Add msmtp configuration.

.gitattributesdb

@@ -7,10 +7,10 @@ LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - -
 LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - -
 LmdpdGlnbm9yZQ== 1757789404 1757593248 root:root 0644 - -
 LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - -
-ZXRjLy5naXRpZ25vcmU= 1757611781 1757611781 root:root 0644 - -
+ZXRjLy5naXRpZ25vcmU= 1758049461 1757611781 root:root 0644 - -
 ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - -
-ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1757785734 1757785514 root:root 0644 - -
-ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1757786703 1757785113 root:root 0644 - -
+ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758045891 1757785514 root:root 0644 - -
+ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758045929 1757785113 root:root 0644 - -
 ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1757609410 1757609410 root:root 0644 - -
 ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - -
 ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - -
@@ -18,20 +18,32 @@ ZXRjL2NvbmYuZC9zYW1iYQ== 1757592912 1757592912 root:root 0644 - -
 ZXRjL2NvbmYuZC9zc2hk 1757593051 1757593051 root:root 0644 - -
 ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757771663 1757595391 root:root 0644 - -
 ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - -
-ZXRjL2dyb3Vw 1757761113 1757594224 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054 1758038054 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230 1757873230 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1757873275 1757873275 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvYXJjaGl2ZS8uZ2l0aWdub3Jl 1757874259 1757873451 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvY2VydHMvLmdpdGlnbm9yZQ== 1757874303 1757873537 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1758044465 1757862077 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328 1757862077 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1757863238 1757862077 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL2NvcmUuc2xhY2t3YXJlLnVrLm5ldA== 1757863250 1757863250 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758045829 1757862077 root:root 0755 - -
+ZXRjL2dyb3Vw 1757873802 1757869538 root:root 0644 - -
 ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - -
 ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - -
 ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757789154 1757789154 root:root 0600 - -
 ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757789154 1757789154 root:root 0600 - -
 ZXRjL2xvY2FsLmQvLmdpdGlnbm9yZQ== 1757595481 1757595481 root:root 0644 - -
 ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - -
+ZXRjL21zbXRwLmFsaWFzZXM= 1758035451 1758035451 root:root 0644 - -
+ZXRjL21zbXRwcmMuZ3Bn 1758049424 1758049424 root:root 0644 - -
 ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - -
 ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1757759982 1757596330 root:root 0644 - -
-ZXRjL3Bhc3N3ZA== 1757771794 1757594202 root:root 0644 - -
+ZXRjL3Bhc3N3ZA== 1757873724 1757869538 root:root 0644 - -
 ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItZGVoeWRyYXRlZA== 1757708520 1757708520 root:root 0777 - -
 ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2ItdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3BlcmlvZGljL2RhaWx5L2Nyb25qb2Itd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - -
-ZXRjL3BrZ2xpc3Q= 1757609913 1757609913 root:root 0644 - -
+ZXRjL3BrZ2xpc3Q= 1758046586 1757609913 root:root 0644 - -
 ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - -
 ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - -
 ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - -
@@ -55,22 +67,22 @@ ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - -
 ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - -
 aG9tZS8uZ2l0aWdub3Jl 1757762052 1757762052 root:root 0644 - -
 aG9tZS9zeXNhZG1pbi8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 sysadmin:users 0644 - -
-aG9tZS9zeXNhZG1pbi8uYmFzaF9wcm9maWxl 1757584711 1757584711 sysadmin:users 0644 - -
-aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1757764048 1757586493 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uYmFzaF9wcm9maWxl 1757861225 1757584711 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1757861322 1757586493 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uZ2l0Y29uZmln 1757582738 1757582738 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uZ2l0aWdub3Jl 1757600312 1757600312 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8ubmFub3Jj 1757585756 1757585756 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757763178 1757587611 sysadmin:users 0644 - -
-b3B0L3NiaW4vY3JvbmpvYi1kZWh5ZHJhdGVk 1757531685 1757531685 root:root 0755 - -
+b3B0L3NiaW4vY3JvbmpvYi1kZWh5ZHJhdGVk 1758033093 1757531685 root:root 0755 - -
 b3B0L3NiaW4vY3JvbmpvYi11cGRhdGUtcGFja2FnZXMtbGlzdA== 1757531121 1757531121 root:root 0755 - -
 b3B0L3NiaW4vY3JvbmpvYi13YXJuLWdpdC1zdGF0dXM= 1757591137 1757591137 root:root 0755 - -
 b3B0L3NiaW4vZGVoeWRyYXRlZA== 1757531557 1757531557 root:root 0755 - -
 b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1757590543 1757590543 root:root 0755 - -
 cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 root:root 0644 - -
 cm9vdC8uYmFzaF9wcm9maWxl 1757584711 1757584711 root:root 0644 - -
-cm9vdC8uYmFzaHJj 1757586493 1757586493 root:root 0644 - -
+cm9vdC8uYmFzaHJj 1757861289 1757586493 root:root 0644 - -
 cm9vdC8uZ2l0Y29uZmln 1757582738 1757582738 root:root 0644 - -
 cm9vdC8uZ2l0aWdub3Jl 1757600312 1757600312 root:root 0644 - -
 cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 0644 - -
@@ -80,9 +92,9 @@ cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - -
 c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= 1757776960 1757776960 root:root 0644 - -
 ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - -
 ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - -
-ZXRjL3NoYWRvdw== 1757761290 1757702629 root:shadow 0640 - -
-ZXRjL3NoYWRvdy0= 1757702585 1757702585 root:shadow 0640 - -
+ZXRjL3NoYWRvdw== 1757873748 1757869538 root:shadow 0640 - -
+ZXRjL3NoYWRvdy0= 1757761290 1757702629 root:shadow 0640 - -
 ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - -
 ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - -
 ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - -
-aG9tZS9zeXNhZG1pbg== 1757788654 1757761412 sysadmin:users 0711 - -
+aG9tZS9zeXNhZG1pbg== 1757861322 1757761412 sysadmin:users 0711 - -

