Changed variable names / added variables

2024-11-07 19:31:58 +01:00 · 2021-04-08 00:27:47 +02:00 · 2021-04-08 00:27:47 +02:00 · 73e6dea57d
commit 73e6dea57d
parent ffe7cb5576
4 changed files with 137 additions and 112 deletions
--- a/create_lxc.sh
+++ b/create_lxc.sh
@ -1,36 +1,46 @@
 #!/bin/bash
-# This script wil create and fire up a standard debian buster lxc container on your proxmox pve.
+# This script will create and fire up a standard debian buster lxc container on your Proxmox VE.
-# The Script will look for the next free lxc number and take the next free and use it. So take
+# On a Proxmox cluster, the script will create the container on the local node, where it's executed.
-# care that behind your last number is place for it. 
+# The container ID will be automatically assigned by increasing (+1) the highest number of
 # existing LXC containers in your environment. If the assigned ID is already taken by a VM
 # or no containers exist yet, the script falls back to the ID 100.
-#### SOME VARIABLES TO ADJUST ####
+# Authors:
 # (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
 # (C) 2021 Script design and prototype by Markus Helmke <helmke@cloudistboese.de>
 # (C) 2021 Script rework by Thorsten Spille <thorsten@spille-edv.de>
 # Storage with templates
 LXC_TMP="local"
-# Size and pool of rootfs / in GB
+#### PLEASE ADJUST THE FOLLWING VARIABLES, BEFORE RUNNING THE SCRIPT ####
 SIZ_ROT="100"
 S_ROT_P="local-zfs"
-# Size and pool of Filestorage in GB will mounted to /share
+# The storage, where your container tmeplates are located (in most cases: local)
-SIZ_FIL="100"
+LXC_TEMPLATE_STORAGE="local"
 S_FIL_P="local-zfs"
-#Weather or not (1 and 0) the container will createt as unpriviliged LXC
+# Define the size and storage location of the container's root filesystem
-LXC_UNP="1"
+LXC_ROOTFS_SIZE="100"
 LXC_ROOTFS_STORAGE="local-zfs"
-# Size of the RAM assigned to the LXC
+# Define the size, storage location and mountpoint of the container's shared filesystem (required for 'zmb_standalone' and 'zmb_member') 
 LXC_FILEFS_SIZE="100"
 LXC_FILEFS_STORAGE="local-zfs"
 LXC_FILEFS_MOUNTPOINT="tank"
 # Define whether the container will be created in unprivileged (1) or privileged (0) mode
 # For 'zmb_standalone', 'zmb_pdc', 'zmb_member' and 'mailpiler' the container needs to be created with 'unprivileged=0'
 LXC_UNPRIVILEGED="1"
 # Size of the RAM assigned to the container
 LXC_MEM="1024"
-# Size of the SWAP assigned to the LXC
+# Size of the SWAP assigned to the container
-LXC_SWA="1024"
+LXC_SWAP="1024"
-# The hostname (eq. zamba1 or mailpiler1)
+# The hostname (eg. zamba1 or mailpiler1)
-LXC_HOST="zamba"
+LXC_HOSTNAME="zamba"
-# The domainname (searchdomain /etc/resolf.conf & hosts)
+# The domain suffix (the domain name / search domain of th container, results to the FQDN 'LXC_HOTNAME.LXC_DOMAIN')
-LXC_SDN="zmb.local"
+LXC_DOMAIN="zmb.rocks"
 # IP-address and subnet
 LXC_IP="10.10.80.20/24"
@ -38,49 +48,56 @@ LXC_IP="10.10.80.20/24"
 # Gateway
 LXC_GW="10.10.80.10"
-# DNS-server and here shoud be your AD-DC
+# DNS-server (should be your AD DC)
 LXC_DNS="10.10.80.10"
-# Networkbridge for this machine
+# Networkbridge for this container
-LXC_BRD="vmbr80"
+LXC_BRIDGE="vmbr80"
 # Optional VLAN number for this container
 LXC_VLAN=""
 # root password - take care to delete from this file
 LXC_PWD="MYPASSWD"
-LXC_KEY="ssh-rsa xxxxxxxx"
+LXC_AUTHORIZED_KEY="ssh-rsa xxxxxxxx"
