWORD '$ELE_DBPASS';"
 psql -c "CREATE DATABASE $ELE_DBNAME ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $ELE_DBUSER;"
 echo "Postgres User '$ELE_DBUSER' and database '$ELE_DBNAME' created."
 EOF
 cd /
 sed -i "s|#registration_shared_secret: <PRIVATE STRING>|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n    user: $ELE_DBUSER\n    password: $ELE_DBPASS\n    host: 127.0.0.1\n    cp_min: 5\n    cp_max: 10|" /etc/matrix-synapse/homeserver.yaml
 systemctl restart matrix-synapse
 register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008
 #curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
 #echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
 #apt update
 #apt install -y jitsi-meet
--- a/archive/zamba.conf
+++ b/archive/zamba.conf
@ -0,0 +1,113 @@
 #!/bin/bash
 # This ist the Zamba main configuration file.
 # Please adjust the settings to your needs before running the installer.
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 ############### Linux Container Section ###############
 # Defines the Proxmox storage where your LXC container template are stored (default: local)
 LXC_TEMPLATE_STORAGE="local"
 # Defines the size in GB of the LXC container's root filesystem (default: 32)
 # Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`.
 LXC_ROOTFS_SIZE="32"
 # Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs)
 LXC_ROOTFS_STORAGE="local-zfs"
 # Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100)
 LXC_SHAREFS_SIZE="100"
 # Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs)
 LXC_SHAREFS_STORAGE="local-zfs"
 # Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
 LXC_SHAREFS_MOUNTPOINT="tank"
 # Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
 LXC_MEM="1024"
 # Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024)
 LXC_SWAP="1024"
 # Defines the hostname of your LXC container
 LXC_HOSTNAME="zamba"
 # Defines the domain name / search domain of your LXC container
 LXC_DOMAIN="zmb.rocks"
 # Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false]
 LXC_DHCP=false
 # Defines the local IP address and subnet of your LXC container in CIDR format
 LXC_IP="192.168.100.200/24"
 # Defines the default gateway IP address of your LXC container
 LXC_GW="192.168.100.254"
 # Defines the DNS server ip address of your LXC container
 # `zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS
 # For other services this should be your active directory domain controller (if present, else a DNS server of your choice)
 LXC_DNS="192.168.100.254"
 # Defines the network bridge to bind the network adapter of your LXC container
 LXC_BRIDGE="vmbr0"
 # Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
 LXC_VLAN=
 # Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour.
 LXC_PWD='S3cr3tp@ssw0rd'
 # Defines an authorized_keys file to push into the LXC container.
 # By default the authorized_keys will be inherited from your proxmox host.
 LXC_AUTHORIZED_KEY=~/.ssh/authorized_keys
 # Define your (administrative) tools, you always want to have installed into your LXC container
 LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https"
 # Define the local timezone of your LXC container (default: Euroe/Berlin)
 LXC_TIMEZONE="Europe/Berlin"
 # Define system language on LXC container (locales)
 LXC_LOCALE=de_DE.UTF-8
 # Set dark background for vim syntax highlighting (0 or 1)
 LXC_VIM_BG_DARK=1
 ############### Zamba-Server-Section ###############
 # Defines the REALM for the Active Directory (AD DC, AD member)
 ZMB_REALM="ZMB.ROCKS"
 # Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
 ZMB_DOMAIN="ZMB"
 # Defines the name of your domain administrator account (AD DC, AD member, standalone)
 ZMB_ADMIN_USER="administrator"
 # The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour
 # `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail
 ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
 # Defines the name of your Zamba share
 ZMB_SHARE="share"
 ############### Mailpiler-Section ###############
 # Defines the (public) FQDN of your piler mail archive
 PILER_FQDN="piler.zmb.rocks"
 # Defines the smarthost for piler mail archive
 PILER_SMARTHOST="your.mailserver.tld"
 ############### Matrix-Section ###############
 # Define the FQDN of your Matrix server
 MATRIX_FQDN="matrix.zmb.rocks"
 # Define the FQDN for the Element Web virtual host
 MATRIX_ELEMENT_FQDN="element.zmb.rocks"
 # Define the FQDN for the Jitsi Meet virtual host
 MATRIX_JITSI_FQDN="meet.zmb.rocks"
--- a/src/zmb-ad-join/install-service.sh
+++ b/src/zmb-ad-join/install-service.sh
@ -5,51 +5,46 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
-ZMB_DNS_BACKEND="SAMBA_INTERNAL"
+sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
-for f in ${OPTIONAL_FEATURES[@]}; do
+if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
-  if [[ "$f" == "wsdd" ]]; then
+  BINDNINE=bind9
-      ADDITIONAL_PACKAGES="wsdd $ADDITIONAL_PACKAGES"
+fi
      ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
      apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
      echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
  elif [[ "$f" == "splitdns" ]]; then
      ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES"
      ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES"
  elif [[ "$f" == "bind9dlz" ]]; then
      ZMB_DNS_BACKEND="BIND9_DLZ"
      ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES"
      ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES"
  else
      echo "Unsupported optional feature $f"
  fi
 done
 ## configure ntp
 cat << EOF > /etc/ntp.conf
 # Local clock. Note that is not the "localhost" address!
 server 127.127.1.0
 fudge  127.127.1.0 stratum 10
 # Where to retrieve the time from
 server 0.de.pool.ntp.org     iburst prefer
 server 1.de.pool.ntp.org     iburst prefer
 server 2.de.pool.ntp.org     iburst prefer
 driftfile       /var/lib/ntp/ntp.drift
 logfile         /var/log/ntp
 ntpsigndsocket  /usr/local/samba/var/lib/ntp_signd/
 # Access control
 # Default restriction: Allow clients only to query the time
 restrict default kod nomodify notrap nopeer mssntp
 # No restrictions for "localhost"
 restrict 127.0.0.1
 # Enable the time sources to only provide time to this host
 restrict 0.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
 restrict 1.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
 restrict 2.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
 tinker panic 0
 EOF
@ -57,32 +52,24 @@ EOF
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 # install required packages
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES rsync acl attr ntpdate rpl net-tools dnsutils ntp cifs-utils samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl attr ntpdate nginx-full rpl net-tools dnsutils ntp samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils $BINDNINE
-if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
+if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
 	  cat << EOF > /etc/nginx/sites-available/default
 server {
    listen 80 default_server;
    server_name _;
    return 301 http://www.$LXC_DOMAIN\$request_uri;
 }
 EOF
 fi
 if  [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then
  # configure bind dns service
  cat << EOF > /etc/default/bind9
 #
 # run resolvconf?
 RESOLVCONF=no
 # startup options for the server
 OPTIONS="-4 -u bind"
 EOF
-  cat << EOF > /etc/bind/named.conf.local
+cat << EOF > /etc/bind/named.conf.local
 //
 // Do any local configuration here
 //
 // Consider adding the 1918 zones here, if they are not used in your
 // organization
 //include "/etc/bind/zones.rfc1918";
@ -94,14 +81,18 @@ EOF
  cat << EOF > /etc/bind/named.conf.options
 options {
  directory "/var/cache/bind";
  forwarders {
    $LXC_DNS;
  };
  allow-query {  any;};
  dnssec-validation no;
  auth-nxdomain no;    # conform to RFC1035
  listen-on-v6 { any; };
  listen-on { any; };
  tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
  minimal-responses yes;
 };
@ -110,29 +101,19 @@ EOF
  mkdir -p /var/lib/samba/bind-dns/dns
 fi
 mv /etc/krb5.conf /etc/krb5.conf.bak
 cat > /etc/krb5.conf <<EOF
 [libdefaults]
 	default_realm = $ZMB_REALM
 	ticket_lifetime = 600
 	dns_lookup_realm = true
 	dns_lookup_kdc = true
 	renew_lifetime = 7d
 EOF
 # stop + disable samba services and remove default config
-systemctl disable --now smbd nmbd winbind systemd-resolved
+systemctl stop smbd nmbd winbind
 systemctl disable smbd nmbd winbind
 rm -f /etc/samba/smb.conf
 rm -f /etc/krb5.conf
-echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
+# provision zamba domain
-samba-tool domain join $ZMB_REALM DC -k yes --backend-store=mdb
+samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=$ZMB_DNS_BACKEND
-cat > /etc/cron.d/sysvol-sync << EOF
+cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
 */5 * * * * root /usr/bin/rsync -XAavz --delete-after root@$LXC_DNS:/var/lib/samba/sysvol/ /var/lib/samba/sysvol
 EOF
 ssh-keygen -q -f "$HOME/.ssh/id_rsa" -N "" -b 4096
 systemctl unmask samba-ad-dc
-systemctl enable samba-ad-dc
+systemctl enable samba-ad-dc $BINDNINE
-systemctl restart samba-ad-dc $ADDITIONAL_SERVICES
+systemctl restart samba-ad-dc $BINDNINE
 exit 0
--- a/archive/zmb-member.sh
+++ b/archive/zmb-member.sh
@ -0,0 +1,113 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules 
 mv /etc/krb5.conf /etc/krb5.conf.bak
 cat > /etc/krb5.conf <<EOF
 [libdefaults]
 	default_realm = $ZMB_REALM
    ticket_lifetime = 600
 	dns_lookup_realm = true
 	dns_lookup_kdc = true
 	renew_lifetime = 7d
 EOF
 echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
 klist
 mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
 cat > /etc/samba/smb.conf <<EOF
 [global]
 	workgroup = $ZMB_DOMAIN
 	security = ADS
 	realm = $ZMB_REALM
 	server string = %h server
 	vfs objects = acl_xattr shadow_copy2
    map acl inherit = Yes
    store dos attributes = Yes
 	idmap config *:backend = tdb
 	idmap config *:range = 3000000-4000000
 	idmap config *:schema_mode = rfc2307
 	winbind refresh tickets = Yes
 	winbind use default domain = Yes
 	winbind separator = /
 	winbind nested groups = yes
 	winbind nss info = rfc2307
 	pam password change = Yes
 	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
 	passwd program = /usr/bin/passwd %u
 	template homedir = /home/%U
 	template shell = /bin/bash
 	bind interfaces only = Yes
 	interfaces = lo eth0
 	log file = /var/log/samba/log.%m
 	logging = syslog
 	max log size = 1000
 	panic action = /usr/share/samba/panic-action %d
 	load printers = No
 	printcap name = /dev/null
 	printing = bsd
 	disable spoolss = Yes
 	allow trusted domains = No
 	dns proxy = No
 	shadow: snapdir = .zfs/snapshot
 	shadow: sort = desc
 	shadow: format = -%Y-%m-%d-%H%M
 	shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
 	shadow: delimiter = -20
 [$ZMB_SHARE]
 	comment = Main Share
 	path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 	read only = No
 	create mask = 0660
 	directory mask = 0770
 	inherit acls = Yes
 EOF
 systemctl restart smbd
 echo -e "$ZMB_ADMIN_PASS" | net ads join -U $ZMB_ADMIN_USER createcomputer=Computers
 sed -i "s|files systemd|files systemd winbind|g" /etc/nsswitch.conf
 sed -i "s|#WINBINDD_OPTS=|WINBINDD_OPTS=|" /etc/default/winbind
 echo -e "session optional        pam_mkhomedir.so skel=/etc/skel umask=077" >> /etc/pam.d/common-session
 systemctl restart winbind nmbd
 wbinfo -u
 wbinfo -g
 mkdir /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 # originally 'domain users' was set, added variable for domain admins group, samba wiki recommends separate group e.g. 'unix admins'
 chown "$ZMB_ADMIN_USER" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 setfacl -Rm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 setfacl -Rdm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 systemctl restart smbd nmbd winbind
--- a/archive/zmb-standalone.sh
+++ b/archive/zmb-standalone.sh
@ -0,0 +1,44 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/zamba.conf
 sed -i "s|# $LXC_LOCALE|$LXC_LOCALE|" /etc/locale.gen
 cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
 locale-gen $LXC_LOCALE
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl samba samba-dsdb-modules samba-vfs-modules 
 USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}')
 useradd --comment "Zamba fileserver admin" --create-home --shell /bin/bash $USER
 echo "$USER:$ZMB_ADMIN_PASS" | chpasswd
 smbpasswd -x $USER
 (echo $ZMB_ADMIN_PASS; echo $ZMB_ADMIN_PASS) | smbpasswd -a $USER
 cat << EOF >> /etc/samba/smb.conf
 [$ZMB_SHARE]
    comment = Main Share
    path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
    read only = No
    vfs objects = shadow_copy2
    shadow: snapdir = .zfs/snapshot
    shadow: sort = desc
    shadow: format = -%Y-%m-%d-%H%M
    shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
    shadow: delimiter = -20
 EOF
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 systemctl restart smbd nmbd 
--- a/conf/README.md
+++ b/conf/README.md
@ -1,256 +1 @@
-# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS
+# USE THIS FOLDER TO STORE YOUR OWN ZMB CONFIGS
 # Configuration options reference
 This is the reference of all config options you can set in `zamba.conf`
 <br>
 ## Linux Container Section
 In this section all settings relevant for the LXC container.
 <br>
 ### LXC_TEMPLATE_STORAGE
 Defines the Proxmox storage where your LXC container template are stored (default: local)
 ```bash
 LXC_TEMPLATE_STORAGE="local"
 ```
 ### LXC_ROOTFS_SIZE
 Defines the size in GB of the LXC container's root filesystem (default: 32)
 ```bash
 LXC_ROOTFS_SIZE="32"
 ```
 Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`.
