Add ubuntu 26.04

Add ubuntu 24 to 26
Add ubuntu 22 to 24
2025-11-09 20:01:08 +01:00 · 2025-11-09 19:56:28 +01:00 · 2025-11-09 19:52:44 +01:00 · 2025-11-09 19:41:36 +01:00 · 2025-11-09 19:15:17 +01:00 · 2025-11-09 18:57:13 +01:00
65 changed files with 2919 additions and 94 deletions
--- a/alpine/apps/docker/docker.sh
+++ b/alpine/apps/docker/docker.sh
@@ -1,17 +1,37 @@
 #!/bin/dash

-rc-update del iptables
-rc-update del ip6tables
-apk del iptables ip6tables
+BASE_URL=${1}

-# swapoff -a
-# sed -i "/swap/d" /etc/fstab
+mkdir /srv/stacks
+mkdir /srv/data

-# sed -i "s/# //" /etc/apk/repositories
+sed -i '/\/community/s/^#//g' /etc/apk/repositories

-apk add docker docker-compose
+apk update
+apk add docker docker-cli-compose

 # sysctl -w net/netfilter/nf_conntrack_max=131072

 rc-update add docker boot
 service docker start
+
+InstStacks() {
+	SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
+		"portainer" "" off  3>&1 1>&2 2>&3)
+	#SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
+	#	"portainer" "" off \
+	#	"traefik" "" off \
+	#	"gitea" "" off  3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "${?}" = "0" ]; then
+		for ITM in ${SEL}; do
+			cd /tmp || exit
+			# shellcheck disable=SC3000-SC4000
+			wget "${BASE_URL}"/alpine/apps/docker/stacks/"${ITM//\"/}"/"${ITM//\"/}".sh
+			# shellcheck disable=SC3000-SC4000
+			sh ./"${ITM//\"/}".sh "${BASE_URL}"
+		done
+	fi
+}
+
+InstStacks
--- a/alpine/apps/docker/stacks/portainer/compose.yaml
+++ b/alpine/apps/docker/stacks/portainer/compose.yaml
@@ -0,0 +1,15 @@
+services:
+  portainer:
+    image: "portainer/portainer-ce:latest"
+    container_name: "portainer"
+    restart: unless-stopped
+    ports:
+      - 9443:9443
+    networks:
+      - bridge
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "/srv/data/portainer/data:/data"
+
+networks:
+  bridge:
--- a/alpine/apps/docker/stacks/portainer/portainer.sh
+++ b/alpine/apps/docker/stacks/portainer/portainer.sh
@@ -0,0 +1,8 @@
+#!/bin/dash
+
+BASE_URL=${1}
+
+mkdir /srv/stacks/portainer
+cd /srv/stacks/portainer
+wget "${BASE_URL}"/alpine/apps/docker/stacks/portainer/compose.yaml
+docker compose up -d
--- a/alpine/apps/gitea-act_runner/gitea-act_runner.sh
+++ b/alpine/apps/gitea-act_runner/gitea-act_runner.sh
@@ -1,5 +1,8 @@
 #!/bin/dash

+# Data Path   : /srv/data
+# Docker Path : /var/lib/docker
+
 GITEA_INSTANCE_URL=""
 GITEA_INSTANCE_URL=$(whiptail --title "GITEA_INSTANCE_URL" --inputbox "" 0 30 "${GITEA_INSTANCE_URL}" 3>&1 1>&2 2>&3)
 GITEA_RUNNER_REGISTRATION_TOKEN=""
@@ -27,6 +30,9 @@ SelectImages() {
 		"debian-bullseye-slim" "" on \
 		"debian-buster" "" on \
 		"debian-buster-slim" "" on \
+		"node-16-bullseye" "" on \
+		"node-18-bookworm" "" on \
+		"node-20-bookworm" "" on \
 		"archlinux" "" on \
 		"archlinux-base-devel" "" on 3>&1 1>&2 2>&3)
 	# shellcheck disable=SC2181
@@ -41,6 +47,9 @@ SelectImages() {
 				"debian-bullseye-slim") IMAGES=${IMAGES}'"debian-bullseye-slim:docker://debian:bullseye-slim",';;
 				"debian-buster") IMAGES=${IMAGES}'"debian-buster:docker://debian:buster",';;
 				"debian-buster-slim") IMAGES=${IMAGES}'"debian-buster-slim:docker://debian:buster-slim",';;
+				"node-16-bullseye") IMAGES=${IMAGES}'"node-16:docker://node:16-bullseye",';;
+				"node-18-bookworm") IMAGES=${IMAGES}'"node-18:docker://node:18-bookworm",';;
+				"node-20-bookworm") IMAGES=${IMAGES}'"node-20:docker://node:20-bookworm",';;
 				"archlinux") IMAGES=${IMAGES}'"archlinux:docker://archlinux",';;
 				"archlinux-base-devel") IMAGES=${IMAGES}'"archlinux-base-devel:docker://archlinux:base-devel",';;
 			esac
--- a/alpine/apps/rancher/rancher.sh
+++ b/alpine/apps/rancher/rancher.sh
@@ -1,4 +0,0 @@
-#!/bin/dash
-
-mount --make-rshared /
-docker run -d --name="rancher" --restart=unless-stopped -p 4080:80 -p 4443:443 --privileged rancher/rancher:latest
--- a/alpine/files/rules-save
+++ b/alpine/files/rules-save
@@ -6,4 +6,6 @@
 -A INPUT -i lo -j ACCEPT
 # Ping
 -A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
 COMMIT
--- a/alpine/init.sh
+++ b/alpine/init.sh
@@ -1,6 +1,6 @@
 #!/bin/dash

-BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+BASE_URL=${1}

 showHelp() {
 	echo "alpine.sh"
@@ -10,6 +10,7 @@ showHelp() {
 }

 main() {
+	APKLatestStable
 	APKUpdateDist
 	APKInstallBase
 	Customizations
@@ -17,6 +18,12 @@ main() {
 	Reboot
 }

+APKLatestStable() {
+	if whiptail --yesno "Use latest-stable repos ?" 0 0 3>&1 1>&2 2>&3; then
+		CURVER=$(cat /etc/os-release | grep "PRETTY_NAME" | grep 'Alpine Linux ' | awk -F'Alpine Linux ' '{print $2}' | awk -F'"' '{print $1}')
+		sed -i 's/'"${CURVER}"'/latest-stable/' /etc/apk/repositories
+	fi
+}
 APKUpdateDist() {
 	apk update
 	apk upgrade
@@ -29,6 +36,7 @@ APKInstallBase() {
 		"bash-completion" "" on \
 		"iptables" "" on \
 		"ip6tables" "" on \
+		"e2fsprogs-extra" "" on \
 		"openssh-server" "" on \
 		"gnupg" "" on \
 		"rsync" "" on \
@@ -67,12 +75,6 @@ IP6TablesInstall() {
 SSHEnableRootLogin() {
 	sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
 	service sshd restart
-
-	if [ -f "/etc/iptables/rules-save" ]; then
-		sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
-		sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # SSH' /etc/iptables/rules-save
-		iptables-restore /etc/iptables/rules-save
-	fi
 }
 SNMPDInstall() {
 	cummunityname=public
@@ -132,12 +134,9 @@ IssueSetContent() {