etc/.gitignore

@@ -3,6 +3,7 @@
 /apk/
 /bash/
 /busybox-paths.d/
+/certificates/
 /doas.conf
 /doas.d/
 /environment
@@ -15,12 +16,15 @@
 /issue
 /lbu/
 /logrotate.d/
+/lynx.cfg
+/lynx.lss                
 /mail.rc
 /mdev.conf
 /modprobe.d/
 /modules
 /modules-load.d/
 /motd
+/msmtprc
 /mtab
 /nanorc
 /nsswitch.conf

etc/apache2/httpd.conf

@@ -15,8 +15,8 @@ LoadModule	unixd_module		/usr/lib/apache2/mod_unixd.so
 LoadModule	http2_module		/usr/lib/apache2/mod_http2.so
 
 # SSL.
-#LoadModule	ssl_module		/usr/lib/apache2/mod_ssl.so
-#LoadModule	socache_shmcb_module	/usr/lib/apache2/mod_socache_shmcb.so
+LoadModule	ssl_module		/usr/lib/apache2/mod_ssl.so
+LoadModule	socache_shmcb_module	/usr/lib/apache2/mod_socache_shmcb.so
 
 # SSI.
 LoadModule	include_module		/usr/lib/apache2/mod_include.so
@@ -151,9 +151,7 @@ MimeMagicFile	/etc/apache2/magic
 
 
 # Lets Encrypt validation.
-<IfModule ssl_module>
-  Alias		/.well-known/acme-challenge/		/srv/dehydrated/
-</IfModule>
+Alias		/.well-known/acme-challenge/		/srv/dehydrated/
 
 
 # Access control.
@@ -167,19 +165,19 @@ MimeMagicFile	/etc/apache2/magic
   Require		all denied
 </Directory>
 
-<Directory /var/empty>
+<Directory /var/empty/>
   Options		None
   AllowOverride		None
   Require		all granted
 </Directory>
 
-<Directory /srv/dehydrated>
+<Directory /srv/dehydrated/>
   Options		None
   AllowOverride		None
   Require		all granted
 </Directory>
 
-<Directory /srv/www/*/html>
+<Directory /srv/www/*/html/>
   Options		Includes MultiViews SymLinksIfOwnerMatch
   AllowOverride		AuthConfig FileInfo Indexes Limit
 
@@ -208,7 +206,7 @@ MimeMagicFile	/etc/apache2/magic
 </Directory>
 
 <IfModule cgid_module>
-  <Directory /srv/www/*/cgi-bin>
+  <Directory /srv/www/*/cgi-bin/>
     Options		ExecCGI Includes MultiViews SymLinksIfOwnerMatch
     AllowOverride	AuthConfig FileInfo Limit
 

etc/apache2/sites.d/core.slackware.uk.net.conf

@@ -12,9 +12,9 @@
   <VirtualHost 5.101.171.215:443 [2a01:a500:2981:1::d7]:443>
     ServerName			core.slackware.uk.net
 
-    SSLCertificateFile		/etc/certificates/core.slackware.uk.net-cert.pem
-    SSLCertificateKeyFile	/etc/certificates/core.slackware.uk.net-key.pem
-    SSLCertificateChainFile	/etc/certificates/core.slackware.uk.net-chain.pem
+    SSLCertificateFile		/etc/certificates/core.slackware.uk.net_cert.pem
+    SSLCertificateKeyFile	/etc/certificates/core.slackware.uk.net_key.pem
+    SSLCertificateChainFile	/etc/certificates/core.slackware.uk.net_chain.pem
 
     SetEnvIf			REQUEST_URI	^/robots\.txt$		no_log
     SetEnvIf			REQUEST_URI	^/favicon\.ico$		no_log

