reconfigure arayat

README.txt

@@ -1,4 +0,0 @@
-This is deployment scripts for LEGOS git repository created on 2021-05-31-11:31:04
-An english version for general purpose is available at https://www.geoffray-levasseur.org/init
-
-Check README.md for details.

conf/auto/debian-13.conf.sh

@@ -0,0 +1,6 @@
+# Check debian.conf file for general declaration
+# This is specific for version 13
+
+export NTP_SERV=ntpsec
+export SOURCE_EXT=source
+export NO_MAIN_SOURCE=true

conf/auto/debian.conf.sh

@@ -19,6 +19,9 @@ export COM_AUTOREM="autoremove --purge -y"
 # This is not used by init.sh
 export DEBIAN_FRONTEND=noninteractive
 
+# Configure how apt behave regarding source.list files
+export NO_MAIN_SOURCE=false
+
 # Conf chemin
 export RC_SCRIPTS_PATH="/etc/init.d"
 

conf/auto/devuan-6.conf.sh

@@ -0,0 +1,4 @@
+# Check devuan.conf file for general declaration
+# This is specific for version 6
+
+export NTP_SERV=ntpsec

conf/geoffray-levasseur.org/arayat.conf.sh

@@ -41,10 +41,10 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 
 NET4_MODE_eth1="static"
-NET4_IP_eth1="192.168.74.220/24"
+NET4_IP_eth1="192.168.74.100/24"
 
 NET4_MODE_eth2="static"
-NET4_IP_eth2="10.0.254.220/16"
+NET4_IP_eth2="10.42.250.100/16"
 
 IPV6_IFACES="eth0 eth1"
 
@@ -63,7 +63,7 @@ NET6_IP_eth1="2a03:7220:8081:b34a::dc/64"
 INTALL_MODE=full
 
 # Paquets additionnels
-PKGSEL="$PKGSEL iptables fail2ban curl"
+PKGSEL="$PKGSEL iptables curl"
 
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------

conf/geoffray-levasseur.org/labo.conf.sh

@@ -26,8 +26,6 @@ MAINUSER=root
 WITH_LDAP_KERB=no
 
 # Users to create, add or remove
-#LOCAL_USERS="$MAINUSER"
-#REMOTE_USERS="kroot"
 REMOVE_USERS="fatal"
 
 # Network
@@ -40,7 +38,7 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 
 NET4_MODE_eth1="static"
-NET4_IP_eth1="10.42.0.207/16"
+NET4_IP_eth1="10.42.250.180/16"
 
 IPV6_IFACES=""
 
@@ -64,5 +62,5 @@ PKGSEL="$PKGSEL nsd ldnsutils haveged"
 
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
-	conf_mail install_pkg install_profile patch_snmp install_mkagent \
+	conf_mail install_pkg install_profile patch_snmp \
         conf_syslog conf_network"

conf/geoffray-levasseur.org/latukan.conf.sh

@@ -50,10 +50,11 @@ NET6_GW_eth0="2a03:7220:8081:b301::e7"
 NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
 NET6_NS_SEARCH_eth0=$REALM
 
-
+# Gestionnaire de paquet :
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
+NO_MAIN_SOURCE=false
 INTALL_MODE=full
 
 # Paquets additionnels

conf/includes/gl.conf.sh

@@ -24,7 +24,7 @@ export CEPHIP_mayon="192.168.1.254"
 export CEPHIP_pinatubo="192.168.1.253"
 export CEPHIP_ragang="192.168.1.252"
 export CEPHIP_taal="192.168.1.251"
-export CEPH_SECRET="file:/share/services/gestparc/ceph_secret"
+export CEPH_SECRET="file:/tmp/ceph_secret"
 export CEPH_MOUNTS="datastore mediastore"
 export CEPH_MP_datastore="/srv/ceph"
 export CEPH_MP_mediastore="/srv/media"
@@ -34,12 +34,12 @@ export SHARED_HOME="false"
 export SSHD_PERMITROOT_RANGE="192.168.1.0/24"
 