 ############### Zamba-Server-Section ###############
 # Domain Entries to samba/smb.conf. Will be also uses for samba domain-provisioning when zmb-pdc will choosen.
-ZMB_REA="ZMB.LOCAL"
+ZMB_REALM="ZMB.ROCKS"
-ZMB_DOM="ZMB"
+ZMB_DOMAIN="ZMB"
-# THE Domain-Admin and passwd for zamba-install
+# The Domain-Admin and password for zamba installation
-ZMB_ADA="Administrator"
+ZMB_ADMIN_USER="Administrator"
-ZMB_APW="MYPASSWORD"
+ZMB_ADMIN_PASS="MYPASSWORD"
 ZMB_DOMAIN_ADMINS_GROUP="domain admins"
 # Name of the Zamba Share
 ZMB_SHARE="share"
 ############### Mailpiler-Section ###############
-# The FQDN vor the Hostname. This must be exactly the same like the LXC_HOST / LXC_SDN at section above.
+# The FQDN vor the Hostname. This must be exactly the same like the LXC_HOSTNAME / LXC_DOMAIN at section above.
-PILER_DOM="piler.zmb.rocks"
+PILER_FQDN="piler.zmb.rocks"
-SMARTHOST="10.10.80.20"
+PILER_SMARTHOST="10.10.80.20"
-PILER_VER="1.3.10"
+PILER_VERSION="1.3.10"
-SPHINX_VER="3.3.1"
+PILER_SPHINX_VERSION="3.3.1"
-PHP_VER="7.4"
+PILER_PHP_VERSION="7.4"
 ############### Matrix-Section ###############
-# The FQDN vor the Hostname. This should be the same like the LXC_HOST / LXC_SDN at section above.
+# The FQDN vor the Hostname. This should be the same like the LXC_HOSTNAME / LXC_DOMAIN at section above.
-MRX_DOM="matrix.zmb.rocks"
+MATRIX_FQDN="matrix.zmb.rocks"
-ELE_DOM="element.zmb.rocks"
+MATRIX_ELEMENT_FQDN="element.zmb.rocks"
-ELE_VER="v1.7.21"
+MATRIX_ELEMENT_VERSION="v1.7.24"
-JIT_DOM="meet.zmb.rocks"
+MATRIX_JITSI_FQDN="meet.zmb.rocks"
 #################################
 # CHeck is the newest template available, else download it.
-DEB_LOC=$(pveam list $LXC_TMP | grep debian-10-standard | cut -d'_' -f2)
+DEB_LOC=$(pveam list $LXC_TEMPLATE_STORAGE | grep debian-10-standard | cut -d'_' -f2)
 DEB_REP=$(pveam available --section system | grep debian-10-standard | cut -d'_' -f2)
@ -89,7 +106,7 @@ then
  echo "Newest Version of Debian 10 Standard $DEP_REP exists.";
 else
  echo "Will now download newest Debian 10 Standard $DEP_REP.";
-  pveam download $LXC_TMP debian-10-standard_$DEB_REP\_amd64.tar.gz
+  pveam download $LXC_TEMPLATE_STORAGE debian-10-standard_$DEB_REP\_amd64.tar.gz
 fi
 # Get next free LXC-number
@ -105,10 +122,16 @@ fi
 echo "Will now create LXC Container $LXC_NBR!";
 # Create the container
-pct create $LXC_NBR -unprivileged $LXC_UNP $LXC_TMP:vztmpl/debian-10-standard_$DEB_REP\_amd64.tar.gz -rootfs $S_ROT_P:$SIZ_ROT;
+pct create $LXC_NBR -unprivileged $LXC_UNPRIVILEGED $LXC_TEMPLATE_STORAGE:vztmpl/debian-10-standard_$DEB_REP\_amd64.tar.gz -rootfs $LXC_ROOTFS_STORAGE:$LXC_ROOTFS_SIZE;
 sleep 2;
-pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWA -hostname $LXC_HOST \-nameserver $LXC_DNS -searchdomain $LXC_SDN -onboot 1 -timezone Europe/Berlin -net0 name=eth0,bridge=$LXC_BRD,firewall=1,gw=$LXC_GW,ip=$LXC_IP,type=veth;
+if [[ $LXC_VLAN != "" ]];then
  VLAN=",vlan=$LXC_VLAN"
 else
 VLAN=""
 fi
 pct set $LXC_NBR -memory $LXC_MEM -swap $LXC_SWAP -hostname $LXC_HOSTNAME \-nameserver $LXC_DNS -searchdomain $LXC_DOMAIN -onboot 1 -timezone Europe/Berlin -net0 name=eth0,bridge=$LXC_BRIDGE,firewall=1,gw=$LXC_GW,ip=$LXC_IP,type=veth$VLAN;
 sleep 2;
 PS3="Select the Server-Function: "
@ -121,7 +144,7 @@ select opt in just_lxc zmb-standalone zmb-member zmb-pdc mailpiler matrix quit;
      # Set the root password and key
      echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd;
      lxc-attach -n$LXC_NBR mkdir /root/.ssh;
-      echo -e "$LXC_KEY" | lxc-attach -n$LXC_NBR tee /root/.ssh/authorized_keys;
+      echo -e "$LXC_AUTHORIZED_KEY" | lxc-attach -n$LXC_NBR tee /root/.ssh/authorized_keys;
      lxc-attach -n$LXC_NBR service ssh restart;
      echo "Should be ready!"