 InstApps() {
 	SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 \
-		"traefik" "" off \
-		"gitea" "" off \
-		"gitea-act_runner" "" off\
 		"docker" "" off \
-		"portainer" "" off \
-		"rancher" "" off  3>&1 1>&2 2>&3)
+		"gitea" "" off \
+		"gitea-act_runner" "" off  3>&1 1>&2 2>&3)
 	# shellcheck disable=SC2181
 	if [ "${?}" = "0" ]; then
 		for ITM in ${SEL}; do
--- a/debian-10/debian-9to10.sh
+++ b/debian-10/debian-9to10.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
+
+if [ "${FREEMEM}" -lt 130000 ]; then
+	echo "Not enough free ram, exiting"
+	exit 1
+fi
+
+
+
+sed -i 's/stretch//buster//' /etc/apt/sources.list
+sed -i 's/stretch/buster/' /etc/apt/sources.list.d/*
+# Check other sources if needed
+
+
+# Can resolve dpkg issue :
+# echo "" > /var/lib/dpkg/available
+# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
+
+apt update
+apt dist-upgrade -y
+apt autoclean -y
+apt autopurge -y
+
+echo ""
+hostname
+echo ""
+echo "If ssh login take time in container, enable nesting on hypervisor."
+echo ""
+read -n 1 -s -r -p "Press any key to reboot"
+reboot
--- a/debian-11/debian-10to11.sh
+++ b/debian-11/debian-10to11.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
+
+if [ "${FREEMEM}" -lt 130000 ]; then
+	echo "Not enough free ram, exiting"
+	exit 1
+fi
+
+
+
+sed -i 's/buster/bullseye/' /etc/apt/sources.list
+sed -i 's/buster/bullseye/' /etc/apt/sources.list.d/*
+# Check other sources if needed
+
+
+# Can resolve dpkg issue :
+# echo "" > /var/lib/dpkg/available
+# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
+
+apt update
+apt dist-upgrade -y
+apt autoclean -y
+apt autopurge -y
+
+echo ""
+hostname
+echo ""
+echo "If ssh login take time in container, enable nesting on hypervisor."
+echo ""
+read -n 1 -s -r -p "Press any key to reboot"
+reboot
--- a/debian-12/apps/naemon/naemon.sh
+++ b/debian-12/apps/naemon/naemon.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+
+apt install -y sudo lsb-release
+
+chmod u+s /usr/bin/ping
+
+curl -s -o /etc/apt/trusted.gpg.d/naemon.asc "https://build.opensuse.org/projects/home:naemon/signing_keys/download?kind=gpg"
+echo "deb [signed-by=/etc/apt/trusted.gpg.d/naemon.asc] http://download.opensuse.org/repositories/home:/naemon/Debian_$(lsb_release -rs)/ ./" >> /etc/apt/sources.list.d/naemon-stable.list
+apt update
+apt install -y naemon nagios-nrpe-plugin
+
+echo "<html></html>" > /var/www/html/index.html
+a2ensite default-ssl.conf
+a2enmod ssl
+systemctl reload apache2
+
+chown www-data:www-data /etc/thruk/cgi.cfg
+chown www-data:www-data /etc/thruk/htpasswd
+systemctl enable naemon.service
+
+cat << 'EOF' > /etc/naemon/conf.d/commands-custom.cfg
+define command {
+  command_name                   check_https
+  command_line                   $USER1$/check_http -S -H $HOSTADDRESS$ $ARG1$
+}
+
+define command {
+  command_name                   check-dns
+  command_line                   $USER1$/check_dns -H netm.ch -s $HOSTADDRESS$
+}
+
+define command {
+  command_name                   check-ntp
+  command_line                   $USER1$/check_ntp -H $HOSTADDRESS$
+}
+EOF
+chown naemon:naemon /etc/naemon/conf.d/commands-custom.cfg
+chmod 664 /etc/naemon/conf.d/commands-custom.cfg
+
+cat << 'EOF' > /etc/naemon/conf.d/commands-snmp.cfg
+define command {
+  command_name                   check-snmp-users
+  command_line                   $USER1$/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.25.1.5.0 -C $ARG1$ -w 0 -c 1
+}
+
+define command {
+  command_name                   check-snmp-uptime
+  command_line                   $USER1$/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.1.3.0 -C opsview -w 360000:
+}
+EOF
+chown naemon:naemon /etc/naemon/conf.d/commands-snmp.cfg
+chmod 664 /etc/naemon/conf.d/commands-snmp.cfg
+
+cat << 'EOF' > /etc/naemon/conf.d/commands-nrpe.cfg
+define command {
+	command_name    nrpe_check_ping
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_ping -a $HOSTADDRESS$
+}
+
+define command {
+	command_name    nrpe_check_tcp
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_tcp -a $HOSTADDRESS$ $ARG2$
+}
+
+define command {
+	command_name    nrpe_check_ssh
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_ssh -a $HOSTADDRESS$
+}
+
+define command {
+	command_name    nrpe_check_http
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_http -a $HOSTADDRESS$ $ARG2$
+}
+
+define command {
+	command_name    nrpe_check_https
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_https -a $HOSTADDRESS$ $ARG2$
+}
+
+define command {
+	command_name    nrpe-check-host-alive
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_ping -a $HOSTADDRESS$
+}
+
+define command {
+	command_name    nrpe_snmp_win_uptime
+	command_line    $USER1$/check_nrpe_snmp_win_uptime $ARG1$ $HOSTADDRESS$ $ARG3$ $ARG4$
+}
+
+define command {
+	command_name    nrpe_snmp_win_part
+	command_line    $USER1$/check_nrpe_snmp_win_part $ARG1$ $HOSTADDRESS$ $ARG2$ $ARG3$ $ARG4$
+}
+EOF
+chown naemon:naemon /etc/naemon/conf.d/commands-nrpe.cfg
+chmod 664 /etc/naemon/conf.d/commands-nrpe.cfg
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # HTTPS' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-12/apps/nextcloud-30/nextcloud-30.sh
+++ b/debian-12/apps/nextcloud-30/nextcloud-30.sh
@@ -0,0 +1,116 @@
+#!/bin/bash 
+
+# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
+
+IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
+NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
+NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
+
+
+apt install -y sudo apache2 coturn bzip2
+apt install -y php8.2 php8.2-curl php8.2-gd php8.2-mbstring php8.2-zip php-xml php-bz2 php8.2-intl php8.2-fpm php-apcu php-memcached php-redis php-imagick php8.2-bcmath php8.2-gmp libapache2-mod-php8.2
+apt install -y php8.2-mysql mariadb-server
+apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
+
+a2dissite 000-default
+a2dissite default-ssl.conf
+a2enmod rewrite
+a2enmod headers
+a2enmod env
+a2enmod dir
+a2enmod mime
+a2enmod ssl
+
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/apache2/php.ini
+sed -i "s/;opcache.interned_strings_buffer.*/opcache.interned_strings_buffer=20/g" /etc/php/8.2/apache2/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/fpm/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/cli/php.ini
+echo "apc.enable_cli=1" >> /etc/php/8.2/cli/php.ini
+
+mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
+
+wget https://download.nextcloud.com/server/releases/latest-30.tar.bz2
+tar -xvf latest-30.tar.bz2
+mv nextcloud /var/www
+chown -R www-data:www-data /var/www/nextcloud
+mkdir -p ${DATAPATH}
+chown -R www-data:www-data ${DATAPATH}
+
+cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
+<VirtualHost *:443>
+	Protocols h2 http:/1.1
+	DocumentRoot "/var/www/nextcloud"
+	#ServerName nextcloud.your-domain.com
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+	Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+	SSLEngine on
+	SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+	SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLProtocol TLSv1.2
+
+	<Directory /var/www/nextcloud/>
+		Options +FollowSymlinks
+		AllowOverride All
+		<IfModule mod_dav.c>
+			Dav off
+		</IfModule>
+		SetEnv HOME /var/www/nextcloud
+		SetEnv HTTP_HOME /var/www/nextcloud
+		Satisfy Any
+	</Directory>
+
+</VirtualHost>
+EOF
+
+a2ensite nextcloud
+systemctl restart apache2
+
+cd /var/www/nextcloud/
+sudo -u www-data php occ maintenance:install \
+	--database "mysql" \
+	--database-name "${DBNAME}" \
+	--database-user "${DBUSER}" \
+	--database-pass "${DBPASS}" \
+	--admin-user "${NCUSER}" \
+	--admin-pass "${NCPASS}" \
+	--data-dir "${DATAPATH}"
+sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
+echo "*/5  *  *  *  * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
+sudo -u www-data php occ background:cron
+sudo -u www-data php occ config:system:set maintenance_window_start --type=integer --value=1
+sudo -u www-data php occ maintenance:repair --include-expensive
+sudo -u www-data php occ db:add-missing-indices
+
+cat >> /etc/turnserver.conf << "EOF"
+listening-port=8080
+listening-ip=0.0.0.0
+fingerprint
+use-auth-secret
+static-auth-secret=AUTHSECRET
+# realm=nextcloud.dom.lan
+total-quota=0
+bps-capacity=0
+stale-nonce
+no-multicast-peers
+EOF
+AUTHSECRET=$(openssl rand -hex 32)
+sed -i "s/AUTHSECRET/${AUTHSECRET}/" /etc/turnserver.conf
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-12/debian-11to12.sh
+++ b/debian-12/debian-11to12.sh
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
+
+if [ "${FREEMEM}" -lt 130000 ]; then
+	echo "Not enough free ram, exiting"
+	exit 1
+fi
+
+declare PHPOLDVER=""
+declare -r PHPOLD=$(apt list --installed | grep php)
+if [[ "${PHPOLD}" != "" ]] ;then
+	PHPOLDVER=$(ls /etc/php | tail -n 1)
+	apt list --installed | grep php > ./11to12-phpold.txt
+	sed -i 's/\/.*//' ./11to12-phpold.txt
+fi
+
+
+
+
+sed -i 's/bullseye/bookworm/' /etc/apt/sources.list
+sed -i 's/bullseye/bookworm/' /etc/apt/sources.list.d/*
+# Check other sources if needed
+
+
+# Can resolve dpkg issue :
+# echo "" > /var/lib/dpkg/available
+# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
+
+apt update
+apt dist-upgrade -y
+apt autoclean -y
+apt autopurge -y
+
+declare PHPNEWVER=""
+declare -r PHPNEW=$(apt list --installed | grep php)
+if [[ "${PHPNEW}" != "" ]] ;then
+	PHPNEWVER=$(ls /etc/php | tail -n 1)
+	apt list --installed | grep php > ./11to12-phpnew.txt
+	sed -i 's/\/.*//' ./11to12-phpnew.txt
+
+	cp ./11to12-phpold.txt ./11to12-phpold.fordiff
+	sed -i "s/${PHPOLDVER}/${PHPNEWVER}/" ./11to12-phpold.fordiff
+	diff ./11to12-phpold.fordiff ./11to12-phpnew.txt | grep "<" > ./11to12-php.diff
+	rm ./11to12-phpold.fordiff
+
+	echo ""
+	echo "PHP V${PHPOLDVER} detected"
+	echo "New version : ${PHPNEWVER}"
+	echo ""
+	cat ./11to12-php.diff
+	echo ""
+	echo "You can consult files 11to12-php.* after reboot"
+	echo ""
+fi
+
+#if [ -d /sys/firmware/efi ]; then
+#	if [ -d /etc/pve ]; then
+#		apt install -y systemd-boot
+#	fi
+#fi
+
+
+echo ""
+hostname
+read -n 1 -s -r -p "Press any key to reboot"
+reboot
--- a/debian-12/init.sh
+++ b/debian-12/init.sh
@@ -272,9 +272,11 @@ InstApps() {
 	options+=("nodejs-18" "" off)
 	#options+=("mongodb-6.0" "" off)
 	options+=("traefik" "" off)
+	options+=("naemon" "" off)
 	options+=("apt-cacher-ng" "" off)
 	options+=("matomo" "! (Not Work)" off)
 	options+=("nextcloud-26" "" off)
+	options+=("nextcloud-30" "" off)
 	# options+=("proxmox-8" "" off)
 	options+=("docker" "" off)
 	if [[ ${ISLXC} == 0 ]]; then
--- a/debian-13/apps/apt-cacher-ng/apt-cacher-ng.sh
+++ b/debian-13/apps/apt-cacher-ng/apt-cacher-ng.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [ -d "/var/cache/apt-cacher-ng" ]; then
+	chown apt-cacher-ng:apt-cacher-ng apt-cacher-ng
+fi
+
+apt install -y rinetd apt-cacher-ng
+
+cat > /etc/apt-cacher-ng/backend_archlx << "EOF"
+#### HTTPS not supported ####
+
+http://archlinux.puzzle.ch/
+EOF
+systemctl restart apt-cacher-ng
+
+sed -i '/^# bindadress.*/a 0.0.0.0         8080      127.0.0.1       3142' /etc/rinetd.conf
+sed -i '/^# bindadress.*/a 0.0.0.0         80        127.0.0.1       3142' /etc/rinetd.conf
+systemctl restart rinetd
+
+echo "Acquire::http { Proxy \"http://127.0.0.1\"; };" > /etc/apt/apt.conf.d/02proxy
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # apt-cacher-ng' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/bind9/bind9.sh
+++ b/debian-13/apps/bind9/bind9.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y bind9
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/docker/docker.sh
+++ b/debian-13/apps/docker/docker.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+swapoff -a
+sed -i "/swap/d" /etc/fstab
+
+apt remove -y iptables-persistent
+apt autoremove -y
+apt install -y ca-certificates curl gnupg lsb-release
+
+curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian   bullseye stable" > /etc/apt/sources.list.d/docker.list
+
+sysctl -w net/netfilter/nf_conntrack_max=131072
+
+apt update
+apt dist-upgrade
+apt install -y docker-ce
+apt install -y docker-compose
+
+systemctl enable docker.service
+systemctl start docker.service
+
+sleep 3
--- a/debian-13/apps/iperf3/iperf3.sh
+++ b/debian-13/apps/iperf3/iperf3.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y iperf3
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/naemon/naemon.sh
+++ b/debian-13/apps/naemon/naemon.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+
+apt install -y sudo lsb-release
+
+chmod u+s /usr/bin/ping
+
+curl -s -o /etc/apt/trusted.gpg.d/naemon.asc "https://build.opensuse.org/projects/home:naemon/signing_keys/download?kind=gpg"
+echo "deb [signed-by=/etc/apt/trusted.gpg.d/naemon.asc] http://download.opensuse.org/repositories/home:/naemon/Debian_$(lsb_release -rs)/ ./" >> /etc/apt/sources.list.d/naemon-stable.list
+apt update
+apt install -y naemon nagios-nrpe-plugin
+
+echo "<html></html>" > /var/www/html/index.html
+a2ensite default-ssl.conf
+a2enmod ssl
+systemctl reload apache2
+
+chown www-data:www-data /etc/thruk/cgi.cfg
+chown www-data:www-data /etc/thruk/htpasswd
+systemctl enable naemon.service
+
+cat << 'EOF' > /etc/naemon/conf.d/commands-custom.cfg
+define command {
+  command_name                   check_https
+  command_line                   $USER1$/check_http -S -H $HOSTADDRESS$ $ARG1$
+}
+
+define command {
+  command_name                   check-dns
+  command_line                   $USER1$/check_dns -H netm.ch -s $HOSTADDRESS$
+}
+
+define command {
+  command_name                   check-ntp
+  command_line                   $USER1$/check_ntp -H $HOSTADDRESS$
+}
+EOF
+chown naemon:naemon /etc/naemon/conf.d/commands-custom.cfg
+chmod 664 /etc/naemon/conf.d/commands-custom.cfg
+
+cat << 'EOF' > /etc/naemon/conf.d/commands-snmp.cfg
+define command {
+  command_name                   check-snmp-users
+  command_line                   $USER1$/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.25.1.5.0 -C $ARG1$ -w 0 -c 1
+}
+
+define command {
+  command_name                   check-snmp-uptime
+  command_line                   $USER1$/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.2.1.1.3.0 -C opsview -w 360000:
+}
+EOF
+chown naemon:naemon /etc/naemon/conf.d/commands-snmp.cfg
+chmod 664 /etc/naemon/conf.d/commands-snmp.cfg
+
+cat << 'EOF' > /etc/naemon/conf.d/commands-nrpe.cfg
+define command {
+	command_name    nrpe_check_ping
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_ping -a $HOSTADDRESS$
+}
+
+define command {
+	command_name    nrpe_check_tcp
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_tcp -a $HOSTADDRESS$ $ARG2$
+}
+
+define command {
+	command_name    nrpe_check_ssh
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_ssh -a $HOSTADDRESS$
+}
+
+define command {
+	command_name    nrpe_check_http
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_http -a $HOSTADDRESS$ $ARG2$
+}
+
+define command {
+	command_name    nrpe_check_https
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_https -a $HOSTADDRESS$ $ARG2$
+}
+
+define command {
+	command_name    nrpe-check-host-alive
+	command_line    $USER1$/check_nrpe -H $ARG1$ -c check_ping -a $HOSTADDRESS$
+}
+
+define command {
+	command_name    nrpe_snmp_win_uptime
+	command_line    $USER1$/check_nrpe_snmp_win_uptime $ARG1$ $HOSTADDRESS$ $ARG3$ $ARG4$
+}
+
+define command {
+	command_name    nrpe_snmp_win_part
+	command_line    $USER1$/check_nrpe_snmp_win_part $ARG1$ $HOSTADDRESS$ $ARG2$ $ARG3$ $ARG4$
+}
+EOF
+chown naemon:naemon /etc/naemon/conf.d/commands-nrpe.cfg
+chmod 664 /etc/naemon/conf.d/commands-nrpe.cfg
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # HTTPS' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/nextcloud-30/nextcloud-30.sh
+++ b/debian-13/apps/nextcloud-30/nextcloud-30.sh
@@ -0,0 +1,116 @@
+#!/bin/bash 
+
+# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
+
+IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
+NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
+NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
+
+
+apt install -y sudo apache2 coturn bzip2
+apt install -y php8.2 php8.2-curl php8.2-gd php8.2-mbstring php8.2-zip php-xml php-bz2 php8.2-intl php8.2-fpm php-apcu php-memcached php-redis php-imagick php8.2-bcmath php8.2-gmp libapache2-mod-php8.2
+apt install -y php8.2-mysql mariadb-server
+apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
+
+a2dissite 000-default
+a2dissite default-ssl.conf
+a2enmod rewrite
+a2enmod headers
+a2enmod env
+a2enmod dir
+a2enmod mime
+a2enmod ssl
+
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/apache2/php.ini
+sed -i "s/;opcache.interned_strings_buffer.*/opcache.interned_strings_buffer=20/g" /etc/php/8.2/apache2/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/fpm/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/cli/php.ini
+echo "apc.enable_cli=1" >> /etc/php/8.2/cli/php.ini
+
+mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
+
+wget https://download.nextcloud.com/server/releases/latest-30.tar.bz2
+tar -xvf latest-30.tar.bz2
+mv nextcloud /var/www
+chown -R www-data:www-data /var/www/nextcloud
+mkdir -p ${DATAPATH}
+chown -R www-data:www-data ${DATAPATH}
+
+cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
+<VirtualHost *:443>
+	Protocols h2 http:/1.1
+	DocumentRoot "/var/www/nextcloud"
+	#ServerName nextcloud.your-domain.com
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+	Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+	SSLEngine on
+	SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+	SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLProtocol TLSv1.2
+
+	<Directory /var/www/nextcloud/>
+		Options +FollowSymlinks
+		AllowOverride All
+		<IfModule mod_dav.c>
+			Dav off
+		</IfModule>
+		SetEnv HOME /var/www/nextcloud
+		SetEnv HTTP_HOME /var/www/nextcloud
+		Satisfy Any
+	</Directory>
+
+</VirtualHost>
+EOF
+
+a2ensite nextcloud
+systemctl restart apache2
+
+cd /var/www/nextcloud/
+sudo -u www-data php occ maintenance:install \
+	--database "mysql" \
+	--database-name "${DBNAME}" \
+	--database-user "${DBUSER}" \
+	--database-pass "${DBPASS}" \
+	--admin-user "${NCUSER}" \
+	--admin-pass "${NCPASS}" \
+	--data-dir "${DATAPATH}"
+sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
+echo "*/5  *  *  *  * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
+sudo -u www-data php occ background:cron
+sudo -u www-data php occ config:system:set maintenance_window_start --type=integer --value=1
+sudo -u www-data php occ maintenance:repair --include-expensive
+sudo -u www-data php occ db:add-missing-indices
+
+cat >> /etc/turnserver.conf << "EOF"
+listening-port=8080
+listening-ip=0.0.0.0
+fingerprint
+use-auth-secret
+static-auth-secret=AUTHSECRET
+# realm=nextcloud.dom.lan
+total-quota=0
+bps-capacity=0
+stale-nonce
+no-multicast-peers
+EOF
+AUTHSECRET=$(openssl rand -hex 32)
+sed -i "s/AUTHSECRET/${AUTHSECRET}/" /etc/turnserver.conf
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/nextcloud-latest/nextcloud-latest.sh
+++ b/debian-13/apps/nextcloud-latest/nextcloud-latest.sh
@@ -0,0 +1,112 @@
+#!/bin/bash 
+
+# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
+
+IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
+DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
+NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
+NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
+
+
+apt install -y sudo apache2 coturn
+apt install -y php7.4 php7.4-curl php7.4-gd php7.4-mbstring php7.4-zip php-xml php-bz2 php7.4-intl php7.4-fpm php-apcu php-memcached php-redis php-imagick php7.4-bcmath php7.4-gmp libapache2-mod-php7.4
+apt install -y php7.4-mysql mariadb-server
+apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
+
+a2dissite 000-default
+a2dissite default-ssl.conf
+a2enmod rewrite
+a2enmod headers
+a2enmod env
+a2enmod dir
+a2enmod mime
+a2enmod ssl
+
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/apache2/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/fpm/php.ini
+sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/cli/php.ini
+echo "apc.enable_cli=1" >> /etc/php/7.4/cli/php.ini
+
+mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
+
+wget https://download.nextcloud.com/server/releases/latest.tar.bz2
+tar -xvf latest.tar.bz2
+mv nextcloud /var/www
+chown -R www-data:www-data /var/www/nextcloud
+mkdir -p ${DATAPATH}
+chown -R www-data:www-data ${DATAPATH}
+
+cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
+<VirtualHost *:443>
+	Protocols h2 http:/1.1
+	DocumentRoot "/var/www/nextcloud"
+	#ServerName nextcloud.your-domain.com
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+	Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+	SSLEngine on
+	SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+	SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+	SSLProtocol TLSv1.2
+
+	<Directory /var/www/nextcloud/>
+		Options +FollowSymlinks
+		AllowOverride All
+		<IfModule mod_dav.c>
+			Dav off
+		</IfModule>
+		SetEnv HOME /var/www/nextcloud
+		SetEnv HTTP_HOME /var/www/nextcloud
+		Satisfy Any
+	</Directory>
+
+</VirtualHost>
+EOF
+
+a2ensite nextcloud
+systemctl restart apache2
+
+cd /var/www/nextcloud/
+sudo -u www-data php occ maintenance:install \
+	--database "mysql" \
+	--database-name "${DBNAME}" \
+	--database-user "${DBUSER}" \
+	--database-pass "${DBPASS}" \
+	--admin-user "${NCUSER}" \
+	--admin-pass "${NCPASS}" \
+	--data-dir "${DATAPATH}"
+sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
+sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
+sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
+echo "*/5  *  *  *  * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
+sudo -u www-data php occ background:cron
+
+cat >> /etc/turnserver.conf << "EOF"
+listening-port=8080
+listening-ip=0.0.0.0
+fingerprint
+use-auth-secret
+static-auth-secret=AUTHSECRET
+# realm=nextcloud.dom.lan
+total-quota=0
+bps-capacity=0
+stale-nonce
+no-multicast-peers
+EOF
+AUTHSECRET=$(openssl rand -hex 32)
+sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/nodejs-20/nodejs-20.sh
+++ b/debian-13/apps/nodejs-20/nodejs-20.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+mkdir /srv/node
+curl -sL https://deb.nodesource.com/setup_20.x | bash -
+apt install -y nodejs
+npm i -g nodemon
+
+cat > /etc/systemd/system/nodejs.service << EOF
+[Service]
+ExecStart=/usr/bin/node app.js
+WorkingDirectory=/srv/node
+Restart=always
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=node
+#User=websites
+#Group=websites
+Environment=NODE_ENV=production
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /srv/node/app.js << "EOF"
+var http = require('http')
+
+http.createServer(function (req, res) {
+  res.writeHead(200, {'Content-Type': 'text/plain'})
+  res.write('Hello World!')
+  res.end()
+}).listen(80)
+EOF
+
+systemctl daemon-reload
+systemctl enable nodejs.service
+systemctl start nodejs.service
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/nodejs-22/nodejs-22.sh
+++ b/debian-13/apps/nodejs-22/nodejs-22.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+mkdir /srv/node
+curl -sL https://deb.nodesource.com/setup_22.x | bash -
+apt install -y nodejs
+npm i -g nodemon
+
+cat > /etc/systemd/system/nodejs.service << EOF
+[Service]
+ExecStart=/usr/bin/node app.js
+WorkingDirectory=/srv/node
+Restart=always
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=node
+#User=websites
+#Group=websites
+Environment=NODE_ENV=production
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /srv/node/app.js << "EOF"
+var http = require('http')
+
+http.createServer(function (req, res) {
+  res.writeHead(200, {'Content-Type': 'text/plain'})
+  res.write('Hello World!')
+  res.end()
+}).listen(80)
+EOF
+
+systemctl daemon-reload
+systemctl enable nodejs.service
+systemctl start nodejs.service
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/nodejs-24/nodejs-24.sh
+++ b/debian-13/apps/nodejs-24/nodejs-24.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+mkdir /srv/node
+curl -sL https://deb.nodesource.com/setup_24.x | bash -
+apt install -y nodejs
+npm i -g nodemon
+
+cat > /etc/systemd/system/nodejs.service << EOF
+[Service]
+ExecStart=/usr/bin/node app.js
+WorkingDirectory=/srv/node
+Restart=always
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=node
+#User=websites
+#Group=websites
+Environment=NODE_ENV=production
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /srv/node/app.js << "EOF"
+var http = require('http')
+
+http.createServer(function (req, res) {
+  res.writeHead(200, {'Content-Type': 'text/plain'})
+  res.write('Hello World!')
+  res.end()
+}).listen(80)
+EOF
+
+systemctl daemon-reload
+systemctl enable nodejs.service
+systemctl start nodejs.service
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NodeJS' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/portainer/portainer.sh
+++ b/debian-13/apps/portainer/portainer.sh
@@ -1,3 +1,3 @@
-#!/bin/dash
+#!/bin/bash

