reconfigure arayat

fix download file name
conf update
2025-10-30 15:56:40 +01:00 · 2025-10-30 15:56:40 +01:00 · 2025-10-18 10:58:39 +02:00 · 2025-10-16 18:05:27 +02:00 · 2025-10-16 16:09:05 +02:00 · 2025-10-16 15:36:35 +02:00
105 changed files with 3302 additions and 2184 deletions
--- a/README.md
+++ b/README.md
@@ -326,6 +326,14 @@ The following table is giving a list of error codes with explanation:
 | 16        | Invalid options provided with cron mode activated           |
 | 17        | Missing or invalid status file, can't resume                |
 | 18        | Module file don't exists or is empty                        |
 | 20        | Ambigous realm with autodetection                           |
 | 21        | Unconsistant directory structure with configured realm      |
 | 22        | Required secret management software missing                 |
 | 23        | Secret key not found in secret database                     |
 | 24        | File is not readable                                        |
 | 25        | Needed variable not set or not declared                     |
 | 26        | Secret reference missing or malformed                       |
 | 27        | Unknown secret reference                                    |
 | 50..100   | Error in module execution                                   |
 | 126       | Command exists but is not executable                        |
 | 127       | Command not found                                           |
@@ -392,7 +400,7 @@ You can mail author to fatalerrors \<at\> geoffray-levasseur \<dot\> org.
 -----------------------------------------------------------------------------
-Documentation (c) 2019-2022 Geoffray Levasseur.
+Documentation (c) 2019-2025 Geoffray Levasseur.
 This file is distributed under3-clause BSD license. The complete license
 agreement can be obtained at: https://opensource.org/licenses/BSD-3-Clause
--- a/README.txt
+++ b/README.txt
@@ -1,4 +0,0 @@
 This is deployment scripts for LEGOS git repository created on 2021-05-31-11:31:04
 An english version for general purpose is available at https://www.geoffray-levasseur.org/init
 Check README.md for details.
--- a/conf/auto/debian-12.conf.sh
+++ b/conf/auto/debian-12.conf.sh
@@ -0,0 +1,4 @@
 # Check debian.conf file for general declaration
 # This is specific for version 12
 export NTP_SERV=ntpsec
--- a/conf/auto/debian-13.conf.sh
+++ b/conf/auto/debian-13.conf.sh
@@ -0,0 +1,6 @@
 # Check debian.conf file for general declaration
 # This is specific for version 13
 export NTP_SERV=ntpsec
 export SOURCE_EXT=source
 export NO_MAIN_SOURCE=true
--- a/conf/auto/debian.conf.sh
+++ b/conf/auto/debian.conf.sh
@@ -19,6 +19,9 @@ export COM_AUTOREM="autoremove --purge -y"
 # This is not used by init.sh
 export DEBIAN_FRONTEND=noninteractive
 # Configure how apt behave regarding source.list files
 export NO_MAIN_SOURCE=false
 # Conf chemin
 export RC_SCRIPTS_PATH="/etc/init.d"
--- a/conf/auto/devuan-5.conf.sh
+++ b/conf/auto/devuan-5.conf.sh
@@ -0,0 +1,4 @@
 # Check devuan.conf file for general declaration
 # This is specific for version 5
 export NTP_SERV=ntpsec
--- a/conf/auto/devuan-6.conf.sh
+++ b/conf/auto/devuan-6.conf.sh
@@ -0,0 +1,4 @@
 # Check devuan.conf file for general declaration
 # This is specific for version 6
 export NTP_SERV=ntpsec
--- a/conf/auto/devuan.conf.sh
+++ b/conf/auto/devuan.conf.sh
@@ -11,9 +11,12 @@
 . $MYPATH/conf/auto/debian.conf.sh
 # Except init system :
 # Note that as Devuan allow also Runit, we should be able to detect correct init system.
 # Init SystemV ou OpenRC:
 export INIT_COM="$RC_SCRIPTS_PATH/%srv% %com%"
 # Init Systemd:
 #export INIT_COM="systemctl %comm% %srv%"
 # Init Upstart (plus ou moins universel)
 #export INIT_COM="service %srv% %com%"
--- a/conf/e-3s.lan/apagado.conf.sh
+++ b/conf/e-3s.lan/apagado.conf.sh
--- a/conf/e-3s.lan/sokol.conf.sh
+++ b/conf/e-3s.lan/sokol.conf.sh
--- a/conf/geoffray-levasseur.org/apo.conf.sh
+++ b/conf/geoffray-levasseur.org/apo.conf.sh
--- a/conf/geoffray-levasseur.org/arayat.conf.sh
+++ b/conf/geoffray-levasseur.org/arayat.conf.sh
@@ -41,10 +41,10 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 NET4_MODE_eth1="static"
-NET4_IP_eth1="192.168.74.220/24"
+NET4_IP_eth1="192.168.74.100/24"
 NET4_MODE_eth2="static"
-NET4_IP_eth2="10.0.254.220/16"
+NET4_IP_eth2="10.42.250.100/16"
 IPV6_IFACES="eth0 eth1"
@@ -63,7 +63,7 @@ NET6_IP_eth1="2a03:7220:8081:b34a::dc/64"
 INTALL_MODE=full
 # Paquets additionnels
-PKGSEL="$PKGSEL iptables fail2ban curl"
+PKGSEL="$PKGSEL iptables curl"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
--- a/conf/geoffray-levasseur.org/balut.conf.sh
+++ b/conf/geoffray-levasseur.org/balut.conf.sh
@@ -0,0 +1,73 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/gl.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 IPV4_IFACES="eth0 eth1 eth2"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="192.168.1.221/24"
 NET4_GW_eth0="192.168.1.231"
 NET4_NS_eth0="192.168.1.206 192.168.1.205"
 NET4_NS_SEARCH_eth0=$REALM
 NET4_MODE_eth1="static"
 NET4_IP_eth1="192.168.74.221/24"
 NET4_MODE_eth2="static"
 NET4_IP_eth2="10.0.254.221/16"
 IPV6_IFACES="eth0 eth1"
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8081:b301::dd/64"
 NET6_GW_eth0="2a03:7220:8081:b301::e7"
 NET6_NS_eth0="2a03:7220:8081:b301::ce 2a03:7220:8081:b301::cd"
 NET6_NS_SEARCH_eth0=$REALM
 NET6_MODE_eth1="static"
 NET6_IP_eth1="2a03:7220:8081:b34a::dd/64"
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL iptables fail2ban curl"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/geoffray-levasseur.org/banahaw.conf.sh
+++ b/conf/geoffray-levasseur.org/banahaw.conf.sh
@@ -0,0 +1,71 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/gl.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 IPV4_IFACES="eth0 eth1"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="192.168.1.201/24"
 NET4_GW_eth0="192.168.1.230"
 NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 NET4_MODE_eth1="static"
 NET4_IP_eth1="10.42.0.201/16"
 IPV6_IFACES=""
 #NET6_MODE_eth0="static"
 #NET6_IP_eth0="2a03:7220:8081:b301::dd/64"
 #NET6_GW_eth0="2a03:7220:8081:b301::e7"
 #NET6_NS_eth0="2a03:7220:8081:b301::ce 2a03:7220:8081:b301::cd"
 #NET6_NS_SEARCH_eth0=$REALM
 #NET6_MODE_eth1="static"
 #NET6_IP_eth1="2a03:7220:8081:b34a::dd/64"
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL time traceroute apache2 graphviz php smbclient poppler-utils \
        php-cgi php-cli php-gd php-sqlite3 php-pear rsync"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/geoffray-levasseur.org/biliran.conf.sh
+++ b/conf/geoffray-levasseur.org/biliran.conf.sh
@@ -0,0 +1,74 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/gl.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 #LOCAL_USERS="$MAINUSER"
 #REMOTE_USERS="kroot"
 REMOVE_USERS=fatal
 # Network
 IPV4_IFACES="eth0 eth1 eth2"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="192.168.1.202/24"
 NET4_GW_eth0="192.168.1.230"
 NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 NET4_MODE_eth1="static"
 NET4_IP_eth1="192.168.74.220/24"
 NET4_MODE_eth2="static"
 NET4_IP_eth2="10.42.250.220/16"
 IPV6_IFACES=""
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8081:b301::cd/64"
 NET6_GW_eth0="2a03:7220:8081:b301::e6"
 NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
 NET6_NS_SEARCH_eth0=$REALM
 NET6_MODE_eth1="static"
 NET6_IP_eth1="2a03:7220:8081:b34a::ce/64"
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/geoffray-levasseur.org/cagua.conf.sh
+++ b/conf/geoffray-levasseur.org/cagua.conf.sh
--- a/conf/geoffray-levasseur.org/didicas.conf.sh
+++ b/conf/geoffray-levasseur.org/didicas.conf.sh
--- a/conf/geoffray-levasseur.org/labo.conf.sh
+++ b/conf/geoffray-levasseur.org/labo.conf.sh
@@ -26,12 +26,10 @@ MAINUSER=root
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 #LOCAL_USERS="$MAINUSER"
 #REMOTE_USERS="kroot"
 REMOVE_USERS="fatal"
 # Network
-IPV4_IFACES="eth0 eth1 eth2"
+IPV4_IFACES="eth0 eth1"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="192.168.1.207/24"
@@ -40,15 +38,15 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 NET4_MODE_eth1="static"
-NET4_IP_eth1="10.0.254.207/16"
+NET4_IP_eth1="10.42.250.180/16"
-IPV6_IFACES="eth0"
+IPV6_IFACES=""
-NET6_MODE_eth0="static"
+#NET6_MODE_eth0="static"
-NET6_IP_eth0="2a03:7220:8081:b301::cf/64"
+#NET6_IP_eth0="2a03:7220:8081:b301::cf/64"
-NET6_GW_eth0="2a03:7220:8081:b301::e6"
+#NET6_GW_eth0="2a03:7220:8081:b301::e6"
-NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
+#NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
-NET6_NS_SEARCH_eth0=$REALM
+#NET6_NS_SEARCH_eth0=$REALM
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
@@ -56,7 +54,7 @@ NET6_NS_SEARCH_eth0=$REALM
 INTALL_MODE=full
 # Paquets additionnels
-PKGSEL="$PKGSEL nsd"
+PKGSEL="$PKGSEL nsd ldnsutils haveged"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
@@ -64,5 +62,5 @@ PKGSEL="$PKGSEL nsd"
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
-	conf_mail install_pkg install_profile patch_snmp install_mkagent \
+	conf_mail install_pkg install_profile patch_snmp \
        conf_syslog conf_network"
--- a/conf/geoffray-levasseur.org/latukan.conf.sh
+++ b/conf/geoffray-levasseur.org/latukan.conf.sh
@@ -31,7 +31,7 @@ WITH_LDAP_KERB=no
 REMOVE_USERS=
 # Network
-IPV4_IFACES="ens18 ens19"
+IPV4_IFACES="eth0 eth1"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="192.168.1.235/24"
@@ -40,20 +40,21 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 NET4_MODE_eth1="static"
-NET4_IP_eth1="10.0.254.235/16"
+NET4_IP_eth1="10.42.250.30/24"
 IPV6_IFACES="eth0"
 NET6_MODE_eth0="static"
-NET6_IP_eth0="2a03:7220:8081:b301::eb/64"
+NET6_IP_eth0="2a03:7220:8081:b301::1e/64"
 NET6_GW_eth0="2a03:7220:8081:b301::e7"
 NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
 NET6_NS_SEARCH_eth0=$REALM
-
+# Gestionnaire de paquet :
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 NO_MAIN_SOURCE=false
 INTALL_MODE=full
 # Paquets additionnels
--- a/conf/geoffray-levasseur.org/mariveles.conf.sh
+++ b/conf/geoffray-levasseur.org/mariveles.conf.sh
@@ -26,37 +26,24 @@ MAINUSER=root
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 #LOCAL_USERS="$MAINUSER"
 #REMOTE_USERS="kroot"
 REMOVE_USERS=fatal
 # Network
-IPV4_IFACES="eth0"
+IPV4_IFACES="eth0 "
 NET4_MODE_eth0="static"
 NET4_IP_eth0="192.168.1.241/24"
-NET4_GW_eth0="192.168.1.230"
+NET4_GW_eth0="192.168.1.232"
-NET4_NS_eth0="192.168.1.205 192.168.1.206"
+NET4_NS_eth0="192.168.1.202 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 NET4_MODE_eth1="static"
 NET4_IP_eth1="10.0.254.241/16"
 IPV6_IFACES="eth0"
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8081:b301::f1/64"
 NET6_GW_eth0="2a03:7220:8081:b301::e6"
 NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
 NET6_NS_SEARCH_eth0=$REALM
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
-PKGSEL="$PKGSEL cups printer-driver-hpcups printer-driver-postscript-hp hplip avahi-daemon printer-driver-gutenprint cups-browsed policykit-1"
+PKGSEL="$PKGSEL qbittorrent xhost falkon"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
--- a/conf/geoffray-levasseur.org/natib.conf.sh
+++ b/conf/geoffray-levasseur.org/natib.conf.sh
@@ -40,9 +40,9 @@ NET4_NS_eth0="192.168.1.206 192.168.1.205"
 NET4_NS_SEARCH_eth0=$REALM
 NET4_MODE_eth1="static"
-NET4_IP_eth1="10.0.254.208/16"
+NET4_IP_eth1="10.42.0.208/16"
-IPV6_IFACES="eth0"
+IPV6_IFACES=""
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8081:b301::d0/64"
@@ -56,7 +56,7 @@ NET6_NS_SEARCH_eth0=$REALM
 INTALL_MODE=full
 # Paquets additionnels
-PKGSEL="$PKGSEL nsd"
+PKGSEL="$PKGSEL nsd ldnsutils haveged"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
--- a/conf/geoffray-levasseur.org/panay.conf.sh
+++ b/conf/geoffray-levasseur.org/panay.conf.sh
--- a/conf/geoffray-levasseur.org/silay.conf.sh
+++ b/conf/geoffray-levasseur.org/silay.conf.sh
--- a/conf/includes/gl.conf.sh
+++ b/conf/includes/gl.conf.sh
@@ -19,22 +19,27 @@ export REMOVE_USERS="fatal"
 export NTP_SERVERS="didicas.$REALM cagua.$REALM"
 # Ceph share
-export CEPH_SRV_NAMES="mayon pinatubo ragang taal jolo"
+export CEPH_SRV_NAMES="mayon pinatubo ragang taal"
 export CEPHIP_mayon="192.168.1.254"
 export CEPHIP_pinatubo="192.168.1.253"
 export CEPHIP_ragang="192.168.1.252"
 export CEPHIP_taal="192.168.1.251"
-export CEPHIP_jolo="192.168.1.30"
+export CEPH_SECRET="file:/tmp/ceph_secret"
-export CEPH_SECRET="AQAxSf5c2A/CMxAAnOu1RrSf7Yr2h60CLttq4g=="
+export CEPH_MOUNTS="datastore mediastore"
 export CEPH_MP_datastore="/srv/ceph"
 export CEPH_MP_mediastore="/srv/media"
 export SHARED_HOME="false"
 # SSH
 export SSHD_PERMITROOT_RANGE="192.168.1.0/24"
 # Check MK
-export MK_VERSION="2.0.0p20-1"
+#export MK_VERSION="2.4.0p12-1" #shoud be autodetected now
 export MK_URL="https://nagios.geoffray-levasseur.org/check_mk/check_mk/agents/check-mk-agent_${MK_VERSION}_all.deb"
 export MK_SERVER_IP="192.168.1.201"
 export MK_SITE="check_mk"
 export MK_URL="http://$MK_SERVER_IP/$MK_SITE/check_mk/agents/check-mk-agent_latest_all.deb"
 export MK_SECRET="file:/share/services/gestparc/mk_secret"
 export MK_USER="cmk-agent"
 # Samba
 export SMBSRV="silay.$REALM"
--- a/conf/includes/mam.conf.sh
+++ b/conf/includes/mam.conf.sh
@@ -6,8 +6,8 @@ export REALM="mixart-myrys.org"
 export NTP_SERVERS="ntp1.$REALM ntp2.$REALM"
 # Upgrade_dist variables
-export PROXYAPT="acng.$REALM"
+export PROXY_APT="acng.$REALM"
-export PROXYAPTPORT="3142"
+export PROXY_APT_PORT="3142"
 # Authnz variables
 export DEFAULT_SHELL="/bin/bash"
@@ -17,28 +17,33 @@ export LOCALESET="en_US.UTF-8 fr_FR.UTF-8"
 export SYSLOCALE="fr_FR.UTF-8"
 # Authentification
-export BASE_DC="dc=mixart-myrys,dc=org"
+#export BASE_DC="dc=mixart-myrys,dc=org"
-export KDC_SERVER="kerb.$REALM"
+#export KDC_SERVER="kerb.$REALM"
-export KADM_SERVER="kerb.$REALM"
+#export KADM_SERVER="kerb.$REALM"
-export LDAP_SERVER="ldap.$REALM"
+#export LDAP_SERVER="ldap.$REALM"
-export LDAP_ADM="admin"
+#export LDAP_ADM="admin"
 # Ceph share
-export CEPH_SRV_NAMES="augustine dana douglas gilbert"
+#export CEPH_SRV_NAMES="augustine dana douglas gilbert"
-export CEPHIP_augustine="10.254.1.1"
+#export CEPHIP_augustine="10.254.1.1"
-export CEPHIP_dana="10.254.1.2"
+#export CEPHIP_dana="10.254.1.2"
-export CEPHIP_douglas="10.254.1.3"
+#export CEPHIP_douglas="10.254.1.3"
-export CEPHIP_gilbert="10.254.1.4"
+#export CEPHIP_gilbert="10.254.1.4"
-export CEPH_SECRET="AQBC1MVdUl2HIBAAPT+BP6pOImuTK/0ayYDMTw=="
+#export CEPH_SECRET="AQBC1MVdUl2HIBAAPT+BP6pOImuTK/0ayYDMTw=="
-export SHARED_HOME="false"
+#export SHARED_HOME="false"
 # NFS
 export NFS_MOUNTS="data"
 export MOUNTSERV_data="10.254.1.1:/data"
 export MOUNTPOINT_data="/data"
 # SSH
 export SSHD_PERMITROOT_RANGE="10.254.1.0/24"
 # Check MK
-export MK_VERSION="2.0.0p20-1"
+export MK_VERSION="2.2.0p21-1"
-export MK_URL="https://cmk.mixart-myrys.org/cmk/check_mk/agents/check-mk-agent_${MK_VERSION}_all.deb"
+export MK_URL="http://192.168.1.201/check_mk/check_mk/agents/check-mk-agent_${MK_VERSION}_all.deb"
-export MK_SERVER_IP="10.254.1.65"
+export MK_SERVER_IP="192.168.1.201"
 # Syslog
 export SYSLOG_SRV="syslog.$REALM"
--- a/conf/includes/pkgsel.base.conf.sh
+++ b/conf/includes/pkgsel.base.conf.sh
@@ -1,19 +1,19 @@
 # List of package to install - Minimal server
 # Packages to remove after installation
-export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd xauth wamerican chafa"
+export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd wamerican chafa"
 # Packages where installation is forbidden
 export PKGS_BLACKLIST="apparmor resolvconf chafa snapd"
 # Base
-export PKGS_BASE="debconf-utils debhelper deborphan ethtool cpufrequtils \
+export PKGS_BASE="debconf-utils debhelper ethtool \
-    hwinfo lm-sensors libatasmart-bin lsscsi pciutils vim emacs-nox \
+    curl hwinfo lm-sensors libatasmart-bin lsscsi pciutils vim emacs-nox \
    mailutils htop lsof ltrace strace bash-completion host dnsutils \
-    sysbench sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \
+    sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \
    xz-utils zip unzip plzip lzip ftp lftp bc dc dos2unix psmisc udunits-bin \
-    whois tmux screen debconf-doc dump figlet gawk gpm multitail neofetch nmap \
+    whois tmux screen debconf-doc dump figlet gawk multitail fastfetch nmap \
-    oping pv whois traceroute rsync tree"
+    oping pv traceroute rsync tree git qemu-guest-agent ca-certificates"
 # Agregation of the package lists
 export PKGSEL="$PKGS_BASE"
--- a/conf/includes/tetalab.conf.sh
+++ b/conf/includes/tetalab.conf.sh
@@ -6,8 +6,8 @@ export REALM="tetalab.local"
 export NTP_SERVERS="ntp1.$REALM"
 # Upgrade_dist variables
-#export PROXYAPT="acng.$REALM"
+export PROXYAPT="acng.$REALM"
-#export PROXYAPTPORT="3142"
+export PROXYAPTPORT="3142"
 # Authnz variables
 export DEFAULT_SHELL="/bin/bash"
--- a/conf/mixart-myrys.org/amak.conf.sh
+++ b/conf/mixart-myrys.org/amak.conf.sh
@@ -0,0 +1,66 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 IPV4_IFACES="eth0 eth1"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="10.254.1.250/24"
 NET4_MODE_eth1="static"
 NET4_IP_eth1="10.0.254.250/16"
 NET4_GW_eth1="10.0.254.254"
 NET4_NS_eth1="10.0.254.250"
 NET4_NS_SEARCH_eth1=$REALM
 #IPV6_IFACES="eth0"
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8085:6b01::a/64"
 NET6_GW_eth0="2a03:7220:8085:6b01::1"
 NET6_NS_eth0="2a03:7220:8085:6b01::a"
 NET6_NS_SEARCH_eth0=$REALM
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/amukta.conf.sh
+++ b/conf/mixart-myrys.org/amukta.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/augustine.conf.sh
+++ b/conf/mixart-myrys.org/augustine.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/carlisle.conf.sh
+++ b/conf/mixart-myrys.org/carlisle.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/dana.conf.sh
+++ b/conf/mixart-myrys.org/dana.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/fuji.conf.sh
+++ b/conf/mixart-myrys.org/fuji.conf.sh
@@ -0,0 +1,47 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 #Network conf managed by proxmox
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 PKGS_RMLIST=""
 PKGS_BLACKLIST=""
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_locale conf_ssh \
 	conf_mail install_pkg install_profile" #patch_snmp install_mkagent \
        #conf_syslog conf_network"
--- a/conf/mixart-myrys.org/gilbert.conf.sh
+++ b/conf/mixart-myrys.org/gilbert.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/kanaga.conf.sh
+++ b/conf/mixart-myrys.org/kanaga.conf.sh
--- a/conf/mixart-myrys.org/katmai.conf.sh
+++ b/conf/mixart-myrys.org/katmai.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/kiska.conf.sh
+++ b/conf/mixart-myrys.org/kiska.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/kronotsky.conf.sh
+++ b/conf/mixart-myrys.org/kronotsky.conf.sh
@@ -0,0 +1,62 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 #REMOVE_USERS=fatal
 # Network
 IPV4_IFACES="eth0 eth1"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="10.254.1.20/24"
 NET4_MODE_eth1="static"
 NET4_IP_eth1="10.0.254.20/16"
 NET4_GW_eth1="10.0.254.254"
 NET4_NS_eth1="10.0.254.250"
 NET4_NS_SEARCH_eth1=$REALM
 #IPV6_IFACES="eth0"
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8085:6b01::a/64"
 NET6_GW_eth0="2a03:7220:8085:6b01::1"
 NET6_NS_eth0="2a03:7220:8085:6b01::a"
 NET6_NS_SEARCH_eth0=$REALM
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale conf_ssh conf_syslog \
 	install_pkg install_profile conf_network conf_nfs"
--- a/conf/mixart-myrys.org/mageik.conf.sh
+++ b/conf/mixart-myrys.org/mageik.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/okmok.conf.sh
+++ b/conf/mixart-myrys.org/okmok.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/ontake.conf.sh
+++ b/conf/mixart-myrys.org/ontake.conf.sh
@@ -0,0 +1,64 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 IPV4_IFACES="eth0 eth1"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="10.254.1.20/24"
 NET4_MODE_eth1="static"
 NET4_IP_eth1="10.0.254.20/16"
 NET4_GW_eth1="10.0.254.254"
 NET4_NS_eth1="10.0.254.250"
 NET4_NS_SEARCH_eth1=$REALM
 #IPV6_IFACES="eth0"
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8085:6b01::a/64"
 NET6_GW_eth0="2a03:7220:8085:6b01::1"
 NET6_NS_eth0="2a03:7220:8085:6b01::a"
 NET6_NS_SEARCH_eth0=$REALM
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale conf_ssh conf_syslog \
 	conf_mail install_pkg install_profile conf_network conf_nfs"
 	#patch_snmp install_mkagent \
--- a/conf/mixart-myrys.org/seguam.conf.sh
+++ b/conf/mixart-myrys.org/seguam.conf.sh
@@ -0,0 +1,67 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 IPV4_IFACES="eth0 eth1"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="10.254.1.240/24"
 NET4_MODE_eth1="static"
 NET4_IP_eth1="10.0.254.240/16"
 NET4_GW_eth1="10.0.254.254"
 NET4_NS_eth1="10.0.254.250"
 NET4_NS_SEARCH_eth1=$REALM
 #IPV6_IFACES="eth0"
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8085:6b01::a/64"
 NET6_GW_eth0="2a03:7220:8085:6b01::1"
 NET6_NS_eth0="2a03:7220:8085:6b01::a"
 NET6_NS_SEARCH_eth0=$REALM
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale conf_ssh conf_syslog \
 	conf_mail install_pkg install_profile conf_network conf_nfs"
 	#patch_snmp install_mkagent \
--- a/conf/mixart-myrys.org/segula.conf.sh
+++ b/conf/mixart-myrys.org/segula.conf.sh
@@ -0,0 +1,48 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=yes
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile patch_snmp install_mkagent \
        conf_syslog conf_network"
--- a/conf/mixart-myrys.org/spurr.conf.sh
+++ b/conf/mixart-myrys.org/spurr.conf.sh
@@ -0,0 +1,66 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 IPV4_IFACES="eth0 eth1"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="10.254.1.100/24"
 NET4_MODE_eth1="static"
 NET4_IP_eth1="10.0.254.100/16"
 NET4_GW_eth1="10.0.254.254"
 NET4_NS_eth1="10.0.254.250"
 NET4_NS_SEARCH_eth1=$REALM
 #IPV6_IFACES="eth0"
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8085:6b01::a/64"
 NET6_GW_eth0="2a03:7220:8085:6b01::1"
 NET6_NS_eth0="2a03:7220:8085:6b01::a"
 NET6_NS_SEARCH_eth0=$REALM
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile conf_nfs"
        #conf_syslog conf_network"
--- a/conf/mixart-myrys.org/trident.conf.sh
+++ b/conf/mixart-myrys.org/trident.conf.sh
@@ -0,0 +1,66 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres geoffray-levasseur.org
 . $MYPATH/conf/includes/mam.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Pilotes X11 non libre à installer ?