      break
@ -131,17 +154,17 @@ select opt in just_lxc zmb-standalone zmb-member zmb-pdc mailpiler matrix quit;
      ;;
    zmb-member)
      echo "Make some additions to LXC for AD-Member-Server!"
-      pct set $LXC_NBR -mp0 $S_FIL_P:$SIZ_FIL,mp=/tank
+      pct set $LXC_NBR -mp0 $LXC_FILEFS_STORAGE:$LXC_FILEFS_SIZE,mp=/$LXC_FILEFS_MOUNTPOINT
      sleep 2;
      lxc-start $LXC_NBR;
      sleep 5;
      # Set the root password and key
      echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd;
      lxc-attach -n$LXC_NBR mkdir /root/.ssh;
-      echo -e "$LXC_KEY" | lxc-attach -n$LXC_NBR tee /root/.ssh/authorized_keys;
+      echo -e "$LXC_AUTHORIZED_KEY" | lxc-attach -n$LXC_NBR tee /root/.ssh/authorized_keys;
      lxc-attach -n$LXC_NBR service ssh restart;
      cp /root/zmb_mem.orig /root/zmb_mem.sh
-      sed -i "s|#ZMB_VAR|#ZMB_VAR\nZMB_REA='$ZMB_REA'\nZMB_DOM='$ZMB_DOM'\nZMB_ADA='$ZMB_ADA'\nZMB_APW='$ZMB_APW'|" /root/zmb_mem.sh
+      sed -i "s|#ZMB_VAR|#ZMB_VAR\nLXC_FILEFS_MOUNTPOINT='$LXC_FILEFS_MOUNTPOINT'\nZMB_SHARE='$ZMB_SHARE'\nZMB_REALM='$ZMB_REALM'\nZMB_DOMAIN='$ZMB_DOMAIN'\nZMB_ADMIN_USER='$ZMB_ADMIN_USER'\nZMB_ADMIN_PASS='$ZMB_ADMIN_PASS'\nZMB_DOMAIN_ADMINS_GROUP='$ZMB_DOMAIN_ADMINS_GROUP'|" /root/zmb_mem.sh
      pct push $LXC_NBR /root/zmb_mem.sh /root/zmb_mem.sh
      echo "Install zamba as AD-Member-Server!"