 ### LXC_ROOTFS_STORAGE
 Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs)
 ```bash
 LXC_ROOTFS_STORAGE="local-zfs"
 ```
 ### LXC_SHAREFS_SIZE
 Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100)
 ```bash
 LXC_SHAREFS_SIZE="100"
 ```
 ### LXC_SHAREFS_STORAGE
 Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs)
 ```bash
 LXC_SHAREFS_STORAGE="local-zfs"
 ```
 ### LXC_SHAREFS_MOUNTPOINT
 Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
 ```bash
 LXC_SHAREFS_MOUNTPOINT="tank"
 ```
 ### LXC_MEM
 Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
 ```bash
 LXC_MEM="1024"
 ```
 ### LXC_SWAP
 Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024)
 ```bash
 LXC_SWAP="1024"
 ```
 ### LXC_HOSTNAME
 Defines the hostname of your LXC container (Default: Name of installed Service)
 ```bash
 LXC_HOSTNAME="zamba"
 ```
 ### LXC_DOMAIN
 Defines the domain name / search domain of your LXC container
 ```bash
 LXC_DOMAIN="zmb.rocks"
 ```
 ### LXC_DHCP
 Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false]
 ```bash
 LXC_DHCP=false
 ```
 ### LXC_IP
 Defines the local IP address and subnet of your LXC container in CIDR format
 ```bash
 LXC_IP="10.10.80.20/24"
 ```
 ### LXC_GW
 Defines the default gateway IP address of your LXC container
 ```bash
 LXC_GW="10.10.80.254"
 ```
 ### LXC_DNS
 Defines the DNS server ip address of your LXC container
 ```bash
 LXC_DNS="10.10.80.254"
 ```
 `zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS
 For other services this should be your active directory domain controller (if present, else a DNS server of your choice)
 ### LXC_BRIDGE
 Defines the network bridge to bind the network adapter of your LXC container
 ```bash
 LXC_BRIDGE="vmbr0"
 ```
 ### LXC_VLAN
 Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
 ```bash
 LXC_VLAN="80"
 ```
 ### LXC_PWD
 Defines the `root` password of your LXC container. Please use 'single quotation marks' to avoid unexpected behaviour.
 ```bash
 LXC_PWD="Start!123"
 ```
 ### LXC_AUTHORIZED_KEY
 Defines an authorized_keys file to push into the LXC container.
 By default the authorized_keys will be inherited from your proxmox host.
 ```bash
 LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys"
 ```
 ### LXC_TOOLSET
 Define your (administrative) tools, you always want to have installed into your LXC container
 ```bash
 LXC_TOOLSET="vim htop net-tools dnsutils sysstat mc"
 ```
 ### LXC_TIMEZONE
 Define the local timezone of your LXC container (default: Euroe/Berlin)
 ```bash
 LXC_TIMEZONE="Europe/Berlin"
 ```
 ### LXC_LOCALE
 Define system language on LXC container (locales)
 ```bash
 LXC_LOCALE="de_DE.utf8"
 ```
 This parameter is not used yet, but will be integrated in future releases.
 ### LXC_VIM_BG_DARK
 Set dark background for vim syntax highlighting (0 or 1)
 ```bash
 LXC_VIM_BG_DARK=1
 ```
 <br>
 ## Zamba Server Section
 This section configures the Zamba server (AD DC, AD member and standalone)
 <br>
 ### ZMB_REALM
 Defines the REALM for the Active Directory (AD DC, AD member)
 ```bash
 ZMB_REALM="ZMB.ROCKS"
 ```
 ### ZMB_DOMAIN
 Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
 ```bash
 ZMB_DOMAIN="ZMB"
 ```
 ### ZMB_ADMIN_USER
 Defines the name of your domain administrator account (AD DC, AD member, standalone)
 ```bash
 ZMB_ADMIN_USER="Administrator"
 ```
 ### ZMB_ADMIN_PASS
 Defines the domain administrator's password (AD DC, AD member).
 ```bash
 ZMB_ADMIN_PASS='Start!123'
 ```
 Please use 'single quotation marks' to avoid unexpected behaviour.
 `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail.
 ### ZMB_SHARE
 Defines the name of your Zamba share
 ```bash
 ZMB_SHARE="share"
 ```
 <br>
 ## Mailpiler section
 This section configures the mailpiler email archive
 <br>
 ### PILER_FQDN
 Defines the (public) FQDN of your piler mail archive
 ```bash
 PILER_FQDN="piler.zmb.rocks"
 ```
 ### PILER_SMARTHOST
 Defines the smarthost for piler mail archive
 ```bash
 PILER_SMARTHOST="your.mailserver.tld"
 ```
 <br>
 ## Matrix section
 This section configures the matrix chat server
 <br>
 ### MATRIX_FQDN
 Define the FQDN of your Matrix server
 ```bash
 MATRIX_FQDN="matrix.zmb.rocks"
 ```
 ### MATRIX_ELEMENT_FQDN
 Define the FQDN for the Element Web virtual host
 ```bash
 MATRIX_ELEMENT_FQDN="element.zmb.rocks"
 ```
 ### MATRIX_ADMIN_USER
 Define the administrative user of matrix service
 ```bash
 MATRIX_ADMIN_USER="admin"
 ```
 ### MATRIX_ADMIN_PASSWORD
 Define the admin password
 ```bash
 MATRIX_ADMIN_PASSWORD="Start!123"
 ```
 ## Nextcloud-Section
 ### NEXTCLOUD_FQDN
 Define the FQDN of your Nextcloud server
 ```bash
 NEXTCLOUD_FQDN="nc1.zmb.rocks"
 ```
 ### NEXTCLOUD_ADMIN_USR
 The initial admin-user which will be configured
 ```bash
 NEXTCLOUD_ADMIN_USR="zmb-admin"
 ```
 ### NEXTCLOUD_ADMIN_PWD
 Build a strong password for this user. Username and password will shown at the end of the instalation. 
 ```bash
 NEXTCLOUD_ADMIN_PWD="$(random_password)"
 ```
 ### NEXTCLOUD_DATA
 Defines the data directory, which will be createt under LXC_SHAREFS_MOUNTPOINT
 ```bash
 NEXTCLOUD_DATA="nc_data"
 ```
 ### NEXTCLOUD_REVPROX
 Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban
 ```bash
 NEXTCLOUD_REVPROX="192.168.100.254"
 ```
 ## Check_MK-Section
 ### CMK_INSTANCE
 Define the name of your checkmk instance
 ```bash
 CMK_INSTANCE=zmbrocks
 ```
 ### CMK_ADMIN_PW
 Define the password of user 'cmkadmin'
 ```bash
 CMK_ADMIN_PW='Start!123'
 ```
 ### CMK_EDITION
 checkmk edition (raw or free)
 - raw = completely free
 - free = limited version of the enterprise edition (25 hosts, 1 instance)
 ```bash
 CMK_EDITION=raw
 ```
--- a/conf/zamba.conf.example
+++ b/conf/zamba.conf.example
@ -57,10 +57,10 @@ LXC_DNS="192.168.100.254"
 LXC_BRIDGE="vmbr0"
 # Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
-LXC_VLAN=NONE
+LXC_VLAN=
 # Defines the `root` password of your LXC container. Please use 'single quatation marks' to avoid unexpected behaviour.
-LXC_PWD='Start!123'
+LXC_PWD='S3cr3tp@ssw0rd'
 # Defines an authorized_keys file to push into the LXC container.
 # By default the authorized_keys will be inherited from your proxmox host.
@ -92,7 +92,7 @@ ZMB_DOMAIN="ZMB"
 ZMB_ADMIN_USER="administrator"
 # The admin password for zamba installation. Please use 'single quatation marks' to avoid unexpected behaviour
 # `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail
-ZMB_ADMIN_PASS='Start!123'
+ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
 # Defines the name of your Zamba share
 ZMB_SHARE="share"
@ -100,9 +100,9 @@ ZMB_SHARE="share"
 ############### Mailpiler-Section ###############
 # Defines the (public) FQDN of your piler mail archive
-PILER_FQDN="mailpiler.zmb.rocks"
+PILER_FQDN="piler.zmb.rocks"
 # Defines the smarthost for piler mail archive
-PILER_SMARTHOST="mail.zmb.rocks"
+PILER_SMARTHOST="your.mailserver.tld"
 ############### Matrix-Section ###############
@ -112,22 +112,16 @@ MATRIX_FQDN="matrix.zmb.rocks"
 # Define the FQDN for the Element Web virtual host
 MATRIX_ELEMENT_FQDN="element.zmb.rocks"
 # Define the administrative user of matrix service
 MATRIX_ADMIN_USER="admin"
 # Define the admin password
 MATRIX_ADMIN_PASSWORD="Start!123"
 ############### Nextcloud-Section ###############
 # Define the FQDN of your Nextcloud server
-NEXTCLOUD_FQDN="nextcloud.zmb.rocks"
+NEXTCLOUD_FQDN="nc1.zmb.rocks"
 # The initial admin-user which will be configured
 NEXTCLOUD_ADMIN_USR="zmb-admin"
-# Build a strong password for this user. Username and password will shown at the end of the installation. 
+# Build a strong password for this user. Username and password will shown at the end of the instalation. 
-NEXTCLOUD_ADMIN_PWD="$(random_password)"
+NEXTCLOUD_ADMIN_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
 # Defines the data directory, which will be createt under LXC_SHAREFS_MOUNTPOINT
 NEXTCLOUD_DATA="nc_data"
@ -141,21 +135,9 @@ NEXTCLOUD_REVPROX="192.168.100.254"
 CMK_INSTANCE=zmbrocks
 # Define the password of user 'cmkadmin'
-CMK_ADMIN_PW='Start!123'
+CMK_ADMIN_PW='Ju5t@n0thers3cur3p@ssw0rd'
 # checkmk edition (raw or free)
 # raw = completely free
 # free = limited version of the enterprise edition (25 hosts, 1 instance)
 CMK_EDITION=raw
 ############### Kopano-Section ###############
 # Define the FQDN of your Nextcloud server
 KOPANO_FQDN="kopano.zmb.rocks"
 # Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban
 KOPANO_MAILGW="192.168.100.254"
 # Kopano test- or subscription-key offerd from 
 # https://kopano.com/downloads-demo/?demo=Kopano+Groupware&headline=Packages&target=Debian+10
 KOPANO_REPKEY="1234567890abcdefghijklmno"
--- a/install.sh
+++ b/install.sh
@ -1,5 +1,4 @@
 #!/bin/bash
 set -euo pipefail
 # This script will create and fire up a standard debian buster lxc container on your Proxmox VE.
 # On a Proxmox cluster, the script will create the container on the local node, where it's executed.
@ -16,7 +15,7 @@ set -euo pipefail
 # Please adjust th settings in 'zamba.conf' to your needs before running the script
 ############### ZAMBA INSTALL SCRIPT ###############
-prog="$(basename $0)"
+prog="$(basename "$0")"
 usage() {
 	cat >&2 <<-EOF
@ -37,6 +36,7 @@ usage() {
 ctid=0
 service=ask
 config=$PWD/conf/zamba.conf
 verbose=0
 while getopts "hi:s:c:" opt; do
  case $opt in
@ -49,13 +49,17 @@ while getopts "hi:s:c:" opt; do
 done
 shift $((OPTIND-1))
-OPTS=$(find src/ -maxdepth 1 -mindepth 1 -type d -exec basename -a {} + | sort -n)
+# Load configuration file
 echo "Loading config file '$config'..."
 source $config
 OPTS=$(ls -d $PWD/src/*/ | grep -v __ | xargs basename -a)
 valid=0
 if [[ "$service" == "ask" ]]; then
  select svc in $OPTS quit; do
    if [[ "$svc" != "quit" ]]; then
-       for line in $OPTS; do
+       for line in $(echo $OPTS); do
        if [[ "$svc" == "$line" ]]; then
          service=$svc
          echo "Installation of $service selected."
@ -72,7 +76,7 @@ if [[ "$service" == "ask" ]]; then
    fi
  done
 else
-  for line in $OPTS; do
+  for line in $(echo $OPTS); do
    if [[ "$service" == "$line" ]]; then
      echo "Installation of $service selected."
      valid=1
@ -86,30 +90,18 @@ if [[ "$valid" != "1" ]]; then
  usage 1
 fi
-# Load configuration file
+source $PWD/src/$service/constants-service.conf
 echo "Loading config file '$config'..."
 if [ ! -e "$config" ]; then
  echo "Configuration files does not exist"
  exit 1
 fi
 source "src/functions.sh"
 source "$config"
 source "$PWD/src/$service/constants-service.conf"
 # CHeck is the newest template available, else download it.
-DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep $LXC_TEMPLATE_VERSION | tail -1 | cut -d'_' -f2)
+DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep debian-10-standard | cut -d'_' -f2)
-DEB_REP=$(pveam available --section system | grep $LXC_TEMPLATE_VERSION | tail -1 | cut -d'_' -f2)
+DEB_REP=$(pveam available --section system | grep debian-10-standard | cut -d'_' -f2)
 TMPL_NAME=$(pveam available --section system | grep $LXC_TEMPLATE_VERSION | tail -1 | cut -d' ' -f11)
 if [[ $DEB_LOC == $DEB_REP ]];
 then
-  echo "Newest Version of $LXC_TEMPLATE_VERSION $DEB_REP exists.";
+  echo "Newest Version of Debian 10 Standard $DEP_REP exists.";
 else
-  echo "Will now download newest $LXC_TEMPLATE_VERSION $DEP_REP.";
+  echo "Will now download newest Debian 10 Standard $DEP_REP.";
-  pveam download $LXC_TEMPLATE_STORAGE $TMPL_NAME
+  pveam download $LXC_TEMPLATE_STORAGE debian-10-standard_$DEB_REP\_amd64.tar.gz
 fi
 if [ $ctid -gt 99 ]; then
@ -128,17 +120,17 @@ fi
 echo "Will now create LXC Container $LXC_NBR!";
 # Create the container
-pct create $LXC_NBR --password $LXC_PWD -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/$TMPL_NAME -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE;
+pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/debian-10-standard_$DEB_REP\_amd64.tar.gz -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE;
 sleep 2;
 # Check vlan configuration
-if [[ $LXC_VLAN != "NONE" ]];then VLAN=",tag=$LXC_VLAN"; else VLAN=""; fi
+if [[ $LXC_VLAN != "" ]];then VLAN=",tag=$LXC_VLAN"; else VLAN=""; fi
 # Reconfigure conatiner
 pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME -onboot 1 -timezone $LXC_TIMEZONE -features nesting=$LXC_NESTING;
 if [ $LXC_DHCP == true ]; then
- pct set $LXC_NBR -net0 "name=eth0,bridge=$LXC_BRIDGE,ip=dhcp,type=veth$VLAN"
+ pct set $LXC_NBR -net0 name=eth0,bridge=$LXC_BRIDGE,ip=dhcp,type=veth$VLAN;
 else
- pct set $LXC_NBR -net0 "name=eth0,bridge=$LXC_BRIDGE,firewall=1,gw=$LXC_GW,ip=$LXC_IP,type=veth$VLAN" -nameserver $LXC_DNS -searchdomain $LXC_DOMAIN
+ pct set $LXC_NBR -net0 name=eth0,bridge=$LXC_BRIDGE,firewall=1,gw=$LXC_GW,ip=$LXC_IP,type=veth$VLAN -nameserver $LXC_DNS -searchdomain $LXC_DOMAIN;
 fi
 sleep 2
@ -151,15 +143,16 @@ PS3="Select the Server-Function: "
 pct start $LXC_NBR;
 sleep 5;
-# Set the root ssh key
+# Set the root password and key
-pct exec $LXC_NBR -- mkdir /root/.ssh
+echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd;
 lxc-attach -n$LXC_NBR mkdir /root/.ssh;
 pct push $LXC_NBR $LXC_AUTHORIZED_KEY /root/.ssh/authorized_keys
-pct push $LXC_NBR "$config" /root/zamba.conf
+pct push $LXC_NBR $PWD/src/sources.list /etc/apt/sources.list
-pct push $LXC_NBR "$PWD/src/functions.sh" /root/functions.sh
+pct push $LXC_NBR $config /root/zamba.conf
-pct push $LXC_NBR "$PWD/src/constants.conf" /root/constants.conf
+pct push $LXC_NBR $PWD/src/constants.conf /root/constants.conf
-pct push $LXC_NBR "$PWD/src/lxc-base.sh" /root/lxc-base.sh
+pct push $LXC_NBR $PWD/src/lxc-base.sh /root/lxc-base.sh
-pct push $LXC_NBR "$PWD/src/$service/install-service.sh" /root/install-service.sh
+pct push $LXC_NBR $PWD/src/$service/install-service.sh /root/install-service.sh
-pct push $LXC_NBR "$PWD/src/$service/constants-service.conf" /root/constants-service.conf
+pct push $LXC_NBR $PWD/src/$service/constants-service.conf /root/constants-service.conf
 echo "Installing basic container setup..."
