Few updates before move to Devuan.

.gitattributesdb

@@ -1,9 +1,186 @@
 # This is the gitattributesdb database file.
 # Do not manually edit this file - any changes will be overwritten.
 
-LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757518619.432797732 1757518618.466836488 tadgy:users 0755 - -
-LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757518719.301790744 1757518850.675522371 tadgy:users 0755 - -
-LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757518766.485897550 1757518850.675522371 tadgy:users 0755 - -
-LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757518781.005315169 1757518850.675522371 tadgy:users 0755 - -
-LmdpdG1vZHVsZXM= 1757518619.436797572 1757518619.438797492 tadgy:users 0644 - -
-UkVBRE1FLm1k 1757518519.971788195 1757518530.954347573 tadgy:users 0644 - -
+LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757608819.000000000 1757608819.000000000 root:root 0755 - -
+LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106.000000000 1757519106.000000000 root:root 0755 - -
+LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106.000000000 1757519106.000000000 root:root 0755 - -
+LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106.000000000 1757519106.000000000 root:root 0755 - -
+LmdpdGlnbm9yZQ== 1762025173.020942279 1757593248.000000000 root:root 0644 - -
+LmdpdG1vZHVsZXM= 1757607701.000000000 1757607701.000000000 root:root 0644 - -
+ZXRjLy5naXRpZ25vcmU= 1762626742.156358716 1757611781.000000000 root:root 0644 - -
+ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1766069108.043264156 1757775932.000000000 root:root 0644 - -
+ZXRjL2FwYWNoZTIvYXBhY2hlMi5jb25m 1766155394.332589865 1757785514.000000000 root:root 0644 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2FsaWFzLmxvYWQ= 1762021735.493652772 1762021735.493652772 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2FsbG93bWV0aG9kcy5sb2Fk 1766073519.503025374 1766073519.503025374 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGhuX2NvcmUubG9hZA== 1762021735.381654619 1762021735.381654619 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGhuX2ZpbGUubG9hZA== 1762021735.437653696 1762021735.437653696 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X2NvcmUubG9hZA== 1762021735.349655147 1762021735.349655147 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X2hvc3QubG9hZA== 1766070527.231989855 1766070527.231989855 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X3VzZXIubG9hZA== 1762021735.469653168 1762021735.469653168 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2NnaWQubG9hZA== 1766080747.085077197 1766080747.085077197 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2RlZmxhdGUubG9hZA== 1762021735.721649011 1762021735.721649011 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2Rpci5sb2Fk 1762021735.525652244 1762021735.525652244 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2Vudi5sb2Fk 1762021735.577651386 1762021735.577651386 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2ZpbHRlci5sb2Fk 1762021735.689649539 1762021735.689649539 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2h0dHAyLmxvYWQ= 1766079814.224337175 1766079814.224337175 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2luY2x1ZGUubG9hZA== 1766070423.145696881 1766070423.145696881 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL21pbWUubG9hZA== 1762021735.609650859 1762021735.609650859 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL21pbWVfbWFnaWMubG9hZA== 1766077359.436502219 1766077359.436502219 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL21wbV9ldmVudC5sb2Fk 1766077495.230282186 1766077495.230282186 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5LmxvYWQ= 1766080867.035115479 1766080867.035115479 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5X2ZjZ2kubG9hZA== 1766080921.386226594 1766080921.386226594 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Jld3JpdGUubG9hZA== 1766081010.864763229 1766081010.864763229 root:root 0777 - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3NldGVudmlmLmxvYWQ= 1762021735.661650000 1762021735.661650000 root:root 0777 - -
+ZXRjL2FwYWNoZTIvc2l0ZXMtYXZhaWxhYmxlLy5naXRpZ25vcmU= 1766069274.068541443 1766069263.648712326 root:root 0644 - -
+ZXRjL2FwYWNoZTIvc2l0ZXMtYXZhaWxhYmxlL2NvcmUuc2xhY2t3YXJlLnVrLm5ldC5jb25m 1758817141.000000000 1757785113.000000000 root:root 0644 - -
+ZXRjL2FwYWNoZTIvc2l0ZXMtZW5hYmxlZC8wMDAtY29yZS5zbGFja3dhcmUudWsubmV0LmNvbmY= 1762529451.292078041 1762529451.292078041 root:root 0777 - -
+ZXRjL2FwdC8uZ2l0aWdub3Jl 1762532662.236312315 1762532566.409854495 root:root 0644 - -
+ZXRjL2FwdC9wcmVmZXJlbmNlcy5kL3N1cnk= 1762021809.456432672 1762021809.456432672 root:root 0644 - -
+ZXRjL2FwdC9zb3VyY2VzLmxpc3QuZC9mZC5saXN0 1762021706.378133066 1762021706.374133133 root:root 0644 - -
+ZXRjL2FwdC9zb3VyY2VzLmxpc3QuZC9zdXJ5Lmxpc3Q= 1762021706.378133066 1762021706.378133066 root:root 0644 - -
+ZXRjL2Nyb24uMTVtaW4vLmdpdGlnbm9yZQ== 1762535468.567176697 1762535289.358058790 root:root 0644 - -
+ZXRjL2Nyb24uZC8uZ2l0aWdub3Jl 1762535453.203423781 1762535289.358058790 root:root 0644 - -
+ZXRjL2Nyb24uZGFpbHkvLmdpdGlnbm9yZQ== 1762538383.748288196 1762535499.146684944 root:root 0644 - -
+ZXRjL2Nyb24uZGFpbHkvMC1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1762022637.182797762 1762022637.182797762 root:root 0777 - -
+ZXRjL2Nyb24uZGFpbHkvMTAtZGVoeWRyYXRlZA== 1762022637.182797762 1762022637.182797762 root:root 0777 - -
+ZXRjL2Nyb24uZGFpbHkvNS11cGRhdGUtcGFja2FnZXMtbGlzdA== 1762022637.182797762 1762022637.182797762 root:root 0777 - -
+ZXRjL2Nyb24uZGFpbHkvNy13YXJuLWdpdC1zdGF0dXM= 1762022637.182797762 1762022637.182797762 root:root 0777 - -
+ZXRjL2Nyb24uaG91cmx5Ly5naXRpZ25vcmU= 1762535518.534373147 1762535518.534373147 root:root 0644 - -
+ZXRjL2Nyb24ubW9udGhseS8uZ2l0aWdub3Jl 1762535548.045898541 1762535548.045898541 root:root 0644 - -
+ZXRjL2Nyb24ud2Vla2x5Ly5naXRpZ25vcmU= 1762628453.620630321 1762535530.470181196 root:root 0644 - -
+ZXRjL2Nyb24ud2Vla2x5L2NsZWFuLXBocA== 1762628439.836853762 1762628439.836853762 root:root 0777 - -
+ZXRjL2Nyb24ueWVhcmx5Ly5naXRpZ25vcmU= 1762535568.001577608 1762535568.001577608 root:root 0644 - -
+ZXRjL2Nyb250YWI= 1762534976.223094581 1757593504.000000000 root:root 0600 - -
+ZXRjL2RlZmF1bHQvLmdpdGlnbm9yZQ== 1762624179.585857684 1762624148.166366444 root:root 0644 - -
+ZXRjL2RlZmF1bHQvcHJvbWV0aGV1cy1ub2RlLWV4cG9ydGVy 1771504260.677940581 1762023153.000000000 root:root 0644 - -
+ZXRjL2RlZmF1bHQvcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758555243.000000000 1758552192.000000000 root:root 0644 - -
+ZXRjL2RlZmF1bHQvdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1771507048.704791655 1757595391.000000000 root:root 0600 - -
+ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054.000000000 1758038054.000000000 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230.000000000 1757873230.000000000 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1761052714.000000000 1757873275.000000000 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvYXJjaGl2ZS8uZ2l0aWdub3Jl 1757874259.000000000 1757873451.000000000 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvY2VydHMvLmdpdGlnbm9yZQ== 1757874303.000000000 1757873537.000000000 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1758044465.000000000 1757862077.000000000 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328.000000000 1757862077.000000000 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1757863238.000000000 1757862077.000000000 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL2NvcmUuc2xhY2t3YXJlLnVrLm5ldA== 1757863250.000000000 1757863250.000000000 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758045829.000000000 1757862077.000000000 root:root 0755 - -
+ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnktYXBhY2hlLmNvbmY= 1740415693.000000000 1762022137.000000000 root:root 0644 - -
+ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZg== 1771459200.000000000 1771459200.000000000 root:root 0644 - -
+ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZi5vcmln 1760207207.000000000 1760207207.000000000 root:root 0644 - -
+ZXRjL2dyb3Vw 1762530431.632238190 1762530431.632238190 root:root 0644 - -
+ZXRjL2dzaGFkb3cuZ3Bn 1762628156.813441524 1762447499.282711556 root:root 0644 - -
+ZXRjL2hvc3RuYW1l 1757594311.000000000 1757594311.000000000 root:root 0644 - -
+ZXRjL2hvc3Rz 1762446715.371577485 1757594362.000000000 root:root 0644 - -
+ZXRjL2luaXQuZC8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - -
+ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1771459200.000000000 1771459200.000000000 root:root 0755 - -
+ZXRjL2tyYjUuY29uZg== 1762447367.132883171 1583171707.000000000 root:root 0644 - -
+ZXRjL2xkYXAvbGRhcC5jb25m 1758374529.000000000 1730112559.000000000 root:root 0644 - -
+ZXRjL2xkYXAvc2NoZW1hLy5naXRpZ25vcmU= 1762628549.507075969 1762628549.507075969 root:root 0644 - -
+ZXRjL2xkYXAvc2NoZW1hL3JmYzIzMDdiaXMuc2NoZW1h 1759835660.000000000 1759835660.000000000 root:root 0644 - -
+ZXRjL2xvZ2luLmRlZnM= 1771509215.801996599 1745058028.000000000 root:root 0644 - -
+ZXRjL21vdGQ= 1762625944.389278724 1756052400.000000000 root:root 0644 - -
+ZXRjL21zbXRwLmFsaWFzZXM= 1758035451.000000000 1758035451.000000000 root:root 0644 - -
+ZXRjL21zbXRwcmMuZ3Bn 1761052674.000000000 1758049424.000000000 root:root 0644 - -
+ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572.000000000 1757596572.000000000 root:root 0644 - -
+ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1762449437.502802342 1762449437.502802342 root:root 0644 - -
+ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDA= 1762449591.864258045 1762449559.040799058 root:root 0644 - -
+ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDE= 1762449602.376084790 1762449560.312778093 root:root 0644 - -
+ZXRjL3Bhc3N3ZA== 1762449439.234773795 1762449439.234773795 root:root 0644 - -
+ZXRjL3BocGxkYXBhZG1pbi8uZ2l0aWdub3Jl 1762628720.800299329 1762628701.308615289 root:root 0644 - -
+ZXRjL3BocGxkYXBhZG1pbi9jb25maWcucGhwLmdwZw== 1761052640.000000000 1758539944.000000000 root:root 0644 - -
+ZXRjL3BrZ2xpc3Q= 1766102401.840579350 1762560002.068536774 root:root 0644 - -
+ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1771459200.000000000 1771459200.000000000 root:root 0644 - -
+ZXRjL3B1c2hvdmVyLWNsaWVudC8uZ2l0aWdub3Jl 1762628624.365862525 1762448145.464092595 root:root 0644 - -
+ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0LmdwZw== 1762448163.991787320 1762448163.979787518 root:root 0644 - -
+ZXRjL3Jlc29sdi5jb25m 1757611605.000000000 1757611605.000000000 root:root 0644 - -
+ZXRjL3JzeXNsb2cuY29uZg== 1757785113.000000000 1757785113.000000000 root:root 0644 - -
+ZXRjL3NhbWJhL3NtYi5jb25m 1762447904.392054475 1758208516.000000000 root:root 0644 - -
+ZXRjL3NhbWJhL3NtYnVzZXJz 1758121825.000000000 1758121586.000000000 root:root 0644 - -
+ZXRjL3NoYWRvdy5ncGc= 1762628180.969049967 1762447484.598952854 root:root 0644 - -
+ZXRjL3NzaC8uZ2l0aWdub3Jl 1762628843.382312260 1757606957.000000000 root:root 0644 - -
+ZXRjL3NzaC9zc2hfY29uZmln 1757606630.000000000 1757606630.000000000 root:root 0644 - -
+ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1758202229.000000000 1757606896.000000000 root:root 0644 - -
+ZXRjL3NzaGd1YXJkL3NzaGd1YXJkLmNvbmY= 1758050700.000000000 1758050700.000000000 root:root 0644 - -
+ZXRjL3NzaGd1YXJkL3doaXRlbGlzdA== 1758050235.000000000 1758050235.000000000 root:root 0644 - -
+ZXRjL3N1ZG9lcnMuZC8uZ2l0aWdub3Jl 1762026765.566662574 1762026765.566662574 root:root 0644 - -
+ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359.000000000 1757599359.000000000 root:root 0640 - -
+ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157.000000000 1757600157.000000000 root:root 0640 - -
+aG9tZS8uZ2l0aWdub3Jl 1757762052.000000000 1757762052.000000000 root:root 0644 - -
+aG9tZS9zeXNhZG1pbi8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uYmFzaF9wcm9maWxl 1757861225.000000000 1757584711.000000000 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1758887092.000000000 1757586493.000000000 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uZ2l0aWdub3Jl 1757600312.000000000 1757600312.000000000 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8ubmFub3Jj 1757585756.000000000 1757585756.000000000 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757763178.000000000 1757587611.000000000 sysadmin:users 0644 - -
+b3B0L3NiaW4vY3JvbmpvYi1jbGVhbi1waHA= 1762538240.962584934 1758289390.000000000 root:root 0755 - -
+b3B0L3NiaW4vY3JvbmpvYi1kZWh5ZHJhdGVk 1758033093.000000000 1757531685.000000000 root:root 0755 - -
+b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1758555302.000000000 1758224324.000000000 root:root 0755 - -
+b3B0L3NiaW4vY3JvbmpvYi11cGRhdGUtcGFja2FnZXMtbGlzdA== 1757531121.000000000 1757531121.000000000 root:root 0755 - -
+b3B0L3NiaW4vY3JvbmpvYi13YXJuLWdpdC1zdGF0dXM= 1758221607.000000000 1757591137.000000000 root:root 0755 - -
+b3B0L3NiaW4vZGVoeWRyYXRlZA== 1757531557.000000000 1757531557.000000000 root:root 0755 - -
+b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1758224526.000000000 1758224526.000000000 root:root 0755 - -
+b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1757590543.000000000 1757590543.000000000 root:root 0755 - -
+cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 root:root 0644 - -
+cm9vdC8uYmFzaF9wcm9maWxl 1757584711.000000000 1757584711.000000000 root:root 0644 - -
+cm9vdC8uYmFzaHJj 1758887027.000000000 1757586493.000000000 root:root 0644 - -
+cm9vdC8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 root:root 0644 - -
+cm9vdC8uZ2l0aWdub3Jl 1771509562.912369370 1757600312.000000000 root:root 0644 - -
+cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 root:root 0644 - -
+cm9vdC8ubmFub3Jj 1757585756.000000000 1757585756.000000000 root:root 0644 - -
+cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 root:root 0644 - -
+cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611.000000000 1757587611.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NsZWFuLWZk 1758994151.000000000 1758992264.000000000 root:root 0755 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9iY21hdGguaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9iejIuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9jdXJsLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9nZC5pbmk= 1758756479.000000000 1758756479.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9nZXR0ZXh0LmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9nbXAuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9pY29udi5pbmk= 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9pbWFwLmluaQ== 1758756479.000000000 1758756479.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9pbnRsLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9sZGFwLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9tYnN0cmluZy5pbmk= 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9vcGNhY2hlLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9vcGVuc3NsLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9wb3NpeC5pbmk= 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zZXNzaW9uLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zaW1wbGV4bWwuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zb2RpdW0uaW5p 1758756479.000000000 1758756479.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zcWxpdGUzLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF94bWwuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF96aXAuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMV9waGFyLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9wZG8uaW5p 1758566165.000000000 1758566165.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p 1758566165.000000000 1758566165.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9wZ3NxbC5pbmk= 1758566165.000000000 1758566165.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9waGFyLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zZXNzaW9uLmluaQ== 1760206689.000000000 1758566165.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zb2FwLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zcWxpdGUzLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV90aWR5LmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC9pbWFnaWNrLmluaQ== 1755096904.000000000 1755096904.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRh 1762020478.278412865 1762020215.034844513 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRhXzAuMC4xX2FsbC5kZWI= 1762020499.466056182 1762020499.458056317 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL3BocC1mcG0uY29uZg== 1758566251.000000000 1758566184.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL3BocC1mcG0uZC93d3cuY29uZg== 1758566277.000000000 1758566199.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL3BocC5pbmk= 1759845481.000000000 1758566175.000000000 root:root 0644 - -
+cm9vdC9zdHVmZi10by1rZWVwL3B1c2hvdmVyLWFsZXJ0LnN0YXJ0 1758225142.000000000 1758225089.000000000 root:root 0755 - -
+cm9vdC9zdHVmZi10by1rZWVwL3B1c2hvdmVyLWFsZXJ0LnN0b3A= 1758225254.000000000 1758225155.000000000 root:root 0755 - -
+dmFyLy5naXRpZ25vcmU= 1762537544.845782317 1758288560.000000000 root:root 0644 - -
+dmFyL2xpYi8uZ2l0aWdub3Jl 1762025492.611669032 1758288764.000000000 root:root 0644 - -
+dmFyL2xpYi90ZXJyYWZvcm0taHR0cC1iYWNrZW5kLy5naXRrZWVwZGly 1762024627.173956151 1762024627.173956151 root:root 0644 - -
+dmFyL3RtcC8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - -
+dmFyL3RtcC9waHAtdXBsb2Fkcy8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - -
+ZXRjL3NoYWRvdw== 1762449439.206774257 1762449439.206774257 root:shadow 0640 - -
+ZXRjL3NoYWRvdy0= 1762023813.000000000 1762023813.000000000 root:shadow 0640 - -
+ZXRjL3N1ZG9lcnM= 1751262933.000000000 1751262933.000000000 root:root 0440 - -
+ZXRjL3N1ZG9lcnMuZC9SRUFETUU= 1751262933.000000000 1751262933.000000000 root:root 0440 - -
+ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359.000000000 1757599359.000000000 root:root 0640 - -
+ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157.000000000 1757600157.000000000 root:root 0640 - -
+aG9tZS9zeXNhZG1pbg== 1758887092.000000000 1757761412.000000000 sysadmin:users 0711 - -

