update multiple containers

2026-02-18 15:36:20 +00:00 · 2026-01-17 21:54:11 +00:00
parent 2f6658f0ae
commit dcceeb5a63
15 changed files with 31 additions and 115 deletions
--- a/src/bashclub-cmk/constants-service.conf
+++ b/src/bashclub-cmk/constants-service.conf
@@ -28,7 +28,7 @@ LXC_NESTING="1"
 LXC_KEYCTL="0"
 # checkmk version
-CMK_VERSION=2.4.0p18
+CMK_VERSION=2.4.0p19
 # build number of the debian package (needs to start with underscore)
 CMK_BUILD=_0
--- a/src/bookstack/constants-service.conf
+++ b/src/bookstack/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 # Create sharefs mountpoint
 LXC_MP=0
--- a/src/bookstack/install-service.sh
+++ b/src/bookstack/install-service.sh
@@ -14,9 +14,11 @@ source /root/constants-service.conf
 BOOKSTACK_DB_PWD=$(random_password)
 webroot=/var/www/bookstack/public
 inst_php cli,fpm,mysql,fpm,xml,mbstring,gd,tokenizer,curl,ldap,tidy,zip 8.5
 apt update
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends zip unzip nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd php-tokenizer php-xml php-dompdf php-curl php-ldap php-tidy php-zip redis-server
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends zip unzip nginx-full mariadb-server mariadb-client redis-server
 curl -s https://api.github.com/repos/wkhtmltopdf/packaging/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep 'bookworm_amd64.deb$' | wget -O /opt/wkhtmltox.deb -i -
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends /opt/wkhtmltox.deb
--- a/src/cloudpanel/constants-service.conf
+++ b/src/cloudpanel/constants-service.conf
@@ -6,7 +6,7 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 # Create sharefs mountpoint
 LXC_MP=1
--- a/src/functions.sh
+++ b/src/functions.sh
@@ -79,7 +79,7 @@ inst_nginx() {
 #### Set repo and install PHP ####
 inst_php() {
    PHP_MODULES=${1}
-    PHP_VERSION=${2:-8.5}
+    PHP_VERSION=${2:-8.4}
    IFS=',' read -ra MODULE_ARRAY <<< "$PHP_MODULES"
    PKGS=()
    for PHP_MODULE in "${MODULE_ARRAY[@]}"; do
--- a/src/zmb-ad-join/install-service.sh
+++ b/src/zmb-ad-join/install-service.sh
@@ -13,8 +13,8 @@ ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 for f in ${OPTIONAL_FEATURES[@]}; do
  if [[ "$f" == "wsdd" ]]; then
-      ADDITIONAL_PACKAGES="wsdd $ADDITIONAL_PACKAGES"
+      ADDITIONAL_PACKAGES="wsdd2 $ADDITIONAL_PACKAGES"
-      ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
+      ADDITIONAL_SERVICES="wsdd2 $ADDITIONAL_SERVICES"
  elif [[ "$f" == "splitdns" ]]; then
      ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES"
      ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES"
--- a/src/zmb-ad-restore/constants-service.conf
+++ b/src/zmb-ad-restore/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 # Create sharefs mountpoint
 LXC_MP=0
--- a/src/zmb-ad-restore/install-service.sh
+++ b/src/zmb-ad-restore/install-service.sh
@@ -13,8 +13,8 @@ ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 for f in ${OPTIONAL_FEATURES[@]}; do
  if [[ "$f" == "wsdd" ]]; then
