diff --git a/debian-12/apps/apt-cacher-ng/apt-cacher-ng.sh b/debian-12/apps/apt-cacher-ng/apt-cacher-ng.sh
new file mode 100644
index 0000000..dff3063
--- /dev/null
+++ b/debian-12/apps/apt-cacher-ng/apt-cacher-ng.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [ -d "/var/cache/apt-cacher-ng" ]; then
+ chown apt-cacher-ng:apt-cacher-ng apt-cacher-ng
+fi
+
+apt install -y rinetd apt-cacher-ng
+
+cat > /etc/apt-cacher-ng/backend_archlx << "EOF"
+#### HTTPS not supported ####
+
+http://archlinux.puzzle.ch/
+EOF
+systemctl restart apt-cacher-ng
+
+sed -i '/^# bindadress.*/a 0.0.0.0 8080 127.0.0.1 3142' /etc/rinetd.conf
+sed -i '/^# bindadress.*/a 0.0.0.0 80 127.0.0.1 3142' /etc/rinetd.conf
+systemctl restart rinetd
+
+echo "Acquire::http { Proxy \"http://127.0.0.1\"; };" > /etc/apt/apt.conf.d/02proxy
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # apt-cacher-ng' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/bind9/bind9.sh b/debian-12/apps/bind9/bind9.sh
new file mode 100644
index 0000000..6a1bbc6
--- /dev/null
+++ b/debian-12/apps/bind9/bind9.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y bind9
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/docker/docker.sh b/debian-12/apps/docker/docker.sh
new file mode 100644
index 0000000..3c21fd5
--- /dev/null
+++ b/debian-12/apps/docker/docker.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+swapoff -a
+sed -i "/swap/d" /etc/fstab
+
+apt remove -y iptables-persistent
+apt autoremove -y
+apt install -y ca-certificates curl gnupg lsb-release
+
+curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable" > /etc/apt/sources.list.d/docker.list
+
+sysctl -w net/netfilter/nf_conntrack_max=131072
+
+apt update
+apt dist-upgrade
+apt install -y docker-ce
+apt install -y docker-compose
+
+systemctl enable docker.service
+systemctl start docker.service
+
+sleep 3
diff --git a/debian-12/apps/iperf3/iperf3.sh b/debian-12/apps/iperf3/iperf3.sh
new file mode 100644
index 0000000..78ee00e
--- /dev/null
+++ b/debian-12/apps/iperf3/iperf3.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y iperf3
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/matomo/matomo.sh b/debian-12/apps/matomo/matomo.sh
new file mode 100644
index 0000000..4ff4084
--- /dev/null
+++ b/debian-12/apps/matomo/matomo.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+apt install -y mariadb-server apache2 unzip
+apt install -y php7.4 php7.4-gd php7.4-mbstring php7.4-mysql php7.4-opcache php7.4-readline php7.4-xml php-geoip
+# apt install php php-curl php-gd php-cli php-mysql php-xml php-mbstring
+
+DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "matomo" 3>&1 1>&2 2>&3)
+DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "matomo" 3>&1 1>&2 2>&3)
+DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "matomo" 3>&1 1>&2 2>&3)
+mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
+
+a2dissite 000-default
+a2dissite default-ssl.conf
+a2enmod ssl
+
+mkdir matomo
+cd matomo
+wget https://builds.matomo.org/matomo.zip && unzip matomo.zip
+mv matomo /var/www
+chown -R www-data:www-data /var/www/matomo
+cd ..
+rm -R matomo
+
+cat > /etc/apache2/sites-available/matomo.conf << "EOF"
+
+
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/matomo
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+
+
+EOF
+
+systemctl reload apache2
+a2ensite matomo
+systemctl restart apache2
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Matomo' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/mongodb-4.4/mongodb-4.4.sh b/debian-12/apps/mongodb-4.4/mongodb-4.4.sh
new file mode 100644
index 0000000..a02768e
--- /dev/null
+++ b/debian-12/apps/mongodb-4.4/mongodb-4.4.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add -
+echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main"> /etc/apt/sources.list.d/mongodb-org-4.4.list
+apt update
+apt install -y mongodb-org
+
+DBPATH=/srv/mongodb
+mkdir -p ${DBPATH}
+chown mongodb:mongodb ${DBPATH}
+chmod 700 ${DBPATH}
+sed -i "/dbPath/c\ dbPath: ${DBPATH}" /etc/mongod.conf
+
+systemctl enable mongod.service
+systemctl restart mongod.service
diff --git a/debian-12/apps/mongodb-5.0/mongodb-5.0.sh b/debian-12/apps/mongodb-5.0/mongodb-5.0.sh
new file mode 100644
index 0000000..d7dec80
--- /dev/null
+++ b/debian-12/apps/mongodb-5.0/mongodb-5.0.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | apt-key add -
+echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/5.0 main"> /etc/apt/sources.list.d/mongodb-org-5.0.list
+apt update
+apt install -y mongodb-org
+
+DBPATH=/srv/mongodb
+mkdir -p ${DBPATH}
+chown mongodb:mongodb ${DBPATH}
+chmod 700 ${DBPATH}
+sed -i "/dbPath/c\ dbPath: ${DBPATH}" /etc/mongod.conf
+
+systemctl enable mongod.service
+systemctl restart mongod.service
diff --git a/debian-12/apps/mongodb-6.0/mongodb-6.0.sh b/debian-12/apps/mongodb-6.0/mongodb-6.0.sh
new file mode 100644
index 0000000..de68c44
--- /dev/null
+++ b/debian-12/apps/mongodb-6.0/mongodb-6.0.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | apt-key add -
+echo "deb http://repo.mongodb.org/apt/debian bookworm/mongodb-org/6.0 main" > /etc/apt/sources.list.d/mongodb-org-6.0.list
+apt update
+apt install -y mongodb-org
+
+DBPATH=/srv/mongodb
+mkdir -p ${DBPATH}
+chown mongodb:mongodb ${DBPATH}
+chmod 700 ${DBPATH}
+sed -i "/dbPath/c\ dbPath: ${DBPATH}" /etc/mongod.conf
+
+systemctl enable mongod.service
+systemctl restart mongod.service
diff --git a/debian-12/apps/nextcloud-26/nextcloud-26.sh b/debian-12/apps/nextcloud-26/nextcloud-26.sh
new file mode 100644
index 0000000..02751fc
--- /dev/null
+++ b/debian-12/apps/nextcloud-26/nextcloud-26.sh
@@ -0,0 +1,116 @@
+#!/bin/bash
+
+# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
+
+IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
+NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
+NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
+PHPVER=8.2
+
+curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
+echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php-${PHPVER}.list
+apt update -y
+
+apt install -y sudo bzip2 apache2 coturn