 #X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Network
 IPV4_IFACES="eth0 eth1"
 NET4_MODE_eth0="static"
 NET4_IP_eth0="10.254.1.70/24"
 NET4_MODE_eth1="static"
 NET4_IP_eth1="10.0.254.70/16"
 NET4_GW_eth1="10.0.254.254"
 NET4_NS_eth1="10.0.254.250"
 NET4_NS_SEARCH_eth1=$REALM
 #IPV6_IFACES="eth0"
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8085:6b01::a/64"
 NET6_GW_eth0="2a03:7220:8085:6b01::1"
 NET6_NS_eth0="2a03:7220:8085:6b01::a"
 NET6_NS_SEARCH_eth0=$REALM
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale conf_ssh \
 	conf_mail install_pkg install_profile \
        conf_syslog conf_network"
--- a/conf/pcp-e3s.conf.sh
+++ b/conf/pcp-e3s.conf.sh
@@ -0,0 +1,46 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les paramètres pour le lan E-3S
 . $MYPATH/conf/includes/e3s.conf.sh
 # Importe la sélection de paquets par défaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Network
 IPV4_IFACES="ens192"
 NET4_MODE_ens192="dhcp"
 IPV6_IFACES=""
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL"
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_locale conf_ssh \
 	install_pkg install_profile"
--- a/conf/tetalab.local/croscat.conf.sh
+++ b/conf/tetalab.local/croscat.conf.sh
--- a/conf/tetalab.local/etna.conf.sh
+++ b/conf/tetalab.local/etna.conf.sh
--- a/conf/tetalab.local/ischia.conf.sh
+++ b/conf/tetalab.local/ischia.conf.sh
--- a/conf/tetalab.local/kos.conf.sh
+++ b/conf/tetalab.local/kos.conf.sh
--- a/conf/tetalab.local/milos.conf.sh
+++ b/conf/tetalab.local/milos.conf.sh
--- a/conf/tetalab.local/nisyros.conf.sh
+++ b/conf/tetalab.local/nisyros.conf.sh
@@ -0,0 +1,44 @@
 # Fichier de configuration principal
 # ------------------------------------------------------------------------------
 # -------------------- Importation de paramêtres globaux -----------------------
 # ------------------------------------------------------------------------------
 # Importe les parametres tetalab.local
 . $MYPATH/conf/includes/tetalab.conf.sh
 # Importe la selection de paquets par defaut
 . $MYPATH/conf/includes/pkgsel.base.conf.sh
 # Les paramètres précédemment importés sont surchargeable après cette ligne
 # ------------------------------------------------------------------------------
 # ------------------------------ General Section -------------------------------
 # ------------------------------------------------------------------------------
 # User of the machine (must exists)
 MAINUSER=root
 # Authentication: use LDAP+Kerberos ?
 WITH_LDAP_KERB=no
 # Users to create, add or remove
 REMOVE_USERS=fatal
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 # Paquets additionnels
 PKGSEL="$PKGSEL nfs-kernel-server"
 PKGS_RMLIST=""
 PKGS_BLACKLIST=""
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
 # ------------------------------------------------------------------------------
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale  \
 	install_pkg install_profile patch_snmp"
--- a/conf/tetalab.local/santorini.conf.sh
+++ b/conf/tetalab.local/santorini.conf.sh
--- a/conf/tetalab.local/stromboli.conf.sh
+++ b/conf/tetalab.local/stromboli.conf.sh
--- a/conf/tetalab.local/vesuvius.conf.sh
+++ b/conf/tetalab.local/vesuvius.conf.sh
--- a/conf/tetamix.local
+++ b/conf/tetamix.local
@@ -0,0 +1 @@
 /share/services/scripts/init.sh/conf/mixart-myrys.org
--- a/init.sh
+++ b/init.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 # ------------------------------------------------------------------------------
 # Init.sh: initialise a computer and conform it
-# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -36,17 +36,20 @@ export LC_ALL=C
 export LANG=C
 # Version of init
-export VERSION="0.99.18"
+export VERSION="0.99.24"
 # Store script's path (realpath -s resolve symlinks if init.sh is a symlink)
-export MYPATH=$(dirname $(realpath -s $0))
+export MYPATH=$(dirname "$(realpath -s "$0")")
 # Get hostname
 export HOSTNAME=$(hostname)
 # Get realm or domain name
 export REALM=${REALM:-$(hostname -d)}
 # Load libraries
 for lib in $MYPATH/lib/*.sh; do
-    . $lib
+    . "$lib"
 done
 unset lib
@@ -65,7 +68,7 @@ function_exists prnt || (
 # ==== Main Program ====
 # ======================
-# Set system dependent vars (OS, distro and version)
+# Set system dependent vars (arch, OS, distro and version)
 set_sys_vars $(uname -m) $(get_os_version)
 # Initializing global variables
@@ -84,22 +87,22 @@ check_root
 # ------------------------------------------------------------------------------
 # Logfile variable treatment -- cannot be a function
-if [[ -n $NEW_LOGFILE ]]; then
+if [[ -n "$NEW_LOGFILE" ]]; then
-    export LOGFILE=$NEW_LOGFILE
+    export LOGFILE="$NEW_LOGFILE"
 else
    export LOGFILE=${LOGFILE:-"$MYPATH/log/init-$(uname -n)-$(stdtime).log"}
 fi
 prnt I "Creating log files welcoming directory..."
-if [[ ! -d $(dirname $LOGFILE) ]]; then
+if [[ ! -d $(dirname "$LOGFILE") ]]; then
-    mkdir -pv $(dirname $LOGFILE)
+    mkdir -pv $(dirname "$LOGFILE")
 fi
 # Log all outputs to the logfile
 exec 3>&1 4>&2
 trap 'exec 2>&4 1>&3' 0 1 2 3
-exec >  >(tee -a $LOGFILE)
+exec >  >(tee -a "$LOGFILE")
-exec 2> >(tee -a $LOGFILE >&2)
+exec 2> >(tee -a "$LOGFILE" >&2)
 prnt I "Starting init.sh version $VERSION."
 prnt I "The log file is $LOGFILE."
 if [[ -n $SYS_CODE ]]; then
@@ -113,7 +116,7 @@ fi
 separator
-if [[ -n $CHROOT_PATH && -z $CHROOT_DONE ]]; then
+if [[ -n "$CHROOT_PATH" && -z $CHROOT_DONE ]]; then
    chroot_bootstrap $@
    prnt I "Normal end of chrooted execution!"
    exit 0
@@ -129,11 +132,6 @@ process_commandline_and_vars
 set_system_proxy
 # Reinit stage file if no resuming
 if [[ $RESUME != true ]] && [[ -f $STAGE_FILE ]]; then
    rm -f $STAGE_FILE
 fi
 # Loading activated modules
 for mod in $MODULE_LIST; do
    . modules/$mod.sh
@@ -144,7 +142,7 @@ separator
 if [[ $RUN_SHELL == true ]]; then
    prnt I "Launching an interactive shell..."
-    bash --rcfile $MYPATH/bash.rc -i
+    bash --rcfile "$MYPATH/bash.rc" -i
    prnt I "Script execution terminated after interactive shell execution."
    exit 0
 fi
@@ -152,12 +150,12 @@ fi
 # If cron mode, run cron tasks then exit
 if [[ $CRON_MODE == true ]]; then
    for mod in $MODULE_LIST; do
-        if [[ $(function_exists cron_$mod) ]]; then
+	if [[ $(function_exists cron_$mod) ]]; then
-            prnt I "Running cron task for module $mod ..."
+	    prnt I "Running cron task for module $mod ..."
-            cron_$mod
+	    cron_$mod
-        else
+	else
-            prnt I "No cron task for module $mod."
+	    prnt I "No cron task for module $mod."
-        fi
+	fi
    done
    prnt I "All cron executed successfully!"
    exit 0
@@ -170,42 +168,42 @@ if ! command -v wget &> /dev/null; then
 fi
 # Run prechecks
-if [[ JUMP != true ]]; then
+if [[ $JUMP != true ]]; then
-    tmpfile=$(mktemp /tmp/init-XXXXXX)
+    tmpfile="$(mktemp /tmp/init-XXXXXX)"
    if [[ -n $MANUAL_MODULE_LIST ]]; then
-        prnt W "Dependency checks are deactivated with a manual module list."
+	prnt W "Dependency checks are deactivated with a manual module list."
    fi
    if [[ $NO_DEPS == true ]]; then
-        prnt W "Dependency checks have been deactivated manually."
+	prnt W "Dependency checks have been deactivated manually."
    fi
    if [[ $RESUME == true ]]; then
-        cat $STAGE_FILE >> $tmpfile
+	cat "$STAGE_FILE" >> $tmpfile
    fi
    for mod in $MODULE_LIST; do
-        version=VER_$mod
+	version=VER_$mod
-        if [[ $RESUME == true ]] && [[ $(grep $mod $STAGE_FILE) ]]; then
+	if [[ $RESUME == true ]] && [[ $(grep $mod "$STAGE_FILE") ]]; then
-            prnt I "Checks previously executed for $mod version ${!version}."
+	    prnt I "Checks previously executed for $mod version ${!version}."
-            continue
+	    continue
-        fi
+	fi
-        prnt I "Running initial checks for $mod version ${!version}..."
+	prnt I "Running initial checks for $mod version ${!version}..."
-        if [[ -z $MANUAL_MODULE_LIST && $NO_DEPS != true ]]; then
+	if [[ -z $MANUAL_MODULE_LIST && $NO_DEPS != true ]]; then
-            deps=DEP_$mod
+	    deps=DEP_$mod
-            for dep in ${!deps}; do
+	    for dep in ${!deps}; do
-                if [[ ! $(grep $dep $tmpfile) ]]; then
+		if [[ ! $(grep $dep "$tmpfile") ]]; then
-                    prnt E "Module $mod have unsatisfied dependencies or is executed too early."
+		    prnt E "Module $mod have unsatisfied dependencies or is executed too early."
-                    prnt E " * $dep must be executed before $mod, please check your module list."
+		    prnt E " * $dep must be executed before $mod, please check your module list."
-                    die 9
+		    die 9
-                fi
+		fi
-            done
+	    done
-            unset deps
+	    unset deps
-        fi
+	fi
-        # We run in a subshell to protect main environment
+	# We run in a subshell to protect main environment
-        (
+	(
-            precheck_$mod
+	    precheck_$mod
-        )
+	)
-        echo $mod >> $tmpfile
+	echo $mod >> "$tmpfile"
    done
-    rm -f $tmpfile
+    rm -f "$tmpfile"
    unset mod
 fi
@@ -237,25 +235,30 @@ read -n 1 -rsp $"Press <C> key to continue or an other one to stop now..." key &
 echo && separator && echo
 if [[ $key == "C" || $key == 'c' ]]; then
    # Reinit stage file if no resuming
    if [[ $RESUME != true ]] && [[ -f $STAGE_FILE ]]; then
 	rm -f "$STAGE_FILE"
    fi
    # We launch modules one after one
    for mod in $MODULE_LIST; do
-        if [[ $RESUME == true ]] && [[ $(grep $mod $STAGE_FILE) ]]; then
+	if [[ $RESUME == true ]] && [[ $(grep $mod "$STAGE_FILE") ]]; then
-            continue
+	    continue
-        fi
+	fi
-        # We need this only if JUMP is set but doesn't matter if it's done again
+	# We need this only if JUMP is set but doesn't matter if it's done again
-        version=VER_$mod
+	version=VER_$mod
-        prnt I "Applying changes for $mod version ${!version}..."
+	prnt I "Applying changes for $mod version ${!version}..."
-        # Yet again, executed in a subshell
+	# Yet again, executed in a subshell
-        (
+	(
-            export REBOOT_NEEDED=false
+	    export REBOOT_NEEDED=false
-            $mod
+	    $mod
-            if [[ $REBOOT_NEEDED == true ]]; then
+	    if [[ $REBOOT_NEEDED == true ]]; then
-                echo "$mod reboot" >> $STAGE_FILE # Mark as done for resuming
+		echo "$mod reboot" >> "$STAGE_FILE" # Mark as done for resuming
-            else
+	    else
-                echo $mod >> $STAGE_FILE # Mark as done for resuming function
+		echo "$mod" >> "$STAGE_FILE" # Mark as done for resuming function
-            fi
+	    fi
-        )
+	)
-        separator
+	separator
    done
    unset mod
 else
@@ -265,15 +268,15 @@ fi
 prnt I  "That's all folks !"
 echo
-if [[ -s $STAGE_FILE && $(grep " reboot" $STAGE_FILE) ]]; then
+if [[ -s "$STAGE_FILE" && $(grep " reboot" "$STAGE_FILE") ]]; then
    prnt W "A reboot is required to apply some changes by the following packages:"
-    prnt m " * $(grep ' reboot' $STAGE_FILE | \
+    prnt m " * $(grep ' reboot' "$STAGE_FILE" | \
-        sed 's/ reboot//' | \
+	sed 's/ reboot//' | \
-        sed ':a' -e 'N' -e '$!ba' -e 's/\n/ /g')"
+	sed ':a' -e 'N' -e '$!ba' -e 's/\n/ /g')"
    prnt I "Please reboot now or as soon as possible!"
    echo
 fi
-rm -f $STAGEFILE
+rm -f "$STAGE_FILE"
 exit 0
 # EOF
--- a/lib/aaa_errors.sh
+++ b/lib/aaa_errors.sh
@@ -1,13 +1,14 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Error management functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
 # https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
- 
+
 # ------------------------------------------------------------------------------
 # Exit with error
@@ -29,9 +30,10 @@ function die()
    unset errorcode
    # Put the trigger back (only executed with --keepgoing)
-    trap "error ${LINENO}" ERR
+    trap 'error ${LINENO}' ERR
 }
 export -f die
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -41,8 +43,10 @@ function terminate()
    prnt E "$1 recieved, exiting at once."
    die 128 --force
 }
 export -f terminate
 trap "terminate 'Ctrl + C'" SIGINT
 trap "terminate 'SIGTERM'"  SIGTERM
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -64,8 +68,10 @@ function error()
    fi
    unset parent_lineno message code
 }
 export -f error
 # Trigger error function on error
 trap "error ${LINENO}; backtrace; err_exit" ERR
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -73,12 +79,14 @@ trap "error ${LINENO}; backtrace; err_exit" ERR
 function err_exit
 {
    if [[ $KEEPGOING != true ]]; then
-        if [[ -f $tmpfile ]]; then
+        if [[ -f "$tmpfile" ]]; then
-            rm -f $tmpfile
+            rm -f "$tmpfile"
        fi
        exit 255
    fi
 }
 export -f err_exit
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -94,11 +102,14 @@ function backtrace
            printf '%15s() %s:%d\n' \
                "$func" "${BASH_SOURCE[$i]}" "${BASH_LINENO[ (( $i - 1)) ]}"
        fi
-        let i++ || true
+        (( i++ )) || true
    done
    unset func i
    echo "=============================="
 }
 export -f backtrace
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -120,10 +131,11 @@ noerror()
    fi
    echo $?
-    trap "error ${LINENO}" ERR
+    trap 'error ${LINENO}' ERR
    set -o errexit
 }
 export -f noerror
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -139,5 +151,6 @@ check_root()
    fi
 }
 export -f check_root
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/chroot.sh
+++ b/lib/chroot.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Chroot system functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -13,34 +14,38 @@
 # If chrooted, we need to bootstrap to a new copy of our directory tree
 chroot_bootstrap()
 {
-    if [[ ! -d $CHROOT_PATH ]]; then
+    if [[ ! -d "$CHROOT_PATH" ]]; then
        prnt E "The path given to chroot don't exists."
        die 14
    fi
-    if [[ ! -d $CHROOT_PATH/tmp ]]; then
+    if [[ ! -d "$CHROOT_PATH/tmp" ]]; then
        prnt E "The target filesystem doesn't seems to be a valid installation."
        die 15
    fi
-    local tmpdir=$(mktemp -d $CHROOT_PATH/tmp/init.sh-XXXX)
+    local tmpdir=$(mktemp -d "$CHROOT_PATH/tmp/init.sh-XXXX")
    local bootstrap_items="conf lib modules repo bash.rc init.sh prepost.d"
    if [[ $RESUME == true ]]; then
        bootstrap_items="$bootstrap_items $STAGE_FILE"
    fi
    prnt I "Preparing root change."
-    cp -av $bootstrap_items $tmpdir
+    cp -av $bootstrap_items "$tmpdir"
    prnt I "Changing root and starting a fork of init.sh..."
-    chroot $CHROOT_PATH /bin/bash -c 'CHROOT_DONE=true; $tmpdir/init.sh $@'
+    # on the following line, true allows to correctly exit in case of error since
    # errors are managed by the chrooted environment
    chroot "$CHROOT_PATH" /bin/bash -c 'CHROOT_DONE=true; "$tmpdir/init.sh" "$@"' || true
    # If stage file still exists we copy it to be able to resume later
-    if [[ -e $tmpdir/$(basename $STAGE_FILE) ]]; then
+    if [[ -e "$tmpdir/$(basename "$STAGE_FILE")" ]]; then
-        cp $tmpdir/$(basename $STAGE_FILE) $STAGE_FILE
+        cp "$tmpdir/$(basename "$STAGE_FILE")" "$STAGE_FILE"
    fi
    prnt I "Back to host system and clean up."
-    rm -rf $tmpdir
+    rm -rf "$tmpdir"
 }
 export -f chroot_bootstrap
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/command_line.sh
+++ b/lib/command_line.sh
@@ -1,7 +1,8 @@
 #!/bin/env bash
 # ------------------------------------------------------------------------------
 # Main program functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -14,135 +15,120 @@
 # errors with immediate exit.
 read_commandline()
 {
    syntax_error()
    {
        prnt E "Error while analysing command line parameters."
        die 1 --force
    }
    # Processing command line options
    local want_module=false
    local want_logfile=false
    local want_conffile=false
    local want_chroot=false
    local opt=
-    for opt in $@; do
+    local params=''
-        case $opt in
+    params=$(getopt -n init.sh -o hvm:cjkrRDoPl:f:s \
-            "-h"|"--help")
+	     --long help,version,module:,check-only,jump,keep-going,resume,no-root-check,no-deps,offline,no-proxy,logfile:,file:,shell,chroot,cron \
-                disp_help
+	     -- "$@")
-                exit 0
+    eval set -- "$params"
-                ;;
+    while true; do
-            "-v"|"--version")
+	case $1 in
-                show_version
+	    "-h"|"--help")
-                exit 0
+		disp_help
-                ;;
+		shift
-            "-m"|"--module")
+		exit 0
-                local want_module=true
+		;;
-                ;;
+	    "-v"|"--version")
-            "-c"|"--check-only")
+		show_version
-                export CHECK_ONLY=true
+		shift
-                ;;
+		exit 0
-            "-j"|"--jump")
+		;;
-                export JUMP=true
+	    "-m"|"--module")
-                ;;
+		if [[ -z $MANUAL_MODULE_LIST ]]; then
-            "-k"|"--keep-going")
+		    export MANUAL_MODULE_LIST="$2"
-                export KEEPGOING=true
+		else
-                ;;
+		    prnt E "A module list have already been given!"
