diff --git a/.gitattributesdb b/.gitattributesdb
index 7b0060a..bb517d0 100644
--- a/.gitattributesdb
+++ b/.gitattributesdb
@@ -9,521 +9,359 @@ LmdpdGhvb2tz 1773074781.635958529 1771512801.560006128 root:root 0755 - -
 LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106.000000000 1757519106.000000000 root:root 0755 - -
 LmdpdGhvb2tz 1773074781.635958529 1771512801.560006128 root:root 0755 - -
 LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106.000000000 1757519106.000000000 root:root 0755 - -
-LmdpdGlnbm9yZQ== 1774107585.673027919 1757593248.000000000 root:root 0644 - -
+LmdpdGlnbm9yZQ== 1762025173.020942279 1757593248.000000000 root:root 0644 - -
 LmdpdG1vZHVsZXM= 1757607701.000000000 1757607701.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjLy5naXRpZ25vcmU= 1774123924.683508430 1757611781.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjLy5naXRpZ25vcmU= 1773946669.402887347 1757611781.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1766069108.043264156 1757775932.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 ZXRjL2FwYWNoZTIvYXBhY2hlMi5jb25m 1773343425.497690175 1757785514.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGhuX2NvcmUubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGhuX2ZpbGUubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X2NvcmUubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X3VzZXIubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2NnaWQubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2RlZmxhdGUubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2ZpbHRlci5sb2Fk 1771512801.568005995 1771512801.568005995 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2h0dHAyLmxvYWQ= 1771512801.568005995 1771512801.568005995 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2luY2x1ZGUubG9hZA== 1771512801.568005995 1771512801.568005995 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5LmxvYWQ= 1771512801.568005995 1771512801.568005995 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5X2ZjZ2kubG9hZA== 1771512801.568005995 1771512801.568005995 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5X2h0dHAubG9hZA== 1773512305.071354981 1773512305.071354981 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Jld3JpdGUubG9hZA== 1773519967.649760800 1773519967.649760800 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3NvY2FjaGVfc2htY2IubG9hZA== 1773343134.250327036 1773343134.250327036 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 bW9kcy1lbmFibGVk  - -
 ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3NzbC5sb2Fk 1773343014.364235719 1773343014.364235719 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 c2l0ZXMtYXZhaWxhYmxl  - -
 ZXRjL2FwYWNoZTIvc2l0ZXMtYXZhaWxhYmxlLy5naXRpZ25vcmU= 1766069274.068541443 1766069263.648712326 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 c2l0ZXMtYXZhaWxhYmxl  - -
 ZXRjL2FwYWNoZTIvc2l0ZXMtYXZhaWxhYmxlL2NvcmUuc2xhY2t3YXJlLnVrLm5ldC5jb25m 1773519943.102151242 1757785113.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXBhY2hlMg==  - -
 c2l0ZXMtZW5hYmxlZA==  - -
 ZXRjL2FwYWNoZTIvc2l0ZXMtZW5hYmxlZC8wMC1jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1773340506.404142422 1773340506.404142422 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXB0  - -
 ZXRjL2FwdC8uZ2l0aWdub3Jl 1762532662.236312315 1762532566.409854495 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXB0  - -
 cHJlZmVyZW5jZXMuZA==  - -
 ZXRjL2FwdC9wcmVmZXJlbmNlcy5kL3N1cnk= 1762021809.456432672 1762021809.456432672 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXB0  - -
 c291cmNlcy5saXN0LmQ=  - -
 ZXRjL2FwdC9zb3VyY2VzLmxpc3QuZC9mZC5saXN0 1762021706.378133066 1762021706.374133133 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 YXB0  - -
 c291cmNlcy5saXN0LmQ=  - -
 ZXRjL2FwdC9zb3VyY2VzLmxpc3QuZC9zdXJ5Lmxpc3Q= 1762021706.378133066 1762021706.378133066 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL2JpcnRoLWNlcnRpZmljYXRl 1774714793.333168516 1774112616.134109991 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-Ym9vdC5k  - -
-ZXRjL2Jvb3QuZC9wdXNob3Zlci1hbGVydA== 1773658239.854435424 1758225089.000000000 root:root 0755 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-Y2VydGlmaWNhdGVz  - -
-ZXRjL2NlcnRpZmljYXRlcy8uZ2l0aWdub3Jl 1774126655.398873237 1774126655.398873237 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi4xNW1pbg==  - -
 ZXRjL2Nyb24uMTVtaW4vLmdpdGlnbm9yZQ== 1762535468.567176697 1762535289.358058790 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi5k  - -
-ZXRjL2Nyb24uZC8uZ2l0aWdub3Jl 1774113745.435355910 1762535289.358058790 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRjL2Nyb24uZC8uZ2l0aWdub3Jl 1762535453.203423781 1762535289.358058790 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi5kYWlseQ==  - -
-ZXRjL2Nyb24uZGFpbHkvLmdpdGlnbm9yZQ== 1774882375.073085385 1762535499.146684944 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRjL2Nyb24uZGFpbHkvLmdpdGlnbm9yZQ== 1762538383.748288196 1762535499.146684944 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi5kYWlseQ==  - -
-ZXRjL2Nyb24uZGFpbHkvMC1yb3RhdGUtbG9ncy10b2RheS1zeW1saW5r 1774882348.257522426 1774882348.257522426 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRjL2Nyb24uZGFpbHkvMC1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1773074830.431179720 1773074830.431179720 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi5kYWlseQ==  - -
 ZXRjL2Nyb24uZGFpbHkvMTAtZGVoeWRyYXRlZA== 1773074830.431179720 1773074830.431179720 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi5kYWlseQ==  - -
 ZXRjL2Nyb24uZGFpbHkvNS11cGRhdGUtcGFja2FnZXMtbGlzdA== 1773074830.431179720 1773074830.431179720 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi5kYWlseQ==  - -
 ZXRjL2Nyb24uZGFpbHkvNy13YXJuLWdpdC1zdGF0dXM= 1773074830.431179720 1773074830.431179720 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi5ob3VybHk=  - -
 ZXRjL2Nyb24uaG91cmx5Ly5naXRpZ25vcmU= 1762535518.534373147 1762535518.534373147 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi5tb250aGx5  - -
 ZXRjL2Nyb24ubW9udGhseS8uZ2l0aWdub3Jl 1762535548.045898541 1762535548.045898541 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi53ZWVrbHk=  - -
 ZXRjL2Nyb24ud2Vla2x5Ly5naXRpZ25vcmU= 1762628453.620630321 1762535530.470181196 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi53ZWVrbHk=  - -
 ZXRjL2Nyb24ud2Vla2x5L2NsZWFuLXBocA== 1773074830.431179720 1773074830.431179720 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 Y3Jvbi55ZWFybHk=  - -
 ZXRjL2Nyb24ueWVhcmx5Ly5naXRpZ25vcmU= 1762535568.001577608 1762535568.001577608 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL2Nyb250YWI= 1762534976.223094581 1757593504.000000000 root:root 0600 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVmYXVsdA==  - -
-ZXRjL2RlZmF1bHQvLmdpdGlnbm9yZQ== 1774877901.613747641 1762624148.166366444 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRjL2RlZmF1bHQvLmdpdGlnbm9yZQ== 1773952746.050042264 1762624148.166366444 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVmYXVsdA==  - -
-ZXRjL2RlZmF1bHQvY3Jvbg== 1774114880.928470664 1771511324.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZGVmYXVsdA==  - -
-ZXRjL2RlZmF1bHQvZG9rdXdpa2k= 1774114972.074960982 1773517662.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRjL2RlZmF1bHQvZG9rdXdpa2k= 1773952381.644085099 1773517662.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVmYXVsdA==  - -
 ZXRjL2RlZmF1bHQvcHJvbWV0aGV1cw== 1773513253.988425139 1773502158.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVmYXVsdA==  - -
 ZXRjL2RlZmF1bHQvcHJvbWV0aGV1cy1hbGVydG1hbmFnZXI= 1741526314.000000000 1773502158.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVmYXVsdA==  - -
 ZXRjL2RlZmF1bHQvcHJvbWV0aGV1cy1ub2RlLWV4cG9ydGVy 1773511187.568917165 1762023153.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVmYXVsdA==  - -
-ZXRjL2RlZmF1bHQvcnN5bmM= 1774115973.482452959 1764289744.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRjL2RlZmF1bHQvcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758555243.000000000 1758552192.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVmYXVsdA==  - -
-ZXRjL2RlZmF1bHQvdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1774116075.948769497 1757595391.000000000 root:root 0600 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRjL2RlZmF1bHQvdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1773511563.759009356 1757595391.000000000 root:root 0600 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054.000000000 1758038054.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 YWNjb3VudHM=  - -
 ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230.000000000 1757873230.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 YWNjb3VudHM=  - -
 ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1773159494.828502366 1757873275.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 YXJjaGl2ZQ==  - -
 ZXRjL2RlaHlkcmF0ZWQvYXJjaGl2ZS8uZ2l0aWdub3Jl 1757874259.000000000 1757873451.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 Y2VydHM=  - -
 ZXRjL2RlaHlkcmF0ZWQvY2VydHMvLmdpdGlnbm9yZQ== 1757874303.000000000 1757873537.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 Y29uZi5k  - -
 ZXRjL2RlaHlkcmF0ZWQvY29uZi5kLy5naXRrZWVwZGly 1773342473.728835264 1773342473.728835264 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1773422158.392330219 1757862077.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328.000000000 1757862077.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 ZG9tYWlucy5k  - -
 ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1773422197.987710884 1757862077.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZGVoeWRyYXRlZA==  - -
 aG9va3M=  - -
 ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1773342632.190315764 1757862077.000000000 root:root 0755 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpLy5naXRpZ25vcmU= 1774878145.441786034 1774878145.441786034 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpLy5odGFjY2Vzcw== 1722839243.000000000 1773517662.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2FjbC5hdXRoLnBocA== 1746154701.000000000 1773517662.000000000 root:www-data 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2FjbC5hdXRoLnBocC5kaXN0 1722839243.000000000 1773517662.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2Fjcm9ueW1zLmNvbmY= 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2FwYWNoZS5jb25m 1774881241.459529288 1774881241.459529288 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2Rva3V3aWtpLnBocA== 1746154701.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2VudGl0aWVzLmNvbmY= 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2ludGVyd2lraS5jb25m 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2xpY2Vuc2UucGhw 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2xvY2FsLnBocA== 1773597191.209498063 1773597191.209498063 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2xvY2FsLnBocC5iYWsucGhw 1773597164.469917468 1773597164.469917468 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL2xvY2FsLnBocC5kaXN0 1722839243.000000000 1773517662.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL21hbmlmZXN0Lmpzb24= 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL21lZGlhbWV0YS5waHA= 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL21pbWUuY29uZg== 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL215c3FsLmNvbmYucGhwLmV4YW1wbGU= 1722839243.000000000 1773517662.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3BsdWdpbnMubG9jYWwucGhw 1746154701.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3BsdWdpbnMucGhw 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3BsdWdpbnMucmVxdWlyZWQucGhw 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3NjaGVtZS5jb25m 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3NtaWxleXMuY29uZg== 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3VzZXJwcmludC5jc3M= 1745221948.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3VzZXJzLmF1dGgucGhw 1746154701.000000000 1773517662.000000000 root:www-data 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3VzZXJzLmF1dGgucGhwLmRpc3Q= 1722839243.000000000 1773517662.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3VzZXJzdHlsZS5jc3M= 1745221948.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZG9rdXdpa2k=  - -
-ZXRjL2Rva3V3aWtpL3dvcmRibG9jay5jb25m 1722839243.000000000 1773517662.000000000 root:www-data 0664 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZmlyZXdhbGw=  - -
-ZXRjL2ZpcmV3YWxsLy5naXRpZ25vcmU= 1773947378.243078506 1773947378.243078506 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZmlyZXdhbGw=  - -
-ZXRjL2ZpcmV3YWxsL2RlZmF1bHRfdjQucnVsZXM= 1774124942.942844576 1773861600.980550947 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZmlyZXdhbGw=  - -
-ZXRjL2ZpcmV3YWxsL2RlZmF1bHRfdjYucnVsZXM= 1774124987.466117124 1773861600.980550947 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL2ZzdGFi 1774103611.886951171 1771501851.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZnVzaW9uZGlyZWN0b3J5  - -
 ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnktYXBhY2hlLmNvbmY= 1740415693.000000000 1762022137.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZnVzaW9uZGlyZWN0b3J5  - -
+ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZg==  - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZnVzaW9uZGlyZWN0b3J5  - -
 ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZi5vcmln 1760207207.000000000 1760207207.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL2dyb3Vw 1773951237.415059979 1773951237.415059979 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL2dzaGFkb3cuZ3Bn 1774112155.713736078 1762447499.282711556 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL2dzaGFkb3cuZ3Bn 1762628156.813441524 1762447499.282711556 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL2hvc3RuYW1l 1757594311.000000000 1757594311.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL2hvc3Rz 1762446715.371577485 1757594362.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 aW5pdC5k  - -
 ZXRjL2luaXQuZC8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 aW5pdC5k  - -
 ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1773654405.833829368 1771459200.000000000 root:root 0755 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL2tyYjUuY29uZg== 1773662876.418407545 1583171707.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 bGRhcA==  - -
 ZXRjL2xkYXAvbGRhcC5jb25m 1758374529.000000000 1730112559.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 bGRhcA==  - -
 c2NoZW1h  - -
 ZXRjL2xkYXAvc2NoZW1hLy5naXRpZ25vcmU= 1762628549.507075969 1762628549.507075969 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 bGRhcA==  - -
 c2NoZW1h  - -
 ZXRjL2xkYXAvc2NoZW1hL3JmYzIzMDdiaXMuc2NoZW1h 1759835660.000000000 1759835660.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL2xvZ2luLmRlZnM= 1771509215.801996599 1745058028.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL2xvZ3JvdGF0ZS5jb25m 1774126916.834604932 1773949445.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL2FsdGVybmF0aXZlcw== 1774879964.524246639 1736567071.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL2FwYWNoZTI= 1774879843.654206932 1771512073.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL2FwdA== 1774880481.903855753 1753012285.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL2J0bXA= 1774880027.579223999 1773949445.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL2Rwa2c= 1774880076.286434085 1736567071.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL3BocDguNC1mcG0= 1774880108.513911418 1771512192.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL3Byb21ldGhldXM= 1774880202.364389342 1773502158.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL3Byb21ldGhldXMtYWxlcnRtYW5hZ2Vy 1774880211.284244673 1773502158.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL3Byb21ldGhldXMtbm9kZS1leHBvcnRlcg== 1774880189.240602186 1771512342.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL3JzeXNsb2c= 1774880765.223259890 1771512334.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL3d0bXA= 1774880296.026870307 1773949445.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-bG9ncm90YXRlLmQ=  - -
-ZXRjL2xvZ3JvdGF0ZS5kL3d0bXBkYg== 1774880340.794144279 1771511324.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL21vdGQ= 1774109784.320927406 1756052400.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL21zbXRwLWFsaWFzZXM= 1758035451.000000000 1758035451.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL21vdGQ= 1762625944.389278724 1756052400.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL21zbXRwLmFsaWFzZXM= 1758035451.000000000 1758035451.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL21zbXRwcmMuZ3Bn 1761052674.000000000 1758049424.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 bmV0d29yaw==  - -
 ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572.000000000 1757596572.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 bmV0d29yaw==  - -
 ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1762449437.502802342 1762449437.502802342 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 bmV0d29yaw==  - -
 aW50ZXJmYWNlcy5k  - -
 ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDA= 1762449591.864258045 1762449559.040799058 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 bmV0d29yaw==  - -
 aW50ZXJmYWNlcy5k  - -
 ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDE= 1762449602.376084790 1762449560.312778093 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-cGFtLmQ=  - -
-ZXRjL3BhbS5kLy5naXRpZ25vcmU= 1774714455.970711834 1774714433.803076074 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-cGFtLmQ=  - -
-ZXRjL3BhbS5kL2NvbW1vbi1zZXNzaW9uLW5vbmludGVyYWN0aXZl 1774714594.472436072 1771520438.036467174 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL3Bhc3N3ZA== 1773951229.999182951 1773951229.999182951 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 ZXRjL3BocC8uZ2l0aWdub3Jl 1773950303.090525695 1773950303.090525695 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 ZXRjL3BocC84LjQvLmdpdGlnbm9yZQ== 1773950864.129246341 1773950864.129246341 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 YXBhY2hlMg==  - -
 ZXRjL3BocC84LjQvYXBhY2hlMi8uZ2l0aWdub3Jl 1773950761.570942616 1773950761.570942616 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 YXBhY2hlMg==  - -
 ZXRjL3BocC84LjQvYXBhY2hlMi9waHAuaW5p 1773248884.583344972 1773248884.583344972 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 Y2xp  - -
 ZXRjL3BocC84LjQvY2xpLy5naXRpZ25vcmU= 1773950780.838623940 1773950780.838623940 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 Y2xp  - -
 ZXRjL3BocC84LjQvY2xpL3BocC5pbmk= 1773248893.095208163 1773248893.095208163 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 ZnBt  - -
 ZXRjL3BocC84LjQvZnBtLy5naXRpZ25vcmU= 1773950820.753963759 1773950820.753963759 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 ZnBt  - -
 ZXRjL3BocC84LjQvZnBtL3BocC1mcG0uY29uZg== 1773249914.582789624 1771512192.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 ZnBt  - -
 ZXRjL3BocC84LjQvZnBtL3BocC5pbmk= 1773248900.295092442 1773248900.295092442 root:root 0777 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 ZnBt  - -
 cG9vbC5k  - -
 ZXRjL3BocC84LjQvZnBtL3Bvb2wuZC93d3cuY29uZg== 1773343753.212472726 1771512192.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhw  - -
 OC40  - -
 ZXRjL3BocC84LjQvcGhwLmluaQ== 1773248696.138374022 1773229113.232168334 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhwbGRhcGFkbWlu  - -
 ZXRjL3BocGxkYXBhZG1pbi8uZ2l0aWdub3Jl 1762628720.800299329 1762628701.308615289 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cGhwbGRhcGFkbWlu  - -
 ZXRjL3BocGxkYXBhZG1pbi9jb25maWcucGhwLmdwZw== 1761052640.000000000 1758539944.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3BrZ2xpc3Q= 1774828801.775754388 1762560002.068536774 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL3BrZ2xpc3Q= 1773878402.020187156 1762560002.068536774 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cHVzaG92ZXItY2xpZW50  - -
 ZXRjL3B1c2hvdmVyLWNsaWVudC8uZ2l0aWdub3Jl 1762628624.365862525 1762448145.464092595 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 cHVzaG92ZXItY2xpZW50  - -
 ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0LmdwZw== 1762448163.991787320 1762448163.979787518 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3JjLmxvY2Fs 1774103527.876346454 1741726362.000000000 root:root 0755 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3JjLnNodXRkb3du 1774103509.628649515 1741726362.000000000 root:root 0755 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3Jlc29sdi5jb25m 1774104634.886005823 1757611605.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3JzeW5jZC5iYW5uZXI= 1774122601.421220111 1774122601.421220111 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3JzeW5jZC5jb25m 1774124018.429973565 1774120279.027354925 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3JzeW5jZC5wYXNzd2QuZ3Bn 1774123884.056173593 1774123884.056173593 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3JzeXNsb2cuY29uZg== 1774881279.786907127 1757785113.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3MtbmFpbC5yYw== 1774110388.682978693 1774110134.767164228 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL3Jlc29sdi5jb25m 1773592997.299303370 1757611605.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL3JzeXNsb2cuY29uZg== 1757785113.000000000 1757785113.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c2FtYmE=  - -
 ZXRjL3NhbWJhL3NtYi5jb25m 1762447904.392054475 1758208516.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c2FtYmE=  - -
 ZXRjL3NhbWJhL3NtYnVzZXJz 1758121825.000000000 1758121586.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-ZXRjL3NoYWRvdy5ncGc= 1774112131.486138136 1762447484.598952854 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-c2h1dGRvd24uZA==  - -
-ZXRjL3NodXRkb3duLmQvcHVzaG92ZXItYWxlcnQ= 1773658291.017652815 1758225155.000000000 root:root 0755 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL3NoYWRvdy5ncGc= 1762628180.969049967 1762447484.598952854 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3No  - -
 ZXRjL3NzaC8uZ2l0aWdub3Jl 1762628843.382312260 1757606957.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3No  - -
 ZXRjL3NzaC9zc2hfY29uZmln 1757606630.000000000 1757606630.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3No  - -
 ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1758202229.000000000 1757606896.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3NoZ3VhcmQ=  - -
-ZXRjL3NzaGd1YXJkLy5naXRpZ25vcmU= 1774125137.895659238 1774125137.895659238 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
-c3NoZ3VhcmQ=  - -
-ZXRjL3NzaGd1YXJkL3NzaGd1YXJkLmNvbmY= 1774125374.863787370 1758050700.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRjL3NzaGd1YXJkL3NzaGd1YXJkLmNvbmY= 1758050700.000000000 1758050700.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3NoZ3VhcmQ=  - -
 ZXRjL3NzaGd1YXJkL3doaXRlbGlzdA== 1758050235.000000000 1758050235.000000000 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3Vkb2Vycy5k  - -
 ZXRjL3N1ZG9lcnMuZC8uZ2l0aWdub3Jl 1762026765.566662574 1762026765.566662574 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3Vkb2Vycy5k  - -
 ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359.000000000 1757599359.000000000 root:root 0640 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3Vkb2Vycy5k  - -
 ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157.000000000 1757600157.000000000 root:root 0640 - -
 aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
@@ -568,7 +406,7 @@ c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
 b3B0L3NiaW4vY3JvbmpvYi1kZWh5ZHJhdGVk 1758033093.000000000 1757531685.000000000 root:root 0755 - -
 b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
 c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy10b2RheS1zeW1saW5r 1774882209.447784765 1774882209.447784765 root:root 0755 - -
+b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1758555302.000000000 1758224324.000000000 root:root 0755 - -
 b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
 c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
 b3B0L3NiaW4vY3JvbmpvYi11cGRhdGUtcGFja2FnZXMtbGlzdA== 1773518953.705866964 1757531121.000000000 root:root 0755 - -
@@ -577,107 +415,86 @@ c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
 b3B0L3NiaW4vY3JvbmpvYi13YXJuLWdpdC1zdGF0dXM= 1758221607.000000000 1757591137.000000000 root:root 0755 - -
 b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
 c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
+b3B0L3NiaW4vZGVoeWRyYXRlZA== 1757531557.000000000 1757531557.000000000 root:root 0755 - -
+b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
+c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
 b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1758224526.000000000 1758224526.000000000 root:root 0755 - -
 b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
 c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
 b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1757590543.000000000 1757590543.000000000 root:root 0755 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 cm9vdC8uYmFzaF9wcm9maWxl 1757584711.000000000 1757584711.000000000 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 cm9vdC8uYmFzaHJj 1758887027.000000000 1757586493.000000000 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 cm9vdC8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
-cm9vdC8uZ2l0aWdub3Jl 1774104492.728356672 1757600312.000000000 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
+cm9vdC8uZ2l0aWdub3Jl 1771509562.912369370 1757600312.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 LmxvY2Fs  - -
 c2hhcmU=  - -
 bmFubw==  - -
 cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 cm9vdC8ubmFub3Jj 1757585756.000000000 1757585756.000000000 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 LnNzaA==  - -
 cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 LnNzaA==  - -
 cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611.000000000 1757587611.000000000 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 c3R1ZmYtdG8ta2VlcA==  - -
 cm9vdC9zdHVmZi10by1rZWVwL2NsZWFuLWZk 1758994151.000000000 1758992264.000000000 root:root 0755 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 c3R1ZmYtdG8ta2VlcA==  - -
 cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRh 1762020478.278412865 1762020215.034844513 root:root 0644 - -
-cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
 c3R1ZmYtdG8ta2VlcA==  - -
 cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRhXzAuMC4xX2FsbC5kZWI= 1762020499.466056182 1762020499.458056317 root:root 0644 - -
-dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
-dXNyLy5naXRpZ25vcmU= 1774107718.734827685 1774107647.716001993 root:root 0644 - -
-dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
-Ymlu 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-dXNyL2Jpbi8uZ2l0aWdub3Jl 1774110451.861936300 1774107755.910212974 root:root 0644 - -
-dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
-Ymlu 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-dXNyL2Jpbi9tYWls 1774110427.390340069 1774110427.390340069 root:root 0777 - -
-dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
-Ymlu 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-dXNyL2Jpbi9tYWlseA== 1774110428.982313794 1774110428.982313794 root:root 0777 - -
-dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
-Ymlu 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-dXNyL2Jpbi9zZW5kbWFpbA== 1774107735.634548245 1774107735.634548245 root:root 0777 - -
-dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
-bGli 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-dXNyL2xpYi8uZ2l0aWdub3Jl 1774110464.033735481 1774107788.901667453 root:root 0644 - -
-dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
-bGli 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-dXNyL2xpYi9zZW5kbWFpbA== 1774107793.309594570 1774107793.309594570 root:root 0777 - -
-dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
-c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-dXNyL3NiaW4vLmdpdGlnbm9yZQ== 1774110477.097519949 1774107768.166010319 root:root 0644 - -
-dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
-c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-dXNyL3NiaW4vc2VuZG1haWw= 1774107779.181828175 1774107779.181828175 root:root 0777 - -
 dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
 dmFyLy5naXRpZ25vcmU= 1773949028.747602042 1758288560.000000000 root:root 0644 - -
 dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
 bGli 1767688090.000000000 1767688090.000000000 root:root 0777 - -
-dmFyL2xpYi8uZ2l0aWdub3Jl 1774877941.677096712 1758288764.000000000 root:root 0644 - -
+dmFyL2xpYi8uZ2l0aWdub3Jl 1773949953.372309903 1758288764.000000000 root:root 0644 - -
 dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
 bGli 1767688090.000000000 1767688090.000000000 root:root 0777 - -
 cGhw  - -
 dmFyL2xpYi9waHAvLmdpdGlnbm9yZQ== 1773235424.683445828 1773235424.683445828 root:root 0644 - -
 dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
-bG9n  - -
-dmFyL2xvZy8uZ2l0aWdub3Jl 1774127028.984774165 1774127028.984774165 root:root 0644 - -
+bGli 1767688090.000000000 1767688090.000000000 root:root 0777 - -
+cGhw  - -
+c2Vzc2lvbnM=  - -
+dmFyL2xpYi9waHAvc2Vzc2lvbnMvLmdpdGlnbm9yZQ== 1773949643.981426897 1773948904.265660845 root:root 0644 - -
 dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
-bG9n  - -
-QXJjaGl2ZWQ=  - -
-dmFyL2xvZy9BcmNoaXZlZC8uZ2l0aWdub3Jl 1774126984.505500258 1774126984.505500258 root:root 0644 - -
-dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
-dG1w 1774830023.084001864 1771501870.000000000 root:root 1777 - -
+dG1w 1773942460.457147071 1771501870.000000000 root:root 1777 - -
 dmFyL3RtcC8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - -
 dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
+dG1w 1773942460.457147071 1771501870.000000000 root:root 1777 - -
+cGhwLXVwbG9hZHM=  - -
+dmFyL3RtcC9waHAtdXBsb2Fkcy8uZ2l0aWdub3Jl 1773949181.645073322 1773949181.645073322 root:root 0644 - -
+dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
 d3d3  - -
 dmFyL3d3dy8uZ2l0aWdub3Jl 1773949001.724048991 1773949001.724048991 root:root 0644 - -
 dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
 d3d3  - -
 ZGVoeWRyYXRlZA==  - -
 dmFyL3d3dy9kZWh5ZHJhdGVkLy5naXRpZ25vcmU= 1773946447.886574894 1773340286.179664904 root:root 0644 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL3NoYWRvdw== 1773951229.983183217 1773951229.983183217 root:shadow 0640 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL3NoYWRvdy0= 1762449439.000000000 1762449439.000000000 root:shadow 0640 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 ZXRjL3N1ZG9lcnM= 1751262933.000000000 1751262933.000000000 root:root 0440 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3Vkb2Vycy5k  - -
 ZXRjL3N1ZG9lcnMuZC9SRUFETUU= 1751262933.000000000 1751262933.000000000 root:root 0440 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3Vkb2Vycy5k  - -
 ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359.000000000 1757599359.000000000 root:root 0640 - -
-ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
 c3Vkb2Vycy5k  - -
 ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157.000000000 1757600157.000000000 root:root 0640 - -
 aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
diff --git a/.githooks/gitattributesdb b/.githooks/gitattributesdb
index ff06547..6f956ff 160000
--- a/.githooks/gitattributesdb
+++ b/.githooks/gitattributesdb
@@ -1 +1 @@
-Subproject commit ff06547286837af17b586b256a3d7ac226f2c382
+Subproject commit 6f956ff56af0a65b6dd8f84aa845031c22998c61
diff --git a/.gitignore b/.gitignore
index b07a28c..8d64849 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@
 /srv/
 /sys/
 /tmp/
+/usr/
diff --git a/etc/.gitignore b/etc/.gitignore
index a63fa93..34654b4 100644
--- a/etc/.gitignore
+++ b/etc/.gitignore
@@ -6,19 +6,31 @@
 /alternatives/
 /apparmor.d/
 /bash.bashrc
+/bash_completion
 /bash_completion.d/
 /bindresvport.blacklist
-/ca-certificates.conf
+/binfmt.d/
 /ca-certificates/
+/ca-certificates.conf
+/credstore/
+/credstore.encrypted/
+/certificates/
+/dbus-1/
 /debconf.conf
 /debian_version
 /deluser.conf
-/devuan_version
+/depmod.d/
+/dhcpcd.conf
 /dpkg/
 /environment
 /ethertypes
 /fonts/
+/freeipmi/
+/fstab
 /gai.conf
+/ghostscript/
+/gprofng.rc
+/groff/
 /group-
 /gshadow
 /gshadow-
@@ -26,11 +38,8 @@
 /gssapi_mech.conf
 /host.conf
 /hosts.*
-/inittab
 /inputrc
-/insserv/
-/insserv.conf
-/insserv.conf.d/
+/ipmi/
 /issue
 /issue.net
 /kernel/
@@ -42,37 +51,52 @@
 /logcheck/
 /lynx/
 /machine-id
-/mime.types
+/magic
+/magic.mime
+/mail.rc
 /mailcap
 /mailcap.order
 /manpath.config
 /mime.types
+/modprobe.d/
+/modules
+/modules-load.d/
 /msmtprc
 /mtab
 /nanorc
 /netconfig
 /networks
+/nftables.conf
 /nsswitch.conf
+/nvme/
 /opt/
 /os-release
 /pam.conf
+/pam.d/
+/paperspecs
 /passwd-
 /perl/
+/polkit-1/
 /profile
 /profile.d/
 /protocols
+/python3/
+/python3.13/
 /rc?.d/
 /rmt
 /rpc
-/rsyncd.passwd
 /runit/
 /security/
 /selinux/
+/sensors.d/
+/sensors3.conf
 /services
+/sgml/
 /shadow
 /shadow-
 /shells
 /skel/
+/snmp/
 /ssl/
 /subgid
 /subuid
@@ -82,11 +106,14 @@
 /supercat/
 /sv/
 /sysctl.d/
-/systemd/
 /terminfo/
+/tmpfiles.d/
 /ucf.conf
+/udev/
 /ufw/
 /update-motd.d/
+/vconsole.conf
 /vim/
-/wgetrc
 /xattr.conf
+/xdg
+/xml
diff --git a/etc/birth-certificate b/etc/birth-certificate
deleted file mode 100644
index 8e2d436..0000000
--- a/etc/birth-certificate
+++ /dev/null
@@ -1 +0,0 @@
-Thu 19 Feb 11:50:09 UTC 2026
diff --git a/etc/boot.d/pushover-alert b/etc/boot.d/pushover-alert
deleted file mode 100755
index bcd246d..0000000
--- a/etc/boot.d/pushover-alert
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-# Alert that this host is up.
-[[ -x /opt/sbin/pushover-client ]] && /opt/sbin/pushover-client -p -1 -m "Boot up: ${HOSTNAME%%.*}"
diff --git a/etc/cron.d/.gitignore b/etc/cron.d/.gitignore
index 2c5f09c..a68d087 100644
--- a/etc/cron.d/.gitignore
+++ b/etc/cron.d/.gitignore
@@ -1 +1,2 @@
-/.placeholder
+/*
+!/.gitignore
diff --git a/etc/cron.daily/.gitignore b/etc/cron.daily/.gitignore
index c88ba48..c77a4e1 100644
--- a/etc/cron.daily/.gitignore
+++ b/etc/cron.daily/.gitignore
@@ -1,6 +1,6 @@
 /*
 !/.gitignore
-!/0-rotate-logs-today-symlink
+!/0-rotate-logs-symlinks
 !/5-update-packages-list
 !/7-warn-git-status
 !/10-dehydrated
diff --git a/etc/cron.daily/0-rotate-logs-symlinks b/etc/cron.daily/0-rotate-logs-symlinks
new file mode 120000
index 0000000..e26953b
--- /dev/null
+++ b/etc/cron.daily/0-rotate-logs-symlinks
@@ -0,0 +1 @@
+/opt/sbin/cronjob-rotate-logs-symlinks
\ No newline at end of file
diff --git a/etc/cron.daily/0-rotate-logs-today-symlink b/etc/cron.daily/0-rotate-logs-today-symlink
deleted file mode 120000
index fbeaf76..0000000
--- a/etc/cron.daily/0-rotate-logs-today-symlink
+++ /dev/null
@@ -1 +0,0 @@
-/opt/sbin/cronjob-rotate-logs-today-symlink
\ No newline at end of file
diff --git a/etc/default/.gitignore b/etc/default/.gitignore
index 410eb8b..2a9e21a 100644
--- a/etc/default/.gitignore
+++ b/etc/default/.gitignore
@@ -1,12 +1,10 @@
 /apache-htcacheclean
+/cron
 /dbus
-/devpts
-/halt
-/hwclock
 /locale
 /networking
 /nss
-/rcS
+/openipmi
 /ssh
-/tmpfs
 /useradd
+/winbind
diff --git a/etc/default/cron b/etc/default/cron
deleted file mode 100644
index 6b423ea..0000000
--- a/etc/default/cron
+++ /dev/null
@@ -1,27 +0,0 @@
-# Cron configuration options
-
-# Whether to read the system's default environment files (if present)
-# If set to "yes", cron will set a proper mail charset from the
-# locale information. If set to something other than 'yes', the default
-# charset 'C' (canonical name: ANSI_X3.4-1968) will be used.
-#
-# This has no effect on tasks running under cron; their environment can
-# only be changed via PAM or from within the crontab; see crontab(5).
-READ_ENV="yes"
-
-# Extra options for cron, see cron(8)
-#
-# For example, to enable LSB name support in /etc/cron.d/, use
-# EXTRA_OPTS='-l'  
-#
-# Or, to log standard messages, plus jobs with exit status != 0:
-# EXTRA_OPTS='-L 5'
-#
-# For quick reference, the currently available log levels are:
-#   0   no logging (errors are logged regardless)
-#   1   log start of jobs
-#   2   log end of jobs
-#   4   log jobs with exit status != 0
-#   8   log the process identifier of child process (in all logs)
-#
-EXTRA_OPTS="-L 5"
diff --git a/etc/default/dokuwiki b/etc/default/dokuwiki
index dc8f6a6..990d87b 100644
--- a/etc/default/dokuwiki
+++ b/etc/default/dokuwiki
@@ -9,7 +9,7 @@ RUN_CLEANUP="true"
 # you can use this variable to change this value according to your
 # needs.
 # (default is 180)
-CLEANUP_MAXDAYS=60
+#CLEANUP_MAXDAYS=180
 