etc/dehydrated/.gitignore

@@ -0,0 +1 @@
+/chains/

etc/dehydrated/accounts/.gitignore

@@ -0,0 +1,2 @@
+/*/
+/*.tar

etc/dehydrated/archive/.gitignore

@@ -0,0 +1 @@
+/*

etc/dehydrated/certs/.gitignore

@@ -0,0 +1 @@
+/*

etc/dehydrated/config

@@ -0,0 +1,147 @@
+# This is the main config file for dehydrated.
+# This file is looked for in the following locations:
+#   $SCRIPTDIR/config (next to this script)
+#   /usr/local/etc/dehydrated/config
+#   /etc/dehydrated/config
+#   ${PWD}/config (in current working-directory)
+
+# Which user should dehydrated run as?  This will be implictly enforced when running as root.
+# Default: <unset>
+#DEHYDRATED_USER=""
+
+# Which group should dehydrated run as?  This will be implictly enforced when running as root.
+# Default: <unset>
+#DEHYDRATED_GROUP=""
+
+# Resolve names to addresses of IP version only, for curl.
+# Supported values: 4, 6.
+# Default: <unset>
+#IP_VERSION=""
+
+# Path to certificate authority.
+# Default: https://acme-v02.api.letsencrypt.org/directory
+#CA="https://acme-v02.api.letsencrypt.org/directory"
+# Use staging server for testing:
+#CA="https://acme-staging-v02.api.letsencrypt.org/directory"
+
+# Path to old certificate authority.
+# Set this value to your old CA when upgrading from ACMEv1 to ACMEv2 under a different endpoint.
+# If dehydrated detects an account-key for the old CA it will automatically reuse that key
+# instead of registering a new one.
+# Default: https://acme-v01.api.letsencrypt.org/directory
+#OLDCA="https://acme-v01.api.letsencrypt.org/directory"
+
+# Which challenge should be used?
+# Supported values: http-01, dns-01, tls-alpn-01.
+# Default: http-01
+#CHALLENGETYPE="http-01"
+
+# Path to a directory containing additional config files.
+# This allows overriding the defaults found in the main configuration file.
+# Additional config files in this directory must be named with a '.sh' ending.
+# Default: <unset>
+#CONFIG_D=""
+
+# Base directory for account key, generated certificates and list of domains.
+# Default: $SCRIPTDIR
+BASEDIR="/etc/dehydrated"
+
+# File containing the list of domains for which to request certificates.
+# Default: $BASEDIR/domains.txt
+DOMAINS_TXT="${BASEDIR}/domains"
+
+# Directory for per-domain configuration files.
+# If not set, per-domain configurations are sourced from each certificates output directory.
+# Default: <unset>
+DOMAINS_D="${BASEDIR}/domains.d"
+
+# Output directory for generated certificates.
+# Default: ${BASEDIR}/certs
+#CERTDIR="${BASEDIR}/certs"
+
+# Output directory for alpn verification certificates.
+# Default: ${BASEDIR}/alpn-certs
+#ALPNCERTDIR="${BASEDIR}/alpn-certs"
+
+# Directory for account keys and registration information.
+# Default: ${BASEDIR}/accounts
+#ACCOUNTDIR="${BASEDIR}/accounts"
+
+# Output directory for challenge-tokens to be served by webserver, or deployed in $HOOK.
+# Default: /var/www/dehydrated
+WELLKNOWN="/srv/dehydrated"
+
+# Default keysize for private keys.
+# Default: 4096
+#KEYSIZE="4096"
+
+# Path to openssl config file.
+# To try and figure out the system default, leave this unset.
+# Default: <unset>
+#OPENSSL_CNF=""
+
+# Path to OpenSSL binary.
+# Default: openssl
+#OPENSSL="openssl"
+
+# Extra options passed to the curl binary.
+# Default: <unset>
+#CURL_OPTS=""
+
+# Program or function called at certain stages of processing.
+# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
+# Default: <unset>
+HOOK="${BASEDIR}/hooks/default"
+
+# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
+# Default: no
+#HOOK_CHAIN="no"
+
+# Minimum days before expiration to automatically renew certificate.
+# Default: 30
+#RENEW_DAYS="30"
+
+# Regenerate private keys instead of just signing new certificates on renewal?
+# Default: yes
+PRIVATE_KEY_RENEW="no"
+
+# Create an extra private key for rollover?
+# Default: no
+#PRIVATE_KEY_ROLLOVER="no"
+
+# Which public key algorithm should be used?
+# Supported: rsa, prime256v1, secp384r1.
+# Default: rsa
+KEY_ALGO="secp384r1"
+
+# E-mail to use during the registration.
+# Default: <unset>
+CONTACT_EMAIL="sysadmin@slackware.uk"
+
+# Lockfile location, to prevent concurrent execution.
+# Default: $BASEDIR/lock
+LOCKFILE="/run/dehydrated.lock"
+
+# Option to add CSR-flag indicating OCSP stapling to be mandatory.
+# Default: no
+#OCSP_MUST_STAPLE="no"
+
+# Fetch OCSP responses.
+# Default: no
+#OCSP_FETCH="no"
+
+# OCSP refresh interval, in days.
+# Default: 5
+#OCSP_DAYS="5"
+
+# Issuer chain cache directory.
+# Default: $BASEDIR/chains
+#CHAINCACHE="${BASEDIR}/chains"
+
+# Automatic cleanup?
+# Default: no
+AUTO_CLEANUP="yes"
+
+# ACME API version.
+# Default: auto
+#API=auto

etc/dehydrated/domains

@@ -0,0 +1,32 @@
+# Create certificate for 'example.org' with an alternative name of
+# 'www.example.org'. It will be stored in the directory ${CERT_DIR}/example.org
+#example.org www.example.org
+
+# Create certificate for 'example.com' with alternative names of
+# 'www.example.com' & 'wiki.example.com'. It will be stored in the directory
+# ${CERT_DIR}/example.com
+#example.com www.example.com wiki.example.com
+
+# Using the alias 'certalias' create certificate for 'example.net' with
+# alternate name 'www.example.net' and store it in the directory
+# ${CERTDIR}/certalias
+#example.net www.example.net > certalias
+
+# Using the alias 'service_example_com' create a wildcard certificate for
+# '*.service.example.com' and store it in the directory
+# ${CERTDIR}/service_example_com
+# NOTE: It is NOT a certificate for 'service.example.com'
+#*.service.example.com > service_example_com
+
+# Using the alias 'star_service_example_org' create a wildcard certificate for
+# '*.service.example.org' with an alternative name of `service.example.org'
+# and store it in the directory ${CERTDIR}/star_service_example_org
+# NOTE: It is a certificate for 'service.example.org'
+#*.service.example.org service.example.org  > star_service_example_org
+
+# Create a certificate for 'service.example.net' with an alternative name of
+# '*.service.example.net' (which is a wildcard domain) and store it in the
+# directory ${CERTDIR}/service.example.net
+#service.example.net *.service.example.net
+
+core.slackware.uk.net