-            "-r"|"--resume")
+		    prnt E "Commande line only tolerate one --module parameter."
-                if [[ -s $STAGE_FILE ]]; then
+		    die 1 --force
-                    export RESUME=true
+		fi
-                else
+		shift 2
-                    prnt E "The status file doesn't exists or is empty!"
+		;;
-                    prnt E "Without it, resuming is impossible."
+	    "-c"|"--check-only")
-                    die 17 --force
+		export CHECK_ONLY=true
 		shift
 		;;
 	    "-j"|"--jump")
 		export JUMP=true
 		shift
 		;;
 	    "-k"|"--keep-going")
 		export KEEPGOING=true
 		shift
 		;;
 	    "-r"|"--resume")
 		if [[ -s $STAGE_FILE ]]; then
 		    export RESUME=true
 		else
 		    prnt E "The status file doesn't exists or is empty!"
 		    prnt E "Without it, resuming is impossible."
 		    die 17 --force
 		fi
 		shift
 		;;
 	    "-R"|"--no-root-check")
 		export NO_ROOT_CHECK=true
 		shift
 		;;
 	    "-D"|"--no-deps")
 		export NO_DEPS=true
 		shift
 		;;
 	    "-o"|"--offline")
 		export OFFLINE=true
 		shift
 		;;
 	    "-P"|"--no-proxy")
 		export NO_PROXY=true
 		shift
 		;;
 	    "-l"|"--logfile")
 		if [[ -z $NEW_LOGFILE ]]; then
 		    export NEW_LOGFILE=$2
 		else
 		    prnt E "Impossible to specify several log files."
 		    die 1 --force
 		fi
 		shift 2
 		;;
 	    "-f"|"--file")
 		export CONFFILES="$CONFFILES $2"
 		shift 2
 		;;
 	    "-s"|"--shell")
 		export RUN_SHELL=true
 		shift
 		;;
 	    "--chroot")
 		if [[ -z $CHROOT_PATH ]]; then
 		    export CHROOT_PATH=$2
 		else
 		    prnt E "A chroot path have already been given."
 		    die 1 --force
 		fi
 		shift 2
 		;;
 	    "--cron")
 		export CRON_MODE=true
 		shift
 		;;
 	    --)
 		shift
 		break
 		;;
 	    *)
 		if [[ -n $1 ]]; then
                    prnt E "Unknow parameter \"$1\" !"
                    die 1
                fi
-                ;;
+                break
-            "-R"|"--no-root-check")
+		;;
-                export NO_ROOT_CHECK=true
+	esac
                ;;
            "-D"|"--no-deps")
                export NO_DEPS=true
                ;;
 			"-o"|"--offline")
 				export OFFLINE=true
 				;;
            "-P"|"--no-proxy")
                export NO_PROXY=true
                ;;
            "-l"|"--logfile")
                local want_logfile=true
                ;;
            "-f"|"--file")
                local want_conffile=true
                ;;
            "-s"|"--shell")
                export RUN_SHELL=true
                ;;
            "--chroot")
                local want_chroot=true
                ;;
            "--cron")
                export CRON_MODE=true
                ;;
            *)
                if [[ $want_module == true ]]; then
                    [[ $want_logfile == true ]] && synthax_error
                    [[ $want_conffile == true ]] && synthax_error
                    [[ $want_chroot == true ]] && synthax_error
                    if [[ -z $MANUAL_MODULE_LIST ]]; then
                        export MANUAL_MODULE_LIST=$opt
                        want_module=false
                    else
                        prnt E "A module list have already been given!"
                        prnt E "Commande line only tolerate one --module parameter."
                        die 1 --force
                    fi
                elif [[ $want_logfile == true ]]; then
                    [[ $want_module == true ]] && synthax_error
                    [[ $want_conffile == true ]] && synthax_error
                    [[ $want_chroot == true ]] && synthax_error
                    if [[ -z $NEW_LOGFILE ]]; then
                        export NEW_LOGFILE=$opt
                        want_logfile=false
                    else
                        prnt E "Impossible to specify several log files."
                        die 1 --force
                    fi
                elif [[ $want_conffile == true ]]; then
                    [[ $want_module == true ]] && synthax_error
                    [[ $want_logfile == true ]] && synthax_error
                    [[ $want_chroot == true ]] && synthax_error
                    export CONFFILES="$CONFFILES $opt"
                    want_logfile=false
                elif [[ $want_chroot == true ]]; then
                    [[ $want_module == true ]] && synthax_error
                    [[ $want_logfile == true ]] && synthax_error
                    [[ $want_conffile == true ]] && synthax_error
                    if [[ -z $CHROOT_PATH ]]; then
                        export CHROOT_PATH=$opt
                        want_chroot=false
                    else
                        prnt E "A chroot path have already been given."
                        die 1 --force
                    fi
                else
                    prnt E "Unknow parameter \"$opt\"."
                    die 1 --force
                fi
                ;;
        esac
    done
    unset opt
    # If those var are true at that point, something is wrong
    if [[ $want_logfile == true ]] || [[ $want_module == true ]] ||
        [[ $want_conffile == true ]] || [[ $want_chroot == true ]]; then
        syntax_error
    fi
    unset want_conffile want_logfile want_module
 }
 export -f read_commandline
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -151,56 +137,58 @@ process_commandline_and_vars()
 {
    # Check unconsistant parameters
    if [[ $CHECK_ONLY == true ]]; then
-        if [[ $JUMP == true ]]; then
+	if [[ $JUMP == true ]]; then
-            prnt E "The options --check-only and --jump are mutually exclusive!"
+	    prnt E "The options --check-only and --jump are mutually exclusive!"
-            die 1 --force
+	    die 1 --force
-        fi
+	fi
-        if [[ $KEEPGOING == true ]]; then
+	if [[ $KEEPGOING == true ]]; then
-            prnt E "The options --keep-going and --check-only are not compatible!"
+	    prnt E "The options --keep-going and --check-only are not compatible!"
-            die 1 --force
+	    die 1 --force
-        fi
+	fi
    fi
    if [[ $RESUME == true ]]; then
-        if [[ $CHECK_ONLY == true ]]; then
+	if [[ $CHECK_ONLY == true ]]; then
-            prnt E "Resuming doesn't make sense with --check-only."
+	    prnt E "Resuming doesn't make sense with --check-only."
-            die 1 --force
+	    die 1 --force
-        fi
+	fi
-        if [[ $MANUAL_MODULE_LIST ]]; then
+	if [[ -n $MANUAL_MODULE_LIST ]]; then
-            prnt E "Recovery mode can't work with a manual module list."
+	    prnt E "Resume mode can't work with a manual module list."
-            die 1 --force
+	    die 1 --force
-        fi
+	fi
    fi
    if [[ $CRON_MODE == true ]]; then
-        if [[ $CHECK_ONLY == true || $JUMP == true ]]; then
+	if [[ $CHECK_ONLY == true || $JUMP == true ]]; then
-            prnt E "Some parameters are incompatible with cron mode."
+	    prnt E "Some parameters are incompatible with cron mode."
-            die 16 --force
+	    die 16 --force
-        fi
+	fi
    fi
    # Configure module list
    if [[ -n $MANUAL_MODULE_LIST ]]; then
-        prnt W "A manual module list will be used."
+	prnt W "A manual module list will be used:"
-        export MODULE_LIST=$(echo $MANUAL_MODULE_LIST | sed "s/,/ /g")
+	export MODULE_LIST=${MANUAL_MODULE_LIST//,/ }
        prnt m " * $MODULE_LIST"
    fi
-    # Check for module list existance and basic syntax
+    # Check for module list exis<tance and basic syntax
    if [[ -n $MODULE_LIST ]]; then
-        for mod in $MODULE_LIST; do
+	for mod in $MODULE_LIST; do
-            if [[ $mod =~ ['-!@#$%\&*=+'] ]]; then
+	    if [[ $mod =~ ['-!@#$%\&*=+'] ]]; then
-                prnt E "The module \"$mod\" contains a forbidden character in its name."
+		prnt E "The module \"$mod\" contains a forbidden character in its name."
-                die 5
+		die 5
-            fi
+	    fi
-            if [[ ! -s "modules/$mod.sh" ]]; then
+	    if [[ ! -s "modules/$mod.sh" ]]; then
-                prnt E "The asked module \"$mod\", doesn't have any module file or module file is empty."
+		prnt E "The asked module \"$mod\", doesn't have any module file or module file is empty."
-                die 18
+		die 18
-            fi
+	    fi
-        done
+	done
-    else
+    elif [[ $RUN_SHELL != "true" ]]; then
-        prnt E "No module to execute!"
+	prnt E "No module to execute!"
-        die 5
+	die 5
    fi
 }
 export -f process_commandline_and_vars
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/diskman.sh
+++ b/lib/diskman.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Disks and partitions manipulation function
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -14,26 +15,27 @@
 blank_disk()
 {
    if [[ -b /dev/$1 ]]; then
-        prnt I "Wipping $1 drive signature (a backup is made in /root)..."
+	prnt I "Wipping $1 drive signature (a backup is made in /root)..."
-        wipefs --force --all --backup /dev/$1
+	wipefs --force --all --backup /dev/$1
-        prnt I "Filling beginning of $1 drive with zeroes..."
+	prnt I "Filling beginning of $1 drive with zeroes..."
-        if [[ $2 == "--full" ]]; then
+	if [[ $2 == "--full" ]]; then
-            # If full we display progress as it might take a very long time
+	    # If full we display progress as it might take a very long time
-            # Need true to avoid error as the last byte will generate a disk
+	    # Need true to avoid error as the last byte will generate a disk
-            # full error
+	    # full error
-            dd if="/dev/zero" of="$1" bs="512" status=progress || true
+	    dd if="/dev/zero" of="$1" bs="512" status=progress || true
-        else
+	else
-            dd if="/dev/zero" of="$1" bs="512" count="1024"
+	    dd if="/dev/zero" of="$1" bs="512" count="1024"
-        fi
+	fi
-        # Update kernel partition scheme
+	# Update kernel partition scheme
-        partprobe
+	partprobe
    else
-        prnt E "The /dev/$1 file is not a bloc device!"
+	prnt E "The /dev/$1 file is not a bloc device!"
-        die 19
+	die 19
    fi
 }
 export -f blank_disk
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -44,19 +46,20 @@ export -f blank_disk
 is_blank()
 {
    if [[ -b /dev/$1 ]]; then
-        # That technique is fast but might not be relayable enough if we are on
+	# That technique is fast but might not be relayable enough if we are on
-        # exotic data structure or filesystem...
+	# exotic data structure or filesystem...
-        local devstat=$(file /dev/$1 | sed "s@/dev/$1: @@")
+	local devstat=$(file /dev/$1 | sed "s@/dev/$1: @@")
-        if [[ $devstat == 'data' ]]; then
+	if [[ $devstat == 'data' ]]; then
-            return 0
+	    return 0
-        else
+	else
-            return 1
+	    return 1
-        fi
+	fi
    else
-        return 2
+	return 2
    fi
 }
 export -f is_blank
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -65,45 +68,48 @@ export -f is_blank
 # Partition size like 10G for 10 GiB, 600M for 600 MiB and so on... Without unit
 # it will use a number of cylinder. 0 will stand for all remaining size.
 # If no partition size is provided we create a single whole disk partition.
 # TODO: support extended partition for DOS type, add error if trying to create
 # more than 4 primary partitions
 mkparts()
 {
    local device=$1 && shit
    if [[ $1 == "gtp" || $1 == "dos" ]]; then
-        local parttype=$1 && shift
+	local parttype=$1 && shift
    else
-        # Default is GPT
+	# Default is GPT
-        local parttype="gpt"
+	local parttype="gpt"
    fi
    if [[ $(is_blank $device) ]]; then
-        prnt I "Creating a new ${parttype^^} partition table on $device..."
+	prnt I "Creating a new ${parttype^^} partition table on $device..."
-        sfdisk -label /dev/$device $parttype
+	sfdisk -label /dev/$device $parttype
-        prnt I "Creating a new partition scheme on /dev/$1..."
+	prnt I "Creating a new partition scheme on /dev/$1..."
-        local tmpfile=$(mktemp sfd.XXXX)
+	local tmpfile=$(mktemp sfd.XXXX)
-        if [[ -n $1 ]]; then
+	if [[ -n $1 ]]; then
-            # For each given size we make a partition
+	    # For each given size we make a partition
-            for $part in $@; do
+	    for part in $@; do
-                # If size is zero we interpret it as all available space
+		# If size is zero we interpret it as all available space
-                if [[ $part == 0 ]]; then
+		if [[ $part == 0 ]]; then
-                    echo ",,L" >> $tmpfile
+		    echo ",,L" >> $tmpfile
-                else
+		else
-                    echo ",$part,L" >> $tmpfile
+		    echo ",$part,L" >> $tmpfile
-                fi
+		fi
-            done
+	    done
-        else
+	else
-            echo ",,L" >> $tmpfile
+	    echo ",,L" >> $tmpfile
-        fi
+	fi
-        echo "write" >> $tmpfile
+	echo "write" >> $tmpfile
-        sfdisk "/dev/$device" < $tmpfile
+	sfdisk "/dev/$device" < $tmpfile
-        rm $tmpfile
+	rm $tmpfile
-        unset tmpfile
+	unset tmpfile
    else
-        prnt E "The $1 block device is not blank, for security we won't proceed!"
+	prnt E "The $1 block device is not blank, for security we won't proceed!"
-        die 20
+	die 20
    fi
    unset device parttype
 }
 export -f mkparts
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -111,69 +117,76 @@ export -f mkparts
 mkfs_gen()
 {
    for drv in $@; do
-        if [[ -b /dev/$drv ]]; then
+	if [[ -b /dev/$drv ]]; then
-            $mkfstool $MKFSOPT /dev/$drv
+	    $mkfstool $MKFSOPT /dev/$drv
-        else
+	else
-            prnt E "/dev/$drv is not a bloc device!"
+	    prnt E "/dev/$drv is not a bloc device!"
-            die 18
+	    die 18
-        fi
+	fi
    done
 }
 export -f mkfs_gen
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Format drive using ext4 filesystem, parameters will be a list of block device
 mkext4()
 {
-     export mkfstool="mkfs.ext4"
+    export mkfstool="mkfs.ext4"
-     mkfs_gen $@
+    mkfs_gen $@
-     unset mkfstool
+    unset mkfstool
 }
 export -f mkext4
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Format a XFS filesystem...
 mkxfs()
 {
-     export mkfstool="mkfs.xfs"
+    export mkfstool="mkfs.xfs"
-     mkfs_gen $@
+    mkfs_gen $@
-     unset mkfstool
+    unset mkfstool
 }
 export -f mkxfs
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # ... NTFS ...
 mkntfs()
 {
-     export mkfstool="mkfs.ntfs"
+    export mkfstool="mkfs.ntfs"
-     mkfs_gen $@
+    mkfs_gen $@
-     unset mkfstool
+    unset mkfstool
 }
 export -f mkntfs
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # ... FAT32 ...
 mkfat32()
 {
-     export mkfstool="mkfs.vfat"
+    export mkfstool="mkfs.vfat"
-     mkfs_gen $@
+    mkfs_gen $@
-     unset mkfstool
+    unset mkfstool
 }
 export -f mkfat32
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # ... BTRFS ...
 mkbtrfs()
 {
-     export mkfstool="mkfs.btrfs"
+    export mkfstool="mkfs.btrfs"
-     mkfs_gen $@
+    mkfs_gen $@
-     unset mkfstool
+    unset mkfstool
 }
 export -f mkbtrfs
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/display.sh
+++ b/lib/display.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Some display functions and defines color codes
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -106,7 +107,7 @@ prnt()
            ;;
        "W")
            local heads="[${IYellow}Warning${DEFAULTFG}]"
-            shift 
+            shift
            ;;
        "E")
            local heads="[ ${IRed}ERROR${DEFAULTFG} ]"
@@ -122,6 +123,7 @@ prnt()
    unset heads echoopt
 }
 export -f prnt
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -132,15 +134,16 @@ separator()
    local i=0
    declare -li length=$(( $(tput cols) - 1 ))
    if [[ $length -gt 80 ]]; then
-        length=$(( $length - (($length - 80) / 2) ))
+	length=$(( $length - (($length - 80) / 2) ))
    fi
    for i in $(seq 1 $length); do
-        echo -n "-"
+	echo -n "-"
    done
    echo -e "$DEFAULTCOL"
    unset i length
 }
 export -f separator
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -148,29 +151,19 @@ export -f separator
 dsleep()
 {
    i=$1
-    while test $i -gt 0
+    while test $i -gt 0; do
-    do
+	if [[ -n $2 ]]; then
-        if [[ -n $2 ]]; then
+	    echo -n "$2"
-            echo -n "$2"
+	else
-        else
+	    echo -n " ${i}"
-            echo -n " ${i}"
+	fi
-        fi
+	(( i=i-1 ))
-        (( i=i-1 ))
+	sleep 1
        sleep 1
    done
    echo
 }
 export -f dsleep
 # ------------------------------------------------------------------------------
-# Dump the keyboard's buffer
+
 dump_key_buffer()
 {
    while read -r -t 0.001; do
        :
    done
 }
 export -f dump_key_buffer
 # EOF
--- a/lib/filefct.sh
+++ b/lib/filefct.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # File manipulation function
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -10,9 +11,12 @@
 # Some useful variables:
-export HOST_REPO_PATH=${HOST_REPO_PATH:-"$MYPATH/repo/hosts/$HOSTNAME"}
+export   HOST_REPO_PATH=${HOST_REPO_PATH:-"$MYPATH/repo/hosts/$HOSTNAME"}
-export GROUP_REPO_PATH=${GROUP_REPO_PATH:-"$MYPATH/repo/groups"}
+export  REALM_REPO_PATH=${REALM_REPO_PATH:-"$MYPATH/repo/realms/$REALM"}
-export COMM_REPO_PATH=${COMM_REPO_PATH:-"$MYPATH/repo/common"}
+export  GROUP_REPO_PATH=${GROUP_REPO_PATH:-"$MYPATH/repo/groups/$GROUPNAME"}
 export RLMGRP_REPO_PATH=${RLMGRP_REPO_PATH:-"$MYPATH/repo/realms/$REALM/groups/$GROUPNAME"}
 export RLMHST_REPO_PATH=${RLMHST_REPO_PATH:-"$MYPATH/repo/realms/$REALM/hosts/$HOSTNAME"}
 export   COMM_REPO_PATH=${COMM_REPO_PATH:-"$MYPATH/repo/common"}
 # ------------------------------------------------------------------------------
@@ -30,8 +34,8 @@ backup_dist()
        local tmstmp=$(stdtime)
        if [[ -L ${file} ]]; then
            # With symbolik links we call again backup_dist to treat target
-	    prnt I "Following the symbolic link $file to do a proper backup..."
+            prnt I "Following the symbolic link $file to do a proper backup..."
-            backup_dist $(readlink -f ${file})
+            backup_dist $(readlink -f "${file}")
        elif [[ -f ${file} ]]; then
            prnt I "Creating a backup of ${file} on $tmstmp..."
            cp -av $file ${file}.dist.${tmstmp}
@@ -40,10 +44,10 @@ backup_dist()
                die 12
            fi
        elif [[ -d ${file} ]]; then
-            prnt I "Creation a backup of the directory ${file} on $tmstmp..."
+            prnt I "Creating a backup of the directory ${file} on $tmstmp..."
            cp -av $file ${file}.dist.${tmstmp}
            if [[ $? -ne 0 ]]; then
-                prnt E "backup_dist(): Failed copyind directory recursively."
+                prnt E "backup_dist(): Failed copying directory recursively."
                die 12
            fi
        else
@@ -54,15 +58,31 @@ backup_dist()
    unset file
 }
 export -f backup_dist
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Select source file according to our priority mechanism
 #  1) repo/<realm>/hosts/<hostname>/    => specific hostname in specific realm
 #  2) repo/<realm>/groups/<groupname>/  => specific group in specific realm
 #  3) repo/hosts/<hostname>/            => specific hostname in any realm
 #  4) repo/groups/<groupname>/          => specific group in any realm
 #  5) repo/<realm>/                     => any hostname in specific realm
 #  6) repo/common                       => any hostname any realm
 # Note: if a specific hostname is provided it makes unecessary to find a group.
 select_file()
 {
    local infile=$1
-    if [[ -f $HOST_REPO_PATH/$infile ]]; then
+    if [[ -f $RLMHST_REPO_PATH/$infile ]]; then
        local source="$RLMHST_REPO_PATH/$infile"
    elif [[ -f $RLMGRP_REPO_PATH/$infile ]]; then
        local source="$RLMGRP_REPO_PATH/$infile"
    elif [[ -f $HOST_REPO_PATH/$infile ]]; then
        local source="$HOST_REPO_PATH/$infile"
    elif [[ -f $GROUP_REPO_PATH/$infile ]]; then
        local source="$GROUP_REPO_PATH/$infile"
    elif [[ -f $REALM_REPO_PATH/$infile ]]; then
        local source="$REALM_REPO_PATH/$infile"
    elif [[ -f $COMM_REPO_PATH/$infile ]]; then
        local source="$COMM_REPO_PATH/$infile"
    else
@@ -74,15 +94,24 @@ select_file()
    unset source
 }
 export -f select_file
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
-# Select source directory according to our priority mechanism
+# Select source directory according to our priority mechanism (same as above)
 select_directory()
 {
    local indir=$1
-    if [[ -d $HOST_REPO_PATH/$indir ]]; then
+    if [[ -d $RLMHST_REPO_PATH/$indir ]]; then
        local source="$RLMHST_REPO_PATH/$indir"
    elif [[ -d $RLMGRP_REPO_PATH/$indir ]]; then
        local source="$RLMGRP_REPO_PATH/$indir"
    elif [[ -d $HOST_REPO_PATH/$indir ]]; then
        local source="$HOST_REPO_PATH/$indir"
    elif [[ -d $GROUP_REPO_PATH/$indir ]]; then
        local source="$GROUP_REPO_PATH/$indir"
    elif [[ -d $REALM_REPO_PATH/$indir ]]; then
        local source="$REALM_REPO_PATH/$indir"
    elif [[ -d $COMM_REPO_PATH/$indir ]]; then
        local source="$COMM_REPO_PATH/$indir"
    else
@@ -94,6 +123,7 @@ select_directory()
    unset source
 }
 export -f select_directory
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -108,7 +138,7 @@ install_file()
        prnt E "install_file(): At least two arguments are required."
        die 11
    fi
-    if [[ $(echo $@ | grep "\*\|\?") ]]; then
+    if [[ -n $(echo $@ | grep "\*\|\?") ]]; then
        prnt E "install_file(): Wildcards are not authorized."
        die 7
    fi
@@ -116,19 +146,16 @@ install_file()
    local arg=
    for arg in $@; do
        filelist="$filelist $(select_file $arg)"
        # We always replace until the last argument being the target
        target="$arg"
    done
    unset arg
-    # Empty to just obtain the target which is the last element of the list
+    if [[ ! $target == /* ]]; then
    local file=
    for file in $filelist; do
        :
    done
    if [[ ! $file == /* ]]; then
        prnt E "install_file(): Target must be on the root filesystem and full path must be provided."
        die 13
    fi
-    unset file
+    unset target
    if [[ -d $(dirname $i) ]]; then
        prnt I "Creating required target directory $(dirname $i)..."