 docker run -d --name="portainer" --restart=unless-stopped -p 8000:8000 -p 9000:9000 -p 9443:9443 -v /var/run/docker.sock:/var/run/docker.sock -v /srv/portainer/data:/data portainer/portainer-ce
--- a/debian-13/apps/rinetd/rinetd.sh
+++ b/debian-13/apps/rinetd/rinetd.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+apt install -y rinetd
+
+nano /etc/rinetd.conf
+systemctl restart rinetd
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # RINETD' /etc/iptables/rules.v4
+	nano /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/tang/tang.sh
+++ b/debian-13/apps/tang/tang.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+apt install -y tang
+
+# systemctl edit tangd.socket
+# systemctl daemon-reload
+systemctl enable tangd.socket
+systemctl start tangd.socket
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TANGD' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/apps/tor-gw/tor-gw.sh
+++ b/debian-13/apps/tor-gw/tor-gw.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+apt install -y tor
+
+echo "nameserver 127.0.0.1" > /etc/resolv.conf
+
+cat >> /etc/tor/torrc << EOF
+VirtualAddrNetwork 10.192.0.0/10
+AutomapHostsSuffixes .onion,.exit
+AutomapHostsOnResolve 1
+TransPort 0.0.0.0:9040
+DNSPort 0.0.0.0:53
+EOF
+
+service tor restart
+
+cat > /etc/iptables/rules.v4 << EOF
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+EOF
+iptables-restore /etc/iptables/rules.v4
+
+iptables -t nat -A PREROUTING ! -i lo -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
+iptables -t nat -A PREROUTING ! -i lo -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
+iptables -t nat -A PREROUTING ! -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
+iptables-save > /etc/iptables/rules.v4
+
+sed -i '/net.ipv4.ip_forward/s/^#//g' /etc/sysctl.conf
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+echo ""
+echo ""
+echo ""
+ip a | grep "inet "
+
+echo ""
+echo "Note for Firefox :"
+echo "You need to enable dot onion in about:config."
+echo "network.dns.blockDotOnion = False"
--- a/debian-13/apps/traefik/traefik.sh
+++ b/debian-13/apps/traefik/traefik.sh
@@ -1,42 +1,31 @@
-#!/bin/dash
+#!/bin/bash

-RELEASE=2.6.3
-ACMEACCOUNT=@gmail.com
+RELEASE=$(whiptail --title "Traefik" --inputbox "Release :" 0 30 "2.7.1" 3>&1 1>&2 2>&3)
+ACCOUNT=$(whiptail --title "Traefik" --inputbox "ACME E-Mail :" 0 30 "" 3>&1 1>&2 2>&3)

 main() {
-	TraefikConfig
-	TraefikEtcCertsSelfsigned
-	TraefikEtcServices
-	TraefikEtcConfig
-	TraefikEtcIptable
-	TraefikBinUpdateTraefik
-	TraefikService
+	Traefik-etc-certs-selfsigned
+	Traefik-etc-services
+	Traefik-etc-config
+	Traefik-etc-iptable
+	Traefik-bin-update-traefik
+	Traefik-service
 }


-TraefikConfig() {
-	RELEASE=$(whiptail --title "Release" --inputbox "" 0 30 "${RELEASE}" 3>&1 1>&2 2>&3)
-	ACMEACCOUNT=$(whiptail --title "ACME Account" --inputbox "" 0 30 "${ACMEACCOUNT}" 3>&1 1>&2 2>&3)
-	if [ "$?" = "0" ]; then
-		if [ "${proxy}" != "" ]; then
-			echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
-		fi
-	fi
-}
-
-TraefikEtcCertsSelfsigned() {
+Traefik-etc-certs-selfsigned() {
 	mkdir -p /etc/traefik/certs
 	openssl ecparam -name secp256r1 -genkey -out /etc/traefik/certs/self.key
 	openssl req -new -x509 -key /etc/traefik/certs/self.key -sha256 -nodes -out /etc/traefik/certs/self.crt -days 3650
 }