etc/dehydrated/domains.d/_example_

@@ -0,0 +1,48 @@
+# The settings in this file can be used to override those in the global config file in /etc/dehydrated
+
+# Which challenge should be used?
+# Supported values: http-01, dns-01, tls-alpn-01.
+# Default: http-01
+#CHALLENGETYPE="http-01"
+
+# Default keysize for private keys.
+# Default: 4096
+#KEYSIZE="4096"
+
+# Program or function called at certain stages of processing.
+# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
+# Default: <unset>
+#HOOK=""
+
+# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
+# Default: no
+#HOOK_CHAIN="no"
+
+# Minimum days before expiration to automatically renew certificate.
+# Default: 30
+#RENEW_DAYS="30"
+
+# Regenerate private keys instead of just signing new certificates on renewal?
+# Default: yes
+#PRIVATE_KEY_RENEW="yes"
+
+# Create an extra private key for rollover?
+# Default: no
+#PRIVATE_KEY_ROLLOVER="no"
+
+# Which public key algorithm should be used?
+# Supported: rsa, prime256v1, secp384r1.
+# Default: rsa
+#KEY_ALGO="rsa"
+
+# Option to add CSR-flag indicating OCSP stapling to be mandatory.
+# Default: no
+#OCSP_MUST_STAPLE="no"
+
+# Fetch OCSP responses.
+# Default: no
+#OCSP_FETCH="no"
+
+# OCSP refresh interval, in days.
+# Default: 5
+#OCSP_DAYS="5"

etc/dehydrated/domains.d/core.slackware.uk.net

@@ -0,0 +1,48 @@
+# The settings in this file can be used to override those in the global config file in /etc/dehydrated
+
+# Which challenge should be used?
+# Supported values: http-01, dns-01, tls-alpn-01.
+# Default: http-01
+#CHALLENGETYPE="http-01"
+
+# Default keysize for private keys.
+# Default: 4096
+#KEYSIZE="4096"
+
+# Program or function called at certain stages of processing.
+# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
+# Default: <unset>
+#HOOK=""
+
+# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
+# Default: no
+#HOOK_CHAIN="no"
+
+# Minimum days before expiration to automatically renew certificate.
+# Default: 30
+#RENEW_DAYS="30"
+
+# Regenerate private keys instead of just signing new certificates on renewal?
+# Default: yes
+#PRIVATE_KEY_RENEW="yes"
+
+# Create an extra private key for rollover?
+# Default: no
+#PRIVATE_KEY_ROLLOVER="no"
+
+# Which public key algorithm should be used?
+# Supported: rsa, prime256v1, secp384r1.
+# Default: rsa
+#KEY_ALGO="rsa"
+
+# Option to add CSR-flag indicating OCSP stapling to be mandatory.
+# Default: no
+#OCSP_MUST_STAPLE="no"
+
+# Fetch OCSP responses.
+# Default: no
+#OCSP_FETCH="no"
+
+# OCSP refresh interval, in days.
+# Default: 5
+#OCSP_DAYS="5"