+apt install -y php${PHPVER} php${PHPVER}-curl php${PHPVER}-gd php${PHPVER}-mbstring php${PHPVER}-zip php${PHPVER}-xml php${PHPVER}-bz2 php${PHPVER}-intl php${PHPVER}-fpm php${PHPVER}-apcu php${PHPVER}-memcached php${PHPVER}-redis php${PHPVER}-imagick php${PHPVER}-bcmath php${PHPVER}-gmp libapache2-mod-php${PHPVER}
+apt install -y php${PHPVER}-mysql mariadb-server
+apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
+
+a2dissite 000-default
+a2dissite default-ssl.conf
+a2enmod rewrite
+a2enmod headers
+a2enmod env
+a2enmod dir
+a2enmod mime
+a2enmod ssl
+
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/${PHPVER}/apache2/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/${PHPVER}/fpm/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/${PHPVER}/cli/php.ini
+echo "apc.enable_cli=1" >> /etc/php/${PHPVER}/cli/php.ini
+
+mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
+
+wget https://download.nextcloud.com/server/releases/latest-26.tar.bz2
+tar -xvf latest-26.tar.bz2
+mv nextcloud /var/www
+chown -R www-data:www-data /var/www/nextcloud
+mkdir -p ${DATAPATH}
+chown -R www-data:www-data ${DATAPATH}
+
+cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
+
+ Protocols h2 http:/1.1
+ DocumentRoot "/var/www/nextcloud"
+ #ServerName nextcloud.your-domain.com
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+ Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+ SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLProtocol TLSv1.2
+
+
+ Options +FollowSymlinks
+ AllowOverride All
+
+ Dav off
+
+ SetEnv HOME /var/www/nextcloud
+ SetEnv HTTP_HOME /var/www/nextcloud
+ Satisfy Any
+
+
+
+EOF
+
+a2ensite nextcloud
+systemctl restart apache2
+
+cd /var/www/nextcloud/
+sudo -u www-data php occ maintenance:install \
+ --database "mysql" \
+ --database-name "${DBNAME}" \
+ --database-user "${DBUSER}" \
+ --database-pass "${DBPASS}" \
+ --admin-user "${NCUSER}" \
+ --admin-pass "${NCPASS}" \
+ --data-dir "${DATAPATH}"
+sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
+echo "*/5 * * * * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
+sudo -u www-data php occ background:cron
+
+cat >> /etc/turnserver.conf << "EOF"
+listening-port=8080
+listening-ip=0.0.0.0
+fingerprint
+use-auth-secret
+static-auth-secret=AUTHSECRET
+# realm=nextcloud.dom.lan
+total-quota=0
+bps-capacity=0
+stale-nonce
+no-multicast-peers
+EOF
+AUTHSECRET=$(openssl rand -hex 32)
+sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/nextcloud-latest/nextcloud-latest.sh b/debian-12/apps/nextcloud-latest/nextcloud-latest.sh
new file mode 100644
index 0000000..6e20e2f
--- /dev/null
+++ b/debian-12/apps/nextcloud-latest/nextcloud-latest.sh
@@ -0,0 +1,112 @@
+#!/bin/bash
+
+# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
+
+IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
+NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
+NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
+
+
+apt install -y sudo apache2 coturn
+apt install -y php7.4 php7.4-curl php7.4-gd php7.4-mbstring php7.4-zip php-xml php-bz2 php7.4-intl php7.4-fpm php-apcu php-memcached php-redis php-imagick php7.4-bcmath php7.4-gmp libapache2-mod-php7.4
+apt install -y php7.4-mysql mariadb-server
+apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
+
+a2dissite 000-default
+a2dissite default-ssl.conf
+a2enmod rewrite
+a2enmod headers
+a2enmod env
+a2enmod dir
+a2enmod mime
+a2enmod ssl
+
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/apache2/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/fpm/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/cli/php.ini
+echo "apc.enable_cli=1" >> /etc/php/7.4/cli/php.ini
+
+mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
+
+wget https://download.nextcloud.com/server/releases/latest.tar.bz2
+tar -xvf latest.tar.bz2
+mv nextcloud /var/www
+chown -R www-data:www-data /var/www/nextcloud
+mkdir -p ${DATAPATH}
+chown -R www-data:www-data ${DATAPATH}
+
+cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
+
+ Protocols h2 http:/1.1
+ DocumentRoot "/var/www/nextcloud"
+ #ServerName nextcloud.your-domain.com
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+ Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+ SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLProtocol TLSv1.2
+
+
+ Options +FollowSymlinks
+ AllowOverride All
+
+ Dav off
+
+ SetEnv HOME /var/www/nextcloud
+ SetEnv HTTP_HOME /var/www/nextcloud
+ Satisfy Any
+
+
+
+EOF
+
+a2ensite nextcloud
+systemctl restart apache2
+
+cd /var/www/nextcloud/
+sudo -u www-data php occ maintenance:install \
+ --database "mysql" \
+ --database-name "${DBNAME}" \
+ --database-user "${DBUSER}" \
+ --database-pass "${DBPASS}" \
+ --admin-user "${NCUSER}" \
+ --admin-pass "${NCPASS}" \
+ --data-dir "${DATAPATH}"
+sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
+echo "*/5 * * * * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
+sudo -u www-data php occ background:cron
+
+cat >> /etc/turnserver.conf << "EOF"
+listening-port=8080
+listening-ip=0.0.0.0
+fingerprint
+use-auth-secret
+static-auth-secret=AUTHSECRET
+# realm=nextcloud.dom.lan
+total-quota=0
+bps-capacity=0
+stale-nonce
+no-multicast-peers
+EOF
+AUTHSECRET=$(openssl rand -hex 32)
+sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/nodejs-14/nodejs-14.sh b/debian-12/apps/nodejs-14/nodejs-14.sh
new file mode 100644
index 0000000..3220a1e
--- /dev/null
+++ b/debian-12/apps/nodejs-14/nodejs-14.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+mkdir /srv/node
+curl -sL https://deb.nodesource.com/setup_14.x | bash -
+apt install -y nodejs
+npm i -g nodemon
+
+cat > /etc/systemd/system/nodejs.service << EOF
+[Service]
+ExecStart=/usr/bin/node app.js
+WorkingDirectory=/srv/node
+Restart=always
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=node
+#User=websites
+#Group=websites
+Environment=NODE_ENV=production
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /srv/node/app.js << "EOF"
+var http = require('http')
+
+http.createServer(function (req, res) {
+ res.writeHead(200, {'Content-Type': 'text/plain'})
+ res.write('Hello World!')