@@ -146,20 +173,26 @@ install_file()
    fi
 }
 export -f install_file
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Add the content of a file at the end of an other
 append_file()
 {
    if [[ $# -ne 2 ]]; then
        prnt E "append_file(): Two arguments are required, source and destination."
        die 11
    fi
    local srcfile=$(select_file $1)
    local dstfile=$2
-    if [[ -e $dstfile ]]; then
+    if [[ ! $dstfile == /* ]]; then
        prnt E "append_file(): Target must be on the root filesystem and full path must be provided."
        die 13
    fi
-    if [[ ! $dstfile == /* ]]; then
+    if [[ -e $dstfile ]]; then
-        prnt E "append_file(): Target file must exist."
+        prnt E "append_file(): Target file must exist (use touch first to create it if required)."
        die 13
    fi
@@ -171,6 +204,7 @@ append_file()
    fi
 }
 export -f append_file
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -187,59 +221,14 @@ is_dir_empty()
        return 0
    fi
-    nbfiles=$(ls -a1 $dir | egrep -v '^.$|^..$' | wc -l)
+    nbfiles=$(ls -a1 $dir | grep -Evc '^.$|^..$')
    if [[ $nbfiles -eq 0 ]]; then
        return 0
    fi
    return 1
 }
 export -f is_dir_empty
 # ------------------------------------------------------------------------------
 # copy and patch a file replacing all @var@ by the corresponding value in
 # the environment or the variable list given in parameter
 patch_file()
 {
    local srcfile=$(select_file $1) && shift
    local dstfile=$1 && shift
    local workfile=${dstfile}.work
    if [[ ! -s $srcfile ]]; then
        prnt E "patch_file(): Source file is empty, is not a file or don't exists!"
        die 10
    fi
    # Create a sub-process, to avoid bash environment pollution
    (
        local varlist= pattern=
        if [[ $# -eq 0 ]] ; then
            pattern="-e s/<\(.*\)>/\$\1\$\1/g"
        else
            local var=
            for var in $* ; do
                if ! declare -p $var >/dev/null 2>&1 ; then
                    local $var=$(eval echo \$$var)
                fi
                export $var
                pattern="$pattern -e s/@$var@/\$$var/g"
                varlist=$varlist\$$var
            done
        fi
        # sed replace <VAR> with \$$VAR and envsubst do the replace by value
        sed $pattern $srcfile | envsubst ${varlist:+"$varlist"} > "$workfile"
    )
    local -a rights=( $(stat --printf="%a %u %g" "$srcfile") )
    unset srcfile
    mv "$workfile" "$dstfile"
    chmod ${rights[0]} "$dstfile"
    chown ${rights[1]}:${rights[2]} "$dstfile"
    unset rights dstfile
 }
 export -f patch_file
 # ------------------------------------------------------------------------------
@@ -251,12 +240,12 @@ tag_file()
        if [[ -e $f ]]; then
            sed -i "1s/^/$text\n/" $f
        else
-            echo $text > $f
+            echo $text | sed "s/modified/generated/" > $f
            sed -i -e "s/modified/generated/" $f
        fi
    done
 }
 export -f tag_file
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -272,6 +261,7 @@ file_exists()
    return 0
 }
 export -f file_exists
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -287,6 +277,7 @@ file_must_exists()
    unset mf
 }
 export -f file_must_exists
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -302,6 +293,8 @@ directory_exists()
    return 0
 }
 export -f directory_exists
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # check if file exists and return error if not
@@ -315,7 +308,8 @@ directory_must_exists()
    fi
    unset md
 }
 export -f directory_must_exists
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/loaders.sh
+++ b/lib/loaders.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Loaders for conf and prepost functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -24,68 +25,112 @@ load_autoconf()
    local prefix="$MYPATH/conf/auto"
    if [[ -e $prefix/$SYS_ARCH.conf.sh ]]; then
-        . $prefix/$SYS_ARCH.conf.sh
+	. $prefix/$SYS_ARCH.conf.sh
    fi
    if [[ -e $prefix/$SYS_DIST.conf.sh ]]; then
-        . $prefix/$SYS_DIST.conf.sh
+	. $prefix/$SYS_DIST.conf.sh
    fi
    if [[ -e $prefix/$SYS_DIST-$SYS_ARCH.conf.sh ]]; then
-        . $prefix/$SYS_DIST-$SYS_ARCH.conf.sh
+	. $prefix/$SYS_DIST-$SYS_ARCH.conf.sh
    fi
    if [[ -e $prefix/$SYS_DIST-$SYS_VER.conf.sh ]]; then
-        . $prefix/$SYS_DIST-$SYS_VER.conf.sh
+	. $prefix/$SYS_DIST-$SYS_VER.conf.sh
    fi
    if [[ -n $SYS_CODE && -e $prefix/$SYS_DIST-$SYS_CODE.conf.sh ]]; then
-        . $prefix/$SYS_DIST-$SYS_CODE.conf.sh
+	. $prefix/$SYS_DIST-$SYS_CODE.conf.sh
    fi
    if [[ -e $prefix/$SYS_DIST-$SYS_VER-$SYS_ARCH.conf.sh ]]; then
-        . $prefix/$SYS_DIST-$SYS_VER-$SYS_ARCH.conf.sh
+	. $prefix/$SYS_DIST-$SYS_VER-$SYS_ARCH.conf.sh
    fi
    if [[ -n $SYS_CODE && -e $prefix/$SYS_DIST-$SYS_CODE-$SYS_ARCH.conf.sh ]]; then
-        . $prefix/$SYS_DIST-$SYS_CODE-$SYS_ARCH.conf.sh
+	. $prefix/$SYS_DIST-$SYS_CODE-$SYS_ARCH.conf.sh
    fi
    unset prefix
 }
 export -f load_autoconf
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Load configuration with the following priorities:
 #   1) Those given on command line, if any
-#   2) <workingdir>/conf/<hostname>.conf   (Hostname based and specific)
+#   2) <workingdir>/conf/<realm>/<hostname>.conf (Hostname based and specific)
-#   3) <workingdir>/conf/init.conf.sh      (Generic default)
+#   2) <workingdir>/conf/<hostname>.conf	 (Hostname based and specific)
 #   3) <workingdir>/conf/init.conf.sh      	 (Generic default, for testing)
 load_configuration()
 {
    # --------------------------------------------------------------------------
    # Get list of possible files to load when REALM is not declared
    get_files()
    {
 	for d in $MYPATH/conf/*; do
 	    if [[ -d $d ]]; then
 		find $d -maxdepth 1 -name "$HOSTNAME.conf.sh"
 	    fi
 	done
    }
    if [[ -n $CONFFILES ]]; then
-        local f=
+	local f=
-        for f in $CONFFILES; do
+	for f in $CONFFILES; do
-            prnt I "Loading $f manually specified."
+	    prnt I "Loading $f manually specified."
-            if [[ -s $f ]]; then
+	    if [[ -s $f ]]; then
-                . $f
+		. $f
-            else
+	    else
-                prnt E "The $f file doesn't exists or is empty."
+		prnt E "The $f file doesn't exists or is empty."
-                die 6 --force
+		die 6 --force
-            fi
+	    fi
-        done
+	done
-        unset f
+	unset f
    else
-        prnt I "Loading configuration..."
+	prnt I "Loading configuration..."
-        if [[ -e $MYPATH/conf/$HOSTNAME.conf.sh ]]; then
+	if [[ -z $REALM ]]; then
-            prnt I "A specific configuration will be used."
+	    prnt W "REALM is undeclared, trying to scan configuration subdirectories for this host..."
-            . $MYPATH/conf/$HOSTNAME.conf.sh
+	    local found_realms=$(get_files)
-        else
+	    case "$(echo $found_realms | wc -w)" in
-            if [[ -e $MYPATH/conf/init.conf.sh ]]; then
+		"0")
-                prnt I "A generic configuration will be used."
+		    : # We do nothing as we'll check for other scenario
-                . $MYPATH/conf/init.conf.sh
+		;;
-            else
+		"1")
-                prnt E "No configuration found, impossible to continue."
+		    export REALM="$(basename $(dirname $found_realms))"
-                die 6 --force
+		    local auto_realm="$REALM"
-            fi
+		;;
-        fi
+		*)
 		    prnt E "More than one file correspond to that host. This is ambigous and need to be fixed."
 		    prnt m "You can fix that situation with one of those actions:"
 		    prnt m "\t * Declare a REALM variable with the actual domain name of the host."
 		    prnt m "\t * Give manually the configuration file using the --file option."
 		    prnt m "\t * Configure the domain name of the host."
 		    die 20 --force
 		;;
 	    esac
 	fi
 	if [[ -e $MYPATH/conf/$REALM/$HOSTNAME.conf.sh ]]; then
 	    prnt I "A specific configuration will be used."
 	    local cnffile=$MYPATH/conf/$REALM/$HOSTNAME.conf.sh
 	    if [[ -n $auto_realm && $REALM != $auto_realm ]]; then
 		prnt E "The domain name in the confinguration file don't correspond to the detected domain through directory structure."
 		die 21 --force
 	    fi
 	elif [[ -e $MYPATH/conf/$HOSTNAME.conf.sh ]]; then
 	    prnt I "A specific configuration will be used."
 	    local cnffile=$MYPATH/conf/$HOSTNAME.conf.sh
 	else
 	    if [[ -e $MYPATH/conf/init.conf.sh ]]; then
 		prnt I "A generic configuration will be used."
 		local cnffile=$MYPATH/conf/init.conf.sh
 	    else
 		prnt E "No configuration found, impossible to continue."
 		die 6 --force
 	    fi
 	fi
 	prnt I "Loading $cnffile ..."
 	. $cnffile
    fi
 }
 export -f load_configuration
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -94,11 +139,12 @@ load_prepost_actions()
 {
    local prepost=
    for prepost in $MYPATH/prepost.d/*.sh; do
-        prnt I "Loading prepost actions in $prepost ..."
+	prnt I "Loading prepost actions in $prepost ..."
-        . $prepost
+	. $prepost
    done
    unset prepost
 }
 export -f load_prepost_actions
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/net.sh
+++ b/lib/net.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Network functions
 # This file is part of the init.sh project
-# Copyright (c) 2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -33,6 +34,7 @@ set_system_proxy()
    fi
 }
 export -f set_system_proxy
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -46,6 +48,7 @@ mask2cidr4()
    echo $(( $2 + (${#x}/4) ))
 }
 export -f mask2cidr4
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -58,6 +61,7 @@ cidr2mask4()
    echo ${1-0}.${2-0}.${3-0}.${4-0}
 }
 export -f cidr2mask4
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -81,6 +85,7 @@ isipv4 ()
    return 1
 }
 export -f isipv4
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -95,6 +100,7 @@ isipv6 ()
    return 1
 }
 export -f isipv6
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -134,6 +140,7 @@ get_network_info()
    done
 }
 export -f get_network_info
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -175,3 +182,6 @@ check_network()
    esac
 }
 export -f check_network
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/pkgman.sh
+++ b/lib/pkgman.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Package manager integration
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -17,6 +18,7 @@ pkgupdt()
    $PKG_MAN $COM_UPDATE
 }
 export -f pkgupdt
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -25,21 +27,21 @@ pkginst()
 {
    prnt I "Installing packages..."
    if [[ $# -lt 1 ]]; then
-        prnt E "pkginst(): some required parameters are missing."
+	prnt E "pkginst(): some required parameters are missing."
-        exit 11
+	exit 11
    fi
    if [[ ! $INSTALL_MODE == dev ]]; then
-        exec_preinst $@
+	exec_preinst $@
-        $PKG_MAN $COM_INSTALL $@
+	$PKG_MAN $COM_INSTALL $@
-        exec_postinst
+	exec_postinst
    else
-        local pkg=
+	local pkg=
-        for pkg in $@; do
+	for pkg in $@; do
-            exec_preinst $pkg
+	    exec_preinst $pkg
-            $PKG_MAN $COM_INSTALL $pkg
+	    $PKG_MAN $COM_INSTALL $pkg
-            exec_postinst
+	    exec_postinst
-        done
+	done
-        unset pkg
+	unset pkg
    fi
 }
 export -f pkginst
@@ -55,6 +57,7 @@ pkgupgd()
    exec_postupgd
 }
 export -f pkgupgd
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -63,24 +66,25 @@ pkgrm()
 {
    prnt I "Uninstalling packages..."
    if [[ $# -lt 1 ]]; then
-        prnt E "pkgrem(): some required parameters are missing."
+	prnt E "pkgrem(): some required parameters are missing."
-        exit 11
+	exit 11
    fi
    if [[ ! $INSTALL_MODE == dev ]]; then
-        exec_prerm $@
+	exec_prerm $@
-        $PKG_MAN $COM_REMOVE $@
+	$PKG_MAN $COM_REMOVE $@
-        exec_postrm
+	exec_postrm
    else
-        local pkg=
+	local pkg=
-        for pkg in $@; do
+	for pkg in $@; do
-            exec_prerm $pkg
+	    exec_prerm $pkg
-            $PKG_MAN $COM_REMOVE $pkg
+	    $PKG_MAN $COM_REMOVE $pkg
-            exec_postrm
+	    exec_postrm
-        done
+	done
-        uset pkg
+	uset pkg
    fi
 }
 export -f pkgrm
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -93,6 +97,7 @@ pkgautorm()
    exec_postautorm
 }
 export -f pkgautorm
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -101,15 +106,16 @@ exec_preinst()
 {
    local pkglist=$(get_install_list $@)
    for pkg in $pkglist; do
-        if [[ $(function_exists preinst_$pkg) ]]; then
+	if [[ $(function_exists preinst_$pkg) ]]; then
-            prnt I "Running $pkg preinstallation script..."
+	    prnt I "Running $pkg preinstallation script..."
-            preinst_$pkg
+	    preinst_$pkg
-        fi
+	fi
    done
    export POSTINSTLIST=$pkglist
    unset pkglist
 }
 export -f exec_preinst
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -117,17 +123,18 @@ export -f exec_preinst
 exec_postinst()
 {
    if [[ -z $POSTINSTLIST ]]; then
-        return 0
+	return 0
    fi
    for pkg in $POSTINSTLIST; do
-        if [[ $(function_exists postinst_$pkg) ]]; then
+	if [[ $(function_exists postinst_$pkg) ]]; then
-            prnt I "Running $pkg postinstallation script..."
+	    prnt I "Running $pkg postinstallation script..."
-            postinst_$pkg
+	    postinst_$pkg
-        fi
+	fi
    done
    unset POSTINSTLIST
 }
 export -f exec_postinst
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -137,15 +144,16 @@ exec_prerm()
    local pkglist=$(get_remove_list $@)
    unset $cmd
    for pkg in $pkglist; do
-        if [[ $(function_exists prerm_$pkg) ]]; then
+	if [[ $(function_exists prerm_$pkg) ]]; then
-            prnt I "Running $pkg preremove script..."
+	    prnt I "Running $pkg preremove script..."
-            prerm_$pkg
+	    prerm_$pkg
-        fi
+	fi
    done
    export POSTRMLIST=$pkglist
    unset pkglist
 }
 export -f exec_prerm
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -153,17 +161,18 @@ export -f exec_prerm
 exec_postrm()
 {
    if [[ -z $POSTRMLIST ]]; then
-        return 0
+	return 0
    fi
    for pkg in $POSTRMLIST; do
-        if [[ $(function_exists postrm_$pkg) ]]; then
+	if [[ $(function_exists postrm_$pkg) ]]; then
-            prnt I "Running $pkg postremove script..."
+	    prnt I "Running $pkg postremove script..."
-            postrm_$pkg
+	    postrm_$pkg
-        fi
+	fi
    done
    unset POSTRMLIST
 }
 export -f exec_postrm
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -172,15 +181,16 @@ exec_preupgd()
 {
    local pkglist=$(get_upgrade_list)
    for pkg in $pkglist; do
-        if [[ $(function_exists preupgd_$pkg) ]]; then
+	if [[ $(function_exists preupgd_$pkg) ]]; then
-            prnt I "Running $pkg preupgrade script..."
+	    prnt I "Running $pkg preupgrade script..."
-            preupgd_$pkg
+	    preupgd_$pkg
-        fi
+	fi
    done
    export POSTUPGDLIST=$pkglist
    unset pkglist
 }
 export -f exec_preupgd
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -188,17 +198,18 @@ export -f exec_preupgd
 exec_postupgd()
 {
    if [[ -z $POSTUPGDLIST ]]; then
-        return 0
+	return 0
    fi
    for pkg in $POSTUPGDLIST; do
-        if [[ $(function_exists postupgd_$pkg) ]]; then
+	if [[ $(function_exists postupgd_$pkg) ]]; then
-            prnt I "Running $pkg postupgrade script..."
+	    prnt I "Running $pkg postupgrade script..."
-            postupgd_$pkg
+	    postupgd_$pkg
-        fi
+	fi
    done
    unset POSTUPGDLIST
 }
 export -f exec_postupgd
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -207,15 +218,16 @@ exec_preautorm()
 {
    local pkglist=$(get_autorem_list)
    for pkg in $pkglist; do
-        if [[ $(function_exists prerm_$pkg) ]]; then
+	if [[ $(function_exists prerm_$pkg) ]]; then
-            prnt I "Running $pkg preremove script..."
+	    prnt I "Running $pkg preremove script..."
-            prerm_$pkg
+	    prerm_$pkg
-        fi
+	fi
    done
    export POSTRMLIST=$pkglist
    unset pkglist
 }
 export -f exec_preautorm
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -225,6 +237,7 @@ exec_postautorm()
    exec_postrm
 }
 export -f exec_postautorm
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/secret.sh
+++ b/lib/secret.sh
@@ -0,0 +1,194 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Secret management functions
 # This file is part of the init.sh project
 # Copyright (c) 2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
 # https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Get Passbolt
 get_passbolt_secret()
 {
    local name="$1" secret
    if ! command -v passbolt >/dev/null 2>&1; then
        prnt E "Passbolt CLI not found (required to fetch passbolt:$name)."
        die 22
    fi
    # Exemple basé sur CLI Passbolt + jq
    secret=$(passbolt secret list --json 2>/dev/null | jq -r --arg NAME "$name" \
        '.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
    if [[ -z "$secret" || "$secret" == "null" ]]; then
        prnt E "Secret '$name' not found in Passbolt."
        die 23
    fi
    printf '%s' "$secret"
 }
 export -f get_passbolt_secret
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Get File
 get_file_secret()
 {
    local path="$1" secret
    if [[ ! -s "$path" ]]; then
        prnt E "get_file_secret: missing secret file"
        die 10
    fi
    if [[ ! -r "$path" ]]; then
        prnt E "get_file_secret: '$path' not readable"
        die 24
    fi
    secret=$(<"$path")
    secret="${secret%$'\r'}"
    secret="${secret%$'\n'}"
    printf '%s' "$secret"
 }
 export -f get_file_secret
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Get Environment variable
 get_var_secret()
 {
    local var="$1" secret
    if [[ -z "$var" ]]; then
        prnt E "get_var_secret: missing variable name"
        die 25
    fi
    if ! printenv "$var" >/dev/null 2>&1; then
        prnt E "get_var_secret: variable '$var' not set"
        die 25
    fi
    secret="$(printenv "$var")"
    secret="${secret%$'\r'}"
    secret="${secret%$'\n'}"
    printf '%s' "$secret"
 }
 export -f get_var_secret
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Main get dispatcher
 # Usage: fetch_secret "scheme:identifier"
 fetch_secret()
 {
    local ref="$1"
    local scheme identifier func
    if [[ -z "$ref" ]]; then
        prnt E "fetch_secret: no reference provided"
        die 26
    fi
    # par défaut, si pas de scheme -> "file"
    if [[ "$ref" != *:* ]]; then
        scheme="file"
        identifier="$ref"
    else
        scheme="${ref%%:*}"
        identifier="${ref#*:}"
    fi
    func="get_${scheme}_secret"
    if ! declare -f "$func" >/dev/null 2>&1; then
        prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)"
        die 27
    fi
    "$func" "$identifier"
 }
 export -f fetch_secret
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Check Passbolt
 check_passbolt_secret() {
    local name="$1" found
    if ! command -v passbolt >/dev/null 2>&1; then
        return 1
    fi
    found=$(passbolt secret list --json 2>/dev/null | jq -e --arg NAME "$name" \
        '.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
    [[ -n "$found" && "$found" != "null" ]]
 }
 export -f check_passbolt_secret
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Check File
 check_file_secret() {
    local path="$1"
    [[ -r "$path" && -s "$path" ]]
 }
 export -f check_file_secret
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Check Environment variable
 check_var_secret() {
    local var="$1"
    [[ -n "$var" ]] && printenv "$var" >/dev/null 2>&1
 }
 export -f check_var_secret
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Check Dispatcher
 check_secret() {
    local ref="$1"
    local scheme identifier func
    if [[ -z "$ref" ]]; then
        prnt E "check_secret: no reference provided"
        return 1
    fi
    if [[ "$ref" != *:* ]]; then
        scheme="file"
        identifier="$ref"
    else
        scheme="${ref%%:*}"
        identifier="${ref#*:}"
    fi
    func="check_${scheme}_secret"
    if ! declare -f "$func" >/dev/null 2>&1; then
        prnt E "check_secret: unsupported scheme '$scheme' (no function $func)"
        return 1
    fi
    "$func" "$identifier"
 }
 export -f check_secret
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/services.sh
+++ b/lib/services.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Services manipulation functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -15,16 +16,16 @@
 exec_serv()
 {
    if [[ $# -lt 2 ]]; then
-        prnt E "exec_serv(): Syntax error (parameters: $@)!"
+	prnt E "exec_serv(): Syntax error (parameters: $@)!"