etc/dehydrated/hooks/default

@@ -0,0 +1,436 @@
+#!/usr/bin/env bash
+# This file contains the default hook functions for dehydrated - these functions will be used when there is no overriding certificate specific hooks file.
+# All but startup_hook and ext_hook can be overridden by a hooks script on a per certificate basis.
+#
+# shellcheck disable=SC2034,SC2317
+
+# Configuration.
+# Where the copies of the current certificates/keys should be placed.  Comment for no copying.
+CERTSDIR="/etc/certificates"
+# The syslog facility and tag to use.
+FACILITY="local3"
+TAG="dehydrated"
+# Where from/to to send emails.
+EMAIL_FROM="\"Server: ${HOSTNAME%%.*}\" <noreply@slackware.uk>"
+EMAIL_TO=("Systems' Administrator <sysadmin@slackware.uk>")
+
+# Get the system ID.
+# shellcheck disable=SC2046
+declare SYSTEM_$(grep '^ID=' /etc/os-release 2>/dev/null)
+
+# Write a message to syslog, and send a copy via email.
+notify() {
+  local LOG_PREFIX="${LOG_PREFIX:-Certificate renewal} $1" PRIORITY
+
+  [[ -z "$1" ]] && return 1
+
+  # Select the syslog priority level.
+  case "$1" in
+    'error') PRIORITY="err" ;;
+    'warning') PRIORITY="warn" ;;
+    *) PRIORITY="info" ;;
+  esac
+  shift
+
+  # Log the message to syslog
+  if [[ "$ID" == "alpine" ]]; then
+    # BusyBox logger on Alpine's is missing the --id option.
+    printf "%s\\n" "$LOG_PREFIX:" "$@" "EOX" | logger -p "$FACILITY.$PRIORITY" -t "$TAG" >/dev/null 2>&1
+  else
+    printf "%s\\n" "$LOG_PREFIX:" "$@" "EOX" | logger --id="$$" -p "$FACILITY.$PRIORITY" -t "$TAG" >/dev/null 2>&1
+  fi
+
+  # Email the notification.
+  printf "%s\\n" "$@" | mail -r "$EMAIL_FROM" -s "$LOG_PREFIX" "${EMAIL_TO[@]}" >/dev/null 2>&1
+
+  return 0
+}
+
+# Service configurations (used at startup/shutdown).
+services() {
+  local DAEMON ERR=0 LOG_PREFIX="Dehydrated configuration" PIDFILE RCFILE SANITY="$1"
+
+  # Select the service configuration based on the distribution.
+  # RCFILE_<service> is required for any service.
+  # Either DAEMON_<service> or PIDFILE_<service>, or both is required for any service.
+  if [[ "$SYSTEM_ID" == "slackware" ]]; then
+    # HTTP daemon selection.
+    if [[ -x "/etc/rc.d/rc.httpd" ]]; then
+      RCFILE_HTTPD="/etc/rc.d/rc.httpd"
+      DAEMON_HTTPD="httpd"
+      PIDFILE_HTTPD="/run/httpd.pid"
+    elif [[ -x "/etc/rc.d/rc.thttpd" ]]; then
+      RCFILE_HTTPD="/etc/rc.d/rc.thttpd"
+      DAEMON_HTTPD="thttpd"
+      PIDFILE_HTTPD="/run/thttpd.pid"
+    fi
+    # FTP daemon selection.
+    if [[ -x "/etc/rc.d/rc.proftpd" ]]; then
+      RCFILE_FTPD="/etc/rc.d/rc.proftpd"
+      DAEMON_FTPD="proftpd"
+      PIDFILE_FTPD="/run/proftpd.pid"
+    fi
+    # SMTP daemon selection.
+    if [[ -x "/etc/rc.d/rc.exim" ]]; then
+      RCFILE_SMTPD="/etc/rc.d/rc.exim"
+      DAEMON_SMTPD="exim"
+      PIDFILE_SMTPD="/run/exim.pid"
+    fi
+  elif [[ "$SYSTEM_ID" == "void" ]]; then
+    # HTTP daemon selection.
+    # thttpd on Void doesn't have a directly callable rc script, so can't be supported.
+    if [[ -x "/usr/sbin/apachectl" ]]; then
+      RCFILE_HTTPD="/usr/sbin/apachectl"
+      DAEMON_HTTPD="httpd"
+      PIDFILE_HTTPD="/run/httpd/httpd.pid"
+    fi    
+  elif [[ "$SYSTEM_ID" == "alpine" ]]; then
+    # HTTP daemon selection.
+    if [[ -x "/etc/init.d/apache2" ]]; then
+      RCFILE_HTTPD="/etc/init.d/apache2"
+      DAEMON_HTTPD="httpd"
+      PIDFILE_HTTPD="/run/apache2/httpd.pid"
+    elif [[ -x "/etc/init.d/thttpd" ]]; then
+      RCFILE_HTTPD="/etc/init.d/thttpd"
+      DAEMON_HTTPD="thttpd"
+      PIDFILE_HTTPD="/run/thttpd.pid"
+    fi
+    # Samba daemon selection.
+    if [[ -x "/etc/init.d/samba" ]]; then
+# FIXME:
+#      RCFILE_SAMBA="/etc/init.d/samba"
+      DAEMON_SAMBA="samba"
+      PIDFILE_SAMBA="/run/samba.pid"
+    fi
+  fi
+
+  # Sanity check settings.
+  ((SANITY == 1)) && {
+    [[ -z "$RCFILE_HTTPD" ]] && notify "warning" "No configuration settings for an HTTP daemon - no start/restart of HTTP daemon is possible -- check configuration"
+    for RCFILE in "${!RCFILE_@}"; do
+      DAEMON="DAEMON_${RCFILE#RCFILE_}"
+      PIDFILE="PIDFILE_${RCFILE#RCFILE_}"
+      [[ -n "${!RCFILE}" ]] && [[ -z "${!DAEMON}" ]] && [[ -z "${!PIDFILE}" ]] && notify "error" "'$RCFILE' is set, but neither '$DAEMON' nor '$PIDFILE' is set - at least one setting is required -- aborting" && ERR=1
+    done
+  }
+
+  ((ERR == 1)) && return 1
+
+  return 0
+}
+
+deploy_challenge() {
+  local DOMAIN="$1" TOKEN_FILENAME="$2" TOKEN_VALUE="$3"
+
+  # This hook is called once for every domain that needs to be
+  # validated, including any alternative names you may have listed.
+  # Parameters:
+  #   DOMAIN - The domain name (CN or subject alternative name) being validated.
+  #   TOKEN_FILENAME - The name of the file containing the token to be served for HTTP validation
+  #                    Should be served by your web server as /.well-known/acme-challenge/${TOKEN_FILENAME}.
+  #   TOKEN_VALUE - The token value that needs to be served for validation.
+  #                 For DNS validation, this is what you want to put in the _acme-challenge TXT record.
+  #                 For HTTP validation it is the value that is expected be found in the $TOKEN_FILENAME file.
+
+  # Simple example: Use nsupdate with local named
+  # printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 300 IN TXT "%s"\nsend\n' "$DOMAIN" "$TOKEN_VALUE" | nsupdate -k /var/run/named/session.key
+
+  return 0
+}
+
+
+clean_challenge() {
+  local DOMAIN="$1" TOKEN_FILENAME="$2" TOKEN_VALUE="$3"
+
+  # This hook is called after attempting to validate each domain, whether or not validation was successful. Here you can delete files or DNS records that are no longer needed.
+  # The parameters are the same as for deploy_challenge.
+
+  # Simple example: Use nsupdate with local named
+  # printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "$DOMAIN" "$TOKEN_VALUE" | nsupdate -k /var/run/named/session.key
+
+  return 0
+}
+
+
+sync_cert() {
+  local KEYFILE="$1" CERTFILE="$2" FULLCHAINFILE="$3" CHAINFILE="$4" REQUESTFILE="$5"
+
+  # This hook is called after the certificates have been created but before they are symlinked.
+  # This allows you to sync the files to disk to prevent creating a symlink to empty files on unexpected system crashes.
