Merge branch 'dev' of https://github.com/bashclub/zamba-lxc-toolbox into dev

2025-11-04 00:02:26 +01:00 · 2024-05-01 17:23:24 +02:00
parent 907093512b 3a70f5f7b1
commit 70b8561798
45 changed files with 916 additions and 287 deletions
--- a/conf/zamba.conf.example
+++ b/conf/zamba.conf.example
@@ -114,10 +114,7 @@ ZMB_SHARE="share"
 ############### Mailpiler-Section ###############
-# Defines the (public) FQDN of your piler mail archive
+PILER_BRANCH=release
 PILER_FQDN="mailpiler.zmb.rocks"
 # Defines the smarthost for piler mail archive
 PILER_SMARTHOST="mail.zmb.rocks"
 ############### Matrix-Section ###############
@@ -209,4 +206,9 @@ VW_SMTP_PASSWORD='<yourEmailPassword>'
 SEMAPHORE_ADMIN=admin
 SEMAPHORE_ADMIN_DISPLAY_NAME="Semaphore Administrator"
 SEMAPHORE_ADMIN_EMAIL="admin@zmb.rocks"
-SEMAPHORE_ADMIN_PASSWORD='Start123'
+SEMAPHORE_ADMIN_PASSWORD='Start123'
 ############### docker Section ###############
 # Install Portainer (=full), Protainer Agent (=agent) or none
 PORTAINER=none
--- a/install.sh
+++ b/install.sh
@@ -149,7 +149,7 @@ sleep 2;
 # Check vlan configuration
 if [[ $LXC_VLAN != "NONE" ]];then VLAN=",tag=$LXC_VLAN"; else VLAN=""; fi
 # Reconfigure conatiner
-pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME -onboot 1 -timezone $LXC_TIMEZONE -features nesting=$LXC_NESTING;
+pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME -onboot 1 -timezone $LXC_TIMEZONE -features nesting=$LXC_NESTING,keyctl=$LXC_KEYCTL;
 if [ $LXC_DHCP == true ]; then
 pct set $LXC_NBR -net0 "name=eth0,bridge=$LXC_BRIDGE,ip=dhcp,type=veth$VLAN"
 else
--- a/src/ansible-semaphore/constants-service.conf
+++ b/src/ansible-semaphore/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
--- a/src/authentik/constants-service.conf
+++ b/src/authentik/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-11-standard"
+LXC_TEMPLATE_VERSION="debian-12-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
@@ -19,15 +19,11 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
-# Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest')
+# enable keyctl feature
-PILER_VERSION="1.3.12"
+LXC_KEYCTL="1"
 # Defines the version of sphinx to install
 PILER_SPHINX_VERSION="3.3.1"
 # Defines the php version to install
 PILER_PHP_VERSION="7.4"
 # Sets the minimum amount of RAM the service needs for operation
-LXC_MEM_MIN=1024
+LXC_MEM_MIN=2048
 # service dependent meta tags
-SERVICE_TAGS="php-fpm,nginx,mariadb,sphinx"
+SERVICE_TAGS="docker"
--- a/src/authentik/install-service.sh
+++ b/src/authentik/install-service.sh
@@ -0,0 +1,107 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 # Add Docker's official GPG key:
 install -m 0755 -d /etc/apt/keyrings
 curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
 chmod a+r /etc/apt/keyrings/docker.gpg
 # Add the repository to Apt sources:
 echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
 apt-get update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin pwgen
 SECRET=$(random_password)
 myip=$(ip a s dev eth0 | grep -m1 inet | cut -d' ' -f6 | cut -d'/' -f1)
 install_portainer_full() {
    mkdir -p /opt/portainer/data
    cd /opt/portainer
    cat << EOF > /opt/portainer/docker-compose.yml
 version: "3.4"
 services:
  portainer:
    restart: always
    image: portainer/portainer:latest
    volumes:
      - ./data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "8000:8000"
      - "9443:9443"
    command: --admin-password-file=/data/admin_password
 EOF
    echo -n "$SECRET" > ./data/admin_password
    docker compose pull
    docker compose up -d
    echo -e "\n######################################################################\n\n    You can access Portainer with your browser at https://${myip}:9443\n\n    Please note the following admin password to access the portainer:\n    '$SECRET'\n    Enjoy your Docker intallation.\n\n######################################################################\n\n    Setup your authentik instance by entering https://${myip}/if/flow/initial-setup/ into your browser.\n\n######################################################################"
 }
 install_portainer_agent() {
    mkdir -p /opt/portainer-agent/data
    cd /opt/portainer-agent
    cat << EOF > /opt/portainer-agent/docker-compose.yml
 version: "3.4"
 services:
  portainer:
    restart: always  
    image: portainer/agent:latest
    volumes:
      - /var/lib/docker/volumes:/var/lib/docker/volumes
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "9001:9001"
 EOF
    docker compose pull
    docker compose up -d
    echo -e "\n######################################################################\n\n    Please enter the following data into the Portainer "Add environment" wizard:\n\tEnvironment address: ${myip}:9001\n\n    Enjoy your Docker intallation.\n\n######################################################################\n\n    Setup your authentik instance by entering https://${myip}/if/flow/initial-setup/ into your browser.\n\n######################################################################"
 }
 mkdir -p /opt/authentik
 wget -O /opt/authentik/docker-compose.yml https://goauthentik.io/docker-compose.yml
 cd /opt/authentik
 cat << EOF > .env
 PG_PASS=$(pwgen -s 40 1)
 AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)
 AUTHENTIK_DISABLE_UPDATE_CHECK=false
 AUTHENTIK_ERROR_REPORTING__ENABLED=false
 AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true
 AUTHENTIK_AVATARS=initials
 COMPOSE_PORT_HTTP=80
 COMPOSE_PORT_HTTPS=443
 AUTHENTIK_EMAIL__HOST=
 AUTHENTIK_EMAIL__PORT=
 AUTHENTIK_EMAIL__USERNAME=
 AUTHENTIK_EMAIL__PASSWORD=
 # Use StartTLS
 AUTHENTIK_EMAIL__USE_TLS=false
 # Use SSL
 AUTHENTIK_EMAIL__USE_SSL=false
 AUTHENTIK_EMAIL__TIMEOUT=10
 # Email address authentik will send from, should have a correct @domain
 AUTHENTIK_EMAIL__FROM=
 EOF
 docker compose pull
 docker compose up -d
 case $PORTAINER in
  full) install_portainer_full ;;
  agent) install_portainer_agent ;;
  *)     echo -e "\n######################################################################\n\n   Enjoy your authentik intallation.\n\n######################################################################\n\n    Setup your authentik instance by entering https://${myip}/if/flow/initial-setup/ into your browser.\n\n######################################################################" ;;
 esac
--- a/src/bookstack/constants-service.conf
+++ b/src/bookstack/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
--- a/src/checkmk/constants-service.conf
+++ b/src/checkmk/constants-service.conf
@@ -19,8 +19,11 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # checkmk version
-CMK_VERSION=2.2.0p7
+CMK_VERSION=2.2.0p14
 # build number of the debian package (needs to start with underscore)
 CMK_BUILD=_0
@@ -28,4 +31,4 @@ CMK_BUILD=_0
 LXC_MEM_MIN=2048
