diff --git a/ubuntu-20.04/apps/bind9/bind9.sh b/ubuntu-20.04/apps/bind9/bind9.sh
new file mode 100644
index 0000000..6a1bbc6
--- /dev/null
+++ b/ubuntu-20.04/apps/bind9/bind9.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y bind9
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/ubuntu-20.04/apps/iperf3/iperf3.sh b/ubuntu-20.04/apps/iperf3/iperf3.sh
new file mode 100644
index 0000000..78ee00e
--- /dev/null
+++ b/ubuntu-20.04/apps/iperf3/iperf3.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y iperf3
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh b/ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh
new file mode 100644
index 0000000..a8483f9
--- /dev/null
+++ b/ubuntu-20.04/apps/zimbra-10-zpush/zimbra-10-zpush.sh
@@ -0,0 +1,197 @@
+#!/bin/bash
+
+ZPUSHVER="2.7.1"
+ZPUSHVER=$(whiptail --title "Z-Push version" --inputbox "" 0 30 "${ZPUSHVER}" 3>&1 1>&2 2>&3)
+TIMEZONE="Europe\/Zurich"
+TIMEZONE=$(whiptail --title "Default timezone" --inputbox "" 0 30 "${TIMEZONE}" 3>&1 1>&2 2>&3)
+BACKENDVER=71
+BACKENDVER=$(whiptail --title "Backend version" --inputbox "" 0 30 "${BACKENDVER}" 3>&1 1>&2 2>&3)
+ZIMBRAURL="https://test.mbx.netm.ch"
+ZIMBRAURL=$(whiptail --title "Zimbra URL" --inputbox "" 0 30 "${ZIMBRAURL}" 3>&1 1>&2 2>&3)
+APACHE2PORT=4433
+APACHE2PORT=$(whiptail --title "Apache SSL Port" --inputbox "" 0 30 "${APACHE2PORT}" 3>&1 1>&2 2>&3)
+
+main() {
+ inst_dep
+ inst_z-push "${ZPUSHVER}" "${TIMEZONE}"
+ inst_z-push-update
+ inst_z-push-backend "${BACKENDVER}" "${ZIMBRAURL}"
+ inst_z-push-backend-update
+ conf_apache2
+ conf_logrotate
+}
+
+inst_dep() {
+ apt -y install php php-cli php-soap php-mbstring php-curl php-intl php-fpm
+ mkdir /var/lib/z-push
+ mkdir /var/log/z-push
+ mkdir /var/www/z-push
+}
+
+inst_z-push() { # $1=version $2=timezone
+ cd || exit 1
+ wget -O z-push.tar.gz https://github.com/Z-Hub/Z-Push/archive/refs/tags/"${1}".tar.gz
+ tar xzvf z-push.tar.gz
+ cp -r Z-Push-"${1}"/src/* /var/www/z-push
+ rm z-push.tar.gz
+ rm -r Z-Push-"${1}"
+ # Config
+ sed -i "s/'TIMEZONE', ''/'TIMEZONE', '${2}'/" /var/www/z-push/config.php
+ sed -i "s/'BACKEND_PROVIDER', ''/'BACKEND_PROVIDER', 'BackendZimbra'/" /var/www/z-push/config.php
+}
+
+inst_z-push-update() {
+ cat << 'EOF' > /usr/local/bin/mtm-zpushupdate
+show_help() {
+ echo "mtm-zpushupdate version"
+ echo ""
+ echo "Example :"
+ echo "mtm-zpushupdate 2.7.1"
+ echo "Look at :"
+ echo "https://github.com/Z-Hub/Z-Push/releases"
+}
+
+if [ "${1}" == "" ]; then
+ show_help
+ exit 1
+fi
+
+cd || exit 1
+wget -O z-push.tar.gz https://github.com/Z-Hub/Z-Push/archive/refs/tags/"${1}".tar.gz
+tar xzvf z-push.tar.gz
+mv /var/www/z-push /var/www/z-push.upd
+mkdir /var/www/z-push
+cp -r Z-Push-"${1}"/src/* /var/www/z-push
+mv /var/www/z-push/config.php /var/www/z-push/config.php.new
+mv /var/www/z-push.upd/config.php /var/www/z-push/
+mv /var/www/z-push.upd/backend/zimbra /var/www/z-push/backend/
+# chown -R www-data:www-data /var/www/z-push
+systemctl restart apache2.service
+rm -r /var/www/z-push.upd
+rm z-push.tar.gz
+rm -r Z-Push-"${1}"
+diff /var/www/z-push/config.php /var/www/z-push/config.php.new
+EOF
+ chmod 755 /usr/local/bin/mtm-zpushupdate
+}
+
+inst_z-push-backend() { # $1=version $2=zimbraurl