+ res.end()
+}).listen(80)
+EOF
+
+systemctl daemon-reload
+systemctl enable nodejs.service
+systemctl start nodejs.service
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/nodejs-16/nodejs-16.sh b/debian-12/apps/nodejs-16/nodejs-16.sh
new file mode 100644
index 0000000..0322394
--- /dev/null
+++ b/debian-12/apps/nodejs-16/nodejs-16.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+mkdir /srv/node
+curl -sL https://deb.nodesource.com/setup_16.x | bash -
+apt install -y nodejs
+npm i -g nodemon
+
+cat > /etc/systemd/system/nodejs.service << EOF
+[Service]
+ExecStart=/usr/bin/node app.js
+WorkingDirectory=/srv/node
+Restart=always
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=node
+#User=websites
+#Group=websites
+Environment=NODE_ENV=production
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /srv/node/app.js << "EOF"
+var http = require('http')
+
+http.createServer(function (req, res) {
+ res.writeHead(200, {'Content-Type': 'text/plain'})
+ res.write('Hello World!')
+ res.end()
+}).listen(80)
+EOF
+
+systemctl daemon-reload
+systemctl enable nodejs.service
+systemctl start nodejs.service
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/nodejs-18/nodejs-18.sh b/debian-12/apps/nodejs-18/nodejs-18.sh
new file mode 100644
index 0000000..fc2d5f4
--- /dev/null
+++ b/debian-12/apps/nodejs-18/nodejs-18.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+mkdir /srv/node
+curl -sL https://deb.nodesource.com/setup_18.x | bash -
+apt install -y nodejs
+npm i -g nodemon
+
+cat > /etc/systemd/system/nodejs.service << EOF
+[Service]
+ExecStart=/usr/bin/node app.js
+WorkingDirectory=/srv/node
+Restart=always
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=node
+#User=websites
+#Group=websites
+Environment=NODE_ENV=production
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /srv/node/app.js << "EOF"
+var http = require('http')
+
+http.createServer(function (req, res) {
+ res.writeHead(200, {'Content-Type': 'text/plain'})
+ res.write('Hello World!')
+ res.end()
+}).listen(80)
+EOF
+
+systemctl daemon-reload
+systemctl enable nodejs.service
+systemctl start nodejs.service
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/nodejs-19/nodejs-19.sh b/debian-12/apps/nodejs-19/nodejs-19.sh
new file mode 100644
index 0000000..696d317
--- /dev/null
+++ b/debian-12/apps/nodejs-19/nodejs-19.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+mkdir /srv/node
+curl -sL https://deb.nodesource.com/setup_19.x | bash -
+apt install -y nodejs
+npm i -g nodemon
+
+cat > /etc/systemd/system/nodejs.service << EOF
+[Service]
+ExecStart=/usr/bin/node app.js
+WorkingDirectory=/srv/node
+Restart=always
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=node
+#User=websites
+#Group=websites
+Environment=NODE_ENV=production
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /srv/node/app.js << "EOF"
+var http = require('http')
+
+http.createServer(function (req, res) {
+ res.writeHead(200, {'Content-Type': 'text/plain'})
+ res.write('Hello World!')
+ res.end()
+}).listen(80)
+EOF
+
+systemctl daemon-reload
+systemctl enable nodejs.service
+systemctl start nodejs.service
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/nodejs-20/nodejs-20.sh b/debian-12/apps/nodejs-20/nodejs-20.sh
new file mode 100644
index 0000000..83981eb
--- /dev/null
+++ b/debian-12/apps/nodejs-20/nodejs-20.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+mkdir /srv/node
+curl -sL https://deb.nodesource.com/setup_20.x | bash -
+apt install -y nodejs
+npm i -g nodemon
+
+cat > /etc/systemd/system/nodejs.service << EOF
+[Service]
+ExecStart=/usr/bin/node app.js
+WorkingDirectory=/srv/node
+Restart=always
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=node
+#User=websites
+#Group=websites
+Environment=NODE_ENV=production
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /srv/node/app.js << "EOF"
+var http = require('http')
+
+http.createServer(function (req, res) {
+ res.writeHead(200, {'Content-Type': 'text/plain'})
+ res.write('Hello World!')