+  # This hook is not intended to be used for further processing of certificate files; see deploy_cert for that.
+  # Parameters:
+  #   KEYFILE - The path of the file containing the private key.
+  #   CERTFILE - The path of the file containing the signed certificate.
+  #   FULLCHAINFILE - The path of the file containing the full certificate chain.
+  #   CHAINFILE - The path of the file containing the intermediate certificate(s).
+  #   REQUESTFILE - The path of the file containing the certificate signing request.
+
+  # Simple example: sync the files before symlinking them
+  # sync "$KEYFILE" "$CERTFILE" "$FULLCHAINFILE" "$CHAINFILE" "$REQUESTFILE"
+
+  return 0
+}
+
+
+deploy_cert() {
+  local DOMAIN="$1" KEYFILE="$2" CERTFILE="$3" FULLCHAINFILE="$4" CHAINFILE="$5" TIMESTAMP="$6"
+
+  # This hook is called once for each certificate that has been produced.
+  # Here you might, for instance, copy your new certificates to service-specific locations and reload the service.
+  # Parameters:
+  #   DOMAIN - The primary domain name, i.e. the certificate common name (CN).
+  #   KEYFILE - The path of the file containing the private key. 
+  #   CERTFILE - The path of the file containing the signed certificate.
+  #   FULLCHAINFILE - The path of the file containing the full certificate chain.
+  #   CHAINFILE - The path of the file containing the intermediate certificate(s).
+  #   TIMESTAMP - Timestamp when the specified certificate was created.
+
+  local FILE LOG_PREFIX="Certificate deployment"
+
+  # Only copy the certificate if there's a CERTSDIR setting.
+  [[ -n "$CERTSDIR" ]] && {
+    # If any of the destination files are symlinks, bail out - we don't want to clobber something.
+    for FILE in "$CERTSDIR/${DOMAIN}_"{cert,key,chain,fullchain}.pem; do
+      [[ -e "$FILE" ]] && [[ -L "$FILE" ]] && {
+        notify "error" "Will not copy to symlink '$FILE' during '$DOMAIN' certificate deployment"
+        # Return 0 so that dehydrated doesn't stop - there may be some more certificates to renew.
+        return 0
+      }
+    done
+
+    # The first time through this will create the files readable by root only, but better to err on the side of caution.
+    # Subsequent runs will retain whatever permissions were set by the admin after the first run.
+    cmp "$CERTFILE" "$CERTSDIR/${DOMAIN}_cert.pem" >/dev/null 2>&1 || {
+      umask 066
+      # shellcheck disable=SC2015
+      cat "$CERTFILE" >"$CERTSDIR/${DOMAIN}_cert.pem" && cat "$KEYFILE" >"$CERTSDIR/${DOMAIN}_key.pem" && cat "$CHAINFILE" >"$CERTSDIR/${DOMAIN}_chain.pem" && cat "$FULLCHAINFILE" >"$CERTSDIR/${DOMAIN}_fullchain.pem" || {
+        notify "error" "Failed to copy certificates/key to '$CERTSDIR' during '$DOMAIN' certificate deployment"
+        # Return 0 so that dehydrated doesn't stop - there may be some more certificates to renew.
+        return 0
+      }
+    }
+
+    # Set a marker (used in the exit_hook function) to signal that services should be reloaded at the end of deployments.
+    touch /run/dehydrated-reload-marker || {
+      notify "warning" "Failed to create reload marker during '$DOMAIN' certificate deployment - reloading services manually may be required -- check server"
+      # Return 0 so that dehydrated doesn't stop - there may be some more certificates to renew.
+      return 0
+    }
+  }
+
+  # Notify the sysadmin of the sucessful renewal.
+  notify "information" "Sucessful renewal and deployment of certificate/key for '$DOMAIN'"
+
+  return 0
+}
+
+
+deploy_ocsp() {
+  local DOMAIN="$1" OCSPFILE="$2" TIMESTAMP="$3"
+
+  # This hook is called once for each updated ocsp stapling file that has been produced.
+  # Here you might, for instance, copy your new ocsp stapling files to service-specific locations and reload the service.
+  # Parameters:
+  #   DOMAIN - The primary domain name, i.e. the certificate common name (CN).
+  #   OCSPFILE - The path of the ocsp stapling file.
+  #   TIMESTAMP - Timestamp when the specified ocsp stapling file was created.
+
+  # Simple example: Copy file to nginx config
+  # cp "$OCSPFILE" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
+  # systemctl reload nginx
+
+  return 0
+}
+
+
+unchanged_cert() {
+  local DOMAIN="$1" KEYFILE="$2" CERTFILE="$3" FULLCHAINFILE="$4" CHAINFILE="$5"
+
+  # This hook is called once for each certificate that is still valid and therefore wasn't reissued.
+  # Parameters:
+  #   DOMAIN - The primary domain name, i.e. the certificate common name (CN).
+  #   KEYFILE - The path of the file containing the private key.
+  #   CERTFILE - The path of the file containing the signed certificate.
+  #   FULLCHAINFILE - The path of the file containing the full certificate chain.
+  #   CHAINFILE - The path of the file containing the intermediate certificate(s).
+
+  return 0
+}
+
+
+invalid_challenge() {
+  local DOMAIN="$1" RESPONSE="$2"
+
+  # This hook is called if the challenge response has failed, so domain owners can be aware and act accordingly.
+  # Parameters:
+  #   DOMAIN - The primary domain name, i.e. the certificate common name (CN).
+  #   RESPONSE - The response that the verification server returned
+
+  # Notify the sysadmin.
+  notify "error" "Validation of '$DOMAIN' failed:" "$RESPONSE"
+
+  return 0
+}
+
+
+request_failure() {
+  local STATUSCODE="$1" REASON="$2" REQTYPE="$3" HEADERS="$4"
+
+  # This hook is called when an HTTP request fails (e.g., when the ACME server is busy, returns an error, etc).
+  # It will be called upon any response code that does not start with '2'. Useful to alert admins about problems with requests.
+  # Parameters:
+  #   STATUSCODE - The HTML status code that originated the error.
+  #   REASON - The specified reason for the error.
+  #   REQTYPE - The kind of request that was made (GET, POST...)
+
+  # Notify the sysadmin.
+  notify "error" "HTTP $REQTYPE request failed for '$DOMAIN' with code '$STATUSCODE'" "Reason: $REASON" "Headers:" "$HEADERS"
+
+  return 0
+}
+
+
+generate_csr() {
+  local DOMAIN="$1" CERTDIR="$2" ALTNAMES="$3"
+
+  # This hook is called before any certificate signing operation takes place.
+  # It can be used to generate or fetch a certificate signing request with external tools.
