Few updates before move to Devuan.

etc/.gitignore

@@ -1,3 +1,5 @@
+/.pwd.lock
+/.updated
 /ImageMagick-7/
 /X11/
 /adduser.conf

etc/apt/.gitignore

@@ -0,0 +1,5 @@
+/apt.conf.d/
+/auth.conf.d/
+/keyrings/
+/sources.list
+/trusted.gpg.d/

etc/apt/preferences.d/sury

@@ -0,0 +1,3 @@
+Package: *
+Pin: release o=deb.sury.org
+Pin-Priority: 1000

etc/apt/sources.list.d/fd.list

@@ -0,0 +1,4 @@
+deb [trusted=yes] https://public.fusiondirectory.org/debian/fusiondirectory-integrator/ bullseye main
+deb [trusted=yes] https://public.fusiondirectory.org/debian/fusiondirectory-tools/ bullseye main
+deb [trusted=yes] https://public.fusiondirectory.org/debian/fusiondirectory-external-libraries/ bullseye main
+deb [trusted=yes] https://public.fusiondirectory.org/debian/bullseye-fusiondirectory-release/ bullseye main

etc/apt/sources.list.d/sury.list

@@ -0,0 +1 @@
+deb [trusted=yes] https://packages.sury.org/php/ trixie main

etc/default/.gitignore

@@ -5,8 +5,6 @@
 /networking
 /nss
 /openipmi
-/prometheus-node-exporter
-/smartmontools
 /ssh
 /useradd
 /winbind

etc/default/prometheus-node-exporter

@@ -0,0 +1,5 @@
+# Set the command-line arguments to pass to the server.
+# Due to shell escaping, to pass backslashes for regexes, you need to double
+# them (\\d for \d). If running under systemd, you need to double them again
+# (\\\\d to mean \d), and escape newlines too.
+ARGS="--web.listen-address=5.101.171.215:9100"

etc/default/terraform-http-backend

@@ -0,0 +1,7 @@
+TF_USER="thb"
+TF_IP="5.101.171.215"
+TF_PORT="25480"
+TF_STORAGE_DIR="/var/lib/terraform-http-backend"
+TF_AUTH_ENABLED="true"
+TF_USERNAME="sysadmin"
+TF_PASSWORD="sunsa"

etc/fusiondirectory/fusiondirectory-apache.conf

@@ -0,0 +1,8 @@
+# Include FusionDirectory to your web service
+Alias /fusiondirectory /usr/share/fusiondirectory/html
+
+<Directory /usr/share/fusiondirectory/html>
+# Remove the comment from the line below if you use fusiondirectory-configuration-manager --encrypt-passwords
+#   include /etc/fusiondirectory/fusiondirectory.secrets
+</Directory>
+

etc/fusiondirectory/fusiondirectory.conf.orig

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<conf>
+  <main default="Slackware UK LDAP Server" logging="true" displayerrors="true" debuglevel="1024" templateCompileDirectory="/var/cache/fusiondirectory/template/" theme="breezy">
+    <location name="Slackware UK LDAP Server" forceSSL="true">
+      <referral URI="ldaps://core.slackware.uk.net:636" base="dc=slackware,dc=uk,dc=net" adminDn="cn=Administrator,cn=Users,dc=slackware,dc=uk,dc=net" adminPassword="rxdnq8cksunsa$0D" />
+    </location>
+  </main>
+</conf>