+ res.end()
+}).listen(80)
+EOF
+
+systemctl daemon-reload
+systemctl enable nodejs.service
+systemctl start nodejs.service
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/portainer/portainer.sh b/debian-12/apps/portainer/portainer.sh
new file mode 100644
index 0000000..4d151b2
--- /dev/null
+++ b/debian-12/apps/portainer/portainer.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker run -d --name="portainer" --restart=unless-stopped -p 8000:8000 -p 9000:9000 -p 9443:9443 -v /var/run/docker.sock:/var/run/docker.sock -v /srv/portainer/data:/data portainer/portainer-ce
diff --git a/debian-12/apps/proxmox-8/proxmox-8.sh b/debian-12/apps/proxmox-8/proxmox-8.sh
new file mode 100644
index 0000000..ab4ca36
--- /dev/null
+++ b/debian-12/apps/proxmox-8/proxmox-8.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+exit 1
+
+HOSTNAME=$(hostname -s)
+FQDN=$(hostname)
+IPV4INT=$(ip addr | grep ' /etc/hosts
+echo "${IPV4} ${FQDN} ${HOSTNAME}" >> /etc/hosts
+
+apt remove -y iptables-persistent
+rm -R /etc/iptables
+
+echo "deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription" >> /etc/apt/sources.list
+wget http://download.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg
+
+apt update
+apt -y full-upgrade
+export DEBIAN_FRONTEND=noninteractive
+apt install -y proxmox-ve postfix open-iscsi ifupdown2
+apt remove -y os-prober linux-image-*
+update-grub
+
+echo "# deb https://enterprise.proxmox.com/debian/pve bullseye pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list
+
+NETFILE=/etc/network/interfaces.new
+echo "" >> ${NETFILE}
+echo "auto vmbr0" >> ${NETFILE}
+echo "iface vmbr0 inet static" >> ${NETFILE}
+echo " address ${IPV4}/${IPV4MASK}" >> ${NETFILE}
+echo " gateway ${IPV4GW}" >> ${NETFILE}
+echo " bridge-ports ${IPV4INT}" >> ${NETFILE}
+echo " bridge-stp off" >> ${NETFILE}
+echo " bridge-fd 0" >> ${NETFILE}
+
+rm /etc/network/interfaces.d/*
diff --git a/debian-12/apps/rinetd/rinetd.sh b/debian-12/apps/rinetd/rinetd.sh
new file mode 100644
index 0000000..733f5cf
--- /dev/null
+++ b/debian-12/apps/rinetd/rinetd.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+apt install -y rinetd
+
+nano /etc/rinetd.conf
+systemctl restart rinetd
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # RINETD' /etc/iptables/rules.v4
+ nano /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/tang/tang.sh b/debian-12/apps/tang/tang.sh
new file mode 100644
index 0000000..b6d3691
--- /dev/null
+++ b/debian-12/apps/tang/tang.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+apt install -y tang
+
+# systemctl edit tangd.socket
+# systemctl daemon-reload
+systemctl enable tangd.socket
+systemctl start tangd.socket
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TANGD' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/tor-gw/tor-gw.sh b/debian-12/apps/tor-gw/tor-gw.sh
new file mode 100644
index 0000000..da31eba
--- /dev/null
+++ b/debian-12/apps/tor-gw/tor-gw.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+apt install -y tor
+
+echo "nameserver 127.0.0.1" > /etc/resolv.conf
+
+cat >> /etc/tor/torrc << EOF
+VirtualAddrNetwork 10.192.0.0/10
+AutomapHostsSuffixes .onion,.exit
+AutomapHostsOnResolve 1
+TransPort 0.0.0.0:9040
+DNSPort 0.0.0.0:53
+EOF
+
+service tor restart
+
+cat > /etc/iptables/rules.v4 << EOF
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+EOF
+iptables-restore /etc/iptables/rules.v4
+
+iptables -t nat -A PREROUTING ! -i lo -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
+iptables -t nat -A PREROUTING ! -i lo -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
+iptables -t nat -A PREROUTING ! -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
+iptables-save > /etc/iptables/rules.v4
+
+sed -i '/net.ipv4.ip_forward/s/^#//g' /etc/sysctl.conf
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+echo ""
+echo ""
+echo ""
+ip a | grep "inet "
+
+echo ""
+echo "Note for Firefox :"
+echo "You need to enable dot onion in about:config."