+ cd || exit 1
+ wget https://sourceforge.net/projects/zimbrabackend/files/Release"${1}"/zimbra"${1}".tgz/download
+ tar -xf download
+ cp -r zimbra"${1}" /var/www/z-push/backend/zimbra
+ rm download
+ rm -r zimbra"${1}"
+ # Config
+ sed -i "/define('ZIMBRA_URL', 'https:\/\/127.0.0.1');/a \ define('ZIMBRA_URL', '${2}');" /var/www/z-push/backend/zimbra/config.php
+}
+
+inst_z-push-backend-update() {
+ cat << 'EOF' > /usr/local/bin/mtm-zpushbackendupdate
+show_help() {
+ echo "mtm-zpushbackendupdate version"
+ echo ""
+ echo "Example :"
+ echo "mtm-zpushbackendupdate 71"
+ echo "Look at :"
+ echo "https://sourceforge.net/projects/zimbrabackend/files"
+}
+
+if [ "${1}" == "" ]; then
+ show_help
+ exit 1
+fi
+
+cd || exit 1
+wget https://sourceforge.net/projects/zimbrabackend/files/Release"${1}"/zimbra"${1}".tgz/download
+tar -xf download
+mv /var/www/z-push/backend/zimbra /var/www/z-push/backend/zimbra.upd
+cp -r zimbra"${1}" /var/www/z-push/backend/zimbra
+mv /var/www/z-push/backend/zimbra/config.php /var/www/z-push/backend/zimbra/config.php.new
+mv /var/www/z-push/backend/zimbra.upd/config.php /var/www/z-push/backend/zimbra/config.php
+# chown -R www-data:www-data /var/www/z-push/backend/zimbra
+systemctl restart apache2.service
+rm -r /var/www/z-push/backend/zimbra.upd
+rm download
+rm -r zimbra"${1}"
+diff /var/www/z-push/backend/zimbra/config.php /var/www/z-push/backend/zimbra/config.php.new
+EOF
+ chmod 755 /usr/local/bin/mtm-zpushbackendupdate
+}
+
+conf_apache2() {
+ chown -R www-data:www-data /var/lib/z-push
+ chown -R www-data:www-data /var/log/z-push
+ # chown -R www-data:www-data /var/www/z-push
+ a2dissite 000-default.conf
+ a2enmod ssl
+ a2enmod proxy_fcgi setenvif
+ a2enconf php7.4-fpm
+
+ cat << EOF > /etc/apache2/ports.conf
+
+ Listen ${APACHE2PORT}
+
+
+ Listen ${APACHE2PORT}
+
+EOF
+
+ cat << EOF > /etc/apache2/sites-available/z-push.conf
+
+
+ ServerAdmin admin@mtm.lan
+ ServerName 127.0.0.1
+
+ # Indexes + Directory Root.
+ DirectoryIndex index.php
+ DocumentRoot /var/www/z-push/
+ Alias /Microsoft-Server-ActiveSync /var/www/z-push/index.php
+ AliasMatch (?i)/Autodiscover/Autodiscover.xml /var/www/z-push/autodiscover/autodiscover.php
+
+
+ Require all granted
+ #AllowOverride None
+
+
+ php_flag magic_quotes_gpc off
+ php_flag register_globals off
+ php_flag magic_quotes_runtime off
+ php_flag short_open_tag on
+
+ # Logfiles
+ ErrorLog /var/log/z-push/error.log
+ CustomLog /var/log/z-push/access.log combined
+
+ # SSL
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+
+EOF
+ a2ensite z-push.conf
+ systemctl restart apache2.service
+}
+
+conf_logrotate() {
+ cat << EOF > /etc/logrotate.d/z-push
+/var/log/z-push/*.log {
+ daily
+ missingok
+ rotate 14
+ compress
+ delaycompress
+ notifempty
+}
+EOF
+}
+
+main
+
+# iptables
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport '"${APACHE2PORT}"' -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Z-PUSH' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/ubuntu-20.04/apps/zimbra-10/zimbra-10.sh b/ubuntu-20.04/apps/zimbra-10/zimbra-10.sh
new file mode 100644
index 0000000..1e712fe
--- /dev/null
+++ b/ubuntu-20.04/apps/zimbra-10/zimbra-10.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+MTMZMBUILDER="http://127.0.0.1"