-        exit 11
+	exit 11
    fi
    local svcname=$1 command=$2
    shift 2
    local lineexec=$(echo $INIT_COM |
-                        sed -e s/%srv%/$svcname/ \
+			sed -e s/%srv%/$svcname/ \
-                            -e s/%com%/$command/)
+			    -e s/%com%/$command/)
    unset svcname command
    prnt I "Launching command $command for the service $svcname"
@@ -33,6 +34,7 @@ exec_serv()
    unset lineexec
 }
 export exec_serv
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -41,11 +43,12 @@ svc_start()
 {
    local svc=
    for svc in $@; do
-        exec_serv $svc start
+	exec_serv $svc start
    done
    unset svc
 }
 export -f svc_start
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -53,10 +56,11 @@ export -f svc_start
 svc_reload()
 {
    for svc in $@; do
-        exec_serv $svc reload
+	exec_serv $svc reload
    done
 }
 export -f svc_reload
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -65,11 +69,12 @@ svc_restart()
 {
    local svc=
    for svc in $@; do
-        exec_serv $svc restart
+	exec_serv $svc restart
    done
    unset svc
 }
 export -f svc_restart
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -78,10 +83,11 @@ svc_stop()
 {
    local svc=
    for svc in $@; do
-        exec_serv $svc stop
+	exec_serv $svc stop
    done
    unset svc
 }
 export -f svc_stop
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/support.sh
+++ b/lib/support.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Base support function
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -20,34 +21,34 @@ Initialise une machine pour l'intégrer à un réseau.
 Options :
 	-f, --file <fichier>	Permet de spécifier un fichier de configuration
-	    	   		à charger manuellement. Cette option peut être répétée
+				à charger manuellement. Cette option peut être répétée
 				pour permettre le chargement de plusieurs fichiers de
 				configuration, le dernier surchargeant les précédants.
 	-m, --module <liste>	Lance les modules indiqués même s'il ne sont pas
-	    			dans les fichiers de configuration. Les noms des
+				dans les fichiers de configuration. Les noms des
-	    			modules doivent être séparés par des virgules.
+				modules doivent être séparés par des virgules.
 	-c, --check-only	Lance les procédures de vérification sans rien
-                                modifier.
+				modifier.
 	-j, --jump		Saute les procédures de vérification des
-                                modules.
+				modules.
 	-k, --keep-going	Continue l'execution en cas d'erreur.
 	-r, --resume		Reprend l'execution là ou elle s'est arrêté.
 	-R, --no-root-check     Ne pas vérifier les droits root (ou UID 0)
 	-o, --offline		Assume that all needed resource are available on a LAN
-						and avoid any Internet connectivity checks.
+				and avoid any Internet connectivity checks.
 	-P, --no-proxy		Ne pas utiliser de proxy lors de l'utilisation de
-	    			ce script (n'empêche pas leur configuration via modules)
+				ce script (n'empêche pas leur configuration via modules)
 	-D, --no-deps		Ne pas vérifier les dépendances entre les modules.
 	-h, --help		Affiche ce texte d'aide.
 	-s, --shell		Lance un shell avec tout l'environnement du script pour
-	    			débogage. Aucune action ou vérification n'est faite en
+				débogage. Aucune action ou vérification n'est faite en
-	    			dehors des commandes lancées dans le shell.
+				dehors des commandes lancées dans le shell.
 	--chroot <chemin>	Permet à init de ne pas appliquer les modifications au
-	    			système de fichier racine mais à un système différent.
+				système de fichier racine mais à un système différent.
 	-l, --logfile <nom>     Nom du fichier de log. Peut aussi être changé
-                                via la variable d'environnement LOGFILE.
+				via la variable d'environnement LOGFILE.
 	-v, --version		Affiche la version de ce script et celles de
-	    			tous les modules disponibles.
+				tous les modules disponibles.
 Attention : les options courtes ne sont pas concaténable.
@@ -72,6 +73,7 @@ Fichiers de configuration :
 EOF
 }
 export -f disp_help
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -84,23 +86,24 @@ show_version()
    local mod=
    for mod in $MYPATH/modules/*.sh; do
-        # Ran in a subshell to not pollute environment
+	# Ran in a subshell to not pollute environment
-        (
+	(
-            . $mod
+	    . $mod
-            local modname=$(get_mod_name $mod)
+	    local modname=$(get_mod_name $mod)
-            local version=VER_$modname
+	    local version=VER_$modname
-            echo -e "\t$BWhite$modname${DEFAULTCOL}: $BGreen${!version}$DEFAULTCOL"
+	    echo -e "\t$BWhite$modname${DEFAULTCOL}: $BGreen${!version}$DEFAULTCOL"
-            unset modname version
+	    unset modname version
-        )
+	)
    done
    unset mod
    if [[ $(id -u) -ne 0 ]]; then
-        echo -e "\n${BYellow}Warning:$DEFAULTCOL That script requires superuser rights to work."
+	echo -e "\n${BYellow}Warning:$DEFAULTCOL That script requires superuser rights to work."
    fi
 }
 export -f show_version
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/users.sh
+++ b/lib/users.sh
@@ -0,0 +1,82 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Users related functions
 # This file is part of the init.sh project
 # Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
 # https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Users (from Ldap)
 add_remote_user()
 {
    local users=$@
    for usr in ${users[@]}; do
        if [[ -n $(grep "^$usr:" /etc/passwd) ]]; then
            prnt W "A local user with name $usr already exists, adding anyway!"
        fi
        if [[ -n $(grep "^+$usr:" /etc/passwd) ]]; then
            prnt W "The remote user $usr is already declared, nothing to do in passwd."
        else
            echo "+$usr::::::" >> /etc/passwd
            prnt I "User $usr added to passwd..."
        fi
        if [[ -n $(grep "^+$usr:" /etc/shadow) ]]; then
            prnt W "The remote user $usr is already connectable, nothing to do in shadow."
        else
            echo "+$usr::::::::" >> /etc/shadow
            prnt I "User $usr added to shadow..."
        fi
    done
 }
 export -f add_remote_user
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Remove users
 remove_user()
 {
    local users=$@
    for usr in ${users[@]}; do
        if [[ -n $(grep "^$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
            # Using sed is more universal than any distro commands - local case
            sed -i -e "/^$usr:/d" /etc/{passwd,shadow,group,gshadow}
        elif [[ -n $(grep "^+$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
            # remote case
            sed -i -e "/^+$usr:/d" /etc/{passwd,shadow,group,gshadow}
        else
            prnt W "User $usr don't exists in auth files, nothing to do."
        fi
    done
 }
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Create a local user
 create_local_user()
 {
    local users=$@
    for usr in ${users[@]}; do
        if [[ $(noerror --noout id $usr) != 0 ]]; then
            prnt I "Creating user $usr..."
            if [[ $(directory_exists home_skell) ]]; then
                useradd --create-home --shell $DEFAULT_SHELL \
                    --user-group $usr \
                    --skell $(select_directory home_skell)
            else
                useradd --create-home --shell $DEFAULT_SHELL --user-group $usr
            fi
        else
            prnt W "The user $usr already exists. Nothing to do..."
        fi
    done
 }
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Various utilitary functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -12,26 +13,28 @@
 # Define normalised time display, filename friendly
 stdtime()
 {
-    date --rfc-3339=seconds | sed -e 's/ /-/' -e 's/://g'
+    date --rfc-3339=seconds | sed -e 's/ /-/' -e 's/://g' | cut -d'+' -f1
 }
 export -f stdtime
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Check if a function exists, return 0 if so
 function_exists() {
    if [[ $# -ne 1 ]]; then
-        prnt E "function_exists(): A function name is required!"
+	prnt E "function_exists(): A function name is required!"
-        die 11 --force
+	die 11 --force
    fi
-    if [[ $(LC_ALL=C type -t $1 | grep function) ]]; then
+    if [[ -n $(LC_ALL=C type -t $1 | grep function) ]]; then
-        return 0
+	return 0
    else
-        return 1
+	return 1
    fi
 }
 export -f function_exists
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -39,12 +42,13 @@ export -f function_exists
 get_mod_name()
 {
    if [[ $# -ne 1 ]]; then
-        prnt E "get_mod_name(): Bad number of parameters."
+	prnt E "get_mod_name(): Bad number of parameters."
-        die 11 --force
+	die 11 --force
    fi
-    echo $(basename $1 | cut -f 1 -d '.')
+    basename $1 | cut -f 1 -d '.'
 }
 export -f get_mod_name
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -52,9 +56,23 @@ export -f get_mod_name
 trim()
 {
    local string="$@"
-    echo "$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'<<<"${string}")"
+    sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'<<<"${string}"
    unset string
 }
 export -f trim
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Dump the keyboard's buffer
 dump_key_buffer()
 {
    while read -r -t 0.001; do
 	:
    done
 }
 export -f dump_key_buffer
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/vars.sh
+++ b/lib/vars.sh
@@ -0,0 +1,108 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Variables substitution function
 # This file is part of the init.sh project
 # Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
 # https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Replace @VAR@ in a text file by the corresponding $VAR value
 # The --delimiter or -d option allow to use something else than @
 setvar()
 {
    local delimiter="@"
    local vars=()
    local file
    # Parse arguments
    while [[ $# -gt 0 ]]; do
        case "$1" in
            --delimiter|-d)
                shift
                delimiter="${1:-@}"
                ;;
            -*)
                prnt E "setvar(): Unknown option: $1"
                die 7
                ;;
            *)
                if [[ -f $1 && $# -eq 1 ]]; then
                    file="$1"
                else
                    vars+=("$1")
                fi
                ;;
        esac
        shift
    done
    if [[ -z $file ]]; then
        prnt E "Usage: setvar [--delimiter D] VAR1 [VAR2 ...] <file>"
        die 7
    fi
    if [[ ${#vars[@]} -eq 0 ]]; then
        prnt E "No variable name(s) provided."
        die 7
    fi
    local var val escaped pattern
    for var in "${vars[@]}"; do
        val="${!var}"
        if [[ -z $val ]]; then
            prnt W "Variable '$var' is unset or empty; skipped."
            continue
        fi
        # Échapper les caractères spéciaux pour sed
        escaped=$(printf '%s' "$val" | sed -e 's/[\/&]/\\&/g')
        pattern="${delimiter}${var}${delimiter}"
        prnt I "Replacing $pattern with $val in $file"
        sed -i -e "s|$pattern|$escaped|g" "$file"
    done
 }
 export -f setvar
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
 # Replace @VAR@ in a text file by the corresponding values available in the
 # environment. The --delimiter or -d option allow to use something else than @
 setvars_from_env()
 {
    local file delimiter="@"
    while [[ $# -gt 0 ]]; do
        case "$1" in
            -d|--delimiter)
                shift
                delimiter="${1:-@}"
                ;;
            *)
                file="$1"
                ;;
        esac
        shift
    done
    [[ -f $file ]] || {
        prnt E "File not found: $file"
        die 10
    }
    local vars
    vars=$(grep -o "${delimiter}[A-Z0-9_]\+${delimiter}" "$file" | sort -u | tr -d "$delimiter")
    [[ -z $vars ]] && return 0
    setvar --delimiter "$delimiter" $vars "$file"
 }
 export -f setvars_from_env
 # ------------------------------------------------------------------------------
 # EOF
--- a/lib/version.sh
+++ b/lib/version.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 # ------------------------------------------------------------------------------
 # Version determination function
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -13,35 +14,38 @@
 get_os_version()
 {
    if [[ ! -f /etc/os-release ]]; then
-        prnt E "get_os_version(): Your distribution doesn't have the needed os-release file."
+	prnt E "get_os_version(): Your distribution doesn't have the needed os-release file."
-        die 8 --force
+	die 8 --force
    fi
    # Create a sub-shell to avoid polluting the environnement
    (
-        # Iniitalise version codename in case the var don't exists
+	# Iniitalise version codename in case the var don't exists
-        VERSION_CODENAME="NULL"
+	VERSION_CODENAME="NULL"
-        # Import the file in the environment
+	# Import the file in the environment
-        source /etc/os-release
+	source /etc/os-release
-        if [[ -z $ID ]]; then
+	if [[ -z $ID ]]; then
-            prnt E "get_os_version(): Your /etc/os-release file mises some vital information."
+	    prnt E "get_os_version(): Your /etc/os-release file mises some vital information."
-            die 8 --force
+	    die 8 --force
-        fi
+	fi
 	if [[ -z $VERSION_ID ]]; then
 	    local maj=$(uname -r | cut -d'.' -f1)
 	    local min=$(uname -r | cut -d'.' -f2)
 	    VERSION_ID="$maj.$min"
 	    unset maj min
 	fi
 	# Return values on stdout (awk used to retreave primary codename when using testing or unstable)
 	echo ${ID,,} ${VERSION_ID} $(echo ${VERSION_CODENAME,,} | awk '{print $1}')
        if [[ -z $VERSION_ID ]]; then
            local maj=$(uname -r | cut -d'.' -f1)
            local min=$(uname -r | cut -d'.' -f2)
            VERSION_ID="$maj.$min"
            unset maj min
        fi
        # Return values on stdout
        echo ${ID,,} ${VERSION_ID} ${VERSION_CODENAME,,}
    )
 }
 export read_os_release
 # ------------------------------------------------------------------------------
 # ------------------------------------------------------------------------------
@@ -50,19 +54,20 @@ export read_os_release
 set_sys_vars()
 {
    if [[ $# -ne 4 ]]; then
-        prnt E "set_sys_vars(): Incorrect number of parameters ($@)."
+	prnt E "set_sys_vars(): Incorrect number of parameters ($@)."
-        die 7 --force
+	die 7 --force
    fi
    export SYS_ARCH=$1
    export SYS_DIST=$2
    export SYS_VER=$3
    if [[ $4 != "null" ]]; then
-        export SYS_CODE=$4
+	export SYS_CODE=$4
    elif [[ -n $SYS_CODE ]]; then
-        unset SYS_CODE
+	unset SYS_CODE
    fi
 }
 export -f get_os_version
 # ------------------------------------------------------------------------------
 # EOF
--- a/modules/authnz.sh
+++ b/modules/authnz.sh
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------
 # Add local or remote users
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -20,58 +20,9 @@
 #  * DEFAULT_SHELL: The shell to use when creating new users
 # ------------------------------------------------------------------------------
-export VER_authnz=0.2.2
+export VER_authnz="0.2.2"
-export DEP_authnz="upgrade_dist"
+export DEP_authnz=""
 # Users (from Ldap)
 add_remote_user()
 {
    if [[ $(grep "^$1:" /etc/passwd) ]]; then
        prnt W "A local user with name $1 already exists, adding anyway!"
    fi
    if [[ $(grep "^+$1:" /etc/passwd) ]]; then
        prnt W "The remote user $1 is already declared, nothing to do in passwd."
    else
        echo "+$1::::::" >> /etc/passwd
        prnt I "User $1 added to passwd..."
    fi
    if [[ $(grep "^+$1:" /etc/shadow) ]]; then
        prnt W "The remote user $1 is already connectable, nothing to do in shadow."
    else
        echo "+$1::::::::" >> /etc/shadow
        prnt I "User $1 added to shadow..."
    fi
 }
 # Remove users
 remove_user()
 {
    if [[ $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
        # Using sed is more universal than any distro commands - local case
        sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow}
    elif [[ $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
        # remote case
        sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow}
    else
        prnt W "User $1 don't exists in auth files, nothing to do."
    fi
 }
 # Create a local user
 create_local_user()
 {
    if [[ $(noerror --noout id $1) != 0 ]]; then
        prnt I "Creating user $1..."
        if [[ $(directory_exists home_skell) ]]; then
            useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \
                --skell $(select_directory home_skell)
        else
            useradd --create-home --shell $DEFAULT_SHELL --user-group $1
        fi
    else
        prnt W "The user $1 already exists. Nothing to do..."
    fi
 }
 # Authentication
 authnz()
--- a/modules/conf_ceph.sh
+++ b/modules/conf_ceph.sh
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------
-# Configure machine for ceph (or samba) mount
+# Configure machine for ceph (or samba / NFS) mount
 # This file is part of the init.sh project
-# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -10,43 +10,52 @@
 # Variable:
 #   * CEPH_SRV_NAMES: hosts names of ceph servers
 #   * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP
-#   * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount
+#   * CEPH_MOUNTS: list of mounts to create
-#   * SMBSRV: Fallback samba server on unsupported architectures
+#   * CEPH_MP_mount: mount point for the given "mount"
-# Mount points are hardcoded and should bet set differently
+#   * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount (to be removed)
 #   * SMBSRV: Fallback samba server on unsupported architectures (not doing
 #             anything if undeclared)
 #   * NFSSRV: Fallback NFS server on unsupported architectures (not doing
 #             anything if undeclared)
 # If both SMBSRV and NFSSRV are set on unsupported hardware, Samba will have a
 # higher priority.
 # ------------------------------------------------------------------------------
-export VER_conf_ceph="0.0.5"
+export VER_conf_ceph="1.0.2"
-export DEP_conf_ceph="upgrade_dist"
+export DEP_conf_ceph=""
 conf_ceph()
 {
    # Create mount point directories
    echo "Creating mount points"
    mkdir -pv /srv/ceph/share
    mkdir -pv /share
    local success=undef
-    local fstabchanged=false
+
    # Determine the type of installation
    if [[ $SYS_ARCH == "x86_64" || $SYS_ARCH == "i386" ]]; then
        export CEPH_STATUS=ceph
-    else
+    elif [[ -n $SMBSRV ]]; then
        export CEPH_STATUS=smb
    elif [[ -n $NFSSRV ]]; then
        export CEPH_STATUS=nfs
    else
        export CEPH_STATUS=none
    fi
    if [[ $CEPH_STATUS == ceph ]]; then
        # Install ceph package
        pkginst ceph-common
        # hosts files required for Ceph bootstrap when DNS not yet started
-        if [[ ! $(grep "# Ceph" /etc/hosts) ]]; then
+        if ! grep -q "^# Ceph" /etc/hosts; then
            prnt I "Adding server list to /etc/hosts"
            backup_dist /etc/hosts
            tag_file /etc/hosts
            echo >> /etc/hosts
            echo "# Ceph servers:" >> /etc/hosts
            for srv in $CEPH_SRV_NAMES; do
-                local line="$(eval echo \$CEPHIP_$srv)    $srv.$REALM   $srv"
+                local line
                line="$(eval echo \$CEPHIP_$srv)    $srv.$REALM   $srv"
                prnt m "     - Adding line $line to /etc/hosts"
                echo "$line" >> /etc/hosts
                unset line
            done
        else
            prnt W "Ceph servers already in /etc/hosts, nothing to do"
@@ -54,37 +63,59 @@ conf_ceph()
        backup_dist /etc/fstab
        prnt I "Adding ceph entries to /etc/fstab"
-        fstabchanged=true
+        tag_file /etc/fstab
        echo >> /etc/fstab
-        local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g")
+        local srvlist=${CEPH_SRV_NAMES// /,}
-        if [[ ! $(grep $srvlist /etc/fstab) ]]; then
+
        prnt I "Fetching secret $CEPH_SECRET..."
        local secret
        secret=$(fetch_secret "$CEPH_SECRET")
        if ! grep -q "$srvlist" /etc/fstab; then
            echo "# Ceph :" >> /etc/fstab
-            echo "$srvlist:/    /srv/ceph       ceph    defaults,_netdev,name=admin,secret=$CEPH_SECRET  0 0" >> /etc/fstab
+            for mnt in $CEPH_MOUNTS; do
                local mp=$(eval echo \$CEPH_MP_$mnt)
                mkdir -pv "$mp"
                echo "$srvlist:/    $mp       ceph    defaults,_netdev,name=admin,secret=$secret,mds_namespace=$mnt  0 0" >> /etc/fstab
                unset mp
            done
        else
            prnt W "Ceph entry already in /etc/fstab, nothing to do"
        fi
-        unset srvlist
+        unset srvlist secret
        success=yes
    elif [[ $CEPH_STATUS == smb ]]; then
        pkginst smbclient
        backup_dist /etc/fstab
        prnt I "Adding Samba entries to /etc/fstab"
        fstabchanged=true
        echo >> /etc/fstab
-        if [[ ! $(grep $SMBSRV /etc/fstab) ]]; then
+        tag_file /etc/fstab
        if ! grep -q "$SMBSRV" /etc/fstab; then
            echo "# Samba:" >> /etc/fstab
-            echo "//$SMBSRV/share       /srv/ceph/share cifs    defaults,_netdev,username=root,password=        0 0" >> /etc/fstab
+            for mnt in $CEPH_MOUNTS; do
                local mp=$(eval echo \$CEPH_MP_$mnt)
                mkdir -pv $mp
                echo "//$SMBSRV/$mnt       $mp     cifs    defaults,_netdev,username=root,password=        0 0" >> /etc/fstab
                unset $mp
            done
        else
            prnt W "Samba entry already in /etc/fstab, nothing to do"
        fi
        success=yes
    elif [[ $CEPH_STATUS == nfs ]]; then
        tag_file /etc/fstab
        # To be implemented
    elif [[ $CEPH_STATUS == none ]]; then
        prnt W "No alternative set for unsuported hardware, nothing will be done."
        return 0
    else
-        prnt E "Ceph status not understood, the next tasks will probably fail"
+        prnt E "Ceph status not understood, something is wrong."
        return 1
    fi
    if [[ $success == yes ]]; then
-        if [[ ! $(grep "^/srv/ceph/share" /etc/fstab) ]]; then
+        # Create some mount binds for convenience
-            fstabchanged=true
+        # TODO: That part should be a different module with own configuration
        if grep -q "^/srv/ceph/share" /etc/fstab; then
            echo "/srv/ceph/share       /share  none    defaults,_netdev,bind   0 0" >> /etc/fstab
            if [[ $SHARED_HOME == 1 ]]; then
                echo "/srv/ceph/share/home      /home   none    defaults,_netdev,bind   0 0" >> /etc/fstab
@@ -94,18 +125,15 @@ conf_ceph()
        prnt E "Failed creating original mount, not adding binded ones"
    fi
    if [[ $fstabchanged == true ]]; then
        tag_file /etc/fstab
    fi
    unset fstabchanged
    # Mount Ceph volumes if required
    prnt I "Mounting ceph volumes"
-    [[ ! $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share
+    for mnt in $CEPH_MOUNTS; do
-    [[ ! $(mount | grep "on /share") ]] && mount -v /share
+        if ! mountpoint -q "$(eval echo \$CEPH_MP_$mnt)"; then
-    if [[ $SHARED_HOME == "true" ]]; then
+            mount -v "$(eval echo \$CEPH_MP_$mnt)" ||
-        [[ ! $(mount | grep "on /home") ]] && mount -v /home
+                prnt W "Error while mounting CEPH filesystem (check CEPH logs), ignoring"
-    fi
+        fi
    done
 }
 precheck_conf_ceph()
@@ -124,17 +152,24 @@ precheck_conf_ceph()
            done
            if [[ -z $CEPH_SECRET ]]; then
                prnt E "CEPH secret key is not declared, can't continue!"
-                prnt I "If you don't want to put tour CEPH secret in configuration file,"
+                prnt I "If you don't want to put a CEPH secret var in configuration file,"
                prnt m "you need to export it temporarily in your environment, using the"
                prnt m "\"CEPH_SECRET\" variable."
-                exit 181
+                die 181
            elif ! check_secret $CEPH_SECRET; then
                prnt E "The declared $CEPH_SECRET is not accessible."
                die 183
            fi
            if [[ -z $CEPH_MOUNTS ]]; then
                prnt E "No CEPH mounts declared, despite reachable servers."
                die 182
            fi
        else
            prnt E "No CEPH server declared!"
            die 182
        fi
    else
-        prnt W "System incompatible with ceph, falling back to samba..."