+echo "network.dns.blockDotOnion = False"
diff --git a/debian-12/apps/traefik/traefik.sh b/debian-12/apps/traefik/traefik.sh
new file mode 100644
index 0000000..05309ec
--- /dev/null
+++ b/debian-12/apps/traefik/traefik.sh
@@ -0,0 +1,288 @@
+#!/bin/bash
+
+RELEASE=$(whiptail --title "Traefik" --inputbox "Release :" 0 30 "2.7.1" 3>&1 1>&2 2>&3)
+ACCOUNT=$(whiptail --title "Traefik" --inputbox "ACME E-Mail :" 0 30 "" 3>&1 1>&2 2>&3)
+
+main() {
+ Traefik-etc-certs-selfsigned
+ Traefik-etc-services
+ Traefik-etc-config
+ Traefik-etc-iptable
+ Traefik-bin-update-traefik
+ Traefik-service
+}
+
+
+Traefik-etc-certs-selfsigned() {
+ mkdir -p /etc/traefik/certs
+ openssl ecparam -name secp256r1 -genkey -out /etc/traefik/certs/self.key
+ openssl req -new -x509 -key /etc/traefik/certs/self.key -sha256 -nodes -out /etc/traefik/certs/self.crt -days 3650
+}
+
+Traefik-etc-services() {
+ mkdir -p /etc/traefik/services
+ Traefik-etc-services-shared
+ Traefik-etc-services-default
+}
+
+Traefik-etc-services-shared() {
+ cat >> /etc/traefik/services/_shared.yaml << "EOF"
+tls:
+ stores:
+ default:
+ defaultCertificate:
+ certFile: "/etc/traefik/certs/self.crt"
+ keyFile: "/etc/traefik/certs/self.key"
+
+ options:
+ default:
+ minVersion: "VersionTLS12"
+ # sniStrict: true
+ cipherSuites:
+ - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+ - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+
+ mintls13:
+ minVersion: "VersionTLS13"
+
+http:
+ middlewares:
+ to-https:
+ redirectScheme:
+ scheme: "https"
+ permanent: true
+ to-no-www:
+ redirectRegex:
+ regex: "^https://www.(.*)"
+ replacement: "https://${1}"
+ permanent: true
+
+ hsts-min:
+ headers:
+ sslRedirect: true
+ stsIncludeSubdomains: false
+ stsPreload: true
+ stsSeconds: 63072000
+ contentTypeNosniff: true
+ accessControlMaxAge: 100
+ addVaryheader: true
+ hsts_light:
+ headers:
+ sslRedirect: true
+ frameDeny: true
+ stsIncludeSubdomains: false
+ stsPreload: true
+ stsSeconds: 63072000
+ contentTypeNosniff: true
+ accessControlMaxAge: 100
+ addVaryheader: true
+ hsts:
+ headers:
+ sslRedirect: true
+ frameDeny: true
+ stsIncludeSubdomains: false
+ stsPreload: true
+ stsSeconds: 63072000
+ contentTypeNosniff: true
+ accessControlMaxAge: 100
+ addVaryheader: true
+ referrerPolicy: "origin-when-cross-origin"
+ hsts-strict:
+ headers:
+ sslRedirect: true
+ frameDeny: true
+ stsIncludeSubdomains: false
+ stsPreload: true
+ stsSeconds: 63072000
+ contentTypeNosniff: true
+ accessControlMaxAge: 100
+ addVaryheader: true
+ contentSecurityPolicy: "script-src 'self'"
+ referrerPolicy: "origin-when-cross-origin"
+
+ services:
+ dummy:
+ loadBalancer:
+ servers:
+ - url: "https://127.0.0.1:2"
+
+ # matomo:
+ # loadBalancer:
+ # servers:
+ # - url: "https://x.x.x.x:xxx"
+EOF
+}
+
+Traefik-etc-services-default() {
+ cat >> /etc/traefik/services/_default.yaml << "EOF"
+http:
+ routers:
+ _default:
+ entryPoints:
+ - http
+ rule: "PathPrefix(`/`)"
+ # priority: 100
+ # service: _default-matomo
+ service: _default
+
+ _default-secure:
+ entryPoints:
+ - https
+ rule: "PathPrefix(`/`)"
+ # priority: 100
+ # service: _default-matomo
+ service: _default
+ tls:
+ acmev2-staging
+
+ services:
+ # _default-matomo:
+ # mirroring:
+ # service: _default
+ # maxBodySize: 1024
+ # mirrors:
+ # - name: matomo
+ # percent: 100
+
+ _default:
+ loadBalancer:
+ servers:
+ - url: https://127.0.0.1:2
+EOF
+}
+
+Traefik-etc-config() {
+ cat >> /etc/traefik/traefik.yaml << "EOF"
+entryPoints:
+ http:
+ address: ":80"
+ https:
+ address: ":443"
+ traefik:
+ address: ":8099"
+
+api:
+ dashboard: true
+ insecure: true
+
+serversTransport:
+ insecureSkipVerify: true
+
+providers:
+ file:
+ directory: "/etc/traefik/services/"
+ watch: true
+
+certificatesResolvers:
+ acmev2:
+ acme:
+ email: "X{ACCOUNT}"
+ caserver: "https://acme-v02.api.letsencrypt.org/directory"
+ storage: "/etc/traefik/certs/acmev2.json"
+ keyType: "EC384"
+ tlsChallenge: {}
+ acmev2-staging:
+ acme:
+ email: "X{ACCOUNT}"
+ caserver: "https://acme-staging-v02.api.letsencrypt.org/directory"
+ storage: "/etc/traefik/certs/acmev2-staging.json"
+ keyType: "EC384"
+ tlsChallenge: {}
+EOF
+
+sed -i "s/X{ACCOUNT}/${ACCOUNT}/g" /etc/traefik/traefik.yaml
+
+}
+
+Traefik-etc-iptable() {
+ if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8099 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Traefik' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+ fi
+}
+
+Traefik-bin-update-traefik() {
+ cat >> /usr/local/bin/update-traefik << "EOF"
+#/bin/bash
+
+getcurrentversion() {
+ if [ -f /var/opt/traefik/version ]; then
+ cat /var/opt/traefik/version
+ else
+ echo "0"
+ fi
+}
+getlatestversion() {