+MTMZMBUILDER=$(whiptail --title "ZM Builder URL" --inputbox "" 0 30 "${MTMZMBUILDER}" 3>&1 1>&2 2>&3)
+ZIMBRAVER=10.0.5
+ZIMBRAVER=$(whiptail --title "Zimbra version" --inputbox "" 0 30 "${ZIMBRAVER}" 3>&1 1>&2 2>&3)
+
+DNSIP=$(grep "nameserver " /etc/resolv.conf | awk -F ' ' '{print $2}')
+FQDN=$(hostname -A)
+
+apt -y remove postfix
+apt -y autoremove
+
+mkdir v"${ZIMBRAVER}"
+cd v"${ZIMBRAVER}" || exit 1
+wget "${MTMZMBUILDER}"/zcs-"${ZIMBRAVER}".tgz
+tar xf zcs-*.tgz
+cd "$(ls -d ./*/)" || exit 1
+systemctl disable systemd-resolved.service
+systemctl stop systemd-resolved.service
+./install.sh
+cd || exit 1
+sed -i "s/127.0.0.1/${DNSIP}/" /etc/resolv.conf
+sudo -u zimbra bash -c "/opt/zimbra/bin/zmprov mcf zimbraPublicServiceHostname ${FQDN}"
+sudo -u zimbra bash -c "/opt/zimbra/bin/zmprov mcf zimbraPublicServicePort 443"
+
+cat << 'EOF' > /usr/local/bin/mtm-zmupdate
+#!/bin/bash
+MTMZMBUILDER=${1}
+ZIMBRAVER=${2}
+
+show_help() {
+ echo "mtm-zmupdate zmbuilder zmversion"
+ echo ""
+ echo "Example :"
+ echo "mtm-zmupdate https://x.x.x.x 10.0.5"
+}
+
+if [ "${MTMZMBUILDER}" == "" ] || [ "${ZIMBRAVER}" == "" ]; then
+ show_help
+ exit 1
+fi
+
+cd || exit 1
+mkdir v"${ZIMBRAVER}"
+cd v"${ZIMBRAVER}" || exit 1
+wget "${MTMZMBUILDER}"/zcs-"${ZIMBRAVER}".tgz
+tar xf zcs-*.tgz
+cd "$(ls -d ./*/)" || exit 1
+./install.sh
+
+cd || exit 1
+EOF
+chmod 755 /usr/local/bin/mtm-zmupdate
+
+apt update
+apt -y dist-upgrade
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 7071 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # ZIMBRA' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/ubuntu-20.04/files/alias.sh b/ubuntu-20.04/files/alias.sh
new file mode 100644
index 0000000..43d610f
--- /dev/null
+++ b/ubuntu-20.04/files/alias.sh
@@ -0,0 +1,11 @@
+alias ls='ls --color=auto -hl --time-style long-iso'
+alias l='ls --color=auto -hlA --time-style long-iso'
+alias ll='ls --color=auto -hla --time-style long-iso'
+alias cd..='cd ..'
+alias ff='find / -name'
+alias f='find . -name'
+alias fif='grep -rnw . -e'
+alias grep='grep --color=auto'
+alias ip='ip -c'
+alias vdir='vdir --color=auto'
+alias watch='watch --color'
diff --git a/ubuntu-20.04/files/issue b/ubuntu-20.04/files/issue
new file mode 100644
index 0000000..eb49462
--- /dev/null
+++ b/ubuntu-20.04/files/issue
@@ -0,0 +1,21 @@
+\v \r \l
+
+ .o oOOOOOOOo OOOo
+ Ob.OOOOOOOo OOOo. oOOo. .adOOOOOOO
+ OboO"""""""""""".OOo. .oOOOOOo. OOOo.oOOOOOo.."""""""""'OO
+ OOP.oOOOOOOOOOOO "POOOOOOOOOOOo. `"OOOOOOOOOP,OOOOOOOOOOOB'
+ `O'OOOO' `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO' `OOOOo
+ .OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO
+ OOOOO '"OOOOOOOOOOOOOOOO"` oOO
+ oOOOOOba. .adOOOOOOOOOOba .adOOOOo.
+ oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO
+ OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"` '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
+ "OOOO" "YOoOOOOMOIONODOO"` . '"OOROAOPOEOOOoOY" "OOO"
+ Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`
+ : .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .
+ . oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
+ '%o OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
+ `$" `OOOO' `O"Y ' `OOOO' o .
+ . . OP" : o .