+        prnt W "System incompatible with ceph, falling back to Samba or NFS..."
    fi
 }
--- a/modules/conf_disks.sh
+++ b/modules/conf_disks.sh
@@ -16,7 +16,7 @@
 #  * CALCDRV: Target drives, preferably through ID.
 # ------------------------------------------------------------------------------
-export VER_conf_disks="0.0.9"
+export VER_conf_disks="0.0.9-obsolete"
 export DEP_conf_disks="upgrade_dist"
 # ------------------------------------------------------------------------------
@@ -96,7 +96,7 @@ precheck_conf_disks()
        prnt E "Format de disque inconnu ($CALCTYPE) !"
        die 150
    fi
-	
+
    prnt I "Vérification des lecteurs pour disque de calcul."
    local drvcount=0
    for drv in $CALCDRV; do
@@ -105,7 +105,7 @@ precheck_conf_disks()
                prnt I "Le dique $drv est vierge, il sera formaté en $CALCTYPE."
            else
                prnt W "Le disque $drv n'est pas vierge !"
-                if [[ $FORCEBLANK==true ]]; then
+                if [[ $FORCEBLANK == true ]]; then
                    prnt W "Le disque $drv sera réinitialisé !"
                else
                    prnt E "La réinitialisation de $drv n'est pas autorisé, rien ne sera fait !"
@@ -119,7 +119,7 @@ precheck_conf_disks()
        (( drvcount+=1 ))
    done
-    if [[ ! $CALCTYPE=="zfs" && drvcount -gt 1 ]]; then
+    if [[ ! $CALCTYPE == "zfs" && drvcount -gt 1 ]]; then
        prnt E "Plusieurs diques impossibles avec Ext4 ou XFS !"
        die 150
    fi
--- a/modules/conf_locale.sh
+++ b/modules/conf_locale.sh
@@ -31,7 +31,7 @@ conf_locale()
    # Removing locales not in the list
    prnt I "Deactivating initial locales from installation..."
-    if [[ $(grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$') ]]; then
+    if [[ -n $(grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$') ]]; then
        grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$' |
            while read -r line; do
                sed -i "s/$line/# $line/" $gen_fname
--- a/modules/conf_mail.sh
+++ b/modules/conf_mail.sh
@@ -13,8 +13,8 @@
 #  * MAIL_RELAY: Name of the mail relay server
 # ------------------------------------------------------------------------------
-export VER_conf_mail="0.0.7"
+export VER_conf_mail="0.0.8"
-export DEP_conf_mail="upgrade_dist"
+export DEP_conf_mail=""
 conf_mail()
 {
@@ -30,7 +30,7 @@ conf_mail()
        -e "s/@MAIL_RELAY@/$MAIL_RELAY/" $pfmain
    echo $HOSTNAME.$REALM > /etc/mailname
-    tag_file /etc/mailname
+    #tag_file /etc/mailname
    svc_restart postfix
 }
--- a/modules/conf_network.sh
+++ b/modules/conf_network.sh
@@ -21,7 +21,7 @@
 # ------------------------------------------------------------------------------
 export VER_conf_network="0.0.8"
-export DEP_conf_network="install_pkg"
+export DEP_conf_network=""
 conf_network()
 {
@@ -35,153 +35,155 @@ conf_network()
    # First configure IPv4 ifaces
    local iface=
    for iface in $IPV4_IFACES; do
-        echo -e "\n# --------------------------------\n"  >> $if_file
+	echo -e "\n# --------------------------------\n"  >> $if_file
-        if [[ $(eval echo \$NET4_MODE_$iface) == static ]]; then
+	if [[ $(eval echo \$NET4_MODE_$iface) == static ]]; then
-            prnt I "Configuring IPv4 network interface $iface in static mode..."
+	    prnt I "Configuring IPv4 network interface $iface in static mode..."
-            echo "auto $iface" >> $if_file
+	    echo "auto $iface" >> $if_file
-            echo "iface $iface inet static" >> $if_file
+	    echo "iface $iface inet static" >> $if_file
-            echo -e "\taddress $(eval echo \$NET4_IP_$iface)" >> $if_file
+	    echo -e "\taddress $(eval echo \$NET4_IP_$iface)" >> $if_file
-            if [[ -n $(eval echo \$NET4_GW_$iface) ]]; then
+	    if [[ -n $(eval echo \$NET4_GW_$iface) ]]; then
-                echo -e "\tgateway $(eval echo \$NET4_GW_$iface)" >> $if_file
+		echo -e "\tgateway $(eval echo \$NET4_GW_$iface)" >> $if_file
-            fi
+	    fi
-            if [[ -n $(eval echo \$NET4_NS_$iface) ]]; then
+	    if [[ -n $(eval echo \$NET4_NS_$iface) ]]; then
-                echo -e "\tdns_nameservers $(eval echo \$NET4_NS_$iface)" >> $if_file
+		echo -e "\tdns_nameservers $(eval echo \$NET4_NS_$iface)" >> $if_file
-            fi
+	    fi
-            if [[ -n $(eval echo \$NET4_NS_SEARCH_$iface) ]]; then
+	    if [[ -n $(eval echo \$NET4_NS_SEARCH_$iface) ]]; then
-                echo -e "\tdns_search $(eval echo \$NET4_NS_SEARCH_$iface)" >> $if_file
+		echo -e "\tdns_search $(eval echo \$NET4_NS_SEARCH_$iface)" >> $if_file
-            fi
+	    fi
-        elif [[ $(eval echo \$NET4_MODE_$iface) == dhcp ]]; then
+	elif [[ $(eval echo \$NET4_MODE_$iface) == dhcp ]]; then
-            prnt I "Configuring IPv4 network interface $iface in DHCP mode..."
+	    prnt I "Configuring IPv4 network interface $iface in DHCP mode..."
-            echo "auto $iface" >> $if_file
+	    echo "auto $iface" >> $if_file
-            echo "iface $iface inet dhcp" >> $if_file
+	    echo "iface $iface inet dhcp" >> $if_file
-        elif [[ $(eval echo \$NET4_MODE_$iface) == manual ]]; then
+	elif [[ $(eval echo \$NET4_MODE_$iface) == manual ]]; then
-            local fname=$(eval echo \$NET4_MANUAL_FILE_$iface)
+	    local fname=$(eval echo \$NET4_MANUAL_FILE_$iface)
-            append_file $fname $if_file
+	    append_file $fname $if_file
-            unset fname
+	    unset fname
-        fi
+	fi
    done
    for iface in $IPV6_IFACES; do
-        echo -e "\n# --------------------------------\n"  >> $if_file
+	echo -e "\n# --------------------------------\n"  >> $if_file
-        if [[ $(eval echo \$NET6_MODE_$iface) == static ]]; then
+	if [[ $(eval echo \$NET6_MODE_$iface) == static ]]; then
-            prnt I "Configuring IPv6 network interface $iface in static mode..."
+	    prnt I "Configuring IPv6 network interface $iface in static mode..."
-            echo "auto $iface" >> $if_file
+	    echo "auto $iface" >> $if_file
-            echo "iface $iface inet6 static" >> $if_file
+	    echo "iface $iface inet6 static" >> $if_file
-            echo -e "\taddress $(eval echo \$NET6_IP_$iface)" >> $if_file
+	    echo -e "\taddress $(eval echo \$NET6_IP_$iface)" >> $if_file
-            if [[ -n $(eval echo \$NET6_GW_$iface) ]]; then
+	    if [[ -n $(eval echo \$NET6_GW_$iface) ]]; then
-                echo -e "\tgateway $(eval echo \$NET6_GW_$iface)" >> $if_file
+		echo -e "\tgateway $(eval echo \$NET6_GW_$iface)" >> $if_file
-            fi
+	    fi
-            if [[ -n $(eval echo \$NET6_NS_$iface) ]]; then
+	    if [[ -n $(eval echo \$NET6_NS_$iface) ]]; then
-                echo -e "\tdns_nameservers $(eval echo \$NET6_NS_$iface)" >> $if_file
+		echo -e "\tdns_nameservers $(eval echo \$NET6_NS_$iface)" >> $if_file
-            fi
+	    fi
-            if [[ -n $(eval echo \$NET6_NS_SEARCH_$iface) ]]; then
+	    if [[ -n $(eval echo \$NET6_NS_SEARCH_$iface) ]]; then
-                echo -e "\tdns_search $(eval echo \$NET6_NS_SEARCH_$iface)" >> $if_file
+		echo -e "\tdns_search $(eval echo \$NET6_NS_SEARCH_$iface)" >> $if_file
-            fi
+	    fi
-        elif [[ $(eval echo \$NET6_MODE_$iface) == dhcp ]]; then
+	elif [[ $(eval echo \$NET6_MODE_$iface) == dhcp ]]; then
-            prnt I "Configuring IPv6 network interface $iface in DHCP mode..."
+	    prnt I "Configuring IPv6 network interface $iface in DHCP mode..."
-            echo "auto $iface" >> $if_file
+	    echo "auto $iface" >> $if_file
-            echo "iface $iface inet6 dhcp" >> $if_file
+	    echo "iface $iface inet6 dhcp" >> $if_file
-        elif [[ $(eval echo \$NET6_MODE_$iface) == manual ]]; then
+	elif [[ $(eval echo \$NET6_MODE_$iface) == manual ]]; then
-            local fname=$(eval echo \$NET6_MANUAL_FILE_$iface)
+	    local fname=$(eval echo \$NET6_MANUAL_FILE_$iface)
-            append_file $fname $if_file
+	    append_file $fname $if_file
-            unset fname
+	    unset fname
-        fi
+	fi
    done
    prnt I "Restart network to apply changes"
    svc_restart networking || true && prnt W "Ignoring errors here."
    unset iface if_file
    NEED_REBOOT=true
 }
 precheck_conf_network()
 {
    file_must_exists interfaces.head
    if [[ -z $IPV4_IFACES ]]; then
-        prnt W "No IPv4 interfaces to configure."
+	prnt W "No IPv4 interfaces to configure."
    else
-        for iface in $IPV4_IFACES; do
+	for iface in $IPV4_IFACES; do
-            if [[ ! -d /sys/class/net/$iface ]]; then
+	    if [[ ! -d /sys/class/net/$iface ]]; then
-                prnt E "The iface $iface, asked to configure, do not exist!"
+		prnt E "The iface $iface, asked to configure, do not exist!"
-                die 175
+		die 175
-            else 
+	    else
-                if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
+		if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
-                    prnt W "The IPv4 iface $iface, is already configured, a reboot will be required."
+		    prnt W "The IPv4 iface $iface, is already configured, a reboot could be required."
-                fi
+		fi
-            fi
+	    fi
-            if [[ -z $(eval echo \$NET4_MODE_$iface) ]]; then
+	    if [[ -z $(eval echo \$NET4_MODE_$iface) ]]; then
-                prnt E "Interfaces $iface have no mode set!"
+		prnt E "Interfaces $iface have no mode set!"
-                die 175
+		die 175
-            else
+	    else
-                case $(eval echo \$NET4_MODE_$iface) in
+		case $(eval echo \$NET4_MODE_$iface) in
-                    "static")
+		    "static")
-                        if [[ -z $(eval echo \$NET4_IP_$iface) ]]; then
+			if [[ -z $(eval echo \$NET4_IP_$iface) ]]; then
-                            prnt E "No IPv4 have been assigned to static interface $iface!"
+			    prnt E "No IPv4 have been assigned to static interface $iface!"
-                        fi
+			fi
-                        prnt m " * Interface $iface will have $(eval echo \$NET4_IP_$iface) static IPv4 address."
+			prnt m " * Interface $iface will have $(eval echo \$NET4_IP_$iface) static IPv4 address."
-                    ;;
+		    ;;
-                    "dhcp")
+		    "dhcp")
-                        prnt m " * Interface $iface will use DHCP."
+			prnt m " * Interface $iface will use DHCP."
-                    ;;
+		    ;;
-                    "manual")
+		    "manual")
-                        file_must_exists $(eval echo \$NET4_MANUAL_FILE_$iface)
+			file_must_exists $(eval echo \$NET4_MANUAL_FILE_$iface)
-                        prnt m " * Interface $iface will use manual IPv4 configuration in a file."
+			prnt m " * Interface $iface will use manual IPv4 configuration in a file."
-                    ;;
+		    ;;
-                    *)
+		    *)
-                        prnt E "Interfaces mode \"$(eval echo \$NET4_MODE_$iface)\" unsuported!"
+			prnt E "Interfaces mode \"$(eval echo \$NET4_MODE_$iface)\" unsuported!"
-                        die 175
+			die 175
-                    ;;
+		    ;;
-                esac
+		esac
-            fi
+	    fi
-        done
+	done
    fi
    if [[ -z $IPV6_IFACES ]]; then
-        prnt W "No IPv6 interfaces to configure."
+	prnt W "No IPv6 interfaces to configure."
    else
-        for iface in $IPV6_IFACES; do
+	for iface in $IPV6_IFACES; do
-            if [[ ! -d /sys/class/net/$iface ]]; then
+	    if [[ ! -d /sys/class/net/$iface ]]; then
-                prnt E "The iface $iface, asked to configure, do not exist!"
+		prnt E "The iface $iface, asked to configure, do not exist!"
-                die 175
+		die 175
-            else
+	    else
-                if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
+		if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
-                    prnt W "The IPv6 iface $iface, is already configured, a reboot will be required."
+		    prnt W "The IPv6 iface $iface, is already configured, a reboot could be required."
-                fi
+		fi
-            fi
+	    fi
-            if [[ -z $(eval echo \$NET6_MODE_$iface) ]]; then
+	    if [[ -z $(eval echo \$NET6_MODE_$iface) ]]; then
-                prnt E "Interfaces $iface have no mode set!"
+		prnt E "Interfaces $iface have no mode set!"
-                die 175
+		die 175
-            else
+	    else
-                case $(eval echo \$NET6_MODE_$iface) in
+		case $(eval echo \$NET6_MODE_$iface) in
-                    "static")
+		    "static")
-                        if [[ -z $(eval echo \$NET6_IP_$iface) ]]; then
+			if [[ -z $(eval echo \$NET6_IP_$iface) ]]; then
-                            prnt E "No IPv6 have been assigned to static interface $iface!"
+			    prnt E "No IPv6 have been assigned to static interface $iface!"
-                        fi
+			fi
-                        prnt m " * Interface $iface will have $(eval echo \$NET6_IP_$iface) static IPv6 address."
+			prnt m " * Interface $iface will have $(eval echo \$NET6_IP_$iface) static IPv6 address."
-                    ;;
+		    ;;
-                    "dhcp")
+		    "dhcp")
-                        prnt m " * Interface $iface will use DHCPv6."
+			prnt m " * Interface $iface will use DHCPv6."
-                    ;;
+		    ;;
-                    "manual")
+		    "manual")
-                        file_must_exists $(eval echo \$NET6_MANUAL_FILE_$iface)
+			file_must_exists $(eval echo \$NET6_MANUAL_FILE_$iface)
-                        prnt m " * Interface $iface will use manual IPv6 configuration in a file."
+			prnt m " * Interface $iface will use manual IPv6 configuration in a file."
-                    ;;
+		    ;;
-                    *)
+		    *)
-                        prnt E "Interfaces mode \"$(eval echo \$NET6_MODE_$iface)\" unsuported!"
+			prnt E "Interfaces mode \"$(eval echo \$NET6_MODE_$iface)\" unsuported!"
-                        die 175
+			die 175
-                    ;;
+		    ;;
-                esac
+		esac
-            fi
+	    fi
-        done
+	done
    fi
 }
--- a/modules/conf_nfs.sh
+++ b/modules/conf_nfs.sh
@@ -0,0 +1,66 @@
 # ------------------------------------------------------------------------------
 # Configure NFS mounts
 # This file is part of the init.sh project
 # Copyright (c) 2019-2023 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
 # https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
 # Variable list:
 #  * NFS_MOUNTS: list of mounts used in other variable names
 #  * MOUNTSERV_<mnt>: server acces to mount <mnt>
 #  * MOUNTPOINT_<mnt>: mount point for <mnt>
 #  * MOUNTOPTS_<mnt>: optionnaly, extra mount options for <mnt>
 #       ("defaults,_netdev" by default)
 # ------------------------------------------------------------------------------
 # Module version
 export VER_conf_nfs="0.0.3"
 # Module's code
 conf_nfs()
 {
    pkginst nfs-common
    for mnt in $NFS_MOUNTS; do
 	local mnt_serv=$(eval echo \$MOUNTSERV_$mnt)
 	local mnt_point=$(eval echo \$MOUNTPOINT_$mnt)
 	local mnt_opts=$(eval echo \$MOUNTOPTS_$mnt)
 	if [[ $(echo $mnt_opts | wc -w) == "0" ]]; then
 	    mnt_opts="defaults,_netdev"
 	fi
 	if [[ -z $(grep "$mnt_serv" /etc/fstab) ]]; then
 	    echo -e "${mnt_serv}\t${mnt_point}\tnfs4\t${mnt_opts}\t0\t0" >> /etc/fstab
 	fi
 	unset mnt_serv
 	if [[ ! -d $mnt_point ]]; then
 	    mkdir -pv "$mnt_point"
 	fi
 	mount -v "$mnt_point"
 	unset mnt_point
    done
 }
 # Preliminary checks code for the module
 precheck_conf_nfs()
 {
    if [[ -n $NFS_MOUNTS ]]; then
 	for mnt in $NFS_MOUNTS; do
 	    if [[ -z $(eval echo \$MOUNTSERV_$mnt) ]]; then
 		prnt E "The server mount for $NFS_MOUNT is not declared."
 		die 182
 	    fi
 	    if [[ -z $(eval echo \$MOUNTPOINT_$mnt) ]]; then
 		prnt E "The mountpoint for $NFS_MOUNT is not declared."
 		die 183
 	    fi
 	    prnt I "NFS server $(eval echo \$MOUNTSERV_$mnt) will be mounted on $(eval echo \$MOUNTPOINT_$mnt)."
 	done
    fi
 }
 # Public functions might be exported
 export -f conf_nfs
 export -f precheck_conf_nfs
 # EOF
--- a/modules/conf_ntp.sh
+++ b/modules/conf_ntp.sh
@@ -11,36 +11,51 @@
 #  * NTPSERVERS: list of NTP servers
 # ------------------------------------------------------------------------------
-export VER_conf_ntp="0.1.6"
+export VER_conf_ntp="0.2.0"
 export DEP_conf_ntp=""
 conf_ntp()
 {
    if [[ $(pidof systemd) ]]; then
-        prnt I "Disabling Systemd-timesyncd..."
+	prnt I "Disabling Systemd-timesyncd..."
-        systemctl disable systemd-timesyncd || true
+	systemctl disable systemd-timesyncd || true
    fi
    NTP_SERV=${NTP_SERV:-ntp}
    prnt I "Installing ntp daemon..."
-    pkginst ntp
+    pkginst $NTP_SERV
    prnt I "Stopping service ntp..."
-    svc_stop ntp
+    svc_stop $NTP_SERV
    if [[ $NTP_SERV == ntpsec ]]; then
 	local conf_file="/etc/$NTP_SERV/ntp.conf"
    else
 	local conf_file="/etc/ntp.conf"
    fi
    prnt I "Installing NTP configuration file..."
-    local dest="/etc/ntp.conf.work"
+    local dest="${conf_file}.work"
-    backup_dist /etc/ntp.conf
+    backup_dist "$conf_file"
-    tag_file $dest
+    if [[ -s $NTP_SERV ]]; then
-    install_file ntp.conf $dest
+	install_file ${NTP_SERV}.conf "$dest"
    else
 	install_file ntp.conf "$dest"
    fi
    tag_file "$dest"
    local line=""
    for srv in $NTP_SERVERS; do
-        line="${line}server $srv iburst\n"
+	line="${line}server $srv iburst\n"
    done
-    sed -i -e "s/@SERVERLIST@/$line/" $dest &&
+    sed -i -e "s/@SERVERLIST@/$line/" "$dest" &&
-        echo "# Generated on $(stdtime)" >> $dest &&
+	mv -fv "$dest" "$conf_file"
        mv -fv $dest /etc/ntp.conf
    prnt I "Starting service ntp..."
-    svc_start ntp
+
    if [[ -n $NTP_SERV ]]; then
 	svc_start $NTP_SERV
    else
 	svc_start ntp
    fi
    sleep 2 # short sleep so we're sure daemon is ready
    ntptime
 }
@@ -49,14 +64,14 @@ conf_ntp()
 precheck_conf_ntp()
 {
    if [[ -z $NTP_SERVERS ]]; then
-        prnt E "No configured NTP server!"
+	prnt E "No configured NTP server!"
-        die 151
+	die 151
    else
-        file_must_exists ntp.conf
+	file_must_exists ntp.conf
-        prnt m "The NTP servers to be used will be:"
+	prnt m "The NTP servers to be used will be:"
-        for srv in $NTP_SERVERS; do
+	for srv in $NTP_SERVERS; do
-            prnt m "  * $srv"
+	    prnt m "  * $srv"
-        done
+	done
    fi
 }
--- a/modules/conf_ssh.sh
+++ b/modules/conf_ssh.sh
@@ -12,7 +12,7 @@
 # ------------------------------------------------------------------------------
 export VER_conf_ssh="0.1.4"
-export DEP_conf_ssh="upgrade_dist"
+export DEP_conf_ssh=""
 conf_ssh()
 {
@@ -24,9 +24,9 @@ conf_ssh()
    prnt I "Installating OpenSSH configuration files..."
    for f in /etc/ssh/ssh{,d}_config; do
-        backup_dist $f
+	backup_dist $f
-        install_file ssh/$(basename $f) $f
+	install_file ssh/$(basename $f) $f
-        tag_file $f
+	tag_file $f
    done
    sed -i -e "s#@SSHD_PERMITROOT_RANGE@#$SSHD_PERMITROOT_RANGE#" /etc/ssh/sshd_config
--- a/modules/conf_syslog.sh
+++ b/modules/conf_syslog.sh
@@ -15,6 +15,7 @@ export VER_conf_syslog="0.0.5"
 conf_syslog()
 {
    pkginst rsyslog
    local syslogconf=/etc/rsyslog.conf
    prnt I "Configuring rsyslog..."
    backup_dist $syslogconf
--- a/modules/create_vm.sh
+++ b/modules/create_vm.sh
@@ -11,14 +11,14 @@
 #   To be defined
 # ------------------------------------------------------------------------------
-export VER_create_vm="0.0.2"
+export VER_create_vm="0.0.2-obsolete"
 export DEP_create_vm="upgrade_dist install_pkg"
 create_vm()
 {
    if [[ $WITH_VM != "yes" ]]; then
-        prnt W "That computer is not configured for virtualisation, nothing to do." 
+	prnt W "That computer is not configured for virtualisation, nothing to do." 