+ if ! GITHUBTAGNAME=$(curl -sL "https://api.github.com/repos/traefik/traefik/releases/latest" | jq -r ".tag_name"); then
+ echo "Error in Github API"
+ return 1
+ fi
+ if [ "${GITHUBTAGNAME}" == "" ]; then
+ echo "Error in Github API"
+ return 1
+ fi
+ local -r GITHUBVERSION=${GITHUBTAGNAME//[[:alpha:]-]/}
+ if [ "${GITHUBVERSION}" == "" ]; then
+ echo "Error in Github API"
+ return 1
+ fi
+ echo "${GITHUBVERSION}"
+}
+update() {
+ VERSION=${1}
+ mkdir -p /tmp/traefik
+ cd /tmp/traefik
+ wget https://github.com/traefik/traefik/releases/download/v${VERSION}/traefik_v${VERSION}_linux_amd64.tar.gz
+ tar -xf traefik_v${VERSION}_linux_amd64.tar.gz
+ systemctl stop traefik
+ cp traefik /usr/local/bin
+ systemctl start traefik
+ if [ ! -d /var/opt/traefik ]; then
+ mkdir -p /var/opt/traefik
+ fi
+ echo "${VERSION}" > /var/opt/traefik/version
+ rm -R /tmp/traefik
+}
+
+CURVER=$(getcurrentversion)
+LATESTVER=$(getlatestversion)
+
+if [ "${CURVER}" != "${LATESTVER}" ]; then
+ echo "${CURVER} -> ${LATESTVER}"
+ update "${LATESTVER}"
+fi
+EOF
+ chmod 755 /usr/local/bin/update-traefik
+ update-traefik ${RELEASE}
+}
+
+Traefik-service() {
+ cat >> /etc/systemd/system/traefik.service << "EOF"
+[Unit]
+Description=Traefik
+After=network.target auditd.service
+
+[Service]
+ExecStart=/usr/local/bin/traefik -configFile /etc/traefik/traefik.yaml
+ExecReload=/bin/killall traefik
+KillMode=process
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+ systemctl daemon-reload
+ systemctl enable traefik
+ systemctl restart traefik
+}
+
+
+main
diff --git a/debian-12/apps/webmin/webmin.sh b/debian-12/apps/webmin/webmin.sh
new file mode 100644
index 0000000..f427d09
--- /dev/null
+++ b/debian-12/apps/webmin/webmin.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+echo "deb https://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list
+wget https://download.webmin.com/jcameron-key.asc
+cat jcameron-key.asc | gpg --dearmor >/etc/apt/trusted.gpg.d/jcameron-key.gpg
+
+apt update
+apt-get -y install webmin
+
+systemctl daemon-reload
+systemctl start webmin
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^COMMIT.*/i # Webmin' /etc/iptables/rules.v4
+ sed -i '/^COMMIT.*/i -A INPUT -p tcp -m tcp --dport 10000 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/apps/zm-builder/zm-builder.sh b/debian-12/apps/zm-builder/zm-builder.sh
new file mode 100644
index 0000000..a07dff5
--- /dev/null
+++ b/debian-12/apps/zm-builder/zm-builder.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+apt -y install apache2 docker-compose
+rm -r /var/www/html/*
+
+cat << 'EOF' > /usr/local/bin/mtm-zmbuild
+#!/bin/bash
+BUILDVER=${1}
+BUILDNO=${2}
+BUILDCHAIN=${3}
+
+show_help() {
+ echo "mtm-zmbuild version buildno buildchain"
+ echo ""
+ echo "Example :"
+ echo " mtm-zmbuild 10.0.5 4574 10.0.5,10.0.4,10.0.3,10.0.2,10.0.1,10.0.0-GA,10.0.0"
+ echo " mtm-zmbuild 10.0.4 4518 10.0.4,10.0.3,10.0.2,10.0.1,10.0.0-GA,10.0.0"
+}
+
+if [ "${BUILDVER}" == "" ] || [ "${BUILDNO}" == "" ] || [ "${BUILDCHAIN}" == "" ]; then
+ show_help
+ exit 1
+fi
+
+mkdir -p /root/zimbra/${BUILDVER}-${BUILDNO}
+{
+ echo "#!/bin/bash"
+ echo "BUILDVER=${BUILDVER}"
+ echo "BUILDCHAIN=${BUILDCHAIN}"
+ echo "BUILDNO=${BUILDNO}"
+ echo "apt -y install software-properties-common openjdk-8-jdk ant ant-optional ant-contrib ruby git maven build-essential debhelper rclone rsync"
+ echo "git clone --depth 1 --branch ${BUILDVER} https://github.com/Zimbra/zm-build.git"
+ echo "cd zm-build"
+ echo "ENV_CACHE_CLEAR_FLAG=true ./build.pl --ant-options -DskipTests=true --git-default-tag=${BUILDCHAIN} --build-release-no=${BUILDVER} --build-type=FOSS --build-release=Daffodil --build-release-candidate=GA --build-thirdparty-server=files.zimbra.com --build-no=${BUILDNO} --no-interactive"
+ echo "cp /home/build/BUILDS/UBUNTU*/zcs-*.tgz /root"
+ echo "exit"
+} > /root/zimbra/${BUILDVER}-${BUILDNO}/build
+docker run -it --rm -u root -v /root/zimbra/${BUILDVER}-${BUILDNO}:/root zimbra/zm-base-os:devcore-ubuntu-20.04 bash /root/build
+rm -r /root/zimbra/${BUILDVER}-${BUILDNO}/.*
+cp /root/zimbra/${BUILDVER}-${BUILDNO}/zcs-*.tgz /var/www/html/zcs-${BUILDVER}.tgz
+EOF
+chmod +x /usr/local/bin/mtm-zmbuild
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+ sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+ iptables-restore /etc/iptables/rules.v4
+fi
diff --git a/debian-12/files/alias.sh b/debian-12/files/alias.sh
new file mode 100644
index 0000000..43d610f
--- /dev/null
+++ b/debian-12/files/alias.sh
@@ -0,0 +1,11 @@
+alias ls='ls --color=auto -hl --time-style long-iso'
+alias l='ls --color=auto -hlA --time-style long-iso'
+alias ll='ls --color=auto -hla --time-style long-iso'
+alias cd..='cd ..'