-TraefikEtcServices() {
+Traefik-etc-services() {
 	mkdir -p /etc/traefik/services
-	TraefikEtcServicesShared
-	TraefikEtcServicesDefault
+	Traefik-etc-services-shared
+	Traefik-etc-services-default
 }

-TraefikEtcServicesShared() {
+Traefik-etc-services-shared() {
 	cat >> /etc/traefik/services/_shared.yaml << "EOF"
 tls:
  stores:
@@ -128,7 +117,7 @@ http:
 EOF
 }

-TraefikEtcServicesDefault() {
+Traefik-etc-services-default() {
 	cat >> /etc/traefik/services/_default.yaml << "EOF"
 http:
  routers:
@@ -147,7 +136,8 @@ http:
      # priority: 100
      # service: _default-matomo
      service: _default
-      tls: {}
+      tls:
+        acmev2-staging

  services:
    # _default-matomo:
@@ -165,7 +155,7 @@ http:
 EOF
 }

-TraefikEtcConfig() {
+Traefik-etc-config() {
 	cat >> /etc/traefik/traefik.yaml << "EOF"
 entryPoints:
  http:
@@ -190,76 +180,108 @@ providers:
 certificatesResolvers:
  acmev2:
    acme:
-      email: "X{ACMEACCOUNT}"
+      email: "X{ACCOUNT}"
      caserver: "https://acme-v02.api.letsencrypt.org/directory"
      storage: "/etc/traefik/certs/acmev2.json"
      keyType: "EC384"
      tlsChallenge: {}
  acmev2-staging:
    acme:
-      email: "X{ACMEACCOUNT}"
+      email: "X{ACCOUNT}"
      caserver: "https://acme-staging-v02.api.letsencrypt.org/directory"
      storage: "/etc/traefik/certs/acmev2-staging.json"
      keyType: "EC384"
      tlsChallenge: {}
 EOF

-# sed -i /X{ACMEACCOUNT}/${ACMEACCOUNT}/g /etc/traefik/traefik.yaml
+sed -i "s/X{ACCOUNT}/${ACCOUNT}/g" /etc/traefik/traefik.yaml

 }

-TraefikEtcIptable() {
-  if [ -f "/etc/iptables/rules-save" ]; then
-    sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8099 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
-    sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
-    sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules-save
-    sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Traefik' /etc/iptables/rules-save
-    iptables-restore /etc/iptables/rules-save
+Traefik-etc-iptable() {
+  if [ -f "/etc/iptables/rules.v4" ]; then
+    sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8099 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+    sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+    sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+    sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # Traefik' /etc/iptables/rules.v4
+    iptables-restore /etc/iptables/rules.v4
  fi
 }

-TraefikBinUpdateTraefik() {
+Traefik-bin-update-traefik() {
 	cat >> /usr/local/bin/update-traefik << "EOF"
-#!/bin/ash
+#/bin/bash

-if [[ -z ${1} ]]; then
-	echo "update-traefik version"
-	echo "version : x.x.x"
-	exit 1
+getcurrentversion() {
+  if [ -f /var/opt/traefik/version ]; then
+    cat /var/opt/traefik/version
+  else
+    echo "0"
  fi
-version=${1}
+}
+getlatestversion() {
+  if ! GITHUBTAGNAME=$(curl -sL "https://api.github.com/repos/traefik/traefik/releases/latest" | jq -r ".tag_name"); then
+    echo "Error in Github API"
+    return 1
+  fi
+  if [ "${GITHUBTAGNAME}" == "" ]; then
+    echo "Error in Github API"
+    return 1
+  fi
+  local -r GITHUBVERSION=${GITHUBTAGNAME//[[:alpha:]-]/}
+  if [ "${GITHUBVERSION}" == "" ]; then
+    echo "Error in Github API"
+    return 1
+  fi
+  echo "${GITHUBVERSION}"
+}
+update() {
+  VERSION=${1}
  mkdir -p /tmp/traefik
  cd /tmp/traefik
-wget https://github.com/traefik/traefik/releases/download/v${version}/traefik_v${version}_linux_amd64.tar.gz
-tar -xf traefik_v${version}_linux_amd64.tar.gz
+  wget https://github.com/traefik/traefik/releases/download/v${VERSION}/traefik_v${VERSION}_linux_amd64.tar.gz
+  tar -xf traefik_v${VERSION}_linux_amd64.tar.gz
  systemctl stop traefik
  cp traefik /usr/local/bin
  systemctl start traefik
-cd
+  if [ ! -d /var/opt/traefik ]; then
+    mkdir -p /var/opt/traefik
+  fi
+  echo "${VERSION}" > /var/opt/traefik/version
  rm -R /tmp/traefik
+}
+
+CURVER=$(getcurrentversion)
+LATESTVER=$(getlatestversion)
+
+if [ "${CURVER}" != "${LATESTVER}" ]; then
+  echo "${CURVER} -> ${LATESTVER}"
+  update "${LATESTVER}"
+fi
 EOF
 	chmod 755 /usr/local/bin/update-traefik
-	update-traefik "${RELEASE}"
+	update-traefik ${RELEASE}
 }

-TraefikService() {
-	cat >> /etc/init.d/traefik << "EOF"
-#!/sbin/openrc-run
+Traefik-service() {
+	cat >> /etc/systemd/system/traefik.service << "EOF"
+[Unit]
+Description=Traefik
+After=network.target auditd.service

-name="traefik"
-command="/usr/local/bin/traefik"
-command_args="-configFile /etc/traefik/traefik.yaml"
-command_background=true
-pidfile=/run/traefik.pid
+[Service]
+ExecStart=/usr/local/bin/traefik -configFile /etc/traefik/traefik.yaml
+ExecReload=/bin/killall traefik
+KillMode=process
+Restart=on-failure

-depend() {
-  need net
-}
+[Install]
+WantedBy=multi-user.target
 EOF
-	chmod 755 /etc/init.d/traefik
 	
-	rc-update add traefik boot
-	service traefik start
+	systemctl daemon-reload
+	systemctl enable traefik
+	systemctl restart traefik
 }