-        return 0
+	return 0
    fi
    pkginst virtualbox
@@ -32,60 +32,60 @@ create_vm()
    local accel_2d=off
    case $VM_OS in
-        Windows*)
+	Windows*)
-            accel_2d=on
+	    accel_2d=on
-            ;;
+	    ;;
    esac
    # Create emty VM
    local targetdir=$VM_ROOT/vms/$VM_NAME
    vboxmanage createvm --ostype $VM_OS --basefolder $targetdir \
-        --name $VM_NAME --register
+	--name $VM_NAME --register
    # Give main caracteristics
    vboxmanage modifyvm $VM_NAME \
-        --cpus $VM_CPU --memory $VM_MEM --vram  $VM_VID_MEM \
+	--cpus $VM_CPU --memory $VM_MEM --vram  $VM_VID_MEM \
-        --boot1 $VM_BOOT1 --VM_BOOT2 $VM_BOOT2 --boot3 $VM_BOOT3 \
+	--boot1 $VM_BOOT1 --VM_BOOT2 $VM_BOOT2 --boot3 $VM_BOOT3 \
-        --nic1 bridged --bridgeadapter1 $VM_IF_BRIDGE \
+	--nic1 bridged --bridgeadapter1 $VM_IF_BRIDGE \
-        --accelerate2dvideo $accel_2d \
+	--accelerate2dvideo $accel_2d \
-        --clipboard bidirectional --draganddrop disabled
+	--clipboard bidirectional --draganddrop disabled
    # Add a SATA controler
    vboxmanage storagectl $VM_NAME \
-        --name sata0 --add sata --controller IntelAHCI --bootable on \
+	--name sata0 --add sata --controller IntelAHCI --bootable on \
-        --hostiocache on --portcount 6
+	--hostiocache on --portcount 6
    # Create a virtual HDD
    vboxmanage createmedium \
-        --size $VM_DISK_SIZE --variant Fixed --filename $targetdir/$VM_NAME.vdi
+	--size $VM_DISK_SIZE --variant Fixed --filename $targetdir/$VM_NAME.vdi
    # Connect the created HDD to the VM
    vboxmanage storageattach $VM_NAME \
-        --storagectl sata0 --port 1 --device 0 --type hdd \
+	--storagectl sata0 --port 1 --device 0 --type hdd \
-        --medium $targetdir/$VM_NAME.vdi
+	--medium $targetdir/$VM_NAME.vdi
    unset targetdir accel_2d
    # Add empty DVD
    vboxmanage storageattach $VM_NAME --storagectl sata0 --port 2 --device 0 \
-        --medium emptydrive
+	--medium emptydrive
    # Add shares
    local share= i=0
    for share in $VM_SHARES_NAME; do
-        (( i+=1 ))
+	(( i+=1 ))
-        local j=0 hostpath=""
+	local j=0 hostpath=""
-        for path in $VM_SHARES_PATH; do
+	for path in $VM_SHARES_PATH; do
-            (( j+=1 ))
+	    (( j+=1 ))
-            if [[ $i -eq $j ]]; then
+	    if [[ $i -eq $j ]]; then
-                hostpath=$path
+		hostpath=$path
-            fi
+	    fi
-        done
+	done
-        unset j
+	unset j
-        vboxmanage sharedfolder add $VM_NAME \
+	vboxmanage sharedfolder add $VM_NAME \
-            --name ${VM_SHARES_NAME,,} --hostpath $hostpath
+	    --name ${VM_SHARES_NAME,,} --hostpath $hostpath
    done
    unset share i
 }
@@ -93,35 +93,35 @@ create_vm()
 precheck_create_vm()
 {
    if [[ $WITH_VM == "yes" ]]; then
-        if [[ -z $VM_NAME ]]; then
+	if [[ -z $VM_NAME ]]; then
-            prnt E "The virtual machine must have a name."
+	    prnt E "The virtual machine must have a name."
-            die 181
+	    die 181
-        fi
+	fi
-        if [[ -z VM_CPU || -z VM_MEM || -z VM_OS || -z VM_ROOT || \
+	if [[ -z VM_CPU || -z VM_MEM || -z VM_OS || -z VM_ROOT || \
-            -z VM_BOOT1 || -z VM_BOOT2 || -z VM_BOOT3 || -z VM_VID_MEM ||
+	    -z VM_BOOT1 || -z VM_BOOT2 || -z VM_BOOT3 || -z VM_VID_MEM ||
-            -z VM_IF_BRIDGE || -z VM_DISK_SIZE ]]; then
+	    -z VM_IF_BRIDGE || -z VM_DISK_SIZE ]]; then
-            prnt E "A necessary declaration for the virtual machine is absent!"
+	    prnt E "A necessary declaration for the virtual machine is absent!"
-            die 181
+	    die 181
-        else
+	else
-            prnt I "The virtual machine \"$VM_NAME\" will be created in $VM_ROOT..."
+	    prnt I "The virtual machine \"$VM_NAME\" will be created in $VM_ROOT..."
-        fi
+	fi
-        local share= i=0 j=0
+	local share= i=0 j=0
-        for share in $VM_SHARES_NAME; do
+	for share in $VM_SHARES_NAME; do
-            (( i+=1 ))
+	    (( i+=1 ))
-        done
+	done
-        for share in $VM_SHARES_PATH; do
+	for share in $VM_SHARES_PATH; do
-            (( j+=1 ))
+	    (( j+=1 ))
-        done
+	done
-        unset share
+	unset share
-        if [[ $i -eq $j ]]; then
+	if [[ $i -eq $j ]]; then
-            prnt I "The virtual machine will access $i directories from the host."
+	    prnt I "The virtual machine will access $i directories from the host."
-        else
+	else
-            prnt E "The number of share and path to share is different!"
+	    prnt E "The number of share and path to share is different!"
-            die 182
+	    die 182
-        fi
+	fi
    else
-        prnt I "No virtual machine to create."
+	prnt I "No virtual machine to create."
    fi
 }
--- a/modules/install_chromium.sh
+++ b/modules/install_chromium.sh
@@ -20,25 +20,29 @@ install_chromium()
 {
    # Add Debian repo to sources.list.d directory depending on Ubuntu version
    case $SYS_VER in
-        16.04|16.10|17.04|17.10)
+	16.04|16.10|17.04|17.10)
-            prnt I "Adding Debian Stretch repository to software sources..."
+	    prnt I "Adding Debian Stretch repository to software sources..."
-            install_file debian_stretch.list /etc/apt/sources.list.d/
+	    install_file debian_stretch.list /etc/apt/sources.list.d/
-        ;;
+	;;
-        18.04|18.10|19.04|19.10)
+	18.04|18.10|19.04|19.10)
-            prnt I "Adding Debian Buster repository to software sources..."
+	    prnt I "Adding Debian Buster repository to software sources..."
-            install_file debian_buster.list /etc/apt/sources.list.d/
+	    install_file debian_buster.list /etc/apt/sources.list.d/
-        ;;
+	;;
-        20.04|20.10|21.04|21.10)
+	20.04|20.10|21.04|21.10)
-            prnt I "Adding Debian Bullseye repository to software sources..."
+	    prnt I "Adding Debian Bullseye repository to software sources..."
-            install_file debian_bullseye.list /etc/apt/sources.list.d/
+	    install_file debian_bullseye.list /etc/apt/sources.list.d/
-        ;;
+	;;
 	22.04|22.10|23.04|23.10)
 	    prnt I "Adding Debian Bookworm repository to software sources..."
 	    install_file debian_bookworm.list /etc/apt/sources.list.d/
 	;;
    esac
    # Install Debian GPG keys
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys DCC9EFBF77E11517
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "DCC9EFBF77E11517"
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "648ACFD622F3D138"
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA8E81B4331F7F50
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "AA8E81B4331F7F50"
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 112695A0E562B32A
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "112695A0E562B32A"
    # Install package manager conf file for Chromium
    install_file apt_chromium.conf /etc/apt/preferences.d/
@@ -56,23 +60,26 @@ precheck_install_chromium()
 {
    # Check we run Ubuntu
    if [[ $SYS_DIST != "ubuntu" ]]; then
-        prnt E "The install_chromium module is a Ubuntu only workaround."
+	prnt E "The install_chromium module is a Ubuntu only workaround."
-        die 165
+	die 165
    fi
    case $SYS_VER in
-        16.04|16.10|17.04|17.10)
+	16.04|16.10|17.04|17.10)
-            prnt m " * Detected Ubuntu $SYS_VER, will install Stretch version of Chromium"
+	    prnt m " * Detected Ubuntu $SYS_VER, will install Stretch version of Chromium"
-        ;;
+	;;
-        18.04|18.10|19.04|19.10)
+	18.04|18.10|19.04|19.10)
-            prnt m " * Detected Ubuntu $SYS_VER, will install Buster version of Chromium"
+	    prnt m " * Detected Ubuntu $SYS_VER, will install Buster version of Chromium"
-        ;;
+	;;
-        20.04|20.10|21.04|21.10)
+	20.04|20.10|21.04|21.10)
-            prnt m " * Detected Ubuntu $SYS_VER, will install Bullseye version of Chromium"
+	    prnt m " * Detected Ubuntu $SYS_VER, will install Bullseye version of Chromium"
-        ;;
+	;;
-        *)
+	22.04|22.10|23.04|23.10)
-            prnt E "Unable to determine the corresponding Debian version."
+	    prnt m " * Detected Ubuntu $SYS_VER, will install Bookworm version of Chromium"
-            die 165
+	;;
-        ;;
+	*)
 	    prnt E "Unable to determine the corresponding Debian version."
 	    die 165
 	;;
    esac
 }
--- a/modules/install_desktop.sh
+++ b/modules/install_desktop.sh
@@ -16,31 +16,31 @@
 # ------------------------------------------------------------------------------
 export VER_install_desktop="0.0.5"
-export DEP_install_desktop="upgrade_dist"
+export DEP_install_desktop=""
 install_desktop()
 {
    if [[ -n $X11_DRV ]]; then
-        prnt I "Installing additionnal X11 drivers..."
+	prnt I "Installing additionnal X11 drivers..."
-        pkginst $X11_DRV
+	pkginst $X11_DRV
    fi
-    if [[ $UBUNTU_FLAVOR ]]; then
+    if [[ -n $UBUNTU_FLAVOR ]]; then
-        prnt I "Installing $UBUNTU_FLAVOR environment..."
+	prnt I "Installing $UBUNTU_FLAVOR environment..."
-        pkginst ${UBUNTU_FLAVOR}-desktop
+	pkginst ${UBUNTU_FLAVOR}-desktop
    fi
    # Because we're lazy but manual actions can avoid reboot...
-    NEED_REBOOT=true
+    export NEED_REBOOT=true
 }
 precheck_install_desktop()
 {
    if [[ -z $UBUNTU_FLAVOR ]]; then
-        prnt W "No Ubuntu flavor chosen, no desktop environment will be installed!"
+	prnt W "No Ubuntu flavor chosen, no desktop environment will be installed!"
    else
-        prnt m " * The flavor $UBUNTU_FLAVOR will be installed..."
+	prnt m " * The flavor $UBUNTU_FLAVOR will be installed..."
    fi
    if [[ -n $X11_DRV ]]; then
-        prnt W "Non free drivers will be installed."
+	prnt W "Non free drivers will be installed."
    fi
 }
--- a/modules/install_mkagent.sh
+++ b/modules/install_mkagent.sh
@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------
 # Install check_mk agent using xinetd superserver
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2023 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -9,33 +9,144 @@
 # ------------------------------------------------------------------------------
 # Variable:
 #  * MK_SERVER: Server IP address
-#  * MK_PORT: Port check_mk agent will use to communicate with server
+#  * MK_SITE: The check_mk site (or instance) to use
 #  * MK_URL: The URL to use to download the agent
 #  * MK_SECRET: The secret to use to register the agent
 #  * MK_USER: The user to use to register
 # ------------------------------------------------------------------------------
-export VER_install_mkagent="0.0.6"
+export VER_install_mkagent="0.1.0"
-export DEP_install_mkagent="upgrade_dist install_pkg"
+export DEP_install_mkagent=""
 # ------------------------------------------------------------------------------
 # Extract CheckMK version from the server
 get_checkmk_version_from_server()
 {
    local ip="$1"
    local site="${2:-$MK_SITE}"
    local proto out v header
    local re_version='[0-9]+\.[0-9]+(\.[0-9]+)?p?[0-9]+'
    [[ -n "$MK_VERSION" ]] && { printf '%s' "$MK_VERSION"; return 0; }
    for proto in http https; do
        # 1) Tentative via version.py (souvent non protégée)
        if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/version.py" 2>/dev/null); then
            v=$(grep -oE "$re_version" <<<"$out" | head -n1)
            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
        fi
        # 2) Tentative via login.py (page de connexion)
        if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/login.py" 2>/dev/null); then
            v=$(grep -oE "$re_version" <<<"$out" | grep -vE '2\.[0-9]{1,3}\.[0-9]{2,3}' | head -n1)
            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
        fi
        # 3) En-têtes HTTP éventuels
        header=$(curl -fsSI --max-time 3 "$proto://$ip/$site/" 2>/dev/null || true)
        if [[ -n "$header" ]]; then
            v=$(grep -oiE "$re_version" <<<"$header" | head -n1)
            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
        fi
        # 4) Fallback : page d'accueil, mais filtrer les faux positifs du JS
        out=$(curl -fsS --max-time 5 "$proto://$ip/$site/" 2>/dev/null || true)
        if [[ -n "$out" ]]; then
            # Filtre plus strict : commence par 1.x ou 2.x et max 2 chiffres après le point
            v=$(grep -oE "$re_version" <<<"$out" \
                | grep -E '^2\.[0-9]+(\.[0-9]+)?p?[0-9]*$' \
                | grep -vE '\.[0-9]{3,}' \
                | head -n1)
            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
        fi
    done
    return 1
 }
 install_mkagent()
 {
-    wget $MK_URL -O /tmp/check-mk-agent_${MK_VERSION}_all.deb
+    local debfile="/tmp/check-mk-agent_latest_all.deb"
-    pkginst xinetd /tmp/check-mk-agent_${MK_VERSION}_all.deb
+    prnt I "Downloading CheckMK agent from: $MK_URL"
    rm /tmp/check-mk-agent_${MK_VERSION}_all.deb
-    backup_dist /etc/xinetd.d/check_mk
+    # try primary URL
-    install_file cmk/check_mk /etc/xinetd.d/check_mk
+    if ! wget -q "$MK_URL" -O "$debfile"; then
-    tag_file /etc/xinetd.d/check_mk
+        prnt W "Primary download failed. Attempting to detect server version and fallback..."
-    sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk
+        local mkver
        mkver=$(get_checkmk_version_from_server "$MK_SERVER_IP" 2>/dev/null || true)
-    mkdir -pv /usr/lib/check_mk_agent/plugins/28800
+        if [[ -n "$mkver" ]]; then
-    install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/28800/mk_apt
+            prnt I "Detected Check_MK version: $mkver — building fallback URL"
            # replace the literal 'latest' token in MK_URL with the detected version
            local fallback_url
            fallback_url="${MK_URL/latest/$mkver-1}"
            prnt I "Trying fallback URL: $fallback_url"
            if ! wget -q "$fallback_url" -O "$debfile"; then
                prnt E "Fallback download with version $mkver failed."
                die 163
            fi
        else
            prnt E "Unable to detect Check_MK version on $MK_SERVER_IP and primary download failed."
            die 163
        fi
    fi
-    svc_restart xinetd
+    # On non-systemd systems, install xinetd before the .deb to avoid postinst failures
    if ! pidof systemd >/dev/null; then
        pkginst xinetd
    fi
    # Install agent package
    pkginst "$debfile"
    rm -f "$debfile"
    # Enable service depending on init system
    if pidof systemd >/dev/null; then
        systemctl enable --now check-mk-agent.socket
    else
        backup_dist /etc/xinetd.d/check-mk-agent
        install_file cmk/check_mk /etc/xinetd.d/check-mk-agent
        tag_file /etc/xinetd.d/check-mk-agent
        sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check-mk-agent
        svc_restart xinetd
    fi
    # Debian plugin
    if [[ $PKG_MAN == "apt-get" ]]; then
        mkdir -pv /usr/lib/check_mk_agent/plugins/3600
        install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/3600/mk_apt
    fi
    # Registration (if secret provided)
    if [[ -n $MK_SECRET ]]; then
        local secret
        prnt I "Fetching secret $MK_SECRET..."
        secret=$(fetch_secret "$MK_SECRET")
        if [[ -e /var/lib/cmk-agent/cmk-agent-ctl.gz ]]; then
            gunzip -v -f  /var/lib/cmk-agent/cmk-agent-ctl.gz
            chmod -v +x /var/lib/cmk-agent/cmk-agent-ctl
        fi
        if [[ -x /var/lib/cmk-agent/cmk-agent-ctl ]]; then
            /var/lib/cmk-agent/cmk-agent-ctl register \
                --hostname "$HOSTNAME" \
                --server "$MK_SERVER_IP" \
                --site "$MK_SITE" \
                --user "$MK_USER" \
                --password "$secret"
        else
            prnt W "Agent control tool not found; skipping registration."
        fi
        unset secret
    else
        prnt W "No secret configured, agent cannot be registered."
    fi
 }
 precheck_install_mkagent()
 {
-    if [[ -z $MK_VERSION ]]; then
+    if [[ -z $MK_SITE ]]; then
-        prnt E "Undeclared check_mk version of the agent to install."
+        prnt E "Undeclared check_mk site to use."
        die 162
    fi
    if [[ -z $MK_URL ]]; then
@@ -46,7 +157,16 @@ precheck_install_mkagent()
        prnt E "Undeclared check_mk server."
        die 162
    fi
-    file_must_exists cmk/check_mk cmk/mk_apt
+    if [[ $PKG_MAN == "apt-get" ]]; then
        file_must_exists cmk/check_mk cmk/mk_apt
    fi
    if [[ -z $MK_SECRET ]]; then
        prnt W "No secret set for CheckMK, registration won't be possible."
        if [[ -z $MK_USER ]]; then
            prnt E "A CheckMK user is required to register."
            die 162
        fi
    fi
 }
 export -f install_mkagent
--- a/modules/install_pkg.sh
+++ b/modules/install_pkg.sh
@@ -20,28 +20,28 @@ install_pkg()
 {
    # Remove unnecessary packages
    if [[ -n $PKGS_RMLIST  ]]; then
-        prnt I "Removing some undesired packages..."
+	prnt I "Removing some undesired packages..."
-        pkgrm $PKGS_RMLIST
+	pkgrm $PKGS_RMLIST
    fi
    # Blacklist some anoying packages (and remove them if needed)
-    if [[ -n PKGS_BLACKLIST ]]; then
+    if [[ -n $PKGS_BLACKLIST ]]; then
-        for pkg in $PKGS_BLACKLIST; do
+	for pkg in $PKGS_BLACKLIST; do
-            prnt I "Placing $pkg into the blacklist..."
+	    prnt I "Placing $pkg into the blacklist..."
-            local dest=/etc/apt/preferences.d/blacklist_$pkg
+	    local dest=/etc/apt/preferences.d/blacklist_$pkg
-            install_file pkgman/blacklist.conf $dest &&
+	    install_file pkgman/blacklist.conf $dest &&
-                sed -i -e "s/@pkg@/pkg/" $dest
+		sed -i -e "s/@pkg@/pkg/" $dest
-            tag_file $dest
+	    tag_file $dest
-            # If blacklisted we suppose uninstall as well (if neeeded)
+	    # If blacklisted we suppose uninstall as well (if neeeded)
-            pkgrm $pkg
+	    pkgrm $pkg
-        done
+	done
    fi
    # Install all the configured packages
    if [[ -n $PKGSEL ]]; then
-        prnt I "Installing the package selection..."
+	prnt I "Installing the package selection..."
-        pkginst $PKGSEL
+	pkginst $PKGSEL
    fi
    # Cleaning
@@ -51,23 +51,23 @@ install_pkg()
 precheck_install_pkg()
 {
-    if [[ -z PKGS_RMLIST ]]; then
+    if [[ -z $PKGS_RMLIST ]]; then
-        prnt m " * No package to remove."
+	prnt m " * No package to remove."
    else
-        prnt m " * $(echo $PKGS_RMLIST | wc -w) package to remove."
+	prnt m " * $(echo $PKGS_RMLIST | wc -w) package to remove."
    fi
-    if [[ -z PKGS_BLACKLIST ]]; then
+    if [[ -z $PKGS_BLACKLIST ]]; then
-        prnt m " * The packages $pkg will be placed into the blacklist !"
+	prnt m " * The packages $pkg will be placed into the blacklist !"
-        file_must_exists pkgman/blacklist.conf
+	file_must_exists pkgman/blacklist.conf
    else
-        prnt m " * No package to blacklist."
+	prnt m " * No package to blacklist."
    fi
    if [[ -z $PKGSEL ]]; then
-        prnt m " * No additionnal package to install !"
+	prnt m " * No additionnal package to install !"
    else
-        prnt m " * $(echo $PKGSEL | wc -w) additionnal package have to be installed."
+	prnt m " * $(echo $PKGSEL | wc -w) additionnal package have to be installed."
    fi
 }
--- a/modules/install_profile.sh
+++ b/modules/install_profile.sh
@@ -8,7 +8,7 @@
 # https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
-export VER_install_profile="0.0.7"
+export VER_install_profile="0.1.0"
 export DEP_install_profile="install_pkg"
 install_profile()
@@ -18,16 +18,24 @@ install_profile()
    local usrlist="/root"
    if find /home -mindepth 1 -maxdepth 1 -type d | read; then
-        usrlist="$usrlist /home/*"
+	usrlist="$usrlist /home/*"
    fi
    for usr in $usrlist; do
-        prnt I "Installing profile for user $usr..."
+	prnt I "Installing profile for user $usr..."