+alias ff='find / -name'
+alias f='find . -name'
+alias fif='grep -rnw . -e'
+alias grep='grep --color=auto'
+alias ip='ip -c'
+alias vdir='vdir --color=auto'
+alias watch='watch --color'
diff --git a/debian-12/files/issue b/debian-12/files/issue
new file mode 100644
index 0000000..eb49462
--- /dev/null
+++ b/debian-12/files/issue
@@ -0,0 +1,21 @@
+\v \r \l
+
+ .o oOOOOOOOo OOOo
+ Ob.OOOOOOOo OOOo. oOOo. .adOOOOOOO
+ OboO"""""""""""".OOo. .oOOOOOo. OOOo.oOOOOOo.."""""""""'OO
+ OOP.oOOOOOOOOOOO "POOOOOOOOOOOo. `"OOOOOOOOOP,OOOOOOOOOOOB'
+ `O'OOOO' `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO' `OOOOo
+ .OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO
+ OOOOO '"OOOOOOOOOOOOOOOO"` oOO
+ oOOOOOba. .adOOOOOOOOOOba .adOOOOo.
+ oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO
+ OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"` '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
+ "OOOO" "YOoOOOOMOIONODOO"` . '"OOROAOPOEOOOoOY" "OOO"
+ Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`
+ : .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .
+ . oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
+ '%o OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
+ `$" `OOOO' `O"Y ' `OOOO' o .
+ . . OP" : o .
+ :
+ .
diff --git a/debian-12/files/ps1.sh b/debian-12/files/ps1.sh
new file mode 100644
index 0000000..b2e5b29
--- /dev/null
+++ b/debian-12/files/ps1.sh
@@ -0,0 +1,5 @@
+clrreset='\e[0m'
+clrwhite='\e[1;37m'
+clrgreen='\e[1;32m'
+clrred='\e[1;31m'
+export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"
diff --git a/debian-12/files/rules.v4 b/debian-12/files/rules.v4
new file mode 100644
index 0000000..7336aaf
--- /dev/null
+++ b/debian-12/files/rules.v4
@@ -0,0 +1,13 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# Ping
+-A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
+# SNMPD
+-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
+COMMIT
diff --git a/debian-12/files/rules.v6 b/debian-12/files/rules.v6
new file mode 100644
index 0000000..0bf819a
--- /dev/null
+++ b/debian-12/files/rules.v6
@@ -0,0 +1,7 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+COMMIT
diff --git a/debian-12/init.sh b/debian-12/init.sh
new file mode 100644
index 0000000..ee3844c
--- /dev/null
+++ b/debian-12/init.sh
@@ -0,0 +1,344 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare DIR_URL=debian-12
+IPV4=127.0.0.1
+ISLXC=0
+ISPVE=0
+ISPMG=0
+
+showHelp() {
+ echo "init.sh"
+ echo ""
+ echo "usage :"
+ echo "bash init.sh [options]"
+ echo " -b | --base-url url"
+}
+
+InitConst() {
+ IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+
+ grep -q -v -a lxc /proc/1/environ
+ ISLXC=$?
+
+ if [[ -d "/etc/pve" ]]; then
+ ISPVE=1
+ fi
+ if [[ -d "/etc/pmg" ]]; then
+ ISPMG=1
+ fi
+}
+
+Main() {
+ InitConst
+ if [[ ${ISLXC} == 0 ]]; then
+ if [[ ${ISPVE} == 0 ]]; then
+ NetSetHostname
+ NetIPConfig
+ fi
+ else
+ if [[ ${ISPMG} == 0 ]]; then
+ APTCleanupLXCPackage
+ fi
+ fi
+ if [[ ${ISPVE} == 0 ]]; then
+ NetCleanUpSystemdResolved
+ fi
+ APTSetProxy
+ APTUpdateDist
+ APTInstallBase
+ APTCleanAll
+ BashSetAlias
+ BashSetPS
+ NanoSetConfig
+ if [[ ${ISPVE} == 0 ]]; then
+ IssueSetContent
+ fi
+ SSHEnableRootLogin
+ GrubSetConfig
+ if [[ ${ISPVE} == 0 ]]; then
+ InstApps
+ fi
+ Reboot
+}
+
+NetSetHostname() {
+ hostname=$(hostname)
+ hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
+ hostnamectl set-hostname "${hostname}"
+ fi
+}
+NetIPConfig() {
+ options=()
+ options+=("DHCP" "")
+ options+=("Static" "")
+ sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ case ${sel} in
+ "Static") NetIPConfigStatic;;
+ esac
+ fi
+}
+NetIPConfigStatic() {
+ netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
+ netif=${netif:1}
+ netip="${IPV4}"
+ netmask="255.255.255.0"
+ netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
+ netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
+ netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
+ netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
+ if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
+ netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
+ if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
+ netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
+ if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
+ echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/"${netif}"
+ echo "iface ${netif} inet static" >> /etc/network/interfaces.d/"${netif}"
+ echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/"${netif}"
+ echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/"${netif}"
+ echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/"${netif}"
+ sed -i "/${netif}/d" /etc/network/interfaces
+ echo "nameserver ${netdns}" > /etc/resolv.conf
+ fi
+ fi
+ fi
+ fi
+}
+NetCleanUpSystemdResolved() {
+ sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
+ sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
+ systemctl restart systemd-resolved
+}
+
+APTSetProxy() {
+ proxy=""
+ proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ if [ "${proxy}" != "" ]; then
+ echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
+ fi
+ fi
+}
+APTCleanupLXCPackage() {
+ apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
+}
+APTUpdateDist() {
+ apt update -y
+ apt dist-upgrade -y
+}
+APTInstallBase() {
+ options=()
+ options+=("curl" "" on)
+ options+=("wget" "" on)
+ options+=("lsof" "" on)
+ options+=("acpi" "" on)
+ options+=("bash-completion" "" on)
+ if [[ ${ISPVE} == 0 ]]; then
+ options+=("iptables" "" on)