--- a/debian-13/apps/zm-builder/zm-builder.sh
+++ b/debian-13/apps/zm-builder/zm-builder.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+apt -y install apache2 docker-compose
+rm -r /var/www/html/*
+
+cat << 'EOF' > /usr/local/bin/mtm-zmbuild
+#!/bin/bash
+BUILDVER=${1}
+BUILDNO=${2}
+BUILDCHAIN=${3}
+
+show_help() {
+	echo "mtm-zmbuild version buildno buildchain"
+	echo ""
+	echo "Example :"
+	echo "  mtm-zmbuild 10.0.5 4574 10.0.5,10.0.4,10.0.3,10.0.2,10.0.1,10.0.0-GA,10.0.0"
+	echo "  mtm-zmbuild 10.0.4 4518 10.0.4,10.0.3,10.0.2,10.0.1,10.0.0-GA,10.0.0"
+}
+
+if [ "${BUILDVER}" == "" ] || [ "${BUILDNO}" == "" ] || [ "${BUILDCHAIN}" == "" ]; then
+	show_help
+	exit 1
+fi
+
+mkdir -p /root/zimbra/${BUILDVER}-${BUILDNO}
+{
+	echo "#!/bin/bash"
+	echo "BUILDVER=${BUILDVER}"
+	echo "BUILDCHAIN=${BUILDCHAIN}"
+	echo "BUILDNO=${BUILDNO}"
+	echo "apt -y install software-properties-common openjdk-8-jdk ant ant-optional ant-contrib ruby git maven build-essential debhelper rclone rsync"
+	echo "git clone --depth 1 --branch ${BUILDVER} https://github.com/Zimbra/zm-build.git"
+	echo "cd zm-build"
+	echo "ENV_CACHE_CLEAR_FLAG=true ./build.pl --ant-options -DskipTests=true --git-default-tag=${BUILDCHAIN} --build-release-no=${BUILDVER} --build-type=FOSS --build-release=Daffodil --build-release-candidate=GA --build-thirdparty-server=files.zimbra.com --build-no=${BUILDNO} --no-interactive"
+	echo "cp /home/build/BUILDS/UBUNTU*/zcs-*.tgz /root"
+	echo "exit"
+} > /root/zimbra/${BUILDVER}-${BUILDNO}/build
+docker run -it --rm -u root -v /root/zimbra/${BUILDVER}-${BUILDNO}:/root zimbra/zm-base-os:devcore-ubuntu-20.04 bash /root/build
+rm -r /root/zimbra/${BUILDVER}-${BUILDNO}/.*
+cp /root/zimbra/${BUILDVER}-${BUILDNO}/zcs-*.tgz /var/www/html/zcs-${BUILDVER}.tgz
+EOF
+chmod +x /usr/local/bin/mtm-zmbuild
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/debian-13/debian-12to13.sh
+++ b/debian-13/debian-12to13.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
+
+if [ "${FREEMEM}" -lt 130000 ]; then
+	echo "Not enough free ram, exiting"
+	exit 1
+fi
+
+declare PHPOLDVER=""
+declare -r PHPOLD=$(apt list --installed | grep php)
+if [[ "${PHPOLD}" != "" ]] ;then
+	PHPOLDVER=$(ls /etc/php | tail -n 1)
+	apt list --installed | grep php > ./12to13-phpold.txt
+	sed -i 's/\/.*//' ./12to13-phpold.txt
+fi
+
+
+
+
+sed -i 's/bookworm/trixie/' /etc/apt/sources.list
+sed -i 's/bookworm/trixie/' /etc/apt/sources.list.d/*
+# Check other sources if needed
+
+
+# Can resolve dpkg issue :
+# echo "" > /var/lib/dpkg/available
+# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
+
+apt update
+apt full-upgrade -y
+apt autoremove -y
+apt autoclean -y
+apt autopurge -y
+
+declare PHPNEWVER=""
+declare -r PHPNEW=$(apt list --installed | grep php)
+if [[ "${PHPNEW}" != "" ]] ;then
+	PHPNEWVER=$(ls /etc/php | tail -n 1)
+	apt list --installed | grep php > ./12to13-phpnew.txt
+	sed -i 's/\/.*//' ./12to13-phpnew.txt
+
+	cp ./12to13-phpold.txt ./12to13-phpold.fordiff
+	sed -i "s/${PHPOLDVER}/${PHPNEWVER}/" ./12to13-phpold.fordiff
+	diff ./12to13-phpold.fordiff ./12to13-phpnew.txt | grep "<" > ./12to13-php.diff
+	rm ./12to13-phpold.fordiff
+
+	echo ""
+	echo "PHP V${PHPOLDVER} detected"
+	echo "New version : ${PHPNEWVER}"
+	echo ""
+	cat ./12to13-php.diff
+	echo ""
+	echo "You can consult files 12to13-php.* after reboot"
+	echo ""
+fi
+
+#if [ -d /sys/firmware/efi ]; then
+#	if [ -d /etc/pve ]; then
+#		apt install -y systemd-boot
+#	fi
+#fi
+
+apt modernize-sources
+
+
+echo ""
+hostname
+read -n 1 -s -r -p "Press any key to reboot"
+reboot
--- a/debian-13/files/alias.sh
+++ b/debian-13/files/alias.sh
@@ -0,0 +1,11 @@
+alias ls='ls --color=auto -hl --time-style long-iso'
+alias l='ls --color=auto -hlA --time-style long-iso'
+alias ll='ls --color=auto -hla --time-style long-iso'
+alias cd..='cd ..'
+alias ff='find / -name'
+alias f='find . -name'
+alias fif='grep -rnw . -e'
+alias grep='grep --color=auto'
+alias ip='ip -c'
+alias vdir='vdir --color=auto'
+alias watch='watch --color'
--- a/debian-13/files/issue
+++ b/debian-13/files/issue
@@ -0,0 +1,21 @@
+\v \r \l
+
+    .o oOOOOOOOo                                            OOOo
+    Ob.OOOOOOOo  OOOo.      oOOo.                      .adOOOOOOO
+    OboO"""""""""""".OOo. .oOOOOOo.    OOOo.oOOOOOo.."""""""""'OO
+    OOP.oOOOOOOOOOOO "POOOOOOOOOOOo.   `"OOOOOOOOOP,OOOOOOOOOOOB'
+    `O'OOOO'     `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO'    `OOOOo
+    .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
+    OOOOO                 '"OOOOOOOOOOOOOOOO"`                oOO
+   oOOOOOba.                .adOOOOOOOOOOba               .adOOOOo.
+  oOOOOOOOOOOOOOba.    .adOOOOOOOOOO@^OOOOOOOba.     .adOOOOOOOOOOOO
+ OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"`  '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
+ "OOOO"       "YOoOOOOMOIONODOO"`  .   '"OOROAOPOEOOOoOY"     "OOO"
+    Y           'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?'         :`
+    :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO?         .
+    .            oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
+                 '%o  OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
+                      `$"  `OOOO' `O"Y ' `OOOO'  o             .
+    .                  .     OP"          : o     .
+                              :
+                              .
--- a/debian-13/files/ps1.sh
+++ b/debian-13/files/ps1.sh
@@ -0,0 +1,5 @@
+clrreset='\e[0m'
+clrwhite='\e[1;37m'
+clrgreen='\e[1;32m'
+clrred='\e[1;31m'
+export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"
--- a/debian-13/files/rules.v4
+++ b/debian-13/files/rules.v4
@@ -0,0 +1,13 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# Ping
+-A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
+# SNMPD
+-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
+COMMIT
--- a/debian-13/files/rules.v6
+++ b/debian-13/files/rules.v6
@@ -0,0 +1,7 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+COMMIT
--- a/debian-13/init.sh
+++ b/debian-13/init.sh
@@ -0,0 +1,346 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare DIR_URL=debian-13
+IPV4=127.0.0.1
+ISLXC=0
+ISPVE=0
+ISPMG=0
+
+showHelp() {
+	echo "init.sh"
+	echo ""
+	echo "usage :"
+	echo "bash init.sh [options]"
+	echo " -b | --base-url url"
+}
+
+InitConst() {
+	IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+	
+	grep -q -v -a lxc /proc/1/environ
+	ISLXC=$?
+	
+	if [[ -d "/etc/pve" ]]; then
+		ISPVE=1
+	fi
+	if [[ -d "/etc/pmg" ]]; then
+		ISPMG=1
+	fi
+}
+
+Main() {
+	InitConst
+	if [[ ${ISLXC} == 0 ]]; then
+		if [[ ${ISPVE} == 0 ]]; then
+			NetSetHostname
+			NetIPConfig
+		fi
+	else
+		if [[ ${ISPMG} == 0 ]]; then
+			APTCleanupLXCPackage
+		fi
+	fi
+	if [[ ${ISPVE} == 0 ]]; then
+		NetCleanUpSystemdResolved
+	fi
+	APTSetProxy
+	APTUpdateDist
+	APTInstallBase
+	APTCleanAll
+	BashSetAlias
+	BashSetPS
+	NanoSetConfig
+	if [[ ${ISPVE} == 0 ]]; then
+		IssueSetContent
+	fi
+	SSHEnableRootLogin
+	GrubSetConfig
+	if [[ ${ISPVE} == 0 ]]; then
+		InstApps
+	fi
+	Reboot
+}
+
+NetSetHostname() {
+	hostname=$(hostname)
+	hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
+		hostnamectl set-hostname "${hostname}"
+	fi
+}
+NetIPConfig() {
+	options=()
+	options+=("DHCP" "")
+	options+=("Static" "")
+	sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		case ${sel} in
+			"Static") NetIPConfigStatic;;
+		esac
+	fi
+}
+NetIPConfigStatic() {
+	netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
+	netif=${netif:1}
+	netip="${IPV4}"
+	netmask="255.255.255.0"
+	netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
+		netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
+			netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
+			if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
+				netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
+				if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
+					echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/"${netif}"
+					echo "iface ${netif} inet static" >> /etc/network/interfaces.d/"${netif}"
+					echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/"${netif}"
+					echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/"${netif}"
+					echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/"${netif}"
+					sed -i "/${netif}/d" /etc/network/interfaces
+					echo "nameserver ${netdns}" > /etc/resolv.conf
+				fi
+			fi
+		fi
+	fi
+}
+NetCleanUpSystemdResolved() {
+	sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
+	sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
+	systemctl restart systemd-resolved
+}
+
+APTSetProxy() {
+	proxy=""
+	proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		if [ "${proxy}" != "" ]; then
+			echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
+		fi
+	fi
+}
+APTCleanupLXCPackage() {
+	apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
+}
+APTUpdateDist() {
+	apt update -y
+	apt dist-upgrade -y
+}
+APTInstallBase() {
+	options=()
+	options+=("curl" "" on)
+	options+=("wget" "" on)
+	options+=("lsof" "" on)
+	options+=("acpi" "" on)
+	options+=("bash-completion" "" on)
+	if [[ ${ISPVE} == 0 ]]; then
+		options+=("iptables" "" on)
+		options+=("iptables-persistent" "" on)
+	else
+		options+=("iptables" "" off)
+		options+=("iptables-persistent" "" off)
+	fi
+	options+=("openssh-server" "" on)
+	options+=("gnupg" "" on)
+	options+=("rsync" "" on)
+	options+=("nmon" "" on)
+	options+=("snmpd" "" on)
+	options+=("clevis-net" "" off)
+  sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+  if [ "$?" = "0" ]; then
+		pkg=""
+		for itm in ${sel}; do
+			# shellcheck disable=SC2001
+			case ${itm} in
+			'"iptables-persistent"')
+				pkg="${pkg} $(echo "${itm}" | sed 's/"//g')"
+				IPTablesPostInstall;;
+			'"clevis-net"')
+				pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
+			*)
+				pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";;
+			esac
+		done
+		# shellcheck disable=SC2086
+		apt install -y ${pkg}
+		for itm in ${sel}; do
+			case ${itm} in
+			'"iptables-persistent"')
+				IPTablesConfig;;
+			'"snmpd"')
+				SNMPDConfig;;
+			'"clevis-net"')
+				ClevisNetInit;;
+			esac
+		done
+	fi
+}
+APTCleanAll() {
+	apt-get autoremove -y
+	apt-get autoclean -y
+}
+
+BashSetAlias() {
+	wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
+}
+BashSetPS() {
+	wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
+}
+
+NanoSetConfig() {
+	sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
+	{
+		echo "set numbercolor brightwhite"
+		echo "set statuscolor brightwhite,green"
+		echo "set keycolor cyan"
+		echo "set functioncolor green"
+	} >> /etc/nanorc
+	{
+		echo "set titlecolor brightwhite,red"
+		echo "set statuscolor brightwhite,red"
+	} > /root/.nanorc
+}
+
+IssueSetContent() {
+	wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
+}
+
+IPTablesPostInstall() {
+	echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+	echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+}
+IPTablesConfig() {
+	wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
+	wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
+	iptables-restore /etc/iptables/rules.v4
+	ip6tables-restore /etc/iptables/rules.v6
+}
+
+SNMPDConfig() {
+	cummunityname=public
+	cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
+	sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
+	sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
+	systemctl restart snmpd
+}
+
+ClevisNetInit() {
+	LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
+	options=()
+	IFS_ORIG=$IFS
+	IFS=$'\n'
+	for LUKSPART in ${LUKSPARTS}
+	do  
+		options+=("${LUKSPART}" "")
+	done
+	IFS=$IFS_ORIG
+  DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+  if [ "$?" = "0" ]; then
+		TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ]; then
+			clevis luks bind -d ${DEV} tang "{\"url\": \"${TANGURL}\"}"
+			systemctl enable clevis-luks-askpass.path
+		fi
+  fi
+}
+
+SSHEnableRootLogin() {
+	sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
+	systemctl restart sshd
+}
+
+GrubSetConfig() {
+	if [ -f "/etc/default/grub" ]; then
+		sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
+		update-grub
+	fi
+}
+
+InstApps() {
+	options=()
+	options+=("nodejs-24" "" off)
+	options+=("nodejs-22" "" off)
+	options+=("nodejs-20" "" off)
+	options+=("traefik" "" off)
+	options+=("naemon" "" off)