 # service dependent meta tags
-SERVICE_TAGS="apache2"
+SERVICE_TAGS="apache2"
--- a/src/debian-priv/constants-service.conf
+++ b/src/debian-priv/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=512
--- a/src/debian-unpriv/constants-service.conf
+++ b/src/debian-unpriv/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=512
--- a/src/docker/constants-service.conf
+++ b/src/docker/constants-service.conf
@@ -0,0 +1,29 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-12-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="1"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=2048
 # service dependent meta tags
 SERVICE_TAGS=""
--- a/src/docker/install-service.sh
+++ b/src/docker/install-service.sh
@@ -0,0 +1,79 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 # Add Docker's official GPG key:
 install -m 0755 -d /etc/apt/keyrings
 curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
 chmod a+r /etc/apt/keyrings/docker.gpg
 # Add the repository to Apt sources:
 echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
 apt-get update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 SECRET=$(random_password)
 myip=$(ip a s dev eth0 | grep -m1 inet | cut -d' ' -f6 | cut -d'/' -f1)
 install_portainer_full() {
    mkdir -p /opt/portainer/data
    cd /opt/portainer
    cat << EOF > /opt/portainer/docker-compose.yml
 version: "3.4"
 services:
  portainer:
    restart: always
    image: portainer/portainer:latest
    volumes:
      - ./data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "8000:8000"
      - "9443:9443"
    command: --admin-password-file=/data/admin_password
 EOF
    echo -n "$SECRET" > ./data/admin_password
    docker compose pull
    docker compose up -d
    echo -e "\n######################################################################\n\n    You can access Portainer with your browser at https://${myip}:9443\n\n    Please note the following admin password to access the portainer:\n    '$SECRET'\n    Enjoy your Docker intallation.\n\n######################################################################"
 }
 install_portainer_agent() {
    mkdir -p /opt/portainer-agent/data
    cd /opt/portainer-agent
    cat << EOF > /opt/portainer-agent/docker-compose.yml
 version: "3.4"
 services:
  portainer:
    restart: always  
    image: portainer/agent:latest
    volumes:
      - /var/lib/docker/volumes:/var/lib/docker/volumes
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "9001:9001"
 EOF
    docker compose pull
    docker compose up -d
    echo -e "\n######################################################################\n\n    Please enter the following data into the Portainer "Add environment" wizard:\n\tEnvironment address: ${myip}:9001\n\n    Enjoy your Docker intallation.\n\n######################################################################"
 }
 case $PORTAINER in
  full) install_portainer_full ;;
  agent) install_portainer_agent ;;
  *)     echo -e "\n######################################################################\n\n   Enjoy your Docker intallation.\n\n######################################################################" ;;
 esac
--- a/src/ecodms/constants-service.conf
+++ b/src/ecodms/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # set ecodms release version
 ECODMS_RELEASE=ecodms_230164
--- a/src/gitea/constants-service.conf
+++ b/src/gitea/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Defines the IP from the SQL server
 GITEA_DB_IP="127.0.0.1"
--- a/src/kimai/constants-service.conf
+++ b/src/kimai/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Defines the version number of kimai mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest')
 #KIMAI_VERSION="main"
--- a/src/kopano-core/constants-service.conf
+++ b/src/kopano-core/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest')
 KOPANO_VERSION="latest"
--- a/src/lxc-base.sh
+++ b/src/lxc-base.sh
@@ -27,9 +27,9 @@ locale-gen $LXC_LOCALE
 if [ "$LXC_TEMPLATE_VERSION" == "debian-10-standard" ] ; then
 cat << EOF > /etc/apt/sources.list
-deb http://ftp.halifax.rwth-aachen.de/debian/ buster main contrib
+deb http://deb.debian.org/debian/ buster main contrib
-deb http://ftp.halifax.rwth-aachen.de/debian/ buster-updates main contrib
+deb http://deb.debian.org/debian/ buster-updates main contrib
 # security updates
 deb http://security.debian.org/debian-security buster/updates main contrib
@@ -38,9 +38,9 @@ EOF
 elif [ "$LXC_TEMPLATE_VERSION" == "debian-11-standard" ] ; then
 cat << EOF > /etc/apt/sources.list
-deb http://ftp.halifax.rwth-aachen.de/debian/ bullseye main contrib
+deb http://deb.debian.org/debian/ bullseye main contrib
-deb http://ftp.halifax.rwth-aachen.de/debian/ bullseye-updates main contrib
+deb http://deb.debian.org/debian/ bullseye-updates main contrib
 # security updates
 deb http://security.debian.org/debian-security bullseye-security main contrib
@@ -49,9 +49,9 @@ EOF
 elif [ "$LXC_TEMPLATE_VERSION" == "debian-12-standard" ] ; then
 cat << EOF > /etc/apt/sources.list
-deb http://ftp.halifax.rwth-aachen.de/debian/ bookworm main contrib
+deb http://deb.debian.org/debian/ bookworm main contrib
-deb http://ftp.halifax.rwth-aachen.de/debian/ bookworm-updates main contrib
+deb http://deb.debian.org/debian/ bookworm-updates main contrib
 # security updates
 deb http://security.debian.org/debian-security bookworm-security main contrib
--- a/src/mailcow/constants-service.conf
+++ b/src/mailcow/constants-service.conf
@@ -0,0 +1,29 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-12-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="1"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=8192
 # service dependent meta tags
 SERVICE_TAGS="docker"
--- a/src/mailcow/install-service.sh
+++ b/src/mailcow/install-service.sh
@@ -0,0 +1,438 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 # Add Docker's official GPG key:
 install -m 0755 -d /etc/apt/keyrings
 curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
 chmod a+r /etc/apt/keyrings/docker.gpg
 # Add the repository to Apt sources:
 echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
 apt-get update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get purge -y -qq postfix
 SECRET=$(random_password)
 myip=$(ip a s dev eth0 | grep -m1 inet | cut -d' ' -f6 | cut -d'/' -f1)
 install_portainer_full() {
    mkdir -p /opt/portainer/data
    cd /opt/portainer
    cat << EOF > /opt/portainer/docker-compose.yml
 version: "3.4"
 services:
  portainer:
    restart: always
    image: portainer/portainer:latest
    volumes:
      - ./data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "8000:8000"
      - "9443:9443"
    command: --admin-password-file=/data/admin_password
 EOF
    echo -n "$SECRET" > ./data/admin_password
    docker compose pull
    docker compose up -d