 # Check MK
-#export MK_VERSION="2.3.0p27-1" No longer needed
-export MK_SERVER_IP="10.250.42.20"
+#export MK_VERSION="2.4.0p12-1" #shoud be autodetected now
+export MK_SERVER_IP="192.168.1.201"
 export MK_SITE="check_mk"
 export MK_URL="http://$MK_SERVER_IP/$MK_SITE/check_mk/agents/check-mk-agent_latest_all.deb"
 export MK_SECRET="file:/share/services/gestparc/mk_secret"
-
+export MK_USER="cmk-agent"
 
 # Samba
 export SMBSRV="silay.$REALM"

conf/includes/pkgsel.base.conf.sh

@@ -7,12 +7,12 @@ export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd wamerican chafa"
 export PKGS_BLACKLIST="apparmor resolvconf chafa snapd"
 
 # Base
-export PKGS_BASE="debconf-utils debhelper deborphan ethtool cpufrequtils \
+export PKGS_BASE="debconf-utils debhelper ethtool \
     curl hwinfo lm-sensors libatasmart-bin lsscsi pciutils vim emacs-nox \
     mailutils htop lsof ltrace strace bash-completion host dnsutils \
     sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \
     xz-utils zip unzip plzip lzip ftp lftp bc dc dos2unix psmisc udunits-bin \
-    whois tmux screen debconf-doc dump figlet gawk multitail neofetch nmap \
+    whois tmux screen debconf-doc dump figlet gawk multitail fastfetch nmap \
     oping pv traceroute rsync tree git qemu-guest-agent ca-certificates"
 
 # Agregation of the package lists

init.sh

@@ -36,7 +36,7 @@ export LC_ALL=C
 export LANG=C
 
 # Version of init
-export VERSION="0.99.23"
+export VERSION="0.99.24"
 
 # Store script's path (realpath -s resolve symlinks if init.sh is a symlink)
 export MYPATH=$(dirname "$(realpath -s "$0")")

lib/display.sh

@@ -95,28 +95,28 @@ export On_IWhite='\e[0;107m'
 prnt()
 {
     if [[ $1 == "-n" ]]; then
-	local echoopt=$1
-	shift
+        local echoopt=$1
+        shift
     else
-	local echoopt=""
+        local echoopt=""
     fi
     case $1 in
-	"I")
-	    local heads="[ ${IGreen}info${DEFAULTFG}  ]"
-	    shift
-	    ;;
-	"W")
-	    local heads="[${IYellow}Warning${DEFAULTFG}]"
-	    shift
-	    ;;
-	"E")
-	    local heads="[ ${IRed}ERROR${DEFAULTFG} ]"
-	    shift
-	    ;;
-	"m")
-	    local heads="         "
-	    shift
-	    ;;
+        "I")
+            local heads="[ ${IGreen}info${DEFAULTFG}  ]"
+            shift
+            ;;
+        "W")
+            local heads="[${IYellow}Warning${DEFAULTFG}]"
+            shift
+            ;;
+        "E")
+            local heads="[ ${IRed}ERROR${DEFAULTFG} ]"
+            shift
+            ;;
+        "m")
+            local heads="         "
+            shift
+            ;;
     esac
     echo $echoopt -e "${IWhite}$(date $DATEFORMAT)${DEFAULTFG} ${heads} $@"
 

lib/filefct.sh

@@ -25,35 +25,35 @@ export   COMM_REPO_PATH=${COMM_REPO_PATH:-"$MYPATH/repo/common"}
 backup_dist()
 {
     if [[ $# -lt 1 ]]; then
-	prnt E "backup_dist(): At least one argument is required."
-	exit 11
+        prnt E "backup_dist(): At least one argument is required."
+        exit 11
     fi
 