 lxc-attach -n$LXC_NBR bash /root/lxc-base.sh
@ -168,7 +161,6 @@ lxc-attach -n$LXC_NBR bash /root/install-service.sh
 if [[ $service == "zmb-ad" ]]; then
  pct stop $LXC_NBR
-  ## set nameserver, ${LXC_IP%/*} extracts the ip address from cidr format
+  pct set $LXC_NBR \-nameserver $(echo $LXC_IP | cut -d'/' -f 1)
  pct set $LXC_NBR -nameserver ${LXC_IP%/*}
  pct start $LXC_NBR
 fi
--- a/new-config.py
+++ b/new-config.py
@ -0,0 +1,136 @@
 #!/usr/bin/python3
 import os
 from src import config_base, menu
 # Check installation of zfs-auto-snapshot, if not installed, just notify user
 config_base.check_zfs_autosnapshot()
 cfg = {}
 # set template storage
 t_storages = config_base.get_pve_storages(content=config_base.PveStorageContent.vztmpl)
 if len(t_storages.keys()) > 1:
    t_stors={}
    for st in t_storages.keys():
        t_stors[st] = f"driver: {t_storages[st]['driver']}\tfree space: {int(t_storages[st]['available'])/1024/1024:.2f} GB"
    cfg['LXC_TEMPLATE_STORAGE'] = menu.radiolist("Select container template storage", "Please choose the storage, where your container templates are stored.", t_stors)
 elif len(t_storages.keys()) == 1:
    cfg['LXC_TEMPLATE_STORAGE'] = next(iter(t_storages))
 else:
    print("Could not find any storage enabled for container templates. Please ensure your storages are configured properly.")
    os._exit(1)
 # get zmb service
 cfg['ZMB_SERVICE'] = menu.radiolist("Select service","Please choose the service to install:", config_base.get_zmb_services())
 # get static ct features
 ct_features = config_base.get_ct_features(cfg["ZMB_SERVICE"])
 cfg['LXC_UNPRIVILEGED'] = ct_features['unprivileged']
 # get ct id
 cfg['LXC_NBR'] = menu.question("Container ID", f"Please select an ID for the {cfg['ZMB_SERVICE']} container.", menu.qType.Integer, config_base.get_ct_id(), config_base.validate_ct_id)
 # configure rootfs
 r_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir)
 if len(r_storages.keys()) > 1:
    r_stors = {}
    for st in r_storages.keys():
        r_stors[st] = f"driver: {r_storages[st]['driver']}\tfree space: {int(r_storages[st]['available'])/1024/1024:.2f} GB"
    cfg['LXC_ROOTFS_STORAGE'] = menu.radiolist("Select rootfs storage", "Please choose the storage for your container's rootfs",r_stors)
 elif len(r_storages.keys()) == 1:
    cfg['LXC_ROOTFS_STORAGE'] = next(iter(r_storages))
 else:
    print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.")
    os._exit(1)
 cfg['LXC_ROOTFS_SIZE'] = menu.question("Set rootfs size","Please type in the desired rootfs size (GB)", menu.qType.Integer,32)
 # create additional mountpoints
 if 'size' in ct_features['sharefs'].keys():
    f_storages = config_base.get_pve_storages(driver=config_base.PveStorageType.zfspool,content=config_base.PveStorageContent.rootdir)
    if len(f_storages.keys()) > 1:
        f_stors = {}
        for st in f_storages.keys():
            f_stors[st] = f"driver: {f_storages[st]['driver']}\tfree space: {int(f_storages[st]['available'])/1024/1024:.2f} GB"
        cfg['LXC_SHAREFS_STORAGE'] = menu.radiolist("Select sharefs storage", "Please choose the storage of your shared filesystem", f_stors)
    elif len(r_storages.keys()) == 1:
        cfg['LXC_SHAREFS_STORAGE'] = next(iter(f_storages))
    else:
        print("Could not find any storage enabled for container filesystems. Please ensure your storages are configured properly.")
        os._exit(1)
    cfg['LXC_SHAREFS_SIZE'] = menu.question("Select sharefs size","Please type in the desired size (GB) of your shared filesystem", menu.qType.Integer,ct_features['sharefs']['size'])
    cfg['LXC_SHAREFS_MOUNTPOINT'] = menu.question("Select sharefs mountpoint","Please type in the folder where to mount your shared filesystem inside the container.", menu.qType.String,ct_features['sharefs']['mountpoint'])
 # configure ram and swap
 cfg['LXC_MEM'] = menu.question("Set container RAM", "Please type in the desired amount of RAM for the container (MB)",menu.qType.Integer,ct_features["mem"])
 cfg['LXC_SWAP'] = menu.question("Set container Swap", "Please type in the desired amount of Swap for the container (MB)",menu.qType.Integer,ct_features["swap"])
 cfg['LXC_HOSTNAME'] = menu.question("Set container Hostname", "Please type in the desired hostname of the container",menu.qType.String,ct_features['hostname'])
 cfg['LXC_DOMAIN'] = menu.question("Set container search domain", "Please type in the search domain of your network.", menu.qType.String,ct_features['domain'])
 cfg['LXC_TIMEZONE'] = 'host' # TODO
 cfg['LXC_LOCALE'] = "de_DE.utf8" # TODO
 # get pve bridge
 bridges = config_base.get_pve_bridges()
 if len(bridges) > 1:
    cfg['LXC_BRIDGE'] = menu.radiolist("Select PVE Network Bridge", f"Please select the network bridge to connect the {cfg['ZMB_SERVICE']} container",bridges)
 elif len(bridges) == 1:
    cfg['LXC_BRIDGE'] = bridges[0]
 else:
    print("Could not find any bridge device to connect container. Please ensure your networksettings are configured properly.")
    os._exit(1)
 cfg['LXC_VLAN'] = menu.question("Set vlan tag", "You you want to tag your container's network to a vlan? (0 = untagged, 1 - 4094 = tagged vlan id)",menu.qType.Integer,0, config_base.validate_vlan)
 # configure network interface
 if  cfg['ZMB_SERVICE'] != 'zmb-ad':
    enable_dhcp = menu.question("Set network mode", "Do you want to configure the network interface in dhcp mode?",menu.qType.Boolean,default=True)
 else:
    enable_dhcp = False
 if enable_dhcp == True:
    cfg["LXC_NET_MODE"] = 'dhcp'
 else:
    cfg["LXC_NET_MODE"] = 'static'
    cfg["LXC_IP"] = menu.question("Set interface IP Addess", "Pleace type in the containers IP address (CIDR Format).",menu.qType.String,default='10.10.10.10/8')
    cfg["LXC_GW"] = menu.question("Set interface default gateway", "Pleace type in the containers default gateway.",menu.qType.String,default='10.10.10.1')
 cfg['LXC_DNS']  = menu.question("Set containers dns server", "Pleace type in the containers dns server. ZMB AD will use this as dns forwarder",menu.qType.String,default='10.10.10.1')
 cfg['LXC_PWD'] = menu.question("Set root password", "Please type in the containers root password", menu.qType.String,default='')
 cfg['LXC_AUTHORIZED_KEY'] = menu.question ("Set authorized_keys file to import", "Please select authorized_keys file to import.", menu.qType.String, default='~/.ssh/authorized_keys')
 os.system('clear')
 print (f"#### Zamba LXC Toolbox ####\n")
 print (f"GLOBAL CONFIGURATION:")
 print (f"\tct template storage:\t{cfg['LXC_TEMPLATE_STORAGE']}")
 print (f"\nCONTAINER CONFIGURATION:")
 print (f"\tzmb service:\t\t{cfg['ZMB_SERVICE']}")
 print (f"\tcontainer id:\t\t{cfg['LXC_NBR']}")
 print (f"\tunprivileged:\t\t{cfg['LXC_UNPRIVILEGED']}")
 for feature in ct_features['features'].keys():
    if feature == 'nesting':
        cfg['LXC_NESTING'] = ct_features['features'][feature]
        print (f"\t{feature}:\t\t{cfg['LXC_NESTING']}")
 print (f"\tcontainer memory:\t{cfg['LXC_MEM']} MB")
 print (f"\tcontainer swap:\t\t{cfg['LXC_SWAP']} MB")
 print (f"\tcontainer hostname:\t{cfg['LXC_HOSTNAME']}")
 print (f"\tct search domain:\t{cfg['LXC_DOMAIN']}")
 print (f"\tcontainer timezone\t{cfg['LXC_TIMEZONE']}")
 print (f"\tcontainer language\t{cfg['LXC_LOCALE']}")
 print (f"\nSTORAGE CONFIGURATION:")
 print (f"\trootfs storage:\t\t{cfg['LXC_ROOTFS_STORAGE']}")
 print (f"\trootfs size:\t\t{cfg['LXC_ROOTFS_SIZE']} GB")
 if 'size' in ct_features['sharefs'].keys():
    print (f"\tsharefs storage:\t{cfg['LXC_SHAREFS_STORAGE']}")
    print (f"\tsharefs size:\t\t{cfg['LXC_SHAREFS_SIZE']} GB")
    print (f"\tsharefs mountpoint:\t{cfg['LXC_SHAREFS_MOUNTPOINT']}")
 print (f"\nNETWORK CONFIGURATION:")
 print (f"\tpve bridge:\t\t{cfg['LXC_BRIDGE']}")
 if cfg['LXC_VLAN'] > 0:
    print (f"\tcontainer vlan:\t\t{cfg['LXC_VLAN']}")
 else:
    print (f"\tcontainer vlan:\t\tuntagged")
 print (f"\tnetwork mode:\t\t{cfg['LXC_NET_MODE']}")
 if enable_dhcp == False:
    print (f"\tip address (CIDR):\t{cfg['LXC_IP']}")
    print (f"\tdefault gateway:\t{cfg['LXC_GW']}")
    print (f"\tdns server / forwarder:\t{cfg['LXC_GW']}")
 print (f"\nCONTAINER CREDENTIALS:")
 print (f"\troot password:\t\t{cfg['LXC_PWD']}")
 print (f"\tauthorized ssh keys:\t{cfg['LXC_AUTHORIZED_KEY']}")
--- a/proxmox.conf
+++ b/proxmox.conf
@ -0,0 +1 @@
 HOST_LOCALE=de_DE.UTF-8
--- a/sources.list
+++ b/sources.list
@ -0,0 +1,6 @@
 deb http://ftp.de.debian.org/debian buster main contrib
 deb http://ftp.de.debian.org/debian buster-updates main contrib
 # security updates
 deb http://security.debian.org buster/updates main contrib
--- a/src/init.py
+++ b/src/init.py
--- a/src/checkmk/constants-service.conf
+++ b/src/checkmk/constants-service.conf
@ -7,9 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
@ -17,9 +14,9 @@ LXC_MP="0"
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
-LXC_NESTING="1"
+LXC_NESTING="0"
 # checkmk version
-CMK_VERSION=2.0.0p23
+CMK_VERSION=2.0.0p4
 # build number of the debian package (needs to start with underscore)
-CMK_BUILD=_0
+CMK_BUILD=_0
--- a/src/checkmk/install-service.sh
+++ b/src/checkmk/install-service.sh
@ -5,13 +5,11 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
-cd /tmp
+wget https://download.checkmk.com/checkmk/$CMK_VERSION/check-mk-$CMK_EDITION-$CMK_VERSION$CMK_BUILD.buster_amd64.deb
-wget https://download.checkmk.com/checkmk/$CMK_VERSION/check-mk-$CMK_EDITION-$CMK_VERSION$CMK_BUILD.$(lsb_release -cs)_amd64.deb
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ./check-mk-$CMK_EDITION-$CMK_VERSION$CMK_BUILD.buster_amd64.deb
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ./check-mk-$CMK_EDITION-$CMK_VERSION$CMK_BUILD.$(lsb_release -cs)_amd64.deb
 omd create --admin-password $CMK_ADMIN_PW $CMK_INSTANCE
@ -32,7 +30,8 @@ systemctl restart apache2.service
 omd start $CMK_INSTANCE
 # install matrix notification plugin
-
+su - $CMK_INSTANCE
-wget -O /opt/omd/sites/$CMK_INSTANCE/local/share/check_mk/notifications/matrix.py https://github.com/bashclub/check_mk_matrix_notifications/raw/master/matrix.py
+cd ~/local/share/check_mk/notifications/
-chmod +x /opt/omd/sites/$CMK_INSTANCE/local/share/check_mk/notifications/matrix.py
+wget https://github.com/bashclub/check_mk_matrix_notifications/raw/master/matrix.py
-chown $CMK_INSTANCE /opt/omd/sites/$CMK_INSTANCE/local/share/check_mk/notifications/matrix.py
+chmod +x ./matrix.py
 exit
--- a/src/config_base.py
+++ b/src/config_base.py
@ -0,0 +1,121 @@
 #!/usr/bin/python3
 from pathlib import Path
 import os
 import ipaddress
 import socket
 import json
 import subprocess
 from enum import Enum
 def check_zfs_autosnapshot():
    proc = subprocess.Popen(["dpkg","-l","zfs-auto-snapshot"],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
    proc.communicate()
    if proc.returncode > 0:
        print ("'zfs-auto-snapshot' is NOT installed on your system. This ist required for 'previous versions' feature in Zamba containers.\nYou can install it with the following command:\n\tapt install zfs-auto-snapshot\n")
        input ("Press Enter to continue...")