-    ADDITIONAL_PACKAGES="wsdd $ADDITIONAL_PACKAGES"
+    ADDITIONAL_PACKAGES="wsdd2 $ADDITIONAL_PACKAGES"
-    ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
+    ADDITIONAL_SERVICES="wsdd2 $ADDITIONAL_SERVICES"
  elif [[ "$f" == "splitdns" ]]; then
    ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES"
--- a/src/zmb-ad/constants-service.conf
+++ b/src/zmb-ad/constants-service.conf
@@ -26,18 +26,6 @@ LXC_NESTING="1"
 # enable keyctl feature
 LXC_KEYCTL="0"
 # add optional features to samba ad dc
 # CURRENTLY SUPPORTED:
 # wsdd = add windows service discovery
 # splitdns = add nginx to redirect to website www.domain.tld in splitdns setup
 # bind9dlz = Set ZMB_DNS_BACKEND to BIND9_DLZ
 # Example:
 # OPTIONAL_FEATURES=(wsdd)
 # OPTIONAL_FEATURES=(wsdd splitdns)
 OPTIONAL_FEATURES=()
 # Sets the minimum amount of RAM the service needs for operation
 LXC_MEM_MIN=1024
--- a/src/zmb-ad/install-service.sh
+++ b/src/zmb-ad/install-service.sh
@@ -5,38 +5,20 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 set -euo pipefail
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
 ZMB_DNS_BACKEND="SAMBA_INTERNAL"
 for f in ${OPTIONAL_FEATURES[@]}; do
  if [[ "$f" == "wsdd" ]]; then
    ADDITIONAL_PACKAGES="wsdd $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES"
  elif [[ "$f" == "splitdns" ]]; then
    ADDITIONAL_PACKAGES="nginx-full $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="nginx $ADDITIONAL_SERVICES"
  elif [[ "$f" == "bind9dlz" ]]; then
    ZMB_DNS_BACKEND="BIND9_DLZ"
    ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES"
    ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES"
  else
    echo "Unsupported optional feature $f"
  fi
 done
 # echo "deb http://deb.debian.org/debian/ bookworm-backports main contrib" >> /etc/apt/sources.list
 # update packages
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
 # install required packages
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET $ADDITIONAL_PACKAGES ntpsec-ntpdate rpl net-tools dnsutils chrony sipcalc
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" $LXC_TOOLSET ntpsec-ntpdate rpl net-tools dnsutils chrony sipcalc wsdd2
 # DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl attr samba smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl attr samba samba-ad-dc smbclient winbind libpam-winbind libnss-winbind krb5-user samba-dsdb-modules samba-vfs-modules lmdb-utils
-
+echo "configuring chrony"
 mkdir -p /etc/chrony/conf.d
 mkdir -p /etc/systemd/system/chrony.service.d
@@ -61,72 +43,16 @@ server europe.pool.ntp.org iburst
 allow $(sipcalc ${LXC_IP} | grep -m1 "Network address" | rev | cut -d' ' -f1 | rev)/$(sipcalc ${LXC_IP} | grep -m1 "Network mask (bits)" | rev | cut -d' ' -f1 | rev)
 ntpsigndsocket /var/lib/samba/ntp_signd
 EOF
-
+echo "disabling services"
 if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then
  cat << EOF > /etc/nginx/sites-available/default
 server {
    listen 80 default_server;
    server_name _;
    return 301 http://www.$LXC_DOMAIN\$request_uri;