     local file=
     for file in $@; do
-	local tmstmp=$(stdtime)
-	if [[ -L ${file} ]]; then
-	    # With symbolik links we call again backup_dist to treat target
-	    prnt I "Following the symbolic link $file to do a proper backup..."
-	    backup_dist $(readlink -f "${file}")
-	elif [[ -f ${file} ]]; then
-	    prnt I "Creating a backup of ${file} on $tmstmp..."
-	    cp -av $file ${file}.dist.${tmstmp}
-	    if [[ $? -ne 0 ]]; then
-		prnt E "backup_dist(): Failed copying file."
-		die 12
-	    fi
-	elif [[ -d ${file} ]]; then
-	    prnt I "Creating a backup of the directory ${file} on $tmstmp..."
-	    cp -av $file ${file}.dist.${tmstmp}
-	    if [[ $? -ne 0 ]]; then
-		prnt E "backup_dist(): Failed copying directory recursively."
-		die 12
-	    fi
-	else
-	    prnt W "backup_dist(): $file don't exists, nothing to do."
-	fi
-	unset tmstmp
+        local tmstmp=$(stdtime)
+        if [[ -L ${file} ]]; then
+            # With symbolik links we call again backup_dist to treat target
+            prnt I "Following the symbolic link $file to do a proper backup..."
+            backup_dist $(readlink -f "${file}")
+        elif [[ -f ${file} ]]; then
+            prnt I "Creating a backup of ${file} on $tmstmp..."
+            cp -av $file ${file}.dist.${tmstmp}
+            if [[ $? -ne 0 ]]; then
+                prnt E "backup_dist(): Failed copying file."
+                die 12
+            fi
+        elif [[ -d ${file} ]]; then
+            prnt I "Creating a backup of the directory ${file} on $tmstmp..."
+            cp -av $file ${file}.dist.${tmstmp}
+            if [[ $? -ne 0 ]]; then
+                prnt E "backup_dist(): Failed copying directory recursively."
+                die 12
+            fi
+        else
+            prnt W "backup_dist(): $file don't exists, nothing to do."
+        fi
+        unset tmstmp
     done
     unset file
 }
@@ -74,20 +74,20 @@ select_file()
 {
     local infile=$1
     if [[ -f $RLMHST_REPO_PATH/$infile ]]; then
-	local source="$RLMHST_REPO_PATH/$infile"
+        local source="$RLMHST_REPO_PATH/$infile"
     elif [[ -f $RLMGRP_REPO_PATH/$infile ]]; then
-	local source="$RLMGRP_REPO_PATH/$infile"
+        local source="$RLMGRP_REPO_PATH/$infile"
     elif [[ -f $HOST_REPO_PATH/$infile ]]; then
-	local source="$HOST_REPO_PATH/$infile"
+        local source="$HOST_REPO_PATH/$infile"
     elif [[ -f $GROUP_REPO_PATH/$infile ]]; then
-	local source="$GROUP_REPO_PATH/$infile"
+        local source="$GROUP_REPO_PATH/$infile"
     elif [[ -f $REALM_REPO_PATH/$infile ]]; then
-	local source="$REALM_REPO_PATH/$infile"
+        local source="$REALM_REPO_PATH/$infile"
     elif [[ -f $COMM_REPO_PATH/$infile ]]; then
-	local source="$COMM_REPO_PATH/$infile"
+        local source="$COMM_REPO_PATH/$infile"
     else
-	# Not found in repository, we expect full name
-	local source="$infile"
+        # Not found in repository, we expect full name
+        local source="$infile"
     fi
     unset infile
     echo $source
@@ -103,20 +103,20 @@ select_directory()
 {
     local indir=$1
     if [[ -d $RLMHST_REPO_PATH/$indir ]]; then
-	local source="$RLMHST_REPO_PATH/$indir"
+        local source="$RLMHST_REPO_PATH/$indir"
     elif [[ -d $RLMGRP_REPO_PATH/$indir ]]; then
-	local source="$RLMGRP_REPO_PATH/$indir"
+        local source="$RLMGRP_REPO_PATH/$indir"
     elif [[ -d $HOST_REPO_PATH/$indir ]]; then
-	local source="$HOST_REPO_PATH/$indir"
+        local source="$HOST_REPO_PATH/$indir"
     elif [[ -d $GROUP_REPO_PATH/$indir ]]; then
-	local source="$GROUP_REPO_PATH/$indir"
+        local source="$GROUP_REPO_PATH/$indir"
     elif [[ -d $REALM_REPO_PATH/$indir ]]; then
-	local source="$REALM_REPO_PATH/$indir"
+        local source="$REALM_REPO_PATH/$indir"
     elif [[ -d $COMM_REPO_PATH/$indir ]]; then
-	local source="$COMM_REPO_PATH/$indir"
+        local source="$COMM_REPO_PATH/$indir"
     else
-	# Not found in repository, we expect full name
-	local source="$indir"
+        # Not found in repository, we expect full name
+        local source="$indir"
     fi
     unset indir
     echo $source
@@ -135,41 +135,41 @@ install_file()
     local i=0
 