+	options+=("apt-cacher-ng" "" off)
+	options+=("nextcloud-30" "" off)
+	options+=("docker" "" off)
+	if [[ ${ISLXC} == 0 ]]; then
+		options+=("portainer" "" off)
+	fi
+	options+=("misc-apps" "..." off)
+	options+=("archived-apps" "..." off)
+	SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		for ITM in ${SEL}; do
+			case ${ITM//\"/} in
+			misc-apps)
+				InstMiscApps;;
+			archived-apps)
+				InstArchivedApps;;
+			*)
+				cd /tmp || exit
+				wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+				bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
+			esac
+		done
+	fi
+}
+InstMiscApps() {
+	options=()
+	options+=("bind9" "" off)
+	options+=("iperf3" "" off)
+	options+=("tang" "" off)
+	options+=("rinetd" "! (Not Work)" off)
+	options+=("tor-gw" "" off)
+	options+=("zm-builder" "" off)
+	options+=("nextcloud-latest" "unsafe" off)
+	SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		for ITM in ${SEL}; do
+			cd /tmp || exit
+			wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+			bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
+		done
+	fi
+}
+InstArchivedApps() {
+	options=()
+	SEL=$(whiptail --title "Archived Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		for ITM in ${SEL}; do
+			cd /tmp || exit
+			wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+			bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
+		done
+	fi
+}
+
+Reboot() {
+	if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
+		reboot
+	fi
+}
+
+while [ ${#} -gt 0 ]; do
+	case ${1} in
+		--help) showHelp; exit 0;;
+		-b | --base-url) BASE_URL="${2}"; shift;;
+		*) shift;;
+	esac
+done
+
+Main
--- a/debian-up.sh
+++ b/debian-up.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare DEBVER=0
+declare DEBVERUP=0
+
+getVer() {
+	DEBVER=$(grep "VERSION_ID=" /etc/os-release | sed 's/"//g' | sed 's/.*=//')
+	DEBVERUP=$((DEBVER+1))
+}
+
+run() {
+	apt update -y
+	apt install -y wget
+	wget -P /tmp ${BASE_URL}/debian-${DEBVERUP}/debian-${DEBVER}to${DEBVERUP}.sh
+	bash /tmp/debian-${DEBVER}to${DEBVERUP}.sh
+}
+
+getVer
+run
--- a/ubuntu-20.04/ubuntu-up.sh
+++ b/ubuntu-20.04/ubuntu-up.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
+
+if [ "${FREEMEM}" -lt 130000 ]; then
+	echo "Not enough free ram, exiting"
+	exit 1
+fi
+
+
+
+
+sed -i 's/focal/jammy/' /etc/apt/sources.list
+sed -i 's/focal/jammy/' /etc/apt/sources.list.d/*
+# Check other sources if needed
+
+
+# Can resolve dpkg issue :
+# echo "" > /var/lib/dpkg/available
+# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
+
+apt update
+apt dist-upgrade -y
+apt autoclean -y
+apt autopurge -y
+
+#if [ -d /sys/firmware/efi ]; then
+#	if [ -d /etc/pve ]; then
+#		apt install -y systemd-boot
+#	fi
+#fi
+
+
+echo ""
+hostname
+read -n 1 -s -r -p "Press any key to reboot"
+reboot
--- a/ubuntu-22.04/apps/bind9/bind9.sh
+++ b/ubuntu-22.04/apps/bind9/bind9.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y bind9
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/ubuntu-22.04/apps/iperf3/iperf3.sh
+++ b/ubuntu-22.04/apps/iperf3/iperf3.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y iperf3
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/ubuntu-22.04/files/alias.sh
+++ b/ubuntu-22.04/files/alias.sh
@@ -0,0 +1,11 @@
+alias ls='ls --color=auto -hl --time-style long-iso'
+alias l='ls --color=auto -hlA --time-style long-iso'
+alias ll='ls --color=auto -hla --time-style long-iso'
+alias cd..='cd ..'
+alias ff='find / -name'
+alias f='find . -name'
+alias fif='grep -rnw . -e'
+alias grep='grep --color=auto'
+alias ip='ip -c'
+alias vdir='vdir --color=auto'
+alias watch='watch --color'
--- a/ubuntu-22.04/files/issue
+++ b/ubuntu-22.04/files/issue
@@ -0,0 +1,21 @@
+\v \r \l
+
+    .o oOOOOOOOo                                            OOOo
+    Ob.OOOOOOOo  OOOo.      oOOo.                      .adOOOOOOO
+    OboO"""""""""""".OOo. .oOOOOOo.    OOOo.oOOOOOo.."""""""""'OO
+    OOP.oOOOOOOOOOOO "POOOOOOOOOOOo.   `"OOOOOOOOOP,OOOOOOOOOOOB'
+    `O'OOOO'     `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO'    `OOOOo
+    .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
+    OOOOO                 '"OOOOOOOOOOOOOOOO"`                oOO
+   oOOOOOba.                .adOOOOOOOOOOba               .adOOOOo.
+  oOOOOOOOOOOOOOba.    .adOOOOOOOOOO@^OOOOOOOba.     .adOOOOOOOOOOOO
+ OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"`  '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
+ "OOOO"       "YOoOOOOMOIONODOO"`  .   '"OOROAOPOEOOOoOY"     "OOO"
+    Y           'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?'         :`
+    :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO?         .
+    .            oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
+                 '%o  OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
+                      `$"  `OOOO' `O"Y ' `OOOO'  o             .
+    .                  .     OP"          : o     .
+                              :
+                              .
--- a/ubuntu-22.04/files/ps1.sh
+++ b/ubuntu-22.04/files/ps1.sh
@@ -0,0 +1,5 @@
+clrreset='\e[0m'
+clrwhite='\e[1;37m'
+clrgreen='\e[1;32m'
+clrred='\e[1;31m'
+export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"
--- a/ubuntu-22.04/files/rules.v4
+++ b/ubuntu-22.04/files/rules.v4
@@ -0,0 +1,13 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# Ping
+-A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
+# SNMPD
+-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
+COMMIT
--- a/ubuntu-22.04/files/rules.v6
+++ b/ubuntu-22.04/files/rules.v6
@@ -0,0 +1,7 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+COMMIT
--- a/ubuntu-22.04/init.sh
+++ b/ubuntu-22.04/init.sh
@@ -0,0 +1,302 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare DIR_URL=ubuntu-22.04
+declare IPV4=127.0.0.1
+declare ISLXC=0
+
+showHelp() {
+	echo "init.sh"
+	echo ""
+	echo "use :"
+	echo "bash init.sh [options]"
+	echo " -b | --base-url url"
+}
+
+InitConst() {
+	IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+	
+	grep -q -v -a lxc /proc/1/environ
+	ISLXC=$?
+}
+
+Main() {
+	InitConst
+	if [[ ${ISLXC} == 0 ]]; then
+		NetSetHostname
+		NetIPConfig
+	else
+		APTCleanupLXCPackage
+	fi
+	NetCleanUpSystemdResolved
+	APTSetProxy
+	APTUpdateDist
+	APTInstallBase
+	APTCleanAll
+	BashSetAlias
+	BashSetPS
+	BashRMbashrc
+	NanoSetConfig
+	IssueSetContent
+	SSHEnableRootLogin
+	GrubSetConfig
+	InstApps
+	Reboot
+}
+
+NetSetHostname() {
+	hostname=$(hostname)
+	hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
+		hostnamectl set-hostname "${hostname}"
+	fi
+}
+NetIPConfig() {
+	options=()
+	options+=("DHCP" "")
+	options+=("Static" "")
+	sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		case ${sel} in
+			"Static") NetIPConfigStatic;;
+		esac
+	fi
+}
+NetIPConfigStatic() {
+	netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
+	netif=${netif:1}
+	netip="${IPV4}"
+	netmask="255.255.255.0"
+	netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
+		netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
+			netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
+			if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
+				netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
+				if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
+					echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
+					echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
+					echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
+					echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
+					echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
+					sed -i "/${netif}/d" /etc/network/interfaces
+					echo "nameserver ${netdns}" > /etc/resolv.conf
+				fi
+			fi
+		fi
+	fi
+}
+NetCleanUpSystemdResolved() {
+	sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
+	sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
+	systemctl restart systemd-resolved
+}
+
+APTSetProxy() {
+	proxy=""
+	proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		if [ "${proxy}" != "" ]; then
+			echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
+		fi
+	fi
+}
+APTCleanupLXCPackage() {
+	echo "Skip"
+	# apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
+}
+APTUpdateDist() {
+	apt update -y
+	apt dist-upgrade -y
+}
+APTInstallBase() {
+	options=()
+	options+=("curl" "" on)
+	options+=("wget" "" on)
+	options+=("lsof" "" on)
+	options+=("acpi" "" on)
+	options+=("bash-completion" "" on)
+	options+=("iptables" "" on)
+	options+=("iptables-persistent" "" on)
+	options+=("openssh-server" "" on)
+	options+=("gnupg" "" on)
+	options+=("rsync" "" on)
+	options+=("nmon" "" on)
+	options+=("snmpd" "" on)
+	options+=("clevis-net" "" off)
+  sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	# shellcheck disable=SC2001
+	if [ "$?" = "0" ]; then
+		pkg=""
+		for itm in ${sel}; do
+			case ${itm} in
+			'"iptables-persistent"')
+				pkg="${pkg} $(echo "${itm}" | sed 's/"//g')"
+				IPTablesPostInstall;;
+			'"clevis-net"')
+				pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
+			*)
+				pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";;
+			esac
+		done
+		# shellcheck disable=SC2086
+		apt install -y ${pkg}
+		for itm in ${sel}; do
+			case ${itm} in
+			'"iptables-persistent"')
+				IPTablesConfig;;
+			'"snmpd"')
+				SNMPDConfig;;
+			'"clevis-net"')
+				ClevisNetInit;;
+			esac
+		done
+	fi
+}
+APTCleanAll() {
+	apt-get autoremove -y
+	apt-get autoclean -y
+}
+
+BashSetAlias() {
+	wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
+}
+BashSetPS() {
+	wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
+}
+BashRMbashrc() {
+	rm /root/.bashrc
+}
+
+NanoSetConfig() {
+	sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
+	{
+		echo "set numbercolor brightwhite"
+		echo "set statuscolor brightwhite,green"
+		echo "set keycolor cyan"
+		echo "set functioncolor green"
+	} >> /etc/nanorc
+	{
+		echo "set titlecolor brightwhite,red"
+		echo "set statuscolor brightwhite,red"
+	} > /root/.nanorc
+}
+
+IssueSetContent() {
+	wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
+}
+
+IPTablesPostInstall() {
+	echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+	echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+}
+IPTablesConfig() {
+	wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
+	wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
+	iptables-restore /etc/iptables/rules.v4
+	ip6tables-restore /etc/iptables/rules.v6
+}
+
+SNMPDConfig() {
+	cummunityname=public
+	cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
+	sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
+	sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
+	systemctl restart snmpd
+}
+
+ClevisNetInit() {
+	LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
+	options=()
+	IFS_ORIG=$IFS
+	IFS=$'\n'
+	for LUKSPART in ${LUKSPARTS}
+	do  
+		options+=("${LUKSPART}" "")
+	done
+	IFS=$IFS_ORIG
+	DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ]; then
+			clevis luks bind -d "${DEV}" tang "{\"url\": \"${TANGURL}\"}"
+			systemctl enable clevis-luks-askpass.path
+		fi
+	fi
+}
+
+SSHEnableRootLogin() {
+	sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
+	systemctl restart sshd
+}
+
+GrubSetConfig() {
+	if [ -f "/etc/default/grub" ]; then
+		sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
+		update-grub
+	fi
+}
+
+InstApps() {
+	options=()
+	#if [[ ${ISLXC} == 0 ]]; then
+	#	options+=("docker" "" off)
+	#	options+=("portainer" "" off)
+	#fi
+	options+=("misc-apps" "..." off)
+	SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		for ITM in ${SEL}; do
+			case ${ITM//\"/} in
+			misc-apps)
+				InstMiscApps;;
+			archived-apps)
+				InstArchivedApps;;
+			*)
+				cd /tmp || exit
+				wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+				bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
+			esac
+		done
+	fi
+}
+InstMiscApps() {
+	options=()
+	options+=("bind9" "" off)
+	options+=("iperf3" "" off)
+	SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		for ITM in ${SEL}; do
+			cd /tmp || exit
+			wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+			bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
+		done
+	fi
+}
+
+Reboot() {
+	if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
+		reboot
+	fi
+}
+
+while [ ${#} -gt 0 ]; do
+	case ${1} in
+		--help) showHelp; exit 0;;
+		-b | --base-url) BASE_URL="${2}"; shift;;