etc/init.d/.gitignore

@@ -1,4 +1,3 @@
 /*
 !/.gitignore
-!/samba
 !/terraform-http-backend

etc/init.d/samba

@@ -1,90 +0,0 @@
-#!/sbin/openrc-run
-
-extra_started_commands="reload"
-piddir=${piddir:-"/run/samba"}
-
-DAEMON=${RC_SVCNAME#samba.}
-if [ "$DAEMON" != "$RC_SVCNAME" ]; then
-	daemon_list=$DAEMON
-fi
-
-depend() {
-	need net
-	after firewall
-}
-
-start_pre() {
-	checkpath --directory "$piddir"
-}
-
-start_samba() {
-	start-stop-daemon --start --quiet --exec /usr/sbin/samba -- \
-		${samba_options:-"-D"}
-}
-
-stop_samba() {
-	start-stop-daemon --stop --quiet --pidfile "$piddir"/samba.pid
-}
-
-start_smbd() {
-	start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- \
-		${smbd_options:-"-D"}
-}
-
-stop_smbd() {
-	start-stop-daemon --stop --quiet --pidfile "$piddir"/smbd.pid
-}
-
-start_nmbd() {
-	start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- \
-		${nmbd_options:-"-D"}
-}
-
-stop_nmbd() {
-	start-stop-daemon --stop --quiet --pidfile "$piddir"/nmbd.pid
-}
-
-start_winbindd() {
-	start-stop-daemon --start --quiet --exec /usr/sbin/winbindd -- \
-		${winbindd_options:-"-D"}
-}
-
-stop_winbindd() {
-	start-stop-daemon --stop --quiet --pidfile "$piddir"/winbindd.pid
-}
-
-
-start_bgqd() {
-	start-stop-daemon --start --quiet --exec /usr/lib/samba/samba-bgqd -- \
-		${bgqd_options:-"-D"}
-}
-
-stop_bgqd() {
-	start-stop-daemon --stop --quiet --pidfile "$piddir"/samba-bgqd.pid
-}
-
-start() {
-	for i in $daemon_list; do
-		ebegin "Starting $i"
-		start_$i
-		eend $?
-	done
-}
-
-stop() {
-	for i in $daemon_list; do
-		ebegin "Stopping $i"
-		stop_$i
-		eend $?
-	done
-}
-
-reload() {
-	for i in $daemon_list; do
-		ebegin "Reloading $i"
-		# bgqd binary is called samba-bgqd
-		busybox killall -HUP ${i/bgqd/samba-bgqd}
-		eend $?
-	done
-}
-

etc/init.d/terraform-http-backend

@@ -1,19 +1,49 @@
-#!/sbin/openrc-run
+#!/bin/sh
+# Start/stop terraform-http-backend.
+#
+### BEGIN INIT INFO
+# Provides:          terraform-http-backend
+# Required-Start:    $network
+# Required-Stop:     $network
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Terraform HTTP state backend daemon
+# Description:       Terraform HTTP state backend daemon
+### END INIT INFO
 
-depend() {
-	need net
-	after firewall
-}
+NAME=terraform-http-backend
+DAEMON=/opt/sbin/$NAME
+DESC="Terraform HTTP state backend"
+SCRIPT=terraform-http-backend
 
-start() {
-	ebegin "Starting terraform-http-backend"
-	source /etc/conf.d/terraform-http-backend || eend 1
-	su "$TF_USER" -c "/opt/sbin/terraform-http-backend &" || eend 1
-	eend $?
-}
+test -x $DAEMON || exit 0
 
-stop() {
-	ebegin "Stopping terraform-http-backend"
-	busybox killall -TERM terraform-http-backend
-	eend $?
-}
+[ -f /etc/default/terraform-http-backend ] && . /etc/default/terraform-http-backend
+export TF_USER TF_IP TF_PORT TF_STORAGE_DIR TF_AUTH_ENABLED TF_USERNAME TF_PASSWORD
+
+. /lib/lsb/init-functions
+
+case "$1" in
+	(start)
+		log_daemon_msg "Starting $DESC" $NAME
+		/usr/bin/su "$TF_USER" -c "$DAEMON >/dev/null 2>&1 &"
+		log_end_msg $?
+		;;
+	(stop)
+		log_daemon_msg "Stopping $DESC" $NAME
+		/usr/bin/killall -TERM $DAEMON
+		log_end_msg $?
+		;;
+	(restart|force-reload)
+		$0 stop && sleep 1 && $0 start
+		;;
+	(status)
+		status_of_proc $DAEMON $NAME && exit 0 || exit $?
+		;;
+	(*)
+		echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}"
+		exit 1
+		;;
+esac
+
+exit 0