.gitattributesdb-extra

@@ -0,0 +1,7 @@
+ZXRjL2RvYXMuY29uZg==
+ZXRjL2RvYXMuZA==
+ZXRjL3NoYWRvdw==
+ZXRjL3NoYWRvdy0=
+ZXRjL3N1ZG9lcnM=
+ZXRjL3N1ZG9lcnMuZC8q
+aG9tZS9zeXNhZG1pbg==

.githooks/gitattributesdb

@@ -1 +1 @@
-Subproject commit aa17af467452849b2204472c8c16d9d3757824af
+Subproject commit 6f956ff56af0a65b6dd8f84aa845031c22998c61

.gitignore

@@ -0,0 +1,20 @@
+*~
+*.save
+
+.*.swp
+
+/bin
+/boot/
+/data/
+/dev/
+/lib
+/lib64
+/media/
+/mnt/
+/proc/
+/run/
+/sbin
+/srv/
+/sys/
+/tmp/
+/usr/

README.md

@@ -1,9 +0,0 @@
-README
-======
-System configurations are stored in a seperate branch for each host or purpose.
-
-List available branches:
-  * git branch -avv
-
-Check out specific branch:
-  * git checkout <branch name>

etc/.gitignore

@@ -0,0 +1,119 @@
+/.pwd.lock
+/.updated
+/ImageMagick-7/
+/X11/
+/adduser.conf
+/alternatives/
+/apparmor.d/
+/bash.bashrc
+/bash_completion
+/bash_completion.d/
+/bindresvport.blacklist
+/binfmt.d/
+/ca-certificates/
+/ca-certificates.conf
+/credstore/
+/credstore.encrypted/
+/certificates/
+/dbus-1/
+/debconf.conf
+/debian_version
+/deluser.conf
+/depmod.d/
+/dhcpcd.conf
+/dpkg/
+/environment
+/ethertypes
+/fonts/
+/freeipmi/
+/fstab
+/gai.conf
+/ghostscript/
+/gprofng.rc
+/groff/
+/group-
+/gshadow
+/gshadow-
+/gss/
+/gssapi_mech.conf
+/host.conf
+/hosts.*
+/inputrc
+/ipmi/
+/issue
+/issue.net
+/kernel/
+/ld.so.*
+/libaudit.conf
+/lighttpd/
+/locale.*
+/localtime
+/logcheck/
+/lynx/
+/machine-id
+/magic
+/magic.mime
+/mail.rc
+/mailcap
+/mailcap.order
+/manpath.config
+/mime.types
+/modprobe.d/
+/modules
+/modules-load.d/
+/msmtprc
+/mtab
+/nanorc
+/netconfig
+/networks
+/nftables.conf
+/nsswitch.conf
+/nvme/
+/opt/
+/os-release
+/pam.conf
+/pam.d/
+/paperspecs
+/passwd-
+/perl/
+/polkit-1/
+/profile
+/profile.d/
+/protocols
+/python3/
+/python3.13/
+/rc?.d/
+/rmt
+/rpc
+/runit/
+/security/
+/selinux/
+/sensors.d/
+/sensors3.conf
+/services
+/sgml/
+/shadow
+/shadow-
+/shells
+/skel/
+/snmp/
+/ssl/
+/subgid
+/subuid
+/sudo.conf
+/sudoers
+/sudo_logsrvd.conf
+/supercat/
+/sv/
+/sysctl.d/
+/terminfo/
+/tmpfiles.d/
+/ucf.conf
+/udev/
+/ufw/
+/update-motd.d/
+/vconsole.conf
+/vim/
+/xattr.conf
+/xdg
+/xml

etc/apache2/.gitignore

@@ -0,0 +1,5 @@
+/conf-*/
+/envvars
+/magic
+/mods-available/
+/ports.conf

etc/apache2/apache2.conf

@@ -0,0 +1,238 @@
+# These modules are required for the basic configuration directives used in this file.
+# They *must* be loaded to use this configuration with httpd.
+LoadModule	alias_module		/usr/lib/apache2/modules/mod_alias.so
+LoadModule	allowmethods_module	/usr/lib/apache2/modules/mod_allowmethods.so
+LoadModule	authz_host_module	/usr/lib/apache2/modules/mod_authz_host.so
+LoadModule	dir_module		/usr/lib/apache2/modules/mod_dir.so
+LoadModule	env_module		/usr/lib/apache2/modules/mod_env.so
+#LoadModule	log_config_module	/usr/lib/apache2/mod_log_config.so
+LoadModule	mime_module		/usr/lib/apache2/modules/mod_mime.so
+LoadModule	mime_magic_module	/usr/lib/apache2/modules/mod_mime_magic.so
+LoadModule	mpm_event_module	/usr/lib/apache2/modules/mod_mpm_event.so
+LoadModule	setenvif_module		/usr/lib/apache2/modules/mod_setenvif.so
+#LoadModule	unixd_module		/usr/lib/apache2/mod_unixd.so
+
+# Load extra modules.
+IncludeOptional	/etc/apache2/mods-enabled/*.load
+
+
+# IP addresses and ports to listen on.
+Listen				5.101.171.215:80
+Listen				[2a01:a500:2981:1::d7]:80
+<IfModule ssl_module>
+  Listen			5.101.171.215:25443
+  Listen			[2a01:a500:2981:1::d7]:25443
+</IfModule>
+
+
+# Main server configuration.
+# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts.
+DocumentRoot			/var/www/html
+ServerAdmin			"sysadmin(at)slackware.uk"
+ServerName			core.slackware.uk.net
+ServerSignature			Email
+ServerTokens			Major
+User				www-data
+Group				www-data
+DefaultRuntimeDir		/var/run/apache2
+PidFile				/var/run/apache2/apache2.pid
+ScriptSock			/var/run/apache2/cgid.sock
+Mutex				pthread
+
+
+# Logging.
+LogFormat	"%h %l %u %t \"%r\" %>s %b"						Common
+LogFormat	"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""		Combined
+LogFormat	"%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""	VHostCombined
+CustomLog	"|/usr/bin/logger -p local1.info -t httpd"				VHostCombined		env=!no_log
+LogLevel	warn allowmethods:crit authz_core:crit
+<IfModule include_module>
+  LogLevel	include:crit
+</IfModule>
+<IfModule ssl_module>
+  LogLevel	ssl:crit
+</IfModule>
+ErrorLog	syslog:local0
+
+
+# Resource limits for event MPM.
+#  MaxConnectionsPerChild: maximum number of requests a server process serves
+#  MaxRequestWorkers: maximum number of worker threads
+#  MaxSpareThreads: maximum number of worker threads which are kept spare
+#  MinSpareThreads: minimum number of worker threads which are kept spare
+#  StartServers: initial number of server processes to start
+#  ThreadLimit: maximum limit of threads for ThreadsPerChild setting
+#  ThreadsPerChild: constant number of worker threads in each server process
+MaxConnectionsPerChild		10240
+MaxRequestWorkers		128
+MaxSpareThreads			16
+MinSpareThreads			2
+StartServers			1
+ThreadLimit			64
+ThreadsPerChild			32
+
+
+# Timeouts.
+TimeOut				30
+GracefulShutDownTimeout		1
+
+
+# Browser handling.
+BrowserMatch			"^Dreamweaver-WebDAV-SCM1"				redirect-carefully
+BrowserMatch			"Java/1\.0"						force-response-1.0
+BrowserMatch			"JDK/1\.0"						force-response-1.0
+BrowserMatch			"Microsoft Data Access Internet Publishing Provider"	redirect-carefully
+BrowserMatch			"Mozilla/2"						nokeepalive
+BrowserMatch			"MS FrontPage"						redirect-carefully
+BrowserMatch			"MSIE [2-5]"						nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch			"RealPlayer 4\.0"					force-response-1.0
+BrowserMatch			"^WebDAVFS/1\.[012]"					redirect-carefully
+BrowserMatch			"^WebDrive"						redirect-carefully
+BrowserMatch			"^XML Spy"						redirect-carefully
+BrowserMatch			"^gnome-vfs/1\.0"					redirect-carefully
+BrowserMatch			"^gvfs/1"						redirect-carefully
+BrowserMatch			"Konqueror/4"						redirect-carefully
+
+
+# HTTP2.
+<IfModule http2_module>
+  Protocols			h2 h2c http/1.1
+  H2Push			On
+  H2PushPriority		application/javascript		interleaved
+  H2PushPriority		image/jpeg			after		32
+  H2PushPriority		image/png			after		32
+  H2PushPriority		text/css			before
+  H2PushPriority		*				after
+</IfModule>
+
+
+# SSL configuration.
+<IfModule ssl_module>
+  SSLCipherSuite		HIGH:!SSLv3:!TLS1:!aNULL:!MD5
+  SSLHonorCipherOrder		On
+  SSLOptions			+FakeBasicAuth
+  SSLProtocol			all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+  SSLRandomSeed			startup		builtin
+  SSLRandomSeed			startup		file:/dev/urandom	512
+  SSLRandomSeed			connect		builtin
+  SSLRandomSeed			connect		file:/dev/urandom	512
+  SSLSessionCache		shmcb:${APACHE_RUN_DIR}/ssl_session_cache(512000)
+  SSLSessionCacheTimeout	300
+  SSLSessionTickets		Off
+  BrowserMatch			"MSIE [2-5]"	ssl-unclean-shutdown
+</IfModule>
+
+
+# PHP.
+<IfModule proxy_fcgi_module>
+  DirectoryIndex	index.php index.phtml
+
+  <If "-f %{REQUEST_FILENAME} && %{REQUEST_URI} =~ /.+\.ph(ar|p|tml)$/">
+    SetHandler		proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/
+  </If>
+</IfModule>
+
+
+# Filters and Handlers.
+<IfModule filter_module>
+  <IfModule deflate_module>
+    AddOutputFilterByType	DEFLATE		text/html text/plain text/xml text/css text/javascript
+    AddOutputFilterByType	DEFLATE		application/x-javascript application/javascript application/ecmascript
+    AddOutputFilterByType	DEFLATE		application/rss+xml
+    AddOutputFilterByType	DEFLATE		application/wasm
+    AddOutputFilterByType	DEFLATE		application/xml
+  </IfModule>
+  <IfModule include_module>
+    AddOutputFilter		INCLUDES	.shtml .html
+  </IfModule>
+</IfModule>
+#This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs.  ExecCGI is required in Options for the dir.
+#<IfModule cgid_module>
+#  AddHandler			cgi-script	.cgi .pl .py .sh
+#</IfModule>
+
+
+# Mime type mappings.
+TypesConfig	/etc/mime.types
+AddEncoding	x-compress				.tz .z .Z
+AddEncoding	x-gzip					.gz .tgz
+AddEncoding	x-bzip2					.bz2 .tbz
+AddType		application/octet-stream		.deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz
+AddType		application/pkcs8			.key
+AddType		application/pkcs10			.csr
+AddType		application/pkix-crl			.crl
+AddType		application/x-pem-file			.pem
+AddType		application/x-x509-user-cert		.crt
+AddType		text/html				.shtml
+AddType		text/markdown				.md
+AddType		text/plain				.csh .diff .ksh .md5 .md5sum .meta .patch .pl .pm .py .rb .sh .sha .shasum .sha1 .sha1sum .sha256 .sha256sum .sha512 .sha512sum .slackbuild .tcl .url
+MIMEMagicFile	/etc/apache2/magic
+
+
+# Lets Encrypt validation.
+Alias		/.well-known/acme-challenge/		/srv/dehydrated/
+
+
+# Access control.
+<FilesMatch ^\.(ht.*|ph(?:ar|p|ps|tml))$>
+  Require		all denied
+</FilesMatch>
+
+<Directory />
+  Options		SymLinksIfOwnerMatch
+  AllowOverride		None
+  Require		all denied
+</Directory>
+
+<Directory /var/empty/>
+  Options		None
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<Directory /srv/dehydrated/>
+  Options		None
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<Directory /data/sites/*/html/>
+  Options		Includes MultiViews SymLinksIfOwnerMatch
+  AllowOverride		AuthConfig FileInfo Indexes Limit
+
+  Require		all granted
+
+  AllowMethods		GET POST OPTIONS
+
+  DirectoryIndex	index.html index.xhtml
+  <IfModule include_module>
+    DirectoryIndex	index.shtml
+  </IfModule>
+
+  <IfModule ssl_module>
+    <FilesMatch "\.(shtml|php)$">
+      SSLOptions	+StdEnvVars
+    </FilesMatch>
+  </IfModule>
+</Directory>
+
+<IfModule cgid_module>
+  <Directory /data/sites/*/cgi-bin/>
+    Options		ExecCGI Includes MultiViews SymLinksIfOwnerMatch
+    AllowOverride	AuthConfig FileInfo Limit
+
+    Require		all granted
+
+    AllowMethods	GET POST OPTIONS
+
+    DirectoryIndex	disabled
+
+    <IfModule ssl_module>
+      SSLOptions	+StdEnvVars
+    </IfModule>
+  </Directory>
+</IfModule>
+
+
+# Include extra configurations.
+IncludeOptional		/etc/apache2/sites-enabled/*.conf