 # get_pve_bridges queries and returns availabe Proxmox bridges
 def get_pve_bridges():
    pve_bridges=[]
    ifaces=os.listdir(os.path.join("/","sys","class","net"))
    for iface in ifaces:
        if "vmbr" in iface:
            pve_bridges.append(iface)
    return pve_bridges
 # get_pve_storages queries and returns available Proxmox bridges
 def get_pve_storages(driver=None,content=None):
    pve_storages={}
    cmd = ["pvesm","status","--enabled","1"]
    if content != None:
        cmd.extend(["--content",content.name])
    result = subprocess.Popen(cmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE).communicate()
    stdout = result[0].decode("utf-8").split('\n')
    for line in filter(lambda x: len(x)>0, stdout):
        if not "Status" in line:
            item = [x for x in line.split(' ') if x.strip()]
            storage = {}
            storage["driver"] = item[1]
            storage["status"] = item[2]
            storage["total"] = item[3]
            storage["used"] = item[4]
            storage["available"] = item[5]
            storage["percent_used"] = item[6]
            if driver == None:
                pve_storages[item[0]] = storage
            else:
                if driver.name == storage["driver"]:
                    pve_storages[item[0]] = storage
    return pve_storages
 # get_zmb_services queries and returns available Zamba services
 def get_zmb_services():
    zmb_services={}
    for item in Path.iterdir(Path.joinpath(Path.cwd(),"src")):
        if Path.is_dir(item) and "__" not in item.name:
            with open(os.path.join(item._str, "info"),"r") as info:
                description = info.read()
                zmb_services[item.name] = description
    return zmb_services
 # get_ct_id queries and returns the next available container id
 def get_ct_id(base="ct"):
    with open("/etc/pve/.vmlist","r") as v:
        vmlist_json = json.loads(v.read())
    ct_id = 100
    for cid in vmlist_json["ids"].keys():
        if int(cid) > ct_id and base == "ct" and vmlist_json["ids"][cid]["type"] == "lxc":
            ct_id = int(cid)
        elif int(cid) > ct_id and base == "all":
            ct_id = int(cid)
    while True:
        ct_id = ct_id + 1
        if ct_id not in vmlist_json["ids"].keys():
            break
    return ct_id
 # validate_ct_id queries if ct_id is available and returns as boolean
 def validate_ct_id(ct_id:int):
    with open("/etc/pve/.vmlist","r") as v:
        vmlist_json = json.loads(v.read())
    ct_id = str(ct_id)
    if int(ct_id) >= 100 and int(ct_id) <= 999999999 and ct_id not in vmlist_json["ids"].keys():
        return True
    else:
        return False
 def validate_vlan(tag:int):
    if int(tag) >= 1 and int(tag) <= 4094:
        return True
    else:
        return False
 def get_ct_features(zmb_service):
    with open(Path.joinpath(Path.cwd(),"src",zmb_service,"features.json")) as ff:
        return json.loads(ff.read())
 class PveStorageContent(Enum):
    images = 0
    rootdir = 1
    vztmpl = 2
    backup = 3
    iso = 4
    snippets = 5
 class PveStorageType(Enum):
    zfspool = 0
    dir = 1
    nfs = 2
    cifs = 3
    pbs = 4
    glusterfs = 5
    cephfs = 6
    lvm = 7
    lvmthin = 8
    iscsi = 9
    iscsidirect = 10
    rbd = 11
    zfs = 12
--- a/src/debian-priv/constants-service.conf
+++ b/src/debian-priv/constants-service.conf
@ -7,9 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
@ -17,4 +14,4 @@ LXC_MP="0"
 LXC_UNPRIVILEGED="0"
 # enable nesting feature
-LXC_NESTING="1"
+LXC_NESTING="0"
--- a/src/debian-priv/features.json
+++ b/src/debian-priv/features.json
@ -0,0 +1,9 @@
 {
    "unprivileged": 0,
    "features": {},
    "sharefs": {},
    "mem": 1024,
    "swap": 1024,
    "hostname": "debian",
    "domain": "zmb.rocks"
 }
--- a/src/debian-priv/info
+++ b/src/debian-priv/info
@ -0,0 +1 @@
 Debian privileged container with basic tools
--- a/src/debian-unpriv/constants-service.conf
+++ b/src/debian-unpriv/constants-service.conf
@ -7,9 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
@ -17,4 +14,4 @@ LXC_MP="0"
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
-LXC_NESTING="1"
+LXC_NESTING="0"
--- a/src/debian-unpriv/features.json
+++ b/src/debian-unpriv/features.json
@ -0,0 +1,11 @@
 {
    "unprivileged": 1,
    "features": {
        "nesting": 1
    },
    "sharefs": {},
    "mem": 1024,
    "swap": 1024,
    "hostname": "debian",
    "domain": "zmb.rocks"
 }
--- a/src/debian-unpriv/info
+++ b/src/debian-unpriv/info
@ -0,0 +1 @@
 Debian unprivileged container with basic tools
--- a/src/functions.sh
+++ b/src/functions.sh
@ -1,13 +0,0 @@
 #!/bin/bash
 #
 # This script has basic functions like a random password generator
 random_password() {
    set +o pipefail
    C_CTYPE=C tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c32
 }
 random_password_open3a() {
    set +o pipefail
    C_CTYPE=C tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c20
 }
--- a/src/gitea/constants-service.conf
+++ b/src/gitea/constants-service.conf
@ -1,35 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
 # Defines the IP from the SQL server
 GITEA_DB_IP="127.0.0.1"
 # Defines the PORT from the SQL server
 GITEA_DB_PORT="5432"
 # Defines the name from the SQL database
 GITEA_DB_NAME="gitea"
 # Defines the name from the SQL user
 GITEA_DB_USR="gitea"
 # Build a strong password for the SQL user - could be overwritten with something fixed
 GITEA_DB_PWD="$(random_password)"
--- a/src/gitea/install-service.sh
+++ b/src/gitea/install-service.sh
@ -1,160 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add -
 echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list
 wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
 echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq postgresql nginx git ssl-cert unzip zip
 timedatectl set-timezone ${LXC_TIMEZONE}
 systemctl enable --now postgresql
 su - postgres <<EOF
 psql -c "CREATE USER gitea WITH PASSWORD '${GITEA_DB_PWD}';"
 psql -c "CREATE DATABASE ${GITEA_DB_NAME} ENCODING UTF8 TEMPLATE template0 OWNER ${GITEA_DB_USR};"
 echo "Postgres User ${GITEA_DB_USR} and database ${GITEA_DB_NAME} created."
 EOF
 adduser  --system  --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git
 curl -s https://api.github.com/repos/go-gitea/gitea/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep '\linux-amd64$' | wget -O /usr/local/bin/gitea -i -
 chmod +x /usr/local/bin/gitea
 mkdir -p /etc/gitea
 mkdir -p /${LXC_SHAREFS_MOUNTPOINT}/
 chown -R git:git /${LXC_SHAREFS_MOUNTPOINT}/
 chmod -R 750 /${LXC_SHAREFS_MOUNTPOINT}/
 cat << EOF > /etc/systemd/system/gitea.service
 [Unit]
 Description=Gitea
 After=syslog.target
 After=network.target
 After=postgresql.service
 [Service]
 RestartSec=2s
 Type=simple
 User=git
 Group=git
 WorkingDirectory=/${LXC_SHAREFS_MOUNTPOINT}/
 ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
 Restart=always
 Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/${LXC_SHAREFS_MOUNTPOINT}/
 [Install]
 WantedBy=multi-user.target
 EOF
 cat << EOF > /etc/gitea/app.ini
 RUN_MODE = prod
 RUN_USER = git
 [repository]
 ROOT = /${LXC_SHAREFS_MOUNTPOINT}/git/repositories
 [repository.local]
 LOCAL_COPY_PATH = /${LXC_SHAREFS_MOUNTPOINT}/gitea/tmp/local-repo
 [repository.upload]
 TEMP_PATH = /${LXC_SHAREFS_MOUNTPOINT}/gitea/uploads
 [database]
 DB_TYPE=postgres
 HOST=localhost
 NAME=${GITEA_DB_NAME}
 USER=${GITEA_DB_USR}
 PASSWD=${GITEA_DB_PWD}
 SSL_MODE=disable
 [server]
 APP_DATA_PATH    = /${LXC_SHAREFS_MOUNTPOINT}/gitea
 DOMAIN           = ${LXC_HOSTNAME}.${LXC_DOMAIN}
 SSH_DOMAIN       = ${LXC_HOSTNAME}.${LXC_DOMAIN}
 HTTP_HOST        = localhost
 HTTP_PORT        = 3000
 ROOT_URL         = http://${LXC_HOSTNAME}.${LXC_DOMAIN}/
 DISABLE_SSH      = false
 SSH_PORT         = 22
 SSH_LISTEN_PORT  = 22
 EOF
 chown -R root:git /etc/gitea
 chmod 770 /etc/gitea
 chmod 770 /etc/gitea/app.ini
 cat << EOF > /etc/nginx/conf.d/default.conf
 server {
    listen 80;
    listen [::]:80;
    server_name _;
    server_tokens off;
    access_log /var/log/nginx/gitea.access.log;
    error_log /var/log/nginx/gitea.error.log;
    location /.well-known/ {
        root /var/www/html;
    }
    return 301 https://${LXC_HOSTNAME}.${LXC_DOMAIN}\$request_uri;
 }
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ${LXC_HOSTNAME}.${LXC_DOMAIN};
    server_tokens off;
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM;
    ssl_dhparam /etc/nginx/dhparam.pem;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 180m;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 1.0.0.1;
    add_header Strict-Transport-Security "max-age=31536000" always;
    access_log /var/log/nginx/gitea.access.log;
    error_log  /var/log/nginx/gitea.error.log;
    client_max_body_size 50M;
    location / {
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header Host \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:3000;
        proxy_read_timeout 90;
    }
 }
 EOF
 openssl dhparam -out /etc/nginx/dhparam.pem 4096
 systemctl daemon-reload
 systemctl enable --now gitea
 systemctl restart nginx
--- a/src/kopano-core/constants-service.conf
+++ b/src/kopano-core/constants-service.conf
@ -1,41 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-10-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest')
 KOPANO_VERSION="latest"
 # Defines the php version to install
 KOPANO_PHP_VERSION="7.3"
 # Defines Maria DB Version
 MARIA_DB_VERS="10.5"
 # Defines the name from the SQL database
 MARIA_DB_NAME="kopano"
 # Defines the name from the SQL user
 MARIA_DB_USER="kopano"
 # Build a strong password for the SQL user - could be overwritten with something fixed 
 MARIA_ROOT_PWD=$(random_password)
 MARIA_USER_PWD=$(random_password)
--- a/src/kopano-core/install-service.sh
+++ b/src/kopano-core/install-service.sh
@ -1,274 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 HOSTNAME=$(hostname -f)
 wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add -
 echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list
 wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add -
 echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list
 wget -q -O - https://mariadb.org/mariadb_release_signing_key.asc | apt-key add -
 echo "deb https://mirror.wtnet.de/mariadb/repo/$MARIA_DB_VERS/debian $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/maria.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends nginx-light mariadb-server postfix postfix-ldap \
 php$KOPANO_PHP_VERSION-{cli,common,curl,fpm,gd,json,mysql,mbstring,opcache,phpdbg,readline,soap,xml,zip}
 #timedatectl set-timezone Europe/Berlin
 #mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 #chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 #### Secure Maria Instance ####
 mysqladmin -u root password "[$MARIA_ROOT_PWD]"
 mysql -uroot -p$MARIA_ROOT_PWD -e"DELETE FROM mysql.user WHERE User=''"
 mysql -uroot -p$MARIA_ROOT_PWD -e"DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
 mysql -uroot -p$MARIA_ROOT_PWD -e"DROP DATABASE test;DELETE FROM mysql.db WHERE Db='test' OR Db='test_%'"
 mysql -uroot -p$MARIA_ROOT_PWD -e"FLUSH PRIVILEGES"
 #### Create user and DB for Kopano ####
 mysql -uroot -p$MARIA_ROOT_PWD -e"CREATE USER '$MARIA_DB_USER'@'localhost' IDENTIFIED BY '$MARIA_USER_PWD'"
 mysql -uroot -p$MARIA_ROOT_PWD -e"CREATE DATABASE $MARIA_DB_NAME; GRANT ALL PRIVILEGES ON $MARIA_DB_NAME.* TO '$MARIA_DB_USER'@'localhost'"
 mysql -uroot -p$MARIA_ROOT_PWD -e"FLUSH PRIVILEGES"
 echo "root-password: $MARIA_ROOT_PWD,\
 db-user: $MARIA_DB_USER, password: $MARIA_USER_PWD" > /root/maria.log
 cat > /etc/apt/sources.list.d/kopano.list << EOF
 # Kopano Core
 deb https://download.kopano.io/supported/core:/final/Debian_10/ ./
 # Kopano WebApp
 deb https://download.kopano.io/supported/webapp:/final/Debian_10/ ./
 # Kopano MobileDeviceManagement
 deb https://download.kopano.io/supported/mdm:/final/Debian_10/ ./
 # Kopano Files
 deb https://download.kopano.io/supported/files:/final/Debian_10/ ./
 # Z-Push
 deb https://download.kopano.io/zhub/z-push:/final/Debian_10/ ./
 EOF
 cat > /etc/apt/auth.conf.d/kopano.conf << EOF
 machine download.kopano.io
 login serial
 password $KOPANO_REPKEY
 EOF
 curl https://serial:$KOPANO_REPKEY@download.kopano.io/supported/core:/final/Debian_10/Release.key | apt-key add -
 curl https://serial:$KOPANO_REPKEY@download.kopano.io/supported/webapp:/final/Debian_10/Release.key | apt-key add -
 curl https://serial:$KOPANO_REPKEY@download.kopano.io/supported/mdm:/final/Debian_10/Release.key | apt-key add -
 curl https://serial:$KOPANO_REPKEY@download.kopano.io/supported/files:/final/Debian_10/Release.key | apt-key add -
 curl https://serial:$KOPANO_REPKEY@download.kopano.io/zhub/z-push:/final/Debian_10/Release.key | apt-key add -
 apt update && apt full-upgrade -y
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends kopano-server-packages kopano-webapp \
 z-push-kopano z-push-config-nginx kopano-webapp-plugin-mdm kopano-webapp-plugin-files 
 #### Adjust kopano settings ####
 cat > /etc/kopano/ldap.cfg << EOF
 !include /usr/share/kopano/ldap.active-directory.cfg
 ldap_uri = ldap://10.10.81.12:389
 ldap_bind_user = cn=zmb-ldap,cn=Users,dc=zmb,dc=rocks
 ldap_bind_passwd = Start123!