 # Set to true to remove revisions older than $CLEANUP_MAXDAYS
 # (default is false)
diff --git a/etc/default/rotate-logs-symlinks b/etc/default/rotate-logs-symlinks
new file mode 100644
index 0000000..2312951
--- /dev/null
+++ b/etc/default/rotate-logs-symlinks
@@ -0,0 +1 @@
+CREATE_DIRS['core.slackware.uk.net']="fusiondirectory samba"
diff --git a/etc/default/rsync b/etc/default/rsync
deleted file mode 100644
index 72be95e..0000000
--- a/etc/default/rsync
+++ /dev/null
@@ -1,47 +0,0 @@
-# defaults file for rsync daemon mode
-#
-# This file is only used for init.d based systems!
-# If this system uses systemd, you can specify options etc. for rsync
-# in daemon mode by copying /lib/systemd/system/rsync.service to
-# /etc/systemd/system/rsync.service and modifying the copy; add required
-# options to the ExecStart line.
-
-# start rsync in daemon mode from init.d script?
-#  only allowed values are "true", "false", and "inetd"
-#  Use "inetd" if you want to start the rsyncd from inetd,
-#  all this does is prevent the init.d script from printing a message
-#  about not starting rsyncd (you still need to modify inetd's config yourself).
-RSYNC_ENABLE=true
-
-# which file should be used as the configuration file for rsync.
-# This file is used instead of the default /etc/rsyncd.conf
-# Warning: This option has no effect if the daemon is accessed
-#          using a remote shell. When using a different file for
-#          rsync you might want to symlink /etc/rsyncd.conf to
-#          that file.
-# RSYNC_CONFIG_FILE=
-
-# what extra options to give rsync --daemon?
-#  that excludes the --daemon; that's always done in the init.d script
-#  Possibilities are:
-#   --address=123.45.67.89		(bind to a specific IP address)
-#   --port=8730				(bind to specified port; default 873)
-RSYNC_OPTS=''
-
-# run rsyncd at a nice level?
-#  the rsync daemon can impact performance due to much I/O and CPU usage,
-#  so you may want to run it at a nicer priority than the default priority.
-#  Allowed values are 0 - 19 inclusive; 10 is a reasonable value.
-RSYNC_NICE='10'
-
-# run rsyncd with ionice?
-#  "ionice" does for IO load what "nice" does for CPU load.
-#  As rsync is often used for backups which aren't all that time-critical,
-#  reducing the rsync IO priority will benefit the rest of the system.
-#  See the manpage for ionice for allowed options.
-#  -c3 is recommended, this will run rsync IO at "idle" priority. Uncomment
-#  the next line to activate this.
-# RSYNC_IONICE='-c3'
-
-# Don't forget to create an appropriate config file,
-# else the daemon will not start.
diff --git a/etc/default/terraform-http-backend b/etc/default/terraform-http-backend
index 74be79f..b32e067 100644
--- a/etc/default/terraform-http-backend
+++ b/etc/default/terraform-http-backend
@@ -3,5 +3,5 @@ TF_IP="127.0.0.1"
 TF_PORT="9200"
 TF_STORAGE_DIR="/var/lib/terraform-http-backend"
 TF_AUTH_ENABLED="false"
-#TF_USERNAME=""
-#TF_PASSWORD=""
+#TF_USERNAME="sysadmin"
+#TF_PASSWORD="sunsa"
diff --git a/etc/dehydrated/hooks/default b/etc/dehydrated/hooks/default
index 80a8479..b28b4b2 100755
--- a/etc/dehydrated/hooks/default
+++ b/etc/dehydrated/hooks/default
@@ -8,7 +8,7 @@
 # Where the copies of the current certificates/keys should be placed.  Comment for no copying.
 CERTSDIR="/etc/certificates"
 # The syslog facility and tag to use.  Comment for no sysloging.
-SYSLOG_FACILITY="lpr"
+SYSLOG_FACILITY="local1"
 SYSLOG_TAG="dehydrated-hooks"
 # Where from/to to send emails.  Comment for no emailing.
 EMAIL_FROM="\"Server: ${HOSTNAME%%.*}\" <noreply@slackware.uk.net>"
diff --git a/etc/dokuwiki/.gitignore b/etc/dokuwiki/.gitignore
deleted file mode 100644
index 20845f3..0000000
--- a/etc/dokuwiki/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/wordblock.local.conf
diff --git a/etc/dokuwiki/.htaccess b/etc/dokuwiki/.htaccess
deleted file mode 100644
index 9f49132..0000000
--- a/etc/dokuwiki/.htaccess
+++ /dev/null
@@ -1,8 +0,0 @@
-## no access to the conf directory
-<IfModule mod_authz_core.c>
-    Require all denied
-</IfModule>
-<IfModule !mod_authz_core.c>
-    Order allow,deny
-    Deny from all
-</IfModule>
diff --git a/etc/dokuwiki/acl.auth.php b/etc/dokuwiki/acl.auth.php
deleted file mode 120000
index 3331850..0000000
--- a/etc/dokuwiki/acl.auth.php
+++ /dev/null
@@ -1 +0,0 @@
-/var/lib/dokuwiki/acl/acl.auth.php
\ No newline at end of file
diff --git a/etc/dokuwiki/acl.auth.php.dist b/etc/dokuwiki/acl.auth.php.dist
deleted file mode 100644
index 14344d7..0000000
--- a/etc/dokuwiki/acl.auth.php.dist
+++ /dev/null
@@ -1,21 +0,0 @@
-# acl.auth.php
-# <?php exit()?>
-# Don't modify the lines above
-#
-# Access Control Lists
-#
-# Editing this file by hand shouldn't be necessary. Use the ACL
-# Manager interface instead.
-#
-# If your auth backend allows special char like spaces in groups
-# or user names you need to urlencode them (only chars <128, leave
-# UTF-8 multibyte chars as is)
-#
-# none   0
-# read   1
-# edit   2
-# create 4
-# upload 8
-# delete 16
-
-*               @ALL        8
diff --git a/etc/dokuwiki/acronyms.conf b/etc/dokuwiki/acronyms.conf
deleted file mode 100644
index 2ecdeda..0000000
--- a/etc/dokuwiki/acronyms.conf
+++ /dev/null
@@ -1,62 +0,0 @@
-# Acronyms.
-
-ACL          Access Control List
-AFAICS       As far as I can see
-AFAIK        As far as I know
-AFAIR        As far as I remember
-API          Application Programming Interface
-ASAP         As soon as possible
-ASCII        American Standard Code for Information Interchange
-BTW          By the way
-CMS          Content Management System
-CSS          Cascading Style Sheets
-DNS          Domain Name System
-EOF          End of file
-EOL          End of line
-EOM          End of message
-EOT          End of text
-FAQ          Frequently Asked Questions
-FTP          File Transfer Protocol
-FOSS         Free & Open-Source Software
-FLOSS        Free/Libre and Open Source Software
-FUD          Fear, Uncertainty, and Doubt
-FYI          For your information
-GB           Gigabyte
-GHz          Gigahertz
-GPL          GNU General Public License
-GUI          Graphical User Interface
-HTML         HyperText Markup Language
-IANAL        I am not a lawyer (but)
-IE           Internet Explorer
-IIRC         If I remember correctly
-IMHO         In my humble opinion
-IMO          In my opinion
-IOW          In other words
-IRC          Internet Relay Chat
-IRL          In real life
-KISS         Keep it simple stupid
-LAN          Local Area Network
-LGPL         GNU Lesser General Public License
-LOL          Laughing out loud
-MathML       Mathematical Markup Language
-MB           Megabyte
-MHz          Megahertz
-MSIE         Microsoft Internet Explorer
-OMG          Oh my God
-OS           Operating System
-OSS          Open Source Software
-OTOH         On the other hand
-PITA         Pain in the Ass
-RFC          Request for Comments
-ROTFL        Rolling on the floor laughing
-RTFM         Read The Fine Manual
-spec         specification
-TIA          Thanks in advance
-TL;DR        Too long; didn't read
-TOC          Table of Contents
-URI          Uniform Resource Identifier
-URL          Uniform Resource Locator
-W3C          World Wide Web Consortium
-WTF?         What the f***
-WYSIWYG      What You See Is What You Get
-YMMV         Your mileage may vary
diff --git a/etc/dokuwiki/apache.conf b/etc/dokuwiki/apache.conf
deleted file mode 100644
index e69de29..0000000
diff --git a/etc/dokuwiki/dokuwiki.php b/etc/dokuwiki/dokuwiki.php
deleted file mode 100644
index 1937927..0000000
--- a/etc/dokuwiki/dokuwiki.php
+++ /dev/null
@@ -1,181 +0,0 @@
-<?php
-/**
- * This is DokuWiki's Main Configuration file
- *
- * All the default values are kept here, you should not modify it but use
- * a local.php file instead to override the settings from here.
- *
- * This is a piece of PHP code so PHP syntax applies!
- *
- * For help with the configuration and a more detailed explanation of the various options
- * see https://www.dokuwiki.org/config
- */
-
-
-/* Basic Settings */
-$conf['title']       = 'DokuWiki';        //what to show in the title
-$conf['start']       = 'start';           //name of start page
-$conf['lang']        = 'en';              //your language
-$conf['template']    = 'dokuwiki';         //see lib/tpl directory
-$conf['tagline']     = '';                //tagline in header (if template supports it)
-$conf['sidebar']     = 'sidebar';         //name of sidebar in root namespace (if template supports it)
-$conf['license']     = 'cc-by-nc-sa';     //see conf/license.php
-$conf['savedir']     = '/var/lib/dokuwiki/data'; //where to store all the files
-$conf['basedir']     = '';                //absolute dir from serveroot - blank for autodetection
-$conf['baseurl']     = '';                //URL to server including protocol - blank for autodetect
-$conf['cookiedir']   = '';                //path to use in cookies - blank for basedir
-$conf['dmode']       = 0755;              //set directory creation mode
-$conf['fmode']       = 0644;              //set file creation mode
-$conf['allowdebug']  = 0;                 //allow debug output, enable if needed 0|1
-
-/* Display Settings */
-$conf['recent']      = 20;                //how many entries to show in recent
-$conf['recent_days'] = 7;                 //How many days of recent changes to keep. (days)
-$conf['breadcrumbs'] = 10;                //how many recent visited pages to show
-$conf['youarehere']  = 0;                 //show "You are here" navigation? 0|1
-$conf['fullpath']    = 0;                 //show full path of the document or relative to datadir only? 0|1
-$conf['typography']  = 1;                 //smartquote conversion 0=off, 1=doublequotes, 2=all quotes
-$conf['dformat']     = '%Y/%m/%d %H:%M';  //dateformat accepted by PHPs strftime() function
-$conf['signature']   = ' --- //[[@MAIL@|@NAME@]] @DATE@//'; //signature see wiki page for details
-$conf['showuseras']  = 'loginname';       // 'loginname' users login name
-                                          // 'username' users full name
-                                          // 'email' e-mail address (will be obfuscated as per mailguard)
-                                          // 'email_link' e-mail address as a mailto: link (obfuscated)
-$conf['toptoclevel'] = 1;                 //Level starting with and below to include in AutoTOC (max. 5)
-$conf['tocminheads'] = 3;                 //Minimum amount of headlines that determines if a TOC is built
-$conf['maxtoclevel'] = 3;                 //Up to which level include into AutoTOC (max. 5)
-$conf['maxseclevel'] = 3;                 //Up to which level create editable sections (max. 5)
-$conf['camelcase']   = 0;                 //Use CamelCase for linking? (I don't like it) 0|1
-$conf['deaccent']    = 1;                 //deaccented chars in pagenames (1) or romanize (2) or keep (0)?
-$conf['useheading']  = 0;                 //use the first heading in a page as its name
-$conf['sneaky_index']= 0;                 //check for namespace read permission in index view (0|1) (1 might cause unexpected behavior)
-$conf['hidepages']   = '';                //Regexp for pages to be skipped from RSS, Search and Recent Changes
-
-/* Authentication Settings */
-$conf['useacl']      = 0;                //Use Access Control Lists to restrict access?
-$conf['autopasswd']  = 1;                //autogenerate passwords and email them to user
-$conf['authtype']    = 'authplain';      //which authentication backend should be used
-$conf['passcrypt']   = 'bcrypt';           //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411,bcrypt)
-$conf['defaultgroup']= 'user';           //Default groups new Users are added to
-$conf['superuser']   = '!!not set!!';    //The admin can be user or @group or comma separated list user1,@group1,user2
-$conf['manager']     = '!!not set!!';    //The manager can be user or @group or comma separated list user1,@group1,user2
-$conf['profileconfirm'] = 1;             //Require current password to confirm changes to user profile
-$conf['rememberme'] = 1;                 //Enable/disable remember me on login
-$conf['disableactions'] = '';            //comma separated list of actions to disable
-$conf['auth_security_timeout'] = 900;    //time (seconds) auth data is considered valid, set to 0 to recheck on every page view
-$conf['securecookie'] = 1;               //never send HTTPS cookies via HTTP
-$conf['samesitecookie'] = 'Lax';         //SameSite attribute for cookies (Lax|Strict|None|Empty)
-$conf['remote']      = 0;                //Enable/disable remote interfaces
-$conf['remoteuser']  = '!!not set!!';    //user/groups that have access to remote interface (comma separated). leave empty to allow all users
-$conf['remotecors']  = '';               //enable Cross-Origin Resource Sharing (CORS) for the remote interfaces. Asterisk (*) to allow all origins. leave empty to deny.
-
-/* Antispam Features */
-$conf['usewordblock']= 1;                //block spam based on words? 0|1
-$conf['relnofollow'] = 1;                //use rel="ugc nofollow" for external links?
-$conf['indexdelay']  = 60*60*24*5;       //allow indexing after this time (seconds) default is 5 days
-$conf['mailguard']   = 'hex';            //obfuscate email addresses against spam harvesters?
-                                         //valid entries are:
-                                         //  'visible' - replace @ with [at], . with [dot] and - with [dash]
-                                         //  'hex'     - use hex entities to encode the mail address
-                                         //  'none'    - do not obfuscate addresses
-$conf['iexssprotect']= 1;                // check for JavaScript and HTML in uploaded files 0|1
-
-/* Editing Settings */
-$conf['usedraft']    = 1;                //automatically save a draft while editing (0|1)
-$conf['locktime']    = 15*60;            //maximum age for lockfiles (defaults to 15 minutes)
-$conf['cachetime']   = 60*60*24;         //maximum age for cachefile in seconds (defaults to a day)
-
-/* Link Settings */
-// Set target to use when creating links - leave empty for same window
-$conf['target']['wiki']      = '';
-$conf['target']['interwiki'] = '';
-$conf['target']['extern']    = '';
-$conf['target']['media']     = '';
-$conf['target']['windows']   = '';
-
-/* Media Settings */
-$conf['mediarevisions'] = 1;             //enable/disable media revisions
-$conf['refcheck']    = 1;                //check for references before deleting media files
-$conf['gdlib']       = 2;                //the GDlib version (0, 1 or 2) 2 tries to autodetect
-$conf['im_convert']  = '';               //path to ImageMagicks convert (will be used instead of GD)
-$conf['jpg_quality'] = '70';             //quality of compression when scaling jpg images (0-100)
-$conf['fetchsize']   = 0;                //maximum size (bytes) fetch.php may download from extern, disabled by default
-
-/* Notification Settings */
-$conf['subscribers'] = 0;                //enable change notice subscription support
-$conf['subscribe_time'] = 24*60*60;      //Time after which digests / lists are sent (in sec, default 1 day)
-                                         //Should be smaller than the time specified in recent_days
-$conf['notify']      = '';               //send change info to this email (leave blank for nobody)
-$conf['registernotify'] = '';            //send info about newly registered users to this email (leave blank for nobody)
-$conf['mailfrom']    = '';               //use this email when sending mails
-$conf['mailreturnpath']    = '';         //use this email as returnpath for bounce mails
-$conf['mailprefix']  = '';               //use this as prefix of outgoing mails
-$conf['htmlmail']    = 1;                //send HTML multipart mails
-$conf['dontlog'] = 'debug';              //logging facilities that should be disabled
-$conf['logretain'] = 3;                  //how many days of logs to keep
-
-/* Syndication Settings */
-$conf['sitemap']     = 0;                //Create a Google sitemap? How often? In days.
-$conf['rss_type']    = 'rss1';           //type of RSS feed to provide, by default:
-                                         //  'rss'  - RSS 0.91
-                                         //  'rss1' - RSS 1.0
-                                         //  'rss2' - RSS 2.0
-                                         //  'atom' - Atom 0.3
-                                         //  'atom1' - Atom 1.0
-$conf['rss_linkto'] = 'diff';            //what page RSS entries link to:
-                                         //  'diff'    - page showing revision differences
-                                         //  'page'    - the revised page itself
-                                         //  'rev'     - page showing all revisions
-                                         //  'current' - most recent revision of page
-$conf['rss_content'] = 'abstract';       //what to put in the items by default?
-                                         //  'abstract' - plain text, first paragraph or so
-                                         //  'diff'     - plain text unified diff wrapped in <pre> tags
-                                         //  'htmldiff' - diff as HTML table
-                                         //  'html'     - the full page rendered in XHTML
-$conf['rss_media']   = 'both';           //what should be listed?
-                                         //  'both'     - page and media changes
-                                         //  'pages'    - page changes only
-                                         //  'media'    - media changes only
-$conf['rss_update'] = 5*60;              //Update the RSS feed every n seconds (defaults to 5 minutes)
-$conf['rss_show_summary'] = 1;           //Add revision summary to title? 0|1
-$conf['rss_show_deleted'] = 1;           //Show deleted items 0|1
-
-/* Advanced Settings */
-$conf['updatecheck'] = 0;                //automatically check for new releases?
-$conf['userewrite']  = 0;                //this makes nice URLs: 0: off 1: .htaccess 2: internal
-$conf['useslash']    = 0;                //use slash instead of colon? only when rewrite is on
-$conf['sepchar']     = '_';              //word separator character in page names; may be a
-                                         //  letter, a digit, '_', '-', or '.'.
-$conf['canonical']   = 0;                //Should all URLs use full canonical http://... style?
-$conf['fnencode']    = 'url';            //encode filenames (url|safe|utf-8)
-$conf['autoplural']  = 0;                //try (non)plural form of nonexistent files?
-$conf['compression'] = 'gz';             //compress old revisions: (0: off) ('gz': gnuzip) ('bz2': bzip)
-                                         //  bz2 generates smaller files, but needs more cpu-power
-$conf['gzip_output'] = 0;                //use gzip content encoding for the output xhtml (if allowed by browser)
-$conf['compress']    = 1;                //Strip whitespaces and comments from Styles and JavaScript? 1|0
-$conf['cssdatauri']  = 512;              //Maximum byte size of small images to embed into CSS, won't work on IE<8
-$conf['send404']     = 0;                //Send an HTTP 404 status for nonexistent pages?
-$conf['broken_iua']  = 0;                //Platform with broken ignore_user_abort (IIS+CGI) 0|1
-$conf['xsendfile']   = 0;                //Use X-Sendfile (1 = lighttpd, 2 = standard)
-$conf['renderer_xhtml'] = 'xhtml';       //renderer to use for main page generation
-$conf['readdircache'] = 0;               //time cache in second for the readdir operation, 0 to deactivate.
-$conf['search_nslimit'] = 0;             //limit the search to the current X namespaces
-$conf['search_fragment'] = 'exact';      //specify the default fragment search behavior
-$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
-                                         //Regexp of trusted proxy address when reading IP using HTTP header
-                                         //  if blank, do not trust any proxy (including local IP)
-
-/* Feature Flags */
-$conf['defer_js'] = 1;                   // Defer javascript to be executed after the page's HTML has been parsed. Setting will be removed in the next release.
-$conf['hidewarnings'] = 0;               // Hide warnings
-
-/* Network Settings */
-$conf['dnslookups'] = 1;                 //disable to disallow IP to hostname lookups
-$conf['jquerycdn']  = 0;                 //use a CDN for delivering jQuery?
-// Proxy setup - if your Server needs a proxy to access the web set these
-$conf['proxy']['host']    = '';
-$conf['proxy']['port']    = '';
-$conf['proxy']['user']    = '';
-$conf['proxy']['pass']    = '';
-$conf['proxy']['ssl']     = 0;
-$conf['proxy']['except']  = '';
diff --git a/etc/dokuwiki/entities.conf b/etc/dokuwiki/entities.conf
deleted file mode 100644
index c0d653c..0000000
--- a/etc/dokuwiki/entities.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# Typography replacements
-#
-# Order does matter!
-#
-# You can use HTML entities here, but it is not recommended because it may break
-# non-HTML renderers. Use UTF-8 chars directly instead.
-
-<->     ↔
-->      →
-<-      �
-<=>     ⇔
-=>      ⇒
-<=      �
->>      »
-<<      «
----     —
---      –
-(c)     ©
-(tm)    â„¢
-(r)     ®
-...     …
-
diff --git a/etc/dokuwiki/interwiki.conf b/etc/dokuwiki/interwiki.conf
deleted file mode 100644
index a509056..0000000
--- a/etc/dokuwiki/interwiki.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-# Each URL may contain one of these placeholders
-# {URL}  is replaced by the URL encoded representation of the wikiname
-#        this is the right thing to do in most cases
-# {NAME} this is replaced by the wikiname as given in the document
-#        only mandatory encoded is done, urlencoding if the link
-#        is an external URL, or encoding as a wikiname if it is an
-#        internal link (begins with a colon)
-# {SCHEME}
-# {HOST}
-# {PORT}
-# {PATH}
-# {QUERY} these placeholders will be replaced with the appropriate part
-#         of the link when parsed as a URL
-# If no placeholder is defined the urlencoded name is appended to the URL
-
-# To prevent losing your added InterWiki shortcuts after an upgrade,
-# you should add new ones to interwiki.local.conf
-
-wp        https://en.wikipedia.org/wiki/{NAME}
-wpfr      https://fr.wikipedia.org/wiki/{NAME}
-wpde      https://de.wikipedia.org/wiki/{NAME}
-wpes      https://es.wikipedia.org/wiki/{NAME}
-wppl      https://pl.wikipedia.org/wiki/{NAME}
-wpjp      https://ja.wikipedia.org/wiki/{NAME}
-wpru      https://ru.wikipedia.org/wiki/{NAME}
-wpmeta    https://meta.wikipedia.org/wiki/{NAME}
-doku      https://www.dokuwiki.org/
-rfc       https://tools.ietf.org/html/rfc
-man       http://man.cx/
-amazon    https://www.amazon.com/dp/{URL}?tag=splitbrain-20
-amazon.de https://www.amazon.de/dp/{URL}?tag=splitbrain-21
-amazon.uk https://www.amazon.co.uk/dp/{URL}
-paypal    https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&amp;business=
-phpfn     https://secure.php.net/{NAME}
-skype     skype:{NAME}
-google    https://www.google.com/search?q=
-google.de https://www.google.de/search?q=
-go        https://www.google.com/search?q={URL}&amp;btnI=lucky
-user      :user:{NAME}
-
-# To support VoIP/SIP/TEL links
-callto    callto://{NAME}
-tel       tel:{NAME}
diff --git a/etc/dokuwiki/license.php b/etc/dokuwiki/license.php
deleted file mode 100644
index 845c59f..0000000
--- a/etc/dokuwiki/license.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-/**
- * This file defines multiple available licenses you can license your
- * wiki contents under. Do not change this file, but create a
- * license.local.php instead.
- */
-
-if(empty($LC)) $LC = empty($conf['lang']) ? 'en' : $conf['lang'];
-
-$license['cc-zero'] = array(
-    'name' => 'CC0 1.0 Universal',
-    'url'  => 'https://creativecommons.org/publicdomain/zero/1.0/deed.'.$LC,
-);
-$license['publicdomain'] = array(
-    'name' => 'Public Domain',
-    'url'  => 'https://creativecommons.org/licenses/publicdomain/deed.'.$LC,
-);
-$license['cc-by'] = array(
-    'name' => 'CC Attribution 4.0 International',
-    'url'  => 'https://creativecommons.org/licenses/by/4.0/deed.'.$LC,
-);
-$license['cc-by-sa'] = array(
-    'name' => 'CC Attribution-Share Alike 4.0 International',
-    'url'  => 'https://creativecommons.org/licenses/by-sa/4.0/deed.'.$LC,
-);
-$license['gnufdl'] = array(
-    'name' => 'GNU Free Documentation License 1.3',
-    'url'  => 'https://www.gnu.org/licenses/fdl-1.3.html',
-);
-$license['cc-by-nc'] = array(
-    'name' => 'CC Attribution-Noncommercial 4.0 International',
-    'url'  => 'https://creativecommons.org/licenses/by-nc/4.0/deed.'.$LC,
-);
-$license['cc-by-nc-sa'] = array(
-    'name' => 'CC Attribution-Noncommercial-Share Alike 4.0 International',
-    'url'  => 'https://creativecommons.org/licenses/by-nc-sa/4.0/deed.'.$LC,
-);
-
diff --git a/etc/dokuwiki/local.php b/etc/dokuwiki/local.php
deleted file mode 100644
index e5a0ff8..0000000
--- a/etc/dokuwiki/local.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-/*
- * Dokuwiki's Main Configuration File - Local Settings
- * Auto-generated by config plugin
- * Run for user: admin
- * Date: Sun, 15 Mar 2026 17:53:11 +0000
- */
-
-$conf['template'] = 'mantinedoku';
-$conf['license'] = '';
-$conf['useacl'] = 1;
-$conf['superuser'] = '@admin';
-$conf['plugin']['authldap']['attributes'] = array();
-$conf['plugin']['toctweak']['tocPosition'] = '1';
diff --git a/etc/dokuwiki/local.php.bak.php b/etc/dokuwiki/local.php.bak.php
deleted file mode 100644
index 2cb5fcf..0000000
--- a/etc/dokuwiki/local.php.bak.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-/*
- * Dokuwiki's Main Configuration File - Local Settings
- * Auto-generated by config plugin
- * Run for user: admin
- * Date: Sun, 15 Mar 2026 17:52:44 +0000
- */
-
-$conf['template'] = 'mantinedoku';
-$conf['license'] = '';
-$conf['useacl'] = 1;
-$conf['superuser'] = '@admin';
-$conf['plugin']['authldap']['attributes'] = array();
-$conf['plugin']['toctweak']['tocPosition'] = '9';
diff --git a/etc/dokuwiki/local.php.dist b/etc/dokuwiki/local.php.dist
deleted file mode 100644
index 0397954..0000000
--- a/etc/dokuwiki/local.php.dist
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-/**
- * This is an example of how a local.php could look like.
- * Simply copy the options you want to change from dokuwiki.php
- * to this file and change them.
- *
- * When using the installer, a correct local.php file be generated for
- * you automatically.
- */
-
-
-//$conf['title']       = 'My Wiki';        //what to show in the title
-
-//$conf['useacl']      = 1;                //Use Access Control Lists to restrict access?
-//$conf['superuser']   = 'joe';
-
diff --git a/etc/dokuwiki/manifest.json b/etc/dokuwiki/manifest.json
deleted file mode 100644
index 891bd79..0000000
--- a/etc/dokuwiki/manifest.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-    "display": "standalone"
-}
diff --git a/etc/dokuwiki/mediameta.php b/etc/dokuwiki/mediameta.php
deleted file mode 100644
index b998de3..0000000
--- a/etc/dokuwiki/mediameta.php
+++ /dev/null
@@ -1,91 +0,0 @@
-<?php
-/**
- * This configures which metadata will be editable through
- * the media manager. Each field of the array is an array with the
- * following contents:
- *   fieldname - Where data will be saved (EXIF or IPTC field)
- *   label     - key to lookup in the $lang var, if not found printed as is
- *   htmltype  - 'text', 'textarea' or 'date'
- *   lookups   - array additional fields to look up the data (EXIF or IPTC fields)
- *
- * The fields are not ordered continuously to make inserting additional items
- * in between simpler.
- *
- * This is a PHP snippet, so PHP syntax applies.
- *
- * Note: $fields is not a global variable and will not be available to any
- *       other functions or templates later
- *
- * You may extend or overwrite this variable in an optional
- * conf/mediameta.local.php file
- *
- * For a list of available EXIF/IPTC fields refer to
- * http://www.dokuwiki.org/devel:templates:detail.php
- */
-
-
-$fields = array(
-    10 => array('Iptc.Headline',
-                'img_title',
-                'text'),
-
-    20 => array('',
-                'img_date',
-                'date',
-                array('Date.EarliestTime')),
-
-    30 => array('',
-                'img_fname',
-                'text',
-                array('File.Name')),
-
-    40 => array('Iptc.Caption',
-                'img_caption',
-                'textarea',
-                array('Exif.UserComment',
-                      'Exif.TIFFImageDescription',
-                      'Exif.TIFFUserComment')),
-
-    50 => array('Iptc.Byline',
-                'img_artist',
-                'text',
-                array('Exif.TIFFArtist',
-                      'Exif.Artist',
-                      'Iptc.Credit')),
-
-    60 => array('Iptc.CopyrightNotice',
-                'img_copyr',
-                'text',
-                array('Exif.TIFFCopyright',
-                      'Exif.Copyright')),
-
-    70 => array('',
-                'img_format',
-                'text',
-                array('File.Format')),
-
-    80 => array('',
-                'img_fsize',
-                'text',
-                array('File.NiceSize')),
-
-    90 => array('',
-                'img_width',
-                'text',
-                array('File.Width')),
-
-    100 => array('',
-                'img_height',
-                'text',
-                array('File.Height')),
-
-    110 => array('',
-                'img_camera',
-                'text',
-                array('Simple.Camera')),
-
-    120 => array('Iptc.Keywords',
-                'img_keywords',
-                'text',
-                array('Exif.Category')),
-);
diff --git a/etc/dokuwiki/mime.conf b/etc/dokuwiki/mime.conf
deleted file mode 100644
index b271322..0000000
--- a/etc/dokuwiki/mime.conf
+++ /dev/null
@@ -1,75 +0,0 @@
-# Allowed uploadable file extensions and mimetypes are defined here.
-# To extend this file it is recommended to create a mime.local.conf
-# file. Mimetypes that should be downloadable and not be opened in the
-# should be prefixed with a !
-
-jpg     image/jpeg
-jpeg    image/jpeg
-gif     image/gif
-png     image/png
-webp    image/webp
-ico     image/vnd.microsoft.icon
-
-mp3     audio/mpeg
-ogg     audio/ogg
-wav     audio/wav
-webm    video/webm
-ogv     video/ogg
-mp4     video/mp4
-vtt     text/vtt
-
-tgz     !application/octet-stream
-tar     !application/x-gtar
-gz      !application/octet-stream
-bz2     !application/octet-stream
-zip     !application/zip
-rar     !application/rar
-7z      !application/x-7z-compressed
-
-pdf     application/pdf
-ps      !application/postscript
-
-rpm     !application/octet-stream
-deb     !application/octet-stream
-
-doc     !application/msword
-xls     !application/msexcel
-ppt     !application/mspowerpoint
-rtf     !application/msword
-
-docx    !application/vnd.openxmlformats-officedocument.wordprocessingml.document
-xlsx    !application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
-pptx    !application/vnd.openxmlformats-officedocument.presentationml.presentation
-
-sxw     !application/soffice
-sxc     !application/soffice
-sxi     !application/soffice
-sxd     !application/soffice
-
-odc     !application/vnd.oasis.opendocument.chart
-odf     !application/vnd.oasis.opendocument.formula
-odg     !application/vnd.oasis.opendocument.graphics
-odi     !application/vnd.oasis.opendocument.image
-odp     !application/vnd.oasis.opendocument.presentation
-ods     !application/vnd.oasis.opendocument.spreadsheet
-odt     !application/vnd.oasis.opendocument.text
-
-svg     image/svg+xml
-
-# You should enable HTML and Text uploads only for restricted Wikis.
-# Spammers are known to upload spam pages through unprotected Wikis.
-# Note: Enabling HTML opens Cross Site Scripting vulnerabilities
-#       through JavaScript. Only enable this with trusted users. You
-#       need to disable the iexssprotect option additionally to
-#       adding the mime type here
-#html    text/html
-#htm     text/html
-#txt     text/plain
-#conf    text/plain
-#xml     text/xml
-#csv     text/csv
-
-# Also flash may be able to execute arbitrary scripts in the website's
-# context
-#swf     application/x-shockwave-flash
-
diff --git a/etc/dokuwiki/mysql.conf.php.example b/etc/dokuwiki/mysql.conf.php.example
deleted file mode 100644
index eef99fc..0000000
--- a/etc/dokuwiki/mysql.conf.php.example
+++ /dev/null
@@ -1,253 +0,0 @@
-<?php
-/*
- * This is an example configuration for the mysql auth plugin.
- *
- * This SQL statements are optimized for following table structure.
- * If you use a different one you have to change them accordingly.
- * See comments of every statement for details.
- *
- * TABLE users
- *     uid   login   pass   firstname   lastname   email
- *
- * TABLE groups
- *     gid   name
- *
- * TABLE usergroup
- *     uid   gid
- *
- * To use this configuration you have to copy them to local.protected.php
- * or at least include this file in local.protected.php.
- */
-
-/* Options to configure database access. You need to set up this
- * options carefully, otherwise you won't be able to access you
- * database.
- */
-$conf['plugin']['authmysql']['server']   = '';
-$conf['plugin']['authmysql']['user']     = '';
-$conf['plugin']['authmysql']['password'] = '';
-$conf['plugin']['authmysql']['database'] = '';
-
-/* This option enables debug messages in the mysql plugin. It is
- * mostly useful for system admins.
- */
-$conf['plugin']['authmysql']['debug'] = 0;
-
-/* Normally password encryption is done by DokuWiki (recommended) but for
- * some reasons it might be useful to let the database do the encryption.
- * Set 'forwardClearPass' to '1' and the cleartext password is forwarded to
- * the database, otherwise the encrypted one.
- */
-$conf['plugin']['authmysql']['forwardClearPass'] = 0;
-
-/* Multiple table operations will be protected by locks. This array tells
- * the plugin which tables to lock. If you use any aliases for table names
- * these array must also contain these aliases. Any unnamed alias will cause
- * a warning during operation. See the example below.
- */
-$conf['plugin']['authmysql']['TablesToLock']= array("users", "users AS u","groups", "groups AS g", "usergroup", "usergroup AS ug");
-
-/***********************************************************************/
-/*       Basic SQL statements for user authentication (required)       */
-/***********************************************************************/
-
-/* This statement is used to grant or deny access to the wiki. The result
- * should be a table with exact one line containing at least the password
- * of the user. If the result table is empty or contains more than one
- * row, access will be denied.
- *
- * The plugin accesses the password as 'pass' so an alias might be necessary.
- *
- * Following patters will be replaced:
- *   %{user}    user name
- *   %{pass}    encrypted or clear text password (depends on 'encryptPass')
- *   %{dgroup}  default group name
- */
-$conf['plugin']['authmysql']['checkPass']   = "SELECT pass
-                                               FROM usergroup AS ug
-                                               JOIN users AS u ON u.uid=ug.uid
-                                               JOIN groups AS g ON g.gid=ug.gid
-                                               WHERE login='%{user}'
-                                               AND name='%{dgroup}'";
-
-/* This statement should return a table with exact one row containing
- * information about one user. The field needed are:
- * 'pass'  containing the encrypted or clear text password
- * 'name'  the user's full name
- * 'mail'  the user's email address
- *
- * Keep in mind that Dokuwiki will access this information through the
- * names listed above so aliases might be necessary.
- *
- * Following patters will be replaced:
- *   %{user}    user name
- */
-$conf['plugin']['authmysql']['getUserInfo'] = "SELECT pass, CONCAT(firstname,' ',lastname) AS name, email AS mail
-                                               FROM users
-                                               WHERE login='%{user}'";
-
-/* This statement is used to get all groups a user is member of. The
- * result should be a table containing all groups the given user is
- * member of. The plugin accesses the group name as 'group' so an alias
- * might be necessary.
- *
- * Following patters will be replaced:
- *   %{user}    user name
- */
-$conf['plugin']['authmysql']['getGroups']   = "SELECT name as `group`
-                                               FROM groups g, users u, usergroup ug
-                                               WHERE u.uid = ug.uid
-                                               AND g.gid = ug.gid
-                                               AND u.login='%{user}'";
-
-/***********************************************************************/
-/*      Additional minimum SQL statements to use the user manager      */
-/***********************************************************************/
-
-/* This statement should return a table containing all user login names
- * that meet certain filter criteria. The filter expressions will be added
- * case dependent by the plugin. At the end a sort expression will be added.
- * Important is that this list contains no double entries for a user. Each
- * user name is only allowed once in the table.
- *
- * The login name will be accessed as 'user' to an alias might be necessary.
- * No patterns will be replaced in this statement but following patters
- * will be replaced in the filter expressions:
- *   %{user}    in FilterLogin  user's login name
- *   %{name}    in FilterName   user's full name
- *   %{email}   in FilterEmail  user's email address
- *   %{group}   in FilterGroup  group name
- */
-$conf['plugin']['authmysql']['getUsers']    = "SELECT DISTINCT login AS user
-                                               FROM users AS u
-                                               LEFT JOIN usergroup AS ug ON u.uid=ug.uid
-                                               LEFT JOIN groups AS g ON ug.gid=g.gid";
-$conf['plugin']['authmysql']['FilterLogin'] = "login LIKE '%{user}'";
-$conf['plugin']['authmysql']['FilterName']  = "CONCAT(firstname,' ',lastname) LIKE '%{name}'";
-$conf['plugin']['authmysql']['FilterEmail'] = "email LIKE '%{email}'";
-$conf['plugin']['authmysql']['FilterGroup'] = "name LIKE '%{group}'";
-$conf['plugin']['authmysql']['SortOrder']   = "ORDER BY login";
-
-/***********************************************************************/
-/*   Additional SQL statements to add new users with the user manager  */
-/***********************************************************************/
-
-/* This statement should add a user to the database. Minimum information
- * to store are: login name, password, email address and full name.
- *
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{pass}    password (encrypted or clear text, depends on 'encryptPass')
- *   %{email}   email address
- *   %{name}    user's full name
- */
-$conf['plugin']['authmysql']['addUser']     = "INSERT INTO users
-                                               (login, pass, email, firstname, lastname)
-                                               VALUES ('%{user}', '%{pass}', '%{email}',
-                                               SUBSTRING_INDEX('%{name}',' ', 1),
-                                               SUBSTRING_INDEX('%{name}',' ', -1))";
-
-/* This statement should add a group to the database.
- * Following patterns will be replaced:
- *   %{group}   group name
- */
-$conf['plugin']['authmysql']['addGroup']    = "INSERT INTO groups (name)
-                                               VALUES ('%{group}')";
-
-/* This statement should connect a user to a group (a user become member
- * of that group).
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{uid}     id of a user dataset
- *   %{group}   group name
- *   %{gid}     id of a group dataset
- */
-$conf['plugin']['authmysql']['addUserGroup']= "INSERT INTO usergroup (uid, gid)
-                                               VALUES ('%{uid}', '%{gid}')";
-
-/* This statement should remove a group fom the database.
- * Following patterns will be replaced:
- *   %{group}   group name
- *   %{gid}     id of a group dataset
- */
-$conf['plugin']['authmysql']['delGroup']    = "DELETE FROM groups
-                                               WHERE gid='%{gid}'";
-
-/* This statement should return the database index of a given user name.
- * The plugin will access the index with the name 'id' so an alias might be
- * necessary.
- * following patters will be replaced:
- *   %{user}    user name
- */
-$conf['plugin']['authmysql']['getUserID']   = "SELECT uid AS id
-                                               FROM users
-                                               WHERE login='%{user}'";
-
-/***********************************************************************/
-/*   Additional SQL statements to delete users with the user manager   */
-/***********************************************************************/
-
-/* This statement should remove a user fom the database.
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{uid}     id of a user dataset
- */
-$conf['plugin']['authmysql']['delUser']     = "DELETE FROM users
-                                               WHERE uid='%{uid}'";
-
-/* This statement should remove all connections from a user to any group
- * (a user quits membership of all groups).
- * Following patterns will be replaced:
- *   %{uid}     id of a user dataset
- */
-$conf['plugin']['authmysql']['delUserRefs'] = "DELETE FROM usergroup
-                                               WHERE uid='%{uid}'";
-
-/***********************************************************************/
-/*   Additional SQL statements to modify users with the user manager   */
-/***********************************************************************/
-
-/* This statements should modify a user entry in the database. The
- * statements UpdateLogin, UpdatePass, UpdateEmail and UpdateName will be
- * added to updateUser on demand. Only changed parameters will be used.
- *
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{pass}    password (encrypted or clear text, depends on 'encryptPass')
- *   %{email}   email address
- *   %{name}    user's full name
- *   %{uid}     user id that should be updated
- */
-$conf['plugin']['authmysql']['updateUser']  = "UPDATE users SET";
-$conf['plugin']['authmysql']['UpdateLogin'] = "login='%{user}'";
-$conf['plugin']['authmysql']['UpdatePass']  = "pass='%{pass}'";
-$conf['plugin']['authmysql']['UpdateEmail'] = "email='%{email}'";
-$conf['plugin']['authmysql']['UpdateName']  = "firstname=SUBSTRING_INDEX('%{name}',' ', 1),
-                                               lastname=SUBSTRING_INDEX('%{name}',' ', -1)";
-$conf['plugin']['authmysql']['UpdateTarget']= "WHERE uid=%{uid}";
-
-/* This statement should remove a single connection from a user to a
- * group (a user quits membership of that group).
- *
- * Following patterns will be replaced:
- *   %{user}    user's login name
- *   %{uid}     id of a user dataset
- *   %{group}   group name
- *   %{gid}     id of a group dataset
- */
-$conf['plugin']['authmysql']['delUserGroup']= "DELETE FROM usergroup
-                                               WHERE uid='%{uid}'
-                                               AND gid='%{gid}'";
-
-/* This statement should return the database index of a given group name.
- * The plugin will access the index with the name 'id' so an alias might
- * be necessary.
- *
- * Following patters will be replaced:
- *   %{group}   group name
- */
-$conf['plugin']['authmysql']['getGroupID']  = "SELECT gid AS id
-                                               FROM groups
-                                               WHERE name='%{group}'";
-
-
diff --git a/etc/dokuwiki/plugins.local.php b/etc/dokuwiki/plugins.local.php
deleted file mode 100644
index e69de29..0000000
diff --git a/etc/dokuwiki/plugins.php b/etc/dokuwiki/plugins.php
deleted file mode 100644
index b2c7997..0000000
--- a/etc/dokuwiki/plugins.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-/**
- * This file configures the default states of available plugins. All settings in
- * the plugins.*.php files will override those here.
- */
-$plugins['testing'] = 0;
diff --git a/etc/dokuwiki/plugins.required.php b/etc/dokuwiki/plugins.required.php
deleted file mode 100644
index 1241bdb..0000000
--- a/etc/dokuwiki/plugins.required.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-/**
- * This file configures the enabled/disabled status of plugins, which are also protected
- * from changes by the extension manager. These settings will override any local settings.
- * It is not recommended to change this file, as it is overwritten on DokuWiki upgrades.
- */
-$plugins['acl']               = 1;
-$plugins['authplain']         = 1;
-$plugins['extension']         = 1;
-$plugins['config']            = 1;
-$plugins['usermanager']       = 1;
-$plugins['template:dokuwiki'] = 1; // not a plugin, but this should not be uninstalled either
diff --git a/etc/dokuwiki/scheme.conf b/etc/dokuwiki/scheme.conf
deleted file mode 100644
index 88cb3c4..0000000
--- a/etc/dokuwiki/scheme.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-#Add URL schemes you want to be recognized as links here
-
-http
-https
-telnet
-gopher
-wais
-ftp
-ed2k
-irc
-ldap
\ No newline at end of file
diff --git a/etc/dokuwiki/smileys.conf b/etc/dokuwiki/smileys.conf
deleted file mode 100644
index 914549d..0000000
--- a/etc/dokuwiki/smileys.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# Smileys configured here will be replaced by the
-# configured images in the smiley directory
-
-8-)         cool.svg
-8-O         eek.svg
-8-o         eek.svg
-:-(         sad.svg
-:-)         smile.svg
-=)          smile2.svg
-:-/         doubt.svg
-:-\         doubt2.svg
-:-?         confused.svg
-:-D         biggrin.svg
-:-P         razz.svg
-:-o         surprised.svg
-:-O         surprised.svg
-:-x         silenced.svg
-:-X         silenced.svg
-:-|         neutral.svg
-;-)         wink.svg
-m(          facepalm.svg
-^_^         fun.svg
-:?:         question.svg
-:!:         exclaim.svg
-LOL         lol.svg
-FIXME       fixme.svg
-DELETEME    deleteme.svg
-
diff --git a/etc/dokuwiki/userprint.css b/etc/dokuwiki/userprint.css
deleted file mode 100644
index c60684b..0000000
--- a/etc/dokuwiki/userprint.css
+++ /dev/null
@@ -1 +0,0 @@
-/* Place customisations to print mode style sheet here */
diff --git a/etc/dokuwiki/users.auth.php b/etc/dokuwiki/users.auth.php
deleted file mode 120000
index adab839..0000000
--- a/etc/dokuwiki/users.auth.php
+++ /dev/null
@@ -1 +0,0 @@
-/var/lib/dokuwiki/acl/users.auth.php
\ No newline at end of file
diff --git a/etc/dokuwiki/users.auth.php.dist b/etc/dokuwiki/users.auth.php.dist
deleted file mode 100644
index 8231aa5..0000000
--- a/etc/dokuwiki/users.auth.php.dist
+++ /dev/null
@@ -1,10 +0,0 @@
-# users.auth.php
-# <?php exit()?>
-# Don't modify the lines above
-#
-# Userfile
-#
-# Format:
-#
-# login:passwordhash:Real Name:email:groups,comma,separated
-
diff --git a/etc/dokuwiki/userstyle.css b/etc/dokuwiki/userstyle.css
deleted file mode 100644
index 342545c..0000000
--- a/etc/dokuwiki/userstyle.css
+++ /dev/null
@@ -1 +0,0 @@
-/* Place customisations to screen mode style sheet here */
diff --git a/etc/dokuwiki/wordblock.conf b/etc/dokuwiki/wordblock.conf
deleted file mode 100644
index 3040fa0..0000000
--- a/etc/dokuwiki/wordblock.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# This blacklist is maintained by the DokuWiki community
-# patches welcome
-#
-https?:\/\/(\S*?)(-side-effects|top|pharm|pill|discount|discount-|deal|price|order|now|best|cheap|cheap-|online|buy|buy-|sale|sell)(\S*?)(cialis|viagra|prazolam|xanax|zanax|soma|vicodin|zenical|xenical|meridia|paxil|prozac|claritin|allegra|lexapro|wellbutrin|zoloft|retin|valium|levitra|phentermine)
-https?:\/\/(\S*?)(bi\s*sex|gay\s*sex|fetish|incest|penis|\brape\b)
-zoosex
-gang\s*bang
-facials
-ladyboy
-\btits\b
-bolea\.com
-52crystal
-baida\.org
-web-directory\.awardspace\.us
-korsan-team\.com
-BUDA TAMAMDIR
-wow-powerleveling-wow\.com
-wow gold
-wow-gold\.dinmo\.cn
-downgrade-vista\.com
-downgradetowindowsxp\.com
-elegantugg\.com
-classicedhardy\.com
-research-service\.com
-https?:\/\/(\S*?)(2-pay-secure|911essay|academia-research|anypapers|applicationessay|bestbuyessay|bestdissertation|bestessay|bestresume|besttermpaper|businessessay|college-paper|customessay|custom-made-paper|custom-writing|degree-?result|dissertationblog|dissertation-service|dissertations?expert|essaybank|essay-?blog|essaycapital|essaylogic|essaymill|essayontime|essaypaper|essays?land|essaytownsucks|essay-?writ|fastessays|freelancercareers|genuinecontent|genuineessay|genuinepaper|goessay|grandresume|killer-content|ma-dissertation|managementessay|masterpaper|mightystudent|needessay|researchedge|researchpaper-blog|resumecvservice|resumesexperts|resumesplanet|rushessay|samedayessay|superiorcontent|superiorpaper|superiorthesis|term-paper|termpaper-blog|term-paper-research|thesisblog|universalresearch|valwriting|vdwriters|wisetranslation|writersassembly|writers\.com\.ph|writers\.ph)
-flatsinmumbai\.co\.in
-https?:\/\/(\S*?)penny-?stock
-mattressreview\.biz
-(just|simply) (my|a) profile (site|webpage|page)
diff --git a/etc/firewall/.gitignore b/etc/firewall/.gitignore
deleted file mode 100644
index bc7568d..0000000
--- a/etc/firewall/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/state_v4.rules
-/state_v6.rules
diff --git a/etc/firewall/default_v4.rules b/etc/firewall/default_v4.rules
deleted file mode 100644
index f1964fc..0000000
--- a/etc/firewall/default_v4.rules
+++ /dev/null
@@ -1,24 +0,0 @@
-# These rules are applied as the default firewall when there are no state rules to be applied.
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-:sshguard - [0:0]
--A INPUT -m conntrack --ctstate INVALID -j DROP
--A INPUT -i lo -j ACCEPT
--A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT
--A INPUT -s 5.101.171.208/28 -i eth0 -j ACCEPT
--A INPUT -s 172.236.16.105/32 -i eth0 -j ACCEPT
--A INPUT -s 185.176.90.169/32 -i eth0 -j ACCEPT
--A INPUT -s 145.40.182.204/32 -i eth0 -j ACCEPT
--A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
--A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
--A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
--A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
--A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
--A INPUT -j sshguard
--A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
--A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT
--A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT
-COMMIT
diff --git a/etc/firewall/default_v6.rules b/etc/firewall/default_v6.rules
deleted file mode 100644
index ba442b9..0000000
--- a/etc/firewall/default_v6.rules
+++ /dev/null
@@ -1,26 +0,0 @@
-# These rules are applied as the default firewall when there are no state rules to be applied.
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-:sshguard - [0:0]
--A INPUT -m conntrack --ctstate INVALID -j DROP
--A INPUT -i lo -j ACCEPT
--A INPUT -s 2a01:a500:2981:1::/64 -i eth0 -j ACCEPT
--A INPUT -s 2600:3c13::2000:50ff:fef4:7f56/128 -i eth0 -j ACCEPT
--A INPUT -s 2a07:4580:b0d:57f::169/128 -i eth0 -j ACCEPT
--A INPUT -s 2001:470:1f1d:58::/64 -i eth0 -j ACCEPT
--A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
--A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT
--A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
--A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
--A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
--A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
--A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
--A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
--A INPUT -j sshguard
--A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
--A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT
--A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT
-COMMIT
diff --git a/etc/fstab b/etc/fstab
deleted file mode 100644
index e69de29..0000000
diff --git a/etc/fusiondirectory/fusiondirectory.conf b/etc/fusiondirectory/fusiondirectory.conf
new file mode 100644
index 0000000..ca86517
--- /dev/null
+++ b/etc/fusiondirectory/fusiondirectory.conf
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<conf>
+  <main default="Slackware UK LDAP Server" logging="true" displayerrors="true" debuglevel="1024" templateCompileDirectory="/var/cache/fusiondirectory/template/" theme="breezy">
+    <location name="Slackware UK LDAP Server" forceSSL="true">
+      <referral URI="ldaps://core.slackware.uk.net:636" base="dc=slackware,dc=uk,dc=net" adminDn="cn=Administrator,cn=Users,dc=slackware,dc=uk,dc=net" adminPassword="rxdnq8cksunsa$0D" />
+    </location>
+  </main>
+</conf>
diff --git a/etc/gshadow.gpg b/etc/gshadow.gpg
index 6041255..55621e5 100644
Binary files a/etc/gshadow.gpg and b/etc/gshadow.gpg differ
diff --git a/etc/init.d/terraform-http-backend b/etc/init.d/terraform-http-backend
index 9ded505..0bc5bb7 100755
--- a/etc/init.d/terraform-http-backend
+++ b/etc/init.d/terraform-http-backend
@@ -1,55 +1,49 @@
-#!/bin/bash
+#!/bin/sh
 # Start/stop terraform-http-backend.
 #
 ### BEGIN INIT INFO
 # Provides:          terraform-http-backend
-# Required-Start:    $local_fs $remote_fs $network $syslog
-# Required-Stop:     $local_fs $remote_fs $network
+# Required-Start:    $network
+# Required-Stop:     $network
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Terraform HTTP state backend daemon
 # Description:       Terraform HTTP state backend daemon
 ### END INIT INFO
-# shellcheck disable=SC1091
 