etc/apache2/mods-enabled/alias.load

@@ -0,0 +1 @@
+../mods-available/alias.load

etc/apache2/mods-enabled/allowmethods.load

@@ -0,0 +1 @@
+../mods-available/allowmethods.load

etc/apache2/mods-enabled/authn_core.load

@@ -0,0 +1 @@
+../mods-available/authn_core.load

etc/apache2/mods-enabled/authn_file.load

@@ -0,0 +1 @@
+../mods-available/authn_file.load

etc/apache2/mods-enabled/authz_core.load

@@ -0,0 +1 @@
+../mods-available/authz_core.load

etc/apache2/mods-enabled/authz_host.load

@@ -0,0 +1 @@
+../mods-available/authz_host.load

etc/apache2/mods-enabled/authz_user.load

@@ -0,0 +1 @@
+../mods-available/authz_user.load

etc/apache2/mods-enabled/cgid.load

@@ -0,0 +1 @@
+../mods-available/cgid.load

etc/apache2/mods-enabled/deflate.load

@@ -0,0 +1 @@
+../mods-available/deflate.load

etc/apache2/mods-enabled/dir.load

@@ -0,0 +1 @@
+../mods-available/dir.load

etc/apache2/mods-enabled/env.load

@@ -0,0 +1 @@
+../mods-available/env.load

etc/apache2/mods-enabled/filter.load

@@ -0,0 +1 @@
+../mods-available/filter.load

etc/apache2/mods-enabled/http2.load

@@ -0,0 +1 @@
+../mods-available/http2.load

etc/apache2/mods-enabled/include.load

@@ -0,0 +1 @@
+../mods-available/include.load

etc/apache2/mods-enabled/mime.load

@@ -0,0 +1 @@
+../mods-available/mime.load

etc/apache2/mods-enabled/mime_magic.load

@@ -0,0 +1 @@
+../mods-available/mime_magic.load

etc/apache2/mods-enabled/mpm_event.load

@@ -0,0 +1 @@
+../mods-available/mpm_event.load

etc/apache2/mods-enabled/proxy.load

@@ -0,0 +1 @@
+../mods-available/proxy.load

etc/apache2/mods-enabled/proxy_fcgi.load

@@ -0,0 +1 @@
+../mods-available/proxy_fcgi.load

etc/apache2/mods-enabled/rewrite.load

@@ -0,0 +1 @@
+../mods-available/rewrite.load

etc/apache2/mods-enabled/setenvif.load

@@ -0,0 +1 @@
+../mods-available/setenvif.load

etc/apache2/sites-available/.gitignore

@@ -0,0 +1,2 @@
+/000-default.conf
+/default-ssl.conf

etc/apache2/sites-available/core.slackware.uk.net.conf

@@ -0,0 +1,44 @@
+<Directory /srv/pla/>
+  Options		FollowSymlinks
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<Directory /srv/fusiondirectory>
+  # include /etc/fusiondirectory/fusiondirectory.secrets
+
+  AllowOverride			None
+  Require			all granted
+  AddType application/wasm	.wasm
+</Directory> 
+
+<VirtualHost 5.101.171.215:80 [2a01:a500:2981:1::d7]:80>
+  ServerName		core.slackware.uk.net
+
+  SetEnvIf		REQUEST_URI	^/robots\.txt$		no_log
+  SetEnvIf		REQUEST_URI	^/favicon\.ico$		no_log
+  SetEnvIf		REQUEST_URI	^/\.well-known/.*$	no_log
+
+  RedirectMatch		403		^/(?!(\.well-known|httpd-errordocs)/)(.*)
+</VirtualHost>
+
+<IfModule ssl_module>
+  <VirtualHost 5.101.171.215:25443 [2a01:a500:2981:1::d7]:25443>
+    ServerName			core.slackware.uk.net
+
+    SSLEngine			On
+    SSLCertificateFile		/etc/certificates/core.slackware.uk.net_cert.pem
+    SSLCertificateKeyFile	/etc/certificates/core.slackware.uk.net_key.pem
+    SSLCertificateChainFile	/etc/certificates/core.slackware.uk.net_chain.pem
+
+    SetEnvIf			REQUEST_URI	^/robots\.txt$		no_log
+    SetEnvIf			REQUEST_URI	^/favicon\.ico$		no_log
+
+    ScriptAlias			/cgi-bin/	/data/sites/core.slackware.uk.net/cgi-bin/
+
+    DocumentRoot		/data/sites/core.slackware.uk.net/html
+
+    Alias			/fd		/srv/fusiondirectory/html
+    Alias			/pla		/srv/pla
+  </VirtualHost>
+</IfModule>

etc/apache2/sites-enabled/000-core.slackware.uk.net.conf

@@ -0,0 +1 @@
+../sites-available/core.slackware.uk.net.conf

etc/apt/.gitignore

@@ -0,0 +1,5 @@
+/apt.conf.d/
+/auth.conf.d/
+/keyrings/
+/sources.list
+/trusted.gpg.d/

etc/apt/preferences.d/sury

@@ -0,0 +1,3 @@
+Package: *
+Pin: release o=deb.sury.org
+Pin-Priority: 1000

etc/apt/sources.list.d/fd.list

@@ -0,0 +1,4 @@
+deb [trusted=yes] https://public.fusiondirectory.org/debian/fusiondirectory-integrator/ bullseye main
+deb [trusted=yes] https://public.fusiondirectory.org/debian/fusiondirectory-tools/ bullseye main
+deb [trusted=yes] https://public.fusiondirectory.org/debian/fusiondirectory-external-libraries/ bullseye main
+deb [trusted=yes] https://public.fusiondirectory.org/debian/bullseye-fusiondirectory-release/ bullseye main

etc/apt/sources.list.d/sury.list

@@ -0,0 +1 @@
+deb [trusted=yes] https://packages.sury.org/php/ trixie main

etc/cron.15min/.gitignore

@@ -0,0 +1,2 @@
+/*
+!/.gitignore

etc/cron.d/.gitignore

@@ -0,0 +1,2 @@
+/*
+!/.gitignore

etc/cron.daily/.gitignore

@@ -0,0 +1,6 @@
+/*
+!/.gitignore
+!/0-rotate-logs-symlinks
+!/5-update-packages-list
+!/7-warn-git-status
+!/10-dehydrated

etc/cron.daily/0-rotate-logs-symlinks

@@ -0,0 +1 @@
+/opt/sbin/cronjob-rotate-logs-symlinks

etc/cron.daily/10-dehydrated

@@ -0,0 +1 @@
+/opt/sbin/cronjob-dehydrated

etc/cron.daily/5-update-packages-list

@@ -0,0 +1 @@
+/opt/sbin/cronjob-update-packages-list

etc/cron.daily/7-warn-git-status

@@ -0,0 +1 @@
+/opt/sbin/cronjob-warn-git-status

etc/cron.hourly/.gitignore

@@ -0,0 +1,2 @@
+/*
+!/.gitignore

etc/cron.monthly/.gitignore

@@ -0,0 +1,2 @@
+/*
+!/.gitignore

etc/cron.weekly/.gitignore

@@ -0,0 +1,3 @@
+/*
+!/.gitignore
+!/clean-php

etc/cron.weekly/clean-php

@@ -0,0 +1 @@
+/opt/sbin/cronjob-clean-php

etc/cron.yearly/.gitignore

@@ -0,0 +1,2 @@
+/*
+!/.gitignore

etc/crontab

@@ -0,0 +1,8 @@
+# do daily/weekly/monthly maintenance
+# min		hour	day	month	weekday	user	command
+0,15,30,45	*	*	*	*	root	cd / && [ -d /etc/cron.15min ] && run-parts --report /etc/cron.15min
+0		*	*	*	*	root	cd / && [ -d /etc/cron.hourly ] && run-parts --report /etc/cron.hourly
+0		0	*	*	*	root	cd / && [ -d /etc/cron.daily ] && run-parts --report /etc/cron.daily
+0		0	*	*	6	root	cd / && [ -d /etc/cron.weekly ] && run-parts --report /etc/cron.weekly
+0		0	1	*	*	root	cd / && [ -d /etc/cron.monthly ] && run-parts --report /etc/cron.monthly
+0		0	1	1	*	root	cd / && [ -d /etc/cron.yearly ] && run-parts --report /etc/cron.yearly

etc/default/.gitignore

@@ -0,0 +1,10 @@
+/apache-htcacheclean
+/cron
+/dbus
+/locale
+/networking
+/nss
+/openipmi
+/ssh
+/useradd
+/winbind

etc/default/prometheus-node-exporter

@@ -0,0 +1,5 @@
+# Set the command-line arguments to pass to the server.
+# Due to shell escaping, to pass backslashes for regexes, you need to double
+# them (\\d for \d). If running under systemd, you need to double them again
+# (\\\\d to mean \d), and escape newlines too.
+ARGS="--web.listen-address=5.101.171.215:9100"

etc/default/rotate-logs-symlinks

@@ -0,0 +1 @@
+CREATE_DIRS['core.slackware.uk.net']="fusiondirectory samba"

etc/default/terraform-http-backend

@@ -0,0 +1,7 @@
+TF_USER="thb"
+TF_IP="5.101.171.215"
+TF_PORT="25480"
+TF_STORAGE_DIR="/var/lib/terraform-http-backend"
+TF_AUTH_ENABLED="true"
+TF_USERNAME="sysadmin"
+TF_PASSWORD="sunsa"