+ :
+ .
diff --git a/ubuntu-20.04/files/ps1.sh b/ubuntu-20.04/files/ps1.sh
new file mode 100644
index 0000000..b2e5b29
--- /dev/null
+++ b/ubuntu-20.04/files/ps1.sh
@@ -0,0 +1,5 @@
+clrreset='\e[0m'
+clrwhite='\e[1;37m'
+clrgreen='\e[1;32m'
+clrred='\e[1;31m'
+export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"
diff --git a/ubuntu-20.04/files/rules.v4 b/ubuntu-20.04/files/rules.v4
new file mode 100644
index 0000000..7336aaf
--- /dev/null
+++ b/ubuntu-20.04/files/rules.v4
@@ -0,0 +1,13 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# Ping
+-A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
+# SNMPD
+-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
+COMMIT
diff --git a/ubuntu-20.04/files/rules.v6 b/ubuntu-20.04/files/rules.v6
new file mode 100644
index 0000000..0bf819a
--- /dev/null
+++ b/ubuntu-20.04/files/rules.v6
@@ -0,0 +1,7 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+COMMIT
diff --git a/ubuntu-20.04/init.sh b/ubuntu-20.04/init.sh
new file mode 100644
index 0000000..01840ea
--- /dev/null
+++ b/ubuntu-20.04/init.sh
@@ -0,0 +1,304 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare DIR_URL=ubuntu-20.04
+declare IPV4=127.0.0.1
+declare ISLXC=0
+
+showHelp() {
+ echo "init.sh"
+ echo ""
+ echo "use :"
+ echo "bash init.sh [options]"
+ echo " -b | --base-url url"
+}
+
+InitConst() {
+ IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+
+ grep -q -v -a lxc /proc/1/environ
+ ISLXC=$?
+}
+
+Main() {
+ InitConst
+ if [[ ${ISLXC} == 0 ]]; then
+ NetSetHostname
+ NetIPConfig
+ else
+ APTCleanupLXCPackage
+ fi
+ NetCleanUpSystemdResolved
+ APTSetProxy
+ APTUpdateDist
+ APTInstallBase
+ APTCleanAll
+ BashSetAlias
+ BashSetPS
+ BashRMbashrc
+ NanoSetConfig
+ IssueSetContent
+ SSHEnableRootLogin
+ GrubSetConfig
+ InstApps
+ Reboot
+}
+
+NetSetHostname() {
+ hostname=$(hostname)
+ hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
+ hostnamectl set-hostname "${hostname}"
+ fi
+}
+NetIPConfig() {
+ options=()
+ options+=("DHCP" "")
+ options+=("Static" "")
+ sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ case ${sel} in
+ "Static") NetIPConfigStatic;;
+ esac
+ fi
+}
+NetIPConfigStatic() {
+ netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
+ netif=${netif:1}
+ netip="${IPV4}"
+ netmask="255.255.255.0"
+ netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
+ netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
+ netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
+ netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
+ if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
+ netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
+ if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
+ netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
+ if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
+ echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
+ echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
+ echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
+ echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
+ echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
+ sed -i "/${netif}/d" /etc/network/interfaces
+ echo "nameserver ${netdns}" > /etc/resolv.conf
+ fi
+ fi
+ fi
+ fi
+}
+NetCleanUpSystemdResolved() {
+ sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
+ sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
+ systemctl restart systemd-resolved
+}
+
+APTSetProxy() {
+ proxy=""
+ proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ if [ "${proxy}" != "" ]; then
+ echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
+ fi
+ fi
+}
+APTCleanupLXCPackage() {
+ echo "Skip"
+ # apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
+}
+APTUpdateDist() {
+ apt update -y
+ apt dist-upgrade -y
+}
+APTInstallBase() {
+ options=()
+ options+=("curl" "" on)
+ options+=("wget" "" on)
+ options+=("lsof" "" on)
+ options+=("acpi" "" on)
+ options+=("bash-completion" "" on)
+ options+=("iptables" "" on)
+ options+=("iptables-persistent" "" on)
+ options+=("openssh-server" "" on)
+ options+=("gnupg" "" on)
+ options+=("rsync" "" on)
+ options+=("nmon" "" on)
+ options+=("snmpd" "" on)
+ options+=("clevis-net" "" off)
+ sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ # shellcheck disable=SC2001
+ if [ "$?" = "0" ]; then
+ pkg=""
+ for itm in ${sel}; do
+ case ${itm} in