     if [[ $# -lt 2 ]]; then
-	prnt E "install_file(): At least two arguments are required."
-	die 11
+        prnt E "install_file(): At least two arguments are required."
+        die 11
     fi
     if [[ -n $(echo $@ | grep "\*\|\?") ]]; then
-	prnt E "install_file(): Wildcards are not authorized."
-	die 7
+        prnt E "install_file(): Wildcards are not authorized."
+        die 7
     fi
 
     local arg=
     for arg in $@; do
-	filelist="$filelist $(select_file $arg)"
+        filelist="$filelist $(select_file $arg)"
         # We always replace until the last argument being the target
         target="$arg"
     done
     unset arg
 
     if [[ ! $target == /* ]]; then
-	prnt E "install_file(): Target must be on the root filesystem and full path must be provided."
-	die 13
+        prnt E "install_file(): Target must be on the root filesystem and full path must be provided."
+        die 13
     fi
     unset target
 
     if [[ -d $(dirname $i) ]]; then
-	prnt I "Creating required target directory $(dirname $i)..."
-	mkdir -pv $(dirname $i)
-	if [[ $? -ne 0 ]]; then
-	    prnt E "install_file(): Can't create target directory!"
-	    die 12
-	fi
+        prnt I "Creating required target directory $(dirname $i)..."
+        mkdir -pv $(dirname $i)
+        if [[ $? -ne 0 ]]; then
+            prnt E "install_file(): Can't create target directory!"
+            die 12
+        fi
     fi
     prnt I "Copying files ${filelist} to target directory $(dirname $i)..."
     cp -av $filelist
     if [[ $? -ne 0 ]]; then
-	prnt E "install_file(): Couldn't copy some required files!"
-	die 12
+        prnt E "install_file(): Couldn't copy some required files!"
+        die 12
     fi
 }
 export -f install_file
@@ -181,26 +181,26 @@ export -f install_file
 append_file()
 {
     if [[ $# -ne 2 ]]; then
-	prnt E "append_file(): Two arguments are required, source and destination."
-	die 11
+        prnt E "append_file(): Two arguments are required, source and destination."
+        die 11
     fi
 
     local srcfile=$(select_file $1)
     local dstfile=$2
     if [[ ! $dstfile == /* ]]; then
-	prnt E "append_file(): Target must be on the root filesystem and full path must be provided."
-	die 13
+        prnt E "append_file(): Target must be on the root filesystem and full path must be provided."
+        die 13
     fi
     if [[ -e $dstfile ]]; then
-	prnt E "append_file(): Target file must exist (use touch first to create it if required)."
-	die 13
+        prnt E "append_file(): Target file must exist (use touch first to create it if required)."
+        die 13
     fi
 
     prnt I "Adding content to file $dstfile..."
     cat $srcfile >> $dstfile
     if [[ $? -ne 0 ]]; then
-	prnt E "append_file(): Couldn't append a file!"
-	die 12
+        prnt E "append_file(): Couldn't append a file!"
+        die 12
     fi
 }
 export -f append_file
@@ -214,16 +214,16 @@ is_dir_empty()
     dir=$1
 