-NAME="terraform-http-backend"
-DAEMON="/opt/sbin/$NAME"
+NAME=terraform-http-backend
+DAEMON=/opt/sbin/$NAME
 DESC="Terraform HTTP state backend"
+SCRIPT=terraform-http-backend
 
-[[ -x "$DAEMON" ]] || exit 0
+test -x $DAEMON || exit 0
 
-# shellcheck disable=SC2015
-[[ -f /etc/default/terraform-http-backend ]] && . /etc/default/terraform-http-backend >/dev/null 2>&1 || {
-  echo "$0: error reading: /etc/default/terraform-http-backend"
-  exit 1
-}
-export TF_IP TF_PORT TF_STORAGE_DIR TF_AUTH_ENABLED TF_USERNAME TF_PASSWORD
+[ -f /etc/default/terraform-http-backend ] && . /etc/default/terraform-http-backend
+export TF_USER TF_IP TF_PORT TF_STORAGE_DIR TF_AUTH_ENABLED TF_USERNAME TF_PASSWORD
 
 . /lib/lsb/init-functions
 
 case "$1" in
-  start)
-    log_daemon_msg "Starting $DESC" "$NAME"
-    setpriv --keep-groups --reuid "${TF_USER:-root}" --regid "$(id -ng "${TF_USER:-root}")" -- "$DAEMON" >/dev/null 2>&1 &
-    log_end_msg "$?"
-    ;;
-  stop)
-    log_daemon_msg "Stopping $DESC" "$NAME"
-    killall -TERM "$DAEMON"
-    log_end_msg "$?"
-    ;;
-  restart|force-reload)
-    "$0" stop
-    sleep 1
-    "$0" start
-    ;;
-  status)
-    status_of_proc "$DAEMON" "$NAME" && exit 0 || exit "$?"
-    ;;
-  *)
-    echo "Usage: $0 start|stop|restart|force-reload|status"
-    exit 1
-    ;;
+	(start)
+		log_daemon_msg "Starting $DESC" $NAME
+		/usr/bin/su "$TF_USER" -c "$DAEMON >/dev/null 2>&1 &"
+		log_end_msg $?
+		;;
+	(stop)
+		log_daemon_msg "Stopping $DESC" $NAME
+		/usr/bin/killall -TERM $DAEMON
+		log_end_msg $?
+		;;
+	(restart|force-reload)
+		$0 stop && sleep 1 && $0 start
+		;;
+	(status)
+		status_of_proc $DAEMON $NAME && exit 0 || exit $?
+		;;
+	(*)
+		echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}"
+		exit 1
+		;;
 esac
 
 exit 0
diff --git a/etc/krb5.conf b/etc/krb5.conf
index 26cfaf3..3b866e2 100644
--- a/etc/krb5.conf
+++ b/etc/krb5.conf
@@ -1,5 +1,8 @@
 [logging]
-default = SYSLOG:WARNING:news
+# FIXME:
+# default = FILE:/var/log/krb5libs
+# kdc = FILE:/var/log/krb5kdc
+# admin_server = FILE:/var/log/kadmind
 
 [libdefaults]
 ccache_type = 4
diff --git a/etc/logrotate.conf b/etc/logrotate.conf
deleted file mode 100644
index 82c7160..0000000
--- a/etc/logrotate.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# Rotate log files on a monthly basis.
-monthly
-
-# Name files based upon the year/month they are rotated.
-dateext
-dateformat -%Y-%m
-dateyesterday
-
-# Compress rotated logs.
-compress
-
-# Keep 5 years of old logs (just to be sure).
-rotate 60
-
-# Move rotated logs to this directory.
-olddir /var/log/Archived
-
-# After rotating, create new (empty) files with the same owner/perms.
-create
-
-# E-mail logs which are about to be deleted to this address.
-mail sysadmin@slackware.uk
-
-# Read log specific configurations.
-include /etc/logrotate.d
diff --git a/etc/logrotate.d/alternatives b/etc/logrotate.d/alternatives
deleted file mode 100644
index 0a428cc..0000000
--- a/etc/logrotate.d/alternatives
+++ /dev/null
@@ -1,4 +0,0 @@
-/var/log/alternatives.log {
-  missingok
-  notifempty
-}
diff --git a/etc/logrotate.d/apache2 b/etc/logrotate.d/apache2
deleted file mode 100644
index e965af8..0000000
--- a/etc/logrotate.d/apache2
+++ /dev/null
@@ -1 +0,0 @@
-# This file is intentionally empty to prevent new packages re-creating the original content.
diff --git a/etc/logrotate.d/apt b/etc/logrotate.d/apt
deleted file mode 100644
index 2b87a5a..0000000
--- a/etc/logrotate.d/apt
+++ /dev/null
@@ -1,15 +0,0 @@
-/var/log/apt/eipp.log.xz {
-  missingok
-  nocompress
-  notifempty
-}
-
-/var/log/apt/term.log {
-  missingok
-  notifempty
-}
-
-/var/log/apt/history.log {
-  missingok
-  notifempty
-}
diff --git a/etc/logrotate.d/btmp b/etc/logrotate.d/btmp
deleted file mode 100644
index 9d46cf8..0000000
--- a/etc/logrotate.d/btmp
+++ /dev/null
@@ -1,3 +0,0 @@
-/var/log/btmp {
-  missingok
-}
diff --git a/etc/logrotate.d/dpkg b/etc/logrotate.d/dpkg
deleted file mode 100644
index 686d337..0000000
--- a/etc/logrotate.d/dpkg
+++ /dev/null
@@ -1,4 +0,0 @@
-/var/log/dpkg.log {
-  missingok
-  notifempty
-}
diff --git a/etc/logrotate.d/php8.4-fpm b/etc/logrotate.d/php8.4-fpm
deleted file mode 100644
index e965af8..0000000
--- a/etc/logrotate.d/php8.4-fpm
+++ /dev/null
@@ -1 +0,0 @@
-# This file is intentionally empty to prevent new packages re-creating the original content.
diff --git a/etc/logrotate.d/prometheus b/etc/logrotate.d/prometheus
deleted file mode 100644
index 7377e74..0000000
--- a/etc/logrotate.d/prometheus
+++ /dev/null
@@ -1,5 +0,0 @@
-/var/log/prometheus/prometheus.log {
-  copytruncate
-  notifempty
-  missingok
-}
diff --git a/etc/logrotate.d/prometheus-alertmanager b/etc/logrotate.d/prometheus-alertmanager
deleted file mode 100644
index 613967b..0000000
--- a/etc/logrotate.d/prometheus-alertmanager
+++ /dev/null
@@ -1,5 +0,0 @@
-/var/log/prometheus/prometheus-alertmanager.log {
-  copytruncate
-  notifempty
-  missingok
-}
diff --git a/etc/logrotate.d/prometheus-node-exporter b/etc/logrotate.d/prometheus-node-exporter
deleted file mode 100644
index 5deb25a..0000000
--- a/etc/logrotate.d/prometheus-node-exporter
+++ /dev/null
@@ -1,5 +0,0 @@
-/var/log/prometheus/prometheus-node-exporter.log {
-  copytruncate
-  notifempty
-  missingok
-}
diff --git a/etc/logrotate.d/rsyslog b/etc/logrotate.d/rsyslog
deleted file mode 100644
index 4867f5e..0000000
--- a/etc/logrotate.d/rsyslog
+++ /dev/null
@@ -1,9 +0,0 @@
-/var/log/auth /var/log/crond /var/log/messages /var/log/ftpd /var/log/kernel /var/log/dehydrated /var/log/smtpd /var/log/kerberos /var/log/named /var/log/samba/samba /var/log/rsyncd /var/log/php /var/log/httpd /var/log/ERROR /var/log/EMERG /var/log/DEBUG {
-{
-  missingok
-  notifempty
-  sharedscripts
-  postrotate
-    /usr/lib/rsyslog/rsyslog-rotate
-  endscript
-}
diff --git a/etc/logrotate.d/wtmp b/etc/logrotate.d/wtmp
deleted file mode 100644
index 32ddf3d..0000000
--- a/etc/logrotate.d/wtmp
+++ /dev/null
@@ -1,4 +0,0 @@
-/var/log/wtmp {
-  notifempty
-  missingok
-}
diff --git a/etc/logrotate.d/wtmpdb b/etc/logrotate.d/wtmpdb
deleted file mode 100644
index 1f92bf6..0000000
--- a/etc/logrotate.d/wtmpdb
+++ /dev/null
@@ -1,4 +0,0 @@
-/var/log/wtmp.db {
-  notifempty
-  missingok
-}
diff --git a/etc/motd b/etc/motd
index 2e55c9f..8b13789 100644
--- a/etc/motd
+++ b/etc/motd
@@ -1,9 +1 @@
-            _ ...              _
-       __    |-|-:__    ___.   |  ,  __    __  __    _     ___
-      (__`   |``` __)  /   `   |.(    |    |   __)    |'` /___)
-  |   .__)  _|_  (__|_ '.__.  _|  \_  \_/\_/  (__|_  _|_  '.__.
-  |                                              __  _   _  ,__
-  |___________________________________________  /   / \ |_) |__
-                                                \__ \_/ | \ |__
-                   Slackware UK Core Services
 