+  # The output should be just the cerificate signing request formatted as PEM.
+  # Parameters:
+  #   DOMAIN - The primary domain as specified in domains.txt.
+  #            This does not need to match with the domains in the CSR, it's basically just the directory name.
+  #   CERTDIR - Certificate output directory for this particular certificate.
+  #             Can be used for storing additional files.
+  #   ALTNAMES -  All domain names for the current certificate as specified in domains.txt.
+  #               Again, this doesn't need to match with the CSR, it's just there for convenience.
+
+  # Simple example: Look for pre-generated CSRs
+  # if [ -e "$CERTDIR/pre-generated.csr" ]; then
+  #   cat "$CERTDIR/pre-generated.csr"
+  # fi
+
+  return 0
+}
+
+
+startup_hook() {
+  # This hook is called before the cron command to do some initial tasks (e.g. starting a webserver).
+
+  local LOG_PREFIX="Dehydrated startup"
+
+  # Read services configuration (with sanity check)
+  services 1 || return 1
+
+  # Make sure the certificates directory exists.
+  [[ -n "$CERTSDIR" ]] && {
+    umask 022
+    # shellcheck disable=SC2174
+    mkdir -p -m 0755 "$CERTSDIR" 2>/dev/null || {
+      notify "error" "Failed to create certificate storage directory -- aborting"
+      return 1
+    }
+  }
+
+  # If an HTTP daemon rc script is available and the service is not already running, start it.
+  [[ -n "$RCFILE_HTTPD" ]] && {
+    pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || {
+      "$RCFILE_HTTPD" start >/dev/null 2>&1
+      sleep 5
+      if pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1; then
+        # Set a marker (used in exit_hook()) to signal that the HTTP daemon should be stopped at the end of deployments.
+        touch /run/dehydrated-http-daemon-stop-marker 2>/dev/null || notify "warning" "Failed to create HTTP daemon stop marker - HTTP daemon will be left running -- check server"
+      else
+        notify "error" "Failure of '$RCFILE_HTTPD' to start HTTP daemon -- aborting"
+        return 1
+      fi
+    }
+  }
+
+  # Add firewall rules to allow HTTP traffic so the nonce can be validated.
+  { iptables -N dehydrated && ip6tables -N dehydrated && iptables -I INPUT 1 -j dehydrated && ip6tables -I INPUT 1 -j dehydrated && iptables -I dehydrated 1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT && ip6tables -I dehydrated 1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT; } >/dev/null 2>&1 || {
+    notify "error" "Failed to insert firewall rules to allow nonce validation -- aborting"
+    return 1
+  }
+
+  return 0
+}
+
+
+exit_hook() {
+  local ERROR="$1"
+
+  # This hook is called at the end of the cron command and can be used to do some final (cleanup or other) tasks.
+  # Parameters:
+  #   ERROR - Contains error message if dehydrated exits with error.
+
+  local DAEMON ERR=0 LOG_PREFIX="Dehydrated shutdown" PIDFILE RCFILE TIMEOUT=30
+
+  # Read services configuration (without sanity check - this was already done at startup)
+  services 0 || return 1
+
+  # Delete firewall rules that was added to allow HTTP traffic.
+  iptables -C INPUT -j dehydrated >/dev/null 2>&1 && iptables -D INPUT -j dehydrated >/dev/null 2>&1
+  ip6tables -C INPUT -j dehydrated >/dev/null 2>&1 && ip6tables -D INPUT -j dehydrated >/dev/null 2>&1
+  iptables -F dehydrated >/dev/null 2>&1
+  ip6tables -F dehydrated >/dev/null 2>&1
+  iptables -X dehydrated >/dev/null 2>&1
+  ip6tables -X dehydrated >/dev/null 2>&1
+  
+  # If the reload marker was set, restart services.
+  [[ -e /run/dehydrated-reload-marker ]] && {
+    for RCFILE in "${!RCFILE_@}"; do
+      DAEMON="DAEMON_${RCFILE#RCFILE_}"
+      PIDFILE="PIDFILE_${RCFILE#RCFILE_}"
+      # If the HTTP daemon is going to be shut down, there's no need to restart it.
+      [[ "$RCFILE" == "RCFILE_HTTPD" ]] && [[ -e /run/dehydrated-http-daemon-stop-marker ]] && continue
+      # Restart the service.
+      "${!RCFILE}" restart >/dev/null 2>&1 || notify "warning" "Failed to restart service '${!DAEMON}' -- check server"
+      sleep "$TIMEOUT"
+      pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || {
+        notify "warning" "Service '${!DAEMON}' exited unexpectedly - trying to start again"
+        "${!RCFILE}" start >/dev/null 2>&1 || notify "warning" "Failed to start service '${!DAEMON}' -- check server"
+        sleep "$TIMEOUT"
+        pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || {
+          notify "warning" "Service '${!DAEMON}' failed to restart correctly -- check server"
+          ERR=1
+        }
+      }
+    done
+  }
+
+  # Remove the reload marker if all services restarted without issue.  Keep the marker if any failed.
+  ((ERR == 0)) && { rm -f /run/dehydrated-reload-marker 2>/dev/null || notify "warning" "Failed to remove services reload marker -- check server"; }
+
+  # If an HTTP daemon was started by dehydrated, stop it now.
+  ERR=0
+  [[ -e /run/dehydrated-http-daemon-stop-marker ]] && {
+    pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && {    
+      "$RCFILE_HTTPD" stop >/dev/null 2>&1 || notify "warning" "Failed to gracefully stop service '$DAEMON_HTTPD' -- check server"
+      sleep "$TIMEOUT"
+      pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && {
+        pkill -TERM ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || notify "warning" "Failed to -SIGTERM service '$DAEMON_HTTPD' -- check server"
+        sleep "$TIMEOUT"
+        pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && {
+          pkill -KILL ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || notify "warning" "Failed to -SIGKILL service '$DAEMON_HTTPD' -- check server"
+          sleep 5
+        }
+      }
+      pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && notify "warning" "Failed to stop HTTP daemon that dehydrated started" && ERR=1
+    }
+  }
+
+  # If the HTTP daemon was stopped correctly, remove the stop marker.
+  ((ERR == 0)) && { rm -f /run/dehydrated-http-daemon-stop-marker 2>/dev/null || notify "warning" "Failed to remove HTTP daemon stop marker -- check server"; }
+
+  return 0
+}
+
+# Run the correct function.
+HANDLER="$1"
+shift
+if declare -pF "$HANDLER" >/dev/null 2>&1; then
+  "$HANDLER" "$@"
+  exit "$?"
+else
+  exit 0
+fi  