      lxc-attach -n$LXC_NBR bash /root/zmb_mem.sh
@ -159,10 +182,10 @@ select opt in just_lxc zmb-standalone zmb-member zmb-pdc mailpiler matrix quit;
      # Set the root password and key
      echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd;
      lxc-attach -n$LXC_NBR mkdir /root/.ssh;
-      echo -e "$LXC_KEY" | lxc-attach -n$LXC_NBR tee /root/.ssh/authorized_keys;
+      echo -e "$LXC_AUTHORIZED_KEY" | lxc-attach -n$LXC_NBR tee /root/.ssh/authorized_keys;
      lxc-attach -n$LXC_NBR service ssh restart;
      cp /root/mailpiler.orig /root/mailpiler.sh
-      sed -i "s|#PILER_VAR|#PILER_VAR\nPILER_DOM='$PILER_DOM'\nSMARTHOST='$SMARTHOST'\nPILER_VER='$PILER_VER'\nSPHINX_VER='$SPHINX_VER'\nPHP_VER='$PHP_VER'|" /root/mailpiler.sh
+      sed -i "s|#PILER_VAR|#PILER_VAR\nPILER_FQDN='$PILER_FQDN'\nPILER_SMARTHOST='$PILER_SMARTHOST'\nPILER_VERSION='$PILER_VERSION'\nPILER_SPHINX_VERSION='$PILER_SPHINX_VERSION'\nPILER_PHP_VERSION='$PILER_PHP_VERSION'|" /root/mailpiler.sh
      pct push $LXC_NBR /root/mailpiler.sh /root/mailpiler.sh
      echo "Install Mailpiler mailarchiv!"
      lxc-attach -n$LXC_NBR bash mailpiler.sh
@ -175,10 +198,10 @@ select opt in just_lxc zmb-standalone zmb-member zmb-pdc mailpiler matrix quit;
      # Set the root password and key
      echo -e "$LXC_PWD\n$LXC_PWD" | lxc-attach -n$LXC_NBR passwd;
      lxc-attach -n$LXC_NBR mkdir /root/.ssh;
-      echo -e "$LXC_KEY" | lxc-attach -n$LXC_NBR tee /root/.ssh/authorized_keys;
+      echo -e "$LXC_AUTHORIZED_KEY" | lxc-attach -n$LXC_NBR tee /root/.ssh/authorized_keys;
      lxc-attach -n$LXC_NBR service ssh restart;
      cp /root/matrix.orig /root/matrix.sh
-      sed -i "s|#MATRIX_VAR|#Matrix_VAR\nMRX_DOM='$MRX_DOM'\nELE_DOM='$ELE_DOM'\nELE_VER='$ELE_VER'\nJIT_DOM='$JIT_DOM'|" /root/matrix.sh
+      sed -i "s|#MATRIX_VAR|#Matrix_VAR\nMATRIX_FQDN='$MATRIX_FQDN'\nMATRIX_ELEMENT_FQDN='$MATRIX_ELEMENT_FQDN'\nMATRIX_ELEMENT_VERSION='$MATRIX_ELEMENT_VERSION'\nMATRIX_JITSI_FQDN='$MATRIX_JITSI_FQDN'|" /root/matrix.sh
      pct push $LXC_NBR /root/matrix.sh /root/matrix.sh
      echo "Install Matrix Chatserver!"
      lxc-attach -n$LXC_NBR bash matrix.sh
--- a/mailpiler.orig
+++ b/mailpiler.orig
@ -12,11 +12,11 @@ echo "Ensure your Hostname is set to your Piler FQDN!"
 echo $HOSTNAME
 if 
-    [ "$HOSTNAME" != "$PILER_DOM" ]
+    [ "$HOSTNAME" != "$PILER_FQDN" ]
 then
-        echo "Hostname doesn't match Piler_Domain! Check install.sh, /etc/hosts, /etc/hostname." && exit
+        echo "Hostname doesn't match PILER_FQDNain! Check install.sh, /etc/hosts, /etc/hostname." && exit
 else
-        echo "Hostname matches PILER_DOMAIN, so starting installation."
+        echo "Hostname matches PILER_FQDNAIN, so starting installation."