 ldap_search_base = dc=zmb,dc=rocks
 #ldap_user_search_filter = (kopanoAccount=1)
 EOF
 cat > /etc/kopano/server.cfg << EOF
 server_listen = *:236
 local_admin_users = root kopano
 #database_engine = mysql
 #mysql_host = localhost
 #mysql_port = 3306
 mysql_user = $MARIA_DB_USER
 mysql_password = $MARIA_USER_PWD
 mysql_database = $MARIA_DB_NAME
 user_plugin = ldap
 user_plugin_config = /etc/kopano/ldap.cfg
 EOF
 #### Adjust php settings ####
 sed -i "s/define('LANG', 'en_US.UTF-8')/define('LANG', 'de_DE.UTF-8')/" /etc/kopano/webapp/config.php
 cat > /etc/php/7.3/fpm/pool.d/webapp.conf << EOF
 [webapp]
 listen = 127.0.0.1:9002
 user = www-data
 group = www-data
 listen.allowed_clients = 127.0.0.1
 pm = dynamic
 pm.max_children = 150
 pm.start_servers = 35
 pm.min_spare_servers = 20
 pm.max_spare_servers = 50
 pm.max_requests = 200
 listen.backlog = -1
 request_terminate_timeout = 120s
 rlimit_files = 131072
 rlimit_core = unlimited
 catch_workers_output = yes
 EOF
 sed -i "s/define('LANG', 'en_US.UTF-8')/define('LANG', 'de_DE.UTF-8')/" /etc/kopano/webapp/config.php
 #### Adjust nginx settings ####
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/kopano.key -out /etc/ssl/certs/kopano.crt -subj "/CN=$KOPANO_FQDN" -addext "subjectAltName=DNS:$KOPANO_FQDN"
 openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
 #mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
 cat > /etc/nginx/sites-available/webapp.conf << EOF
 upstream php-handler {
    server 127.0.0.1:9002;
    #server unix:/var/run/php5-fpm.sock;
    #server unix:/var/run/php/php7.3-fpm.sock;
 }
 server{
    listen 80;
    charset utf-8;
    listen [::]:80;
    server_name _;
    location / {
        rewrite   ^(.*)   https://\$server_name\$1 permanent;
    }  
 }
 server {
    charset utf-8;
    listen 443;
    listen [::]:443 ssl;
    server_name _;
    ssl on;
    client_max_body_size 1024m;
    ssl_certificate /etc/ssl/certs/kopano.crt;
    ssl_certificate_key /etc/ssl/private/kopano.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
    ssl_prefer_server_ciphers on;
    #
    # ssl_dhparam require you to create a dhparam.pem, this takes a long time
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    #
    # add headers
    server_tokens off;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    location /webapp {
        alias /usr/share/kopano-webapp/;
        index index.php;
    location ~ /webapp/presence/ {
                rewrite ^/webapp/presence(/.*)$ \$1 break;
                proxy_pass http://localhost:1234;
                proxy_set_header Upgrade \$http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_http_version 1.1;
                }
    }
    location ~* ^/webapp/(.+\.php)$ {
        alias /usr/share/kopano-webapp/;
        # deny access to .htaccess files
        location ~ /\.ht {
                    deny all;
        }
        fastcgi_param PHP_VALUE "
            register_globals=off
            magic_quotes_gpc=off
            magic_quotes_runtime=off
            post_max_size=31M
            upload_max_filesize=30M
        ";
        fastcgi_param PHP_VALUE "post_max_size=31M
                 upload_max_filesize=30M
                 max_execution_time=3660
        ";
        include fastcgi_params;
        fastcgi_index index.php;
        #fastcgi_param HTTPS on;
        fastcgi_param SCRIPT_FILENAME \$document_root\$1;
        fastcgi_pass php-handler;
        access_log /var/log/nginx/kopano-webapp-access.log;
        error_log /var/log/nginx/kopano-webapp-error.log;
        # CSS and Javascript
        location ~* \.(?:css|js)$ {
            expires 1y;
            access_log off;
            add_header Cache-Control "public";
        }
        # All (static) resources set to 2 months expiration time.
        location ~* \.(?:jpg|gif|png)\$ {
            expires 2M;
            access_log off;
            add_header Cache-Control "public";
        }
        # enable gzip compression
        gzip on;
        gzip_min_length  1100;
        gzip_buffers  4 32k;
        gzip_types    text/plain application/x-javascript text/xml text/css application/json;
        gzip_vary on;
        }
 }
 map \$http_upgrade \$connection_upgrade {
        default upgrade;
        '' close;
 }
 EOF
 ln -s /etc/nginx/sites-available/webapp.conf /etc/nginx/sites-enabled/
 systemctl restart nginx
--- a/src/lxc-base.sh
+++ b/src/lxc-base.sh
@ -1,5 +1,4 @@
 #!/bin/bash
 set -euo pipefail
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
@ -8,10 +7,8 @@ set -euo pipefail
 # load configuration
 echo "Loading configuration..."
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants.conf
 source /root/constants-service.conf
 echo "Updating locales"
 # update locales
@ -20,36 +17,11 @@ cat << EOF > /etc/default/locale
 LANG="$LXC_LOCALE"
 LANGUAGE=$LXC_LOCALE
 EOF
-locale-gen $LXC_LOCALE 
+locale-gen $LXC_LOCALE
 # Generate sources
 if [ "$LXC_TEMPLATE_VERSION" == "debian-11-standard" ] ; then
 cat << EOF > /etc/apt/sources.list
 deb https://debian.inf.tu-dresden.de/debian bullseye main contrib
 deb https://debian.inf.tu-dresden.de/debian bullseye-updates main contrib
 # security updates
 deb https://debian.inf.tu-dresden.de/debian-security bullseye-security main contrib
 EOF
 elif [ "$LXC_TEMPLATE_VERSION" == "debian-10-standard" ] ; then
 cat << EOF > /etc/apt/sources.list
 deb https://debian.inf.tu-dresden.de/debian buster main contrib
 deb https://debian.inf.tu-dresden.de/debian buster-updates main contrib
 # security updates
 deb https://debian.inf.tu-dresden.de/debian-security buster/updates main contrib
 EOF
 else echo "LXC Debian Version false. Please check configuration files!" ; exit
 fi
 # update package lists
 echo "Updating package database..."
-apt --allow-releaseinfo-change update
+apt update
 # install latest packages
 echo "Installing latest updates"
--- a/src/mailpiler/constants-service.conf
+++ b/src/mailpiler/constants-service.conf
@ -7,8 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
--- a/src/mailpiler/features.json
+++ b/src/mailpiler/features.json
@ -0,0 +1,11 @@
 {
    "unprivileged": 1,
    "features": {
        "nesting": 1
    },
    "sharefs": {},
    "mem": 1024,
    "swap": 1024,
    "hostname": "piler",
    "domain": "zmb.rocks"
 }
--- a/src/mailpiler/info
+++ b/src/mailpiler/info
@ -0,0 +1 @@
 Mailpiler email archive
--- a/src/mailpiler/install-service.sh
+++ b/src/mailpiler/install-service.sh
@ -5,7 +5,6 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
@ -28,13 +27,13 @@ wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
 echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
 apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
-add-apt-repository "deb [arch=amd64] https://mirror.wtnet.de/mariadb/repo/10.5/debian $(lsb_release -cs) main"
+add-apt-repository 'deb [arch=amd64] https://mirror.wtnet.de/mariadb/repo/10.5/debian buster main'
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq build-essential libwrap0-dev libpst-dev tnef libytnef0-dev \
 unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 libpoppler-dev openssl libssl-dev memcached telnet nginx \
-mariadb-server default-libmysqlclient-dev python3-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23 \
+mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23 \
 php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt remove --purge -y -qq postfix
@ -119,14 +118,12 @@ sed -i "/server_name.*/a \\
 sed -i "/^server {.*/i\
 server {\n\
        listen 80;\n\
-        server_name _;\n\
+        server_name $PILER_FQDN;\n\
        server_tokens off;\n\
        # HTTP to HTTPS redirect.\n\
        return 301 https://$PILER_FQDN;\n\
 }" /etc/nginx/sites-available/piler-nginx.conf
 unlink /etc/nginx/sites-enabled/default
 cp /usr/local/etc/piler/config-site.php /usr/local/etc/piler/config-site.php.bak
 sed -i "s|\$config\['SITE_URL'\] = .*|\$config\['SITE_URL'\] = 'https://$PILER_FQDN/';|" /usr/local/etc/piler/config-site.php
 cat >> /usr/local/etc/piler/config-site.php <<EOF
@ -144,7 +141,7 @@ cat >> /usr/local/etc/piler/config-site.php <<EOF
 \$config['ENABLE_ON_THE_FLY_VERIFICATION'] = 1;
 // general settings.
-\$config['TIMEZONE'] = '$LXC_TIMEZONE';
+\$config['TIMEZONE'] = 'Europe/Berlin';
 // authentication
 // Enable authentication against an imap server
--- a/src/matrix/constants-service.conf
+++ b/src/matrix/constants-service.conf
@ -7,9 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
@ -17,7 +14,7 @@ LXC_MP="0"
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
-LXC_NESTING="1"
+LXC_NESTING="0"
 # Define the version of Element Web
-MATRIX_ELEMENT_VERSION="v1.9.9"
+MATRIX_ELEMENT_VERSION="v1.7.25"
--- a/src/matrix/features.json
+++ b/src/matrix/features.json
@ -0,0 +1,9 @@
 {
    "unprivileged": 1,
    "features": {},
    "sharefs": {},
    "mem": 1024,
    "swap": 1024,
    "hostname": "matrix",
    "domain": "zmb.rocks"
 }
--- a/src/matrix/info
+++ b/src/matrix/info
@ -0,0 +1 @@
 Matrix Synapse server with Element Web
--- a/src/matrix/install-service.sh
+++ b/src/matrix/install-service.sh
@ -5,15 +5,14 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
-MRX_PKE=$(random_password)
+MRX_PKE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
 ELE_DBNAME="synapse_db"
 ELE_DBUSER="synapse_user"
-ELE_DBPASS=$(random_password)
+ELE_DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq nginx postgresql python3-psycopg2
@ -88,7 +87,7 @@ cat > /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <<EOF
 server {
    listen 80;
    listen [::]:80;
-    server_name _;
+    server_name $MATRIX_ELEMENT_FQDN;
    return 301 https://$MATRIX_ELEMENT_FQDN;
 }
@ -108,7 +107,6 @@ server {
 EOF
 unlink /etc/nginx/sites-enabled/default
 ln -s /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN /etc/nginx/sites-enabled/$MATRIX_ELEMENT_FQDN
 systemctl restart nginx
@ -138,17 +136,19 @@ EOF
 cd /
 sed -i "s|#registration_shared_secret: <PRIVATE STRING>|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|server_name:|server_name: $MATRIX_FQDN|g" /etc/matrix-synapse/conf.d/server_name.yaml
 sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n    user: $ELE_DBUSER\n    password: $ELE_DBPASS\n    host: 127.0.0.1\n    cp_min: 5\n    cp_max: 10|" /etc/matrix-synapse/homeserver.yaml
 systemctl restart matrix-synapse
-register_new_matrix_user -a -u $MATRIX_ADMIN_USER -p '$MATRIX_ADMIN_PASSWORD' -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008
+register_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://127.0.0.1:8008
 #curl https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
 #echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
 #apt update
-#apt install -y jitsi-meet
+#apt install -y jitsi-meet
--- a/src/menu.py
+++ b/src/menu.py
@ -0,0 +1,73 @@
 #!/usr/bin/python3
 from enum import Enum
 from . import config_base
 def radiolist(title:str,question:str,choices):
    invalid_input=True
    while(invalid_input):
        print(f"#### {title} ####\n")
        print(question)
        index = {}
        counter = 1
        if isinstance(choices,dict):
            for choice in choices.keys():
                if len(choice) <= 12:
                    sep="\t\t"
                else:
                    sep="\t"
                print(f"{counter})  {choice}{sep}{choices[choice]}")
                index[str(counter)] = choice
                counter = counter + 1
        elif isinstance(choices,list):
            for choice in choices:
                print(f"{counter})  {choice}")
                index[str(counter)] = choice
                counter = counter + 1
        else:
            print (f"object 'choices': {type(choices)} objects are unsupported.")