etc/dehydrated/.gitignore

@@ -0,0 +1 @@
+/chains/

etc/dehydrated/accounts/.gitignore

@@ -0,0 +1,2 @@
+/*/
+/*.tar

etc/dehydrated/archive/.gitignore

@@ -0,0 +1 @@
+/*

etc/dehydrated/certs/.gitignore

@@ -0,0 +1 @@
+/*

etc/dehydrated/config

@@ -0,0 +1,147 @@
+# This is the main config file for dehydrated.
+# This file is looked for in the following locations:
+#   $SCRIPTDIR/config (next to this script)
+#   /usr/local/etc/dehydrated/config
+#   /etc/dehydrated/config
+#   ${PWD}/config (in current working-directory)
+
+# Which user should dehydrated run as?  This will be implictly enforced when running as root.
+# Default: <unset>
+#DEHYDRATED_USER=""
+
+# Which group should dehydrated run as?  This will be implictly enforced when running as root.
+# Default: <unset>
+#DEHYDRATED_GROUP=""
+
+# Resolve names to addresses of IP version only, for curl.
+# Supported values: 4, 6.
+# Default: <unset>
+#IP_VERSION=""
+
+# Path to certificate authority.
+# Default: https://acme-v02.api.letsencrypt.org/directory
+#CA="https://acme-v02.api.letsencrypt.org/directory"
+# Use staging server for testing:
+#CA="https://acme-staging-v02.api.letsencrypt.org/directory"
+
+# Path to old certificate authority.
+# Set this value to your old CA when upgrading from ACMEv1 to ACMEv2 under a different endpoint.
+# If dehydrated detects an account-key for the old CA it will automatically reuse that key
+# instead of registering a new one.
+# Default: https://acme-v01.api.letsencrypt.org/directory
+#OLDCA="https://acme-v01.api.letsencrypt.org/directory"
+
+# Which challenge should be used?
+# Supported values: http-01, dns-01, tls-alpn-01.
+# Default: http-01
+#CHALLENGETYPE="http-01"
+
+# Path to a directory containing additional config files.
+# This allows overriding the defaults found in the main configuration file.
+# Additional config files in this directory must be named with a '.sh' ending.
+# Default: <unset>
+#CONFIG_D=""
+
+# Base directory for account key, generated certificates and list of domains.
+# Default: $SCRIPTDIR
+BASEDIR="/etc/dehydrated"
+
+# File containing the list of domains for which to request certificates.
+# Default: $BASEDIR/domains.txt
+DOMAINS_TXT="${BASEDIR}/domains"
+
+# Directory for per-domain configuration files.
+# If not set, per-domain configurations are sourced from each certificates output directory.
+# Default: <unset>
+DOMAINS_D="${BASEDIR}/domains.d"
+
+# Output directory for generated certificates.
+# Default: ${BASEDIR}/certs
+#CERTDIR="${BASEDIR}/certs"
+
+# Output directory for alpn verification certificates.
+# Default: ${BASEDIR}/alpn-certs
+#ALPNCERTDIR="${BASEDIR}/alpn-certs"
+
+# Directory for account keys and registration information.
+# Default: ${BASEDIR}/accounts
+#ACCOUNTDIR="${BASEDIR}/accounts"
+
+# Output directory for challenge-tokens to be served by webserver, or deployed in $HOOK.
+# Default: /var/www/dehydrated
+WELLKNOWN="/srv/dehydrated"
+
+# Default keysize for private keys.
+# Default: 4096
+#KEYSIZE="4096"
+
+# Path to openssl config file.
+# To try and figure out the system default, leave this unset.
+# Default: <unset>
+#OPENSSL_CNF=""
+
+# Path to OpenSSL binary.
+# Default: openssl
+#OPENSSL="openssl"
+
+# Extra options passed to the curl binary.
+# Default: <unset>
+#CURL_OPTS=""
+
+# Program or function called at certain stages of processing.
+# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
+# Default: <unset>
+HOOK="${BASEDIR}/hooks/default"
+
+# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
+# Default: no
+#HOOK_CHAIN="no"
+
+# Minimum days before expiration to automatically renew certificate.
+# Default: 30
+#RENEW_DAYS="30"
+
+# Regenerate private keys instead of just signing new certificates on renewal?
+# Default: yes
+PRIVATE_KEY_RENEW="no"
+
+# Create an extra private key for rollover?
+# Default: no
+#PRIVATE_KEY_ROLLOVER="no"
+
+# Which public key algorithm should be used?
+# Supported: rsa, prime256v1, secp384r1.
+# Default: rsa
+KEY_ALGO="secp384r1"
+
+# E-mail to use during the registration.
+# Default: <unset>
+CONTACT_EMAIL="sysadmin@slackware.uk"
+
+# Lockfile location, to prevent concurrent execution.
+# Default: $BASEDIR/lock
+LOCKFILE="/run/dehydrated.lock"
+
+# Option to add CSR-flag indicating OCSP stapling to be mandatory.
+# Default: no
+#OCSP_MUST_STAPLE="no"
+
+# Fetch OCSP responses.
+# Default: no
+#OCSP_FETCH="no"
+
+# OCSP refresh interval, in days.
+# Default: 5
+#OCSP_DAYS="5"
+
+# Issuer chain cache directory.
+# Default: $BASEDIR/chains
+#CHAINCACHE="${BASEDIR}/chains"
+
+# Automatic cleanup?
+# Default: no
+AUTO_CLEANUP="yes"
+
+# ACME API version.
+# Default: auto
+#API=auto

etc/dehydrated/domains

@@ -0,0 +1,32 @@
+# Create certificate for 'example.org' with an alternative name of
+# 'www.example.org'. It will be stored in the directory ${CERT_DIR}/example.org
+#example.org www.example.org
+
+# Create certificate for 'example.com' with alternative names of
+# 'www.example.com' & 'wiki.example.com'. It will be stored in the directory
+# ${CERT_DIR}/example.com
+#example.com www.example.com wiki.example.com
+
+# Using the alias 'certalias' create certificate for 'example.net' with
+# alternate name 'www.example.net' and store it in the directory
+# ${CERTDIR}/certalias
+#example.net www.example.net > certalias
+
+# Using the alias 'service_example_com' create a wildcard certificate for
+# '*.service.example.com' and store it in the directory
+# ${CERTDIR}/service_example_com
+# NOTE: It is NOT a certificate for 'service.example.com'
+#*.service.example.com > service_example_com
+
+# Using the alias 'star_service_example_org' create a wildcard certificate for
+# '*.service.example.org' with an alternative name of `service.example.org'
+# and store it in the directory ${CERTDIR}/star_service_example_org
+# NOTE: It is a certificate for 'service.example.org'
+#*.service.example.org service.example.org  > star_service_example_org
+
+# Create a certificate for 'service.example.net' with an alternative name of
+# '*.service.example.net' (which is a wildcard domain) and store it in the
+# directory ${CERTDIR}/service.example.net
+#service.example.net *.service.example.net
+
+core.slackware.uk.net

etc/dehydrated/domains.d/_example_

@@ -0,0 +1,48 @@
+# The settings in this file can be used to override those in the global config file in /etc/dehydrated
+
+# Which challenge should be used?
+# Supported values: http-01, dns-01, tls-alpn-01.
+# Default: http-01
+#CHALLENGETYPE="http-01"
+
+# Default keysize for private keys.
+# Default: 4096
+#KEYSIZE="4096"
+
+# Program or function called at certain stages of processing.
+# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
+# Default: <unset>
+#HOOK=""
+
+# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
+# Default: no
+#HOOK_CHAIN="no"
+
+# Minimum days before expiration to automatically renew certificate.
+# Default: 30
+#RENEW_DAYS="30"
+
+# Regenerate private keys instead of just signing new certificates on renewal?
+# Default: yes
+#PRIVATE_KEY_RENEW="yes"
+
+# Create an extra private key for rollover?
+# Default: no
+#PRIVATE_KEY_ROLLOVER="no"
+
+# Which public key algorithm should be used?
+# Supported: rsa, prime256v1, secp384r1.
+# Default: rsa
+#KEY_ALGO="rsa"
+
+# Option to add CSR-flag indicating OCSP stapling to be mandatory.
+# Default: no
+#OCSP_MUST_STAPLE="no"
+
+# Fetch OCSP responses.
+# Default: no
+#OCSP_FETCH="no"
+
+# OCSP refresh interval, in days.
+# Default: 5
+#OCSP_DAYS="5"

etc/dehydrated/domains.d/core.slackware.uk.net

@@ -0,0 +1,48 @@
+# The settings in this file can be used to override those in the global config file in /etc/dehydrated
+
+# Which challenge should be used?
+# Supported values: http-01, dns-01, tls-alpn-01.
+# Default: http-01
+#CHALLENGETYPE="http-01"
+
+# Default keysize for private keys.
+# Default: 4096
+#KEYSIZE="4096"
+
+# Program or function called at certain stages of processing.
+# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
+# Default: <unset>
+#HOOK=""
+
+# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
+# Default: no
+#HOOK_CHAIN="no"
+
+# Minimum days before expiration to automatically renew certificate.
+# Default: 30
+#RENEW_DAYS="30"
+
+# Regenerate private keys instead of just signing new certificates on renewal?
+# Default: yes
+#PRIVATE_KEY_RENEW="yes"
+
+# Create an extra private key for rollover?
+# Default: no
+#PRIVATE_KEY_ROLLOVER="no"
+
+# Which public key algorithm should be used?
+# Supported: rsa, prime256v1, secp384r1.
+# Default: rsa
+#KEY_ALGO="rsa"
+
+# Option to add CSR-flag indicating OCSP stapling to be mandatory.
+# Default: no
+#OCSP_MUST_STAPLE="no"
+
+# Fetch OCSP responses.
+# Default: no
+#OCSP_FETCH="no"
+
+# OCSP refresh interval, in days.
+# Default: 5
+#OCSP_DAYS="5"