diff --git a/etc/msmtp-aliases b/etc/msmtp.aliases
similarity index 100%
rename from etc/msmtp-aliases
rename to etc/msmtp.aliases
diff --git a/etc/pam.d/.gitignore b/etc/pam.d/.gitignore
deleted file mode 100644
index 44eb6cd..0000000
--- a/etc/pam.d/.gitignore
+++ /dev/null
@@ -1,20 +0,0 @@
-/chfn
-/chpasswd
-/chsh
-/common-account
-/common-auth
-/common-password
-/common-session
-/cron
-/login
-/newusers
-/other
-/passwd
-/runuser
-/runuser-l
-/samba
-/sshd
-/su
-/sudo
-/sudo-i
-/su-l
diff --git a/etc/pam.d/common-session-noninteractive b/etc/pam.d/common-session-noninteractive
deleted file mode 100644
index 50f685e..0000000
--- a/etc/pam.d/common-session-noninteractive
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# /etc/pam.d/common-session-noninteractive - session-related modules
-# common to all non-interactive services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of all non-interactive sessions.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]			pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required			pam_permit.so
-# reset the umask for new sessions
-session optional			pam_umask.so
-# Silence cron job messages in the authpriv log.
-session [success=1 default=ignore]	pam_succeed_if.so service in cron quiet use_uid
-# and here are more per-package modules (the "Additional" block)
-session	required	pam_unix.so 
-# end of pam-auth-update config
diff --git a/etc/passwd b/etc/passwd
index a4bb2b4..6937e4a 100644
--- a/etc/passwd
+++ b/etc/passwd
@@ -10,7 +10,7 @@ mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
 news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
 uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
 proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
-www-data:x:33:33:www-data:/var/www:/bin/bash
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
 backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
 list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
 irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
diff --git a/etc/pkglist b/etc/pkglist
index 8140a85..6ae8d51 100644
--- a/etc/pkglist
+++ b/etc/pkglist
@@ -4,20 +4,31 @@ apache2-bin
 apache2-data
 apache2-utils
 apt
-apt-utils
 attr
+autoconf
+automake
+autopoint
+autotools-dev
 base-files
 base-passwd
 bash
-bind9-dnsutils
+bash-completion
 bind9-host
 bind9-libs
-bootlogd
+binutils
+binutils-common
+binutils-x86-64-linux-gnu
+bsd-mailx
 bsdextrautils
 bsdutils
+build-essential
 bzip2
 ca-certificates
 coreutils
+cpp
+cpp-14
+cpp-14-x86-64-linux-gnu
+cpp-x86-64-linux-gnu
 cron
 cron-daemon-common
 cronutils
@@ -28,57 +39,92 @@ dbus-bin
 dbus-daemon
 dbus-session-bus-common
 dbus-system-bus-common
+dbus-user-session
 debconf
+debhelper
 debian-archive-keyring
 debianutils
 dehydrated
-devuan-keyring
+dh-autoreconf
+dh-strip-nondeterminism
+dhcpcd-base
 dialog
 diffutils
-dokuwiki
-dokuwiki-plugins-extra
+dirmngr
+distro-info-data
 dpkg
+dpkg-dev
+dummy-default-mta
+dwz
+equivs
+fakeroot
+file
 findutils
 fontconfig-config
 fonts-dejavu-core
 fonts-dejavu-mono
-fonts-glyphicons-halflings
+fonts-droid-fallback
+fonts-noto-mono
+fonts-urw-base35
+freeipmi-common
 fusiondirectory
 fusiondirectory-integrator
 fusiondirectory-schema
 fusiondirectory-smarty3-acl-render
 fusiondirectory-theme-oxygen
 fusiondirectory-tools
+g++
+g++-14
+g++-14-x86-64-linux-gnu
+g++-x86-64-linux-gnu
+gcc
+gcc-14
 gcc-14-base
+gcc-14-x86-64-linux-gnu
+gcc-x86-64-linux-gnu
 gettext
 gettext-base
+ghostscript
 git
 git-man
+gnupg
+gnupg-l10n
+gnupg-utils
 gpg
 gpg-agent
+gpg-wks-client
 gpgconf
+gpgsm
 gpgv
 grep
+groff-base
+gsasl-common
 gzip
 hicolor-icon-theme
 hostname
-htop
 ifupdown
 imagemagick-7-common
-inetutils-telnet
+init
 init-system-helpers
-initscripts
-insserv
+intltool-debian
+ipmitool
 iproute2
-ipset
 iptables
 iputils-ping
+iso-codes
 javascript-common
+jq
+kmod
+krb5-config
+krb5-locales
 krb5-user
 ldap-utils
 less
 libabsl20240722
 libacl1
+libalgorithm-diff-perl
+libalgorithm-diff-xs-perl
+libalgorithm-merge-perl
 libaom3
 libapache2-mod-php8.4
 libapparmor1
@@ -87,7 +133,10 @@ libaprutil1-dbd-sqlite3
 libaprutil1-ldap
 libaprutil1t64
 libapt-pkg7.0
+libarchive-cpio-perl
+libarchive-zip-perl
 libargon2-1
+libasan8
 libassuan9
 libatomic1
 libattr1
@@ -97,6 +146,7 @@ libavahi-client3
 libavahi-common-data
 libavahi-common3
 libavif16
+libbinutils
 libblkid1
 libbpf1
 libbrotli1
@@ -104,83 +154,100 @@ libbsd0
 libbz2-1.0
 libc-bin
 libc-client2007e
+libc-dev-bin
 libc-l10n
 libc6
+libc6-dev
 libcap-ng0
 libcap2
 libcap2-bin
 libcbor0.10
+libcc1-0
 libcom-err2
+libcrypt-dev
 libcrypt1
+libctf-nobfd0
+libctf0
 libcups2t64
 libcurl3t64-gnutls
 libcurl4t64
-libcurses-perl
-libcurses-ui-perl
 libdav1d7
 libdb5.3t64
 libdbus-1-3
 libde265-0
 libdebconfclient0
+libdebhelper-perl
 libdeflate0
 libdialog15
+libdpkg-perl
+libduktape207
 libedit2
 libelf1t64
 liberror-perl
 libestr0
-libeudev1
 libexpat1
+libfakeroot
 libfastjson4
 libffi8
 libfftw3-double3
 libfido2-1
+libfile-fcntllock-perl
+libfile-stripnondeterminism-perl
 libfontconfig1
+libfontenc1
+libfreeipmi17
 libfreetype6
 libfstrm0
 libgav1-1
+libgcc-14-dev
 libgcc-s1
 libgcrypt20
 libgd3
 libgdbm-compat4t64
 libgdbm6t64
 libglib2.0-0t64
+libglib2.0-data
 libgmp10
 libgnutls30t64
 libgomp1
+libgpg-error-l10n
 libgpg-error0
+libgpgme11t64
+libgpm2
+libgprofng0
+libgs-common
+libgs10
+libgs10-common
 libgsasl18
 libgssapi-krb5-2
 libgssglue1
 libgssrpc4t64
+libheif-plugin-aomenc
 libheif-plugin-dav1d
 libheif-plugin-libde265
+libheif-plugin-x265
 libheif1
 libhogweed6t64
+libhwasan0
+libice6
 libicu76
 libidn12
 libidn2-0
+libijs-0.35
 libimagequant0
+libio-pty-perl
 libip4tc2
 libip6tc2
-libipset13t64
+libipc-run-perl
+libisl23
+libitm1
 libjansson4
 libjbig0
+libjbig2dec0
 libjemalloc2
 libjpeg62-turbo
-libjs-bootstrap
-libjs-bootstrap4
-libjs-d3
-libjs-eonasdan-bootstrap-datetimepicker
-libjs-jquery
-libjs-jquery-cookie
-libjs-jquery-hotkeys
-libjs-jquery-ui
-libjs-moment
-libjs-moment-timezone
-libjs-mustache
-libjs-popper.js
+libjq1
 libjs-prototype
-libjs-rickshaw
 libjs-scriptaculous
 libjson-c5
 libk5crypto3
@@ -188,62 +255,91 @@ libkadm5clnt-mit12
 libkadm5srv-mit12
 libkdb5-10t64
 libkeyutils1
+libkmod2
 libkrb5-3
 libkrb5support0
 libksba8
 liblastlog2-2
 liblcms2-2
+libldap-common
 libldap2
 libldb2
 liblerc4
 liblmdb0
+liblocale-gettext-perl
+liblockfile-bin
+liblockfile1
 liblognorm5
 liblqr-1-0
+liblsan0
+libltdl-dev
 libltdl7
 liblua5.4-0
 liblz4-1
 liblzma5
+libmagic-mgc
+libmagic1t64
 libmagickcore-7.q16-10
 libmagickwand-7.q16-10
+libmail-sendmail-perl
 libmaxminddb0
 libmd0
 libmnl0
 libmount1
+libmpc3
+libmpfr6
 libncurses6
 libncursesw6
 libnetfilter-conntrack3
 libnettle8t64
 libnfnetlink0
+libnftables1
 libnftnl11
 libnghttp2-14
 libnghttp3-9
 libngtcp2-16
 libngtcp2-crypto-gnutls8
 libnpth0t64
+libnss-systemd
+libnss-winbind
 libntlm0
-libodbc2
+libnuma1
+libnvme1t64
 libonig5
+libopenipmi0t64
 libopenjp2-7
 libp11-kit0
+libpam-cap
 libpam-modules
 libpam-modules-bin
 libpam-runtime
+libpam-systemd
+libpam-winbind
 libpam0g
+libpaper-utils
+libpaper2
+libpci3
 libpcre2-8-0
 libperl5.40
-libphp-simplepie
+libpipeline1
 libpng16-16t64
+libpolkit-agent-1-0
+libpolkit-gobject-1-0
 libpopt0
-libpq5
 libproc2-0
 libprotobuf-c1
 libpsl5t64
-libqdbm14t64
+libpython3-stdlib
+libpython3.13
+libpython3.13-minimal
+libpython3.13-stdlib
+libquadmath0
 librav1e0.7
 libraw23t64
 libreadline8t64
 librtmp1
 libsasl2-2
+libsasl2-modules
 libsasl2-modules-db
 libseccomp2
 libsecret-1-0
@@ -251,29 +347,43 @@ libsecret-common
 libselinux1
 libsemanage-common
 libsemanage2
+libsensors-config
+libsensors5
 libsepol2
+libsframe1
 libsharpyuv0
+libsm6
 libsmartcols1
+libsnmp-base
+libsnmp40t64
 libsodium23
 libsqlite3-0
 libss2
 libssh2-1t64
 libssl3t64
+libstdc++-14-dev
 libstdc++6
 libsvtav1enc2
+libsys-hostname-long-perl
+libsystemd-shared
 libsystemd0
 libtalloc2
 libtasn1-6
 libtdb1
-libterm-readkey-perl
 libtevent0t64
 libtext-charwidth-perl
 libtext-wrapi18n-perl
-libtidy58
 libtiff6
+libtime-duration-perl
+libtimedate-perl
 libtinfo6
 libtirpc-common
 libtirpc3t64
+libtool
+libtsan2
+libubsan1
+libuchardet0
+libudev1
 libunistring5
 liburcu8t64
 liburing2
@@ -287,6 +397,7 @@ libwrap0
 libwtmpdb0
 libx11-6
 libx11-data
+libx265-215
 libxau6
 libxcb1
 libxdmcp6
@@ -294,28 +405,43 @@ libxext6
 libxml2
 libxpm4
 libxslt1.1
+libxt6t64
 libxtables12
 libxxhash0
 libyaml-0-2
 libyuv0
 libzstd1
+linux-libc-dev
+linux-sysctl-defaults
 locales
 locales-all
 login
 login.defs
 logrotate
+lsb-release
 lynx
 lynx-common
+m4
+mailcap
+make
+man-db
+manpages
+manpages-dev
 mawk
 media-types
 mlock
+moreutils
 mount
 msmtp
 nano
 ncurses-base
 ncurses-bin
+ncurses-term
 net-tools
 netbase
+nftables
+nvme-cli
+openipmi
 openssh-client
 openssh-server
 openssh-sftp-server
@@ -324,6 +450,7 @@ openssl-provider-legacy
 oxygen-icon-theme
 passwd
 patch
+pci.ids
 perl
 perl-base
 perl-modules-5.40
@@ -332,19 +459,14 @@ php-bcmath
 php-bz2
 php-cas
 php-common
-php-constant-time
 php-curl
 php-fpdf
 php-fpm
 php-gd
-php-geshi
 php-gmp
 php-intl
-php-kissifrot-php-ixr
 php-ldap
 php-mbstring
-php-phpseclib3
-php-random-compat
 php-sqlite3
 php-xml
 php-yaml
@@ -354,7 +476,6 @@ php8.4-bz2
 php8.4-cli
 php8.4-common
 php8.4-curl
-php8.4-dba
 php8.4-fpm
 php8.4-gd
 php8.4-gmp
@@ -363,57 +484,98 @@ php8.4-imap
 php8.4-intl
 php8.4-ldap
 php8.4-mbstring
-php8.4-mysql
-php8.4-odbc
 php8.4-opcache
-php8.4-pgsql
 php8.4-readline
-php8.4-soap
 php8.4-sqlite3
-php8.4-tidy
 php8.4-xml
-php8.5-cli
-php8.5-common
-php8.5-phpdbg
-php8.5-readline
-php8.5-yaml
+php8.4-yaml
 phpldapadmin
 pinentry-curses
+pkexec
+po-debconf
+polkitd
+poppler-data
 procps
-prometheus
-prometheus-alertmanager
 prometheus-node-exporter
-promtool
+prometheus-node-exporter-collectors
 psmisc
+publicsuffix
+python-apt-common
+python3
+python3-anyio
+python3-apt
+python3-bcrypt
+python3-certifi
+python3-cffi-backend
+python3-click
+python3-cryptography
+python3-decorator
+python3-dnspython
+python3-gpg
+python3-h11
+python3-h2
+python3-hpack
+python3-httpcore
+python3-httpx
+python3-hyperframe
+python3-idna
+python3-ldb
+python3-linkify-it
+python3-markdown
+python3-markdown-it
+python3-mdurl
+python3-minimal
+python3-prometheus-client
+python3-pygments
+python3-rich
+python3-samba
+python3-sniffio
+python3-talloc
+python3-tdb
+python3-uc-micro
+python3-yaml
+python3.13
+python3.13-minimal
 readline-common
-rsync
+rpcsvc-proto
 rsyslog
 runit-helper
-s-nail
 samba
+samba-ad-dc
+samba-ad-provision
 samba-common
 samba-common-bin
+samba-dsdb-modules
 samba-libs
 sed
 sensible-utils
-shellcheck
+sgml-base
+shared-mime-info
 smarty-gettext
 smarty3
+sqv
 sshguard
-startpar
+ssl-cert
 sudo
-systemd-standalone-sysusers
-systemd-standalone-tmpfiles
-sysv-rc
-sysv-rc-conf
-sysvinit-core
+systemd
+systemd-resolved
+systemd-sysv
 sysvinit-utils
 tar
-telnet
+tdb-tools
 tzdata
 ucf
+udev
 util-linux
+uuid-runtime
+vim
 vim-common
-vim-tiny
-wget
+vim-runtime
+winbind
+x11-common
+xdg-user-dirs
+xfonts-encodings
+xfonts-utils
+xml-core
+xz-utils
 zlib1g
diff --git a/etc/rc.local b/etc/rc.local
deleted file mode 100755
index 2bba48e..0000000
--- a/etc/rc.local
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-# This script is executed at the end of each multiuser runlevel.
-# Make sure that the script will "exit 0" on success or any other value on error.
-# In order to enable or disable this script just change the execution bits.
-
-[[ -d /etc/boot.d ]] && run-parts /etc/boot.d
-
-exit 0
diff --git a/etc/rc.shutdown b/etc/rc.shutdown
deleted file mode 100755
index 3d3b9b8..0000000
--- a/etc/rc.shutdown
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-# This script is executed by /etc/init.d/rc.local stop.
-# Make sure that the script will "exit 0" on success or any other value on error.
-# In order to enable or disable this script just change the execution bits.
-
-[[ -d /etc/shutdown.d ]] && run-parts /etc/shutdown.d
-
-exit 0
diff --git a/etc/resolv.conf b/etc/resolv.conf
index 78bbc6b..ff531e2 100644
--- a/etc/resolv.conf
+++ b/etc/resolv.conf
@@ -1,8 +1,6 @@
 options timeout:2
 options edns0
 search slackware.uk.net
-# FIXME:
-#nameserver 5.101.171.216
-#nameserver 5.101.171.217
-#nameserver 185.176.90.169
-nameserver 8.8.8.8
+nameserver 5.101.171.216
+nameserver 5.101.171.217
+nameserver 185.176.90.169
diff --git a/etc/rsyncd.banner b/etc/rsyncd.banner
deleted file mode 100644
index 2e55c9f..0000000
--- a/etc/rsyncd.banner
+++ /dev/null
@@ -1,9 +0,0 @@
-            _ ...              _
-       __    |-|-:__    ___.   |  ,  __    __  __    _     ___
-      (__`   |``` __)  /   `   |.(    |    |   __)    |'` /___)
-  |   .__)  _|_  (__|_ '.__.  _|  \_  \_/\_/  (__|_  _|_  '.__.
-  |                                              __  _   _  ,__
-  |___________________________________________  /   / \ |_) |__
-                                                \__ \_/ | \ |__
-                   Slackware UK Core Services
-
diff --git a/etc/rsyncd.conf b/etc/rsyncd.conf
deleted file mode 100644
index 119d8ab..0000000
--- a/etc/rsyncd.conf
+++ /dev/null
@@ -1,89 +0,0 @@
-# Connecting
-# Note: Either an IPv4 OR IPv6 address can be used here, not both.  Default: bind to all IPs.
-#address		= 
-max connections		= 10
-timeout			= 30
-motd file		= /etc/rsyncd.banner
-
-# Daemon security
-uid			= mirror
-gid			= mirror
-use chroot		= true
-read only		= false
-write only		= true
-list			= false
-secrets file		= /etc/rsyncd.passwd
-exclude			= .rsync-tmp/*** .zfs/***
-
-# Logging
-syslog facility		= local5
-#log file		= /var/log/rsyncd
-#transfer logging	= true
-pid file		= /run/rsyncd.pid
-
-# Daemon behaviour
-incoming chmod		= u+w,go-w,Dugo+rx,Fugo+rX
-refuse options		= backup backup-dir inplace append append-verify acls xattrs chmod super fake-super rsync-path ignore-errors compress-level blocking-io iconv checksum-seed
-dont compress		= *.7z *.[bglx]z *.aac *.arj *.avi *.bz2 *.deb *.dpkg *.flac *.flv *.gif *.giff *.iso *.jpeg *.jpg *.lha *.lzh *.lzma *.m[34][av] *.mkv *.mov *.mp[34] *.mp[34][av] *.mpeg *.mpg *.og[agvx] *.qt *.rar *.rpm *.srpm *.t[bglx]z *.tz *.vob *.wm[av] *.z *.zip
-post-xfer exec		= /opt/bin/notify-rsync-upload
-
-
-[bonappetit-upload]
-  path			= /data/mirrors/bonappetit
-  auth users		= bonappetit
-
-[csb-upload]
-  path			= /data/mirrors/csb
-  auth users		= willysr
-
-[msb-upload]
-  path			= /data/mirrors/msb
-  auth users		= willysr
-
-[people-n4t3r-upload]
-  path			= /data/mirrors/people/n4t3r
-  auth users		= nate
-
-[sarpi-upload]
-  path			= /data/mirrors/sarpi
-  auth users		= exaga
-
-[slackdce-upload]
-  path			= /data/mirrors/slackdce
-  auth users		= lu9dce
-
-[slackel-upload]
-  path			= /data/mirrors/slackel
-  auth users		= djemos
-
-[slackvirt-upload]
-  path			= /data/mirrors/slackvirt
-  auth users		= megalnx
-
-[slackwarearm-upload]
-  path			= /data/mirrors/slackwarearm
-  auth users		= mozes
-
-[slackwarearm-people-brent-upload]
-  path			= /data/mirrors/slackwarearm/people/brent
-  auth users		= brent
-
-[slackwarearm-people-louigi600-upload]
-  path			= /data/mirrors/slackwarearm/people/louigi600
-  auth users		= louigi600
-
-[slackwareloong-upload]
-  path			= /data/mirrors/slackwareloong
-  auth users		= shipujin
-
-[slint-upload]
-  path			= /data/mirrors/slint
-  auth users		= billyw hunterj tomm tonys
-
-[smlinux-upload]
-  path			= /data/mirrors/smlinux
-  auth users		= skyroverr
-
-[tmp-upload]
-  path			= /data/tmp/rsync-upload
-  auth users		= guest
diff --git a/etc/rsyncd.passwd.gpg b/etc/rsyncd.passwd.gpg
deleted file mode 100644
index 423bd65..0000000
--- a/etc/rsyncd.passwd.gpg
+++ /dev/null
@@ -1,6 +0,0 @@
-Œ
	
-‹AlÍ*¢ÿÒÀç
 È�ƲÌI$!!Ã'òwÛήQWø#"“kæ¨k…„®˜#ëDX‹˜FáHöWøP(9­íÃRš�¥—‹RöNUÊ3
÷ÈO••à†Z§ècБ=ßÓ"×ä&cüùIpÀy7‹ 
-ò�óªyl:²ð¦qü¸°¡Þàdè
->Mª•UËÙ!L{€A°],‹²“>ÜrŽë6ŸI`:@º îÀXŸ7m]e³Ê®è̘4•ŒEÿòª«Íd°®N
-b‰ç"yš†éFó䦵M¤™Æ
SAáI{z»ô0€‘��ç¦<í6–»2—/À{yûL©ÿ»ÓÕÝâr€ôYy1üìA›39\~(³Ñ&Û»�¸ØZ*w]U¼^za’
ËšÖ‰ÍWMs$Âð¨8gätn)g¼¿©¸-NóBwøþz8"‡‘–‡q›«F-}>±¯ž>¼² y«9/ýè\o]…5�<Ýšz?˜Ùf
ïvVmã½:„íXTÌ;ußÊVI«X
-+žè½ÿ+ˆeV™Òew?Gº
\ No newline at end of file
diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf
index 0f911b2..e3caae5 100644
--- a/etc/rsyslog.conf
+++ b/etc/rsyslog.conf
@@ -1,180 +1,143 @@
-# VMWare: RFC5424 message format.
-
 # Load modules.
-module(load="imuxsock" sysSock.usePIDFromSystem="on")
 module(load="imudp")
 module(load="imtcp")
-module(load="imfile" Mode="inotify")
-module(load="builtin:omfile" dirCreateMode="0755" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0644" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd")
+module(load="builtin:omfile" dirCreateMode="0750" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0640" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd")
+
 
 # Global configuration.
 global(
-  workDirectory="/var/spool/rsyslog"
+  workDirectory="/var/lib/rsyslog"
   #stdlog.channelspec="on"
   maxMessageSize="16K"
   senders.keepTrack="on"
   senders.timeoutAfter="2419200"
   senders.reportGoneAway="on"
   senders.reportNew="on"
-  parser.permitSlashInProgramName="on"
 )
 
 
-# Templates.
-# For the log lines.
-# The format for any version of message received is:
-# <date> <short-hostname> <facility>.<severity> <msgid> <tag> <message>
-# Where <msgid> may be '-' for none, and <tag> is either the message's "tag", "app-name", or '-' for none.
-template(name="localLogLine" type="string" string="%timereported% %$.host% %syslogfacility-text%.%syslogseverity-text% %$.id% %$.tag%%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
-template(name="centralLogLine" type="string" string="%timereported:::date-utc% %$.host% %syslogfacility-text%.%syslogseverity-text% %$.id% %$.tag%%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
-# For the logfile locations.
-template(name="localFile" type="string" string="/var/log/%$.logfile%")
-template(name="centralFile" type="string" string="/data/logs/%$.fqdn%/%timegenerated:1:4:date-utc,date-rfc3339%/%timegenerated:6:7:date-utc,date-rfc3339%/%timegenerated:9:10:date-utc,date-rfc3339%/%$.logfile%")
-
-# Rulesets.  Must be defined before inputs that use them.
-ruleset(name="localSyslog") {
-  # Use the host's lowercased FQDN.
-  set $.fqdn = tolower("core.slackware.uk.net");
-  # Extract the hostname part of the FQDN the message was receieved from.
-  set $.host = field($.fqdn, ".", 1);
-  # Hack for RFC3164 messages that do not contain a 'tag' (usually the process name and ID ending in :).
-  if ($syslogtag == "") then {
-    set $.tag = "-:";
-  } else {
-    set $.tag = $syslogtag;
-  }
-  # Hack for messages that do not contain a 'msgid'.
-  if ($msgid == "") then {
-    set $.id = "-";
-  } else {
-    set $.id = $msgid;
-  }
-
-  # Direct the message to the correct log(s).
-  if prifilt("auth.*,authpriv.*") then set $.logfile = "auth";
-  if prifilt("cron.*") then set $.logfile = "crond";
-  if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $.logfile = "messages";
-  if prifilt("ftp.*") then set $.logfile = "ftpd";
-  if prifilt("kern.*") then set $.logfile = "kernel";
-  if prifilt("lpr.*") then set $.logfile = "dehydrated";
-  if prifilt("mail.*") then set $.logfile = "smtpd";
-  if prifilt("news.*") then set $.logfile = "kerberos";
-  if prifilt("local3.*") then set $.logfile = "named";
-# FIXME: Correct logfile for samba?
-  if prifilt("local4.*") then set $.logfile = "samba/samba";
-  if prifilt("local5.*") then set $.logfile = "rsyncd";
-  if prifilt("local6.*") then set $.logfile = "php";
-  if prifilt("local7.*") then set $.logfile = "httpd";
-# For next release of rsyslog:
-#  set $.ret = parse_json('[]', "\$!logfiles");
-#  if prifilt("auth.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "auth");
-#  if prifilt("cron.*") then set $!logfiles = append_json($!logfiles, "crond");
-#  if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $!logfiles = append_json($!logfiles, "messages");
-#  if prifilt("ftp.*") then set $!logfiles = append_json($!logfiles, "ftpd");
-#  if prifilt("kern.*") then set $!logfiles = append_json($!logfiles, "kernel");
-#  if prifilt("lpr.*") then set $!logfiles = append_json($!logfiles, "dehydrated");
-#  if prifilt("mail.*") then set $!logfiles = append_json($!logfiles, "smtpd");
-#  if prifilt("news.*") then set $!logfiles = append_json($!logfiles, "kerberos");
-#  if prifilt("local3.*") then set $!logfiles = append_json($!logfiles, "named");
-#  if prifilt("local4.*") then set $!logfiles = append_json($!logfiles, "samba/samba");
-#  if prifilt("local5.*") then set $!logfiles = append_json($!logfiles, "rsyncd");
-#  if prifilt("local6.*") then set $!logfiles = append_json($!logfiles, "php");
-#  if prifilt("local7.*") then set $!logfiles = append_json($!logfiles, "httpd");
-#  if prifilt("*.err,*.crit') then set $!logfiles = append_json($!logfiles, "ERROR");
-#  if prifilt("*.alert,*.emerg') then set $!logfiles = append_json($!logfiles, "EMERG");
-#  if prifilt("*.debug") then set $!logfiles = append_json($!logfiles, "DEBUG");
-
-  # Write the logs.
-#  foreach ($.logfile in $!logfiles) do {
-    action(type="omfile" dynaFile="localFile" template="localLogLine" asyncWriting="on" flushInterval="5" ioBufferSize="64k" createDirs="on")
-    action(type="omfile" dynaFile="centralFile" template="centralLogLine" asyncWriting="on" flushInterval="5" ioBufferSize="64k" createDirs="on")
-#  }
-}
-
-ruleset(name="remoteSyslog") {
-  # Use the incoming host's lowercased FQDN.
-  set $.fqdn = tolower($fromhost);
-  # Extract the hostname part of the FQDN the message was receieved from.
-  set $.host = field($.fqdn, ".", 1);
-  # Hack for RFC5424 messages that do not contain an app-name or procid.
-  if ($app-name == "") then {
-    if ($syslogtag == "") then {
-      set $.tag = "-";
-    } else {
-      set $.tag = $syslogtag;
-    }
-  } else {
-    if ($procid == "") then {
-      set $.tag = $app-name;
-    } else {
-      set $.tag = $app-name & '[' & $procid & ']';
-    }
-  }
-  # Hack for messages that do not contain a 'msgid'.
-  if ($msgid == "") then {
-    set $.id = "-";
-  } else {
-    set $.id = $msgid;
-  }
-
-  # Direct the message to the correct log(s).
-  if (re_match_i($.host, '^(esx[[:alnum:]]|vcsa)$')) then {
-    if prifilt("auth.*,authpriv.*") then set $.logfile = "auth";
-    if prifilt("cron.*,daemon.*,ftp.*,lpr.*,news.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*,local3.*,local4.*,local5.*,local6.*,local7.*") then set $.logfile = "messages";
-    if prifilt("kern.*") then set $.logfile = "kernel";
-    if prifilt("mail.*") then set $.logfile = "mail";
-# For next release of rsyslog:
-#    if prifilt("auth.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "auth");
-#    if prifilt("cron.*,daemon.*,ftp.*,lpr.*,news.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*,local3.*,local4.*,local5.*,local6.*,local7.*") then set $!logfiles = append_json($!logfiles, "messages");
-#    if prifilt("kern.*") then set $!logfiles = append_json($!logfiles, "kernel");
-#    if prifilt("mail.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "mail");
-#    if prifilt("*.err,*.crit') then set $!logfiles = append_json($!logfiles, "ERROR");
-#    if prifilt("*.alert,*.emerg') then set $!logfiles = append_json($!logfiles, "EMERG");
-#    if prifilt("*.debug") then set $!logfiles = append_json($!logfiles, "DEBUG");
-  } else {
-    if prifilt("auth.*,authpriv.*") then set $.logfile = "auth";
-    if prifilt("cron.*") then set $.logfile = "crond";
-    if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $.logfile = "messages";
-    if prifilt("ftp.*") then set $.logfile = "ftpd";
-    if prifilt("kern.*") then set $.logfile = "kernel";
-    if prifilt("lpr.*") then set $.logfile = "dehydrated";
-    if prifilt("mail.*") then set $.logfile = "smtpd";
-    if prifilt("news.*") then set $.logfile = "kerberos";
-    if prifilt("local3.*") then set $.logfile = "named";
-    if prifilt("local4.*") then set $.logfile = "samba/samba";
-    if prifilt("local5.*") then set $.logfile = "rsyncd";
-    if prifilt("local6.*") then set $.logfile = "php";
-    if prifilt("local7.*") then set $.logfile = "httpd";
-# For next release of rsyslog:
-#    set $.ret = parse_json('[]', "\$!logfiles");
-#    if prifilt("auth.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "auth");
-#    if prifilt("cron.*") then set $!logfiles = append_json($!logfiles, "crond");
-#    if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $!logfiles = append_json($!logfiles, "messages");
-#    if prifilt("ftp.*") then set $!logfiles = append_json($!logfiles, "ftpd");
-#    if prifilt("kern.*") then set $!logfiles = append_json($!logfiles, "kernel");
-#    if prifilt("lpr.*") then set $!logfiles = append_json($!logfiles, "dehydrated");
-#    if prifilt("mail.*") then set $!logfiles = append_json($!logfiles, "smtpd");
-#    if prifilt("news.*") then set $!logfiles = append_json($!logfiles, "kerberos");
-#    if prifilt("local3.*") then set $!logfiles = append_json($!logfiles, "named");
-#    if prifilt("local4.*") then set $!logfiles = append_json($!logfiles, "samba/samba");
-#    if prifilt("local5.*") then set $!logfiles = append_json($!logfiles, "rsyncd");
-#    if prifilt("local6.*") then set $!logfiles = append_json($!logfiles, "php");
-#    if prifilt("local7.*") then set $!logfiles = append_json($!logfiles, "httpd");
-#    if prifilt("*.err,*.crit') then set $!logfiles = append_json($!logfiles, "ERROR");
-#    if prifilt("*.alert,*.emerg') then set $!logfiles = append_json($!logfiles, "EMERG");
-#    if prifilt("*.debug") then set $!logfiles = append_json($!logfiles, "DEBUG");
-  }
-
-  # Write the logs.
-#  foreach ($.logfile in $!logfiles) do {
-    action(type="omfile" dynaFile="centralFile" template="centralLogLine" asyncWriting="on" flushInterval="5" ioBufferSize="64k" createDirs="on")
-#  }
-}
-
 # Inputs.
-input(type="imuxsock" socket="/dev/log" usePIDFromSystem="on" ruleset="localSyslog")
-input(type="imudp" port="25414" ruleset="remoteSyslog")
-input(type="imtcp" port="25414" ruleset="remoteSyslog")
+input(type="imudp" port="25414" ruleset="syslog")
+input(type="imudp" port="25415" ruleset="httplog")
+input(type="imtcp" port="25414" ruleset="syslog")
+
+
+# Rulesets.
+ruleset(name="syslog") {
+  set $.host = tolower(field($hostname, ".", 1));
+  set $.domain = tolower(re_extract($hostname, '[^.]+\\.(.*)', 0, 1, "unknown_domain"));
+  if ($app-name != "") then {
+    set $.proc = $app-name;
+    if ($procid != "" and $procid != "-") then {
+      set $.proc = '[' & $procid & ']';
+    }
+  } else {
+    set $.proc = '-';
+  }
+  if ($msgid != "") then {
+    set $.id = $msgid;
+  } else {
+    set $.id = '-';
+  }
+
+  template(name="LogLineSingleHost" type="string" string="%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+  template(name="LogLineAllHosts" type="string" string="%timereported:::date-utc,date-rfc3339% %hostname% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+
+# FIXME: Log each facility to the AllHosts logs.  Compression?
+  if prifilt("auth.*,authpriv.*") then {
+    action(type="omfile" file="/tmp/log/AllHosts/auth" template="LogLineAllHosts" zipLevel="6" asyncWriting="on" flushInterval="5" ioBufferSize="64k" )
+  } else if ... then {
+
+
+
+  template(name="LogFileeSingleHost" type="string" string="/tmp/logs/%$.host%/
+%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+
+
+
+    if prifilt("*.info") then {
+        action(type="omfile" file="/var/log/info.log")
+    }
+}
+
+
+
+
+#template(name="SyslogLineFormat" type="list") {
+#  property(name="timereported" dateFormat="rfc3339" caseConversion="lower")		# Timestamp yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
+#  constant(value=" ")
+#  property(name="hostname")								# Hostname
+#  constant(value=" ")
+#  property(name="syslogfacility")							# Facility
+#  constant(value=".")
+#  property(name="syslogpriority")							# Log priority
+#  constant(value=" ")
+#  property(name="syslogtag")								# Syslog tag
+#  constant(value=": ")
+#  property(name="msg")									# Message content
+#  constant(value="\n")
+#}
+
+
+
+
+#template(name="LogHostFile" type="string" string="/mnt/Data/logs/%HOSTNAME:::escape-cc,secpath-replace%/
+#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
+# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
+
+#template(name="LogAllHostsFile" type="string" string="/mnt/Data/logs/AllHosts/
+#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
+# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
+
+
+
+
+#VMWare: RFC 5424
+
+
+
+# Parser.
+#parser(
+#  name="FIXME"
+#  type="pmnormalize"
+#  rule=[
+#    "rule=:<%pri:number%> %fromhost-ip:ipv4% %hostname:word% %syslogtag:char-to:\\x3a%: %msg:rest%",
+#    "rule=:<%pri:number%> %hostname:word% %fromhost-ip:ipv4% %syslogtag:char-to:\\x3a%: %msg:rest%"
+#  ]
+#)
+
+
+# Rules
+#ruleset(name="outp" parser="custom.pmnormalize") {
+#   action(type="omfile" File="/tmp/output")
+#}
+
+
+# Outputs.
+action(type="omfile" file="/tmp/messages" template="LogLineSingleHost")
+
+
 