    echo -e "\n######################################################################\n\n    You can access Portainer with your browser at https://${myip}:9443\n\n    Please note the following admin password to access the portainer:\n    '$SECRET'\n    Enjoy your Docker intallation.\n\n######################################################################"
 }
 install_portainer_agent() {
    mkdir -p /opt/portainer-agent/data
    cd /opt/portainer-agent
    cat << EOF > /opt/portainer-agent/docker-compose.yml
 version: "3.4"
 services:
  portainer:
    restart: always  
    image: portainer/agent:latest
    volumes:
      - /var/lib/docker/volumes:/var/lib/docker/volumes
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "9001:9001"
 EOF
    docker compose pull
    docker compose up -d
    echo -e "\n######################################################################\n\n    Please enter the following data into the Portainer "Add environment" wizard:\n\tEnvironment address: ${myip}:9001\n\n    Enjoy your Docker intallation.\n\n######################################################################"
 }
 cd /opt
 git clone https://github.com/mailcow/mailcow-dockerized
 cd mailcow-dockerized
 cat << EOF > mailcow.conf
 # ------------------------------
 # mailcow web ui configuration
 # ------------------------------
 # example.org is _not_ a valid hostname, use a fqdn here.
 # Default admin user is "admin"
 # Default password is "moohoo"
 MAILCOW_HOSTNAME=${LXC_HOSTNAME}.${LXC_DOMAIN}
 # Password hash algorithm
 # Only certain password hash algorithm are supported. For a fully list of supported schemes,
 # see https://docs.mailcow.email/models/model-passwd/
 MAILCOW_PASS_SCHEME=BLF-CRYPT
 # ------------------------------
 # SQL database configuration
 # ------------------------------
 DBNAME=mailcow
 DBUSER=mailcow
 # Please use long, random alphanumeric strings (A-Za-z0-9)
 DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
 DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
 # ------------------------------
 # HTTP/S Bindings
 # ------------------------------
 # You should use HTTPS, but in case of SSL offloaded reverse proxies:
 # Might be important: This will also change the binding within the container.
 # If you use a proxy within Docker, point it to the ports you set below.
 # Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
 # IMPORTANT: Do not use port 8081, 9081 or 65510!
 # Example: HTTP_BIND=1.2.3.4
 # For IPv4 leave it as it is: HTTP_BIND= & HTTPS_PORT=
 # For IPv6 see https://docs.mailcow.email/post_installation/firststeps-ip_bindings/
 HTTP_PORT=80
 HTTP_BIND=
 HTTPS_PORT=443
 HTTPS_BIND=
 # ------------------------------
 # Other bindings
 # ------------------------------
 # You should leave that alone
 # Format: 11.22.33.44:25 or 12.34.56.78:465 etc.
 SMTP_PORT=25
 SMTPS_PORT=465
 SUBMISSION_PORT=587
 IMAP_PORT=143
 IMAPS_PORT=993
 POP_PORT=110
 POPS_PORT=995
 SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
 SOLR_PORT=127.0.0.1:18983
 REDIS_PORT=127.0.0.1:7654
 # Your timezone
 # See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
 # Use the column named 'TZ identifier' + pay attention for the column named 'Notes'
 TZ=${LXC_TIMEZONE}
 # Fixed project name
 # Please use lowercase letters only
 COMPOSE_PROJECT_NAME=mailcowdockerized
 # Used Docker Compose version
 # Switch here between native (compose plugin) and standalone
 # For more informations take a look at the mailcow docs regarding the configuration options.
 # Normally this should be untouched but if you decided to use either of those you can switch it manually here.
 # Please be aware that at least one of those variants should be installed on your machine or mailcow will fail.
 DOCKER_COMPOSE_VERSION=native
 # Set this to "allow" to enable the anyone pseudo user. Disabled by default.
 # When enabled, ACL can be created, that apply to "All authenticated users"
 # This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
 # Otherwise a user might share data with too many other users.
 ACL_ANYONE=disallow
 # Garbage collector cleanup
 # Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
 # How long should objects remain in the garbage until they are being deleted? (value in minutes)
 # Check interval is hourly
 MAILDIR_GC_TIME=7200
 # Additional SAN for the certificate
 #
 # You can use wildcard records to create specific names for every domain you add to mailcow.
 # Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
 #ADDITIONAL_SAN=imap.*,smtp.*
 # This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "smtp.example.net"
 # plus every domain you add in the future.
 #
 # You can also just add static names...
 #ADDITIONAL_SAN=srv1.example.net
 # ...or combine wildcard and static names:
 #ADDITIONAL_SAN=imap.*,srv1.example.com
 #
 ADDITIONAL_SAN=
 # Additional server names for mailcow UI
 #
 # Specify alternative addresses for the mailcow UI to respond to
 # This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.
 # If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
 # You can understand this as server_name directive in Nginx.
 # Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f
 ADDITIONAL_SERVER_NAMES=
 # Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
 SKIP_LETS_ENCRYPT=y
 # Create seperate certificates for all domains - y/n
 # this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
 # see https://doc.dovecot.org/admin_manual/ssl/sni_support
 ENABLE_SSL_SNI=n
 # Skip IPv4 check in ACME container - y/n
 SKIP_IP_CHECK=n
 # Skip HTTP verification in ACME container - y/n
 SKIP_HTTP_VERIFICATION=n
 # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
 SKIP_CLAMD=n
 # Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
 SKIP_SOGO=n
 # Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
 SKIP_SOLR=n
 # Solr heap size in MB, there is no recommendation, please see Solr docs.
 # Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
 SOLR_HEAP=1024
 # Allow admins to log into SOGo as email user (without any password)
 ALLOW_ADMIN_EMAIL_LOGIN=n
 # Enable watchdog (watchdog-mailcow) to restart unhealthy containers
 USE_WATCHDOG=y
 # Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
 # CAUTION:
 # 1. You should use external recipients
 # 2. Mails are sent unsigned (no DKIM)
 # 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
 # Multiple rcpts allowed, NO quotation marks, NO spaces
 #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
 #WATCHDOG_NOTIFY_EMAIL=
 # Send notifications to a webhook URL that receives a POST request with the content type "application/json".
 # You can use this to send notifications to services like Discord, Slack and others.
 #WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 # JSON body included in the webhook POST request. Needs to be in single quotes.