etc/dehydrated/hooks/default

@@ -0,0 +1,436 @@
+#!/usr/bin/env bash
+# This file contains the default hook functions for dehydrated - these functions will be used when there is no overriding certificate specific hooks file.
+# All but startup_hook and ext_hook can be overridden by a hooks script on a per certificate basis.
+#
+# shellcheck disable=SC2034,SC2317
+
+# Configuration.
+# Where the copies of the current certificates/keys should be placed.  Comment for no copying.
+CERTSDIR="/etc/certificates"
+# The syslog facility and tag to use.
+FACILITY="local3"
+TAG="dehydrated"
+# Where from/to to send emails.
+EMAIL_FROM="\"Server: ${HOSTNAME%%.*}\" <noreply@slackware.uk>"
+EMAIL_TO=("Systems' Administrator <sysadmin@slackware.uk>")
+
+# Get the system ID.
+# shellcheck disable=SC2046
+declare SYSTEM_$(grep '^ID=' /etc/os-release 2>/dev/null)
+
+# Write a message to syslog, and send a copy via email.
+notify() {
+  local LOG_PREFIX="${LOG_PREFIX:-Certificate renewal} $1" PRIORITY
+
+  [[ -z "$1" ]] && return 1
+
+  # Select the syslog priority level.
+  case "$1" in
+    'error') PRIORITY="err" ;;
+    'warning') PRIORITY="warn" ;;
+    *) PRIORITY="info" ;;
+  esac
+  shift
+
+  # Log the message to syslog
+  if [[ "$ID" == "alpine" ]]; then
+    # BusyBox logger on Alpine's is missing the --id option.
+    printf "%s\\n" "$LOG_PREFIX:" "$@" "EOX" | logger -p "$FACILITY.$PRIORITY" -t "$TAG" >/dev/null 2>&1
+  else
+    printf "%s\\n" "$LOG_PREFIX:" "$@" "EOX" | logger --id="$$" -p "$FACILITY.$PRIORITY" -t "$TAG" >/dev/null 2>&1
+  fi
+
+  # Email the notification.
+  printf "%s\\n" "$@" | mail -r "$EMAIL_FROM" -s "$LOG_PREFIX" "${EMAIL_TO[@]}" >/dev/null 2>&1
+
+  return 0
+}
+
+# Service configurations (used at startup/shutdown).
+services() {
+  local DAEMON ERR=0 LOG_PREFIX="Dehydrated configuration" PIDFILE RCFILE SANITY="$1"
+
+  # Select the service configuration based on the distribution.
+  # RCFILE_<service> is required for any service.
+  # Either DAEMON_<service> or PIDFILE_<service>, or both is required for any service.
+  if [[ "$SYSTEM_ID" == "slackware" ]]; then
+    # HTTP daemon selection.
+    if [[ -x "/etc/rc.d/rc.httpd" ]]; then
+      RCFILE_HTTPD="/etc/rc.d/rc.httpd"
+      DAEMON_HTTPD="httpd"
+      PIDFILE_HTTPD="/run/httpd.pid"
+    elif [[ -x "/etc/rc.d/rc.thttpd" ]]; then
+      RCFILE_HTTPD="/etc/rc.d/rc.thttpd"
+      DAEMON_HTTPD="thttpd"
+      PIDFILE_HTTPD="/run/thttpd.pid"
+    fi
+    # FTP daemon selection.
+    if [[ -x "/etc/rc.d/rc.proftpd" ]]; then
+      RCFILE_FTPD="/etc/rc.d/rc.proftpd"
+      DAEMON_FTPD="proftpd"
+      PIDFILE_FTPD="/run/proftpd.pid"
+    fi
+    # SMTP daemon selection.
+    if [[ -x "/etc/rc.d/rc.exim" ]]; then
+      RCFILE_SMTPD="/etc/rc.d/rc.exim"
+      DAEMON_SMTPD="exim"
+      PIDFILE_SMTPD="/run/exim.pid"
+    fi
+  elif [[ "$SYSTEM_ID" == "void" ]]; then
+    # HTTP daemon selection.
+    # thttpd on Void doesn't have a directly callable rc script, so can't be supported.
+    if [[ -x "/usr/sbin/apachectl" ]]; then
+      RCFILE_HTTPD="/usr/sbin/apachectl"
+      DAEMON_HTTPD="httpd"
+      PIDFILE_HTTPD="/run/httpd/httpd.pid"
+    fi    
+  elif [[ "$SYSTEM_ID" == "alpine" ]]; then
+    # HTTP daemon selection.
+    if [[ -x "/etc/init.d/apache2" ]]; then
+      RCFILE_HTTPD="/etc/init.d/apache2"
+      DAEMON_HTTPD="httpd"
+      PIDFILE_HTTPD="/run/apache2/httpd.pid"
+    elif [[ -x "/etc/init.d/thttpd" ]]; then
+      RCFILE_HTTPD="/etc/init.d/thttpd"
+      DAEMON_HTTPD="thttpd"
+      PIDFILE_HTTPD="/run/thttpd.pid"
+    fi
+    # Samba daemon selection.
+    if [[ -x "/etc/init.d/samba" ]]; then
+# FIXME:
+#      RCFILE_SAMBA="/etc/init.d/samba"
+      DAEMON_SAMBA="samba"
+      PIDFILE_SAMBA="/run/samba.pid"
+    fi
+  fi
+
+  # Sanity check settings.
+  ((SANITY == 1)) && {
+    [[ -z "$RCFILE_HTTPD" ]] && notify "warning" "No configuration settings for an HTTP daemon - no start/restart of HTTP daemon is possible -- check configuration"
+    for RCFILE in "${!RCFILE_@}"; do
+      DAEMON="DAEMON_${RCFILE#RCFILE_}"
+      PIDFILE="PIDFILE_${RCFILE#RCFILE_}"
+      [[ -n "${!RCFILE}" ]] && [[ -z "${!DAEMON}" ]] && [[ -z "${!PIDFILE}" ]] && notify "error" "'$RCFILE' is set, but neither '$DAEMON' nor '$PIDFILE' is set - at least one setting is required -- aborting" && ERR=1
+    done
+  }
+
+  ((ERR == 1)) && return 1
+
+  return 0
+}
+
+deploy_challenge() {
+  local DOMAIN="$1" TOKEN_FILENAME="$2" TOKEN_VALUE="$3"
+
+  # This hook is called once for every domain that needs to be
+  # validated, including any alternative names you may have listed.
+  # Parameters:
+  #   DOMAIN - The domain name (CN or subject alternative name) being validated.
+  #   TOKEN_FILENAME - The name of the file containing the token to be served for HTTP validation
+  #                    Should be served by your web server as /.well-known/acme-challenge/${TOKEN_FILENAME}.
+  #   TOKEN_VALUE - The token value that needs to be served for validation.
+  #                 For DNS validation, this is what you want to put in the _acme-challenge TXT record.
+  #                 For HTTP validation it is the value that is expected be found in the $TOKEN_FILENAME file.
+
+  # Simple example: Use nsupdate with local named
+  # printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 300 IN TXT "%s"\nsend\n' "$DOMAIN" "$TOKEN_VALUE" | nsupdate -k /var/run/named/session.key
+
+  return 0
+}
+
+
+clean_challenge() {
+  local DOMAIN="$1" TOKEN_FILENAME="$2" TOKEN_VALUE="$3"
+
+  # This hook is called after attempting to validate each domain, whether or not validation was successful. Here you can delete files or DNS records that are no longer needed.
+  # The parameters are the same as for deploy_challenge.
+
+  # Simple example: Use nsupdate with local named
+  # printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "$DOMAIN" "$TOKEN_VALUE" | nsupdate -k /var/run/named/session.key
+
+  return 0
+}
+
+
+sync_cert() {
+  local KEYFILE="$1" CERTFILE="$2" FULLCHAINFILE="$3" CHAINFILE="$4" REQUESTFILE="$5"
+
+  # This hook is called after the certificates have been created but before they are symlinked.
+  # This allows you to sync the files to disk to prevent creating a symlink to empty files on unexpected system crashes.
+  # This hook is not intended to be used for further processing of certificate files; see deploy_cert for that.
+  # Parameters:
+  #   KEYFILE - The path of the file containing the private key.
+  #   CERTFILE - The path of the file containing the signed certificate.
+  #   FULLCHAINFILE - The path of the file containing the full certificate chain.
+  #   CHAINFILE - The path of the file containing the intermediate certificate(s).
+  #   REQUESTFILE - The path of the file containing the certificate signing request.
+
+  # Simple example: sync the files before symlinking them
+  # sync "$KEYFILE" "$CERTFILE" "$FULLCHAINFILE" "$CHAINFILE" "$REQUESTFILE"
+
+  return 0
+}
+
+
+deploy_cert() {
+  local DOMAIN="$1" KEYFILE="$2" CERTFILE="$3" FULLCHAINFILE="$4" CHAINFILE="$5" TIMESTAMP="$6"
+
+  # This hook is called once for each certificate that has been produced.
+  # Here you might, for instance, copy your new certificates to service-specific locations and reload the service.
+  # Parameters:
+  #   DOMAIN - The primary domain name, i.e. the certificate common name (CN).
+  #   KEYFILE - The path of the file containing the private key. 
+  #   CERTFILE - The path of the file containing the signed certificate.
+  #   FULLCHAINFILE - The path of the file containing the full certificate chain.
+  #   CHAINFILE - The path of the file containing the intermediate certificate(s).
+  #   TIMESTAMP - Timestamp when the specified certificate was created.
+
+  local FILE LOG_PREFIX="Certificate deployment"
+
+  # Only copy the certificate if there's a CERTSDIR setting.
+  [[ -n "$CERTSDIR" ]] && {
+    # If any of the destination files are symlinks, bail out - we don't want to clobber something.
+    for FILE in "$CERTSDIR/${DOMAIN}_"{cert,key,chain,fullchain}.pem; do
+      [[ -e "$FILE" ]] && [[ -L "$FILE" ]] && {
+        notify "error" "Will not copy to symlink '$FILE' during '$DOMAIN' certificate deployment"
+        # Return 0 so that dehydrated doesn't stop - there may be some more certificates to renew.
+        return 0
+      }
+    done
+
+    # The first time through this will create the files readable by root only, but better to err on the side of caution.
+    # Subsequent runs will retain whatever permissions were set by the admin after the first run.
+    cmp "$CERTFILE" "$CERTSDIR/${DOMAIN}_cert.pem" >/dev/null 2>&1 || {
+      umask 066
+      # shellcheck disable=SC2015
+      cat "$CERTFILE" >"$CERTSDIR/${DOMAIN}_cert.pem" && cat "$KEYFILE" >"$CERTSDIR/${DOMAIN}_key.pem" && cat "$CHAINFILE" >"$CERTSDIR/${DOMAIN}_chain.pem" && cat "$FULLCHAINFILE" >"$CERTSDIR/${DOMAIN}_fullchain.pem" || {
+        notify "error" "Failed to copy certificates/key to '$CERTSDIR' during '$DOMAIN' certificate deployment"
+        # Return 0 so that dehydrated doesn't stop - there may be some more certificates to renew.
+        return 0
+      }
+    }
+
+    # Set a marker (used in the exit_hook function) to signal that services should be reloaded at the end of deployments.
+    touch /run/dehydrated-reload-marker || {
+      notify "warning" "Failed to create reload marker during '$DOMAIN' certificate deployment - reloading services manually may be required -- check server"
+      # Return 0 so that dehydrated doesn't stop - there may be some more certificates to renew.
+      return 0
+    }
+  }
+
+  # Notify the sysadmin of the sucessful renewal.
+  notify "information" "Sucessful renewal and deployment of certificate/key for '$DOMAIN'"
+
+  return 0
+}
+
+
+deploy_ocsp() {
+  local DOMAIN="$1" OCSPFILE="$2" TIMESTAMP="$3"
+
+  # This hook is called once for each updated ocsp stapling file that has been produced.
+  # Here you might, for instance, copy your new ocsp stapling files to service-specific locations and reload the service.
+  # Parameters:
+  #   DOMAIN - The primary domain name, i.e. the certificate common name (CN).
+  #   OCSPFILE - The path of the ocsp stapling file.
+  #   TIMESTAMP - Timestamp when the specified ocsp stapling file was created.
+
+  # Simple example: Copy file to nginx config
+  # cp "$OCSPFILE" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
+  # systemctl reload nginx
+
+  return 0
+}
+
+
+unchanged_cert() {
+  local DOMAIN="$1" KEYFILE="$2" CERTFILE="$3" FULLCHAINFILE="$4" CHAINFILE="$5"
+
+  # This hook is called once for each certificate that is still valid and therefore wasn't reissued.
+  # Parameters:
+  #   DOMAIN - The primary domain name, i.e. the certificate common name (CN).
+  #   KEYFILE - The path of the file containing the private key.
+  #   CERTFILE - The path of the file containing the signed certificate.
+  #   FULLCHAINFILE - The path of the file containing the full certificate chain.
+  #   CHAINFILE - The path of the file containing the intermediate certificate(s).
+
+  return 0
+}
+
+
+invalid_challenge() {
+  local DOMAIN="$1" RESPONSE="$2"
+
+  # This hook is called if the challenge response has failed, so domain owners can be aware and act accordingly.
+  # Parameters:
+  #   DOMAIN - The primary domain name, i.e. the certificate common name (CN).
+  #   RESPONSE - The response that the verification server returned
+
+  # Notify the sysadmin.
+  notify "error" "Validation of '$DOMAIN' failed:" "$RESPONSE"
+
+  return 0
+}
+
+
+request_failure() {
+  local STATUSCODE="$1" REASON="$2" REQTYPE="$3" HEADERS="$4"
+
+  # This hook is called when an HTTP request fails (e.g., when the ACME server is busy, returns an error, etc).
+  # It will be called upon any response code that does not start with '2'. Useful to alert admins about problems with requests.
+  # Parameters:
+  #   STATUSCODE - The HTML status code that originated the error.
+  #   REASON - The specified reason for the error.
+  #   REQTYPE - The kind of request that was made (GET, POST...)
+
+  # Notify the sysadmin.
+  notify "error" "HTTP $REQTYPE request failed for '$DOMAIN' with code '$STATUSCODE'" "Reason: $REASON" "Headers:" "$HEADERS"
+
+  return 0
+}
+
+
+generate_csr() {
+  local DOMAIN="$1" CERTDIR="$2" ALTNAMES="$3"
+
+  # This hook is called before any certificate signing operation takes place.
+  # It can be used to generate or fetch a certificate signing request with external tools.
+  # The output should be just the cerificate signing request formatted as PEM.
+  # Parameters:
+  #   DOMAIN - The primary domain as specified in domains.txt.
+  #            This does not need to match with the domains in the CSR, it's basically just the directory name.
+  #   CERTDIR - Certificate output directory for this particular certificate.
+  #             Can be used for storing additional files.
+  #   ALTNAMES -  All domain names for the current certificate as specified in domains.txt.
+  #               Again, this doesn't need to match with the CSR, it's just there for convenience.
+
+  # Simple example: Look for pre-generated CSRs
+  # if [ -e "$CERTDIR/pre-generated.csr" ]; then
+  #   cat "$CERTDIR/pre-generated.csr"
+  # fi
+
+  return 0
+}
+
+
+startup_hook() {
+  # This hook is called before the cron command to do some initial tasks (e.g. starting a webserver).
+
+  local LOG_PREFIX="Dehydrated startup"
+
+  # Read services configuration (with sanity check)
+  services 1 || return 1
+
+  # Make sure the certificates directory exists.
+  [[ -n "$CERTSDIR" ]] && {
+    umask 022
+    # shellcheck disable=SC2174
+    mkdir -p -m 0755 "$CERTSDIR" 2>/dev/null || {
+      notify "error" "Failed to create certificate storage directory -- aborting"
+      return 1
+    }
+  }
+
+  # If an HTTP daemon rc script is available and the service is not already running, start it.
+  [[ -n "$RCFILE_HTTPD" ]] && {
+    pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || {
+      "$RCFILE_HTTPD" start >/dev/null 2>&1
+      sleep 5
+      if pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1; then
+        # Set a marker (used in exit_hook()) to signal that the HTTP daemon should be stopped at the end of deployments.
+        touch /run/dehydrated-http-daemon-stop-marker 2>/dev/null || notify "warning" "Failed to create HTTP daemon stop marker - HTTP daemon will be left running -- check server"
+      else
+        notify "error" "Failure of '$RCFILE_HTTPD' to start HTTP daemon -- aborting"
+        return 1
+      fi
+    }
+  }
+
+  # Add firewall rules to allow HTTP traffic so the nonce can be validated.
+  { iptables -N dehydrated && ip6tables -N dehydrated && iptables -I INPUT 1 -j dehydrated && ip6tables -I INPUT 1 -j dehydrated && iptables -I dehydrated 1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT && ip6tables -I dehydrated 1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT; } >/dev/null 2>&1 || {
+    notify "error" "Failed to insert firewall rules to allow nonce validation -- aborting"
+    return 1
+  }
+
+  return 0
+}
+
+
+exit_hook() {
+  local ERROR="$1"
+
+  # This hook is called at the end of the cron command and can be used to do some final (cleanup or other) tasks.
+  # Parameters:
+  #   ERROR - Contains error message if dehydrated exits with error.
+
+  local DAEMON ERR=0 LOG_PREFIX="Dehydrated shutdown" PIDFILE RCFILE TIMEOUT=30
+
+  # Read services configuration (without sanity check - this was already done at startup)
+  services 0 || return 1
+
+  # Delete firewall rules that was added to allow HTTP traffic.
+  iptables -C INPUT -j dehydrated >/dev/null 2>&1 && iptables -D INPUT -j dehydrated >/dev/null 2>&1
+  ip6tables -C INPUT -j dehydrated >/dev/null 2>&1 && ip6tables -D INPUT -j dehydrated >/dev/null 2>&1
+  iptables -F dehydrated >/dev/null 2>&1
+  ip6tables -F dehydrated >/dev/null 2>&1
+  iptables -X dehydrated >/dev/null 2>&1
+  ip6tables -X dehydrated >/dev/null 2>&1
+  
+  # If the reload marker was set, restart services.
+  [[ -e /run/dehydrated-reload-marker ]] && {
+    for RCFILE in "${!RCFILE_@}"; do
+      DAEMON="DAEMON_${RCFILE#RCFILE_}"
+      PIDFILE="PIDFILE_${RCFILE#RCFILE_}"
+      # If the HTTP daemon is going to be shut down, there's no need to restart it.
+      [[ "$RCFILE" == "RCFILE_HTTPD" ]] && [[ -e /run/dehydrated-http-daemon-stop-marker ]] && continue
+      # Restart the service.
+      "${!RCFILE}" restart >/dev/null 2>&1 || notify "warning" "Failed to restart service '${!DAEMON}' -- check server"
+      sleep "$TIMEOUT"
+      pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || {
+        notify "warning" "Service '${!DAEMON}' exited unexpectedly - trying to start again"
+        "${!RCFILE}" start >/dev/null 2>&1 || notify "warning" "Failed to start service '${!DAEMON}' -- check server"
+        sleep "$TIMEOUT"
+        pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || {
+          notify "warning" "Service '${!DAEMON}' failed to restart correctly -- check server"
+          ERR=1
+        }
+      }
+    done
+  }
+
+  # Remove the reload marker if all services restarted without issue.  Keep the marker if any failed.
+  ((ERR == 0)) && { rm -f /run/dehydrated-reload-marker 2>/dev/null || notify "warning" "Failed to remove services reload marker -- check server"; }
+
+  # If an HTTP daemon was started by dehydrated, stop it now.
+  ERR=0
+  [[ -e /run/dehydrated-http-daemon-stop-marker ]] && {
+    pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && {    
+      "$RCFILE_HTTPD" stop >/dev/null 2>&1 || notify "warning" "Failed to gracefully stop service '$DAEMON_HTTPD' -- check server"
+      sleep "$TIMEOUT"
+      pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && {
+        pkill -TERM ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || notify "warning" "Failed to -SIGTERM service '$DAEMON_HTTPD' -- check server"
+        sleep "$TIMEOUT"
+        pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && {
+          pkill -KILL ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || notify "warning" "Failed to -SIGKILL service '$DAEMON_HTTPD' -- check server"
+          sleep 5
+        }
+      }
+      pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && notify "warning" "Failed to stop HTTP daemon that dehydrated started" && ERR=1
+    }
+  }
+
+  # If the HTTP daemon was stopped correctly, remove the stop marker.
+  ((ERR == 0)) && { rm -f /run/dehydrated-http-daemon-stop-marker 2>/dev/null || notify "warning" "Failed to remove HTTP daemon stop marker -- check server"; }
+
+  return 0
+}
+
+# Run the correct function.
+HANDLER="$1"
+shift
+if declare -pF "$HANDLER" >/dev/null 2>&1; then
+  "$HANDLER" "$@"
+  exit "$?"
+else
+  exit 0
+fi  