 # Include additional configurations.
 include(file="/etc/rsyslog.d/*.conf" mode="optional")
+
+
+
+
+### Examples ####
+
+# Send all logs to remote syslog via UDP.
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#*.* action(
+#	type="omfwd"
+#	target="192.168.0.1"
+#	port="514"
+#	protocol="udp"
+#	queue.filename="fwdRule1"  # unique name prefix for spool files
+#	queue.type="LinkedList"
+#	queue.maxDiskSpace="256m"
+#	queue.saveOnShutdown="on"
+#	action.resumeRetryCount="-1"
+#	action.resumeInterval="30"
+#)
diff --git a/etc/s-nail.rc b/etc/s-nail.rc
deleted file mode 100644
index 812fbba..0000000
--- a/etc/s-nail.rc
+++ /dev/null
@@ -1,107 +0,0 @@
-# Do not move messages from the system mailbox to a local mbox.
-set hold
-
-# Messages will be appended (rather than prepended) to mboxes.
-# This should usually always be set.
-# This has no effect unless 'hold' is unset again.
-set append
-
-# Always ask for a subject when composing a message interactively.
-set ask
-
-# Assume a CRT-like terminal and invoke a pager.
-set crt
-
-# Messages may be terminated by a dot.
-set dot
-
-# Do not remove empty mail folders in the spool directory.
-# This may be relevant for privacy since other users could
-# otherwise create them with different permissions.
-set keep
-
-# Do not remove empty mail folders.
-set emptybox
-
-# Quote the original message in replies by "> " as usual on the Internet.
-set indentprefix="> "
-
-# Automatically quote the text of the message that is responded to.
-set quote
-
-# Outgoing messages are sent in UTF-8 if possible, otherwise LATIN1.
-set sendcharsets=utf-8,iso-8859-1
-
-# Display sender's real names in header summaries.
-set showname
-
-# Display the recipients of messages sent by the user himself in
-# header summaries.
-set showto
-
-# Automatically check for new messages at each prompt, but avoid polling
-# of IMAP servers or maildir folders.
-set newmail=nopoll
-
-# If threaded mode is activated, automatically collapse thread.
-set autocollapse
-
-# Mark messages that have been answered.
-set markanswered
-
-# Hide some header fields which are uninteresting for most human readers.
-ignore received in-reply-to message-id references
-ignore mime-version content-transfer-encoding
-
-# Only include selected header fields when forwarding messages.
-headerpick forward retain subject date from to cc
-
-# Use a directory named 'mail' in the users homedir to hold mailboxes.
-set folder=mail/
-
-# Keep the comment/name part of email addresses when replying.
-set fullnames
-
-# Use 'less' for paged output.
-set PAGER=/usr/bin/less
-
-# When spawning an editor in compose mode, allow editing of headers.
-set editheaders
-
-# Startup into interactive mode even if the (given) mailbox is empty.
-set emptystart
-
-# Add more entries to the history as is done by default.
-# The latter will cause the built-in editor to save those entries, too.
-set history-gabby all history-gabby-persist
-
-# Try to circumvent false or missing MIME Content-Type descriptions.
-# Do set a value for extended behaviour (see the manual).
-#set mime-counter-evidence
-set mime-counter-evidence=0b1111
-
-# Do not move `save'd or `write'n message to $MBOX by default since this is
-# likely to be irritating for most users today.
-set keepsave
-
-# When replying, do not merge From: and To: of the original message
-# into To:.  Instead old From: -> new To:, old To: -> merge Cc:.
-set recipients-in-cc
-
-# Whether a ‘Mail-Followup-To:’ header is honoured when group-replying.
-set followup-to-honour=ask-yes
-
-# Whether a ‘Reply-To:’ header is honoured when replying.
-set reply-to-honour=ask-yes
-
-# When sending a message, wait until the MTA (including the built-in SMTP one)
-# exits before accepting further commands.  Only with this variable set are 
-# errors reported by the MTA recognised!
-set sendwait
-
-# Only include these selected header fields when printing messages.
-retain date sender from to cc subject message-id mail-followup-to reply-to
-
-# Use an SMTP server rather than 'sendmail' to deliver mail.
-# Set to the IP/Name of an SMTP server which will accept mail from this host.
-# set smtp=mail.example.com
diff --git a/etc/shadow.gpg b/etc/shadow.gpg
index 0e43963..271a115 100644
Binary files a/etc/shadow.gpg and b/etc/shadow.gpg differ
diff --git a/etc/shutdown.d/pushover-alert b/etc/shutdown.d/pushover-alert
deleted file mode 100755
index 9878c8b..0000000
--- a/etc/shutdown.d/pushover-alert
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-# Alert that this host is going down.
-[[ -x /opt/sbin/pushover-client ]] && /opt/sbin/pushover-client -p -1 -m "Shut down: ${HOSTNAME%%.*}"
diff --git a/etc/sshguard/.gitignore b/etc/sshguard/.gitignore
deleted file mode 100644
index 94d12f0..0000000
--- a/etc/sshguard/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/blacklist
diff --git a/etc/sshguard/sshguard.conf b/etc/sshguard/sshguard.conf
index 3dd8717..8dedc93 100644
--- a/etc/sshguard/sshguard.conf
+++ b/etc/sshguard/sshguard.conf
@@ -2,10 +2,10 @@
 # sshguard.conf -- SSHGuard configuration
 
 # Full path to backend executable (required, no default)
-BACKEND="/usr/libexec/sshguard/sshg-fw-iptables"
+BACKEND="/usr/libexec/sshg-fw-iptables"
 
 # Space-separated list of log files to monitor. (optional, no default)
-FILES="/var/log/auth"
+FILES="/var/log/core.slackware.uk.net/auth"
 
 # Shell command that provides logs on standard output. (optional, no default)
 # Example 1: ssh and sendmail from systemd journal:
@@ -26,21 +26,21 @@ BLOCK_TIME=86400
 DETECTION_TIME=28800
 
 # Size of IPv6 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 128)
-IPV6_SUBNET=64
+IPV6_SUBNET=128
 
 # Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 32)
-IPV4_SUBNET=24
+IPV4_SUBNET=32
 
 # Full path to PID file (optional, no default)
 PID_FILE=/run/sshguard.pid
 
 # Colon-separated blacklist threshold and full path to blacklist file.
 # (optional, no default)
-BLACKLIST_FILE=10:/etc/sshguard/blacklist
+BLACKLIST_FILE=10:/var/lib/sshguard/blacklist
 
 # IP addresses listed in the WHITELIST_FILE are considered to be
 # friendlies and will never be blocked.
-WHITELIST_FILE=/etc/sshguard/whitelist
+WHITELIST_FILE=/etc/sshguard.whitelist
 