+		*) shift;;
+	esac
+done
+
+Main
--- a/ubuntu-22.04/ubuntu-up.sh
+++ b/ubuntu-22.04/ubuntu-up.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
+
+if [ "${FREEMEM}" -lt 130000 ]; then
+	echo "Not enough free ram, exiting"
+	exit 1
+fi
+
+
+
+
+sed -i 's/jammy/noble/' /etc/apt/sources.list
+sed -i 's/jammy/noble/' /etc/apt/sources.list.d/*
+# Check other sources if needed
+
+
+# Can resolve dpkg issue :
+# echo "" > /var/lib/dpkg/available
+# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
+
+apt update
+apt dist-upgrade -y
+apt autoclean -y
+apt autopurge -y
+
+#if [ -d /sys/firmware/efi ]; then
+#	if [ -d /etc/pve ]; then
+#		apt install -y systemd-boot
+#	fi
+#fi
+
+
+echo ""
+hostname
+read -n 1 -s -r -p "Press any key to reboot"
+reboot
--- a/ubuntu-24.04/apps/bind9/bind9.sh
+++ b/ubuntu-24.04/apps/bind9/bind9.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y bind9
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/ubuntu-24.04/apps/iperf3/iperf3.sh
+++ b/ubuntu-24.04/apps/iperf3/iperf3.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y iperf3
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/ubuntu-24.04/files/alias.sh
+++ b/ubuntu-24.04/files/alias.sh
@@ -0,0 +1,11 @@
+alias ls='ls --color=auto -hl --time-style long-iso'
+alias l='ls --color=auto -hlA --time-style long-iso'
+alias ll='ls --color=auto -hla --time-style long-iso'
+alias cd..='cd ..'
+alias ff='find / -name'
+alias f='find . -name'
+alias fif='grep -rnw . -e'
+alias grep='grep --color=auto'
+alias ip='ip -c'
+alias vdir='vdir --color=auto'
+alias watch='watch --color'
--- a/ubuntu-24.04/files/issue
+++ b/ubuntu-24.04/files/issue
@@ -0,0 +1,21 @@
+\v \r \l
+
+    .o oOOOOOOOo                                            OOOo
+    Ob.OOOOOOOo  OOOo.      oOOo.                      .adOOOOOOO
+    OboO"""""""""""".OOo. .oOOOOOo.    OOOo.oOOOOOo.."""""""""'OO
+    OOP.oOOOOOOOOOOO "POOOOOOOOOOOo.   `"OOOOOOOOOP,OOOOOOOOOOOB'
+    `O'OOOO'     `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO'    `OOOOo
+    .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
+    OOOOO                 '"OOOOOOOOOOOOOOOO"`                oOO
+   oOOOOOba.                .adOOOOOOOOOOba               .adOOOOo.
+  oOOOOOOOOOOOOOba.    .adOOOOOOOOOO@^OOOOOOOba.     .adOOOOOOOOOOOO
+ OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"`  '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
+ "OOOO"       "YOoOOOOMOIONODOO"`  .   '"OOROAOPOEOOOoOY"     "OOO"
+    Y           'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?'         :`
+    :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO?         .
+    .            oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
+                 '%o  OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
+                      `$"  `OOOO' `O"Y ' `OOOO'  o             .
+    .                  .     OP"          : o     .
+                              :
+                              .
--- a/ubuntu-24.04/files/ps1.sh
+++ b/ubuntu-24.04/files/ps1.sh
@@ -0,0 +1,5 @@
+clrreset='\e[0m'
+clrwhite='\e[1;37m'
+clrgreen='\e[1;32m'
+clrred='\e[1;31m'
+export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"
--- a/ubuntu-24.04/files/rules.v4
+++ b/ubuntu-24.04/files/rules.v4
@@ -0,0 +1,13 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# Ping
+-A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
+# SNMPD
+-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
+COMMIT
--- a/ubuntu-24.04/files/rules.v6
+++ b/ubuntu-24.04/files/rules.v6
@@ -0,0 +1,7 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+COMMIT
--- a/ubuntu-24.04/init.sh
+++ b/ubuntu-24.04/init.sh
@@ -0,0 +1,302 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare DIR_URL=ubuntu-24.04
+declare IPV4=127.0.0.1
+declare ISLXC=0
+
+showHelp() {
+	echo "init.sh"
+	echo ""
+	echo "use :"
+	echo "bash init.sh [options]"
+	echo " -b | --base-url url"
+}
+
+InitConst() {
+	IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+	
+	grep -q -v -a lxc /proc/1/environ
+	ISLXC=$?
+}
+
+Main() {
+	InitConst
+	if [[ ${ISLXC} == 0 ]]; then
+		NetSetHostname
+		NetIPConfig
+	else
+		APTCleanupLXCPackage
+	fi
+	NetCleanUpSystemdResolved
+	APTSetProxy
+	APTUpdateDist
+	APTInstallBase
+	APTCleanAll
+	BashSetAlias
+	BashSetPS
+	BashRMbashrc
+	NanoSetConfig
+	IssueSetContent
+	SSHEnableRootLogin
+	GrubSetConfig
+	InstApps
+	Reboot
+}
+
+NetSetHostname() {
+	hostname=$(hostname)
+	hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
+		hostnamectl set-hostname "${hostname}"
+	fi
+}
+NetIPConfig() {
+	options=()
+	options+=("DHCP" "")
+	options+=("Static" "")
+	sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		case ${sel} in
+			"Static") NetIPConfigStatic;;
+		esac
+	fi
+}
+NetIPConfigStatic() {
+	netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
+	netif=${netif:1}
+	netip="${IPV4}"
+	netmask="255.255.255.0"
+	netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
+		netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
+			netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
+			if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
+				netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
+				if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
+					echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
+					echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
+					echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
+					echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
+					echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
+					sed -i "/${netif}/d" /etc/network/interfaces
+					echo "nameserver ${netdns}" > /etc/resolv.conf
+				fi
+			fi
+		fi
+	fi
+}
+NetCleanUpSystemdResolved() {
+	sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
+	sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
+	systemctl restart systemd-resolved
+}
+
+APTSetProxy() {
+	proxy=""
+	proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		if [ "${proxy}" != "" ]; then
+			echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
+		fi
+	fi
+}
+APTCleanupLXCPackage() {
+	echo "Skip"
+	# apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
+}
+APTUpdateDist() {
+	apt update -y
+	apt dist-upgrade -y
+}
+APTInstallBase() {
+	options=()
+	options+=("curl" "" on)
+	options+=("wget" "" on)
+	options+=("lsof" "" on)
+	options+=("acpi" "" on)
+	options+=("bash-completion" "" on)
+	options+=("iptables" "" on)
+	options+=("iptables-persistent" "" on)
+	options+=("openssh-server" "" on)
+	options+=("gnupg" "" on)
+	options+=("rsync" "" on)
+	options+=("nmon" "" on)
+	options+=("snmpd" "" on)
+	options+=("clevis-net" "" off)
+  sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	# shellcheck disable=SC2001
+	if [ "$?" = "0" ]; then
+		pkg=""
+		for itm in ${sel}; do
+			case ${itm} in
+			'"iptables-persistent"')
+				pkg="${pkg} $(echo "${itm}" | sed 's/"//g')"
+				IPTablesPostInstall;;
+			'"clevis-net"')
+				pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
+			*)
+				pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";;
+			esac
+		done
+		# shellcheck disable=SC2086
+		apt install -y ${pkg}
+		for itm in ${sel}; do
+			case ${itm} in
+			'"iptables-persistent"')
+				IPTablesConfig;;
+			'"snmpd"')
+				SNMPDConfig;;
+			'"clevis-net"')
+				ClevisNetInit;;
+			esac
+		done
+	fi
+}
+APTCleanAll() {
+	apt-get autoremove -y
+	apt-get autoclean -y
+}
+
+BashSetAlias() {
+	wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
+}
+BashSetPS() {
+	wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
+}
+BashRMbashrc() {
+	rm /root/.bashrc
+}
+
+NanoSetConfig() {
+	sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
+	{
+		echo "set numbercolor brightwhite"
+		echo "set statuscolor brightwhite,green"
+		echo "set keycolor cyan"
+		echo "set functioncolor green"
+	} >> /etc/nanorc
+	{
+		echo "set titlecolor brightwhite,red"
+		echo "set statuscolor brightwhite,red"
+	} > /root/.nanorc
+}
+
+IssueSetContent() {
+	wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
+}
+
+IPTablesPostInstall() {
+	echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+	echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+}
+IPTablesConfig() {
+	wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
+	wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
+	iptables-restore /etc/iptables/rules.v4
+	ip6tables-restore /etc/iptables/rules.v6
+}
+
+SNMPDConfig() {
+	cummunityname=public
+	cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
+	sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
+	sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
+	systemctl restart snmpd
+}
+
+ClevisNetInit() {
+	LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
+	options=()
+	IFS_ORIG=$IFS
+	IFS=$'\n'
+	for LUKSPART in ${LUKSPARTS}
+	do  
+		options+=("${LUKSPART}" "")
+	done
+	IFS=$IFS_ORIG
+	DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ]; then
+			clevis luks bind -d "${DEV}" tang "{\"url\": \"${TANGURL}\"}"
+			systemctl enable clevis-luks-askpass.path
+		fi
+	fi
+}
+
+SSHEnableRootLogin() {
+	sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
+	systemctl restart sshd
+}
+
+GrubSetConfig() {
+	if [ -f "/etc/default/grub" ]; then
+		sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
+		update-grub
+	fi
+}
+
+InstApps() {
+	options=()
+	#if [[ ${ISLXC} == 0 ]]; then
+	#	options+=("docker" "" off)
+	#	options+=("portainer" "" off)
+	#fi
+	options+=("misc-apps" "..." off)
+	SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		for ITM in ${SEL}; do
+			case ${ITM//\"/} in
+			misc-apps)
+				InstMiscApps;;
+			archived-apps)
+				InstArchivedApps;;
+			*)
+				cd /tmp || exit
+				wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+				bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
+			esac
+		done
+	fi
+}
+InstMiscApps() {
+	options=()
+	options+=("bind9" "" off)
+	options+=("iperf3" "" off)
+	SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		for ITM in ${SEL}; do
+			cd /tmp || exit
+			wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+			bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
+		done
+	fi
+}
+
+Reboot() {
+	if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
+		reboot
+	fi
+}
+
+while [ ${#} -gt 0 ]; do
+	case ${1} in
+		--help) showHelp; exit 0;;
+		-b | --base-url) BASE_URL="${2}"; shift;;
+		*) shift;;
+	esac
+done
+
+Main
--- a/ubuntu-24.04/ubuntu-up.sh
+++ b/ubuntu-24.04/ubuntu-up.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+declare -r FREEMEM=$(free |grep Mem: | awk '{print $4}')
+
+if [ "${FREEMEM}" -lt 130000 ]; then
+	echo "Not enough free ram, exiting"
+	exit 1
+fi
+
+
+
+
+sed -i 's/noble/resolute/' /etc/apt/sources.list
+sed -i 's/noble/resolute/' /etc/apt/sources.list.d/*
+# Check other sources if needed
+
+
+# Can resolve dpkg issue :
+# echo "" > /var/lib/dpkg/available
+# sh -c 'for i in /var/lib/apt/lists/*_Packages; do dpkg --merge-avail "$i"; done'
+
+apt update
+apt dist-upgrade -y
+apt autoclean -y
+apt autopurge -y
+
+#if [ -d /sys/firmware/efi ]; then
+#	if [ -d /etc/pve ]; then
+#		apt install -y systemd-boot
+#	fi
+#fi
+
+
+echo ""
+hostname
+read -n 1 -s -r -p "Press any key to reboot"
+reboot
--- a/ubuntu-26.04/apps/bind9/bind9.sh
+++ b/ubuntu-26.04/apps/bind9/bind9.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y bind9
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # DNS' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/ubuntu-26.04/apps/iperf3/iperf3.sh
+++ b/ubuntu-26.04/apps/iperf3/iperf3.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+apt install -y iperf3
+
+if [ -f "/etc/iptables/rules.v4" ]; then
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 5201 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
+	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # IPERF' /etc/iptables/rules.v4
+	iptables-restore /etc/iptables/rules.v4
+fi
--- a/ubuntu-26.04/files/alias.sh
+++ b/ubuntu-26.04/files/alias.sh
@@ -0,0 +1,11 @@
+alias ls='ls --color=auto -hl --time-style long-iso'
+alias l='ls --color=auto -hlA --time-style long-iso'
+alias ll='ls --color=auto -hla --time-style long-iso'
+alias cd..='cd ..'
+alias ff='find / -name'
+alias f='find . -name'
+alias fif='grep -rnw . -e'
+alias grep='grep --color=auto'
+alias ip='ip -c'
+alias vdir='vdir --color=auto'
+alias watch='watch --color'