etc/fusiondirectory/fusiondirectory-apache.conf

@@ -0,0 +1,8 @@
+# Include FusionDirectory to your web service
+Alias /fusiondirectory /usr/share/fusiondirectory/html
+
+<Directory /usr/share/fusiondirectory/html>
+# Remove the comment from the line below if you use fusiondirectory-configuration-manager --encrypt-passwords
+#   include /etc/fusiondirectory/fusiondirectory.secrets
+</Directory>
+

etc/fusiondirectory/fusiondirectory.conf

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<conf>
+  <main default="Slackware UK LDAP Server" logging="true" displayerrors="true" debuglevel="1024" templateCompileDirectory="/var/cache/fusiondirectory/template/" theme="breezy">
+    <location name="Slackware UK LDAP Server" forceSSL="true">
+      <referral URI="ldaps://core.slackware.uk.net:636" base="dc=slackware,dc=uk,dc=net" adminDn="cn=Administrator,cn=Users,dc=slackware,dc=uk,dc=net" adminPassword="rxdnq8cksunsa$0D" />
+    </location>
+  </main>
+</conf>

etc/fusiondirectory/fusiondirectory.conf.orig

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<conf>
+  <main default="Slackware UK LDAP Server" logging="true" displayerrors="true" debuglevel="1024" templateCompileDirectory="/var/cache/fusiondirectory/template/" theme="breezy">
+    <location name="Slackware UK LDAP Server" forceSSL="true">
+      <referral URI="ldaps://core.slackware.uk.net:636" base="dc=slackware,dc=uk,dc=net" adminDn="cn=Administrator,cn=Users,dc=slackware,dc=uk,dc=net" adminPassword="rxdnq8cksunsa$0D" />
+    </location>
+  </main>
+</conf>

etc/group

@@ -0,0 +1,57 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+systemd-journal:x:999:
+systemd-network:x:998:
+messagebus:x:997:
+systemd-resolve:x:996:
+input:x:995:
+sgx:x:994:
+clock:x:993:
+kvm:x:992:
+render:x:991:
+_ssh:x:101:
+polkitd:x:990:
+ssl-cert:x:102:
+sambashare:x:989:
+winbindd_priv:x:988:
+prometheus:x:103:
+uuidd:x:104:
+thb:x:500:thb
+netdev:x:105:
+crontab:x:987:

etc/hostname

@@ -0,0 +1 @@
+core.slackware.uk.net

etc/hosts

@@ -0,0 +1,5 @@
+127.0.1.1	core core.slackware.uk.net
+127.0.0.1	localhost localhost.localdomain
+::1		localhost ip6-localhost ip6-loopback localhost.localdomain
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters

etc/init.d/.gitignore

@@ -0,0 +1,3 @@
+/*
+!/.gitignore
+!/terraform-http-backend

etc/init.d/terraform-http-backend

@@ -0,0 +1,49 @@
+#!/bin/sh
+# Start/stop terraform-http-backend.
+#
+### BEGIN INIT INFO
+# Provides:          terraform-http-backend
+# Required-Start:    $network
+# Required-Stop:     $network
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Terraform HTTP state backend daemon
+# Description:       Terraform HTTP state backend daemon
+### END INIT INFO
+
+NAME=terraform-http-backend
+DAEMON=/opt/sbin/$NAME
+DESC="Terraform HTTP state backend"
+SCRIPT=terraform-http-backend
+
+test -x $DAEMON || exit 0
+
+[ -f /etc/default/terraform-http-backend ] && . /etc/default/terraform-http-backend
+export TF_USER TF_IP TF_PORT TF_STORAGE_DIR TF_AUTH_ENABLED TF_USERNAME TF_PASSWORD
+
+. /lib/lsb/init-functions
+
+case "$1" in
+	(start)
+		log_daemon_msg "Starting $DESC" $NAME
+		/usr/bin/su "$TF_USER" -c "$DAEMON >/dev/null 2>&1 &"
+		log_end_msg $?
+		;;
+	(stop)
+		log_daemon_msg "Stopping $DESC" $NAME
+		/usr/bin/killall -TERM $DAEMON
+		log_end_msg $?
+		;;
+	(restart|force-reload)
+		$0 stop && sleep 1 && $0 start
+		;;
+	(status)
+		status_of_proc $DAEMON $NAME && exit 0 || exit $?
+		;;
+	(*)
+		echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}"
+		exit 1
+		;;
+esac
+
+exit 0

etc/krb5.conf

@@ -0,0 +1,28 @@
+[logging]
+# FIXME:
+# default = FILE:/var/log/krb5libs
+# kdc = FILE:/var/log/krb5kdc
+# admin_server = FILE:/var/log/kadmind
+
+[libdefaults]
+ccache_type = 4
+default_realm = SLACKWARE.UK.NET
+dns_lookup_realm = false
+dns_lookup_kdc = false
+kdc_timesync = 1
+rdns = true
+forwardable = true
+proxiable = true
+ticket_lifetime = 24h
+renew_lifetime = 7d
+
+[realms]
+SLACKWARE.UK.NET = {
+  default_domain = slackware.uk.net
+  admin_server = core.slackware.uk.net
+  kdc = core.slackware.uk.net
+}
+
+[domain_realm]
+.slackware.uk.net = SLACKWARE.UK.NET
+core = SLACKWARE.UK.NET

etc/ldap/ldap.conf

@@ -0,0 +1,10 @@
+# LDAP Defaults
+
+URI			ldap://core.slackware.uk.net
+BASE			dc=slackware,dc=uk,dc=net
+VERSION			3
+
+TLS_CACERT		/etc/certificates/LetsEncrypt-CompleteCertificateStore.pem
+TLS_CERT		/etc/certificates/core.slackware.uk.net_cert.pem
+TLS_KEY			/etc/certificates/core.slackware.uk.net_key.pem
+TLS_PROTOCOL_MIN	3.3

etc/ldap/schema/.gitignore

@@ -0,0 +1 @@
+/fusiondirectory/

etc/ldap/schema/rfc2307bis.schema

@@ -0,0 +1,288 @@
+# builtin
+#
+#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+#  DESC 'An integer uniquely identifying a user in an administrative domain'
+#  EQUALITY integerMatch
+#  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+#  SINGLE-VALUE )
+
+# builtin
+#
+#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+#  DESC 'An integer uniquely identifying a group in an
+#        administrative domain'
+#  EQUALITY integerMatch
+#  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+#  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+  DESC 'The GECOS field; the common name'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+  DESC 'The absolute path to the home directory'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+  DESC 'The path to the login shell'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+  DESC 'Netgroup triple'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+  DESC 'Service port number'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+  DESC 'Service protocol name'
+  SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+  DESC 'IP protocol number'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+  DESC 'ONC RPC number'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+  DESC 'IPv4 addresses as a dotted decimal omitting leading
+        zeros or IPv6 addresses as defined in RFC2373'
+  SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+  DESC 'IP network as a dotted decimal, eg. 192.168,
+        omitting leading zeros'
+  SUP name
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+  DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0,
+        omitting leading zeros'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+  DESC 'MAC address in maximal, colon separated hex
+        notation, eg. 00:00:92:90:ee:e2'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+  DESC 'rpc.bootparamd parameter'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+  DESC 'Boot image name'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+  DESC 'Name of a A generic NIS map'
+  SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+  DESC 'A generic NIS entry'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
+  DESC 'NIS public key'
+  EQUALITY octetStringMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
+  DESC 'NIS secret key'
+  EQUALITY octetStringMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
+  DESC 'NIS domain'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
+  DESC 'automount Map Name'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
+  DESC 'Automount Key value'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
+  DESC 'Automount information'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
+  DESC 'Abstraction of an account with POSIX attributes'
+  MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+  MAY ( userPassword $ loginShell $ gecos $
+        description ) )
+
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+  DESC 'Additional attributes for shadow passwords'
+  MUST uid
+  MAY ( userPassword $ description $
+        shadowLastChange $ shadowMin $ shadowMax $
+        shadowWarning $ shadowInactive $
+        shadowExpire $ shadowFlag ) )
+
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
+  DESC 'Abstraction of a group of accounts'
+  MUST gidNumber
+  MAY ( userPassword $ memberUid $
+        description ) )
+
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
+  DESC 'Abstraction an Internet Protocol service.
+        Maps an IP port and protocol (such as tcp or udp)
+        to one or more names; the distinguished value of
+        the cn attribute denotes the services canonical
+        name'
+  MUST ( cn $ ipServicePort $ ipServiceProtocol )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
+  DESC 'Abstraction of an IP protocol. Maps a protocol number
+        to one or more names. The distinguished value of the cn
+        attribute denotes the protocols canonical name'
+  MUST ( cn $ ipProtocolNumber )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
+  DESC 'Abstraction of an Open Network Computing (ONC)
+       [RFC1057] Remote Procedure Call (RPC) binding.
+       This class maps an ONC RPC number to a name.
+       The distinguished value of the cn attribute denotes
+       the RPC services canonical name'
+  MUST ( cn $ oncRpcNumber )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
+  DESC 'Abstraction of a host, an IP device. The distinguished
+        value of the cn attribute denotes the hosts canonical
+        name. Device SHOULD be used as a structural class'
+  MUST ( cn $ ipHostNumber )
+  MAY ( userPassword $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
+  DESC 'Abstraction of a network. The distinguished value of
+        the cn attribute denotes the networks canonical name'
+  MUST ipNetworkNumber
+  MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
+  DESC 'Abstraction of a netgroup. May refer to other netgroups'
+  MUST cn
+  MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
+  DESC 'A generic abstraction of a NIS map'
+  MUST nisMapName
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
+  DESC 'An entry in a NIS map'
+  MUST ( cn $ nisMapEntry $ nisMapName )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
+  DESC 'A device with a MAC address; device SHOULD be
+        used as a structural class'
+  MAY macAddress )
+
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
+  DESC 'A device with boot parameters; device SHOULD be
+        used as a structural class'
+  MAY ( bootFile $ bootParameter ) )
+
+objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
+  DESC 'An object with a public and secret key'
+  MUST ( cn $ nisPublicKey $ nisSecretKey )
+  MAY ( uidNumber $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
+  DESC 'Associates a NIS domain with a naming context'
+  MUST nisDomain )
+
+objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
+  MUST ( automountMapName )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
+  DESC 'Automount information'
+  MUST ( automountKey $ automountInformation )
+  MAY description )
+## namedObject is needed for groups without members
+objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top
+       STRUCTURAL MAY cn )
+