 fi
 apt install -y gpg apt-transport-https lsb-release
@ -28,7 +28,7 @@ apt update && apt full-upgrade -y
 apt install -y mc sysstat build-essential libwrap0-dev libpst-dev tnef libytnef0-dev unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 software-properties-common libpoppler-dev openssl libssl-dev memcached telnet nginx mariadb-server default-libmysqlclient-dev python-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef libpq5 zipcmp zipmerge ziptool libsodium23
-apt update && apt install -y php$PHP_VER-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
+apt update && apt install -y php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
 apt purge -y postfix
@ -45,30 +45,30 @@ EOF
 systemctl restart mariadb
 cd /tmp
-wget https://download.mailpiler.com/generic-local/sphinx-$SPHINX_VER-bin.tar.gz
+wget https://download.mailpiler.com/generic-local/sphinx-$PILER_SPHINX_VERSION-bin.tar.gz
-tar -xvzf sphinx-$SPHINX_VER-bin.tar.gz -C /
+tar -xvzf sphinx-$PILER_SPHINX_VERSION-bin.tar.gz -C /
 groupadd piler
 useradd -g piler -m -s /bin/bash -d /var/piler piler
 usermod -L piler
 chmod 755 /var/piler
-wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VER.tar.gz
+wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz
-tar -xvzf piler-$PILER_VER.tar.gz
+tar -xvzf piler-$PILER_VERSION.tar.gz
-cd piler-$PILER_VER/
+cd piler-$PILER_VERSION/
 ./configure --localstatedir=/var --with-database=mysql --enable-tcpwrappers --enable-memcached
 make
 make install
 ldconfig
 cp util/postinstall.sh util/postinstall.sh.bak
-sed -i "s/   SMARTHOST=.*/   SMARTHOST="\"$SMARTHOST\""/" util/postinstall.sh
+sed -i "s/   PILER_SMARTHOST=.*/   PILER_SMARTHOST="\"$PILER_SMARTHOST\""/" util/postinstall.sh
 sed -i 's/   WWWGROUP=.*/   WWWGROUP="www-data"/' util/postinstall.sh
 make postinstall
 cp /usr/local/etc/piler/piler.conf /usr/local/etc/piler/piler.conf.bak
-sed -i "s/hostid=.*/hostid=$PILER_DOM/" /usr/local/etc/piler/piler.conf
+sed -i "s/hostid=.*/hostid=$PILER_FQDN/" /usr/local/etc/piler/piler.conf
 sed -i "s/update_counters_to_memcached=.*/update_counters_to_memcached=1/" /usr/local/etc/piler/piler.conf
 su piler -c "indexer --all --config /usr/local/etc/piler/sphinx.conf"
@ -80,14 +80,14 @@ update-rc.d rc.piler defaults
 update-rc.d rc.searchd defaults
 mkdir -p /etc/nginx/ssl
-openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/piler.key -out /etc/nginx/ssl/piler.crt -subj "/CN=$PILER_DOM" -addext "subjectAltName=DNS:$PILER_DOM"
+openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/piler.key -out /etc/nginx/ssl/piler.crt -subj "/CN=$PILER_FQDN" -addext "subjectAltName=DNS:$PILER_FQDN"
 cd /etc/nginx/sites-available
-cp /tmp/piler-$PILER_VER/contrib/webserver/piler-nginx.conf /etc/nginx/sites-available/
+cp /tmp/piler-$PILER_VERSION/contrib/webserver/piler-nginx.conf /etc/nginx/sites-available/
 ln -s /etc/nginx/sites-available/piler-nginx.conf /etc/nginx/sites-enabled/piler-nginx.conf
-sed -i "s|PILER_HOST|$PILER_DOM|g" /etc/nginx/sites-available/piler-nginx.conf
+sed -i "s|PILER_HOST|$PILER_FQDN|g" /etc/nginx/sites-available/piler-nginx.conf
-sed -i "s|/var/run/php/php7.4-fpm.sock|/var/run/php/php$PHP_VER-fpm.sock|g" /etc/nginx/sites-available/piler-nginx.conf
+sed -i "s|/var/run/php/php7.4-fpm.sock|/var/run/php/php$PILER_PHP_VERSION-fpm.sock|g" /etc/nginx/sites-available/piler-nginx.conf
 sed -i "/server_name.*/a \\
        listen 443 ssl http2;\n\n\
@ -106,19 +106,19 @@ sed -i "/server_name.*/a \\
 sed -i "/^server {.*/i\
 server {\n\
        listen 80;\n\
-        server_name $PILER_DOM;\n\
+        server_name $PILER_FQDN;\n\
        server_tokens off;\n\
        # HTTP to HTTPS redirect.\n\
-        return 301 https://$PILER_DOM;\n\
+        return 301 https://$PILER_FQDN;\n\
 }" /etc/nginx/sites-available/piler-nginx.conf
 cp /usr/local/etc/piler/config-site.php /usr/local/etc/piler/config-site.php.bak
-sed -i "s|\$config\['SITE_URL'\] = .*|\$config\['SITE_URL'\] = 'https://$PILER_DOM/';|" /usr/local/etc/piler/config-site.php
+sed -i "s|\$config\['SITE_URL'\] = .*|\$config\['SITE_URL'\] = 'https://$PILER_FQDN/';|" /usr/local/etc/piler/config-site.php
 cat >> /usr/local/etc/piler/config-site.php <<EOF
 // CUSTOM
-\$config['PROVIDED_BY'] = '$PILER_DOM';
+\$config['PROVIDED_BY'] = '$PILER_FQDN';
-\$config['SUPPORT_LINK'] = 'https://$PILER_DOM';
+\$config['SUPPORT_LINK'] = 'https://$PILER_FQDN';
 \$config['COMPATIBILITY'] = '';
 // fancy features.