     if [[ -f $dir ]]; then
-	prnt E "is_dir_empty(): The given parameter is not a directory."
-	die 15
+        prnt E "is_dir_empty(): The given parameter is not a directory."
+        die 15
     fi
     if [[ ! -d $dir ]]; then
-	return 0
+        return 0
     fi
 
     nbfiles=$(ls -a1 $dir | grep -Evc '^.$|^..$')
     if [[ $nbfiles -eq 0 ]]; then
-	return 0
+        return 0
     fi
     return 1
 }
@@ -231,64 +231,17 @@ export -f is_dir_empty
 # ------------------------------------------------------------------------------
 
 
-# ------------------------------------------------------------------------------
-# copy and patch a file replacing all @var@ by the corresponding value in
-# the environment or the variable list given in parameter
-patch_file()
-{
-    local srcfile=$(select_file $1) && shift
-    local dstfile=$1 && shift
-    local workfile=${dstfile}.work
-
-    if [[ ! -s $srcfile ]]; then
-	prnt E "patch_file(): Source file is empty, is not a file or don't exists!"
-	die 10
-    fi
-
-    # Create a sub-process, to avoid bash environment pollution
-    (
-	local varlist='' pattern=''
-	if [[ $# -eq 0 ]] ; then
-	    pattern="-e s/<\(.*\)>/\$\1\$\1/g"
-	else
-	    local var=
-	    for var in $* ; do
-		if ! declare -p $var >/dev/null 2>&1 ; then
-		    local $var=$(eval echo \$$var)
-		fi
-		pattern="$pattern -e s/@$var@/\$$var/g"
-		varlist=$varlist\$$var
-	    done
-	fi
-
-	# sed replace <VAR> with \$$VAR and envsubst do the replace by value
-	sed $pattern $srcfile | envsubst ${varlist:+"$varlist"} > "$workfile"
-    )
-
-    local -a rights=( $(stat --printf="%a %u %g" "$srcfile") )
-    unset srcfile
-    mv "$workfile" "$dstfile"
-    chmod ${rights[0]} "$dstfile"
-    chown ${rights[1]}:${rights[2]} "$dstfile"
-
-    unset rights dstfile
-}
-export -f patch_file
-# ------------------------------------------------------------------------------
-
-
 # ------------------------------------------------------------------------------
 # Put a small header in a file showing it have been automatically modified
 tag_file()
 {
     for f in $@; do
-	local text="# File automatically modified by init.sh on $(stdtime)."
-	if [[ -e $f ]]; then
-	    sed -i "1s/^/$text\n/" $f
-	else
-	    echo $text > $f
-	    sed -i -e "s/modified/generated/" $f
-	fi
+        local text="# File automatically modified by init.sh on $(stdtime)."
+        if [[ -e $f ]]; then
+            sed -i "1s/^/$text\n/" $f
+        else
+            echo $text | sed "s/modified/generated/" > $f
+        fi
     done
 }
 export -f tag_file
@@ -300,10 +253,10 @@ export -f tag_file
 file_exists()
 {
     for f in $@; do
-	if [[ ! -f $(select_file $f) ]]; then
-	    echo $f
-	    return 1
-	fi
+        if [[ ! -f $(select_file $f) ]]; then
+            echo $f
+            return 1
+        fi
     done
     return 0
 }
@@ -318,8 +271,8 @@ file_must_exists()
     prnt I "Checking $@ files existance..."
     local mf=$(file_exists $@)
     if [[ $? -ne 0 ]]; then
-	prnt E "file_must_exists(): The $mf file is missing, can't continue."
-	die 10
+        prnt E "file_must_exists(): The $mf file is missing, can't continue."
+        die 10
     fi
     unset mf
 }
@@ -332,10 +285,10 @@ export -f file_must_exists
 directory_exists()
 {
     for d in $@; do
-	if [[ ! -d $(select_directory $d) ]]; then
-	    echo $d
-	    return 1
-	fi
+        if [[ ! -d $(select_directory $d) ]]; then
+            echo $d
+            return 1
+        fi
     done
     return 0
 }
@@ -350,8 +303,8 @@ directory_must_exists()
     prnt I "Checking $@ directories existance..."
     local md=$(directory_exists $@)
     if [[ $? -ne 0 ]]; then
-	prnt E "directory_must_exists(): The $md directory is missing, can't continue."
-	die 10
+        prnt E "directory_must_exists(): The $md directory is missing, can't continue."
+        die 10
     fi
     unset md
 }