--- a/ubuntu-26.04/files/issue
+++ b/ubuntu-26.04/files/issue
@@ -0,0 +1,21 @@
+\v \r \l
+
+    .o oOOOOOOOo                                            OOOo
+    Ob.OOOOOOOo  OOOo.      oOOo.                      .adOOOOOOO
+    OboO"""""""""""".OOo. .oOOOOOo.    OOOo.oOOOOOo.."""""""""'OO
+    OOP.oOOOOOOOOOOO "POOOOOOOOOOOo.   `"OOOOOOOOOP,OOOOOOOOOOOB'
+    `O'OOOO'     `OOOOo"OOOOOOOOOOO` .adOOOOOOOOO"oOOO'    `OOOOo
+    .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
+    OOOOO                 '"OOOOOOOOOOOOOOOO"`                oOO
+   oOOOOOba.                .adOOOOOOOOOOba               .adOOOOo.
+  oOOOOOOOOOOOOOba.    .adOOOOOOOOOO@^OOOOOOOba.     .adOOOOOOOOOOOO
+ OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO"`  '"OOOOOOOOOOOOO.OOOOOOOOOOOOOO
+ "OOOO"       "YOoOOOOMOIONODOO"`  .   '"OOROAOPOEOOOoOY"     "OOO"
+    Y           'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?'         :`
+    :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO?         .
+    .            oOOP"%OOOOOOOOoOOOOOOO?oOOOOO?OOOO"OOo
+                 '%o  OOOO"%OOOO%"%OOOOO"OOOOOO"OOO':
+                      `$"  `OOOO' `O"Y ' `OOOO'  o             .
+    .                  .     OP"          : o     .
+                              :
+                              .
--- a/ubuntu-26.04/files/ps1.sh
+++ b/ubuntu-26.04/files/ps1.sh
@@ -0,0 +1,5 @@
+clrreset='\e[0m'
+clrwhite='\e[1;37m'
+clrgreen='\e[1;32m'
+clrred='\e[1;31m'
+export PS1="\[$clrred\][$USER@$HOSTNAME]\[$clrwhite\] \w \`if [ \$? = 0 ]; then echo -e '\[$clrgreen\]'; else echo -e '\[$clrred\]'; fi\`\\$ \[$clrreset\]"
--- a/ubuntu-26.04/files/rules.v4
+++ b/ubuntu-26.04/files/rules.v4
@@ -0,0 +1,13 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# Ping
+-A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
+# SNMPD
+-A INPUT -p udp -m udp --dport 161 -m state --state NEW -j ACCEPT
+COMMIT
--- a/ubuntu-26.04/files/rules.v6
+++ b/ubuntu-26.04/files/rules.v6
@@ -0,0 +1,7 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+COMMIT
--- a/ubuntu-26.04/init.sh
+++ b/ubuntu-26.04/init.sh
@@ -0,0 +1,302 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare DIR_URL=ubuntu-26.04
+declare IPV4=127.0.0.1
+declare ISLXC=0
+
+showHelp() {
+	echo "init.sh"
+	echo ""
+	echo "use :"
+	echo "bash init.sh [options]"
+	echo " -b | --base-url url"
+}
+
+InitConst() {
+	IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
+	
+	grep -q -v -a lxc /proc/1/environ
+	ISLXC=$?
+}
+
+Main() {
+	InitConst
+	if [[ ${ISLXC} == 0 ]]; then
+		NetSetHostname
+		NetIPConfig
+	else
+		APTCleanupLXCPackage
+	fi
+	NetCleanUpSystemdResolved
+	APTSetProxy
+	APTUpdateDist
+	APTInstallBase
+	APTCleanAll
+	BashSetAlias
+	BashSetPS
+	BashRMbashrc
+	NanoSetConfig
+	IssueSetContent
+	SSHEnableRootLogin
+	GrubSetConfig
+	InstApps
+	Reboot
+}
+
+NetSetHostname() {
+	hostname=$(hostname)
+	hostname=$(whiptail --title "Hostname + Domain" --inputbox "" 0 30 "${hostname}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${hostname}" != "" ]; then
+		hostnamectl set-hostname "${hostname}"
+	fi
+}
+NetIPConfig() {
+	options=()
+	options+=("DHCP" "")
+	options+=("Static" "")
+	sel=$(whiptail --title "Network" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		case ${sel} in
+			"Static") NetIPConfigStatic;;
+		esac
+	fi
+}
+NetIPConfigStatic() {
+	netif="$(ip a | grep ens | head -n1 | cut -d: -f2)"
+	netif=${netif:1}
+	netip="${IPV4}"
+	netmask="255.255.255.0"
+	netgw="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netdns="$(echo "${IPV4}" | cut -d. -f1-3).1"
+	netip=$(whiptail --title "Network" --inputbox "IP" 0 30 "${netip}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ] && [ "${netip}" != "" ]; then
+		netmask=$(whiptail --title "Network" --inputbox "Mask" 0 30 "${netmask}" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ] && [ "${netmask}" != "" ]; then
+			netgw=$(whiptail --title "Network" --inputbox "Route" 0 30 "${netgw}" 3>&1 1>&2 2>&3)
+			if [ "$?" = "0" ] && [ "${netgw}" != "" ]; then
+				netdns=$(whiptail --title "Network" --inputbox "DNS" 0 30 "${netdns}" 3>&1 1>&2 2>&3)
+				if [ "$?" = "0" ] && [ "${netdns}" != "" ]; then
+					echo "allow-hotplug ${netif}" > /etc/network/interfaces.d/${netif}
+					echo "iface ${netif} inet static" >> /etc/network/interfaces.d/${netif}
+					echo -e "\taddress ${netip}" >> /etc/network/interfaces.d/${netif}
+					echo -e "\tnetmask ${netmask}" >> /etc/network/interfaces.d/${netif}
+					echo -e "\tgateway ${netgw}" >> /etc/network/interfaces.d/${netif}
+					sed -i "/${netif}/d" /etc/network/interfaces
+					echo "nameserver ${netdns}" > /etc/resolv.conf
+				fi
+			fi
+		fi
+	fi
+}
+NetCleanUpSystemdResolved() {
+	sed -i s/#LLMNR=yes/LLMNR=no/ /etc/systemd/resolved.conf
+	sed -i s/#DNSStubListener=yes/DNSStubListener=no/ /etc/systemd/resolved.conf
+	systemctl restart systemd-resolved
+}
+
+APTSetProxy() {
+	proxy=""
+	proxy=$(whiptail --title "Proxy" --inputbox "ex : http://192.168.1.200/ or leave empty for none" 0 30 "${proxy}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		if [ "${proxy}" != "" ]; then
+			echo "Acquire::http { Proxy \"${proxy}\"; };" > /etc/apt/apt.conf.d/02proxy
+		fi
+	fi
+}
+APTCleanupLXCPackage() {
+	echo "Skip"
+	# apt remove -y bind9-host debian-faq doc-debian postfix x11-common fontconfig-config fonts-dejavu-core gdbm-l10n python-apt-common
+}
+APTUpdateDist() {
+	apt update -y
+	apt dist-upgrade -y
+}
+APTInstallBase() {
+	options=()
+	options+=("curl" "" on)
+	options+=("wget" "" on)
+	options+=("lsof" "" on)
+	options+=("acpi" "" on)
+	options+=("bash-completion" "" on)
+	options+=("iptables" "" on)
+	options+=("iptables-persistent" "" on)
+	options+=("openssh-server" "" on)
+	options+=("gnupg" "" on)
+	options+=("rsync" "" on)
+	options+=("nmon" "" on)
+	options+=("snmpd" "" on)
+	options+=("clevis-net" "" off)
+  sel=$(whiptail --title "Basic Install" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	# shellcheck disable=SC2001
+	if [ "$?" = "0" ]; then
+		pkg=""
+		for itm in ${sel}; do
+			case ${itm} in
+			'"iptables-persistent"')
+				pkg="${pkg} $(echo "${itm}" | sed 's/"//g')"
+				IPTablesPostInstall;;
+			'"clevis-net"')
+				pkg="${pkg} clevis clevis-luks clevis-systemd clevis-initramfs clevis-tpm2";;
+			*)
+				pkg="${pkg} $(echo "${itm}" | sed 's/"//g')";;
+			esac
+		done
+		# shellcheck disable=SC2086
+		apt install -y ${pkg}
+		for itm in ${sel}; do
+			case ${itm} in
+			'"iptables-persistent"')
+				IPTablesConfig;;
+			'"snmpd"')
+				SNMPDConfig;;
+			'"clevis-net"')
+				ClevisNetInit;;
+			esac
+		done
+	fi
+}
+APTCleanAll() {
+	apt-get autoremove -y
+	apt-get autoclean -y
+}
+
+BashSetAlias() {
+	wget -O /etc/profile.d/alias.sh "${BASE_URL}"/"${DIR_URL}"/files/alias.sh
+}
+BashSetPS() {
+	wget -O /etc/profile.d/ps1.sh "${BASE_URL}"/"${DIR_URL}"/files/ps1.sh
+}
+BashRMbashrc() {
+	rm /root/.bashrc
+}
+
+NanoSetConfig() {
+	sed -i "/tabsize/c\set tabsize 2" /etc/nanorc
+	{
+		echo "set numbercolor brightwhite"
+		echo "set statuscolor brightwhite,green"
+		echo "set keycolor cyan"
+		echo "set functioncolor green"
+	} >> /etc/nanorc
+	{
+		echo "set titlecolor brightwhite,red"
+		echo "set statuscolor brightwhite,red"
+	} > /root/.nanorc
+}
+
+IssueSetContent() {
+	wget -O /etc/issue "${BASE_URL}"/"${DIR_URL}"/files/issue
+}
+
+IPTablesPostInstall() {
+	echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+	echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+}
+IPTablesConfig() {
+	wget -O /etc/iptables/rules.v4 "${BASE_URL}"/"${DIR_URL}"/files/rules.v4
+	wget -O /etc/iptables/rules.v6 "${BASE_URL}"/"${DIR_URL}"/files/rules.v6
+	iptables-restore /etc/iptables/rules.v4
+	ip6tables-restore /etc/iptables/rules.v6
+}
+
+SNMPDConfig() {
+	cummunityname=public
+	cummunityname=$(whiptail --title "SNMP Community name" --inputbox "" 0 30 "${cummunityname}" 3>&1 1>&2 2>&3)
+	sed -i "s/public/${cummunityname}/" /etc/snmp/snmpd.conf
+	sed -i "s/127.0.0.1,\[::1\]/0.0.0.0/" /etc/snmp/snmpd.conf
+	systemctl restart snmpd
+}
+
+ClevisNetInit() {
+	LUKSPARTS=$(lsblk -p -l --fs |grep LUKS |cut -d " " -f1)
+	options=()
+	IFS_ORIG=$IFS
+	IFS=$'\n'
+	for LUKSPART in ${LUKSPARTS}
+	do  
+		options+=("${LUKSPART}" "")
+	done
+	IFS=$IFS_ORIG
+	DEV=$(whiptail --title "Select root LUKS part" --menu "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		TANGURL=$(whiptail --title "Tang Server" --inputbox "URL" 0 30 "" 3>&1 1>&2 2>&3)
+		if [ "$?" = "0" ]; then
+			clevis luks bind -d "${DEV}" tang "{\"url\": \"${TANGURL}\"}"
+			systemctl enable clevis-luks-askpass.path
+		fi
+	fi
+}
+
+SSHEnableRootLogin() {
+	sed -i "/PermitRootLogin prohibit-password/c\PermitRootLogin yes #prohibit-password" /etc/ssh/sshd_config
+	systemctl restart sshd
+}
+
+GrubSetConfig() {
+	if [ -f "/etc/default/grub" ]; then
+		sed -i "/GRUB_TIMEOUT/c\GRUB_TIMEOUT=1" /etc/default/grub
+		update-grub
+	fi
+}
+
+InstApps() {
+	options=()
+	#if [[ ${ISLXC} == 0 ]]; then
+	#	options+=("docker" "" off)
+	#	options+=("portainer" "" off)
+	#fi
+	options+=("misc-apps" "..." off)
+	SEL=$(whiptail --title "More Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		for ITM in ${SEL}; do
+			case ${ITM//\"/} in
+			misc-apps)
+				InstMiscApps;;
+			archived-apps)
+				InstArchivedApps;;
+			*)
+				cd /tmp || exit
+				wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+				bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}";;
+			esac
+		done
+	fi
+}
+InstMiscApps() {
+	options=()
+	options+=("bind9" "" off)
+	options+=("iperf3" "" off)
+	SEL=$(whiptail --title "Misc Apps" --checklist "" 0 0 0 "${options[@]}" 3>&1 1>&2 2>&3)
+	# shellcheck disable=SC2181
+	if [ "$?" = "0" ]; then
+		for ITM in ${SEL}; do
+			cd /tmp || exit
+			wget "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"/"${ITM//\"/}".sh
+			bash ./"${ITM//\"/}".sh "${BASE_URL}"/${DIR_URL}/apps/"${ITM//\"/}"
+		done
+	fi
+}
+
+Reboot() {
+	if whiptail --yesno "Reboot ?" 0 0 3>&1 1>&2 2>&3; then
+		reboot
+	fi
+}
+
+while [ ${#} -gt 0 ]; do
+	case ${1} in
+		--help) showHelp; exit 0;;
+		-b | --base-url) BASE_URL="${2}"; shift;;
+		*) shift;;
+	esac
+done
+
+Main
--- a/ubuntu-up.sh
+++ b/ubuntu-up.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+declare BASE_URL=https://git.netm.ch/m/os-init/raw/branch/main
+declare UBUNTUVER=0
+
+getVer() {
+	UBUNTUVER=$(grep "VERSION_ID=" /etc/os-release | sed 's/"//g' | sed 's/.*=//')
+}
+
+run() {
+	apt update -y
+	apt install -y wget
+	wget -P /tmp ${BASE_URL}/ubuntu-${UBUNTUVER}/ubuntu-up.sh
+	bash /tmp/ubuntu-up.sh
+}
+
+getVer
+run
Author	SHA1	Message	Date
MatMoul	fd17bea829	Add ubuntu 26.04	2025-11-09 20:01:08 +01:00
MatMoul	caaea6d202	Add ubuntu 24 to 26	2025-11-09 19:56:28 +01:00
MatMoul	090fde2843	Add ubuntu 22 to 24	2025-11-09 19:52:44 +01:00
MatMoul	5bc50b81bc	ubuntu-up.sh	2025-11-09 19:41:36 +01:00
MatMoul	36f601678d	Add ubuntu-up 20.04 to 22.04	2025-11-09 19:15:17 +01:00
MatMoul	60b6ee3845	Add ubuntu 22.04 and 24.04	2025-11-09 18:57:13 +01:00
MatMoul	92d48d0e81	alpine: add e2fsprogs-extra	2025-11-01 23:06:46 +01:00
MatMoul	18c05c7ec9	alpine: reorder apps	2025-11-01 22:23:38 +01:00
MatMoul	f1cbd13de6	alpine: clean docker script	2025-11-01 22:10:35 +01:00
MatMoul	6ac636fff4	Update portainer download path	2025-11-01 22:09:09 +01:00
MatMoul	cad7c24295	Refactor docker and clean old apps	2025-11-01 22:06:02 +01:00
MatMoul	45afd634db	alpine: add latest-update option	2025-11-01 21:24:46 +01:00
MatMoul	cb2b798a66	alpine: update portainer	2025-11-01 20:45:15 +01:00
MatMoul	4bb0fff594	alpine: update docker install	2025-11-01 20:38:44 +01:00
MatMoul	49fd25152d	alpine: add ssh iptable rules	2025-11-01 20:15:38 +01:00
MatMoul	c4ce343e69	debian13: Add modernize source	2025-08-23 22:48:44 +02:00
MatMoul	5930d35be2	Bug: debain -> debian	2025-06-01 03:03:14 +02:00
MatMoul	6789b09191	Add debian up	2025-06-01 02:28:01 +02:00
MatMoul	cba1318073	Add debian 13	2025-06-01 02:22:55 +02:00
MatMoul	d9bdb8e43b	Add naemon	2024-10-13 18:27:36 +02:00
MatMoul	0151a42143	Add Nextcloud 30	2024-10-06 17:03:37 +02:00
matmoul	ff2c48f644	Mise à jour de 'alpine/apps/gitea-act_runner/gitea-act_runner.sh'	2023-12-16 20:33:41 +00:00
matmoul	025caf2ebc	Mise à jour de 'alpine/apps/gitea-act_runner/gitea-act_runner.sh'	2023-12-16 20:27:46 +00:00
MatMoul	df348d8f69	alpine: gitea-act_runner	2023-12-14 00:33:08 +01:00
MatMoul	c8a867c4ae	Identation	2023-12-14 00:15:00 +01:00