-        backup_dist $usr/{.,}profile $usr/.bashrc
+	backup_dist $usr/{.profile,.bashrc}
-        install_file profile/{{.,}profile,.bashrc} $usr/
+	install_file profile/{.profile,.bashrc} $usr/
-        tag_file $usr/{{.,}profile,.bashrc}
+	tag_file $usr/{.profile,.bashrc}
-        install_file profile/.tmux/.tmux.conf{,.local} $usr/
+	#install_file profile/.tmux/.tmux.conf{,.local} $usr/
-        tag_file $usr/.tmux.conf{,.local}
+	#tag_file $usr/.tmux.conf{,.local}
 	if [[ ! -d $usr/profile ]]; then
 	    (
 		cd $usr || return 205
                git config --global http.sslverify false
                git clone https://git.geoffray-levasseur.org/fatalerrors/profile.git
                git config --global http.sslverify true
 	    )
 	fi
    done
    unset usrlist
@@ -39,7 +47,7 @@ install_profile()
 precheck_install_profile()
 {
-    file_must_exists profile/{motd,{.,}profile,.bashrc,.tmux/.tmux.conf{,.local}}
+    file_must_exists profile/{motd,{.profile,.bashrc,.tmux/.tmux.conf{,.local}}
 }
 export -f install_profile
--- a/modules/patch_snmp.sh
+++ b/modules/patch_snmp.sh
@@ -8,29 +8,29 @@
 # https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
-export VER_patch_snmp="0.1.2"
+export VER_patch_snmp="0.1.3"
-export DEP_patch_snmp="install_pkg"
+export DEP_patch_snmp=""
 patch_snmp()
 {
    pkginst snmpd
    prnt I "Configuring SNMP daemon..."
    backup_dist /etc/snmp/snmpd.conf /etc/default/snmpd \
-        /lib/systemd/system/snmpd.service /etc/init.d/snmpd
+	/lib/systemd/system/snmpd.service /etc/init.d/snmpd
    install_file snmpd/snmpd.conf /etc/snmp/snmpd.conf
    tag_file /etc/snmp/snmpd.conf
    # No longer required with Debian >= 11 or Devuan >= 4
    if [[ ($SYS_DIST == 'debian' && $SYS_VER -lt 11) ||
-        ($SYS_DIST == 'devuan' && $SYS_VER -lt 4) ]]; then
+	($SYS_DIST == 'devuan' && $SYS_VER -lt 4) ]]; then
-        install_file snmpd/snmpd.init /etc/init.d/snmpd
+	install_file snmpd/snmpd.init /etc/init.d/snmpd
    fi
    install_file snmpd/snmpd.default /etc/default/snmpd
    tag_file /etc/default/snmpd
    if [[ -e /lib/systemd/system/snmpd.service ]]; then
-        install_file snmpd/snmpd.service /lib/systemd/system/snmpd.service
+	install_file snmpd/snmpd.service /lib/systemd/system/snmpd.service
-        if command -v systemctl &> /dev/null; then
+	if command -v systemctl &> /dev/null; then
-             systemctl daemon-reload
+	    systemctl daemon-reload
-        fi
+	fi
    fi
    svc_restart snmpd
 }
@@ -39,7 +39,7 @@ precheck_patch_snmp()
 {
    file_must_exists snmpd/snmpd.{conf,default}
    if [[ -e /lib/systemd/system/snmpd.service ]]; then
-        file_must_exists snmpd/snmpd.service
+	file_must_exists snmpd/snmpd.service
    fi
 }
--- a/modules/select_system_proxy.sh
+++ b/modules/select_system_proxy.sh
@@ -9,7 +9,7 @@
 # ------------------------------------------------------------------------------
 export VER_select_system_proxy="0.0.5"
-export DEP_select_system_proxy="upgrade_dist"
+export DEP_select_system_proxy=""
 select_system_proxy()
 {
@@ -20,7 +20,7 @@ select_system_proxy()
    else
        prnt I "No proxy configuration set, nothing to do."
    fi
-    NEED_REBOOT=true
+    export NEED_REBOOT=true
 }
 precheck_select_system_proxy()
--- a/modules/upgrade_dist.sh
+++ b/modules/upgrade_dist.sh
@@ -13,14 +13,19 @@
 #   * PROXY_APT_PORT: Working port for APT proxy if one declared
 #   * PROXY_SRV: General purpose proxy if PROXY_APT is undefined
 #   * PROXY_SRV_PORT: Working port for general purpose proxy if one declared
 # TODO: Split apt conf and actuel update to avoid repeating configuration if
 #       for a reason apt fail
 # TODO: This is Debian only, make this universal (at least yum/dnf compatible)
 # ------------------------------------------------------------------------------
-export VER_upgrade_dist="0.2.3"
+export VER_upgrade_dist="0.3.0"
 # As aptitude might fail if clock is too far from real time, we need to depend
 # on ntp
 export DEP_upgrade_dist="conf_ntp"
 export SOURCE_EXT="${SOURCE_EXT:-list}"
 upgrade_dist()
 {
    local proxyfile=/etc/apt/apt.conf.d/00proxy
@@ -29,18 +34,30 @@ upgrade_dist()
    # We backup entire apt dir
    backup_dist /etc/apt
    prnt I "Basic apt configuration..."
-    tag_file $norecommend
+
-    echo 'APT::Install-Recommends "false";' >> $norecommends
+    # TODO: No recommend section should be optionnal
-    echo 'APT::AutoRemove::RecommendsImportant "false";' >> $norecommends
+    tag_file $norecommends
-    echo 'APT::AutoRemove::SuggestsImportant "false";' >> $norecommends
+    {
        echo 'APT::Install-Recommends "false";'
        echo 'APT::AutoRemove::RecommendsImportant "false";'
        echo 'APT::AutoRemove::SuggestsImportant "false";'
    }  >> $norecommends
    prnt I "Configuring proxy for APT..."
    if [[ -n $PROXY_APT ]]; then
        if [[ ! -d $(dirname $proxyfile) ]]; then
-            mkdir -pv $(dirname $proxyfile) || (
+            mkdir -pv "$(dirname $proxyfile)" || (
                prnt E "Impossible to create directory to receive APT configuration."
                die 60
            )
        else
            # Cleanup
            if [[ -s $proxyfile ]]; then
                true > "$proxyfile"
            fi
            if grep -q "^Acquire::http::Proxy" /etc/apt/apt.conf; then
                sed -i -e "/^Acquire::http::Proxy/d" /etc/apt/apt.conf
            fi
        fi
        tag_file $proxyfile
        echo "Acquire::http::Proxy \"http://${PROXY_APT}:${PROXY_APT_PORT}\";" >> $proxyfile
@@ -52,7 +69,12 @@ upgrade_dist()
    fi
    # Remplace source.list from dist with ours (be smarter)
-    install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list
+    if [[ NO_MAIN_SOURCE == true ]]; then
        install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list.d/debian.${SOURCE_EXT}"
    else
 	# We don't use SOURCE_EXT
        install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list"
    fi
    prnt I "Updating package list..."
    pkgupdt
@@ -81,6 +103,10 @@ precheck_upgrade_dist()
        die 160
    fi
    file_must_exists pkgman/${SYS_DIST}_${SYS_VER}.list
    if [[ -z $NO_MAIN_SOURCE ]]; then
        prnt E "A required variable to configure apt is not defined."
        die 160
    fi
 }
 cron_upgrade_dist()
--- a/repo/common/ntpsec.conf
+++ b/repo/common/ntpsec.conf
@@ -0,0 +1,53 @@
 # /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
 driftfile /var/lib/ntpsec/ntp.drift
 leapfile /usr/share/zoneinfo/leap-seconds.list
 # To enable Network Time Security support as a server, obtain a certificate
 # (e.g., with Let's Encrypt), place the cert and key in the paths below, and
 # uncomment:
 # nts cert /etc/ntpsec/cert-chain.pem
 # nts key /etc/ntpsec/key.pem
 # nts enable
 # You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging.
 #statsdir /var/log/ntpsec/
 #statistics loopstats peerstats clockstats
 #filegen loopstats file loopstats type day enable
 #filegen peerstats file peerstats type day enable
 #filegen clockstats file clockstats type day enable
 # This should be maxclock 7, but the pool entries count towards maxclock.
 tos maxclock 11
 # Comment this out if you have a refclock and want it to be able to discipline
 # the clock by itself (e.g. if the system is not connected to the network).
 tos minclock 4 minsane 3
 # Specify one or more NTP servers.
 # Public NTP servers supporting Network Time Security:
 # server time.cloudflare.com nts
@SERVERLIST@
 # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
 # pick a different set every time it starts up.  Please consider joining the
 # pool: <https://www.pool.ntp.org/join.html>
 #pool 0.debian.pool.ntp.org iburst
 #pool 1.debian.pool.ntp.org iburst
 #pool 2.debian.pool.ntp.org iburst
 #pool 3.debian.pool.ntp.org iburst
 # Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html
 # for details.
 #
 # Note that "restrict" applies to both servers and clients, so a configuration
 # that might be intended to block requests from certain clients could also end
 # up blocking replies from your own upstream servers.
 # By default, exchange time with everybody, but don't allow configuration.
 restrict default kod nomodify noquery limited
 # Local users may interrogate the ntp server more closely.
 restrict 127.0.0.1
 restrict ::1
--- a/repo/common/pkgman/debian_10.list
+++ b/repo/common/pkgman/debian_10.list
@@ -1,5 +1,10 @@
- # Basic Debian Buster repositories
+# Basic Debian Buster repositories
- 
+
- deb http://deb.debian.org/debian buster main
+deb http://deb.debian.org/debian buster main contrib non-free
- deb http://deb.debian.org/debian buster-updates main
+deb-src http://deb.debian.org/debian buster main contrib non-free
- deb http://deb.debian.org/debian-security buster/updates main
+
 deb http://deb.debian.org/debian buster-updates main contrib non-free
 deb-src http://deb.debian.org/debian buster-updates main contrib non-free
 deb http://deb.debian.org/debian-security buster/updates main contrib non-free
 deb-src http://deb.debian.org/debian-security buster/updates main contrib non-free
--- a/repo/common/pkgman/debian_11.list
+++ b/repo/common/pkgman/debian_11.list
@@ -1,20 +1,10 @@
-# deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 NETINST 20210814-10:07]/ bullseye main
+# Basic debian Bullseye reop
-#deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 NETINST 20210814-10:07]/ bullseye main
+deb http://debian.univ-tlse2.fr/debian/ bullseye main contrib non-free
 deb-src http://debian.univ-tlse2.fr/debian/ bullseye main contrib non-free
-deb http://debian.univ-tlse2.fr/debian/ bullseye main contrib
+deb http://security.debian.org/debian-security bullseye-security main contrib non-free
-deb-src http://debian.univ-tlse2.fr/debian/ bullseye main contrib
+deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
-deb http://security.debian.org/debian-security bullseye-security main contrib
+deb http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib non-free
-deb-src http://security.debian.org/debian-security bullseye-security main contrib
+deb-src http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib non-free
 # bullseye-updates, to get updates before a point release is made;
 # see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
 deb http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib
 deb-src http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib
 # This system was installed using small removable media
 # (e.g. netinst, live or single CD). The matching "deb cdrom"
 # entries were disabled at the end of the installation process.
 # For information about how to configure apt package sources,
 # see the sources.list(5) manual.
--- a/repo/common/pkgman/debian_12.list
+++ b/repo/common/pkgman/debian_12.list
@@ -0,0 +1,10 @@
 # Basic Debian Bookworm repo
 deb http://debian.univ-tlse2.fr/debian/ bookworm main contrib non-free non-free-firmware
 deb-src http://debian.univ-tlse2.fr/debian/ bookworm main contrib non-free non-free-firmware
 deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
 deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
 deb http://debian.univ-tlse2.fr/debian/ bookworm-updates main contrib non-free non-free-firmware
 deb-src http://debian.univ-tlse2.fr/debian/ bookworm-updates main contrib non-free non-free-firmware
--- a/repo/common/pkgman/devuan_3.list
+++ b/repo/common/pkgman/devuan_3.list
@@ -5,5 +5,5 @@ deb-src http://fr.deb.devuan.org/merged beowulf main contrib non-free
 deb http://fr.deb.devuan.org/merged beowulf-updates main contrib non-free
 deb-src http://fr.deb.devuan.org/merged beowulf-updates main contrib non-free
-deb http://fr.deb.devuan.org/merged beowulf-backports main contrib non-free
+deb http://fr.deb.devuan.org/merged beowulf-security main contrib non-free
-deb-src http://fr.deb.devuan.org/merged beowulf-backports main contrib non-free
+deb-src http://fr.deb.devuan.org/merged beowulf-security main contrib non-free
--- a/repo/common/pkgman/devuan_4.list
+++ b/repo/common/pkgman/devuan_4.list
@@ -5,5 +5,5 @@ deb-src http://fr.deb.devuan.org/merged chimaera main contrib non-free
 deb http://fr.deb.devuan.org/merged chimaera-updates main contrib non-free
 deb-src http://fr.deb.devuan.org/merged chimaera-updates main contrib non-free
-deb http://fr.deb.devuan.org/merged chimaera-backports main contrib non-free
+deb http://fr.deb.devuan.org/merged chimaera-security main contrib non-free
-deb-src http://fr.deb.devuan.org/merged chimaera-backports main contrib non-free
+deb-src http://fr.deb.devuan.org/merged chimaera-security main contrib non-free
--- a/repo/common/pkgman/devuan_5.list
+++ b/repo/common/pkgman/devuan_5.list
@@ -0,0 +1,9 @@
 #
 deb http://fr.deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
 deb-src http://fr.deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
 deb http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
 deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
 deb http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
 deb-src http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
--- a/repo/common/pkgman/devuan_6.list
+++ b/repo/common/pkgman/devuan_6.list
@@ -0,0 +1,10 @@
 deb http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
 deb-src http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
 deb http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
 deb-src http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
 # excalibur-updates, to get updates before a point release is made;
 # see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
 deb http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib
 deb-src http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
fatalerrors	a229263c25	reconfigure arayat	2025-10-30 15:56:40 +01:00
fatalerrors	6865b4f967	fix download file name	2025-10-30 15:56:40 +01:00
fatalerrors	cbea670dd8	conf update	2025-10-18 10:58:39 +02:00
fatalerrors	cf76b4e7c3	typos	2025-10-16 18:05:27 +02:00
fatalerrors	900801e27c	remove way too long ago obsolete file	2025-10-16 16:09:05 +02:00
fatalerrors	f7bdab1bdb	created var management lib, embryo removed from filefct lib	2025-10-16 15:36:35 +02:00
fatalerrors	1132d20796	detect mk version if latest not provided, install xinetd before agent where required	2025-10-16 15:28:46 +02:00
root	cf631ea9a3	adapted to devuan excalibur	2025-10-02 21:33:32 +02:00
fatalerrors	8985f3114f	added new debian/devuan versions	2025-10-02 19:38:30 +02:00
fatalerrors	aea656675b	add output, made some command verbose	2025-09-25 22:37:58 +02:00
fatalerrors	fdce8fd76d	typo	2025-09-25 22:24:23 +02:00
fatalerrors	f2e3d3e3b9	latest not provided, back to fixed version	2025-09-25 22:22:18 +02:00
fatalerrors	6343d4185d	premature ip change	2025-09-25 22:16:14 +02:00
fatalerrors	717b240d02	fix ceph mount point creation	2025-09-25 22:13:30 +02:00
fatalerrors	3e4ac11d5b	fix typo	2025-09-25 22:02:48 +02:00
fatalerrors	5dfcfb383a	typo	2025-09-25 22:01:51 +02:00
fatalerrors	1251ae519f	fix comment	2025-09-25 21:55:38 +02:00
fatalerrors	7c5f280039	test over	2025-09-25 21:55:06 +02:00
fatalerrors	6538bb0305	test	2025-09-25 21:44:15 +02:00
fatalerrors	59acdb2ac8	typo	2025-09-25 21:37:32 +02:00
fatalerrors	e3714fb61d	conf updated	2025-09-25 21:36:24 +02:00
fatalerrors	850831f51c	restart network will have better success	2025-09-25 21:35:59 +02:00
fatalerrors	57cf93ac41	rework conf_ntp module	2025-09-25 20:44:35 +02:00
fatalerrors	e32501537d	fusion commit	2025-09-25 20:42:59 +02:00
fatalerrors	b894c793c1	fix variable name	2025-09-25 10:54:18 +02:00
fatalerrors	7e8b3fb656	fix typo	2025-09-24 18:37:27 +02:00
fatalerrors	a05f3b25ab	depends on ceph to install ceph...	2025-09-24 18:05:23 +02:00
fatalerrors	624b8d4c6e	revert redirection change, change approach	2025-09-24 18:01:27 +02:00
fatalerrors	da53bfd721	version bump	2025-09-24 17:24:55 +02:00
fatalerrors	834cb9d307	prnt now output to STDERR allowing printing in functions returning results on STDOUT	2025-09-24 17:23:22 +02:00
fatalerrors	90be985777	fixed error on file detection	2025-09-24 17:00:56 +02:00
fatalerrors	ccc973c5ef	check secret availability before run	2025-09-24 16:51:25 +02:00
fatalerrors	9803c4b312	added secrets availability checks	2025-09-24 16:50:42 +02:00
fatalerrors	a3b69a7c88	updated README file	2025-09-24 15:41:04 +02:00
fatalerrors	1e277ac209	fixed secret lib	2025-09-24 15:40:29 +02:00
fatalerrors	a02cb3b3bd	prepare for rework, in near future, typo	2025-09-24 15:17:14 +02:00
fatalerrors	1d45ceec9b	fix typo, minor optimisation, identation fix	2025-09-24 12:32:00 +02:00
fatalerrors	453c2d84f7	conf change	2025-09-24 12:23:38 +02:00
fatalerrors	af0d6c51a8	updated conf to new version of ceph module	2025-09-24 12:20:17 +02:00
fatalerrors	5ae7fd861b	optimisation and correction	2025-09-24 12:08:09 +02:00
fatalerrors	34c917d2d2	use fetch_secret for ceph secret	2025-09-22 18:37:42 +02:00
fatalerrors	1a23968a9d	updated gl.conf to new checkmk module	2025-09-22 18:35:37 +02:00
fatalerrors	dab7132d31	reworked the checkmk module	2025-09-22 18:34:48 +02:00
fatalerrors	d292e0e486	added secret management lib	2025-09-22 18:33:55 +02:00
fatalerrors	10e2150353	updated ntp.conf to modern ntpsec serveur	2025-09-19 15:31:29 +02:00
fatalerrors	9144f48000	adapt to modern ntp.conf file used by ntpsec	2025-09-16 12:10:30 +02:00
fatalerrors	a0889fe3ee	add ntpsec specific configuration	2025-09-16 12:06:13 +02:00
fatalerrors	40b4428ebc	first shot of Ceph rework	2025-08-11 20:04:58 +02:00
fatalerrors	bb53e99894	made user manipulation functions usable for a list of users	2025-08-11 20:03:46 +02:00
fatalerrors	7319aec087	moved user manipulation functions in lib	2025-08-11 20:02:42 +02:00
root	450c74e1b1	conf: added nisyros	2025-04-24 22:17:52 +02:00
fatalerrors	c4d891bdf9	conf update 2	2025-03-25 12:16:25 +01:00
fatalerrors	63bd14a221	conf update	2025-03-25 11:20:37 +01:00
fatalerrors	84a90cefaa	Updated copyright info, added separators and missing exports	2024-11-01 22:25:15 +01:00
fatalerrors	ee28727313	Merge branch 'master' of https://git.geoffray-levasseur.org/fatalerrors/init.sh	2024-10-23 20:09:05 +02:00
fatalerrors	dfb05f40fd	fix bug when giving config file through command line	2024-10-23 20:07:50 +02:00
fatalerrors	c258e698ab	added proxy cleanup before changing it	2024-10-23 20:02:08 +02:00
fatalerrors	81d7f68a19	cleaned debian and devuan repository mess	2024-09-20 19:05:29 +02:00
fatalerrors	7ed72e1c70	long ago, upgrade_dist was required, not any more some module unmaintained marked obsolete	2024-09-20 18:53:56 +02:00
fatalerrors	b244ad8ef3	fixed conf on latukan	2024-09-20 18:08:47 +02:00
fatalerrors	66dd6f2843	updated check_mk version	2024-09-20 17:04:06 +02:00
fatalerrors	574b57001e	bugfix on install_mkagent and patch_snmp	2024-09-20 16:38:26 +02:00
fatalerrors	092dd214c1	latukan conf change	2024-09-20 16:36:58 +02:00
fatalerrors	ba112e9ed9	some checkmk installation adjustment	2024-02-06 11:48:22 +01:00
fatalerrors	e207168ae7	configuration changes	2024-02-06 11:47:46 +01:00
fatalerrors	a23fb505b3	fixed module list	2024-02-04 19:04:38 +01:00
fatalerrors	8de818a3d0	updated mk agent version	2024-02-04 18:46:57 +01:00
root	15ac387271	removed sysbench, do not uninstall xauth, too dangerous on some confs	2024-01-30 10:37:32 +01:00
fatalerrors	cc76af7367	added new server	2024-01-23 01:08:10 +01:00
fatalerrors	57a92bf640	add support for check_mk >= 2.1 with registration	2023-10-27 22:46:11 +02:00
fatalerrors	89fcbd4f05	remove debug	2023-10-23 00:40:28 +02:00
fatalerrors	3fb06c257c	implemented realm detection and improved configuration files loading	2023-10-23 00:00:27 +02:00
fatalerrors	7464ad6555	moved conf file in their realm directory	2023-10-22 23:09:10 +02:00
fatalerrors	cbf2117266	fix nfs_opts default application	2023-10-22 21:22:22 +02:00
root	6e1344691d	add ca-certificates to package base	2023-10-20 19:34:55 +02:00
Geoffray Levasseur	c95af2a1e3	fix typo and conflict	2023-10-06 11:01:55 +02:00
fatalerrors	0eba77e3d5	hardening code and moved stage file removal later	2023-09-08 20:16:35 +02:00
root	264537e9ea	removed obsolete profile file	2023-09-08 20:11:52 +02:00
Geoffray Levasseur	cd35f52509	improved code quality, few bug fixes	2023-08-02 11:36:01 +02:00
fatalerrors	e16ce485f9	fix chaotic codium tabs management	2023-05-16 11:05:20 +02:00
fatalerrors	2293fdde90	pkgsel.base.conf.sh: removed duplicate "whois" in list	2023-05-16 10:57:42 +02:00
fatalerrors	e56dadbc2b	conf_nfs: modernised code, added possibility to pass mount options	2023-05-16 10:55:36 +02:00
fatalerrors	90e603be0c	moved stage file deletion so resume can be used after using --shell or --check-only options	2023-05-16 10:52:56 +02:00
fatalerrors	e5429bee9d	prepare check_mk agents upgrade	2023-05-10 19:43:36 +02:00
fatalerrors	dd1d97e625	conf change	2023-05-05 20:37:36 +02:00
fatalerrors	7542fba94e	fixed few minor issues	2023-05-05 19:50:16 +02:00
fatalerrors	23d36cc8af	added group and domain support for conf file and repository	2023-05-05 19:49:13 +02:00
fatalerrors	c2751bf9eb	new conf files + fix bug in conf_ntp with devuan 5, fix a bug with early debian/devuan version, added git support for profile	2023-05-05 19:06:07 +02:00
fatalerrors	a33726fba8	fixed indentation	2022-12-17 20:19:03 +01:00
fatalerrors	2a05bc8392	disp_help(): fixed some space/tabs unconsistency	2022-12-17 19:52:45 +01:00
fatalerrors	d15a98a7d1	moved dump_key_buffer() from display to utils	2022-12-17 19:29:20 +01:00
fatalerrors	4c11fbe410	stdtime(): removed timezone in our standard date format, useless	2022-12-17 19:11:51 +01:00
		`@@ -0,0 +1 @@`
							`/share/services/scripts/init.sh/conf/mixart-myrys.org`