 # If PARSER is unset, SSHGuard will use the installed sshg-parser as its
 # parser. Setting PARSER overrides this, so that you can use your own parser.
diff --git a/opt/sbin/cronjob-rotate-logs-symlinks b/opt/sbin/cronjob-rotate-logs-symlinks
new file mode 100755
index 0000000..49997ea
--- /dev/null
+++ b/opt/sbin/cronjob-rotate-logs-symlinks
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# Default configuration.
+LOGS_DIR="/var/log"
+DIR_MODE="0750"
+UMASK="027"
+
+# This array may be used in the defaults file.
+declare -A CREATE_DIRS
+
+# Allow /etc/default/rotate-logs-symlinks to override default configuration.
+[[ -e /etc/default/rotate-logs-symlinks ]] && {
+  # shellcheck disable=SC1091
+  source /etc/default/rotate-logs-symlinks || {
+    printf "%s: %s\\n" "${0##*/}" "failed reading /etc/default/rotate-logs-symlinks" >&2
+    exit 1
+  }
+}
+
+# Process the directories in the logs directory.
+[[ -d "$LOGS_DIR" ]] && {
+  TODAY="$(printf "%(%Y/%m/%d)T")"
+
+  umask "$UMASK"
+
+  # Process all the directories in the logs directory.
+  for DIR in "$LOGS_DIR"/*/; do
+    cd "$DIR" 2>/dev/null || {
+      printf "%s: %s\\n" "${0##*/}" "failed to change directory to '$DIR'" >&2
+      continue
+    }
+
+    # Create a new logs directory for today.
+    # shellcheck disable=SC2174
+    mkdir -p -m "$DIR_MODE" "$TODAY" 2>/dev/null || {
+      printf "%s: %s\\n" "${0##*/}" "failed to create directory '$DIR/$TODAY'" >&2
+      continue
+    }
+
+    # If configured to do so for this directory, create sub directories.
+    for CREATE_DIR in ${CREATE_DIRS[$(printf "$DIR" | awk -F / -e '{print $4}')]}; do
+      mkdir -p -m "$DIR_MODE" "$TODAY/$CREATE_DIR" 2>/dev/null || {
+        printf "%s: %s\\n" "${0##*/}" "failed to create directory '$DIR/$TODAY/$CREATE_DIR'" >&2
+        continue
+      }
+    done
+
+    # Create a 'today' symlink to the new days' directory.
+    ( cd "$DIR" 2>/dev/null && ln -sfn "$TODAY" "today" 2>/dev/null ) || {
+      printf "%s: %s\\n" "${0##*/}" "updating 'today' symlink failed" >&2
+      continue
+    }
+  done
+}
+
+exit 0
diff --git a/opt/sbin/cronjob-rotate-logs-today-symlink b/opt/sbin/cronjob-rotate-logs-today-symlink
deleted file mode 100755
index cc0cfa2..0000000
--- a/opt/sbin/cronjob-rotate-logs-today-symlink
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/bash
-
-# Default configuration.
-LOGS_DIR="/data/logs"
-
-# Process the directories in the $LOGS_DIR directory.
-[[ -d "$LOGS_DIR" ]] && {
-  TODAY="$(printf "%(%Y/%m/%d)T")"
-
-  for DIR in "$LOGS_DIR"/*/; do
-    cd "$DIR" 2>/dev/null || {
-      printf "%s: %s\\n" "${0##*/}" "failed to change directory to '$DIR'" >&2
-      continue
-    }
-
-    # Create the 'today' symlink to the new location..
-    ln -sfn "$TODAY" "today" 2>/dev/null || {
-      printf "%s: %s\\n" "${0##*/}" "updating 'today' symlink failed in '$DIR'" >&2
-      continue
-    }
-  done
-}
-
-exit 0
diff --git a/opt/sbin/cronjob-update-packages-list b/opt/sbin/cronjob-update-packages-list
index 7c74c26..824965d 100755
--- a/opt/sbin/cronjob-update-packages-list
+++ b/opt/sbin/cronjob-update-packages-list
@@ -14,7 +14,7 @@ case "$ID" in
   'alpine')
     apk list -I | cut -d' ' -f1 | rev | cut -d- -f3- | rev >/etc/pkglist
     ;;
-  'debian'|'devuan'|'ubuntu')
+  'debian'|'ubuntu')
     dpkg-query --show --showformat='${Package}\n' >/etc/pkglist
     ;;
   'slackware')
diff --git a/opt/sbin/dehydrated b/opt/sbin/dehydrated
new file mode 100755
index 0000000..28c4711
--- /dev/null
+++ b/opt/sbin/dehydrated
@@ -0,0 +1,2539 @@
+#!/usr/bin/env bash
+
+# dehydrated by lukas2511
+# Source: https://dehydrated.io
+#
+# This script is licensed under The MIT License (see LICENSE for more information).
+
+set -e
+set -u
+set -o pipefail
+[[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
+[[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
+
+umask 077 # paranoid umask, we're creating private keys
+
+# Close weird external file descriptors
+exec 3>&-
+exec 4>&-
+
+VERSION="0.7.3"
+
+# Find directory in which this script is stored by traversing all symbolic links
+SOURCE="${0}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+BASEDIR="${SCRIPTDIR}"
+ORIGARGS=("${@}")
+
+noglob_set() {
+  if [[ -n "${ZSH_VERSION:-}" ]]; then
+    set +o noglob
+  else
+    set +f
+  fi
+}
+
+noglob_clear() {
+  if [[ -n "${ZSH_VERSION:-}" ]]; then
+    set -o noglob
+  else
+    set -f
+  fi
+}
+
+# Generate json.sh path matching string
+json_path() {
+	if [ ! "${1}" = "-p" ]; then
+		printf '"%s"' "${1}"
+	else
+		printf '%s' "${2}"
+	fi
+}
+
+# Get string value from json dictionary
+get_json_string_value() {
+  local filter
+  filter="$(printf 's/.*\[%s\][[:space:]]*"\([^"]*\)"/\\1/p' "$(json_path "${1:-}" "${2:-}")")"
+  sed -n "${filter}"
+}
+
+# Get array values from json dictionary
+get_json_array_values() {
+  grep -E '^\['"$(json_path "${1:-}" "${2:-}")"',[0-9]*\]' | sed -e 's/\[[^\]*\][[:space:]]*//g' -e 's/^"//' -e 's/"$//'
+}
+
+# Get sub-dictionary from json
+get_json_dict_value() {
+  local filter
+  filter="$(printf 's/.*\[%s\][[:space:]]*\(.*\)/\\1/p' "$(json_path "${1:-}" "${2:-}")")"
+  sed -n "${filter}" | jsonsh
+}
+
+# Get integer value from json
+get_json_int_value() {
+  local filter
+  filter="$(printf 's/.*\[%s\][[:space:]]*\([^"]*\)/\\1/p' "$(json_path "${1:-}" "${2:-}")")"
+  sed -n "${filter}"
+}
+
+# Get boolean value from json
+get_json_bool_value() {
+  local filter
+  filter="$(printf 's/.*\[%s\][[:space:]]*\([^"]*\)/\\1/p' "$(json_path "${1:-}" "${2:-}")")"
+  sed -n "${filter}"
+}
+
+# JSON.sh JSON-parser
+# Modified from https://github.com/dominictarr/JSON.sh
+# Original Copyright (c) 2011 Dominic Tarr
+# Licensed under The MIT License
+jsonsh() {
+
+  throw() {
+    echo "$*" >&2
+    exit 1
+  }
+
+  awk_egrep () {
+    local pattern_string=$1
+
+    awk '{
+      while ($0) {
+        start=match($0, pattern);
+        token=substr($0, start, RLENGTH);
+        print token;
+        $0=substr($0, start+RLENGTH);
+      }
+    }' pattern="$pattern_string"
+  }
+
+  tokenize () {
+    local GREP
+    local ESCAPE
+    local CHAR
+
+    if echo "test string" | grep -Eao --color=never "test" >/dev/null 2>&1
+    then
+      GREP='grep -Eao --color=never'
+    else
+      GREP='grep -Eao'
+    fi
+
+    # shellcheck disable=SC2196
+    if echo "test string" | grep -Eao "test" >/dev/null 2>&1
+    then
+      ESCAPE='(\\[^u[:cntrl:]]|\\u[0-9a-fA-F]{4})'
+      CHAR='[^[:cntrl:]"\\]'
+    else
+      GREP=awk_egrep
+      ESCAPE='(\\\\[^u[:cntrl:]]|\\u[0-9a-fA-F]{4})'
+      CHAR='[^[:cntrl:]"\\\\]'
+    fi
+
+    local STRING="\"$CHAR*($ESCAPE$CHAR*)*\""
+    local NUMBER='-?(0|[1-9][0-9]*)([.][0-9]*)?([eE][+-]?[0-9]*)?'
+    local KEYWORD='null|false|true'
+    local SPACE='[[:space:]]+'
+
+    # Force zsh to expand $A into multiple words
+    local is_wordsplit_disabled
+    is_wordsplit_disabled="$(unsetopt 2>/dev/null | grep -c '^shwordsplit$' || true)"
+    if [ "${is_wordsplit_disabled}" != "0" ]; then setopt shwordsplit; fi
+    $GREP "$STRING|$NUMBER|$KEYWORD|$SPACE|." | grep -Ev "^$SPACE$"
+    if [ "${is_wordsplit_disabled}" != "0" ]; then unsetopt shwordsplit; fi
+  }
+
+  parse_array () {
+    local index=0
+    local ary=''
+    read -r token
+    case "$token" in
+      ']') ;;
+      *)
+        while :
+        do
+          parse_value "$1" "$index"
+          index=$((index+1))
+          ary="$ary""$value"
+          read -r token
+          case "$token" in
+            ']') break ;;
+            ',') ary="$ary," ;;
+            *) throw "EXPECTED , or ] GOT ${token:-EOF}" ;;
+          esac
+          read -r token
+        done
+        ;;
+    esac
+    value=$(printf '[%s]' "$ary") || value=
+    :
+  }
+
+  parse_object () {
+    local key
+    local obj=''
+    read -r token
+    case "$token" in
+      '}') ;;
+      *)
+        while :
+        do
+          case "$token" in
+            '"'*'"') key=$token ;;
+            *) throw "EXPECTED string GOT ${token:-EOF}" ;;
+          esac
+          read -r token
+          case "$token" in
+            ':') ;;
+            *) throw "EXPECTED : GOT ${token:-EOF}" ;;
+          esac
+          read -r token
+          parse_value "$1" "$key"
+          obj="$obj$key:$value"
+          read -r token
+          case "$token" in
+            '}') break ;;
+            ',') obj="$obj," ;;
+            *) throw "EXPECTED , or } GOT ${token:-EOF}" ;;
+          esac
+          read -r token
+        done
+      ;;
+    esac
+    value=$(printf '{%s}' "$obj") || value=
+    :
+  }
+
+  parse_value () {
+    local jpath="${1:+$1,}${2:-}"
+    case "$token" in
+      '{') parse_object "$jpath" ;;
+      '[') parse_array  "$jpath" ;;
+      # At this point, the only valid single-character tokens are digits.
+      ''|[!0-9]) throw "EXPECTED value GOT ${token:-EOF}" ;;
+      *) value="${token//\\\///}"
+         # replace solidus ("\/") in json strings with normalized value: "/"
+         ;;
+    esac
+    [ "$value" = '' ] && return
+    [ -z "$jpath" ] && return # do not print head
+
+    printf "[%s]\t%s\n" "$jpath" "$value"
+    :
+  }
+
+  parse () {
+    read -r token
+    parse_value
+    read -r token || true
+    case "$token" in
+      '') ;;
+      *) throw "EXPECTED EOF GOT $token" ;;
+    esac
+  }
+
+  tokenize | parse
+}
+
+# Convert IP addresses to their reverse dns variants.
+# Used for ALPN certs as validation for IPs uses this in SNI since IPs aren't allowed there.
+ip_to_ptr() {
+  ip="$(cat)"
+  if [[ "${ip}" =~ : ]]; then
+    printf "%sip6.arpa" "$(printf "%s" "${ip}" | awk -F: 'BEGIN {OFS=""; }{addCount = 9 - NF; for(i=1; i<=NF;i++){if(length($i) == 0){ for(j=1;j<=addCount;j++){$i = ($i "0000");} } else { $i = substr(("0000" $i), length($i)+5-4);}}; print}' | rev | sed -e "s/./&./g")"
+  else
+    printf "%s.in-addr.arpa" "$(printf "%s" "${ip}" | awk -F. '{print $4"."$3"." $2"."$1}')"
+  fi
+}
+
+# Create (identifiable) temporary files
+_mktemp() {
+  mktemp "${TMPDIR:-/tmp}/dehydrated-XXXXXX"
+}
+
+# Check for script dependencies
+check_dependencies() {
+  # look for required binaries
+  for binary in grep mktemp diff sed awk curl cut head tail hexdump; do
+    bin_path="$(command -v "${binary}" 2>/dev/null)" || _exiterr "This script requires ${binary}."
+    [[ -x "${bin_path}" ]] || _exiterr "${binary} found in PATH but it's not executable"
+  done
+
+  # just execute some dummy and/or version commands to see if required tools are actually usable
+  "${OPENSSL}" version > /dev/null 2>&1 || _exiterr "This script requires an openssl binary."
+  _sed "" < /dev/null > /dev/null 2>&1 || _exiterr "This script requires sed with support for extended (modern) regular expressions."
+
+  # curl returns with an error code in some ancient versions so we have to catch that
+  set +e
+  CURL_VERSION="$(curl -V 2>&1 | head -n1 | awk '{print $2}')"
+  set -e
+}
+
+store_configvars() {
+  __KEY_ALGO="${KEY_ALGO}"
+  __OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}"
+  __OCSP_FETCH="${OCSP_FETCH}"
+  __OCSP_DAYS="${OCSP_DAYS}"
+  __PRIVATE_KEY_RENEW="${PRIVATE_KEY_RENEW}"
+  __PRIVATE_KEY_ROLLOVER="${PRIVATE_KEY_ROLLOVER}"
+  __KEYSIZE="${KEYSIZE}"
+  __CHALLENGETYPE="${CHALLENGETYPE}"
+  __HOOK="${HOOK}"
+  __PREFERRED_CHAIN="${PREFERRED_CHAIN}"
+  __WELLKNOWN="${WELLKNOWN}"
+  __HOOK_CHAIN="${HOOK_CHAIN}"
+  __OPENSSL_CNF="${OPENSSL_CNF}"
+  __RENEW_DAYS="${RENEW_DAYS}"
+  __IP_VERSION="${IP_VERSION}"
+  __ACME_PROFILE="${ACME_PROFILE}"
+  __ORDER_TIMEOUT=${ORDER_TIMEOUT}
+  __VALIDATION_TIMEOUT=${VALIDATION_TIMEOUT}
+  __KEEP_GOING=${KEEP_GOING}
+}
+
+reset_configvars() {
+  KEY_ALGO="${__KEY_ALGO}"
+  OCSP_MUST_STAPLE="${__OCSP_MUST_STAPLE}"
+  OCSP_FETCH="${__OCSP_FETCH}"
+  OCSP_DAYS="${__OCSP_DAYS}"
+  PRIVATE_KEY_RENEW="${__PRIVATE_KEY_RENEW}"
+  PRIVATE_KEY_ROLLOVER="${__PRIVATE_KEY_ROLLOVER}"
+  KEYSIZE="${__KEYSIZE}"
+  CHALLENGETYPE="${__CHALLENGETYPE}"
+  HOOK="${__HOOK}"
+  PREFERRED_CHAIN="${__PREFERRED_CHAIN}"
+  WELLKNOWN="${__WELLKNOWN}"
+  HOOK_CHAIN="${__HOOK_CHAIN}"
+  OPENSSL_CNF="${__OPENSSL_CNF}"
+  RENEW_DAYS="${__RENEW_DAYS}"
+  IP_VERSION="${__IP_VERSION}"
+  ACME_PROFILE="${__ACME_PROFILE}"
+  ORDER_TIMEOUT=${__ORDER_TIMEOUT}
+  VALIDATION_TIMEOUT=${__VALIDATION_TIMEOUT}
+  KEEP_GOING="${__KEEP_GOING}"
+}
+
+hookscript_bricker_hook() {
+  # Hook scripts should ignore any hooks they don't know.
+  # Calling a random hook to make this clear to the hook script authors...
+  if [[ -n "${HOOK}" ]]; then
+    "${HOOK}" "this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script" || _exiterr "Please check your hook script, it should exit cleanly without doing anything on unknown/new hooks."
+  fi
+}
+
+# verify configuration values
+verify_config() {
+  [[ "${CHALLENGETYPE}" == "http-01" || "${CHALLENGETYPE}" == "dns-01" || "${CHALLENGETYPE}" == "tls-alpn-01" ]] || _exiterr "Unknown challenge type ${CHALLENGETYPE}... cannot continue."
+  if [[ "${COMMAND:-}" =~ sign_domains|sign_csr ]]; then
+    if [[ "${CHALLENGETYPE}" = "dns-01" ]] && [[ -z "${HOOK}" ]]; then
+      _exiterr "Challenge type dns-01 needs a hook script for deployment... cannot continue."
+    fi
+    if [[ "${CHALLENGETYPE}" = "http-01" ]] && [[ ! -d "${WELLKNOWN}" ]]; then
+      _exiterr "WELLKNOWN directory doesn't exist, please create ${WELLKNOWN} and set appropriate permissions."
+    fi
+  fi
+  [[ "${KEY_ALGO}" == "rsa" || "${KEY_ALGO}" == "prime256v1" || "${KEY_ALGO}" == "secp384r1" || "${KEY_ALGO}" == "secp521r1" ]] || _exiterr "Unknown public key algorithm ${KEY_ALGO}... cannot continue."
+  if [[ -n "${IP_VERSION}" ]]; then
+    [[ "${IP_VERSION}" = "4" || "${IP_VERSION}" = "6" ]] || _exiterr "Unknown IP version ${IP_VERSION}... cannot continue."
+  fi
+  [[ "${API}" == "auto" || "${API}" == "1" || "${API}" == "2" ]] || _exiterr "Unsupported API version defined in config: ${API}"
+  [[ "${OCSP_DAYS}" =~ ^[0-9]+$ ]] || _exiterr "OCSP_DAYS must be a number"
+  [[ "${ORDER_TIMEOUT}" =~ ^[0-9]+$ ]] || _exiterr "ORDER_TIMEOUT must be a number"
+  [[ "${VALIDATION_TIMEOUT}" =~ ^[0-9]+$ ]] || _exiterr "VALIDATION_TIMEOUT must be a number"
+}
+
+# Setup default config values, search for and load configuration files
+load_config() {
+  # Check for config in various locations
+  if [[ -z "${CONFIG:-}" ]]; then
+    for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do
+      if [[ -f "${check_config}/config" ]]; then
+        BASEDIR="${check_config}"
+        CONFIG="${check_config}/config"
+        break
+      fi
+    done
+  fi
+
+  # Preset
+  CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
+  CA_LETSENCRYPT="https://acme-v02.api.letsencrypt.org/directory"
+  CA_LETSENCRYPT_TEST="https://acme-staging-v02.api.letsencrypt.org/directory"
+  CA_BUYPASS="https://api.buypass.com/acme/directory"
+  CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
+  CA_GOOGLE="https://dv.acme-v02.api.pki.goog/directory"
+  CA_GOOGLE_TEST="https://dv.acme-v02.test-api.pki.goog/directory"
+
+  # Default values
+  CA="letsencrypt"
+  OLDCA=
+  CERTDIR=
+  ALPNCERTDIR=
+  ACCOUNTDIR=
+  ACCOUNT_KEYSIZE="4096"
+  ACCOUNT_KEY_ALGO=rsa
+  CHALLENGETYPE="http-01"
+  CONFIG_D=
+  CURL_OPTS=
+  DOMAINS_D=
+  DOMAINS_TXT=
+  HOOK=
+  PREFERRED_CHAIN=
+  HOOK_CHAIN="no"
+  RENEW_DAYS="32"
+  KEYSIZE="4096"
+  WELLKNOWN=
+  PRIVATE_KEY_RENEW="yes"
+  PRIVATE_KEY_ROLLOVER="no"
+  KEY_ALGO=secp384r1
+  OPENSSL=openssl
+  OPENSSL_CNF=
+  CONTACT_EMAIL=
+  LOCKFILE=
+  OCSP_MUST_STAPLE="no"
+  OCSP_FETCH="no"
+  OCSP_DAYS=5
+  IP_VERSION=
+  CHAINCACHE=
+  AUTO_CLEANUP="no"
+  AUTO_CLEANUP_DELETE="no"
+  DEHYDRATED_USER=
+  DEHYDRATED_GROUP=
+  API="auto"
+  ACME_PROFILE=""
+  ORDER_TIMEOUT=0
+  VALIDATION_TIMEOUT=0
+  KEEP_GOING="no"
+
+  if [[ -z "${CONFIG:-}" ]]; then
+    echo "#" >&2
+    echo "# !! WARNING !! No main config file found, using default config!" >&2
+    echo "#" >&2
+  elif [[ -f "${CONFIG}" ]]; then
+    echo "# INFO: Using main config file ${CONFIG}"
+    BASEDIR="$(dirname "${CONFIG}")"
+    # shellcheck disable=SC1090
+    . "${CONFIG}"
+  else
+    _exiterr "Specified config file doesn't exist."
+  fi
+
+  if [[ -n "${CONFIG_D}" ]]; then
+    if [[ ! -d "${CONFIG_D}" ]]; then
+      _exiterr "The path ${CONFIG_D} specified for CONFIG_D does not point to a directory."
+    fi
+
+    # Allow globbing
+    noglob_set
+
+    for check_config_d in "${CONFIG_D}"/*.sh; do
+      if [[ -f "${check_config_d}" ]] && [[ -r "${check_config_d}" ]]; then
+        echo "# INFO: Using additional config file ${check_config_d}"
+        # shellcheck disable=SC1090
+        . "${check_config_d}"
+      else
+        _exiterr "Specified additional config ${check_config_d} is not readable or not a file at all."
+      fi
+    done
+
+    # Disable globbing
+    noglob_clear
+  fi
+
+  # Check for missing dependencies
+  check_dependencies
+
+  has_sudo() {
+    command -v sudo > /dev/null 2>&1 || _exiterr "DEHYDRATED_USER set but sudo not available. Please install sudo."
+  }
+
+  # Check if we are running & are allowed to run as root
+  if [[ -n "$DEHYDRATED_USER" ]]; then
+    command -v getent > /dev/null 2>&1 || _exiterr "DEHYDRATED_USER set but getent not available. Please install getent."
+
+    TARGET_UID="$(getent passwd "${DEHYDRATED_USER}" | cut -d':' -f3)" || _exiterr "DEHYDRATED_USER ${DEHYDRATED_USER} is invalid"
+    if [[ -z "${DEHYDRATED_GROUP}" ]]; then
+      if [[ "${EUID}" != "${TARGET_UID}" ]]; then
+        echo "# INFO: Running $0 as ${DEHYDRATED_USER}"
+        has_sudo && exec sudo -u "${DEHYDRATED_USER}" "${0}" "${ORIGARGS[@]}"
+      fi
+    else
+      TARGET_GID="$(getent group "${DEHYDRATED_GROUP}" | cut -d':' -f3)" || _exiterr "DEHYDRATED_GROUP ${DEHYDRATED_GROUP} is invalid"
+      if [[ -z "${EGID:-}" ]]; then
+        command -v id > /dev/null 2>&1 || _exiterr "DEHYDRATED_GROUP set, don't know current gid and 'id' not available... Please provide 'id' binary."
+        EGID="$(id -g)"
+      fi
+      if [[ "${EUID}" != "${TARGET_UID}" ]] || [[ "${EGID}" != "${TARGET_GID}" ]]; then
+        echo "# INFO: Running $0 as ${DEHYDRATED_USER}/${DEHYDRATED_GROUP}"
+        has_sudo && exec sudo -u "${DEHYDRATED_USER}" -g "${DEHYDRATED_GROUP}" "${0}" "${ORIGARGS[@]}"
+      fi
+    fi
+  elif [[ -n "${DEHYDRATED_GROUP}" ]]; then
+    _exiterr "DEHYDRATED_GROUP can only be used in combination with DEHYDRATED_USER."
+  fi
+
+  # Remove slash from end of BASEDIR. Mostly for cleaner outputs, doesn't change functionality.
+  [[ "$BASEDIR" != "/" ]] && BASEDIR="${BASEDIR%%/}"
+
+  # Check BASEDIR and set default variables
+  [[ -d "${BASEDIR}" ]] || _exiterr "BASEDIR does not exist: ${BASEDIR}"
+
+  # Check for ca cli parameter
+  if [ -n "${PARAM_CA:-}" ]; then
+    CA="${PARAM_CA}"
+  fi
+
+  # Preset CAs
+  if [ "${CA}" = "letsencrypt" ]; then
+    CA="${CA_LETSENCRYPT}"
+  elif [ "${CA}" = "letsencrypt-test" ]; then
+    CA="${CA_LETSENCRYPT_TEST}"
+  elif [ "${CA}" = "zerossl" ]; then
+    CA="${CA_ZEROSSL}"
+  elif [ "${CA}" = "buypass" ]; then
+    CA="${CA_BUYPASS}"
+  elif [ "${CA}" = "buypass-test" ]; then
+    CA="${CA_BUYPASS_TEST}"
+  elif [ "${CA}" = "google" ]; then
+    CA="${CA_GOOGLE}"
+  elif [ "${CA}" = "google-test" ]; then
+    CA="${CA_GOOGLE_TEST}"
+  fi
+
+  if [[ -z "${OLDCA}" ]] && [[ "${CA}" = "https://acme-v02.api.letsencrypt.org/directory" ]]; then
+    OLDCA="https://acme-v01.api.letsencrypt.org/directory"
+  fi
+
+  # Create new account directory or symlink to account directory from old CA
+  # dev note: keep in mind that because of the use of 'echo' instead of 'printf' or
+  # similar there is a newline encoded in the directory name. not going to fix this
+  # since it's a non-issue and trying to fix existing installations would be too much
+  # trouble
+  CAHASH="$(echo "${CA}" | urlbase64)"
+  [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts"
+  if [[ ! -e "${ACCOUNTDIR}/${CAHASH}" ]]; then
+    OLDCAHASH="$(echo "${OLDCA}" | urlbase64)"
+    mkdir -p "${ACCOUNTDIR}"
+    if [[ -n "${OLDCA}" ]] && [[ -e "${ACCOUNTDIR}/${OLDCAHASH}" ]]; then
+      echo "! Reusing account from ${OLDCA}"
+      ln -s "${OLDCAHASH}" "${ACCOUNTDIR}/${CAHASH}"
+    else
+      mkdir "${ACCOUNTDIR}/${CAHASH}"
+    fi
+  fi
+
+  # shellcheck disable=SC1090
+  [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config"
+  ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem"
+  ACCOUNT_KEY_JSON="${ACCOUNTDIR}/${CAHASH}/registration_info.json"
+  ACCOUNT_ID_JSON="${ACCOUNTDIR}/${CAHASH}/account_id.json"
+  ACCOUNT_DEACTIVATED="${ACCOUNTDIR}/${CAHASH}/deactivated"
+
+  if [[ -f "${ACCOUNT_DEACTIVATED}" ]]; then
+    _exiterr "Account has been deactivated. Remove account and create a new one using --register."
+  fi
+
+  if [[ -f "${BASEDIR}/private_key.pem" ]] && [[ ! -f "${ACCOUNT_KEY}" ]]; then
+    echo "! Moving private_key.pem to ${ACCOUNT_KEY}"
+    mv "${BASEDIR}/private_key.pem" "${ACCOUNT_KEY}"
+  fi
+  if [[ -f "${BASEDIR}/private_key.json" ]] && [[ ! -f "${ACCOUNT_KEY_JSON}" ]]; then
+    echo "! Moving private_key.json to ${ACCOUNT_KEY_JSON}"
+    mv "${BASEDIR}/private_key.json" "${ACCOUNT_KEY_JSON}"
+  fi
+
+  [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
+  [[ -z "${ALPNCERTDIR}" ]] && ALPNCERTDIR="${BASEDIR}/alpn-certs"
+  [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains"
+  [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
+  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
+  [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
+  [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf"
+  [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}"
+  [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE=""
+
+  [[ -n "${PARAM_HOOK:-}" ]] && HOOK="${PARAM_HOOK}"
+  [[ -n "${PARAM_DOMAINS_TXT:-}" ]] && DOMAINS_TXT="${PARAM_DOMAINS_TXT}"
+  [[ -n "${PARAM_PREFERRED_CHAIN:-}" ]] && PREFERRED_CHAIN="${PARAM_PREFERRED_CHAIN}"
+  [[ -n "${PARAM_CERTDIR:-}" ]] && CERTDIR="${PARAM_CERTDIR}"
+  [[ -n "${PARAM_ALPNCERTDIR:-}" ]] && ALPNCERTDIR="${PARAM_ALPNCERTDIR}"
+  [[ -n "${PARAM_CHALLENGETYPE:-}" ]] && CHALLENGETYPE="${PARAM_CHALLENGETYPE}"
+  [[ -n "${PARAM_KEY_ALGO:-}" ]] && KEY_ALGO="${PARAM_KEY_ALGO}"
+  [[ -n "${PARAM_OCSP_MUST_STAPLE:-}" ]] && OCSP_MUST_STAPLE="${PARAM_OCSP_MUST_STAPLE}"
+  [[ -n "${PARAM_IP_VERSION:-}" ]] && IP_VERSION="${PARAM_IP_VERSION}"
+  [[ -n "${PARAM_ACME_PROFILE:-}" ]] && ACME_PROFILE="${PARAM_ACME_PROFILE}"
+  [[ -n "${PARAM_ORDER_TIMEOUT:-}" ]] && ORDER_TIMEOUT="${PARAM_ORDER_TIMEOUT}"
+  [[ -n "${PARAM_VALIDATION_TIMEOUT:-}" ]] && VALIDATION_TIMEOUT="${PARAM_VALIDATION_TIMEOUT}"
+  [[ -n "${PARAM_KEEP_GOING:-}" ]] && KEEP_GOING="${PARAM_KEEP_GOING}"
+
+  if [ "${PARAM_FORCE_VALIDATION:-no}" = "yes" ] && [ "${PARAM_FORCE:-no}" = "no" ]; then
+    _exiterr "Argument --force-validation can only be used in combination with --force (-x)"
+  fi
+
+  if [ ! "${1:-}" = "noverify" ]; then
+    verify_config
+  fi
+  store_configvars
+}
+
+# Initialize system
+init_system() {
+  load_config
+
+  # Lockfile handling (prevents concurrent access)
+  if [[ -n "${LOCKFILE}" ]]; then
+    LOCKDIR="$(dirname "${LOCKFILE}")"
+    [[ -w "${LOCKDIR}" ]] || _exiterr "Directory ${LOCKDIR} for LOCKFILE ${LOCKFILE} is not writable, aborting."
+    ( set -C; date > "${LOCKFILE}" ) 2>/dev/null || _exiterr "Lock file '${LOCKFILE}' present, aborting."
+    remove_lock() { rm -f "${LOCKFILE}"; }
+    trap 'remove_lock' EXIT
+  fi
+
+  # Get CA URLs
+  CA_DIRECTORY="$(http_request get "${CA}" | jsonsh)"
+
+  # Automatic discovery of API version
+  if [[ "${API}" = "auto" ]]; then
+    grep -q newOrder <<< "${CA_DIRECTORY}" && API=2 || API=1
+  fi
+
+  # shellcheck disable=SC2015
+  if [[ "${API}" = "1" ]]; then
+    CA_NEW_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-cert)" &&
+    CA_NEW_AUTHZ="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-authz)" &&
+    CA_NEW_REG="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-reg)" &&
+    CA_TERMS="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value terms-of-service)" &&
+    CA_REQUIRES_EAB="false" &&
+    CA_REVOKE_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value revoke-cert)" ||
+    _exiterr "Problem retrieving ACME/CA-URLs, check if your configured CA points to the directory entrypoint."
+    # Since reg URI is missing from directory we will assume it is the same as CA_NEW_REG without the new part
+    CA_REG=${CA_NEW_REG/new-reg/reg}
+
+    if [[ -n "${ACME_PROFILE}" ]]; then
+      _exiterr "ACME profiles are not supported in ACME v1."
+    fi
+  else
+    CA_NEW_ORDER="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value newOrder)" &&
+    CA_NEW_NONCE="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value newNonce)" &&
+    CA_NEW_ACCOUNT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value newAccount)" &&
+    CA_TERMS="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value -p '"meta","termsOfService"')" &&
+    CA_REQUIRES_EAB="$(printf "%s" "${CA_DIRECTORY}" | get_json_bool_value -p '"meta","externalAccountRequired"' || echo false)" &&
+    CA_REVOKE_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value revokeCert)" ||
+    _exiterr "Problem retrieving ACME/CA-URLs, check if your configured CA points to the directory entrypoint."
+
+    # Checking ACME profile
+    if [[ -n "${ACME_PROFILE}" ]]; then
+      # Extract available profiles from CA directory
+      declare -A available_profiles=()
+      while IFS=$'\t' read -r path value; do
+        if [[ "${value}" =~ ^\"([^\"]+)\"$ ]]; then
+          value=${BASH_REMATCH[1]}
+        fi
+        if [[ "${path}" =~ ^\[\"([^\"]+)\"\]$ ]]; then
+          available_profiles[${BASH_REMATCH[1]}]=$value
+        fi
+      done <<< "$(printf "%s" "${CA_DIRECTORY}" | get_json_dict_value -p '"meta","profiles"' 2>/dev/null)"
+      if [[ ${#available_profiles[@]} -eq 0 ]]; then
+          _exiterr "ACME profile not supported by this CA"
+      fi
+
+      # Check if the requested profile is available
+      found_profile="no"
+      for profile in "${!available_profiles[@]}"; do
+        if [[ "${profile}" == "${ACME_PROFILE}" ]]; then
+          found_profile="yes"
+          break
+        fi
+      done
+      if [[ "${found_profile}" == "no" ]]; then
+        _exiterr "ACME profile '${ACME_PROFILE}' not found, available profiles:$(for key in "${!available_profiles[@]}"; do printf "\n  %s: %s" "${key}" "${available_profiles[$key]}"; done)"
+      fi
+    fi
+  fi
+
+  # Export some environment variables to be used in hook script
+  export WELLKNOWN BASEDIR CERTDIR ALPNCERTDIR CONFIG COMMAND
+
+  # Checking for private key ...
+  register_new_key="no"
+  generated="false"
+  if [[ -n "${PARAM_ACCOUNT_KEY:-}" ]]; then
+    # a private key was specified from the command line so use it for this run
+    echo "Using private key ${PARAM_ACCOUNT_KEY} instead of account key"
+    ACCOUNT_KEY="${PARAM_ACCOUNT_KEY}"
+    ACCOUNT_KEY_JSON="${PARAM_ACCOUNT_KEY}.json"
+    ACCOUNT_ID_JSON="${PARAM_ACCOUNT_KEY}_id.json"
+    [ "${COMMAND:-}" = "register" ] && register_new_key="yes"
+  else
+    # Check if private account key exists, if it doesn't exist yet generate a new one (rsa key)
+    if [[ ! -e "${ACCOUNT_KEY}" ]]; then
+      if [[ ! "${PARAM_ACCEPT_TERMS:-}" = "yes" ]]; then
+        printf '\n' >&2
+        printf 'To use dehydrated with this certificate authority you have to agree to their terms of service which you can find here: %s\n\n' "${CA_TERMS}" >&2
+        printf 'To accept these terms of service run "%s --register --accept-terms".\n' "${0}" >&2
+        exit 1
+      fi
+
+      echo "+ Generating account key..."
+      generated="true"
+      local tmp_account_key
+      tmp_account_key="$(_mktemp)"
+      if [[ ${API} -eq 1 && ! "${ACCOUNT_KEY_ALGO}" = "rsa" ]]; then
+        _exiterr "ACME API version 1 does not support EC account keys"
+      fi
+      case "${ACCOUNT_KEY_ALGO}" in
+        rsa) _openssl genrsa -out "${tmp_account_key}" "${ACCOUNT_KEYSIZE}";;
+        prime256v1|secp384r1|secp521r1) _openssl ecparam -genkey -name "${ACCOUNT_KEY_ALGO}" -out "${tmp_account_key}" -noout;;
+      esac
+      cat "${tmp_account_key}" > "${ACCOUNT_KEY}"
+      rm "${tmp_account_key}"
+      register_new_key="yes"
+    fi
+  fi
+
+  if ("${OPENSSL}" rsa -in "${ACCOUNT_KEY}" -check 2>/dev/null > /dev/null); then
+    # Get public components from private key and calculate thumbprint
+    pubExponent64="$(printf '%x' "$("${OPENSSL}" rsa -in "${ACCOUNT_KEY}" -noout -text | awk '/publicExponent/ {print $2}')" | hex2bin | urlbase64)"
+    pubMod64="$("${OPENSSL}" rsa -in "${ACCOUNT_KEY}" -noout -modulus | cut -d'=' -f2 | hex2bin | urlbase64)"
+
+    account_key_info="$(printf '{"e":"%s","kty":"RSA","n":"%s"}' "${pubExponent64}" "${pubMod64}")"
+    account_key_sigalgo=RS256
+  elif ("${OPENSSL}" ec -in "${ACCOUNT_KEY}" -check 2>/dev/null > /dev/null); then
+    curve="$("${OPENSSL}" ec -in "${ACCOUNT_KEY}" -noout -text 2>/dev/null | grep 'NIST CURVE' | cut -d':' -f2 | tr -d ' ')"
+    pubkey="$("${OPENSSL}" ec -in "${ACCOUNT_KEY}" -noout -text 2>/dev/null | tr -d '\n ' | grep -Eo 'pub:.*ASN1' | _sed -e 's/^pub://' -e 's/ASN1$//' | tr -d ':')"
+
+    if [ "${curve}" = "P-256" ]; then
+      account_key_sigalgo="ES256"
+    elif [ "${curve}" = "P-384" ]; then
+      account_key_sigalgo="ES384"
+    elif [ "${curve}" = "P-521" ]; then
+      account_key_sigalgo="ES512"
+    else
+      _exiterr "Unknown account key curve: ${curve}"
+    fi
+
+    ec_x_offset=2
+    ec_x_len=$((${#pubkey}/2 - 1))
+    ec_x="${pubkey:$ec_x_offset:$ec_x_len}"
+    ec_x64="$(printf "%s" "${ec_x}" | hex2bin | urlbase64)"
+
+    ec_y_offset=$((ec_x_offset+ec_x_len))
+    ec_y_len=$((${#pubkey}-ec_y_offset))
+    ec_y="${pubkey:$ec_y_offset:$ec_y_len}"
+    ec_y64="$(printf "%s" "${ec_y}" | hex2bin | urlbase64)"
+
+    account_key_info="$(printf '{"crv":"%s","kty":"EC","x":"%s","y":"%s"}' "${curve}" "${ec_x64}" "${ec_y64}")"
+  else
+    _exiterr "Account key is not valid, cannot continue."
+  fi
+  thumbprint="$(printf '%s' "${account_key_info}" | "${OPENSSL}" dgst -sha256 -binary | urlbase64)"
+
+  # If we generated a new private key in the step above we have to register it with the acme-server
+  if [[ "${register_new_key}" = "yes" ]]; then
+    echo "+ Registering account key with ACME server..."
+    FAILED=false
+
+    if [[ ${API} -eq 1 && -z "${CA_NEW_REG}" ]] || [[ ${API} -eq 2 && -z "${CA_NEW_ACCOUNT}" ]]; then
+      echo "Certificate authority doesn't allow registrations."
+      FAILED=true
+    fi
+
+    # ZeroSSL special sauce
+    if [[ "${CA}" = "${CA_ZEROSSL}" ]]; then
+      if [[ -z "${EAB_KID:-}" ]] ||  [[ -z "${EAB_HMAC_KEY:-}" ]]; then
+        if [[ -z "${CONTACT_EMAIL}" ]]; then
+          echo "ZeroSSL requires contact email to be set or EAB_KID/EAB_HMAC_KEY to be manually configured"
+          FAILED=true
+        else
+          zeroapi="$(curl -s "https://api.zerossl.com/acme/eab-credentials-email" -d "email=${CONTACT_EMAIL}" | jsonsh)"
+          EAB_KID="$(printf "%s" "${zeroapi}" | get_json_string_value eab_kid)"
+          EAB_HMAC_KEY="$(printf "%s" "${zeroapi}" | get_json_string_value eab_hmac_key)"
+          if [[ -z "${EAB_KID:-}" ]] ||  [[ -z "${EAB_HMAC_KEY:-}" ]]; then
+            echo "Unknown error retrieving ZeroSSL API credentials"
+            echo "${zeroapi}"
+            FAILED=true
+          fi
+        fi
+      fi
+    fi
+
+     # Google special sauce
+    if [[ "${CA}" = "${CA_GOOGLE}" ]]; then
+      if [[ -z "${CONTACT_EMAIL}" ]] || [[ -z "${EAB_KID:-}" ]] || [[ -z "${EAB_HMAC_KEY:-}" ]]; then
+          echo "Google requires contact email, EAB_KID and EAB_HMAC_KEY to be manually configured (see https://cloud.google.com/certificate-manager/docs/public-ca-tutorial)"
+          FAILED=true
+      fi
+    fi
+
+    # Check if external account is required
+    if [[ "${FAILED}" = "false" ]]; then
+      if [[ "${CA_REQUIRES_EAB}" = "true" ]]; then
+        if [[ -z "${EAB_KID:-}" ]] || [[ -z "${EAB_HMAC_KEY:-}" ]]; then
+          FAILED=true
+          echo "This CA requires an external account but no EAB_KID/EAB_HMAC_KEY has been configured"
+        fi
+      fi
+    fi
+
+    # If an email for the contact has been provided then adding it to the registration request
+    if [[ "${FAILED}" = "false" ]]; then
+      if [[ ${API} -eq 1 ]]; then
+        if [[ -n "${CONTACT_EMAIL}" ]]; then
+          (signed_request "${CA_NEW_REG}" '{"resource": "new-reg", "contact":["mailto:'"${CONTACT_EMAIL}"'"], "agreement": "'"${CA_TERMS}"'"}' > "${ACCOUNT_KEY_JSON}") || FAILED=true
+        else
+          (signed_request "${CA_NEW_REG}" '{"resource": "new-reg", "agreement": "'"${CA_TERMS}"'"}' > "${ACCOUNT_KEY_JSON}") || FAILED=true
+        fi
+      else
+        if [[ -n "${EAB_KID:-}" ]] && [[ -n "${EAB_HMAC_KEY:-}" ]]; then
+          eab_url="${CA_NEW_ACCOUNT}"
+          eab_protected64="$(printf '{"alg":"HS256","kid":"%s","url":"%s"}' "${EAB_KID}" "${eab_url}" | urlbase64)"
+          eab_payload64="$(printf "%s" "${account_key_info}" | urlbase64)"
+          eab_key="$(printf "%s" "${EAB_HMAC_KEY}" | deurlbase64 | bin2hex)"
+          eab_signed64="$(printf '%s' "${eab_protected64}.${eab_payload64}" | "${OPENSSL}" dgst -binary -sha256 -mac HMAC -macopt "hexkey:${eab_key}" | urlbase64)"
+
+          if [[ -n "${CONTACT_EMAIL}" ]]; then
+            regjson='{"contact":["mailto:'"${CONTACT_EMAIL}"'"], "termsOfServiceAgreed": true, "externalAccountBinding": {"protected": "'"${eab_protected64}"'", "payload": "'"${eab_payload64}"'", "signature": "'"${eab_signed64}"'"}}'
+          else
+            regjson='{"termsOfServiceAgreed": true, "externalAccountBinding": {"protected": "'"${eab_protected64}"'", "payload": "'"${eab_payload64}"'", "signature": "'"${eab_signed64}"'"}}'
+          fi
+        else
+          if [[ -n "${CONTACT_EMAIL}" ]]; then
+            regjson='{"contact":["mailto:'"${CONTACT_EMAIL}"'"], "termsOfServiceAgreed": true}'
+          else
+            regjson='{"termsOfServiceAgreed": true}'