etc/login.defs

@@ -0,0 +1,192 @@
+#
+# /etc/login.defs - Configuration control definitions for the shadow package.
+#
+
+# REQUIRED for useradd/userdel/usermod
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define MAIL_DIR and MAIL_FILE,
+#   MAIL_DIR takes precedence.
+#
+#   Essentially:
+#      - MAIL_DIR defines the location of users mail spool files
+#        (for mbox use) by appending the username to MAIL_DIR as defined
+#        below.
+#      - MAIL_FILE defines the location of the users mail spool files as the
+#        fully-qualified filename obtained by prepending the user home
+#        directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+#       which is, starting from shadow 4.0.12-1 in Debian, entirely the
+#       job of the pam_mail PAM modules
+#       See default PAM configuration files provided for
+#       login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR        /var/mail
+#MAIL_FILE      .mail
+
+#
+# Enable display of unknown usernames when login(1) failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable.
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB	no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		yes
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format similar to "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH	PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions for terminals after login(1).
+# These settings are ignored for remote and other logins.
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+#TTYGROUP	tty
+TTYPERM		0600
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+#
+ERASECHAR	0177
+KILLCHAR	025
+
+# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+# home directories.
+HOME_MODE	0700
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd(8)
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+#SYS_UID_MIN		  101
+#SYS_UID_MAX		  999
+# Extra per user uids
+SUB_UID_MIN		   100000
+SUB_UID_MAX		600100000
+SUB_UID_COUNT		    65536
+
+#
+# Min/max values for automatic gid selection in groupadd(8)
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+#SYS_GID_MIN		  101
+#SYS_GID_MAX		  999
+# Extra per user group ids
+SUB_GID_MIN		   100000
+SUB_GID_MAX		600100000
+SUB_GID_COUNT		    65536
+
+#
+# Max number of login(1) retries if password is bad
+# This will most likely be overriden by PAM, since the default pam_unix module
+# has it's own built in of 3 retries. However, this is a safe fallback in case
+# you are using an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES		3
+
+#
+# Max time in seconds for login(1)
+#
+LOGIN_TIMEOUT		30
+
+#
+# Which fields may be changed by regular users using chfn(1) - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+CHFN_RESTRICT		rwh
+
+#
+# If set to MD5, MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD YESCRYPT
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default is no.
+#
+DEFAULT_HOME	yes
+
+#
+# The pwck(8) utility emits a warning for any system account with a home
+# directory that does not exist.  Some system accounts intentionally do
+# not have a home directory.  Such accounts may have this string as
+# their home directory in /etc/passwd to avoid a spurious warning.
+#
+NONEXISTENT	/nonexistent
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If set to yes, userdel(8) will remove the user's group if it contains no more
+# members, and useradd(8) will create by default a group with the name of the
+# user.
+#
+# Other former uses of this variable are not used in PAM environments, such as
+# Debian.
+#
+USERGROUPS_ENAB yes

etc/motd

@@ -0,0 +1 @@
+

etc/msmtp.aliases

@@ -0,0 +1 @@
+default:	sysadmin@slackware.uk

etc/msmtprc.gpg

@@ -0,0 +1,2 @@
+Ś
	
+ËSč<EFBFBD>đHuńŇŔo
ě<>śĂ2Li6Ć0*ř„›<E2809E>ę÷Č>,Q‚D‘¸IÄ2fX~ŃUBŘ•“4ídîłw‡EŻ˛pâă®Ďi”n×ĐĹŘÍčéîú˛`׎U7v<37>Ž…:ŘţOír\F¤(,7g€é^đjˇ\Čş^łáĽŇćxßš]ZŢJoÔpÇÜôĹ$»‰{N,Vđ­¨O–ha~'eYꍣ¸CŹź<C5B9>"ţR­EĎ—äŢ-/ŃÝšH +Žc
Ýđ@žo˝ŠĚw^<03>Ó2č^pú|dŮ+L1"Lx
Ë"ř0	—ŹîĽ^q‡žá”ŐÄPőIŃSukóJ>´ˇ&<26>‰zoíošť¶ÍŇş¨ţŕ•R˛o8˝˙ŠvđŠgË̤jŻq‹55SˇęoT

etc/network/.gitignore

@@ -0,0 +1,6 @@
+/if-down.d/
+/if-post-down.d/
+/if-post-up.d/
+/if-pre-down.d/
+/if-pre-up.d/
+/if-up.d/

etc/network/interfaces

@@ -0,0 +1,3 @@
+# interfaces(5) file used by ifup(8) and ifdown(8)
+# Include files from /etc/network/interfaces.d:
+source /etc/network/interfaces.d/*

etc/network/interfaces.d/eth0

@@ -0,0 +1,9 @@
+auto eth0
+iface eth0 inet static
+  address 5.101.171.215/28
+  gateway 5.101.171.209
+  mtu 1500
+iface eth0 inet6 static
+  address 2a01:a500:2981:1::d7/64
+  gateway 2a01:a500:2981:1:ff:ff:ff:ff
+  mtu 1500

etc/network/interfaces.d/eth1

@@ -0,0 +1,4 @@
+auto eth1
+iface eth1 inet static
+  address 10.254.0.215/24
+  mtu 1500

etc/passwd

@@ -0,0 +1,28 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
+_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
+messagebus:x:997:997:System Message Bus:/nonexistent:/usr/sbin/nologin
+systemd-resolve:x:996:996:systemd Resolver:/:/usr/sbin/nologin
+polkitd:x:990:990:User for polkitd:/:/usr/sbin/nologin
+sshd:x:989:65534:sshd user:/run/sshd:/usr/sbin/nologin
+prometheus:x:100:103:Prometheus daemon:/var/lib/prometheus:/usr/sbin/nologin
+uuidd:x:101:104::/run/uuidd:/usr/sbin/nologin
+thb:x:500:500:terraform http backend:/var/lib/terraform-http-backend:/bin/bash
+sysadmin:x:1000:100:Systems' Administrator:/home/sysadmin:/bin/bash
+dhcpcd:x:102:65534:DHCP Client Daemon:/usr/lib/dhcpcd:/bin/false

etc/phpldapadmin/.gitignore

@@ -0,0 +1,3 @@
+/*
+!/.gitignore
+!/*.gpg

etc/pkglist

@@ -0,0 +1,581 @@
+adduser
+apache2
+apache2-bin
+apache2-data
+apache2-utils
+apt
+attr
+autoconf
+automake
+autopoint
+autotools-dev
+base-files
+base-passwd
+bash
+bash-completion
+bind9-host
+bind9-libs
+binutils
+binutils-common
+binutils-x86-64-linux-gnu
+bsd-mailx
+bsdextrautils
+bsdutils
+build-essential
+bzip2
+ca-certificates
+coreutils
+cpp
+cpp-14
+cpp-14-x86-64-linux-gnu
+cpp-x86-64-linux-gnu
+cron
+cron-daemon-common
+cronutils
+curl
+dash
+dbus
+dbus-bin
+dbus-daemon
+dbus-session-bus-common
+dbus-system-bus-common
+dbus-user-session
+debconf
+debhelper
+debian-archive-keyring
+debianutils
+dehydrated
+dh-autoreconf
+dh-strip-nondeterminism
+dhcpcd-base
+dialog
+diffutils
+dirmngr
+distro-info-data
+dpkg
+dpkg-dev
+dummy-default-mta
+dwz
+equivs
+fakeroot
+file
+findutils
+fontconfig-config
+fonts-dejavu-core
+fonts-dejavu-mono
+fonts-droid-fallback
+fonts-noto-mono
+fonts-urw-base35
+freeipmi-common
+fusiondirectory
+fusiondirectory-integrator
+fusiondirectory-schema
+fusiondirectory-smarty3-acl-render
+fusiondirectory-theme-oxygen
+fusiondirectory-tools
+g++
+g++-14
+g++-14-x86-64-linux-gnu
+g++-x86-64-linux-gnu
+gcc
+gcc-14
+gcc-14-base
+gcc-14-x86-64-linux-gnu
+gcc-x86-64-linux-gnu
+gettext
+gettext-base
+ghostscript
+git
+git-man
+gnupg
+gnupg-l10n
+gnupg-utils
+gpg
+gpg-agent
+gpg-wks-client
+gpgconf
+gpgsm
+gpgv
+grep
+groff-base
+gsasl-common
+gzip
+hicolor-icon-theme
+hostname
+ifupdown
+imagemagick-7-common
+init
+init-system-helpers
+intltool-debian
+ipmitool
+iproute2
+iptables
+iputils-ping
+iso-codes
+javascript-common
+jq
+kmod
+krb5-config
+krb5-locales
+krb5-user
+ldap-utils
+less
+libabsl20240722
+libacl1
+libalgorithm-diff-perl
+libalgorithm-diff-xs-perl
+libalgorithm-merge-perl
+libaom3
+libapache2-mod-php8.4
+libapparmor1
+libapr1t64
+libaprutil1-dbd-sqlite3
+libaprutil1-ldap
+libaprutil1t64
+libapt-pkg7.0
+libarchive-cpio-perl
+libarchive-zip-perl
+libargon2-1
+libasan8
+libassuan9
+libatomic1
+libattr1
+libaudit-common
+libaudit1
+libavahi-client3
+libavahi-common-data
+libavahi-common3
+libavif16
+libbinutils
+libblkid1
+libbpf1
+libbrotli1
+libbsd0
+libbz2-1.0
+libc-bin
+libc-client2007e
+libc-dev-bin
+libc-l10n
+libc6
+libc6-dev
+libcap-ng0
+libcap2
+libcap2-bin
+libcbor0.10
+libcc1-0
+libcom-err2
+libcrypt-dev
+libcrypt1
+libctf-nobfd0
+libctf0
+libcups2t64
+libcurl3t64-gnutls
+libcurl4t64
+libdav1d7
+libdb5.3t64
+libdbus-1-3
+libde265-0
+libdebconfclient0
+libdebhelper-perl
+libdeflate0
+libdialog15
+libdpkg-perl
+libduktape207
+libedit2
+libelf1t64
+liberror-perl
+libestr0
+libexpat1
+libfakeroot
+libfastjson4
+libffi8
+libfftw3-double3
+libfido2-1
+libfile-fcntllock-perl
+libfile-stripnondeterminism-perl
+libfontconfig1
+libfontenc1
+libfreeipmi17
+libfreetype6
+libfstrm0
+libgav1-1
+libgcc-14-dev
+libgcc-s1
+libgcrypt20
+libgd3
+libgdbm-compat4t64
+libgdbm6t64
+libglib2.0-0t64
+libglib2.0-data
+libgmp10
+libgnutls30t64
+libgomp1
+libgpg-error-l10n
+libgpg-error0
+libgpgme11t64
+libgpm2
+libgprofng0
+libgs-common
+libgs10
+libgs10-common
+libgsasl18
+libgssapi-krb5-2
+libgssglue1
+libgssrpc4t64
+libheif-plugin-aomenc
+libheif-plugin-dav1d
+libheif-plugin-libde265
+libheif-plugin-x265
+libheif1
+libhogweed6t64
+libhwasan0
+libice6
+libicu76
+libidn12
+libidn2-0
+libijs-0.35
+libimagequant0
+libio-pty-perl
+libip4tc2
+libip6tc2
+libipc-run-perl
+libisl23
+libitm1
+libjansson4
+libjbig0
+libjbig2dec0
+libjemalloc2
+libjpeg62-turbo
+libjq1
+libjs-prototype
+libjs-scriptaculous
+libjson-c5
+libk5crypto3
+libkadm5clnt-mit12
+libkadm5srv-mit12
+libkdb5-10t64
+libkeyutils1
+libkmod2
+libkrb5-3
+libkrb5support0
+libksba8
+liblastlog2-2
+liblcms2-2
+libldap-common
+libldap2
+libldb2
+liblerc4
+liblmdb0
+liblocale-gettext-perl
+liblockfile-bin
+liblockfile1
+liblognorm5
+liblqr-1-0
+liblsan0
+libltdl-dev
+libltdl7
+liblua5.4-0
+liblz4-1
+liblzma5
+libmagic-mgc
+libmagic1t64
+libmagickcore-7.q16-10
+libmagickwand-7.q16-10
+libmail-sendmail-perl
+libmaxminddb0
+libmd0
+libmnl0
+libmount1
+libmpc3
+libmpfr6
+libncurses6
+libncursesw6
+libnetfilter-conntrack3
+libnettle8t64
+libnfnetlink0
+libnftables1
+libnftnl11
+libnghttp2-14
+libnghttp3-9
+libngtcp2-16
+libngtcp2-crypto-gnutls8
+libnpth0t64
+libnss-systemd
+libnss-winbind
+libntlm0
+libnuma1
+libnvme1t64
+libonig5
+libopenipmi0t64
+libopenjp2-7
+libp11-kit0
+libpam-cap
+libpam-modules
+libpam-modules-bin
+libpam-runtime
+libpam-systemd
+libpam-winbind
+libpam0g
+libpaper-utils
+libpaper2
+libpci3
+libpcre2-8-0
+libperl5.40
+libpipeline1
+libpng16-16t64
+libpolkit-agent-1-0
+libpolkit-gobject-1-0
+libpopt0
+libproc2-0
+libprotobuf-c1
+libpsl5t64
+libpython3-stdlib
+libpython3.13
+libpython3.13-minimal
+libpython3.13-stdlib
+libquadmath0
+librav1e0.7
+libraw23t64
+libreadline8t64
+librtmp1
+libsasl2-2
+libsasl2-modules
+libsasl2-modules-db
+libseccomp2
+libsecret-1-0
+libsecret-common
+libselinux1
+libsemanage-common
+libsemanage2
+libsensors-config
+libsensors5
+libsepol2
+libsframe1
+libsharpyuv0
+libsm6
+libsmartcols1
+libsnmp-base
+libsnmp40t64
+libsodium23
+libsqlite3-0
+libss2
+libssh2-1t64
+libssl3t64
+libstdc++-14-dev
+libstdc++6
+libsvtav1enc2
+libsys-hostname-long-perl
+libsystemd-shared
+libsystemd0
+libtalloc2
+libtasn1-6
+libtdb1
+libtevent0t64
+libtext-charwidth-perl
+libtext-wrapi18n-perl
+libtiff6
+libtime-duration-perl
+libtimedate-perl
+libtinfo6
+libtirpc-common
+libtirpc3t64
+libtool
+libtsan2
+libubsan1
+libuchardet0
+libudev1
+libunistring5
+liburcu8t64
+liburing2
+libuuid1
+libuv1t64
+libwbclient0
+libwebp7
+libwebpdemux2
+libwebpmux3
+libwrap0
+libwtmpdb0
+libx11-6
+libx11-data
+libx265-215
+libxau6
+libxcb1
+libxdmcp6
+libxext6
+libxml2
+libxpm4
+libxslt1.1
+libxt6t64
+libxtables12
+libxxhash0
+libyaml-0-2
+libyuv0
+libzstd1
+linux-libc-dev
+linux-sysctl-defaults
+locales
+locales-all
+login
+login.defs
+logrotate
+lsb-release
+lynx
+lynx-common
+m4
+mailcap
+make
+man-db
+manpages
+manpages-dev
+mawk
+media-types
+mlock
+moreutils
+mount
+msmtp
+nano
+ncurses-base
+ncurses-bin
+ncurses-term
+net-tools
+netbase
+nftables
+nvme-cli
+openipmi
+openssh-client
+openssh-server
+openssh-sftp-server
+openssl
+openssl-provider-legacy
+oxygen-icon-theme
+passwd
+patch
+pci.ids
+perl
+perl-base
+perl-modules-5.40
+php
+php-bcmath
+php-bz2
+php-cas
+php-common
+php-curl
+php-fpdf
+php-fpm
+php-gd
+php-gmp
+php-intl
+php-ldap
+php-mbstring
+php-sqlite3
+php-xml
+php-yaml
+php8.4
+php8.4-bcmath
+php8.4-bz2
+php8.4-cli
+php8.4-common
+php8.4-curl
+php8.4-fpm
+php8.4-gd
+php8.4-gmp
+php8.4-imagick
+php8.4-imap
+php8.4-intl
+php8.4-ldap
+php8.4-mbstring
+php8.4-opcache
+php8.4-readline
+php8.4-sqlite3
+php8.4-xml
+php8.4-yaml
+phpldapadmin
+pinentry-curses
+pkexec
+po-debconf
+polkitd
+poppler-data
+procps
+prometheus-node-exporter
+prometheus-node-exporter-collectors
+psmisc
+publicsuffix
+python-apt-common
+python3
+python3-anyio
+python3-apt
+python3-bcrypt
+python3-certifi
+python3-cffi-backend
+python3-click
+python3-cryptography
+python3-decorator
+python3-dnspython
+python3-gpg
+python3-h11
+python3-h2
+python3-hpack
+python3-httpcore
+python3-httpx
+python3-hyperframe
+python3-idna
+python3-ldb
+python3-linkify-it
+python3-markdown
+python3-markdown-it
+python3-mdurl
+python3-minimal
+python3-prometheus-client
+python3-pygments
+python3-rich
+python3-samba
+python3-sniffio
+python3-talloc
+python3-tdb
+python3-uc-micro
+python3-yaml
+python3.13
+python3.13-minimal
+readline-common
+rpcsvc-proto
+rsyslog
+runit-helper
+samba
+samba-ad-dc
+samba-ad-provision
+samba-common
+samba-common-bin
+samba-dsdb-modules
+samba-libs
+sed
+sensible-utils
+sgml-base
+shared-mime-info
+smarty-gettext
+smarty3
+sqv
+sshguard
+ssl-cert
+sudo
+systemd
+systemd-resolved
+systemd-sysv
+sysvinit-utils
+tar
+tdb-tools
+tzdata
+ucf
+udev
+util-linux
+uuid-runtime
+vim
+vim-common
+vim-runtime
+winbind
+x11-common
+xdg-user-dirs
+xfonts-encodings
+xfonts-utils
+xml-core
+xz-utils
+zlib1g