        selected = input("Type in number:  ")
        if selected in index.keys():
            print("\n")
            return index[selected]
 def question(title:str,q:str,returntype, default, validation=None):
    print(f"#### {title} ####\n")
    if str(returntype.name) == "Boolean":
        if default == True:
            suggest = "Y/n"
        else:
            suggest = "y/N"
        a = input(f"{q} [{suggest}]\n")
        if "y" in str(a).lower():
            return True
        elif "n" in str(a).lower():
            return False
        else:
            return default
    elif str(returntype.name) == "Integer":
        invalid_input = True
        while(invalid_input):
            a = input(f"{q} [{default}]\n")
            if str(a) == "" or f"{str(default)}" == str(a):
                return default
            else:
                try:
                    valid = validation(int(a))
                    if valid:
                        return int(a)
                except:
                    pass
    else:
        a = input(f"{q} [{default}]\n")
        if a == '':
            return default
        else:
            return a
 class qType(Enum):
    Boolean = 0
    Integer = 1
    String = 2
    IPAdress = 3
    CIDR = 4
--- a/src/nextcloud/constants-service.conf
+++ b/src/nextcloud/constants-service.conf
@ -7,8 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
@ -17,7 +15,7 @@ LXC_MP="1"
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
-LXC_NESTING="1"
+LXC_NESTING="0"
 # Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest')
 NEXTCLOUD_VERSION="latest"
@ -38,4 +36,4 @@ NEXTCLOUD_DB_NAME="nextcloud_db"
 NEXTCLOUD_DB_USR="nextcloud"
 # Build a strong password for the SQL user - could be overwritten with something fixed 
-NEXTCLOUD_DB_PWD="$(random_password)"
+NEXTCLOUD_DB_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
--- a/src/nextcloud/install-service.sh
+++ b/src/nextcloud/install-service.sh
@ -5,14 +5,13 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 HOSTNAME=$(hostname -f)
 wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add -
-echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list
+echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
 wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add -
 echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list
@ -22,10 +21,10 @@ echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main"
 apt update
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends sudo tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils cifs-utils redis-server imagemagick libmagickcore-6.q16-6-extra \
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils nfs-common cifs-utils redis-server imagemagick \
 postgresql-13 nginx php$NEXTCLOUD_PHP_VERSION-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline}
-timedatectl set-timezone $LXC_TIMEZONE
+timedatectl set-timezone Europe/Berlin
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
@ -61,14 +60,14 @@ sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
-sed -i "s|;date.timezone.*|date.timezone = $LXC_TIMEZONE|" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
+sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/memory_limit = 128M/memory_limit = 1024M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
-sed -i "s|;date.timezone.*|date.timezone = $LXC_TIMEZONE|" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
+sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
@ -77,7 +76,7 @@ sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/
 sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
-echo -e '\napc.enable_cli=1' >> /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini
+sed -i '\$aapc.enable_cli=1' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini
 sed -i "s/rights=\"none\" pattern=\"PS\"/rights=\"read|write\" pattern=\"PS\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"EPS\"/rights=\"read|write\" pattern=\"EPS\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"PDF\"/rights=\"read|write\" pattern=\"PDF\"/" /etc/ImageMagick-6/policy.xml
@ -240,14 +239,6 @@ access_log off;
 location / {
 try_files \$uri \$uri/ /index.php\$request_uri;
 }
 location /push/ {
 proxy_pass http://localhost:7867/;
 proxy_http_version 1.1;
 proxy_set_header Upgrade \$http_upgrade;
 proxy_set_header Connection "Upgrade";
 proxy_set_header Host \$host;
 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
 }
 }
 EOF
@ -376,7 +367,7 @@ array (
 'knowledgebaseenabled' => false,
 'logfile' => '/var/$NEXTCLOUD_DATA/nextcloud.log',
 'loglevel' => 2,
-'logtimezone' => '$LXC_TIMEZONE',
+'logtimezone' => 'Europe/Berlin',
 'log_rotate_size' => 104857600,
 'maintenance' => false,
 'memcache.local' => '\OC\Memcache\APCu',
@ -408,7 +399,6 @@ sed -i "s/output_buffering=.*/output_buffering=0/" /var/www/nextcloud/.user.ini
 php /var/www/nextcloud/occ app:disable survey_client
 php /var/www/nextcloud/occ app:disable firstrunwizard
 php /var/www/nextcloud/occ app:enable admin_audit
 php /var/www/nextcloud/occ app:enable notify_push
 php /var/www/nextcloud/occ app:enable files_pdfviewer
 php /var/www/nextcloud/occ background:cron
 DFOE
@ -418,27 +408,10 @@ DFOE
 su -s /bin/bash www-data <<EOF
 bash /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/config_nextcloud.sh
 EOF
 #### Create file for high performance backend
 cat > /etc/systemd/system/notify_push.service << EOF
 [Unit]
 Description = Push daemon for Nextcloud clients
 [Service]
 Environment=PORT=7867
 Environment=NEXTCLOUD_URL=https://$NEXTCLOUD_FQDN
 Environment=ALLOW_SELF_SIGNED=true
 ExecStart=/var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/nextcloud/config/config.php
 User=www-data
 [Install]
 WantedBy = multi-user.target
 EOF
 systemctl daemon-reload
 systemctl enable --now notify_push
 echo "*/5 * * * * www-data /usr/bin/php -f /var/www/nextcloud/cron.php > /dev/null 2>&1" > /etc/cron.d/nextcloud
 echo -e "\n######################################################################\n\n    Please note this user and password for the nextcloud login:\n        '$NEXTCLOUD_ADMIN_USR' / '$NEXTCLOUD_ADMIN_PWD'\n                Enjoy your Nextcloud intallation.\n\n######################################################################"
 systemctl stop nginx php$NEXTCLOUD_PHP_VERSION-fpm
 systemctl restart postgresql php$NEXTCLOUD_PHP_VERSION-fpm redis-server nginx
-shutdown -r now
+exit 0
--- a/src/onlyoffice/constants-service.conf
+++ b/src/onlyoffice/constants-service.conf
@ -7,9 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
@ -17,7 +14,7 @@ LXC_MP="0"
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
-LXC_NESTING="1"
+LXC_NESTING="0"
 ONLYOFFICE_DB_HOST=localhost
--- a/src/onlyoffice/install-service.sh
+++ b/src/onlyoffice/install-service.sh
@ -1,34 +1,18 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
-
+ONLYOFFICE_DB_PASSWORD=$(source /root/postgresql.sh 13 $ONLYOFFICE_DB_NAME $ONLYOFFICE_DB_USER)
-ONLYOFFICE_DB_PASS=$(random_password)
+source /root/rabbitmq-server.sh
 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
 echo "deb https://download.onlyoffice.com/repo/debian squeeze main" > /etc/apt/sources.list.d/onlyoffice.list
-apt update 
+apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq postgresql rabbitmq-server libstdc++6 supervisor
 su postgres <<EOF
 psql -c "CREATE USER $ONLYOFFICE_DB_USER WITH PASSWORD '$ONLYOFFICE_DB_PASS';"
 psql -c "CREATE DATABASE $ONLYOFFICE_DB_NAME ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $ONLYOFFICE_DB_USER;"
 echo "Postgres User '$ONLYOFFICE_DB_USER' and database '$ONLYOFFICE_DB_NAME' created."
 EOF
 echo onlyoffice-documentserver onlyoffice/ds-port select 80 | debconf-set-selections
-echo onlyoffice-documentserver onlyoffice/db-host string $ONLYOFFICE_DB_HOST | debconf-set-selections
+echo onlyoffice-documentserver onlyoffice/db-host string $ONLYOFFICE_DB_HOST | sudo debconf-set-selections
-echo onlyoffice-documentserver onlyoffice/db-user string $ONLYOFFICE_DB_NAME | debconf-set-selections
+echo onlyoffice-documentserver onlyoffice/db-user string $ONLYOFFICE_DB_NAME | sudo debconf-set-selections
-echo onlyoffice-documentserver onlyoffice/db-name string $ONLYOFFICE_DB_USER | debconf-set-selections
+echo onlyoffice-documentserver onlyoffice/db-name string $ONLYOFFICE_DB_USER | sudo debconf-set-selections
-echo onlyoffice-documentserver onlyoffice/db-pwd password $ONLYOFFICE_DB_PASS | debconf-set-selections
+echo onlyoffice-documentserver onlyoffice/db-pwd password $ONLYOFFICE_DB_PASSWORD | debconf-set-selections
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ttf-mscorefonts-installer onlyoffice-documentserver
@ -36,16 +20,9 @@ cat << EOF > /root/onlyoffice.credentials
 ONLYOFFICE_DB_HOST=$ONLYOFFICE_DB_HOST
 ONLYOFFICE_DB_NAME=$ONLYOFFICE_DB_NAME
 ONLYOFFICE_DB_USER=$ONLYOFFICE_DB_USER
-ONLYOFFICE_DB_PASS=$ONLYOFFICE_DB_PASS
+ONLYOFFICE_DB_PASSWORD=$ONLYOFFICE_DB_PASSWORD
 EOF
-mkdir /etc/nginx/ssl
+/etc/nginx/conf.d/ds.conf
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/onlyoffice.key -out /etc/nginx/ssl/onlyoffice.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
 rm /etc/nginx/conf.d/ds.conf
 cp /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds-ssl.conf
 ln -sf /etc/onlyoffice/documentserver/nginx/ds-ssl.conf /etc/nginx/conf.d/ds-ssl.conf
 sed -i "s|ssl_certificate {{SSL_CERTIFICATE_PATH}}|ssl_certificate /etc/nginx/ssl/onlyoffice.crt|" /etc/nginx/conf.d/ds-ssl.conf
 sed -i "s|ssl_certificate_key {{SSL_KEY_PATH}}|ssl_certificate_key /etc/nginx/ssl/onlyoffice.key|" /etc/nginx/conf.d/ds-ssl.conf
 systemctl restart nginx
--- a/src/open3a/constants-service.conf
+++ b/src/open3a/constants-service.conf
@ -7,9 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
@ -17,4 +14,4 @@ LXC_MP="0"
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
-LXC_NESTING="1"
+LXC_NESTING="0"
--- a/src/open3a/install-service.sh
+++ b/src/open3a/install-service.sh
@ -5,49 +5,31 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 LXC_IP=$(hostname -I)
 webroot=/var/www/html
-MYSQL_PASSWORD="$(random_password_open3a)"
+MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)"
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd
 mkdir /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/open3a.key -out /etc/nginx/ssl/open3a.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
 cat << EOF > /etc/nginx/sites-available/default
 server {
-    listen 80;
+        listen 80 default_server;
-    listen [::]:80;
+        listen [::]:80 default_server;
    server_name _;
-    return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN;
+        root /var/www/html;
        index index.php;
        server_name _;
        location ~ .php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        }
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name $LXC_HOSTNAME.$LXC_DOMAIN;
    root $webroot;
    index index.php;
    ssl on;
    ssl_certificate /etc/nginx/ssl/open3a.crt;
    ssl_certificate_key /etc/nginx/ssl/open3a.key;
    location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }
 }
 EOF
 mysql -uroot -e "CREATE USER 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD';
@ -55,27 +37,19 @@ GRANT USAGE ON * . * TO 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD' WIT
 CREATE DATABASE IF NOT EXISTS open3a;
 GRANT ALL PRIVILEGES ON open3a . * TO 'open3a'@'localhost';"
-cd $webroot
+cd /var/www/html/
-wget https://www.open3a.de/download/open3A%203.5.zip -O $webroot/open3a.zip
+wget https://www.open3a.de/download/open3A%203.4.zip -O open3a.zip
 unzip open3a.zip
 rm open3a.zip
 chmod 666 system/DBData/Installation.pfdb.php
 chmod -R 777 specifics/
-chmod -R 777 system/Backup
+chmod -R 777 system/Backups
-chown -R www-data:www-data $webroot
+chown -R www-data:www-data /var/www/html
-echo "sudo -u www-data /usr/bin/php $webroot/plugins/Installation/backup.php; for backup in \$(ls -r1 $webroot/system/Backup/*.gz | /bin/grep -v \$(date +%Y%m%d)); do /bin/rm \$backup;done" > /etc/cron.daily/open3a-backup
+echo "sudo -u www-data /usr/bin/php /var/www/html/plugins/Installation/backup.php; for backup in $(ls -r1 /var/www/html/system/Backup/*.gz | /bin/grep -v $(date +%Y%m%d)); do /bin/rm $backup;done" > /etc/cron.daily/open3a-backup
 chmod +x /etc/cron.daily/open3a-backup
-systemctl enable --now php7.4-fpm
+systemctl enable --now php7.3-fpm
-systemctl restart php7.4-fpm nginx
+systemctl restart nginx
-cat << EOF >/var/www/html/system/DBData/Installation.pfdb.php
+echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a"
 <?php echo "This is a database-file."; /*
 host&%%%&user&%%%&password&%%%&datab&%%%&httpHost
 varchar(40)&%%%&varchar(20)&%%%&varchar(20)&%%%&varchar(30)&%%%&varchar(40)                                                                                         
 localhost                               &%%%&open3a              &%%%&$MYSQL_PASSWORD&%%%&open3a                        &%%%&*                                       %%&&&
 */ ?>
 EOF
 echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$(echo $LXC_IP | cut -d'/' -f1)\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a"
--- a/src/proxmox-pbs/constants-service.conf
+++ b/src/proxmox-pbs/constants-service.conf
@ -1,23 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Backup ubdir where Urbackup will store backups
 PBS_DATA="backup"
--- a/src/proxmox-pbs/install-service.sh
+++ b/src/proxmox-pbs/install-service.sh
@ -1,23 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 cat << EOF > /etc/apt/sources.list.d/pbs-no-subscription.list 