@ -137,13 +137,13 @@ cat >> /usr/local/etc/piler/config-site.php <<EOF
 //\$config['RESTORE_OVER_IMAP'] = 1;
 //\$config['IMAP_RESTORE_FOLDER_INBOX'] = 'INBOX';
 //\$config['IMAP_RESTORE_FOLDER_SENT'] = 'Sent';
-//\$config['IMAP_HOST'] = '$SMARTHOST';
+//\$config['IMAP_HOST'] = '$PILER_SMARTHOST';
 //\$config['IMAP_PORT'] =  993;
 //\$config['IMAP_SSL'] = true;
 // authentication against an ldap directory (disabled by default)
 //\$config['ENABLE_LDAP_AUTH'] = 1;
-//\$config['LDAP_HOST'] = '$SMARTHOST';
+//\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
 //\$config['LDAP_PORT'] = 389;
 //\$config['LDAP_HELPER_DN'] = 'cn=administrator,cn=users,dc=mydomain,dc=local';
 //\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
@ -154,7 +154,7 @@ cat >> /usr/local/etc/piler/config-site.php <<EOF
 // authentication against an Uninvention based ldap directory 
 //\$config['ENABLE_LDAP_AUTH'] = 1;
-//\$config['LDAP_HOST'] = '$SMARTHOST';
+//\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
 //\$config['LDAP_PORT'] = 7389;
 //\$config['LDAP_HELPER_DN'] = 'uid=ldap-search-user,cn=users,dc=mydomain,dc=local';
 //\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
@ -168,7 +168,7 @@ cat >> /usr/local/etc/piler/config-site.php <<EOF
 // special settings.
 \$config['MEMCACHED_ENABLED'] = 1;
-\$config['SPHINX_STRICT_SCHEMA'] = 1; // required for Sphinx $SPHINX_VER, see https://bitbucket.org/jsuto/piler/issues/1085/sphinx-331.
+\$config['SPHINX_STRICT_SCHEMA'] = 1; // required for Sphinx $PILER_SPHINX_VERSION, see https://bitbucket.org/jsuto/piler/issues/1085/sphinx-331.
 EOF
 nginx -t && systemctl restart nginx
--- a/matrix.orig
+++ b/matrix.orig
@ -21,9 +21,9 @@ systemctl enable matrix-synapse
 ss -tulpen
 mkdir /etc/nginx/ssl
-openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/matrix.key -out /etc/nginx/ssl/matrix.crt -subj "/CN=$MRX_DOM" -addext "subjectAltName=DNS:$MRX_DOM"
+openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/matrix.key -out /etc/nginx/ssl/matrix.crt -subj "/CN=$MATRIX_FQDN" -addext "subjectAltName=DNS:$MATRIX_FQDN"
-cat > /etc/nginx/sites-available/$MRX_DOM <<EOF
+cat > /etc/nginx/sites-available/$MATRIX_FQDN <<EOF
 # Virtual Host configuration for example.com
 #
 # You can move that to a different file under sites-available/ and symlink that
@ -32,15 +32,15 @@ cat > /etc/nginx/sites-available/$MRX_DOM <<EOF
 server {
    listen 80;
    listen [::]:80;
-    server_name $MRX_DOM;
+    server_name $MATRIX_FQDN;
-    return 301 https://$MRX_DOM;
+    return 301 https://$MATRIX_FQDN;
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
-    server_name $MRX_DOM;
+    server_name $MATRIX_FQDN;
    ssl on;
    ssl_certificate /etc/nginx/ssl/matrix.crt;
@ -55,14 +55,14 @@ server {
 server {
    listen 8448 ssl;
    listen [::]:8448 ssl;
-    server_name $MRX_DOM;
+    server_name $MATRIX_FQDN;
    ssl on;
    ssl_certificate /etc/nginx/ssl/matrix.crt;
    ssl_certificate_key /etc/nginx/ssl/matrix.key;