 # Following variables are available: SUBJECT, BODY
 #WATCHDOG_NOTIFY_WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
 # Notify about banned IP (includes whois lookup)
 WATCHDOG_NOTIFY_BAN=n
 # Send a notification when the watchdog is started.
 WATCHDOG_NOTIFY_START=y
 # Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.
 #WATCHDOG_SUBJECT=
 # Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
 # https://www.servercow.de/mailcow?lang=en
 # https://www.servercow.de/mailcow?lang=de
 # No data is collected. Opt-in and anonymous.
 # Will only work with unmodified mailcow setups.
 WATCHDOG_EXTERNAL_CHECKS=n
 # Enable watchdog verbose logging
 WATCHDOG_VERBOSE=n
 # Max log lines per service to keep in Redis logs
 LOG_LINES=9999
 # Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
 # Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
 IPV4_NETWORK=172.22.1
 # Internal IPv6 subnet in fc00::/7
 # Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses
 IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
 # Use this IPv4 for outgoing connections (SNAT)
 #SNAT_TO_SOURCE=
 # Use this IPv6 for outgoing connections (SNAT)
 #SNAT6_TO_SOURCE=
 # Create or override an API key for the web UI
 # You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
 # An API key defined as API_KEY has read-write access
 # An API key defined as API_KEY_READ_ONLY has read-only access
 # Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, -
 # You can define API_KEY and/or API_KEY_READ_ONLY
 #API_KEY=
 #API_KEY_READ_ONLY=
 #API_ALLOW_FROM=172.22.1.1,127.0.0.1
 # mail_home is ~/Maildir
 MAILDIR_SUB=Maildir
 # SOGo session timeout in minutes
 SOGO_EXPIRE_SESSION=480
 # DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
 # Empty by default to auto-generate master user and password on start.
 # User expands to DOVECOT_MASTER_USER@mailcow.local
 # LEAVE EMPTY IF UNSURE
 DOVECOT_MASTER_USER=
 # LEAVE EMPTY IF UNSURE
 DOVECOT_MASTER_PASS=
 # Let's Encrypt registration contact information
 # Optional: Leave empty for none
 # This value is only used on first order!
 # Setting it at a later point will require the following steps:
 # https://docs.mailcow.email/troubleshooting/debug-reset_tls/
 ACME_CONTACT=
 # WebAuthn device manufacturer verification
 # After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
 WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 # Spamhaus Data Query Service Key
 # Optional: Leave empty for none
 # Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist. 
 # If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.
 # Otherwise it will work normally.
 SPAMHAUS_DQS_KEY=
 EOF
 cat << EOF > data/conf/nginx/redirect.conf
 server {
  root /web;
  listen 80 default_server;
  listen [::]:80 default_server;
  include /etc/nginx/conf.d/server_name.active;
  if ( \$request_uri ~* "%0A|%0D" ) { return 403; }
  location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
  }
  location / {
    return 301 https://\$host\$uri\$is_args\$args;
  }
 }
 EOF
 cat << EOF > /etc/cron.daily/mailcowbackup
 #!/bin/sh
 # Backup mailcow data
 # https://docs.mailcow.email/backup_restore/b_n_r-backup/
 set -e
 OUT="\$(mktemp)"
 export MAILCOW_BACKUP_LOCATION="/$LXC_SHAREFS_MOUNTPOINT/backup"
 SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh"
 PARAMETERS="backup all"
 OPTIONS="--delete-days 7"
 mkdir -p \$MAILCOW_BACKUP_LOCATION
 # run command
 set +e
 "\${SCRIPT}" \${PARAMETERS} \${OPTIONS} 2>&1 > "\$OUT"
 RESULT=\$?
 if [ \$RESULT -ne 0 ]
    then
            echo "\${SCRIPT} \${PARAMETERS} \${OPTIONS} encounters an error:"
            echo "RESULT=\$RESULT"
            echo "STDOUT / STDERR:"
            cat "\$OUT"
 fi
 EOF
 chmod +x /etc/cron.daily/mailcowbackup
 cat << EOF > /etc/cron.daily/checkmk-mailcow-update-check
 #!/bin/bash
 if ! which check_mk_agent ; then
  cd /opt/mailcow-dockerized/ && ./update.sh -c >/dev/null
  status=\$?
  if [ \$status -eq 3 ]; then
    state="0 \"mailcow_update\" mailcow_update=0;1;;0;1 No updates available."
  elif [ \$status -eq 0 ]; then
    state="1 \"mailcow_update\" mailcow_update=1;1;;0;1 Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
  else
    state="3 \"mailcow_update\" - Unknown output from update script ..."
  fi
  echo -e "<<<local>>>\n$\state" > /tmp/87000_mailcowupdate
  mv /tmp/87000_mailcowupdate /var/lib/check_mk_agent/spool/
 fi
 exit
 EOF
 chmod +x /etc/cron.daily/checkmk-mailcow-update-check
 chmod 600 mailcow.conf
 mkdir -p data/assets/ssl
 openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl/key.pem -out data/assets/ssl/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${LXC_HOSTNAME}.${LXC_DOMAIN}" -sha256 -nodes
 openssl dhparam -out data/assets/ssl/dhparams.pem 2048
 cat << EOF > /etc/cron.monthly/generate-dhparams
 #!/bin/bash
 openssl dhparam -out data/assets/ssl/dhparams.gen 4096 > /dev/null 2>&1
 mv data/assets/ssl/dhparams.gen data/assets/ssl/dhparams.pem
 systemctl restart nginx
 EOF
 chmod +x /etc/cron.monthly/generate-dhparams
 docker compose pull
 docker compose up -d
 case $PORTAINER in
  full) install_portainer_full ;;
  agent) install_portainer_agent ;;
  *)     echo -e "\n######################################################################\n\n   Enjoy your Docker intallation.\n\n######################################################################" ;;
 esac
--- a/src/mailpiler/install-service.sh
+++ b/src/mailpiler/install-service.sh
@@ -1,189 +0,0 @@
 #!/bin/bash
 # Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 HOSTNAME=$(hostname -f)
 echo "Ensure your Hostname is set to your Piler FQDN!"