 # PBS pbs-no-subscription repository provided by proxmox.com,
 # NOT recommended for production use
 deb http://download.proxmox.com/debian/pbs $(lsb_release -cs) pbs-no-subscription
 EOF
 wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg
 apt update && apt upgrade -y
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" proxmox-backup-server
 proxmox-backup-manager datastore create $PBS_DATA /$LXC_SHAREFS_MOUNTPOINT/$PBS_DATA
--- a/src/sources.list
+++ b/src/sources.list
@ -0,0 +1,6 @@
 deb http://ftp.de.debian.org/debian buster main contrib
 deb http://ftp.de.debian.org/debian buster-updates main contrib
 # security updates
 deb http://security.debian.org buster/updates main contrib
--- a/src/urbackup/constants-service.conf
+++ b/src/urbackup/constants-service.conf
@ -1,26 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Backup ubdir where Urbackup will store backups
 URBACKUP_DATA="urbackup"
 # OS codename for opensuse / urbackup repo
 REPO_CODENAME="Debian_11"
--- a/src/urbackup/install-service.sh
+++ b/src/urbackup/install-service.sh
@ -1,64 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/tmp
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA
 mkdir /etc/urbackup
 echo "/$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA" > /etc/urbackup/backupfolder
 echo "deb http://download.opensuse.org/repositories/home:/uroni/$REPO_CODENAME/ /" | tee /etc/apt/sources.list.d/urbackup.list
 curl -fsSL https://download.opensuse.org/repositories/home:uroni/$REPO_CODENAME/Release.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/home_uroni.gpg > /dev/null
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y --no-install-recommends -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" urbackup-server nginx
 mkdir /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/urbackup.key -out /etc/nginx/ssl/urbackup.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
 ln -s /usr/share/urbackup/www /var/www/urbackup
 cat << EOF > /etc/nginx/sites-available/default
 server {
    listen 80;
    listen [::]:80;
    server_name _;
    return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN;
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name $LXC_HOSTNAME.$LXC_DOMAIN;
    root /var/www/urbackup;
    index index.htm;
    ssl on;
    ssl_certificate /etc/nginx/ssl/urbackup.crt;
    ssl_certificate_key /etc/nginx/ssl/urbackup.key;
    location /x {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass 127.0.0.1:55413;
    }
 }
 EOF
 sed -i "s/DAEMON_TMPDIR=\"\/tmp\"/DAEMON_TMPDIR=\"\/$LXC_SHAREFS_MOUNTPOINT\/tmp\"/g" /etc/default/urbackupsrv
 sed -i "s/HTTP_SERVER=\"true\"/HTTP_SERVER=\"false\"/g" /etc/default/urbackupsrv
 chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/tmp
 chown urbackup:urbackup /$LXC_SHAREFS_MOUNTPOINT/$URBACKUP_DATA
 systemctl restart urbackupsrv nginx
--- a/src/zabbix/constants-service.conf
+++ b/src/zabbix/constants-service.conf
@ -1,36 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Defines the IP from the SQL server
 ZABBIX_DB_IP="127.0.0.1"
 # Defines the PORT from the SQL server
 ZABBIX_DB_PORT="5432"
 # Defines the name from the SQL database
 ZABBIX_DB_NAME="zabbix"
 # Defines the name from the SQL user
 ZABBIX_DB_USR="zabbix"
 # Build a strong password for the SQL user - could be overwritten with something fixed
 ZABBIX_DB_PWD="$(random_password)"
--- a/src/zabbix/install-service.sh
+++ b/src/zabbix/install-service.sh
@ -1,174 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 apt-key adv --fetch https://repo.zabbix.com/zabbix-official-repo.key
 echo "deb https://repo.zabbix.com/zabbix/6.0/debian/ bullseye main contrib non-free" > /etc/apt/sources.list.d/zabbix-6.0.list
 wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
 echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install --no-install-recommends postgresql nginx php7.4-pgsql php7.4-fpm zabbix-server-pgsql zabbix-frontend-php zabbix-sql-scripts zabbix-agent sudo ssl-cert
 unlink /etc/nginx/sites-enabled/default
 cat << EOF > /etc/zabbix/nginx.conf
 server {
        listen          80 default_server;
        listen          [::]:80 default_server;
        server_name _;
        server_tokens off;
        access_log /var/log/nginx/gitea.access.log;
        error_log /var/log/nginx/gitea.error.log;
        location /.well-known/ {
        }
        return 301 https://${LXC_HOSTNAME}.${LXC_DOMAIN}\$request_uri;
        }
 server {
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        server_name ${LXC_HOSTNAME}.${LXC_DOMAIN};
        server_tokens off;
        ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
        ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
        ssl_protocols TLSv1.3 TLSv1.2;
        ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM;
        ssl_dhparam /etc/nginx/dhparam.pem;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 180m;
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 1.1.1.1 1.0.0.1;
        add_header Strict-Transport-Security "max-age=31536000" always;
        root    /usr/share/zabbix;
        index   index.php;
        location = /favicon.ico {
                log_not_found   off;
        }
        location / {
                try_files       \$uri \$uri/ =404;
        }
        location /assets {
                access_log      off;
                expires         10d;
        }
        location ~ /\.ht {
                deny            all;
        }
        location ~ /(api\/|conf[^\.]|include|locale) {
                deny            all;
                return          404;
        }
        location /vendor {
                deny            all;
                return          404;
        }
        location ~ [^/]\.php(/|$) {
                fastcgi_pass    unix:/var/run/php/zabbix.sock;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_index   index.php;
                fastcgi_param   DOCUMENT_ROOT   /usr/share/zabbix;
                fastcgi_param   SCRIPT_FILENAME /usr/share/zabbix\$fastcgi_script_name;
                fastcgi_param   PATH_TRANSLATED /usr/share/zabbix\$fastcgi_script_name;
                include fastcgi_params;
                fastcgi_param   QUERY_STRING    \$query_string;
                fastcgi_param   REQUEST_METHOD  \$request_method;
                fastcgi_param   CONTENT_TYPE    \$content_type;
                fastcgi_param   CONTENT_LENGTH  \$content_length;
                fastcgi_intercept_errors        on;
                fastcgi_ignore_client_abort     off;
                fastcgi_connect_timeout         60;
                fastcgi_send_timeout            180;
                fastcgi_read_timeout            180;
                fastcgi_buffer_size             128k;
                fastcgi_buffers                 4 256k;
                fastcgi_busy_buffers_size       256k;
                fastcgi_temp_file_write_size    256k;
        }
 }
 EOF
 ln -sf /etc/zabbix/nginx.conf /etc/nginx/sites-enabled/zabbix.conf
 cat << EOF > /etc/php/7.4/fpm/pool.d/zabbix-php-fpm.conf
 [zabbix]
 user = www-data
 group = www-data
 listen = /var/run/php/zabbix.sock
 listen.owner = www-data
 listen.allowed_clients = 127.0.0.1
 pm = dynamic
 pm.max_children = 50
 pm.start_servers = 5
 pm.min_spare_servers = 5
 pm.max_spare_servers = 35
 pm.max_requests = 200
 php_value[session.save_handler] = files
 php_value[session.save_path]    = /var/lib/php/sessions/
 php_value[max_execution_time] = 300
 php_value[memory_limit] = 128M
 php_value[post_max_size] = 16M
 php_value[upload_max_filesize] = 2M
 php_value[max_input_time] = 300
 php_value[max_input_vars] = 10000
 EOF
 timedatectl set-timezone ${LXC_TIMEZONE}
 systemctl enable --now postgresql
 su - postgres <<EOF
 psql -c "CREATE USER ZABBIX WITH PASSWORD '${ZABBIX_DB_PWD}';"
 psql -c "CREATE DATABASE ${ZABBIX_DB_NAME} ENCODING UTF8 TEMPLATE template0 OWNER ${ZABBIX_DB_USR};"
 echo "Postgres User ${ZABBIX_DB_USR} and database ${ZABBIX_DB_NAME} created."
 EOF
 sed -i "s/false/true/g" /usr/share/zabbix/include/locales.inc.php
 zcat /usr/share/doc/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix 
 echo "DBPassword=${ZABBIX_DB_PWD}" >> /etc/zabbix/zabbix_server.conf
 openssl dhparam -out /etc/nginx/dhparam.pem 4096
 systemctl enable --now zabbix-server zabbix-agent nginx php7.4-fpm 
 systemctl restart zabbix-server zabbix-agent nginx php7.4-fpm 
--- a/src/zammad/constants-service.conf
+++ b/src/zammad/constants-service.conf
@ -1,23 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
 LXC_MEM="2048"
--- a/src/zammad/install-service.sh
+++ b/src/zammad/install-service.sh
@ -1,181 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 LXC_IP=$(hostname -I)
 apt-key adv --fetch https://dl.packager.io/srv/zammad/zammad/key
 apt-key adv --fetch https://artifacts.elastic.co/GPG-KEY-elasticsearch
 cat << EOF >>/etc/hosts
 0.0.0.0 image.zammad.com
 0.0.0.0 images.zammad.com
 0.0.0.0 geo.zammad.com
 0.0.0.0 www.zammad.com
 0.0.0.0 www.zammad.org
 0.0.0.0 www.zammad.net
 0.0.0.0 www.zammad.de
 0.0.0.0 zammad.com
 0.0.0.0 zammad.org
 0.0.0.0 zammad.net
 0.0.0.0 zammad.de
 #
 127.0.0.1 elasticsearch
 0.0.0.0 geoip.elastic.co
 EOF
 # Java set startup environment 
 mkdir -p /etc/elasticsearch/jvm.options.d
 cat << EOF >>/etc/elasticsearch/jvm.options.d/msmx-size.options
 # INFO: https://www.elastic.co/guide/en/elasticsearch/reference/master/advanced-configuration.html#set-jvm-heap-size
 # max 50% of total RAM - 2G Ram then set Xms and Xmx 1g
 -Xms1g
 -Xmx1g
 EOF
 wget -O /etc/apt/sources.list.d/zammad.list https://dl.packager.io/srv/zammad/zammad/stable/installer/debian/11.repo
 echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ssl-cert nginx-full postgresql
 # configurwe nginx
 rm -f /etc/nginx/sites-enabled/default
 cat << EOF > /etc/nginx/sites-available/zammad.conf
 upstream zammad-railsserver {
  server 127.0.0.1:3000;
 }
 upstream zammad-websocket {
  server 127.0.0.1:6042;
 }
 server {
    listen 80;
 #EDIT no IPv6 ;-)   listen [::]:80;
    server_name _;
    server_tokens off;
    access_log /var/log/nginx/zammad.access.log;
    error_log /var/log/nginx/zammad.error.log;
    location /.well-known/ {
        root /var/www/html;
    }
    return 301 https://\$host\$request_uri;
 }
 server {
    listen 443 ssl http2;
 #EDIT no IPv6 ;-)    listen [::]:443 ssl http2;
    server_name _;
    server_tokens off;
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM;
    ssl_dhparam /etc/nginx/dhparam.pem;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 180m;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 1.0.0.1;
 #
 #  https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache
 #
    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
    add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
    add_header Referrer-Policy "strict-origin";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
    location = /robots.txt  {
    access_log off; log_not_found off;
    }
    location = /favicon.ico {
    access_log off; log_not_found off;
    }
    root /opt/zammad/public;
    access_log /var/log/nginx/zammad.access.log;
    error_log  /var/log/nginx/zammad.error.log;
    client_max_body_size 50M;
    location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png) {
    expires max;
    }
    location /ws {
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header CLIENT_IP \$remote_addr;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto	\$scheme;
    proxy_read_timeout 86400;
    proxy_pass http://zammad-websocket;
    }
    location / {
    proxy_set_header Host \$http_host;
    proxy_set_header CLIENT_IP \$remote_addr;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto	\$scheme;
    # change this line in an SSO setup
    proxy_set_header X-Forwarded-User "";
    proxy_read_timeout 180;
    proxy_pass http://zammad-railsserver;
    gzip on;
    gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
    gzip_proxied any;
    }
 }
 EOF
 #EDIT ADD
 echo -e "\n\n\n   >>> Warte 5 sek. und installier Zammad ...\n\n\n"
 sleep 5
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install zammad
 # SymLink nginx Zammad enable
 ln -s /etc/nginx/sites-available/zammad.conf /etc/nginx/sites-enabled/
 openssl dhparam -out /etc/nginx/dhparam.pem 4096
 systemctl restart nginx
 systemctl enable elasticsearch.service
 systemctl start elasticsearch.service
 # Elasticsearch conntact to Zammad
 /usr/share/elasticsearch/bin/elasticsearch-plugin install -b ingest-attachment
 zammad run rails r "Setting.set('es_url', 'http://localhost:9200')"
 zammad run rails r "Setting.set('es_index', Socket.gethostname.downcase + '_zammad')"
 zammad run rails r "User.find_by(email: 'nicole.braun@zammad.org').destroy"
 systemctl restart elasticsearch.service
 zammad run rake searchindex:rebuild
 echo -e "Your Zammad installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$(echo $LXC_IP | cut -d'/' -f1)\n"
--- a/src/zmb-ad-join/constants-service.conf
+++ b/src/zmb-ad-join/constants-service.conf
@ -1,22 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
 OPTIONAL_FEATURES=(wsdd splitdns)
--- a/src/zmb-ad/constants-service.conf
+++ b/src/zmb-ad/constants-service.conf
@ -7,8 +7,8 @@
 # This file contains the project constants on service level
-# Debian Version, which will be installed
+# Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage
-LXC_TEMPLATE_VERSION="debian-11-standard"
+ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 # Create sharefs mountpoint