+          fi
+        fi
+        (signed_request "${CA_NEW_ACCOUNT}" "${regjson}" > "${ACCOUNT_KEY_JSON}") || FAILED=true
+      fi
+    fi
+
+    if [[ "${FAILED}" = "true" ]]; then
+      echo >&2
+      echo >&2
+      echo "Error registering account key. See message above for more information." >&2
+      if [[ "${generated}" = "true" ]]; then
+        rm "${ACCOUNT_KEY}"
+      fi
+      rm -f "${ACCOUNT_KEY_JSON}"
+      exit 1
+    fi
+  elif [[ "${COMMAND:-}" = "register" ]]; then
+    echo "+ Account already registered!"
+    exit 0
+  fi
+
+  # Read account information or request from CA if missing
+  if [[ -e "${ACCOUNT_KEY_JSON}" ]]; then
+    if [[ ${API} -eq 1 ]]; then
+      ACCOUNT_ID="$(jsonsh < "${ACCOUNT_KEY_JSON}" | get_json_int_value id)"
+      ACCOUNT_URL="${CA_REG}/${ACCOUNT_ID}"
+    else
+      if [[ -e "${ACCOUNT_ID_JSON}" ]]; then
+        ACCOUNT_URL="$(jsonsh < "${ACCOUNT_ID_JSON}" | get_json_string_value url)"
+      fi
+      # if account URL is not storred, fetch it from the CA
+      if [[ -z "${ACCOUNT_URL:-}" ]]; then
+        echo "+ Fetching account URL..."
+        ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | cut -d':' -f2- | tr -d ' \t\r\n')"
+        if [[ -z "${ACCOUNT_URL}" ]]; then
+          _exiterr "Unknown error on fetching account information"
+        fi
+        echo '{"url":"'"${ACCOUNT_URL}"'"}' > "${ACCOUNT_ID_JSON}" # store the URL for next time
+      fi
+    fi
+  else
+    echo "Fetching missing account information from CA..."
+    if [[ ${API} -eq 1 ]]; then
+      _exiterr "This is not implemented for ACMEv1! Consider switching to ACMEv2 :)"
+    else
+      ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | cut -d':' -f2- | tr -d ' \t\r\n')"
+      ACCOUNT_INFO="$(signed_request "${ACCOUNT_URL}" '{}')"
+    fi
+    echo "${ACCOUNT_INFO}" > "${ACCOUNT_KEY_JSON}"
+  fi
+}
+
+# Different sed version for different os types...
+_sed() {
+  if [[ "${OSTYPE}" = "Linux" || "${OSTYPE:0:5}" = "MINGW" ]]; then
+    sed -r "${@}"
+  else
+    sed -E "${@}"
+  fi
+}
+
+# Print error message and exit with error
+_exiterr() {
+  if [ -n "${1:-}" ]; then
+    echo "ERROR: ${1}" >&2
+  fi
+  [[ "${skip_exit_hook:-no}" = "no" ]] && [[ -n "${HOOK:-}" ]] && ("${HOOK}" "exit_hook" "${1:-}" || echo 'exit_hook returned with non-zero exit code!' >&2)
+  exit 1
+}
+
+# Remove newlines and whitespace from json
+clean_json() {
+  tr -d '\r\n' | _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
+}
+
+# Encode data as url-safe formatted base64
+urlbase64() {
+  # urlbase64: base64 encoded string with '+' replaced with '-' and '/' replaced with '_'
+  "${OPENSSL}" base64 -e | tr -d '\n\r' | _sed -e 's:=*$::g' -e 'y:+/:-_:'
+}
+
+# Decode data from url-safe formatted base64
+deurlbase64() {
+  data="$(cat | tr -d ' \n\r')"
+  modlen=$((${#data} % 4))
+  padding=""
+  if [[ "${modlen}" = "2" ]]; then padding="==";
+  elif [[ "${modlen}" = "3" ]]; then padding="="; fi
+  printf "%s%s" "${data}" "${padding}" | tr -d '\n\r' | _sed -e 'y:-_:+/:' | "${OPENSSL}" base64 -d -A
+}
+
+# Convert hex string to binary data
+hex2bin() {
+  # Remove spaces, add leading zero, escape as hex string and parse with printf
+  # shellcheck disable=SC2059
+  printf "%b" "$(cat | _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g')"
+}
+
+# Convert binary data to hex string
+bin2hex() {
+  hexdump -v -e '/1 "%02x"'
+}
+
+# OpenSSL writes to stderr/stdout even when there are no errors. So just
+# display the output if the exit code was != 0 to simplify debugging.
+_openssl() {
+  set +e
+  out="$("${OPENSSL}" "${@}" 2>&1)"
+  res=$?
+  set -e
+  if [[ ${res} -ne 0 ]]; then
+    echo "  + ERROR: failed to run $* (Exitcode: ${res})" >&2
+    echo >&2
+    echo "Details:" >&2
+    echo "${out}" >&2
+    echo >&2
+    exit "${res}"
+  fi
+}
+
+# Send http(s) request with specified method
+http_request() {
+  tempcont="$(_mktemp)"
+  tempheaders="$(_mktemp)"
+
+  if [[ -n "${IP_VERSION:-}" ]]; then
+      ip_version="-${IP_VERSION}"
+  fi
+
+  set +e
+  # shellcheck disable=SC2086
+  if [[ "${1}" = "head" ]]; then
+    statuscode="$(curl ${ip_version:-} ${CURL_OPTS} -A "dehydrated/${VERSION} curl/${CURL_VERSION}" -s -w "%{http_code}" -o "${tempcont}" -H 'Cache-Control: no-cache' "${2}" -I)"
+    curlret="${?}"
+    touch "${tempheaders}"
+  elif [[ "${1}" = "get" ]]; then
+    statuscode="$(curl ${ip_version:-} ${CURL_OPTS} -A "dehydrated/${VERSION} curl/${CURL_VERSION}" -L -s -w "%{http_code}" -o "${tempcont}" -D "${tempheaders}" -H 'Cache-Control: no-cache' "${2}")"
+    curlret="${?}"
+  elif [[ "${1}" = "post" ]]; then
+    statuscode="$(curl ${ip_version:-} ${CURL_OPTS} -A "dehydrated/${VERSION} curl/${CURL_VERSION}" -s -w "%{http_code}" -o "${tempcont}" "${2}" -D "${tempheaders}" -H 'Cache-Control: no-cache' -H 'Content-Type: application/jose+json' -d "${3}")"
+    curlret="${?}"
+  else
+    set -e
+    _exiterr "Unknown request method: ${1}"
+  fi
+  set -e
+
+  if [[ ! "${curlret}" = "0" ]]; then
+    _exiterr "Problem connecting to server (${1} for ${2}; curl returned with ${curlret})"
+  fi
+
+  if [[ ! "${statuscode:0:1}" = "2" ]]; then
+    # check for existing registration warning
+    if [[ "${API}" = "1" ]] && [[ -n "${CA_NEW_REG:-}" ]] && [[ "${2}" = "${CA_NEW_REG:-}" ]] && [[ "${statuscode}" = "409" ]] && grep -q "Registration key is already in use" "${tempcont}"; then
+      # do nothing
+      :
+    # check for already-revoked warning
+    elif [[ -n "${CA_REVOKE_CERT:-}" ]] && [[ "${2}" = "${CA_REVOKE_CERT:-}" ]] && [[ "${statuscode}" = "409" ]]; then
+      grep -q "Certificate already revoked" "${tempcont}" && return
+    else
+      if grep -q "urn:ietf:params:acme:error:badNonce" "${tempcont}"; then
+        printf "badnonce %s" "$(grep -Eoi "^replay-nonce:.*$" "${tempheaders}" | sed 's/ //' | cut -d: -f2)"
+        return 0
+      fi
+      echo "  + ERROR: An error occurred while sending ${1}-request to ${2} (Status ${statuscode})" >&2
+      echo >&2
+      echo "Details:" >&2
+      cat "${tempheaders}" >&2
+      cat "${tempcont}" >&2
+      echo >&2
+      echo >&2
+
+      # An exclusive hook for the {1}-request error might be useful (e.g., for sending an e-mail to admins)
+      if [[ -n "${HOOK}" ]]; then
+        errtxt="$(cat "${tempcont}")"
+        errheaders="$(cat "${tempheaders}")"
+        "${HOOK}" "request_failure" "${statuscode}" "${errtxt}" "${1}" "${errheaders}" || _exiterr 'request_failure hook returned with non-zero exit code'
+      fi
+
+      rm -f "${tempcont}"
+      rm -f "${tempheaders}"
+
+      # remove temporary domains.txt file if used
+      [[ "${COMMAND:-}" = "sign_domains" && -n "${PARAM_DOMAIN:-}" && -n "${DOMAINS_TXT:-}" ]] && rm "${DOMAINS_TXT}"
+      _exiterr
+    fi
+  fi
+
+  if { true >&4; } 2>/dev/null; then
+    cat "${tempheaders}" >&4
+  fi
+  cat "${tempcont}"
+  rm -f "${tempcont}"
+  rm -f "${tempheaders}"
+}
+
+# Send signed request
+signed_request() {
+  # Encode payload as urlbase64
+  payload64="$(printf '%s' "${2}" | urlbase64)"
+
+  if [ -n "${3:-}" ]; then
+    nonce="$(printf "%s" "${3}" | tr -d ' \t\n\r')"
+  else
+    # Retrieve nonce from acme-server
+    if [[ ${API} -eq 1 ]]; then
+      nonce="$(http_request head "${CA}" | grep -i ^Replay-Nonce: | cut -d':' -f2- | tr -d ' \t\n\r')"
+    else
+      nonce="$(http_request head "${CA_NEW_NONCE}" | grep -i ^Replay-Nonce: | cut -d':' -f2- | tr -d ' \t\n\r')"
+    fi
+  fi
+
+  if [[ ${API} -eq 1 ]]; then
+    # Build another header which also contains the previously received nonce and encode it as urlbase64
+    protected='{"alg": "RS256", "jwk": {"e": "'"${pubExponent64}"'", "kty": "RSA", "n": "'"${pubMod64}"'"}, "nonce": "'"${nonce}"'"}'
+    protected64="$(printf '%s' "${protected}" | urlbase64)"
+  else
+    # Build another header which also contains the previously received nonce and url and encode it as urlbase64
+    if [[ -n "${ACCOUNT_URL:-}" ]]; then
+      protected='{"alg": "'"${account_key_sigalgo}"'", "kid": "'"${ACCOUNT_URL}"'", "url": "'"${1}"'", "nonce": "'"${nonce}"'"}'
+    else
+      protected='{"alg": "'"${account_key_sigalgo}"'", "jwk": '"${account_key_info}"', "url": "'"${1}"'", "nonce": "'"${nonce}"'"}'
+    fi
+    protected64="$(printf '%s' "${protected}" | urlbase64)"
+  fi
+
+  # Sign header with nonce and our payload with our private key and encode signature as urlbase64
+  if [[ "${account_key_sigalgo}" = "RS256" ]]; then
+    signed64="$(printf '%s' "${protected64}.${payload64}" | "${OPENSSL}" dgst -sha256 -sign "${ACCOUNT_KEY}" | urlbase64)"
+  else
+    dgstparams="$(printf '%s' "${protected64}.${payload64}" | "${OPENSSL}" dgst -sha${account_key_sigalgo:2} -sign "${ACCOUNT_KEY}" | "${OPENSSL}" asn1parse -inform DER)"
+    dgst_parm_1="$(echo "$dgstparams" | head -n 2 | tail -n 1 | cut -d':' -f4)"
+    dgst_parm_2="$(echo "$dgstparams" | head -n 3 | tail -n 1 | cut -d':' -f4)"
+
+    # zero-padding (doesn't seem to be necessary, but other clients are doing this as well...
+    case "${account_key_sigalgo}" in
+      "ES256") siglen=64;;
+      "ES384") siglen=96;;
+      "ES512") siglen=132;;
+    esac
+    while [[ ${#dgst_parm_1} -lt $siglen ]]; do dgst_parm_1="0${dgst_parm_1}"; done
+    while [[ ${#dgst_parm_2} -lt $siglen ]]; do dgst_parm_2="0${dgst_parm_2}"; done
+
+    signed64="$(printf "%s%s" "${dgst_parm_1}" "${dgst_parm_2}" | hex2bin | urlbase64)"
+  fi
+
+  if [[ ${API} -eq 1 ]]; then
+    # Build header with just our public key and algorithm information
+    header='{"alg": "RS256", "jwk": {"e": "'"${pubExponent64}"'", "kty": "RSA", "n": "'"${pubMod64}"'"}}'
+
+    # Send header + extended header + payload + signature to the acme-server
+    data='{"header": '"${header}"', "protected": "'"${protected64}"'", "payload": "'"${payload64}"'", "signature": "'"${signed64}"'"}'
+  else
+    # Send extended header + payload + signature to the acme-server
+    data='{"protected": "'"${protected64}"'", "payload": "'"${payload64}"'", "signature": "'"${signed64}"'"}'
+  fi
+
+  output="$(http_request post "${1}" "${data}")"
+
+  if grep -qE "^badnonce " <<< "${output}"; then
+    echo " ! Request failed (badNonce), retrying request..." >&2
+    signed_request "${1:-}" "${2:-}" "$(printf "%s" "${output}" | cut -d' ' -f2)"
+  else
+    printf "%s" "${output}"
+  fi
+}
+
+# Extracts all subject names from a CSR
+# Outputs either the CN, or the SANs, one per line
+extract_altnames() {
+  csrfile="${1}" # path to CSR file
+
+  if ! "${OPENSSL}" req -in "${csrfile}" -verify -noout >/dev/null; then
+    _exiterr "Certificate signing request isn't valid"
+  fi
+
+  reqtext="$("${OPENSSL}" req -in "${csrfile}" -noout -text)"
+  if <<<"${reqtext}" grep -q '^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$'; then
+    # SANs used, extract these
+    altnames="$( <<<"${reqtext}" awk '/X509v3 Subject Alternative Name:/{print;getline;print;}' | tail -n1 )"
+    # split to one per line:
+    # shellcheck disable=SC1003
+    altnames="$( <<<"${altnames}" _sed -e 's/^[[:space:]]*//; s/, /\'$'\n''/g' )"
+    # we can only get DNS/IP: ones signed
+    if grep -qEv '^(DNS|IP( Address)*|othername):' <<<"${altnames}"; then
+      _exiterr "Certificate signing request contains non-DNS/IP Subject Alternative Names"
+    fi
+    # strip away the DNS/IP: prefix
+    altnames="$( <<<"${altnames}" _sed -e 's/^(DNS:|IP( Address)*:|othername:<unsupported>)//' )"
+    printf "%s" "${altnames}" | tr '\n' ' '
+  else
+    # No SANs, extract CN
+    altnames="$( <<<"${reqtext}" grep '^[[:space:]]*Subject:' | _sed -e 's/.*[ /]CN ?= ?([^ /,]*).*/\1/' )"
+    printf "%s" "${altnames}"
+  fi
+}
+
+# Get last issuer CN in certificate chain
+get_last_cn() {
+  <<<"${1}" _sed 'H;/-----BEGIN CERTIFICATE-----/h;$!d;x' | "${OPENSSL}" x509 -noout -issuer | head -n1 | _sed -e 's/.*[ /]CN ?= ?([^/,]*).*/\1/'
+}
+
+# Create certificate for domain(s) and outputs it FD 3
+sign_csr() {
+  csrfile="${1}" # path to CSR file
+
+  if { true >&3; } 2>/dev/null; then
+    : # fd 3 looks OK
+  else
+    _exiterr "sign_csr: FD 3 not open"
+  fi
+
+  shift 1 || true
+  export altnames="${*}"
+
+  if [[ ${API} -eq 1 ]]; then
+    if [[ -z "${CA_NEW_AUTHZ}" ]] || [[ -z "${CA_NEW_CERT}" ]]; then
+      _exiterr "Certificate authority doesn't allow certificate signing"
+    fi
+  elif [[ ${API} -eq 2 ]] && [[ -z "${CA_NEW_ORDER}" ]]; then
+    _exiterr "Certificate authority doesn't allow certificate signing"
+  fi
+
+  if [[ -n "${ZSH_VERSION:-}" ]]; then
+    local -A challenge_names challenge_uris challenge_tokens authorizations keyauths deploy_args
+  else
+    local -a challenge_names challenge_uris challenge_tokens authorizations keyauths deploy_args
+  fi
+
+  # Initial step: Find which authorizations we're dealing with
+  if [[ ${API} -eq 2 ]]; then
+    # Request new order and store authorization URIs
+    local challenge_identifiers=""
+    for altname in ${altnames}; do
+    if [[ "${altname}" =~ ^ip: ]]; then
+      challenge_identifiers+="$(printf '{"type": "ip", "value": "%s"}, ' "${altname:3}")"
+    else
+       challenge_identifiers+="$(printf '{"type": "dns", "value": "%s"}, ' "${altname}")"
+    fi
+    done
+    challenge_identifiers="[${challenge_identifiers%, }]"
+
+    echo " + Requesting new certificate order from CA..."
+    local order_payload='{"identifiers": '"${challenge_identifiers}"
+    if [[ -n "${ACME_PROFILE}" ]]; then
+      order_payload="${order_payload}"',"profile":"'"${ACME_PROFILE}"'"'
+    fi
+    order_payload="${order_payload}"'}'
+    order_location="$(signed_request "${CA_NEW_ORDER}" "${order_payload}" 4>&1 | grep -i ^Location: | cut -d':' -f2- | tr -d ' \t\r\n')"
+    result="$(signed_request "${order_location}" "" | jsonsh)"
+
+    order_authorizations="$(echo "${result}" | get_json_array_values authorizations)"
+    finalize="$(echo "${result}" | get_json_string_value finalize)"
+
+    local idx=0
+    for uri in ${order_authorizations}; do
+      authorizations[${idx}]="${uri}"
+      idx=$((idx+1))
+    done
+    echo " + Received ${idx} authorizations URLs from the CA"
+  else
+    # Copy $altnames to $authorizations (just doing this to reduce duplicate code later on)
+    local idx=0
+    for altname in ${altnames}; do
+      authorizations[${idx}]="${altname}"
+      idx=$((idx+1))
+    done
+  fi
+
+  # Check if authorizations are valid and gather challenge information for pending authorizations
+  local idx=0
+  for authorization in ${authorizations[*]}; do
+    if [[ "${API}" -eq 2 ]]; then
+      # Receive authorization ($authorization is authz uri)
+      response="$(signed_request "$(echo "${authorization}" | _sed -e 's/\"(.*)".*/\1/')" "" | jsonsh)"
+      identifier="$(echo "${response}" | get_json_string_value -p '"identifier","value"')"
+      identifier_type="$(echo "${response}" | get_json_string_value -p '"identifier","type"')"
+      echo " + Handling authorization for ${identifier}"
+    else
+      # Request new authorization ($authorization is altname)
+      identifier="${authorization}"
+      echo " + Requesting authorization for ${identifier}..."
+      response="$(signed_request "${CA_NEW_AUTHZ}" '{"resource": "new-authz", "identifier": {"type": "dns", "value": "'"${identifier}"'"}}' | jsonsh)"
+    fi
+
+    # Check if authorization has already been validated
+    if [ "$(echo "${response}" | get_json_string_value status)" = "valid" ]; then
+      if [ "${PARAM_FORCE_VALIDATION:-no}" = "yes" ]; then
+        echo " + A valid authorization has been found but will be ignored"
+      else
+        echo " + Found valid authorization for ${identifier}"
+        continue
+      fi
+    fi
+
+    # Find challenge in authorization
+    challengeindex="$(echo "${response}" | grep -E '^\["challenges",[0-9]+,"type"\][[:space:]]+"'"${CHALLENGETYPE}"'"' | cut -d',' -f2 || true)"
+
+    if [ -z "${challengeindex}" ]; then
+      allowed_validations="$(echo "${response}" | grep -E '^\["challenges",[0-9]+,"type"\]' | sed -e 's/\[[^\]*\][[:space:]]*//g' -e 's/^"//' -e 's/"$//' | tr '\n' ' ')"
+      _exiterr "Validating this certificate is not possible using ${CHALLENGETYPE}. Possible validation methods are: ${allowed_validations}"
+    fi
+    challenge="$(echo "${response}" | get_json_dict_value -p '"challenges",'"${challengeindex}")"
+
+    # Gather challenge information
+    if [ "${identifier_type:-}" = "ip" ] && [ "${CHALLENGETYPE}" = "tls-alpn-01" ] ; then
+      challenge_names[${idx}]="$(echo "${identifier}" | ip_to_ptr)"
+    else
+      challenge_names[${idx}]="${identifier}"
+    fi
+    challenge_tokens[${idx}]="$(echo "${challenge}" | get_json_string_value token)"
+
+    if [[ ${API} -eq 2 ]]; then
+      challenge_uris[${idx}]="$(echo "${challenge}" | get_json_string_value url)"
+    else
+      if [[ "$(echo "${challenge}" | get_json_string_value type)" = "urn:acme:error:unauthorized" ]]; then
+        _exiterr "Challenge unauthorized: $(echo "${challenge}" | get_json_string_value detail)"
+      fi
+      challenge_uris[${idx}]="$(echo "${challenge}" | get_json_dict_value validationRecord | get_json_string_value uri)"
+    fi
+
+    # Prepare challenge tokens and deployment parameters
+    keyauth="${challenge_tokens[${idx}]}.${thumbprint}"
+
+    case "${CHALLENGETYPE}" in
+      "http-01")
+        # Store challenge response in well-known location and make world-readable (so that a webserver can access it)
+        printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_tokens[${idx}]}"
+        chmod a+r "${WELLKNOWN}/${challenge_tokens[${idx}]}"
+        keyauth_hook="${keyauth}"
+        ;;
+      "dns-01")
+        # Generate DNS entry content for dns-01 validation
+        keyauth_hook="$(printf '%s' "${keyauth}" | "${OPENSSL}" dgst -sha256 -binary | urlbase64)"
+        ;;
+      "tls-alpn-01")
+        keyauth_hook="$(printf '%s' "${keyauth}" | "${OPENSSL}" dgst -sha256 -c -hex | awk '{print $NF}')"
+        generate_alpn_certificate "${identifier}" "${identifier_type}" "${keyauth_hook}"
+        ;;
+    esac
+
+    keyauths[${idx}]="${keyauth}"
+    if [ "${identifier_type:-}" = "ip" ] && [ "${CHALLENGETYPE}" = "tls-alpn-01" ]; then
+      deploy_args[${idx}]="$(echo "${identifier}" | ip_to_ptr) ${challenge_tokens[${idx}]} ${keyauth_hook}"
+    else
+      deploy_args[${idx}]="${identifier} ${challenge_tokens[${idx}]} ${keyauth_hook}"
+    fi
+
+    idx=$((idx+1))
+  done
+  local num_pending_challenges=${idx}
+  echo " + ${num_pending_challenges} pending challenge(s)"
+
+  # Deploy challenge tokens
+  if [[ ${num_pending_challenges} -ne 0 ]]; then
+    echo " + Deploying challenge tokens..."
+    if [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" = "yes" ]]; then
+      # shellcheck disable=SC2068
+      "${HOOK}" "deploy_challenge" ${deploy_args[@]} || _exiterr 'deploy_challenge hook returned with non-zero exit code'
+    elif [[ -n "${HOOK}" ]]; then
+      # Run hook script to deploy the challenge token
+      local idx=0
+      while [ ${idx} -lt ${num_pending_challenges} ]; do
+        # shellcheck disable=SC2086
+        "${HOOK}" "deploy_challenge" ${deploy_args[${idx}]} || _exiterr 'deploy_challenge hook returned with non-zero exit code'
+        idx=$((idx+1))
+      done
+    fi
+  fi
+
+  # Validate pending challenges
+  local idx=0
+  while [ ${idx} -lt ${num_pending_challenges} ]; do
+    echo " + Responding to challenge for ${challenge_names[${idx}]} authorization..."
+
+    # Ask the acme-server to verify our challenge and wait until it is no longer pending
+    if [[ ${API} -eq 1 ]]; then
+      result="$(signed_request "${challenge_uris[${idx}]}" '{"resource": "challenge", "keyAuthorization": "'"${keyauths[${idx}]}"'"}' | jsonsh)"
+    else
+      result="$(signed_request "${challenge_uris[${idx}]}" '{}' | jsonsh)"
+    fi
+
+    reqstatus="$(echo "${result}" | get_json_string_value status)"
+
+    local waited=0
+    while [[ "${reqstatus}" = "pending" ]] || [[ "${reqstatus}" = "processing" ]]; do
+      if [ ${VALIDATION_TIMEOUT} -gt 0 ] && [ ${waited} -gt ${VALIDATION_TIMEOUT} ]; then
+        _exiterr "Timed out waiting for processing of domain validation (still ${reqstatus})"
+      fi
+      echo " + Validation is ${reqstatus}..."
+      sleep 1
+      waited=$((waited+1))
+      if [[ "${API}" -eq 2 ]]; then
+        result="$(signed_request "${challenge_uris[${idx}]}" "" | jsonsh)"
+      else
+        result="$(http_request get "${challenge_uris[${idx}]}" | jsonsh)"
+      fi
+      reqstatus="$(echo "${result}" | get_json_string_value status)"
+    done
+
+    [[ "${CHALLENGETYPE}" = "http-01" ]] && rm -f "${WELLKNOWN}/${challenge_tokens[${idx}]}"
+    [[ "${CHALLENGETYPE}" = "tls-alpn-01" ]] && rm -f "${ALPNCERTDIR}/${challenge_names[${idx}]}.crt.pem" "${ALPNCERTDIR}/${challenge_names[${idx}]}.key.pem"
+
+    if [[ "${reqstatus}" = "valid" ]]; then
+      echo " + Challenge is valid!"
+    else
+      [[ -n "${HOOK}" ]] && ("${HOOK}" "invalid_challenge" "${altname}" "${result}" || _exiterr 'invalid_challenge hook returned with non-zero exit code')
+      break
+    fi
+    idx=$((idx+1))
+  done
+
+  if [[ ${num_pending_challenges} -ne 0 ]]; then
+    echo " + Cleaning challenge tokens..."
+
+    # Clean challenge tokens using chained hook
+    # shellcheck disable=SC2068
+    [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" = "yes" ]] && ("${HOOK}" "clean_challenge" ${deploy_args[@]} || _exiterr 'clean_challenge hook returned with non-zero exit code')
+
+    # Clean remaining challenge tokens if validation has failed
+    local idx=0
+    while [ ${idx} -lt ${num_pending_challenges} ]; do
+      # Delete challenge file
+      [[ "${CHALLENGETYPE}" = "http-01" ]] && rm -f "${WELLKNOWN}/${challenge_tokens[${idx}]}"
+      # Delete alpn verification certificates
+      [[ "${CHALLENGETYPE}" = "tls-alpn-01" ]] && rm -f "${ALPNCERTDIR}/${challenge_names[${idx}]}.crt.pem" "${ALPNCERTDIR}/${challenge_names[${idx}]}.key.pem"
+      # Clean challenge token using non-chained hook
+      # shellcheck disable=SC2086
+      [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && ("${HOOK}" "clean_challenge" ${deploy_args[${idx}]} || _exiterr 'clean_challenge hook returned with non-zero exit code')
+      idx=$((idx+1))
+    done
+
+    if [[ "${reqstatus}" != "valid" ]]; then
+      echo " + Challenge validation has failed :("
+      _exiterr "Challenge is invalid! (returned: ${reqstatus}) (result: ${result})"
+    fi
+  fi
+
+  # Finally request certificate from the acme-server and store it in cert-${timestamp}.pem and link from cert.pem
+  echo " + Requesting certificate..."
+  csr64="$("${OPENSSL}" req -in "${csrfile}" -config "${OPENSSL_CNF}" -outform DER | urlbase64)"
+  if [[ ${API} -eq 1 ]]; then
+    crt64="$(signed_request "${CA_NEW_CERT}" '{"resource": "new-cert", "csr": "'"${csr64}"'"}' | "${OPENSSL}" base64 -e)"
+    crt="$( printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" )"
+  else
+    result="$(signed_request "${finalize}" '{"csr": "'"${csr64}"'"}' | jsonsh)"
+    waited=0
+    while :; do
+      orderstatus="$(echo "${result}" | get_json_string_value status)"
+      case "${orderstatus}"
+      in
+        "processing" | "pending")
+          if [ ${ORDER_TIMEOUT} -gt 0 ] && [ ${waited} -gt ${ORDER_TIMEOUT} ]; then
+            _exiterr "Timed out waiting for processing of order (still ${orderstatus})"
+          fi
+          echo " + Order is ${orderstatus}..."
+          sleep 2;
+          waited=$((waited+2))
+          ;;
+        "valid")
+          break;
+          ;;
+        *)
+          _exiterr "Order has invalid/unknown status: ${orderstatus}"
+          ;;
+      esac
+      result="$(signed_request "${order_location}" "" | jsonsh)"
+    done
+
+    resheaders="$(_mktemp)"
+    certificate="$(echo "${result}" | get_json_string_value certificate)"
+    crt="$(signed_request "${certificate}" "" 4>"${resheaders}")"
+
+    if [ -n "${PREFERRED_CHAIN:-}" ]; then
+      foundaltchain=0
+      altcn="$(get_last_cn "${crt}")"
+      altoptions="${altcn}"
+      if [ "${altcn}" = "${PREFERRED_CHAIN}" ]; then
+        foundaltchain=1
+      fi
+      if [ "${foundaltchain}" = "0" ] && (grep -Ei '^link:' "${resheaders}" | grep -q -Ei 'rel="alternate"'); then
+        while read -r altcrturl; do
+          if [ "${foundaltchain}" = "0" ]; then
+            altcrt="$(signed_request "${altcrturl}" "")"
+            altcn="$(get_last_cn "${altcrt}")"
+            altoptions="${altoptions}, ${altcn}"
+            if [ "${altcn}" = "${PREFERRED_CHAIN}" ]; then
+              foundaltchain=1
+              crt="${altcrt}"
+            fi
+          fi
+        done <<< "$(grep -Ei '^link:' "${resheaders}" | grep -Ei 'rel="alternate"' | cut -d'<' -f2 | cut -d'>' -f1)"
+      fi
+      if [ "${foundaltchain}" = "0" ]; then
+        _exiterr "Alternative chain with CN = ${PREFERRED_CHAIN} not found, available options: ${altoptions}"
+      fi
+      echo " + Using preferred chain with CN = ${altcn}"
+    fi
+    rm -f "${resheaders}"
+  fi
+
+  # Try to load the certificate to detect corruption
+  echo " + Checking certificate..."
+  _openssl x509 -text <<<"${crt}"
+
+  echo "${crt}" >&3
+
+  unset challenge_token
+  echo " + Done!"
+}
+
+# grep issuer cert uri from certificate
+get_issuer_cert_uri() {
+  certificate="${1}"
+  "${OPENSSL}" x509 -in "${certificate}" -noout -text | (grep 'CA Issuers - URI:' | cut -d':' -f2-) || true
+}
+
+get_issuer_hash() {
+  certificate="${1}"
+  "${OPENSSL}" x509 -in "${certificate}" -noout -issuer_hash
+}
+
+get_ocsp_url() {
+  certificate="${1}"
+  "${OPENSSL}" x509 -in "${certificate}" -noout -ocsp_uri
+}
+
+# walk certificate chain, retrieving all intermediate certificates
+walk_chain() {
+  local certificate
+  certificate="${1}"
+
+  local issuer_cert_uri
+  issuer_cert_uri="${2:-}"
+  if [[ -z "${issuer_cert_uri}" ]]; then issuer_cert_uri="$(get_issuer_cert_uri "${certificate}")"; fi
+  if [[ -n "${issuer_cert_uri}" ]]; then
+    # create temporary files
+    local tmpcert
+    local tmpcert_raw
+    tmpcert_raw="$(_mktemp)"
+    tmpcert="$(_mktemp)"
+
+    # download certificate
+    http_request get "${issuer_cert_uri}" > "${tmpcert_raw}"
+
+    # PEM
+    if grep -q "BEGIN CERTIFICATE" "${tmpcert_raw}"; then mv "${tmpcert_raw}" "${tmpcert}"
+    # DER
+    elif "${OPENSSL}" x509 -in "${tmpcert_raw}" -inform DER -out "${tmpcert}" -outform PEM 2> /dev/null > /dev/null; then :
+    # PKCS7
+    elif "${OPENSSL}" pkcs7 -in "${tmpcert_raw}" -inform DER -out "${tmpcert}" -outform PEM -print_certs 2> /dev/null > /dev/null; then :
+    # Unknown certificate type
+    else _exiterr "Unknown certificate type in chain"
+    fi
+
+    local next_issuer_cert_uri
+    next_issuer_cert_uri="$(get_issuer_cert_uri "${tmpcert}")"
+    if [[ -n "${next_issuer_cert_uri}" ]]; then
+      printf "\n%s\n" "${issuer_cert_uri}"
+      cat "${tmpcert}"
+      walk_chain "${tmpcert}" "${next_issuer_cert_uri}"
+    fi
+    rm -f "${tmpcert}" "${tmpcert_raw}"
+  fi
+}
+
+# Generate ALPN verification certificate
+generate_alpn_certificate() {
+  local altname="${1}"
+  local identifier_type="${2}"
+  local acmevalidation="${3}"
+
+  local alpncertdir="${ALPNCERTDIR}"
+  if [[ ! -e "${alpncertdir}" ]]; then
+    echo " + Creating new directory ${alpncertdir} ..."
+    mkdir -p "${alpncertdir}" || _exiterr "Unable to create directory ${alpncertdir}"
+  fi
+
+  echo " + Generating ALPN certificate and key for ${1}..."
+  tmp_openssl_cnf="$(_mktemp)"
+  cat "${OPENSSL_CNF}" > "${tmp_openssl_cnf}"
+  if [[ "${identifier_type}" = "ip" ]]; then
+    printf "\n[SAN]\nsubjectAltName=IP:%s\n" "${altname}" >> "${tmp_openssl_cnf}"
+  else
+    printf "\n[SAN]\nsubjectAltName=DNS:%s\n" "${altname}" >> "${tmp_openssl_cnf}"
+  fi
+  printf "1.3.6.1.5.5.7.1.31=critical,DER:04:20:%s\n" "${acmevalidation}" >> "${tmp_openssl_cnf}"
+  SUBJ="/CN=${altname}/"
+  [[ "${OSTYPE:0:5}" = "MINGW" ]] && SUBJ="/${SUBJ}"
+  if [[ "${identifier_type}" = "ip" ]]; then
+    altname="$(echo "${altname}" | ip_to_ptr)"
+  fi
+  _openssl req -x509 -new -sha256 -nodes -newkey rsa:2048 -keyout "${alpncertdir}/${altname}.key.pem" -out "${alpncertdir}/${altname}.crt.pem" -subj "${SUBJ}" -extensions SAN -config "${tmp_openssl_cnf}"
+  chmod g+r "${alpncertdir}/${altname}.key.pem" "${alpncertdir}/${altname}.crt.pem"
+  rm -f "${tmp_openssl_cnf}"
+}
+
+# Create certificate for domain(s)
+sign_domain() {
+  local certdir="${1}"
+  shift
+  timestamp="${1}"
+  shift
+  domain="${1}"
+  altnames="${*}"
+
+  export altnames
+
+  echo " + Signing domains..."
+  if [[ ${API} -eq 1 ]]; then
+    if [[ -z "${CA_NEW_AUTHZ}" ]] || [[ -z "${CA_NEW_CERT}" ]]; then
+      _exiterr "Certificate authority doesn't allow certificate signing"
+    fi
+  elif [[ ${API} -eq 2 ]] && [[ -z "${CA_NEW_ORDER}" ]]; then
+    _exiterr "Certificate authority doesn't allow certificate signing"
+  fi
+
+  local privkey="privkey.pem"
+  if [[ ! -e "${certdir}/cert-${timestamp}.csr" ]]; then
+    # generate a new private key if we need or want one
+    if [[ ! -r "${certdir}/privkey.pem" ]] || [[ "${PRIVATE_KEY_RENEW}" = "yes" ]]; then
+      echo " + Generating private key..."
+      privkey="privkey-${timestamp}.pem"
+      local tmp_privkey
+      tmp_privkey="$(_mktemp)"
+      case "${KEY_ALGO}" in
+        rsa) _openssl genrsa -out "${tmp_privkey}" "${KEYSIZE}";;
+        prime256v1|secp384r1) _openssl ecparam -genkey -name "${KEY_ALGO}" -out "${tmp_privkey}" -noout;;
+      esac
+      cat "${tmp_privkey}" > "${certdir}/privkey-${timestamp}.pem"
+      rm "${tmp_privkey}"
+    fi
+    # move rolloverkey into position (if any)
+    if [[ -r "${certdir}/privkey.pem" && -r "${certdir}/privkey.roll.pem" && "${PRIVATE_KEY_RENEW}" = "yes" && "${PRIVATE_KEY_ROLLOVER}" = "yes" ]]; then
+      echo " + Moving Rolloverkey into position....  "
+      mv "${certdir}/privkey.roll.pem" "${certdir}/privkey-tmp.pem"
+      mv "${certdir}/privkey-${timestamp}.pem" "${certdir}/privkey.roll.pem"
+      mv "${certdir}/privkey-tmp.pem" "${certdir}/privkey-${timestamp}.pem"
+    fi
+    # generate a new private rollover key if we need or want one
+    if [[ ! -r "${certdir}/privkey.roll.pem" && "${PRIVATE_KEY_ROLLOVER}" = "yes" && "${PRIVATE_KEY_RENEW}" = "yes" ]]; then
+      echo " + Generating private rollover key..."
+      case "${KEY_ALGO}" in
+        rsa) _openssl genrsa -out "${certdir}/privkey.roll.pem" "${KEYSIZE}";;
+        prime256v1|secp384r1) _openssl ecparam -genkey -name "${KEY_ALGO}" -out "${certdir}/privkey.roll.pem" -noout;;
+      esac
+    fi
+    # delete rolloverkeys if disabled
+    if [[ -r "${certdir}/privkey.roll.pem" && ! "${PRIVATE_KEY_ROLLOVER}" = "yes" ]]; then
+      echo " + Removing Rolloverkey (feature disabled)..."
+      rm -f "${certdir}/privkey.roll.pem"
+    fi
+
+    # Generate signing request config and the actual signing request
+    echo " + Generating signing request..."
+    SAN=""
+    for altname in ${altnames}; do
+      if [[ "${altname}" =~ ^ip: ]]; then
+        SAN="${SAN}IP:${altname:3}, "
+      else
+        SAN="${SAN}DNS:${altname}, "
+      fi
+    done
+    if [[ "${domain}" =~ ^ip: ]]; then
+      SUBJ="/"
+    else
+      SUBJ="/CN=${domain}/"
+    fi
+    SAN="${SAN%%, }"
+    local tmp_openssl_cnf
+    tmp_openssl_cnf="$(_mktemp)"
+    cat "${OPENSSL_CNF}" > "${tmp_openssl_cnf}"
+    printf "\n[SAN]\nsubjectAltName=%s" "${SAN}" >> "${tmp_openssl_cnf}"
+    if [ "${OCSP_MUST_STAPLE}" = "yes" ]; then
+      printf "\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "${tmp_openssl_cnf}"
+    fi
+    if [[ "${OSTYPE:0:5}" = "MINGW" ]]; then
+      # The subject starts with a /, so MSYS will assume it's a path and convert
+      # it unless we escape it with another one:
+      SUBJ="/${SUBJ}"
+    fi
+    "${OPENSSL}" req -new -sha256 -key "${certdir}/${privkey}" -out "${certdir}/cert-${timestamp}.csr" -subj "${SUBJ}" -reqexts SAN -config "${tmp_openssl_cnf}"
+    rm -f "${tmp_openssl_cnf}"
+  fi
+
+  crt_path="${certdir}/cert-${timestamp}.pem"
+  # shellcheck disable=SC2086
+  sign_csr "${certdir}/cert-${timestamp}.csr" ${altnames} 3>"${crt_path}"
+
+  # Create fullchain.pem
+  echo " + Creating fullchain.pem..."
+  if [[ ${API} -eq 1 ]]; then
+    cat "${crt_path}" > "${certdir}/fullchain-${timestamp}.pem"
+    local issuer_hash
+    issuer_hash="$(get_issuer_hash "${crt_path}")"
+    if [ -e "${CHAINCACHE}/${issuer_hash}.chain" ]; then
+      echo " + Using cached chain!"
+      cat "${CHAINCACHE}/${issuer_hash}.chain" > "${certdir}/chain-${timestamp}.pem"
+    else
+      echo " + Walking chain..."
+      local issuer_cert_uri
+      issuer_cert_uri="$(get_issuer_cert_uri "${crt_path}" || echo "unknown")"
+      (walk_chain "${crt_path}" > "${certdir}/chain-${timestamp}.pem") || _exiterr "Walking chain has failed, your certificate has been created and can be found at ${crt_path}, the corresponding private key at ${privkey}. If you want you can manually continue on creating and linking all necessary files. If this error occurs again you should manually generate the certificate chain and place it under ${CHAINCACHE}/${issuer_hash}.chain (see ${issuer_cert_uri})"
+      cat "${certdir}/chain-${timestamp}.pem" > "${CHAINCACHE}/${issuer_hash}.chain"
+    fi
+    cat "${certdir}/chain-${timestamp}.pem" >> "${certdir}/fullchain-${timestamp}.pem"
+  else
+    tmpcert="$(_mktemp)"
+    tmpchain="$(_mktemp)"
+    awk '{print >out}; /----END CERTIFICATE-----/{out=tmpchain}' out="${tmpcert}" tmpchain="${tmpchain}" "${certdir}/cert-${timestamp}.pem"
+    mv "${certdir}/cert-${timestamp}.pem" "${certdir}/fullchain-${timestamp}.pem"
+    cat "${tmpcert}" > "${certdir}/cert-${timestamp}.pem"
+    cat "${tmpchain}" > "${certdir}/chain-${timestamp}.pem"
+    rm "${tmpcert}" "${tmpchain}"
+  fi
+
+  # Wait for hook script to sync the files before creating the symlinks
+  [[ -n "${HOOK}" ]] && ("${HOOK}" "sync_cert" "${certdir}/privkey-${timestamp}.pem" "${certdir}/cert-${timestamp}.pem" "${certdir}/fullchain-${timestamp}.pem" "${certdir}/chain-${timestamp}.pem" "${certdir}/cert-${timestamp}.csr" || _exiterr 'sync_cert hook returned with non-zero exit code')
