From dcceeb5a63af525a64112091e260394e24aeb09d Mon Sep 17 00:00:00 2001
From: Thorsten Spille <thorsten@bashclub.org>
Date: Sat, 17 Jan 2026 21:54:11 +0000
Subject: [PATCH] update multiple containers

---
 src/bashclub-cmk/constants-service.conf   |  2 +-
 src/bookstack/constants-service.conf      |  2 +-
 src/bookstack/install-service.sh          |  4 +-
 src/cloudpanel/constants-service.conf     |  2 +-
 src/functions.sh                          |  2 +-
 src/zmb-ad-join/install-service.sh        |  4 +-
 src/zmb-ad-restore/constants-service.conf |  2 +-
 src/zmb-ad-restore/install-service.sh     |  4 +-
 src/zmb-ad/constants-service.conf         | 12 ---
 src/zmb-ad/install-service.sh             | 94 +++--------------------
 src/zmb-cups/constants-service.conf       |  2 +-
 src/zmb-cups/install-service.sh           |  4 +-
 src/zmb-member/install-service.sh         |  6 +-
 src/zmb-standalone/constants-service.conf |  2 +-
 src/zmb-standalone/install-service.sh     |  4 +-
 15 files changed, 31 insertions(+), 115 deletions(-)

diff --git a/src/bashclub-cmk/constants-service.conf b/src/bashclub-cmk/constants-service.conf
index 84c2348..e360c84 100644
--- a/src/bashclub-cmk/constants-service.conf
+++ b/src/bashclub-cmk/constants-service.conf
@@ -28,7 +28,7 @@ LXC_NESTING="1"
 LXC_KEYCTL="0"
 
 # checkmk version
-CMK_VERSION=2.4.0p18
+CMK_VERSION=2.4.0p19
 # build number of the debian package (needs to start with underscore)
 CMK_BUILD=_0
 
diff --git a/src/bookstack/constants-service.conf b/src/bookstack/constants-service.conf
index c4548eb..50fd76b 100644
--- a/src/bookstack/constants-service.conf
+++ b/src/bookstack/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 
 # Create sharefs mountpoint
 LXC_MP=0
diff --git a/src/bookstack/install-service.sh b/src/bookstack/install-service.sh
index fa5acd1..a040873 100644
--- a/src/bookstack/install-service.sh
+++ b/src/bookstack/install-service.sh
@@ -14,9 +14,11 @@ source /root/constants-service.conf
 BOOKSTACK_DB_PWD=$(random_password)
 webroot=/var/www/bookstack/public
 
+inst_php cli,fpm,mysql,fpm,xml,mbstring,gd,tokenizer,curl,ldap,tidy,zip 8.5
+
 apt update
 
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends zip unzip nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd php-tokenizer php-xml php-dompdf php-curl php-ldap php-tidy php-zip redis-server
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends zip unzip nginx-full mariadb-server mariadb-client redis-server
 curl -s https://api.github.com/repos/wkhtmltopdf/packaging/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep 'bookworm_amd64.deb$' | wget -O /opt/wkhtmltox.deb -i -
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends /opt/wkhtmltox.deb
 
diff --git a/src/cloudpanel/constants-service.conf b/src/cloudpanel/constants-service.conf
index d207969..8476909 100644
--- a/src/cloudpanel/constants-service.conf
+++ b/src/cloudpanel/constants-service.conf
@@ -6,7 +6,7 @@
 # This file contains the project constants on service level
 