 echo $HOSTNAME
 if 
    [ "$HOSTNAME" != "$PILER_FQDN" ]
 then
        echo "Hostname doesn't match $PILER_FQDN! Check install.sh, /etc/hosts, /etc/hostname." && exit
 else
        echo "Hostname matches $PILER_FQDN, so starting installation."
 fi
 # install php
 wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
 echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
 apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
 add-apt-repository "deb [arch=amd64] https://mirror.wtnet.de/mariadb/repo/10.5/debian $(lsb_release -cs) main"
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq build-essential libwrap0-dev libpst-dev tnef libytnef0-dev \
 unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 libpoppler-dev openssl libssl-dev memcached telnet nginx \
 mariadb-server default-libmysqlclient-dev python3-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23 \
 php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt remove --purge -y -qq postfix
 cat > /etc/mysql/conf.d/mailpiler.conf <<EOF
 innodb_buffer_pool_size=256M
 innodb_flush_log_at_trx_commit=1
 innodb_log_buffer_size=64M
 innodb_log_file_size=16M
 query_cache_size=0
 query_cache_type=0
 query_cache_limit=2M
 EOF
 systemctl restart mariadb
 cd /tmp
 wget https://download.mailpiler.com/generic-local/sphinx-$PILER_SPHINX_VERSION-bin.tar.gz
 tar -xvzf sphinx-$PILER_SPHINX_VERSION-bin.tar.gz -C /
 groupadd piler
 useradd -g piler -m -s /bin/bash -d /var/piler piler
 usermod -L piler
 chmod 755 /var/piler
 if [[ "$PILER_VERSION" == "latest" ]]; then
        URL=$(curl -s https://www.mailpiler.org/wiki/download | grep "https://bitbucket.org/jsuto/piler/downloads/piler-" | cut -d '"' -f2)
        PILER_VERSION=$(echo $URL | cut -d'-' -f2 | cut -d'.' -f1-3)
        wget -O piler-$PILER_VERSION.tar.gz $URL
 else
        wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz
 fi
 tar -xvzf piler-$PILER_VERSION.tar.gz
 cd piler-$PILER_VERSION/
 ./configure --localstatedir=/var --with-database=mysql --enable-tcpwrappers --enable-memcached
 make
 make install
 ldconfig
 cp util/postinstall.sh util/postinstall.sh.bak
 sed -i "s/   PILER_SMARTHOST=.*/   PILER_SMARTHOST="\"$PILER_SMARTHOST\""/" util/postinstall.sh
 sed -i 's/   WWWGROUP=.*/   WWWGROUP="www-data"/' util/postinstall.sh
 make postinstall
 cp /usr/local/etc/piler/piler.conf /usr/local/etc/piler/piler.conf.bak
 sed -i "s/hostid=.*/hostid=$PILER_FQDN/" /usr/local/etc/piler/piler.conf
 sed -i "s/update_counters_to_memcached=.*/update_counters_to_memcached=1/" /usr/local/etc/piler/piler.conf
 su piler -c "indexer --all --config /usr/local/etc/piler/sphinx.conf"
 /etc/init.d/rc.piler start
 /etc/init.d/rc.searchd start
 update-rc.d rc.piler defaults
 update-rc.d rc.searchd defaults
 mkdir -p /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/piler.key -out /etc/nginx/ssl/piler.crt -subj "/CN=$PILER_FQDN" -addext "subjectAltName=DNS:$PILER_FQDN"
 cd /etc/nginx/sites-available
 cp /tmp/piler-$PILER_VERSION/contrib/webserver/piler-nginx.conf /etc/nginx/sites-available/
 ln -s /etc/nginx/sites-available/piler-nginx.conf /etc/nginx/sites-enabled/piler-nginx.conf
 sed -i "s|PILER_HOST|$PILER_FQDN|g" /etc/nginx/sites-available/piler-nginx.conf
 sed -i "s|/var/run/php/php7.4-fpm.sock|/var/run/php/php$PILER_PHP_VERSION-fpm.sock|g" /etc/nginx/sites-available/piler-nginx.conf
 sed -i "/server_name.*/a \\
        listen 443 ssl http2;\n\n\
        ssl_certificate /etc/nginx/ssl/piler.crt;\n\
        ssl_certificate_key /etc/nginx/ssl/piler.key;\n\n\
        ssl_session_timeout 1d;\n\
        ssl_session_cache shared:SSL:15m;\n\
        ssl_session_tickets off;\n\n\
        # modern configuration of Mozilla SSL configurator. Tweak to your needs.\n\
        ssl_protocols TLSv1.2 TLSv1.3;\n\
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n\
        ssl_prefer_server_ciphers off;\n\n\
        add_header X-Frame-Options SAMEORIGIN;\n\
        add_header X-Content-Type-Options nosniff;" /etc/nginx/sites-available/piler-nginx.conf
 sed -i "/^server {.*/i\
 server {\n\
        listen 80;\n\
        server_name _;\n\
        server_tokens off;\n\
        # HTTP to HTTPS redirect.\n\
        return 301 https://$PILER_FQDN;\n\
 }" /etc/nginx/sites-available/piler-nginx.conf
 unlink /etc/nginx/sites-enabled/default
 cp /usr/local/etc/piler/config-site.php /usr/local/etc/piler/config-site.php.bak
 sed -i "s|\$config\['SITE_URL'\] = .*|\$config\['SITE_URL'\] = 'https://$PILER_FQDN/';|" /usr/local/etc/piler/config-site.php
 cat >> /usr/local/etc/piler/config-site.php <<EOF
 // CUSTOM
 \$config['PROVIDED_BY'] = '$PILER_FQDN';
 \$config['SUPPORT_LINK'] = 'https://$PILER_FQDN';
 \$config['COMPATIBILITY'] = '';
 // fancy features.