etc/msmtp.aliases

@@ -0,0 +1 @@
+default:	sysadmin@slackware.uk

etc/pkglist

@@ -7,6 +7,7 @@ alpine-conf
 alpine-keys
 alpine-release
 apache2
+apache2-ctl
 apache2-http2
 apache2-openrc
 apache2-proxy
@@ -81,6 +82,7 @@ libmnl
 libncursesw
 libnftnl
 libpanelw
+libproc2
 libpsl
 libsasl
 libsmbclient
@@ -96,6 +98,7 @@ libxml2
 libxtables
 linux-pam
 lmdb
+lynx
 lz4-libs
 mailx
 mdev-conf
@@ -126,6 +129,7 @@ php83-common
 php83-fpm
 pinentry
 popt
+procps-ng
 prometheus-node-exporter
 prometheus-node-exporter-openrc
 readline
@@ -144,6 +148,8 @@ samba-util-libs
 scanelf
 skalibs-libs
 sqlite-libs
+sshguard
+sshguard-openrc
 ssl_client
 sudo
 talloc

home/sysadmin/.bash_profile

@@ -7,6 +7,8 @@ export PATH="/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bi
 hash less >/dev/null 2>&1 && export PAGER="less"
 hash nano >/dev/null 2>&1 && export EDITOR="nano" && export VISUAL="$EDITOR"
 
+[[ "$TERM" == screen.* ]] && export TERM="${TERM#screen.}"
+
 [[ -d "$HOME/files/bin" ]] && export PATH="$HOME/files/bin:$PATH"
 [[ -d "$HOME/.local/bin" ]] && export PATH="$HOME/.local/bin:$PATH"
 [[ -d "$HOME/bin" ]] && export PATH="$HOME/bin:$PATH"

home/sysadmin/.bashrc

@@ -44,7 +44,7 @@ hash ls >/dev/null 2>&1 && alias ls='ls -Fv --color=always'
 hash nc >/dev/null 2>&1 && alias pastebin='nc termbin.com 9999'
 
 echo -ne "\e[2q"
-echo -ne "\e]12;#00FF00"
+echo -e "\e]12;#00FF00"
 
 for FILE in "$HOME"/.bashrc.d/*; do
   [[ -x "$FILE" ]] && source "$FILE"

opt/sbin/cronjob-dehydrated

@@ -1,6 +1,6 @@
 #!/bin/bash
+# Run this job in the background.
+( # Delay the run for 15 hours (from midnight) and then run at a random time within 3 hours after that.
+  sleep $(( 54000 + (RANDOM % 10800) ))
 
-# Delay the run for 15 hours (from midnight) and then run at a random time within 3 hours after that.
-sleep $(( 54000 + (RANDOM % 10800) ))
-
-/opt/sbin/dehydrated -c >/dev/null
+  /opt/sbin/dehydrated -c >/dev/null ) &

root/.bashrc

@@ -44,7 +44,7 @@ hash ls >/dev/null 2>&1 && alias ls='ls -Fv --color=always'
 hash nc >/dev/null 2>&1 && alias pastebin='nc termbin.com 9999'
 
 echo -ne "\e[2q"
-echo -ne "\e]12;#00FF00"
+echo -e "\e]12;#00FF00"
 
 for FILE in "$HOME"/.bashrc.d/*; do
   [[ -x "$FILE" ]] && source "$FILE"