+ options+=("iptables-persistent" "" on)
+ else
+ options+=("iptables" "" off)
+ options+=("iptables-persistent" "" off)
+ fi
+ options+=("openssh-server" "" on)
+ options+=("gnupg" "" on)
+ options+=("rsync" "" on)
+ options+=("nmon" "" on)
+ options+=("snmpd" "" on)
+ options+=("clevis-net" "" off)
+ sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ pkg=""
+ for itm in ${sel}; do
+ # shellcheck disable=SC2001
+ case ${itm} in
+ '"iptables-persistent"')
+ pkg="${pkg} $(echo "${itm}" | sed 's/"//g')"
+ IPTablesPostInstall;;
+ '"clevis-net"')
+ pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
+ *)
+ pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";;
+ esac
+ done
+ # shellcheck disable=SC2086
+ apt install -y ${pkg}
+ for itm in ${sel}; do
+ case ${itm} in
+ '"iptables-persistent"')
+ IPTablesConfig;;
+ '"snmpd"')
+ SNMPDConfig;;
+ '"clevis-net"')
+ ClevisNetInit;;
+ esac
+ done
+ fi
+}
+APTCleanAll() {
+ apt-get autoremove -y
+ apt-get autoclean -y
+}
+
+BashSetAlias() {
+ wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
+}
+BashSetPS() {
+ wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
+}
+
+NanoSetConfig() {
+ sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
+ {
+ echo "set numbercolor brightwhite"
+ echo "set statuscolor brightwhite,green"
+ echo "set keycolor cyan"
+ echo "set functioncolor green"
+ } >> /etc/nanorc
+ {
+ echo "set titlecolor brightwhite,red"
+ echo "set statuscolor brightwhite,red"
+ } > /root/.nanorc
+}
+
+IssueSetContent() {
+ wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
+}
+
+IPTablesPostInstall() {
+ echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+ echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+}
+IPTablesConfig() {
+ wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
+ wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
+ iptables-restore /etc/iptables/rules.v4
+ ip6tables-restore /etc/iptables/rules.v6
+}
+
+SNMPDConfig() {
+ cummunityname=public
+ cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
+ sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
+ sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
+ systemctl restart snmpd
+}
+
+ClevisNetInit() {
+ LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
+ options=()
+ IFS_ORIG=$IFS
+ IFS=$'\n'
+ for LUKSPART in ${LUKSPARTS}
+ do
+ options+=("${LUKSPART}" "")
+ done
+ IFS=$IFS_ORIG
+ DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ if [ "$?" = "0" ]; then
+ TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
+ if [ "$?" = "0" ]; then
+ clevis luks bind -d ${DEV} tang "{\"url\": \"${TANGURL}\"}"
+ systemctl enable clevis-luks-askpass.path
+ fi
+ fi
+}
+
+SSHEnableRootLogin() {
+ sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
+ systemctl restart sshd
+}
+
+GrubSetConfig() {
+ if [ -f "/etc/default/grub" ]; then
+ sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
+ update-grub
+ fi
+}
+
+InstApps() {
+ options=()
+ options+=("nodejs-20" "" off)
+ options+=("nodejs-19" "" off)
+ options+=("nodejs-18" "" off)
+ options+=("mongodb-6.0" "" off)
+ options+=("traefik" "" off)
+ options+=("apt-cacher-ng" "" off)
+ options+=("matomo" "! (Not Work)" off)
+ options+=("nextcloud-26" "" off)
+ # options+=("proxmox-8" "" off)
+ options+=("docker" "" off)
+ if [[ ${ISLXC} == 0 ]]; then
+ options+=("portainer" "" off)
+ fi
+ options+=("misc-apps" "..." off)
+ options+=("archived-apps" "..." off)
+ SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ for ITM in ${SEL}; do
+ case ${ITM//\"/} in
+ misc-apps)
+ InstMiscApps;;
+ archived-apps)
+ InstArchivedApps;;
+ *)
+ cd /tmp || exit
+ wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+ bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
+ esac
+ done
+ fi
+}
+InstMiscApps() {
+ options=()
+ options+=("bind9" "" off)
+ options+=("iperf3" "" off)
+ options+=("webmin" "" off)
+ options+=("tang" "" off)
+ options+=("rinetd" "! (Not Work)" off)
+ options+=("tor-gw" "" off)
+ options+=("zm-builder" "" off)
+ options+=("nextcloud-latest" "unsafe" off)
+ SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ for ITM in ${SEL}; do
+ cd /tmp || exit
+ wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+ bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
+ done
+ fi
+}
+InstArchivedApps() {
+ options=()
+ options+=("mongodb-5.0" "" off)
+ options+=("mongodb-4.4" "" off)
+ options+=("nodejs-16" "" off)
+ options+=("nodejs-14" "" off)
+ SEL=$(whiptail --title "Archived Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+ # shellcheck disable=SC2181
+ if [ "$?" = "0" ]; then
+ for ITM in ${SEL}; do
+ cd /tmp || exit
+ wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+ bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
+ done
+ fi
+}
+
+Reboot() {
+ if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
+ reboot
+ fi
+}
+
+Main
diff --git a/debian.sh b/debian.sh
new file mode 100644
index 0000000..d3cc350
--- /dev/null
+++ b/debian.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare DEBVER=0
+
+showHelp() {
+ echo "debian.sh"
+ echo ""
+ echo "use :"
+ echo "bash debian.sh [options]"
+ echo " -b | --base-url url"
+}
+
+main() {
+ DEBVER=$(grep "VERSION_ID=" /etc/os-release | sed 's/"//g' | sed 's/.*=//')
+ apt update -y
+ apt install -y wget
+ wget -O /tmp/init.sh "${BASE_URL}"/debian-"${DEBVER}"/init.sh
+ bash /tmp/init.sh -b "${BASE_URL}"
+ rm /tmp/init.sh
+}
+
+
+while [ ${#} -gt 0 ]; do
+ case ${1} in
+ --help) showHelp; exit 0;;
+ -b | --base-url) BASE_URL="${2}"; shift;;
+ *) shift;;
+ esac
+done
+
+main