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 
 # Create sharefs mountpoint
 LXC_MP=1
diff --git a/src/functions.sh b/src/functions.sh
index 35d70a6..bf424a6 100644
--- a/src/functions.sh
+++ b/src/functions.sh
@@ -79,7 +79,7 @@ inst_nginx() {
 #### Set repo and install PHP ####
 inst_php() {
     PHP_MODULES=${1}
-    PHP_VERSION=${2:-8.5}
+    PHP_VERSION=${2:-8.4}
     IFS=',' read -ra MODULE_ARRAY <<< "$PHP_MODULES"
     PKGS=()
     for PHP_MODULE in "${MODULE_ARRAY[@]}"; do
diff --git a/src/zmb-ad-join/install-service.sh b/src/zmb-ad-join/install-service.sh
index bf0f3aa..9b9a76d 100644
--- a/src/zmb-ad-join/install-service.sh
+++ b/src/zmb-ad-join/install-service.sh
@@ -13,8 +13,8 @@ ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 
 for f in ${OPTIONAL_FEATURES[@]}; do
   if [[ "$f" == "wsdd" ]]; then
-      ADDITIONAL_PACKAGES="wsdd $ADDITIONAL_PACKAGES"
-      ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
+      ADDITIONAL_PACKAGES="wsdd2 $ADDITIONAL_PACKAGES"
+      ADDITIONAL_SERVICES="wsdd2 $ADDITIONAL_SERVICES"
   elif [[ "$f" == "splitdns" ]]; then
       ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES"
       ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES"
diff --git a/src/zmb-ad-restore/constants-service.conf b/src/zmb-ad-restore/constants-service.conf
index 1042bbc..e849a50 100644
--- a/src/zmb-ad-restore/constants-service.conf
+++ b/src/zmb-ad-restore/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 
 # Create sharefs mountpoint
 LXC_MP=0
diff --git a/src/zmb-ad-restore/install-service.sh b/src/zmb-ad-restore/install-service.sh
index b3c14c8..a0045bf 100644
--- a/src/zmb-ad-restore/install-service.sh
+++ b/src/zmb-ad-restore/install-service.sh
@@ -13,8 +13,8 @@ ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 
 for f in ${OPTIONAL_FEATURES[@]}; do
   if [[ "$f" == "wsdd" ]]; then
-    ADDITIONAL_PACKAGES="wsdd $ADDITIONAL_PACKAGES"
-    ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
+    ADDITIONAL_PACKAGES="wsdd2 $ADDITIONAL_PACKAGES"
+    ADDITIONAL_SERVICES="wsdd2 $ADDITIONAL_SERVICES"
   elif [[ "$f" == "splitdns" ]]; then
     ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES"
     ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES"
diff --git a/src/zmb-ad/constants-service.conf b/src/zmb-ad/constants-service.conf
index d96197f..e621c1b 100644
--- a/src/zmb-ad/constants-service.conf
+++ b/src/zmb-ad/constants-service.conf
@@ -26,18 +26,6 @@ LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 
-# add optional features to samba ad dc
-
-# CURRENTLY SUPPORTED:
-# wsdd = add windows service discovery
-# splitdns = add nginx to redirect to website www.domain.tld in splitdns setup
-# bind9dlz = Set ZMB_DNS_BACKEND to BIND9_DLZ
-
-# Example:
-# OPTIONAL_FEATURES=(wsdd)
-# OPTIONAL_FEATURES=(wsdd splitdns)
-OPTIONAL_FEATURES=()
-
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
 
diff --git a/src/zmb-ad/install-service.sh b/src/zmb-ad/install-service.sh
index 3455650..6fca4cc 100644
--- a/src/zmb-ad/install-service.sh
+++ b/src/zmb-ad/install-service.sh
@@ -5,38 +5,20 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 
+set -euo pipefail
+
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 
-ZMB_DNS_BACKEND="SAMBA_INTERNAL"
-
-for f in ${OPTIONAL_FEATURES[@]}; do
-  if [[ "$f" == "wsdd" ]]; then
-    ADDITIONAL_PACKAGES="wsdd $ADDITIONAL_PACKAGES"
-    ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
-  elif [[ "$f" == "splitdns" ]]; then
-    ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES"
-    ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES"
-  elif [[ "$f" == "bind9dlz" ]]; then
-    ZMB_DNS_BACKEND="BIND9_DLZ"
-    ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES"
-    ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES"
-  else
-    echo "Unsupported optional feature $f"
-  fi
-done
-
-# echo "deb http://deb.debian.org/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
-
 # update packages
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 # install required packages
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES ntpsec-ntpdate rpl net-tools dnsutils chrony sipcalc
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET ntpsec-ntpdate rpl net-tools dnsutils chrony sipcalc wsdd2
 # DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl attr samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl attr samba samba-ad-dc smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils
-
+echo "configuring chrony"
 mkdir -p /etc/chrony/conf.d
 mkdir -p /etc/systemd/system/chrony.service.d
 