etc/iptables/rules-save

@@ -1,24 +0,0 @@
-# Generated by iptables-save v1.8.11 (nf_tables) on Sat Sep 13 18:45:54 2025
-*filter
-:INPUT DROP [6:240]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [27:2250]
-[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
-[12:1176] -A INPUT -i lo -j ACCEPT
-[0:0] -A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT
-[0:0] -A INPUT -s 5.101.171.208/28 -i eth0 -j ACCEPT
-[6:707] -A INPUT -s 185.176.90.169/32 -i eth0 -j ACCEPT
-[0:0] -A INPUT -s 172.236.16.105/32 -i eth0 -j ACCEPT
-[0:0] -A INPUT -s 82.33.87.103/32 -i eth0 -j ACCEPT
-[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-[0:0] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-[0:0] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-[0:0] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-[0:0] -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
-[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
-[0:0] -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
-[0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
-[0:0] -A INPUT -p tcp -m tcp --dport 25480 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
-COMMIT
-# Completed on Sat Sep 13 18:45:54 2025

etc/iptables/rules6-save

@@ -1,25 +0,0 @@
-# Generated by ip6tables-save v1.8.11 (nf_tables) on Sat Sep 13 18:45:54 2025
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
-[0:0] -A INPUT -i lo -j ACCEPT
-[0:0] -A INPUT -s 2a01:a500:2981:1::/64 -i eth0 -j ACCEPT
-[0:0] -A INPUT -s 2a07:4580:b0d:57f::169/128 -i eth0 -j ACCEPT
-[0:0] -A INPUT -s 2600:3c13::2000:50ff:fef4:7f56/128 -i eth0 -j ACCEPT
-[0:0] -A INPUT -s 2001:470:1f1d:58::/64 -i eth0 -j ACCEPT
-[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
-[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT
-[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
-[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
-[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
-[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
-[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
-[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
-[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
-[0:0] -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
-[0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT
-COMMIT
-# Completed on Sat Sep 13 18:45:54 2025

etc/login.defs

@@ -0,0 +1,192 @@
+#
+# /etc/login.defs - Configuration control definitions for the shadow package.
+#
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable display of unknown usernames when login(1) failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable.
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		yes
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format similar to "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions for terminals after login(1).
+# These settings are ignored for remote and other logins.
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+#TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+#
+ERASECHAR	0177
+KILLCHAR	025
+
+# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+# home directories.
+HOME_MODE	0700
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd(8)
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  101
+#SYS_UID_MAX		  999
+# Extra per user uids
+SUB_UID_MIN		   100000
+SUB_UID_MAX		600100000
+SUB_UID_COUNT		    65536
+
+#
+# Min/max values for automatic gid selection in groupadd(8)
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  101
+#SYS_GID_MAX		  999
+# Extra per user group ids
+SUB_GID_MIN		   100000
+SUB_GID_MAX		600100000
+SUB_GID_COUNT		    65536
+
+#
+# Max number of login(1) retries if password is bad
+# This will most likely be overriden by PAM, since the default pam_unix module
+# has it's own built in of 3 retries. However, this is a safe fallback in case
+# you are using an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		3
+
+#
+# Max time in seconds for login(1)
+#
+LOGIN_TIMEOUT		30
+
+#
+# Which fields may be changed by regular users using chfn(1) - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+CHFN_RESTRICT		rwh
+
+#
+# If set to MD5, MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD YESCRYPT
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# The pwck(8) utility emits a warning for any system account with a home
+# directory that does not exist.  Some system accounts intentionally do
+# not have a home directory.  Such accounts may have this string as
+# their home directory in /etc/passwd to avoid a spurious warning.
+#
+NONEXISTENT	/nonexistent
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel(8) will remove the user's group if it contains no more
+# members, and useradd(8) will create by default a group with the name of the
+# user.
+#
+# Other former uses of this variable are not used in PAM environments, such as
+# Debian.
+#
+USERGROUPS_ENAB yes

etc/pkglist

@@ -414,6 +414,7 @@ libzstd1
 linux-libc-dev
 linux-sysctl-defaults
 locales
+locales-all
 login
 login.defs
 logrotate