 \$config['ENABLE_INSTANT_SEARCH'] = 1;
 \$config['ENABLE_TABLE_RESIZE'] = 1;
 \$config['ENABLE_DELETE'] = 1;
 \$config['ENABLE_ON_THE_FLY_VERIFICATION'] = 1;
 // general settings.
 \$config['TIMEZONE'] = '$LXC_TIMEZONE';
 // authentication
 // Enable authentication against an imap server
 //\$config['ENABLE_IMAP_AUTH'] = 1;
 //\$config['RESTORE_OVER_IMAP'] = 1;
 //\$config['IMAP_RESTORE_FOLDER_INBOX'] = 'INBOX';
 //\$config['IMAP_RESTORE_FOLDER_SENT'] = 'Sent';
 //\$config['IMAP_HOST'] = '$PILER_SMARTHOST';
 //\$config['IMAP_PORT'] =  993;
 //\$config['IMAP_SSL'] = true;
 // authentication against an ldap directory (disabled by default)
 //\$config['ENABLE_LDAP_AUTH'] = 1;
 //\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
 //\$config['LDAP_PORT'] = 389;
 //\$config['LDAP_HELPER_DN'] = 'cn=administrator,cn=users,dc=mydomain,dc=local';
 //\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
 //\$config['LDAP_MAIL_ATTR'] = 'mail';
 //\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
 //\$config['LDAP_ADMIN_MEMBER_DN'] = '';
 //\$config['LDAP_BASE_DN'] = 'ou=Benutzer,dc=krs,dc=local';
 // authentication against an Uninvention based ldap directory 
 //\$config['ENABLE_LDAP_AUTH'] = 1;
 //\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
 //\$config['LDAP_PORT'] = 7389;
 //\$config['LDAP_HELPER_DN'] = 'uid=ldap-search-user,cn=users,dc=mydomain,dc=local';
 //\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
 //\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
 //\$config['LDAP_ADMIN_MEMBER_DN'] = '';
 //\$config['LDAP_BASE_DN'] = 'cn=users,dc=mydomain,dc=local';
 //\$config['LDAP_MAIL_ATTR'] = 'mailPrimaryAddress';
 //\$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'person';
 //\$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'person';
 //\$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'mailAlternativeAddress';
 // special settings.
 \$config['MEMCACHED_ENABLED'] = 1;
 \$config['SPHINX_STRICT_SCHEMA'] = 1; // required for Sphinx $PILER_SPHINX_VERSION, see https://bitbucket.org/jsuto/piler/issues/1085/sphinx-331.
 EOF
 nginx -t && systemctl restart nginx
--- a/src/matrix/constants-service.conf
+++ b/src/matrix/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
--- a/src/nextcloud/constants-service.conf
+++ b/src/nextcloud/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-11-standard"
+LXC_TEMPLATE_VERSION="debian-12-standard"
 # Create sharefs mountpoint
 LXC_MP="1"
@@ -19,11 +19,14 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest')
 NEXTCLOUD_VERSION="latest"
 # Defines the php version to install
-NEXTCLOUD_PHP_VERSION="8.1"
+NEXTCLOUD_PHP_VERSION="8.2"
 # Defines the IP from the SQL server
 NEXTCLOUD_DB_IP="127.0.0.1"
--- a/src/nextcloud/install-service.sh
+++ b/src/nextcloud/install-service.sh
@@ -14,19 +14,19 @@ source /root/constants-service.conf
 HOSTNAME=$(hostname -f)
-wget -q -O - https://packages.sury.org/php/apt.gpg | apt-key add -
+wget -q -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/sury-php.gpg >/dev/null
 echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list
-wget -q -O - https://nginx.org/keys/nginx_signing.key | apt-key add -
+wget -q -O - https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/nginx.gpg >/dev/null
 echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list
-wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/postgresql.gpg >/dev/null
 echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils cifs-utils redis-server imagemagick libmagickcore-6.q16-6-extra \
-postgresql-13 nginx php$NEXTCLOUD_PHP_VERSION-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline}
+postgresql-15 nginx php$NEXTCLOUD_PHP_VERSION-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline}
 timedatectl set-timezone $LXC_TIMEZONE
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
@@ -76,7 +76,7 @@ sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/$NEXT
 sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
-sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
+sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=16/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
@@ -113,6 +113,9 @@ set_real_ip_from 127.0.0.1;
 real_ip_header X-Forwarded-For;
 real_ip_recursive on;
 include /etc/nginx/mime.types;
 types {
        text/javascript mjs;
    }
 default_type application/octet-stream;
 sendfile on;
 send_timeout 3600;
@@ -136,6 +139,10 @@ cat > /etc/nginx/conf.d/http.conf << EOF
 upstream php-handler {
 server unix:/run/php/php$NEXTCLOUD_PHP_VERSION-fpm.sock;
 }
 map \$arg_v \$asset_immutable {
    "" "";
    default "immutable";
 }
 server {
 listen 80 default_server;
 listen [::]:80 default_server;
@@ -171,13 +178,15 @@ ssl_prefer_server_ciphers on;
 ssl_stapling on;
 ssl_stapling_verify on;
 client_max_body_size 5120M;
 client_body_timeout 300s;
 client_body_buffer_size 512k;
 fastcgi_buffers 64 4K;
 gzip on;
 gzip_vary on;
 gzip_comp_level 4;
 gzip_min_length 256;
 gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+gzip_types application/atom+xml text/javascript application/wasm application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 add_header Strict-Transport-Security            "max-age=15768000; includeSubDomains; preload;" always;
 add_header Permissions-Policy                   "interest-cohort=()";
 add_header Referrer-Policy                      "no-referrer"   always;
@@ -230,10 +239,13 @@ fastcgi_pass php-handler;
 fastcgi_intercept_errors on;
 fastcgi_request_buffering off;
 }
-location ~ \.(?:css|js|svg|gif)\$ {
+location ~ \.(?:css|js|mjs|svg|gif|ico|wasm|tflite|map)\$ {
 try_files \$uri /index.php\$request_uri;
 expires 6M;
 access_log off;
    location ~ \.wasm$ {
            default_type application/wasm;
        }
 }
 location ~ \.woff2?\$ {
 try_files \$uri /index.php\$request_uri;
--- a/src/omada/constants-service.conf
+++ b/src/omada/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=2048
--- a/src/onlyoffice/constants-service.conf
+++ b/src/onlyoffice/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 ONLYOFFICE_DB_HOST=localhost
 ONLYOFFICE_DB_NAME=onlyoffice
--- a/src/open3a/constants-service.conf
+++ b/src/open3a/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
--- a/src/piler/constants-service.conf
+++ b/src/piler/constants-service.conf
@@ -0,0 +1,27 @@
 #!/bin/bash
 # Authors:
 # (C) 2024 Thorsten Spille <thorsten@spille-edv.de>
 # This file contains the project constants on service level
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-12-standard"
 # Create sharefs mountpoint
 LXC_MP="0"
 # Create unprivileged container
 LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
 # service dependent meta tags
 SERVICE_TAGS="php-fpm,nginx,mariadb,manticore"
--- a/src/piler/install-service.sh
+++ b/src/piler/install-service.sh
@@ -0,0 +1,23 @@
 #!/bin/bash
 # Author:
 # (C) 2024 Thorsten Spille <thorsten@spille-edv.de>
 source zamba.conf
 wget -O - https://apt.bashclub.org/gpg/bashclub.pub | gpg --dearmor > /usr/share/keyrings/bashclub-keyring.gpg
 echo "deb [signed-by=/usr/share/keyrings/bashclub-keyring.gpg] https://apt.bashclub.org/manticore bookworm main" > /etc/apt/sources.list.d/bashclub-manticore.list
 echo "deb [signed-by=/usr/share/keyrings/bashclub-keyring.gpg] https://apt.bashclub.org/$PILER_BRANCH bookworm main" > /etc/apt/sources.list.d/bashclub-$PILER_BRANCH.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends piler
 echo -e "Installation of piler finished."