etc/pushover-client/.gitignore

@@ -0,0 +1,3 @@
+/*
+!/.gitignore
+!/*.gpg

etc/pushover-client/default.gpg

@@ -0,0 +1,2 @@
+Ś
	
+Şţ“MYQ-˙Ň›
ěGR0J”–‡ô¦Zý9€S\ĺPň¸ĂÚ(Ýr¬ŰvŻ
Ň“§Ŕ˘<C594>Ď\Shą05!NÁŘťű´ů°ŚűoĂýĹpÄ’Çu ĂsKŻyŢ…I~	Üvš¦­ŁńÖ»h<C2BB>ŕ3>2=lđâ"ędŤĂę2F8t
˘MiÝŃÚČ<>—äř"µ˝Qi’31[,ŔN3ʞ᱉

etc/resolv.conf

@@ -0,0 +1,6 @@
+options timeout:2
+options edns0
+search slackware.uk.net
+nameserver 5.101.171.216
+nameserver 5.101.171.217
+nameserver 185.176.90.169

etc/rsyslog.conf

@@ -0,0 +1,143 @@
+# Load modules.
+module(load="imudp")
+module(load="imtcp")
+module(load="builtin:omfile" dirCreateMode="0750" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0640" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd")
+
+
+# Global configuration.
+global(
+  workDirectory="/var/lib/rsyslog"
+  #stdlog.channelspec="on"
+  maxMessageSize="16K"
+  senders.keepTrack="on"
+  senders.timeoutAfter="2419200"
+  senders.reportGoneAway="on"
+  senders.reportNew="on"
+)
+
+
+# Inputs.
+input(type="imudp" port="25414" ruleset="syslog")
+input(type="imudp" port="25415" ruleset="httplog")
+input(type="imtcp" port="25414" ruleset="syslog")
+
+
+# Rulesets.
+ruleset(name="syslog") {
+  set $.host = tolower(field($hostname, ".", 1));
+  set $.domain = tolower(re_extract($hostname, '[^.]+\\.(.*)', 0, 1, "unknown_domain"));
+  if ($app-name != "") then {
+    set $.proc = $app-name;
+    if ($procid != "" and $procid != "-") then {
+      set $.proc = '[' & $procid & ']';
+    }
+  } else {
+    set $.proc = '-';
+  }
+  if ($msgid != "") then {
+    set $.id = $msgid;
+  } else {
+    set $.id = '-';
+  }
+
+  template(name="LogLineSingleHost" type="string" string="%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+  template(name="LogLineAllHosts" type="string" string="%timereported:::date-utc,date-rfc3339% %hostname% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+
+# FIXME: Log each facility to the AllHosts logs.  Compression?
+  if prifilt("auth.*,authpriv.*") then {
+    action(type="omfile" file="/tmp/log/AllHosts/auth" template="LogLineAllHosts" zipLevel="6" asyncWriting="on" flushInterval="5" ioBufferSize="64k" )
+  } else if ... then {
+
+
+
+  template(name="LogFileeSingleHost" type="string" string="/tmp/logs/%$.host%/
+%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+
+
+
+    if prifilt("*.info") then {
+        action(type="omfile" file="/var/log/info.log")
+    }
+}
+
+
+
+
+#template(name="SyslogLineFormat" type="list") {
+#  property(name="timereported" dateFormat="rfc3339" caseConversion="lower")		# Timestamp yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
+#  constant(value=" ")
+#  property(name="hostname")								# Hostname
+#  constant(value=" ")
+#  property(name="syslogfacility")							# Facility
+#  constant(value=".")
+#  property(name="syslogpriority")							# Log priority
+#  constant(value=" ")
+#  property(name="syslogtag")								# Syslog tag
+#  constant(value=": ")
+#  property(name="msg")									# Message content
+#  constant(value="\n")
+#}
+
+
+
+
+#template(name="LogHostFile" type="string" string="/mnt/Data/logs/%HOSTNAME:::escape-cc,secpath-replace%/
+#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
+# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
+
+#template(name="LogAllHostsFile" type="string" string="/mnt/Data/logs/AllHosts/
+#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
+# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
+
+
+
+
+#VMWare: RFC 5424
+
+
+
+# Parser.
+#parser(
+#  name="FIXME"
+#  type="pmnormalize"
+#  rule=[
+#    "rule=:<%pri:number%> %fromhost-ip:ipv4% %hostname:word% %syslogtag:char-to:\\x3a%: %msg:rest%",
+#    "rule=:<%pri:number%> %hostname:word% %fromhost-ip:ipv4% %syslogtag:char-to:\\x3a%: %msg:rest%"
+#  ]
+#)
+
+
+# Rules
+#ruleset(name="outp" parser="custom.pmnormalize") {
+#   action(type="omfile" File="/tmp/output")
+#}
+
+
+# Outputs.
+action(type="omfile" file="/tmp/messages" template="LogLineSingleHost")
+
+
+
+# Include additional configurations.
+include(file="/etc/rsyslog.d/*.conf" mode="optional")
+
+
+
+
+### Examples ####
+
+# Send all logs to remote syslog via UDP.
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#*.* action(
+#	type="omfwd"
+#	target="192.168.0.1"
+#	port="514"
+#	protocol="udp"
+#	queue.filename="fwdRule1"  # unique name prefix for spool files
+#	queue.type="LinkedList"
+#	queue.maxDiskSpace="256m"
+#	queue.saveOnShutdown="on"
+#	action.resumeRetryCount="-1"
+#	action.resumeInterval="30"
+#)

etc/samba/smb.conf

@@ -0,0 +1,45 @@
+[global]
+realm = SLACKWARE.UK.NET
+netbios name = CORE
+workgroup = SLACKWAREUKNET
+server string = "slackware.uk.net Domain Controller"
+# FIXME:
+# dns forwarder = 5.101.171.216 5.101.171.217 185.176.90.169
+dns forwarder = 216.119.155.58 185.176.90.169
+allow dns updates = no
+tls cafile = /etc/ssl/certs/ca-certificates.crt
+tls certfile = /etc/certificates/core.slackware.uk.net_cert.pem
+tls keyfile = /etc/certificates/core.slackware.uk.net_key.pem
+tls verify peer = ca_and_name_if_available
+log level = 1
+logging = syslog:local5
+log file = /var/log/core.slackware.uk.net/today/samba/samba-debug
+debug syslog format = always
+debug hires timestamp = yes
+enable core files = no
+idmap config * : backend = tdb
+# There are only 568 IDs mapped into the container by TrueNAS, so limit the number that can be used.
+idmap config * : range = 10000-10500
+idmap_ldb:use rfc2307 = yes
+password hash userPassword schemes = CryptSHA512
+server role = active directory domain controller
+username map = /etc/samba/smbusers
+vfs objects = dfs_samba4 posixacl acl_xattr
+nfs4acl_xattr:encoding = nfs
+nfs4acl_xattr:version = 41
+nfs4acl_xattr:xattr_name = user.nfs4_acl
+nfs4acl_xattr:default acl style = windows
+acl_xattr:security_acl_name = user.NTACL
+acl_xattr:default acl style = windows
+
+# [homes]
+
+# [printers]
+
+[sysvol]
+path = /var/lib/samba/sysvol
+write list = @'Domain Admins@slackware.uk.net'
+
+[netlogon]
+path = /var/lib/samba/sysvol/slackware.uk.net/scripts
+write list = @'Domain Admins@slackware.uk.net'

etc/samba/smbusers

@@ -0,0 +1 @@
+root = Administrator

etc/ssh/.gitignore

@@ -0,0 +1,4 @@
+/moduli
+/sshd_config.d/
+/ssh_config.d/
+/ssh_host_*_key*

etc/ssh/ssh_config

@@ -0,0 +1,7 @@
+Include /etc/ssh/ssh_config.d/*.conf
+
+Host *
+  ControlPath			~/.ssh/%u@%l->%r@%h:%p
+  SendEnv			LANG LC_*
+  VerifyHostKeyDNS		yes
+  VisualHostKey			yes

etc/ssh/sshd_config

@@ -0,0 +1,11 @@
+Include /etc/ssh/sshd_config.d/*.conf
+
+Port				25422
+
+AcceptEnv			LANG LC_*
+LoginGraceTime			30
+MaxStartups			5
+PermitRootLogin			prohibit-password
+StreamLocalBindUnlink		yes
+Subsystem			sftp	internal-sftp
+X11Forwarding			no

etc/sshguard/sshguard.conf

@@ -0,0 +1,54 @@
+#!/bin/sh
+# sshguard.conf -- SSHGuard configuration
+
+# Full path to backend executable (required, no default)
+BACKEND="/usr/libexec/sshg-fw-iptables"
+
+# Space-separated list of log files to monitor. (optional, no default)
+FILES="/var/log/core.slackware.uk.net/auth"
+
+# Shell command that provides logs on standard output. (optional, no default)
+# Example 1: ssh and sendmail from systemd journal:
+#LOGREADER="LANG=C /usr/bin/journalctl -afb -p info -n1 -t sshd -t sendmail -o cat"
+# Example 2: ssh from os_log (macOS 10.12+)
+#LOGREADER="/usr/bin/log stream --style syslog --predicate '(processImagePath contains \"sshd\")'"
+
+# Block attackers when their cumulative attack score exceeds THRESHOLD.
+# Most attacks have a score of 10. (optional, default 30)
+THRESHOLD=10
+
+# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
+# Subsequent blocks increase by a factor of 1.5. (optional, default 120)
+BLOCK_TIME=86400
+
+# Remember potential attackers for up to DETECTION_TIME seconds before
+# resetting their score. (optional, default 1800)
+DETECTION_TIME=28800
+
+# Size of IPv6 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 128)
+IPV6_SUBNET=128
+
+# Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 32)
+IPV4_SUBNET=32
+
+# Full path to PID file (optional, no default)
+PID_FILE=/run/sshguard.pid
+
+# Colon-separated blacklist threshold and full path to blacklist file.
+# (optional, no default)
+BLACKLIST_FILE=10:/var/lib/sshguard/blacklist
+
+# IP addresses listed in the WHITELIST_FILE are considered to be
+# friendlies and will never be blocked.
+WHITELIST_FILE=/etc/sshguard.whitelist
+
+# If PARSER is unset, SSHGuard will use the installed sshg-parser as its
+# parser. Setting PARSER overrides this, so that you can use your own parser.
+#PARSER=
+
+# Run POST_PARSER as a filter after the parser. POST_PARSER must read as input
+# and produce as output lines in the format used by sshg-parser. This example
+# implements primitive whitelisting, preventing sshg-blocker from seeing
+# attacks from 1.2.3.4. Unlike whitelisting, attacks filtered by POST_PARSER
+# are not logged by SSHGuard.
+#POST_PARSER="grep -v 1.2.3.4"