@@ -61,72 +43,16 @@ server europe.pool.ntp.org iburst
 allow $(sipcalc ${LXC_IP} | grep -m1 "Network address" | rev | cut -d' ' -f1 | rev)/$(sipcalc ${LXC_IP} | grep -m1 "Network mask (bits)" | rev | cut -d' ' -f1 | rev)
 ntpsigndsocket /var/lib/samba/ntp_signd
 EOF
-
-if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
-  cat << EOF > /etc/nginx/sites-available/default
-server {
-    listen 80 default_server;
-    server_name _;
-    return 301 http://www.$LXC_DOMAIN\$request_uri;
-}
-EOF
-fi
-
-if  [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then
-  # configure bind dns service
-  cat << EOF > /etc/default/bind9
-#
-# run resolvconf?
-RESOLVCONF=no
-
-# startup options for the server
-OPTIONS="-4 -u bind"
-EOF
-
-  cat << EOF > /etc/bind/named.conf.local
-//
-// Do any local configuration here
-//
-
-// Consider adding the 1918 zones here, if they are not used in your
-// organization
-//include "/etc/bind/zones.rfc1918";
-dlz "$LXC_DOMAIN" {
-  database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
-};
-EOF
-
-  cat << EOF > /etc/bind/named.conf.options
-options {
-  directory "/var/cache/bind";
-
-  forwarders {
-    $LXC_DNS;
-  };
-
-  allow-query {  any;};
-  dnssec-validation no;
-
-  auth-nxdomain no;    # conform to RFC1035
-  listen-on-v6 { any; };
-  listen-on { any; };
-
-  tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
-  minimal-responses yes;
-};
-EOF
-
-  mkdir -p /var/lib/samba/bind-dns/dns
-fi
-
+echo "disabling services"
 # stop + disable samba services and remove default config
-systemctl disable --now smbd nmbd winbind systemd-resolved > /dev/null 2>&1
+systemctl disable --now smbd nmbd winbind > /dev/null 2>&1
 rm -f /etc/samba/smb.conf
 rm -f /etc/krb5.conf
 
+echo "provisioning domain"
 # provision zamba domain
-samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=$ZMB_DNS_BACKEND
-
+samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=SAMBA_INTERNAL
+echo "provosioning finished"
 ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
 
 # disable password expiry for administrator
@@ -134,7 +60,7 @@ samba-tool user setexpiry Administrator --noexpiry
 
 systemctl unmask samba-ad-dc
 systemctl enable samba-ad-dc
-systemctl restart samba-ad-dc $ADDITIONAL_SERVICES
+systemctl restart samba-ad-dc
 
 # configure ad backup
 cat << EOF > /usr/local/bin/smb-backup
diff --git a/src/zmb-cups/constants-service.conf b/src/zmb-cups/constants-service.conf
index 5bf228d..8e571e7 100644
--- a/src/zmb-cups/constants-service.conf
+++ b/src/zmb-cups/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 
 # Create sharefs mountpoint
 LXC_MP=1
diff --git a/src/zmb-cups/install-service.sh b/src/zmb-cups/install-service.sh
index 636a723..0f8333c 100644
--- a/src/zmb-cups/install-service.sh
+++ b/src/zmb-cups/install-service.sh
@@ -14,7 +14,7 @@ source /root/constants-service.conf
 apt update
 
 # DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl cups samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules wsdd
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl cups samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules wsdd
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl cups samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules wsdd2
 
 mv /etc/krb5.conf /etc/krb5.conf.bak
 cat > /etc/krb5.conf <<EOF
@@ -107,4 +107,4 @@ systemctl disable --now cups-browsed.service
 
 cupsctl --remote-admin
 
-systemctl restart cups smbd nmbd winbind wsdd
\ No newline at end of file
+systemctl restart cups smbd nmbd winbind wsdd2
\ No newline at end of file
diff --git a/src/zmb-member/install-service.sh b/src/zmb-member/install-service.sh
index aa8ee25..c211b1e 100644
--- a/src/zmb-member/install-service.sh
+++ b/src/zmb-member/install-service.sh
@@ -23,9 +23,6 @@ cat > /etc/krb5.conf <<EOF
 	renew_lifetime = 7d
 EOF
 
-echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
-klist
-
 mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
 cat > /etc/samba/smb.conf <<EOF
 [global]
@@ -87,6 +84,9 @@ for ZMB_SHARE in "${ZMB_SHARES_ARRAY[@]}" ; do
 EOF
 done
 
+echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
+klist
+
 systemctl restart smbd
 
 echo -e "$ZMB_ADMIN_PASS" | net ads join -U $ZMB_ADMIN_USER createcomputer=Computers
diff --git a/src/zmb-standalone/constants-service.conf b/src/zmb-standalone/constants-service.conf
index ffe82ed..704e98c 100644
--- a/src/zmb-standalone/constants-service.conf
+++ b/src/zmb-standalone/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 
 # Create sharefs mountpoint
 LXC_MP=1
diff --git a/src/zmb-standalone/install-service.sh b/src/zmb-standalone/install-service.sh
index 2b8c358..95c079c 100644
--- a/src/zmb-standalone/install-service.sh
+++ b/src/zmb-standalone/install-service.sh
@@ -18,7 +18,7 @@ apt update
 
 #DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules samba-libs libwbclient0 winbind wsdd
 #DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules samba-libs libwbclient0 winbind wsdd
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules samba-libs libwbclient0 winbind wsdd2
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator
 
 USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}')
@@ -79,4 +79,4 @@ do
     net conf setparm $ZMB_SHARE directorymask 0770
 done
 
-systemctl restart smbd nmbd wsdd
+systemctl restart smbd nmbd wsdd2