 echo -e "\nFor administration please visit the following Website:"
 echo -e "\thttps://${LXC_HOSTNAME}.${LXC_DOMAIN}/"
 echo -e "\nLogin with following credentials:"
 echo -e "\tUser: admin@local"
 echo -e "\tPass: pilerrocks"
 echo -e "\n\nPlease have a look the the GOBD notes (in German):"
 echo -e "\thttps://${LXC_HOSTNAME}.${LXC_DOMAIN}/gobd"
--- a/src/proxmox-pbs/constants-service.conf
+++ b/src/proxmox-pbs/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Backup ubdir where Urbackup will store backups
 PBS_DATA="backup"
--- a/src/rei3/constants-service.conf
+++ b/src/rei3/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Defines the IP from the SQL server
 REI3_DB_IP="127.0.0.1"
--- a/src/unifi/constants-service.conf
+++ b/src/unifi/constants-service.conf
@@ -9,6 +9,8 @@
 # Debian Version, which will be installed
 LXC_TEMPLATE_VERSION="debian-11-standard"
 # !!!! Leave at debian 11, currently unifi depends on mongodb-server <= 4.4 and libssl1.1
 # libssl1.1 is unsupported on debian bookworm
 # Create sharefs mountpoint
 LXC_MP="0"
@@ -19,6 +21,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=2048
--- a/src/unifi/install-service.sh
+++ b/src/unifi/install-service.sh
@@ -11,10 +11,10 @@ source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
-wget -O /etc/apt/trusted.gpg.d/mongodb-3.6.asc https://www.mongodb.org/static/pgp/server-3.6.asc
+wget -O /etc/apt/trusted.gpg.d/mongodb-4.4.asc https://pgp.mongodb.com/server-4.4.asc
 wget -O /etc/apt/trusted.gpg.d/unifi.gpg https://dl.ubnt.com/unifi/unifi-repo.gpg
-echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/3.6 main" > /etc/apt/sources.list.d/mongodb.list
+echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" > /etc/apt/sources.list.d/mongodb.list
 echo "deb http://www.ui.com/downloads/unifi/debian stable ubiquiti" > /etc/apt/sources.list.d/unifi.list 
 apt update
--- a/src/urbackup/constants-service.conf
+++ b/src/urbackup/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Backup ubdir where Urbackup will store backups
 URBACKUP_DATA="urbackup"
--- a/src/vaultwarden/constants-service.conf
+++ b/src/vaultwarden/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Defines the name from the SQL database
 VAULTWARDEN_DB_NAME="vaultwarden"
--- a/src/vaultwarden/install-service.sh
+++ b/src/vaultwarden/install-service.sh
@@ -64,7 +64,6 @@ Group=vaultwarden
 EnvironmentFile=/var/lib/vaultwarden/.env
 ExecStart=/opt/vaultwarden/vaultwarden
 LimitNOFILE=1048576
 LimitNPROC=64
 PrivateTmp=true
 PrivateDevices=true
 ProtectHome=true
@@ -161,4 +160,4 @@ unlink /etc/nginx/sites-enabled/default
 systemctl daemon-reload
 systemctl enable --now vaultwarden
-systemctl restart nginx
+systemctl restart nginx
--- a/src/zabbix/constants-service.conf
+++ b/src/zabbix/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Defines the IP from the SQL server
 ZABBIX_DB_IP="127.0.0.1"
--- a/src/zammad/constants-service.conf
+++ b/src/zammad/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="1"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=4096
--- a/src/zmb-ad-join/constants-service.conf
+++ b/src/zmb-ad-join/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # add optional features to samba ad dc
 # CURRENTLY SUPPORTED:
--- a/src/zmb-ad-join/install-service.sh
+++ b/src/zmb-ad-join/install-service.sh
@@ -27,38 +27,40 @@ for f in ${OPTIONAL_FEATURES[@]}; do
  fi
 done
-## configure ntp
+echo "deb http://deb.debian.org/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
 cat << EOF > /etc/ntp.conf
 # Local clock. Note that is not the "localhost" address!
 server 127.127.1.0
 fudge  127.127.1.0 stratum 10
 # Where to retrieve the time from
 server 0.de.pool.ntp.org     iburst prefer
 server 1.de.pool.ntp.org     iburst prefer
 server 2.de.pool.ntp.org     iburst prefer
 driftfile       /var/lib/ntp/ntp.drift
 logfile         /var/log/ntp
 ntpsigndsocket  /usr/local/samba/var/lib/ntp_signd/
 # Access control
 # Default restriction: Allow clients only to query the time
 restrict default kod nomodify notrap nopeer mssntp
 # No restrictions for "localhost"
 restrict 127.0.0.1
 # Enable the time sources to only provide time to this host
 restrict 0.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
 restrict 1.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
 restrict 2.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
 tinker panic 0
 EOF
 echo "deb http://ftp.halifax.rwth-aachen.de/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
 # update packages
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 # install required packages
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES ntpdate rpl net-tools dnsutils ntp
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES ntpdate rpl net-tools dnsutils chrony sipcalc
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl attr samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils rsync cifs-utils