 LXC_MP="0"
@ -17,16 +17,4 @@ LXC_MP="0"
 LXC_UNPRIVILEGED="0"
 # enable nesting feature
-LXC_NESTING="1"
+LXC_NESTING="1"
 # add optional features to samba ad dc
 # CURRENTLY SUPPORTED:
 # wsdd = add windows service discovery
 # splitdns = add nginx to redirect to website www.domain.tld in splitdns setup
 # bind9dlz = Set ZMB_DNS_BACKEND to BIND9_DLZ
 # Example:
 # OPTIONAL_FEATURES=(wsdd)
 # OPTIONAL_FEATURES=(wsdd splitdns)
 OPTIONAL_FEATURES=()
--- a/src/zmb-ad/features.json
+++ b/src/zmb-ad/features.json
@ -0,0 +1,11 @@
 {
    "unprivileged": 0,
    "features": {
        "nesting": 1
    },
    "sharefs": {},
    "mem": 1024,
    "swap": 1024,
    "hostname": "ad",
    "domain": "zmb.rocks"
 }
--- a/src/zmb-ad/info
+++ b/src/zmb-ad/info
@ -0,0 +1 @@
 Zamba Active Directory Domain Controller
--- a/src/zmb-ad/install-service.sh
+++ b/src/zmb-ad/install-service.sh
@ -5,29 +5,12 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
-ZMB_DNS_BACKEND="SAMBA_INTERNAL"
+if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
-
+  BINDNINE=bind9
-for f in ${OPTIONAL_FEATURES[@]}; do
+fi
  if [[ "$f" == "wsdd" ]]; then
    ADDITIONAL_PACKAGES="wsdd $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
    apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
    echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
  elif [[ "$f" == "splitdns" ]]; then
    ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES"
  elif [[ "$f" == "bind9dlz" ]]; then
    ZMB_DNS_BACKEND="BIND9_DLZ"
    ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES"
  else
    echo "Unsupported optional feature $f"
  fi
 done
 ## configure ntp
 cat << EOF > /etc/ntp.conf
@ -63,19 +46,9 @@ EOF
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 # install required packages
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES acl attr ntpdate rpl net-tools dnsutils ntp samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET acl attr ntpdate nginx-full rpl net-tools dnsutils ntp samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils $BINDNINE
-if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
+if [[ $ZMB_DNS_BACKEND == "BIND9_DLZ" ]]; then
  cat << EOF > /etc/nginx/sites-available/default
 server {
    listen 80 default_server;
    server_name _;
    return 301 http://www.$LXC_DOMAIN\$request_uri;
 }
 EOF
 fi
 if  [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then
  # configure bind dns service
  cat << EOF > /etc/default/bind9
 #
@ -86,7 +59,7 @@ RESOLVCONF=no
 OPTIONS="-4 -u bind"
 EOF
-  cat << EOF > /etc/bind/named.conf.local
+cat << EOF > /etc/bind/named.conf.local
 //
 // Do any local configuration here
 //
@ -122,8 +95,6 @@ EOF
  mkdir -p /var/lib/samba/bind-dns/dns
 fi
 # stop + disable samba services and remove default config
 systemctl disable --now smbd nmbd winbind systemd-resolved
 rm -f /etc/samba/smb.conf
@ -135,7 +106,7 @@ samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAI
 cp /var/lib/samba/private/krb5.conf /etc/krb5.conf
 systemctl unmask samba-ad-dc
-systemctl enable samba-ad-dc
+systemctl enable samba-ad-dc $BINDNINE
-systemctl restart samba-ad-dc $ADDITIONAL_SERVICES
+systemctl restart samba-ad-dc $BINDNINE
-exit 0
+exit 0
--- a/src/zmb-member/constants-service.conf
+++ b/src/zmb-member/constants-service.conf
@ -7,9 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
@ -17,4 +14,4 @@ LXC_MP="1"
 LXC_UNPRIVILEGED="0"
 # enable nesting feature
-LXC_NESTING="1"
+LXC_NESTING="0"
--- a/src/zmb-member/features.json
+++ b/src/zmb-member/features.json
@ -0,0 +1,12 @@
 {
    "unprivileged": 0,
    "features": {},
    "sharefs": {
        "size": "100",
        "mountpoint": "/tank"
    },
    "mem": 1024,
    "swap": 1024,
    "hostname": "zamba",
    "domain": "zmb.rocks"
 }
--- a/src/zmb-member/info
+++ b/src/zmb-member/info
@ -0,0 +1 @@
 Zamba AD Member Server
--- a/src/zmb-member/install-service.sh
+++ b/src/zmb-member/install-service.sh
@ -5,17 +5,10 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
-# add wsdd package repo
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules 
 apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
 echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules wsdd
 mv /etc/krb5.conf /etc/krb5.conf.bak
 cat > /etc/krb5.conf <<EOF
@ -69,6 +62,7 @@ cat > /etc/samba/smb.conf <<EOF
 	printing = bsd
 	disable spoolss = Yes
 	allow trusted domains = No
 	dns proxy = No
 	shadow: snapdir = .zfs/snapshot
 	shadow: sort = desc
@ -84,6 +78,8 @@ cat > /etc/samba/smb.conf <<EOF
 	directory mask = 0770
 	inherit acls = Yes
 EOF
 systemctl restart smbd
@ -100,9 +96,10 @@ wbinfo -g
 mkdir /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 # originally 'domain users' was set, added variable for domain admins group, samba wiki recommends separate group e.g. 'unix admins'
-chown "${ZMB_ADMIN_USER@L}" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
+chown "$ZMB_ADMIN_USER" /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
-setfacl -Rm u:${ZMB_ADMIN_USER@L}:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
+setfacl -Rm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
-setfacl -Rdm u:${ZMB_ADMIN_USER@L}:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
+setfacl -Rdm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 systemctl restart smbd nmbd winbind
 systemctl restart smbd nmbd winbind wsdd
--- a/src/zmb-standalone/constants-service.conf
+++ b/src/zmb-standalone/constants-service.conf
@ -7,9 +7,6 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
--- a/src/zmb-standalone/features.json
+++ b/src/zmb-standalone/features.json
@ -0,0 +1,12 @@
 {
    "unprivileged": 0,
    "features": { },
    "sharefs": {
        "size": "100",
        "mountpoint": "/tank"
    },
    "mem": 1024,
    "swap": 1024,
    "hostname": "zamba",
    "domain": "zmb.rocks"
 }
--- a/src/zmb-standalone/info
+++ b/src/zmb-standalone/info
@ -0,0 +1 @@
 Zamba Standalone Server
--- a/src/zmb-standalone/install-service.sh
+++ b/src/zmb-standalone/install-service.sh
@ -5,19 +5,18 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 # add wsdd package repo
 apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
 echo "deb https://pkg.ltec.ch/public/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wsdd.list
-echo "deb http://ftp.de.debian.org/debian $(lsb_release -cs)-backports main contrib" > /etc/apt/sources.list.d/$(lsb_release -cs)-backports.list
+echo "deb http://ftp.de.debian.org/debian buster-backports main contrib" > /etc/apt/sources.list.d/buster-backports.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-dsdb-modules samba-vfs-modules wsdd
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends -t $(lsb_release -cs)-backports cockpit
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends -t buster-backports cockpit
 mkdir /usr/share/cockpit/smb
 wget https://raw.githubusercontent.com/enira/cockpit-smb-plugin/master/index.html -O /usr/share/cockpit/smb/index.html
@ -36,8 +35,6 @@ cat << EOF >> /etc/samba/smb.conf
    path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
    read only = No
    vfs objects = shadow_copy2
 	create mask = 0660
 	directory mask = 0770
    shadow: snapdir = .zfs/snapshot
    shadow: sort = desc
    shadow: format = -%Y-%m-%d-%H%M
--- a/zamba.conf.md
+++ b/zamba.conf.md
@ -0,0 +1,214 @@
 # `zamba.conf` options reference
 This is the reference of all config options you can set in `zamba.conf`
 <br>
 ## Linux Container Section
 In this section all settings relevant for the LXC container.
 <br>
 ### LXC_TEMPLATE_STORAGE
 Defines the Proxmox storage where your LXC container template are stored (default: local)
 ```bash
 LXC_TEMPLATE_STORAGE="local"
 ```
 ### LXC_ROOTFS_SIZE
 Defines the size in GB of the LXC container's root filesystem (default: 32)
 ```bash
 LXC_ROOTFS_SIZE="32"
 ```
 Depending on your environment, you should consider increasing the size for use of `mailpiler` or `matrix`.
 ### LXC_ROOTFS_STORAGE
 Defines the Proxmox storage where your LXC container's root filesystem will be generated (default: local-zfs)
 ```bash
 LXC_ROOTFS_STORAGE="local-zfs"
 ```
 ### LXC_SHAREFS_SIZE
 Defines the size in GB your LXC container's filesystem shared by Zamba (AD member & standalone) (default: 100)
 ```bash
 LXC_SHAREFS_SIZE="100"
 ```
 ### LXC_SHAREFS_STORAGE
 Defines the Proxmox storage where your LXC container's filesystem shared by Zamba will be generated (default: local-zfs)
 ```bash
 LXC_SHAREFS_STORAGE="local-zfs"
 ```
 ### LXC_SHAREFS_MOUNTPOINT
 Defines the mountpoint of the filesystem shared by Zamba inside your LXC container (default: tank)
 ```bash
 LXC_SHAREFS_MOUNTPOINT="tank"
 ```
 ### LXC_MEM
 Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
 ```bash
 LXC_MEM="1024"
 ```
 ### LXC_SWAP
 Defines the amount of swap space in MB your LXC container is allowed to use (default: 1024)
 ```bash
 LXC_SWAP="1024"
 ```
 ### LXC_HOSTNAME
 Defines the hostname of your LXC container
 ```bash
 LXC_SWAP="zamba"
 ```
 ### LXC_DOMAIN
 Defines the domain name / search domain of your LXC container
 ```bash
 LXC_DOMAIN="zmb.rocks"
 ```
 ### LXC_DHCP
 Enable DHCP on LAN (eth0) - (Obtain an IP address automatically) [true/false]
 ```bash
 LXC_DHCP=false
 ```
 ### LXC_IP
 Defines the local IP address and subnet of your LXC container in CIDR format
 ```bash
 LXC_IP="10.10.80.20/24"
 ```
 ### LXC_GW
 Defines the default gateway IP address of your LXC container
 ```bash
 LXC_GW="10.10.80.254"
 ```
 ### LXC_DNS
 Defines the DNS server ip address of your LXC container
 ```bash
 LXC_DNS="10.10.80.254"
 ```
 `zmb-ad` used this DNS server for installation, after installation and domain provisioning it will be used as forwarding DNS
 For other services this should be your active directory domain controller (if present, else a DNS server of your choice)
 ### LXC_BRIDGE
 Defines the network bridge to bind the network adapter of your LXC container
 ```bash
 LXC_BRIDGE="vmbr0"
 ```
 ### LXC_VLAN
 Defines the vlan id of the LXC container's network interface, if the network adapter should be connected untagged, just leave the value empty.
 ```bash
 LXC_VLAN="80"
 ```
 ### LXC_PWD
 Defines the `root` password of your LXC container. Please use 'single quotation marks' to avoid unexpected behaviour.
 ```bash
 LXC_PWD="S3cr3tp@ssw0rd"
 ```
 ### LXC_AUTHORIZED_KEY
 Defines an authorized_keys file to push into the LXC container.
 By default the authorized_keys will be inherited from your proxmox host.
 ```bash
 LXC_AUTHORIZED_KEY="/root/.ssh/authorized_keys"
 ```
 ### LXC_TOOLSET
 Define your (administrative) tools, you always want to have installed into your LXC container
 ```bash
 LXC_TOOLSET="vim htop net-tools dnsutils mc sysstat lsb-release curl git gnupg2 apt-transport-https"
 ```
 ### LXC_TIMEZONE
 Define the local timezone of your LXC container (default: Euroe/Berlin)
 ```bash
 LXC_TIMEZONE="Europe/Berlin"
 ```
 ### LXC_LOCALE
 Define system language on LXC container (locales)
 ```bash
 LXC_LOCALE="de_DE.utf8"
 ```
 This parameter is not used yet, but will be integrated in future releases.
 <br>
 ## Zamba Server Section
 This section configures the Zamba server (AD DC, AD member and standalone)
 <br>
 ### ZMB_REALM
 Defines the REALM for the Active Directory (AD DC, AD member)
 ```bash
 ZMB_REALM="ZMB.ROCKS"
 ```
 ### ZMB_DOMAIN
 Defines the domain name in your Active Directory or Workgroup (AD DC, AD member, standalone)
 ```bash
 ZMB_DOMAIN="ZMB"
 ```
 ### ZMB_DNS_BACKEND
 Defines the desired DNS server backend, supported are `SAMBA_INTERNAL` and `BIND9_DLZ` for more advanced usage
 ```bash
 ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 ```
 ### ZMB_ADMIN_USER
 Defines the name of your domain administrator account (AD DC, AD member, standalone)
 ```bash
 ZMB_ADMIN_USER="Administrator"
 ```
 ### ZMB_ADMIN_PASS
 Defines the domain administrator's password (AD DC, AD member).
 ```bash
 ZMB_ADMIN_PASS='1c@nd0@nyth1n9'
 ```
 Please use 'single quotation marks' to avoid unexpected behaviour.
 `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail.
 ### ZMB_SHARE
 Defines the name of your Zamba share
 ```bash
 ZMB_SHARE="share"
 ```
 <br>
 ## Mailpiler section
 This section configures the mailpiler email archive
 <br>
 ### PILER_FQDN
 Defines the (public) FQDN of your piler mail archive
 ```bash
 PILER_FQDN="piler.zmb.rocks"
 ```
 ### PILER_SMARTHOST
 Defines the smarthost for piler mail archive
 ```bash
 PILER_SMARTHOST="10.10.80.20"
 ```
 ### PILER_VERSION
 Defines the version number of piler mail archive to install
 ```bash
 PILER_VERSION="1.3.10"
 ```
 ### PILER_SPHINX_VERSION
 Defines the version of sphinx to install
 ```bash
 PILER_SPHINX_VERSION="3.3.1"
 ```
 ### PILER_PHP_VERSION
 Defines the php version to install
 ```bash
 PILER_PHP_VERSION="7.4"
 ```
 <br>
 ## Matrix section
 This section configures the matrix chat server
 <br>
 ### MATRIX_FQDN
 Define the FQDN of your Matrix server
 ```bash
 MATRIX_FQDN="matrix.zmb.rocks"
 ```
 ### MATRIX_ELEMENT_FQDN
 Define the FQDN for the Element Web virtual host
 ```bash
 MATRIX_ELEMENT_FQDN="element.zmb.rocks"
 ```
 ### MATRIX_ELEMENT_VERSION
 Define the version of Element Web
 ```bash
 MATRIX_ELEMENT_VERSION="v1.7.24"
 ```
 ### MATRIX_JITSI_FQDN
 Define the FQDN for the Jitsi Meet virtual host
 ```bash
 MATRIX_JITSI_FQDN="meet.zmb.rocks"
 ```
		`@ -0,0 +1 @@`
							`Debian privileged container with basic tools`
		`@ -0,0 +1 @@`
							`Debian unprivileged container with basic tools`