    # If you don't wanna serve a site, comment this out
-    root /var/www/$MRX_DOM;
+    root /var/www/$MATRIX_FQDN;
    index index.html index.htm;
    location / {
@ -72,9 +72,9 @@ server {
 }
 EOF
-ln -s /etc/nginx/sites-available/$MRX_DOM /etc/nginx/sites-enabled/$MRX_DOM
+ln -s /etc/nginx/sites-available/$MATRIX_FQDN /etc/nginx/sites-enabled/$MATRIX_FQDN
-cat > /etc/nginx/sites-available/$ELE_DOM <<EOF
+cat > /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN <<EOF
 # Virtual Host configuration for example.com
 #
 # You can move that to a different file under sites-available/ and symlink that
@ -83,45 +83,45 @@ cat > /etc/nginx/sites-available/$ELE_DOM <<EOF
 server {
    listen 80;
    listen [::]:80;
-    server_name $ELE_DOM;
+    server_name $MATRIX_ELEMENT_FQDN;
-    return 301 https://$ELE_DOM;
+    return 301 https://$MATRIX_ELEMENT_FQDN;
 }
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
-    server_name $ELE_DOM;
+    server_name $MATRIX_ELEMENT_FQDN;
    ssl on;
    ssl_certificate /etc/nginx/ssl/matrix.crt;
    ssl_certificate_key /etc/nginx/ssl/matrix.key;
    # If you don't wanna serve a site, comment this out
-    root /var/www/$ELE_DOM/element;
+    root /var/www/$MATRIX_ELEMENT_FQDN/element;
    index index.html index.htm;
 } 
 EOF
-ln -s /etc/nginx/sites-available/$ELE_DOM /etc/nginx/sites-enabled/$ELE_DOM
+ln -s /etc/nginx/sites-available/$MATRIX_ELEMENT_FQDN /etc/nginx/sites-enabled/$MATRIX_ELEMENT_FQDN
 systemctl restart nginx
-mkdir /var/www/$ELE_DOM
+mkdir /var/www/$MATRIX_ELEMENT_FQDN
-cd /var/www/$ELE_DOM
+cd /var/www/$MATRIX_ELEMENT_FQDN
 wget https://packages.riot.im/element-release-key.asc
 gpg --import element-release-key.asc
-wget https://github.com/vector-im/element-web/releases/download/$ELE_VER/element-$ELE_VER.tar.gz
+wget https://github.com/vector-im/element-web/releases/download/$MATRIX_ELEMENT_VERSION/element-$MATRIX_ELEMENT_VERSION.tar.gz
-wget https://github.com/vector-im/element-web/releases/download/$ELE_VER/element-$ELE_VER.tar.gz.asc
+wget https://github.com/vector-im/element-web/releases/download/$MATRIX_ELEMENT_VERSION/element-$MATRIX_ELEMENT_VERSION.tar.gz.asc
-gpg --verify element-$ELE_VER.tar.gz.asc
+gpg --verify element-$MATRIX_ELEMENT_VERSION.tar.gz.asc
-tar -xzvf element-$ELE_VER.tar.gz
+tar -xzvf element-$MATRIX_ELEMENT_VERSION.tar.gz
-ln -s element-$ELE_VER element
+ln -s element-$MATRIX_ELEMENT_VERSION element
 chown www-data:www-data -R element
 cp ./element/config.sample.json ./element/config.json
-sed -i "s|https://matrix-client.matrix.org|https://$MRX_DOM|" ./element/config.json
+sed -i "s|https://matrix-client.matrix.org|https://$MATRIX_FQDN|" ./element/config.json
-sed -i "s|\"server_name\": \"matrix.org\"|\"server_name\": \"$MRX_DOM\"|" ./element/config.json
+sed -i "s|\"server_name\": \"matrix.org\"|\"server_name\": \"$MATRIX_FQDN\"|" ./element/config.json
 su postgres <<EOF
 psql -c "CREATE USER $ELE_DBUSER WITH PASSWORD '$ELE_DBPASS';"
@ -131,7 +131,7 @@ EOF
 cd /