 mkdir -p /etc/chrony/conf.d
 mkdir -p /etc/systemd/system/chrony.service.d
 cat << EOF > /etc/default/chrony
 # This is a configuration file for /etc/init.d/chrony and
 # /lib/systemd/system/chrony.service; it allows you to pass various options to
 # the chrony daemon without editing the init script or service file.
 # Options to pass to chrony.
 DAEMON_OPTS="-x -F 1"
 EOF
 cat << EOF > /etc/systemd/system/chrony.service.d/override.conf
 [Unit]
 ConditionCapability=
 EOF
 cat << EOF > /etc/chrony/conf.d/samba.conf
 bindcmdaddress $(sipcalc ${LXC_IP} | grep -m1 "Host address" | rev | cut -d' ' -f1 | rev)
 server de.pool.ntp.org iburst
 server europe.pool.ntp.org iburst
 allow $(sipcalc ${LXC_IP} | grep -m1 "Network address" | rev | cut -d' ' -f1 | rev)/$(sipcalc ${LXC_IP} | grep -m1 "Network mask (bits)" | rev | cut -d' ' -f1 | rev)
 ntpsigndsocket /var/lib/samba/ntp_signd
 EOF
 if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
 	  cat << EOF > /etc/nginx/sites-available/default
 server {
--- a/src/zmb-ad/constants-service.conf
+++ b/src/zmb-ad/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # add optional features to samba ad dc
 # CURRENTLY SUPPORTED:
--- a/src/zmb-ad/install-service.sh
+++ b/src/zmb-ad/install-service.sh
@@ -27,45 +27,40 @@ for f in ${OPTIONAL_FEATURES[@]}; do
  fi
 done
-## configure ntp
+echo "deb http://deb.debian.org/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
 cat << EOF > /etc/ntp.conf
 # Local clock. Note that is not the "localhost" address!
 server 127.127.1.0
 fudge  127.127.1.0 stratum 10
 # Where to retrieve the time from
 server 0.de.pool.ntp.org     iburst prefer
 server 1.de.pool.ntp.org     iburst prefer
 server 2.de.pool.ntp.org     iburst prefer
 driftfile       /var/lib/ntp/ntp.drift
 logfile         /var/log/ntp
 ntpsigndsocket  /usr/local/samba/var/lib/ntp_signd/
 # Access control
 # Default restriction: Allow clients only to query the time
 restrict default kod nomodify notrap nopeer mssntp
 # No restrictions for "localhost"
 restrict 127.0.0.1
 # Enable the time sources to only provide time to this host
 restrict 0.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
 restrict 1.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
 restrict 2.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
 tinker panic 0
 EOF
 echo "deb http://ftp.halifax.rwth-aachen.de/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
 # update packages
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 # install required packages
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES ntpdate rpl net-tools dnsutils ntp
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES ntpdate rpl net-tools dnsutils chrony sipcalc
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl attr samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils
 mkdir -p /etc/chrony/conf.d
 mkdir -p /etc/systemd/system/chrony.service.d
 cat << EOF > /etc/default/chrony
 # This is a configuration file for /etc/init.d/chrony and
 # /lib/systemd/system/chrony.service; it allows you to pass various options to
 # the chrony daemon without editing the init script or service file.
 # Options to pass to chrony.
 DAEMON_OPTS="-x -F 1"
 EOF
 cat << EOF > /etc/systemd/system/chrony.service.d/override.conf
 [Unit]
 ConditionCapability=
 EOF
 cat << EOF > /etc/chrony/conf.d/samba.conf
 bindcmdaddress $(sipcalc ${LXC_IP} | grep -m1 "Host address" | rev | cut -d' ' -f1 | rev)
 server de.pool.ntp.org iburst
 server europe.pool.ntp.org iburst
 allow $(sipcalc ${LXC_IP} | grep -m1 "Network address" | rev | cut -d' ' -f1 | rev)/$(sipcalc ${LXC_IP} | grep -m1 "Network mask (bits)" | rev | cut -d' ' -f1 | rev)
 ntpsigndsocket /var/lib/samba/ntp_signd
 EOF
 if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
  cat << EOF > /etc/nginx/sites-available/default
 server {
--- a/src/zmb-cups/constants-service.conf
+++ b/src/zmb-cups/constants-service.conf
@@ -19,8 +19,11 @@ LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
 # service dependent meta tags
-SERVICE_TAGS="samba,member,fileserver"
+SERVICE_TAGS="samba,member,cups,printserver"
--- a/src/zmb-cups/install-service.sh
+++ b/src/zmb-cups/install-service.sh
@@ -9,7 +9,7 @@ source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
-echo "deb http://ftp.halifax.rwth-aachen.de/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
+echo "deb http://deb.debian.org/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
 apt update
@@ -106,4 +106,4 @@ systemctl disable --now cups-browsed.service
 cupsctl --remote-admin
-systemctl restart cups smbd nmbd winbind wsdd
+systemctl restart cups smbd nmbd winbind wsdd
--- a/src/zmb-member/constants-service.conf
+++ b/src/zmb-member/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
--- a/src/zmb-standalone/constants-service.conf
+++ b/src/zmb-standalone/constants-service.conf
@@ -19,6 +19,9 @@ LXC_UNPRIVILEGED="0"
 # enable nesting feature
 LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
--- a/src/zmb-standalone/install-service.sh
+++ b/src/zmb-standalone/install-service.sh
@@ -12,7 +12,7 @@ source /root/constants-service.conf
 apt-key adv --fetch-keys https://repo.45drives.com/key/gpg.asc
 echo "deb https://repo.45drives.com/debian focal main" > /etc/apt/sources.list.d/45drives.list
-echo "deb http://ftp.halifax.rwth-aachen.de/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
+echo "deb http://deb.debian.org/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
 apt update