 }
 EOF
 fi
 if  [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then
  # configure bind dns service
  cat << EOF > /etc/default/bind9
 #
 # run resolvconf?
 RESOLVCONF=no
 # startup options for the server
 OPTIONS="-4 -u bind"
 EOF
  cat << EOF > /etc/bind/named.conf.local
 //
 // Do any local configuration here
 //
 // Consider adding the 1918 zones here, if they are not used in your
 // organization
 //include "/etc/bind/zones.rfc1918";
 dlz "$LXC_DOMAIN" {
  database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
 };
 EOF
  cat << EOF > /etc/bind/named.conf.options
 options {
  directory "/var/cache/bind";
  forwarders {
    $LXC_DNS;
  };
  allow-query {  any;};
  dnssec-validation no;
  auth-nxdomain no;    # conform to RFC1035
  listen-on-v6 { any; };
  listen-on { any; };
  tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
  minimal-responses yes;
 };
 EOF
  mkdir -p /var/lib/samba/bind-dns/dns
 fi
 # stop + disable samba services and remove default config
-systemctl disable --now smbd nmbd winbind systemd-resolved > /dev/null 2>&1
+systemctl disable --now smbd nmbd winbind > /dev/null 2>&1
 rm -f /etc/samba/smb.conf
 rm -f /etc/krb5.conf
 echo "provisioning domain"
 # provision zamba domain
-samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=$ZMB_DNS_BACKEND
+samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAIN --adminpass=$ZMB_ADMIN_PASS --server-role=dc --backend-store=mdb --dns-backend=SAMBA_INTERNAL
-
+echo "provosioning finished"
 ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
 # disable password expiry for administrator
@@ -134,7 +60,7 @@ samba-tool user setexpiry Administrator --noexpiry
 systemctl unmask samba-ad-dc
 systemctl enable samba-ad-dc
-systemctl restart samba-ad-dc $ADDITIONAL_SERVICES
+systemctl restart samba-ad-dc
 # configure ad backup
 cat << EOF > /usr/local/bin/smb-backup
--- a/src/zmb-cups/constants-service.conf
+++ b/src/zmb-cups/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 # Create sharefs mountpoint
 LXC_MP=1
--- a/src/zmb-cups/install-service.sh
+++ b/src/zmb-cups/install-service.sh
@@ -14,7 +14,7 @@ source /root/constants-service.conf
 apt update
 # DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl cups samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules wsdd
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl cups samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules wsdd
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl cups samba winbind libpam-winbind libnss-winbind krb5-user krb5-config samba-dsdb-modules samba-vfs-modules wsdd2
 mv /etc/krb5.conf /etc/krb5.conf.bak
 cat > /etc/krb5.conf <<EOF
@@ -107,4 +107,4 @@ systemctl disable --now cups-browsed.service
 cupsctl --remote-admin
-systemctl restart cups smbd nmbd winbind wsdd
+systemctl restart cups smbd nmbd winbind wsdd2
--- a/src/zmb-member/install-service.sh
+++ b/src/zmb-member/install-service.sh
@@ -23,9 +23,6 @@ cat > /etc/krb5.conf <<EOF
 	renew_lifetime = 7d
 EOF
 echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
 klist
 mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
 cat > /etc/samba/smb.conf <<EOF
 [global]
@@ -87,6 +84,9 @@ for ZMB_SHARE in "${ZMB_SHARES_ARRAY[@]}" ; do
 EOF
 done
 echo -e "$ZMB_ADMIN_PASS" | kinit -V $ZMB_ADMIN_USER
 klist
 systemctl restart smbd
 echo -e "$ZMB_ADMIN_PASS" | net ads join -U $ZMB_ADMIN_USER createcomputer=Computers
--- a/src/zmb-standalone/constants-service.conf
+++ b/src/zmb-standalone/constants-service.conf
@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-12-standard"
+LXC_TEMPLATE_VERSION="debian-13-standard"
 # Create sharefs mountpoint
 LXC_MP=1
--- a/src/zmb-standalone/install-service.sh
+++ b/src/zmb-standalone/install-service.sh
@@ -18,7 +18,7 @@ apt update
 #DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules samba-libs libwbclient0 winbind wsdd
 #DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -t bookworm-backports -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules samba-libs libwbclient0 winbind wsdd
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" acl samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules samba-libs libwbclient0 winbind wsdd2
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --no-install-recommends cockpit cockpit-identities cockpit-file-sharing cockpit-navigator
 USER=$(echo "$ZMB_ADMIN_USER" | awk '{print tolower($0)}')
@@ -79,4 +79,4 @@ do
    net conf setparm $ZMB_SHARE directorymask 0770
 done
-systemctl restart smbd nmbd wsdd
+systemctl restart smbd nmbd wsdd2