+ '"iptables-persistent"')
+ pkg="${pkg} $(echo "${itm}" | sed 's/"//g')"
+ IPTablesPostInstall;;
+ '"clevis-net"')
+ pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
+ *)
+ pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";;
+ esac
+ done
+ # shellcheck disable=SC2086
+ apt install -y ${pkg}
+ for itm in ${sel}; do
+ case ${itm} in
+ '"iptables-persistent"')
+ IPTablesConfig;;
+ '"snmpd"')
+ SNMPDConfig;;
+ '"clevis-net"')
+ ClevisNetInit;;
+ esac
+ done
+ fi
+}
+APTCleanAll() {
+ apt-get autoremove -y
+ apt-get autoclean -y
+}
+
+BashSetAlias() {
+ wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
+}
+BashSetPS() {
+ wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
+}
+BashRMbashrc() {
+ rm /root/.bashrc
+}
+
+NanoSetConfig() {
+ sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
+ {
+ echo "set numbercolor brightwhite"
+ echo "set statuscolor brightwhite,green"
+ echo "set keycolor cyan"
+ echo "set functioncolor green"
+ } >> /etc/nanorc
+ {
+ echo "set titlecolor brightwhite,red"
+ echo "set statuscolor brightwhite,red"
+ } > /root/.nanorc
+}
+
+IssueSetContent() {
+ wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
+}
+
+IPTablesPostInstall() {
+ echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+ echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+}
+IPTablesConfig() {
+ wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
+ wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
+ iptables-restore /etc/iptables/rules.v4
+ ip6tables-restore /etc/iptables/rules.v6
+}
+
+SNMPDConfig() {
+ cummunityname=public
+ cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
+ sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
+ sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
+ systemctl restart snmpd
+}
+
+ClevisNetInit() {
+ LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
+ options=()
+ IFS_ORIG=$IFS
+ IFS=$'\n'
+ for LUKSPART in ${LUKSPARTS}
+ do
+ options+=("${LUKSPART}" "")
+ done
+ IFS=$IFS_ORIG
+ DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
+ if [ "$?" = "0" ]; then
+ clevis luks bind -d "${DEV}" tang "{\"url\": \"${TANGURL}\"}"
+ systemctl enable clevis-luks-askpass.path
+ fi
+ fi
+}
+
+SSHEnableRootLogin() {
+ sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
+ systemctl restart sshd
+}
+
+GrubSetConfig() {
+ if [ -f "/etc/default/grub" ]; then
+ sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
+ update-grub
+ fi
+}
+
+InstApps() {
+ options=()
+ #if [[ ${ISLXC} == 0 ]]; then
+ # options+=("docker" "" off)
+ # options+=("portainer" "" off)
+ #fi
+ options+=("zimbra-10" "Need Debian 12 zm-builder" off)
+ options+=("zimbra-10-zpush" "Need zimbra 10" off)
+ options+=("misc-apps" "..." off)
+ sel=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ for itm in ${sel}; do
+ case ${itm//\"/} in
+ misc-apps)
+ InstMiscApps;;
+ archived-apps)
+ InstArchivedApps;;
+ *)
+ cd /tmp || exit
+ wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+ bash ./"${itm//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
+ esac
+ done
+ fi
+}
+InstMiscApps() {
+ options=()
+ options+=("bind9" "" off)
+ options+=("iperf3" "" off)
+ sel=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ for itm in ${sel}; do
+ cd /tmp || exit
+ wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+ bash ./"${itm//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
+ done
+ fi
+}
+
+Reboot() {
+ if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
+ reboot
+ fi
+}
+
+while [ ${#} -gt 0 ]; do
+ case ${1} in
+ --help) showHelp; exit 0;;
+ -b | --base-url) BASE_URL="${2}"; shift;;
+ *) shift;;
+ esac
+done
+
+Main
diff --git a/ubuntu.sh b/ubuntu.sh
new file mode 100644
index 0000000..143d8d5
--- /dev/null
+++ b/ubuntu.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare UBUNTUVER=0
+
+showHelp() {
+ echo "ubuntu.sh"
+ echo ""
+ echo "use :"
+ echo "bash ubuntu.sh [options]"
+ echo " -b | --base-url url"
+}
+
+main() {
+ UBUNTUVER=$(grep "VERSION_ID=" /etc/os-release | sed 's/"//g' | sed 's/.*=//')
+ apt update -y
+ apt install -y wget
+ wget -O /tmp/init.sh "${BASE_URL}"/ubuntu-"${UBUNTUVER}"/init.sh
+ bash /tmp/init.sh -b "${BASE_URL}"
+ rm /tmp/init.sh
+}
+
+
+while [ ${#} -gt 0 ]; do
+ case ${1} in
+ --help) showHelp; exit 0;;
+ -b | --base-url) BASE_URL="${2}"; shift;;
+ *) shift;;
+ esac
+done
+
+main