 sed -i "s|#registration_shared_secret: <PRIVATE STRING>|registration_shared_secret: \"$MRX_PKE\"|" /etc/matrix-synapse/homeserver.yaml
-sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MRX_DOM/|" /etc/matrix-synapse/homeserver.yaml
+sed -i "s|#public_baseurl: https://example.com/|public_baseurl: https://$MATRIX_FQDN/|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|#enable_registration: false|enable_registration: true|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|name: sqlite3|name: psycopg2|" /etc/matrix-synapse/homeserver.yaml
 sed -i "s|database: /var/lib/matrix-synapse/homeserver.db|database: $ELE_DBNAME\n    user: $ELE_DBUSER\n    password: $ELE_DBPASS\n    host: 127.0.0.1\n    cp_min: 5\n    cp_max: 10|" /etc/matrix-synapse/homeserver.yaml
--- a/zmb_mem.orig
+++ b/zmb_mem.orig
@ -10,22 +10,22 @@ echo -ne '\n' | apt install -y acl dnsutils mc samba winbind libpam-winbind libn
 mv /etc/krb5.conf /etc/krb5.conf.bak
 cat > /etc/krb5.conf <<EOF
 [libdefaults]
-	default_realm = $ZMB_REA
+	default_realm = $ZMB_REALM
    ticket_lifetime = 600
 	dns_lookup_realm = true
 	dns_lookup_kdc = true
 	renew_lifetime = 7d
 EOF
-echo -e "$ZMB_APW" | kinit -V $ZMB_ADA
+echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
 klist
 mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
 cat > /etc/samba/smb.conf <<EOF
 [global]
-	workgroup = $ZMB_DOM
+	workgroup = $ZMB_DOMAIN
 	security = ADS
-	realm = $ZMB_REA
+	realm = $ZMB_REALM
 	server string = %h server
 	vfs objects = acl_xattr shadow_copy2
@ -67,9 +67,9 @@ cat > /etc/samba/smb.conf <<EOF
 	shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
 	shadow: delimiter = -20
-[share]
+[$ZMB_SHARE]
 	comment = Main Share
-	path = /tank/share
+	path = /$LXC_FILEFS_MOUNTPOINT/$ZMB_SHARE
 	read only = No
 	create mask = 0660
 	directory mask = 0770
@ -81,7 +81,7 @@ EOF
 systemctl restart smbd
-echo -e "$ZMB_APW" | net ads join -U $ZMB_ADA createcomputer=Computers
+echo -e "$ZMB_ADMIN_PASS" | net ads join -U $ZMB_ADMIN_USER createcomputer=Computers
 sed -i "s|files systemd|files systemd winbind|g" /etc/nsswitch.conf
 sed -i "s|#WINBINDD_OPTS=|WINBINDD_OPTS=|" /etc/default/winbind
 echo -e "session optional        pam_mkhomedir.so skel=/etc/skel umask=077" >> /etc/pam.d/common-session
@ -90,11 +90,13 @@ systemctl restart winbind nmbd
 wbinfo -u
 wbinfo -g
-mkdir /tank/share
+mkdir /$LXC_FILEFS_MOUNTPOINT/$ZMB_SHARE
 chown 'administrator':'domain users' /tank/share
-setfacl -Rm u:administrator:rwx,g::-,o::- /tank/share
+# originally 'domain users' was set, added variable for domain admins group, samba wiki recommends separate group e.g. 'unix admins'
-setfacl -Rdm u:administrator:rwx,g::-,o::- /tank/share
+chown "$ZMB_ADMIN_USER":"$ZMB_DOMAIN_ADMINS_GROUP" /$LXC_FILEFS_MOUNTPOINT/$ZMB_SHARE
 setfacl -Rm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_FILEFS_MOUNTPOINT/$ZMB_SHARE
 setfacl -Rdm u:$ZMB_ADMIN_USER:rwx,g::-,o::- /$LXC_FILEFS_MOUNTPOINT/$ZMB_SHARE
 systemctl restart smbd nmbd winbind