+
+  # Update symlinks
+  [[ "${privkey}" = "privkey.pem" ]] || ln -sf "privkey-${timestamp}.pem" "${certdir}/privkey.pem"
+
+  ln -sf "chain-${timestamp}.pem" "${certdir}/chain.pem"
+  ln -sf "fullchain-${timestamp}.pem" "${certdir}/fullchain.pem"
+  ln -sf "cert-${timestamp}.csr" "${certdir}/cert.csr"
+  ln -sf "cert-${timestamp}.pem" "${certdir}/cert.pem"
+
+  # Wait for hook script to clean the challenge and to deploy cert if used
+  [[ -n "${HOOK}" ]] && ("${HOOK}" "deploy_cert" "${domain}" "${certdir}/privkey.pem" "${certdir}/cert.pem" "${certdir}/fullchain.pem" "${certdir}/chain.pem" "${timestamp}" || _exiterr 'deploy_cert hook returned with non-zero exit code')
+
+  unset challenge_token
+  echo " + Done!"
+}
+
+# Update OCSP stapling file
+update_ocsp_stapling() {
+    local certdir="${1}"
+    local update_ocsp="${2}"
+    local cert="${3}"
+    local chain="${4}"
+
+    local ocsp_url="$(get_ocsp_url "${cert}")"
+
+    if [[ -z "${ocsp_url}" ]]; then
+      echo " ! ERROR: OCSP stapling requested but no OCSP url found in certificate." >&2
+      echo " ! Keep in mind that some CAs ended support for OCSP: https://letsencrypt.org/2024/12/05/ending-ocsp/" >&2
+      return 1
+    fi
+
+    if [[ ! -e "${certdir}/ocsp.der" ]]; then
+      update_ocsp="yes"
+    elif ! ("${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respin "${certdir}/ocsp.der" -status_age $((OCSP_DAYS*24*3600)) 2>&1 | grep -q "${cert}: good"); then
+      update_ocsp="yes"
+    fi
+
+    if [[ "${update_ocsp}" = "yes" ]]; then
+      echo " + Updating OCSP stapling file"
+      ocsp_timestamp="$(date +%s)"
+      if grep -qE "^(openssl (0|(1\.0))\.)|(libressl (1|2|3)\.)" <<< "$(${OPENSSL} version | awk '{print tolower($0)}')"; then
+        ocsp_log="$("${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respout "${certdir}/ocsp-${ocsp_timestamp}.der" -url "${ocsp_url}" -header "HOST" "$(echo "${ocsp_url}" | _sed -e 's/^http(s?):\/\///' -e 's/\/.*$//g')" 2>&1)" || _exiterr "Fetching of OCSP information failed. Please note that some CAs (e.g. LetsEncrypt) do no longer support OCSP. Error message: ${ocsp_log}"
+      else
+        ocsp_log="$("${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respout "${certdir}/ocsp-${ocsp_timestamp}.der" -url "${ocsp_url}" 2>&1)" || _exiterr "Fetching of OCSP information failed. Please note that some CAs (e.g. LetsEncrypt) do no longer support OCSP. Error message: ${ocsp_log}"
+      fi
+      ln -sf "ocsp-${ocsp_timestamp}.der" "${certdir}/ocsp.der"
+      [[ -n "${HOOK}" ]] && (altnames="${domain} ${morenames}" "${HOOK}" "deploy_ocsp" "${domain}" "${certdir}/ocsp.der" "${ocsp_timestamp}" || _exiterr 'deploy_ocsp hook returned with non-zero exit code')
+    else
+      echo " + OCSP stapling file is still valid (skipping update)"
+    fi
+}
+
+# Usage: --version (-v)
+# Description: Print version information
+command_version() {
+  load_config noverify
+
+  echo "Dehydrated by Lukas Schauer"
+  echo "https://dehydrated.io"
+  echo ""
+  echo "Dehydrated version: ${VERSION}"
+  revision="$(cd "${SCRIPTDIR}"; git rev-parse HEAD 2>/dev/null || echo "unknown")"
+  echo "GIT-Revision: ${revision}"
+  echo ""
+  # shellcheck disable=SC1091
+  if [[ "${OSTYPE}" =~ (BSD|Darwin) ]]; then
+    echo "OS: $(uname -sr)"
+  elif [[ -e /etc/os-release ]]; then
+    ( . /etc/os-release && echo "OS: $PRETTY_NAME" )
+  elif [[ -e /usr/lib/os-release ]]; then
+    ( . /usr/lib/os-release && echo "OS: $PRETTY_NAME" )
+  else
+    echo "OS: $(grep -v '^$' /etc/issue | head -n1 | _sed 's/\\(r|n|l) .*//g')"
+  fi
+  echo "Used software:"
+  [[ -n "${BASH_VERSION:-}" ]] && echo " bash: ${BASH_VERSION}"
+  [[ -n "${ZSH_VERSION:-}" ]] && echo " zsh: ${ZSH_VERSION}"
+  echo " curl: ${CURL_VERSION}"
+  if [[ "${OSTYPE}" =~ (BSD|Darwin) ]]; then
+    echo " awk, sed, mktemp, grep, diff: BSD base system versions"
+  else
+    echo " awk: $(awk -W version 2>&1 | head -n1)"
+    echo " sed: $(sed --version 2>&1 | head -n1)"
+    echo " mktemp: $(mktemp --version 2>&1 | head -n1)"
+    echo " grep: $(grep --version 2>&1 | head -n1)"
+    echo " diff: $(diff --version 2>&1 | head -n1)"
+  fi
+  echo " openssl: $("${OPENSSL}" version 2>&1)"
+
+  exit 0
+}
+
+# Usage: --display-terms
+# Description: Display current terms of service
+command_terms() {
+  init_system
+  echo "The current terms of service: $CA_TERMS"
+  echo "+ Done!"
+  exit 0
+}
+
+# Usage: --register
+# Description: Register account key
+command_register() {
+  init_system
+  echo "+ Done!"
+  exit 0
+}
+
+# Usage: --account
+# Description: Update account contact information
+command_account() {
+  init_system
+  FAILED=false
+
+  NEW_ACCOUNT_KEY_JSON="$(_mktemp)"
+
+  # Check if we have the registration url
+  if [[ -z "${ACCOUNT_URL}" ]]; then
+    _exiterr "Error retrieving registration url."
+  fi
+
+  echo "+ Updating registration url: ${ACCOUNT_URL} contact information..."
+  if [[ ${API} -eq 1 ]]; then
+    # If an email for the contact has been provided then adding it to the registered account
+    if [[ -n "${CONTACT_EMAIL}" ]]; then
+      (signed_request "${ACCOUNT_URL}" '{"resource": "reg", "contact":["mailto:'"${CONTACT_EMAIL}"'"]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
+    else
+      (signed_request "${ACCOUNT_URL}" '{"resource": "reg", "contact":[]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
+    fi
+  else
+    # If an email for the contact has been provided then adding it to the registered account
+    if [[ -n "${CONTACT_EMAIL}" ]]; then
+      (signed_request "${ACCOUNT_URL}" '{"contact":["mailto:'"${CONTACT_EMAIL}"'"]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
+    else
+      (signed_request "${ACCOUNT_URL}" '{"contact":[]}' > "${NEW_ACCOUNT_KEY_JSON}") || FAILED=true
+    fi
+  fi
+
+  if [[ "${FAILED}" = "true" ]]; then
+    rm "${NEW_ACCOUNT_KEY_JSON}"
+    _exiterr "Error updating account information. See message above for more information."
+  fi
+  if diff -q "${NEW_ACCOUNT_KEY_JSON}" "${ACCOUNT_KEY_JSON}" > /dev/null; then
+    echo "+ Account information was the same after the update"
+    rm "${NEW_ACCOUNT_KEY_JSON}"
+  else
+    ACCOUNT_KEY_JSON_BACKUP="${ACCOUNT_KEY_JSON%.*}-$(date +%s).json"
+    echo "+ Backup ${ACCOUNT_KEY_JSON} as ${ACCOUNT_KEY_JSON_BACKUP}"
+    cp -p "${ACCOUNT_KEY_JSON}" "${ACCOUNT_KEY_JSON_BACKUP}"
+    echo "+ Populate ${ACCOUNT_KEY_JSON}"
+    mv "${NEW_ACCOUNT_KEY_JSON}" "${ACCOUNT_KEY_JSON}"
+  fi
+  echo "+ Done!"
+  exit 0
+}
+
+# Parse contents of domains.txt and domains.txt.d
+parse_domains_txt() {
+  # Allow globbing temporarily
+  noglob_set
+  local inputs=("${DOMAINS_TXT}" "${DOMAINS_TXT}.d"/*.txt)
+  noglob_clear
+
+  cat "${inputs[@]}" |
+    tr -d '\r' |
+    awk '{print tolower($0)}' |
+    _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' |
+    (grep -vE '^(#|$)' || true)
+}
+
+# Usage: --cron (-c)
+# Description: Sign/renew non-existent/changed/expiring certificates.
+command_sign_domains() {
+  init_system
+  hookscript_bricker_hook
+
+  # Call startup hook
+  [[ -n "${HOOK}" ]] && ("${HOOK}" "startup_hook" || _exiterr 'startup_hook hook returned with non-zero exit code')
+
+  if [ ! -d "${CHAINCACHE}" ]; then
+    echo " + Creating chain cache directory ${CHAINCACHE}"
+    mkdir "${CHAINCACHE}"
+  fi
+
+  if [[ -n "${PARAM_DOMAIN:-}" ]]; then
+    DOMAINS_TXT="$(_mktemp)"
+    if [[ -n "${PARAM_ALIAS:-}" ]]; then
+      printf "%s > %s" "${PARAM_DOMAIN}" "${PARAM_ALIAS}" > "${DOMAINS_TXT}"
+    else
+      printf "%s" "${PARAM_DOMAIN}" > "${DOMAINS_TXT}"
+    fi
+  elif [[ -e "${DOMAINS_TXT}" ]]; then
+    if [[ ! -r "${DOMAINS_TXT}" ]]; then
+      _exiterr "domains.txt found but not readable"
+    fi
+  else
+    _exiterr "domains.txt not found and --domain not given"
+  fi
+
+  # Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
+  ORIGIFS="${IFS}"
+  IFS=$'\n'
+  for line in $(parse_domains_txt); do
+    reset_configvars
+    IFS="${ORIGIFS}"
+    alias="$(grep -Eo '>[^ ]+' <<< "${line}" || true)"
+    line="$(_sed -e 's/>[^ ]+[ ]*//g' <<< "${line}")"
+    aliascount="$(grep -Eo '>' <<< "${alias}" | awk 'END {print NR}' || true )"
+    [ "${aliascount}" -gt 1 ] && _exiterr "Only one alias per line is allowed in domains.txt!"
+
+    domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
+    morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)"
+    [ "${aliascount}" -lt 1 ] && alias="${domain}" || alias="${alias#>}"
+    export alias
+
+    if [[ -z "${morenames}" ]];then
+      echo "Processing ${domain}"
+    else
+      echo "Processing ${domain} with alternative names: ${morenames}"
+    fi
+
+    if [ "${alias:0:2}" = "*." ]; then
+      _exiterr "Please define a valid alias for your ${domain} wildcard-certificate. See domains.txt-documentation for more details."
+    fi
+
+    local certdir="${CERTDIR}/${alias}"
+    cert="${certdir}/cert.pem"
+    chain="${certdir}/chain.pem"
+
+    force_renew="${PARAM_FORCE:-no}"
+
+    timestamp="$(date +%s)"
+
+    # If there is no existing certificate directory => make it
+    if [[ ! -e "${certdir}" ]]; then
+      echo " + Creating new directory ${certdir} ..."
+      mkdir -p "${certdir}" || _exiterr "Unable to create directory ${certdir}"
+    fi
+
+    # read cert config
+    # for now this loads the certificate specific config in a subshell and parses a diff of set variables.
+    # we could just source the config file but i decided to go this way to protect people from accidentally overriding
+    # variables used internally by this script itself.
+    if [[ -n "${DOMAINS_D}" ]]; then
+      certconfig="${DOMAINS_D}/${alias}"
+    else
+      certconfig="${certdir}/config"
+    fi
+
+    if [ -f "${certconfig}" ]; then
+      echo " + Using certificate specific config file!"
+      ORIGIFS="${IFS}"
+      IFS=$'\n'
+      for cfgline in $(
+        beforevars="$(_mktemp)"
+        aftervars="$(_mktemp)"
+        set > "${beforevars}"
+        # shellcheck disable=SC1090
+        . "${certconfig}"
+        set > "${aftervars}"
+        diff -u "${beforevars}" "${aftervars}" | grep -E '^\+[^+]'
+        rm "${beforevars}"
+        rm "${aftervars}"
+      ); do
+        config_var="$(echo "${cfgline:1}" | cut -d'=' -f1)"
+        config_value="$(echo "${cfgline:1}" | cut -d'=' -f2- | tr -d "'")"
+	# All settings that are allowed here should also be stored and
+	# restored in store_configvars() and reset_configvars()
+        case "${config_var}" in
+          KEY_ALGO|OCSP_MUST_STAPLE|OCSP_FETCH|OCSP_DAYS|PRIVATE_KEY_RENEW|PRIVATE_KEY_ROLLOVER|KEYSIZE|CHALLENGETYPE|HOOK|PREFERRED_CHAIN|WELLKNOWN|HOOK_CHAIN|OPENSSL_CNF|RENEW_DAYS|ACME_PROFILE|ORDER_TIMEOUT|VALIDATION_TIMEOUT|KEEP_GOING)
+            echo "   + ${config_var} = ${config_value}"
+            declare -- "${config_var}=${config_value}"
+            ;;
+          _) ;;
+          *) echo "   ! Setting ${config_var} on a per-certificate base is not (yet) supported" >&2
+        esac
+      done
+      IFS="${ORIGIFS}"
+    fi
+    verify_config
+    hookscript_bricker_hook
+    export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER
+
+    skip="no"
+
+    # Allow for external CSR generation
+    local csrfile=""
+    if [[ -n "${HOOK}" ]]; then
+      csr="$("${HOOK}" "generate_csr" "${domain}" "${certdir}" "${domain} ${morenames}")" || _exiterr 'generate_csr hook returned with non-zero exit code'
+      if grep -qE "\-----BEGIN (NEW )?CERTIFICATE REQUEST-----" <<< "${csr}"; then
+        csrfile="$(_mktemp)"
+        cat > "${csrfile}" <<< "${csr}"
+        altnames="$(extract_altnames "${csrfile}")"
+        domain="$(cut -d' ' -f1 <<< "${altnames}")"
+        morenames="$(cut -s -d' ' -f2- <<< "${altnames}")"
+        echo " + Using CSR from hook script (real names: ${altnames})"
+      else
+        csrfile=""
+      fi
+    fi
+
+    # Check domain names of existing certificate
+    if [[ -e "${cert}" && "${force_renew}" = "no" ]]; then
+      printf " + Checking domain name(s) of existing cert..."
+
+      certnames="$("${OPENSSL}" x509 -in "${cert}" -text -noout | grep -E '(DNS|IP( Address*)):' | _sed 's/(DNS|IP( Address)*)://g' | tr -d ' ' | tr ',' '\n' | sort -u | tr '\n' ' ' | _sed 's/ $//')"
+      givennames="$(echo "${domain}" "${morenames}"| tr ' ' '\n' | sort -u | tr '\n' ' ' | _sed 's/ip://g' | _sed 's/ $//' | _sed 's/^ //')"
+ 
+      if [[ "${certnames}" = "${givennames}" ]]; then
+        echo " unchanged."
+      else
+        echo " changed!"
+        echo " + Domain name(s) are not matching!"
+        echo " + Names in old certificate: ${certnames}"
+        echo " + Configured names: ${givennames}"
+        echo " + Forcing renew."
+        force_renew="yes"
+      fi
+    fi
+
+    # Check expire date of existing certificate
+    if [[ -e "${cert}" ]]; then
+      echo " + Checking expire date of existing cert..."
+      valid="$("${OPENSSL}" x509 -enddate -noout -in "${cert}" | cut -d= -f2- )"
+
+      printf " + Valid till %s " "${valid}"
+      if ("${OPENSSL}" x509 -checkend $((RENEW_DAYS * 86400)) -noout -in "${cert}" > /dev/null 2>&1); then
+        printf "(Longer than %d days). " "${RENEW_DAYS}"
+        if [[ "${force_renew}" = "yes" ]]; then
+          echo "Ignoring because renew was forced!"
+        else
+          # Certificate-Names unchanged and cert is still valid
+          echo "Skipping renew!"
+          [[ -n "${HOOK}" ]] && ("${HOOK}" "unchanged_cert" "${domain}" "${certdir}/privkey.pem" "${certdir}/cert.pem" "${certdir}/fullchain.pem" "${certdir}/chain.pem" || _exiterr 'unchanged_cert hook returned with non-zero exit code')
+          skip="yes"
+        fi
+      else
+        echo "(Less than ${RENEW_DAYS} days). Renewing!"
+      fi
+    fi
+
+    local update_ocsp
+    update_ocsp="no"
+
+    # Sign certificate for this domain
+    if [[ ! "${skip}" = "yes" ]]; then
+      update_ocsp="yes"
+      if [[ -n "${csrfile}" ]]; then
+        cat "${csrfile}" > "${certdir}/cert-${timestamp}.csr"
+        rm "${csrfile}"
+      fi
+      # shellcheck disable=SC2086
+      if [[ "${KEEP_GOING:-}" = "yes" ]]; then
+        skip_exit_hook=yes
+        sign_domain "${certdir}" "${timestamp}" "${domain}" ${morenames} &
+        wait $! || exit_with_errorcode=1
+        skip_exit_hook=no
+      else
+        sign_domain "${certdir}" "${timestamp}" "${domain}" ${morenames}
+      fi
+    fi
+
+    if [[ "${OCSP_FETCH}" = "yes" ]]; then
+      if [[ "${KEEP_GOING:-}" = "yes" ]]; then
+        skip_exit_hook=yes
+        update_ocsp_stapling "${certdir}" "${update_ocsp}" "${cert}" "${chain}" &
+        wait $! || exit_with_errorcode=1
+        skip_exit_hook=no
+      else
+        update_ocsp_stapling "${certdir}" "${update_ocsp}" "${cert}" "${chain}"
+      fi
+    fi
+  done
+  reset_configvars
+
+  # remove temporary domains.txt file if used
+  [[ -n "${PARAM_DOMAIN:-}" ]] && rm -f "${DOMAINS_TXT}"
+
+  [[ -n "${HOOK}" ]] && ("${HOOK}" "exit_hook" || echo 'exit_hook returned with non-zero exit code!' >&2)
+  if [[ "${AUTO_CLEANUP}" == "yes" ]]; then
+    echo " + Running automatic cleanup"
+    PARAM_CLEANUPDELETE="${AUTO_CLEANUP_DELETE:-no}" command_cleanup noinit | _sed 's/^/ + /g'
+  fi
+
+  exit "${exit_with_errorcode}"
+}
+
+# Usage: --signcsr (-s) path/to/csr.pem
+# Description: Sign a given CSR, output CRT on stdout (advanced usage)
+command_sign_csr() {
+  init_system
+
+  # redirect stdout to stderr
+  # leave stdout over at fd 3 to output the cert
+  exec 3>&1 1>&2
+
+  # load csr
+  local csrfile="${1}"
+  if [ ! -r "${csrfile}" ]; then
+    _exiterr "Could not read certificate signing request ${csrfile}"
+  fi
+
+  # extract names
+  altnames="$(extract_altnames "${csrfile}")"
+
+  # gen cert
+  certfile="$(_mktemp)"
+  # shellcheck disable=SC2086
+  sign_csr "${csrfile}" ${altnames} 3> "${certfile}"
+
+  # print cert
+  echo "# CERT #" >&3
+  cat "${certfile}" >&3
+  echo >&3
+
+  # print chain
+  if [ -n "${PARAM_FULL_CHAIN:-}" ]; then
+    # get and convert ca cert
+    chainfile="$(_mktemp)"
+    tmpchain="$(_mktemp)"
+    http_request get "$("${OPENSSL}" x509 -in "${certfile}" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" > "${tmpchain}"
+    if grep -q "BEGIN CERTIFICATE" "${tmpchain}"; then
+      mv "${tmpchain}" "${chainfile}"
+    else
+      "${OPENSSL}" x509 -in "${tmpchain}" -inform DER -out "${chainfile}" -outform PEM
+      rm "${tmpchain}"
+    fi
+
+    echo "# CHAIN #" >&3
+    cat "${chainfile}" >&3
+
+    rm "${chainfile}"
+  fi
+
+  # cleanup
+  rm "${certfile}"
+
+  exit 0
+}
+
+# Usage: --revoke (-r) path/to/cert.pem
+# Description: Revoke specified certificate
+command_revoke() {
+  init_system
+
+  [[ -n "${CA_REVOKE_CERT}" ]] || _exiterr "Certificate authority doesn't allow certificate revocation."
+
+  cert="${1}"
+  if [[ -L "${cert}" ]]; then
+    # follow symlink and use real certificate name (so we move the real file and not the symlink at the end)
+    local link_target
+    link_target="$(readlink -n "${cert}")"
+    if [[ "${link_target}" =~ ^/ ]]; then
+      cert="${link_target}"
+    else
+      cert="$(dirname "${cert}")/${link_target}"
+    fi
+  fi
+  [[ -f "${cert}" ]] || _exiterr "Could not find certificate ${cert}"
+
+  echo "Revoking ${cert}"
+
+  cert64="$("${OPENSSL}" x509 -in "${cert}" -inform PEM -outform DER | urlbase64)"
+  if [[ ${API} -eq 1 ]]; then
+    response="$(signed_request "${CA_REVOKE_CERT}" '{"resource": "revoke-cert", "certificate": "'"${cert64}"'"}' | clean_json)"
+  else
+    response="$(signed_request "${CA_REVOKE_CERT}" '{"certificate": "'"${cert64}"'"}' | clean_json)"
+  fi
+  # if there is a problem with our revoke request _request (via signed_request) will report this and "exit 1" out
+  # so if we are here, it is safe to assume the request was successful
+  echo " + Done."
+  echo " + Renaming certificate to ${cert}-revoked"
+  mv -f "${cert}" "${cert}-revoked"
+}
+
+# Usage: --deactivate
+# Description: Deactivate account
+command_deactivate() {
+  init_system
+
+  echo "Deactivating account ${ACCOUNT_URL}"
+
+  if [[ ${API} -eq 1 ]]; then
+    echo "Deactivation for ACMEv1 is not implemented"
+  else
+    response="$(signed_request "${ACCOUNT_URL}" '{"status": "deactivated"}' | clean_json)"
+    deactstatus=$(echo "$response" | jsonsh | get_json_string_value "status")
+    if [[ "${deactstatus}" = "deactivated" ]]; then
+      touch "${ACCOUNT_DEACTIVATED}"
+    else
+      _exiterr "Account deactivation failed!"
+    fi
+  fi
+
+  echo " + Done."
+}
+
+# Usage: --cleanup (-gc)
+# Description: Move unused certificate files to archive directory
+command_cleanup() {
+  if [ ! "${1:-}" = "noinit" ]; then
+    load_config
+  fi
+
+  if [[ ! "${PARAM_CLEANUPDELETE:-}" = "yes" ]]; then
+    # Create global archive directory if not existent
+    if [[ ! -e "${BASEDIR}/archive" ]]; then
+      mkdir "${BASEDIR}/archive"
+    fi
+  fi
+
+  # Allow globbing
+  noglob_set
+
+  # Loop over all certificate directories
+  for certdir in "${CERTDIR}/"*; do
+    # Skip if entry is not a folder
+    [[ -d "${certdir}" ]] || continue
+
+    # Get certificate name
+    certname="$(basename "${certdir}")"
+
+    # Create certificates archive directory if not existent
+    if [[ ! "${PARAM_CLEANUPDELETE:-}" = "yes" ]]; then
+      archivedir="${BASEDIR}/archive/${certname}"
+      if [[ ! -e "${archivedir}" ]]; then
+        mkdir "${archivedir}"
+      fi
+    fi
+
+    # Loop over file-types (certificates, keys, signing-requests, ...)
+    for filetype in cert.csr cert.pem chain.pem fullchain.pem privkey.pem ocsp.der; do
+      # Delete all if symlink is broken
+      if [[ -r "${certdir}/${filetype}" ]]; then
+        # Look up current file in use
+        current="$(basename "$(readlink "${certdir}/${filetype}")")"
+      else
+        if [[ -h "${certdir}/${filetype}" ]]; then
+          echo "Removing broken symlink: ${certdir}/${filetype}"
+          rm -f "${certdir}/${filetype}"
+        fi
+        current=""
+      fi
+
+      # Split filetype into name and extension
+      filebase="$(echo "${filetype}" | cut -d. -f1)"
+      fileext="$(echo "${filetype}" | cut -d. -f2)"
+
+      # Loop over all files of this type
+      for file in "${certdir}/${filebase}-"*".${fileext}" "${certdir}/${filebase}-"*".${fileext}-revoked"; do
+        # Check if current file is in use, if unused move to archive directory
+        filename="$(basename "${file}")"
+        if [[ ! "${filename}" = "${current}" ]] && [[ -f "${certdir}/${filename}" ]]; then
+          if [[ "${PARAM_CLEANUPDELETE:-}" = "yes" ]]; then
+            echo "Deleting unused file: ${certname}/${filename}"
+            rm "${certdir}/${filename}"
+          else
+            echo "Moving unused file to archive directory: ${certname}/${filename}"
+            mv "${certdir}/${filename}" "${archivedir}/${filename}"
+          fi
+        fi
+      done
+    done
+  done
+
+  exit "${exit_with_errorcode}"
+}
+
+# Usage: --cleanup-delete (-gcd)
+# Description: Deletes (!) unused certificate files
+command_cleanupdelete() {
+  command_cleanup
+}
+
+
+# Usage: --help (-h)
+# Description: Show help text
+command_help() {
+  printf "Usage: %s [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...\n\n" "${0}"
+  printf "Default command: help\n\n"
+  echo "Commands:"
+  grep -e '^[[:space:]]*# Usage:' -e '^[[:space:]]*# Description:' -e '^command_.*()[[:space:]]*{' "${0}" | while read -r usage; read -r description; read -r command; do
+    if [[ ! "${usage}" =~ Usage ]] || [[ ! "${description}" =~ Description ]] || [[ ! "${command}" =~ ^command_ ]]; then
+      _exiterr "Error generating help text."
+    fi
+    printf " %-32s %s\n" "${usage##"# Usage: "}" "${description##"# Description: "}"
+  done
+  printf -- "\nParameters:\n"
+  grep -E -e '^[[:space:]]*# PARAM_Usage:' -e '^[[:space:]]*# PARAM_Description:' "${0}" | while read -r usage; read -r description; do
+    if [[ ! "${usage}" =~ Usage ]] || [[ ! "${description}" =~ Description ]]; then
+      _exiterr "Error generating help text."
+    fi
+    printf " %-32s %s\n" "${usage##"# PARAM_Usage: "}" "${description##"# PARAM_Description: "}"
+  done
+}
+
+# Usage: --env (-e)
+# Description: Output configuration variables for use in other scripts
+command_env() {
+  echo "# dehydrated configuration"
+  load_config
+  typeset -p CA CERTDIR ALPNCERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON ACCOUNT_ID_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
+}
+
+# Main method (parses script arguments and calls command_* methods)
+main() {
+  exit_with_errorcode=0
+  skip_exit_hook=no
+  COMMAND=""
+  set_command() {
+    [[ -z "${COMMAND}" ]] || _exiterr "Only one command can be executed at a time. See help (-h) for more information."
+    COMMAND="${1}"
+  }
+
+  check_parameters() {
+    if [[ -z "${1:-}" ]]; then
+      echo "The specified command requires additional parameters. See help:" >&2
+      echo >&2
+      command_help >&2
+      exit 1
+    elif [[ "${1:0:1}" = "-" ]]; then
+      _exiterr "Invalid argument: ${1}"
+    fi
+  }
+
+  [[ -z "${*}" ]] && eval set -- "--help"
+
+  while (( ${#} )); do
+    case "${1}" in
+      --help|-h)
+        command_help
+        exit 0
+        ;;
+
+      --env|-e)
+        set_command env
+        ;;
+
+      --cron|-c)
+        set_command sign_domains
+        ;;
+
+      --register)
+        set_command register
+        ;;
+
+      --account)
+        set_command account
+        ;;
+
+      # PARAM_Usage: --accept-terms
+      # PARAM_Description: Accept CAs terms of service
+      --accept-terms)
+        PARAM_ACCEPT_TERMS="yes"
+        ;;
+
+      --display-terms)
+        set_command terms
+        ;;
+
+      --signcsr|-s)
+        shift 1
+        set_command sign_csr
+        check_parameters "${1:-}"
+        PARAM_CSR="${1}"
+        ;;
+
+      --revoke|-r)
+        shift 1
+        set_command revoke
+        check_parameters "${1:-}"
+        PARAM_REVOKECERT="${1}"
+        ;;
+
+      --deactivate)
+        set_command deactivate
+        ;;
+
+      --version|-v)
+        set_command version
+        ;;
+
+      --cleanup|-gc)
+        set_command cleanup
+        ;;
+
+      --cleanup-delete|-gcd)
+        set_command cleanupdelete
+        PARAM_CLEANUPDELETE="yes"
+        ;;
+
+      # PARAM_Usage: --full-chain (-fc)
+      # PARAM_Description: Print full chain when using --signcsr
+      --full-chain|-fc)
+        PARAM_FULL_CHAIN="1"
+        ;;
+
+      # PARAM_Usage: --ipv4 (-4)
+      # PARAM_Description: Resolve names to IPv4 addresses only
+      --ipv4|-4)
+        PARAM_IP_VERSION="4"
+        ;;
+
+      # PARAM_Usage: --ipv6 (-6)
+      # PARAM_Description: Resolve names to IPv6 addresses only
+      --ipv6|-6)
+        PARAM_IP_VERSION="6"
+        ;;
+
+      # PARAM_Usage: --domain (-d) domain.tld
+      # PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!)
+      --domain|-d)
+        shift 1
+        check_parameters "${1:-}"
+        if [[ -z "${PARAM_DOMAIN:-}" ]]; then
+          PARAM_DOMAIN="${1}"
+        else
+          PARAM_DOMAIN="${PARAM_DOMAIN} ${1}"
+         fi
+        ;;
+
+      # PARAM_Usage: --ca url/preset
+      # PARAM_Description: Use specified CA URL or preset
+      --ca)
+        shift 1
+        check_parameters "${1:-}"
+        [[ -n "${PARAM_CA:-}" ]] && _exiterr "CA can only be specified once!"
+        PARAM_CA="${1}"
+        ;;
+
+      # PARAM_Usage: --alias certalias
+      # PARAM_Description: Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)
+      --alias)
+        shift 1
+        check_parameters "${1:-}"
+        [[ -n "${PARAM_ALIAS:-}" ]] && _exiterr "Alias can only be specified once!"
+        PARAM_ALIAS="${1}"
+        ;;
+
+      # PARAM_Usage: --keep-going (-g)
+      # PARAM_Description: Keep going after encountering an error while creating/renewing multiple certificates in cron mode
+      --keep-going|-g)
+        PARAM_KEEP_GOING="yes"
+        ;;
+
+      # PARAM_Usage: --force (-x)
+      # PARAM_Description: Force certificate renewal even if it is not due to expire within RENEW_DAYS
+      --force|-x)
+        PARAM_FORCE="yes"
+        ;;
+
+      # PARAM_Usage: --force-validation
+      # PARAM_Description: Force revalidation of domain names (used in combination with --force)
+      --force-validation)
+        PARAM_FORCE_VALIDATION="yes"
+        ;;
+
+      # PARAM_Usage: --no-lock (-n)
+      # PARAM_Description: Don't use lockfile (potentially dangerous!)
+      --no-lock|-n)
+        PARAM_NO_LOCK="yes"
+        ;;
+
+      # PARAM_Usage: --lock-suffix example.com
+      # PARAM_Description: Suffix lockfile name with a string (useful for with -d)
+      --lock-suffix)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_LOCKFILE_SUFFIX="${1}"
+        ;;
+
+      # PARAM_Usage: --ocsp
+      # PARAM_Description: Sets option in CSR indicating OCSP stapling to be mandatory
+      --ocsp)
+        PARAM_OCSP_MUST_STAPLE="yes"
+        ;;
+
+      # PARAM_Usage: --privkey (-p) path/to/key.pem
+      # PARAM_Description: Use specified private key instead of account key (useful for revocation)
+      --privkey|-p)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_ACCOUNT_KEY="${1}"
+        ;;
+
+      # PARAM_Usage: --domains-txt path/to/domains.txt
+      # PARAM_Description: Use specified domains.txt instead of default/configured one
+      --domains-txt)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_DOMAINS_TXT="${1}"
+        ;;
+
+      # PARAM_Usage: --config (-f) path/to/config
+      # PARAM_Description: Use specified config file
+      --config|-f)
+        shift 1
+        check_parameters "${1:-}"
+        CONFIG="${1}"
+        ;;
+
+      # PARAM_Usage: --hook (-k) path/to/hook.sh
+      # PARAM_Description: Use specified script for hooks
+      --hook|-k)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_HOOK="${1}"
+        ;;
+
+      # PARAM_Usage: --preferred-chain issuer-cn
+      # PARAM_Description: Use alternative certificate chain identified by issuer CN
+      --preferred-chain)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_PREFERRED_CHAIN="${1}"
+        ;;
+
+      # PARAM_Usage: --out (-o) certs/directory
+      # PARAM_Description: Output certificates into the specified directory
+      --out|-o)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_CERTDIR="${1}"
+        ;;
+
+      # PARAM_Usage: --alpn alpn-certs/directory
+      # PARAM_Description: Output alpn verification certificates into the specified directory
+      --alpn)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_ALPNCERTDIR="${1}"
+        ;;
+
+      # PARAM_Usage: --challenge (-t) http-01|dns-01|tls-alpn-01
+      # PARAM_Description: Which challenge should be used? Currently http-01, dns-01, and tls-alpn-01 are supported
+      --challenge|-t)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_CHALLENGETYPE="${1}"
+        ;;
+
+      # PARAM_Usage: --algo (-a) rsa|prime256v1|secp384r1
+      # PARAM_Description: Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
+      --algo|-a)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_KEY_ALGO="${1}"
+        ;;
+
+      # PARAM_Usage: --acme-profile profile_name
+      # PARAM_Description: Use specified ACME profile
+      --acme-profile)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_ACME_PROFILE="${1}"
+        ;;
+
+      # PARAM_Usage: --order-timeout seconds
+      # PARAM_Description: Amount of seconds to wait for processing of order until erroring out
+      --order-timeout)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_ORDER_TIMEOUT=${1}
+        ;;
+
+      # PARAM_Usage: --validation-timeout seconds
+      # PARAM_Description: Amount of seconds to wait for processing of domain validations until erroring out
+      --validation-timeout)
+        shift 1
+        check_parameters "${1:-}"
+        PARAM_VALIDATION_TIMEOUT=${1}
+        ;;
+
+      *)
+        echo "Unknown parameter detected: ${1}" >&2
+        echo >&2
+        command_help >&2
+        exit 1
+        ;;
+    esac
+
+    shift 1
+  done
+
+  case "${COMMAND}" in
+    env) command_env;;
+    sign_domains) command_sign_domains;;
+    register) command_register;;
+    account) command_account;;
+    sign_csr) command_sign_csr "${PARAM_CSR}";;
+    revoke) command_revoke "${PARAM_REVOKECERT}";;
+    deactivate) command_deactivate;;
+    cleanup) command_cleanup;;
+    terms) command_terms;;
+    cleanupdelete) command_cleanupdelete;;
+    version) command_version;;
+    *) command_help; exit 1;;
+  esac
+
+  exit "${exit_with_errorcode}"
+}
+
+# Determine OS type
+OSTYPE="$(uname)"
+
+if [[ ! "${DEHYDRATED_NOOP:-}" = "NOOP" ]]; then
+  # Run script
+  main "${@:-}"
+fi
+
+# vi: expandtab sw=2 ts=2
diff --git a/root/.gitignore b/root/.gitignore
index 28acd14..83fd8b0 100644
--- a/root/.gitignore
+++ b/root/.gitignore
@@ -10,4 +10,3 @@
 /.lesshst
 /.nano_history
 /.profile
-/.wget-hsts
diff --git a/usr/.gitignore b/usr/.gitignore
deleted file mode 100644
index 4722098..0000000
--- a/usr/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-/games/
-include/
-/lib64/
-/libexec/
-/local/
-/share/
-/src/
diff --git a/usr/bin/.gitignore b/usr/bin/.gitignore
deleted file mode 100644
index 3046099..0000000
--- a/usr/bin/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-/*
-!/.gitignore
-!/sendmail
-!/mail
-!/mailx
diff --git a/usr/bin/mail b/usr/bin/mail
deleted file mode 120000
index bf4a42a..0000000
--- a/usr/bin/mail
+++ /dev/null
@@ -1 +0,0 @@
-s-nail
\ No newline at end of file
diff --git a/usr/bin/mailx b/usr/bin/mailx
deleted file mode 120000
index bf4a42a..0000000
--- a/usr/bin/mailx
+++ /dev/null
@@ -1 +0,0 @@
-s-nail
\ No newline at end of file
diff --git a/usr/bin/sendmail b/usr/bin/sendmail
deleted file mode 120000
index bcfd813..0000000
--- a/usr/bin/sendmail
+++ /dev/null
@@ -1 +0,0 @@
-msmtp
\ No newline at end of file
diff --git a/usr/lib/.gitignore b/usr/lib/.gitignore
deleted file mode 100644
index 531d37d..0000000
--- a/usr/lib/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-/*
-!/.gitignore
-!/sendmail
diff --git a/usr/lib/sendmail b/usr/lib/sendmail
deleted file mode 120000
index 07a7c26..0000000
--- a/usr/lib/sendmail
+++ /dev/null
@@ -1 +0,0 @@
-../bin/sendmail
\ No newline at end of file
diff --git a/usr/sbin/.gitignore b/usr/sbin/.gitignore
deleted file mode 100644
index 531d37d..0000000
--- a/usr/sbin/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-/*
-!/.gitignore
-!/sendmail
diff --git a/usr/sbin/sendmail b/usr/sbin/sendmail
deleted file mode 120000
index 07a7c26..0000000
--- a/usr/sbin/sendmail
+++ /dev/null
@@ -1 +0,0 @@
-../bin/sendmail
\ No newline at end of file
diff --git a/var/.gitignore b/var/.gitignore
index 33d7422..9ba0da3 100644
--- a/var/.gitignore
+++ b/var/.gitignore
@@ -1,8 +1,11 @@
+/.updated
 /backups/
 /cache/
 /local/
 /lock
+/log/
 /mail/
 /opt/
 /run
 /spool/
+/www/
diff --git a/var/lib/.gitignore b/var/lib/.gitignore
index 1115c19..f73ab66 100644
--- a/var/lib/.gitignore
+++ b/var/lib/.gitignore
@@ -1,23 +1,27 @@
 /apache2/
 /apt/
 /dbus/
-/dehydrated/
-/dokuwiki/
 /dpkg/
+/ghostscript/
 /git/
-/initscripts/
+/libuuid/
 /logrotate/
+/man-db/
 /misc/
 /pam/
+/php/
+/private/
 /prometheus/
 /python/
 /samba/
+/sgml-base/
 /shells.state
+/smartmontools/
+/snmp/
 /sudo/
 /systemd/
-/terraform-http-backend/
 /ucf/
-/update-rc.d/
-/urandom/
 /vim/
 /wtmpdb/
+/xfonts/
+/xml-core/
diff --git a/etc/certificates/.gitignore b/var/lib/php/sessions/.gitignore
similarity index 100%
rename from etc/certificates/.gitignore
rename to var/lib/php/sessions/.gitignore
diff --git a/var/log/.gitignore b/var/log/.gitignore
deleted file mode 100644
index b7f8dee..0000000
--- a/var/log/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-/*
-!/.gitignore
-!/Archived/
diff --git a/var/log/Archived/.gitignore b/var/tmp/php-uploads/.gitignore
similarity index 100%
rename from var/log/Archived/.gitignore
rename to var/tmp/php-uploads/.gitignore