lib/secret.sh

@@ -42,7 +42,7 @@ get_file_secret()
 {
     local path="$1" secret
 
-    if [[ -s "$path" ]]; then
+    if [[ ! -s "$path" ]]; then
         prnt E "get_file_secret: missing secret file"
         die 10
     fi
@@ -105,7 +105,6 @@ fetch_secret()
         scheme="${ref%%:*}"
         identifier="${ref#*:}"
     fi
-    prnt I "Fetching secret from $scheme, identified with \"$identifier\"..."
 
     func="get_${scheme}_secret"
 

lib/vars.sh

@@ -0,0 +1,108 @@
+#!/bin/bash
+# ------------------------------------------------------------------------------
+# Variables substitution function
+# This file is part of the init.sh project
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# ------------------------------------------------------------------------------
+# This file is distributed under 3-clause BSD license.
+# The complete license agreement can be obtained at:
+# https://opensource.org/licenses/BSD-3-Clause
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Replace @VAR@ in a text file by the corresponding $VAR value
+# The --delimiter or -d option allow to use something else than @
+setvar()
+{
+    local delimiter="@"
+    local vars=()
+    local file
+
+    # Parse arguments
+    while [[ $# -gt 0 ]]; do
+        case "$1" in
+            --delimiter|-d)
+                shift
+                delimiter="${1:-@}"
+                ;;
+            -*)
+                prnt E "setvar(): Unknown option: $1"
+                die 7
+                ;;
+            *)
+                if [[ -f $1 && $# -eq 1 ]]; then
+                    file="$1"
+                else
+                    vars+=("$1")
+                fi
+                ;;
+        esac
+        shift
+    done
+
+    if [[ -z $file ]]; then
+        prnt E "Usage: setvar [--delimiter D] VAR1 [VAR2 ...] <file>"
+        die 7
+    fi
+    if [[ ${#vars[@]} -eq 0 ]]; then
+        prnt E "No variable name(s) provided."
+        die 7
+    fi
+
+    local var val escaped pattern
+    for var in "${vars[@]}"; do
+        val="${!var}"
+        if [[ -z $val ]]; then
+            prnt W "Variable '$var' is unset or empty; skipped."
+            continue
+        fi
+
+        # Échapper les caractères spéciaux pour sed
+        escaped=$(printf '%s' "$val" | sed -e 's/[\/&]/\\&/g')
+
+        pattern="${delimiter}${var}${delimiter}"
+
+        prnt I "Replacing $pattern with $val in $file"
+        sed -i -e "s|$pattern|$escaped|g" "$file"
+    done
+}
+export -f setvar
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Replace @VAR@ in a text file by the corresponding values available in the
+# environment. The --delimiter or -d option allow to use something else than @
+setvars_from_env()
+{
+    local file delimiter="@"
+    while [[ $# -gt 0 ]]; do
+        case "$1" in
+            -d|--delimiter)
+                shift
+                delimiter="${1:-@}"
+                ;;
+            *)
+                file="$1"
+                ;;
+        esac
+        shift
+    done
+
+    [[ -f $file ]] || {
+        prnt E "File not found: $file"
+        die 10
+    }
+
+    local vars
+    vars=$(grep -o "${delimiter}[A-Z0-9_]\+${delimiter}" "$file" | sort -u | tr -d "$delimiter")
+    [[ -z $vars ]] && return 0
+
+    setvar --delimiter "$delimiter" $vars "$file"
+}
+export -f setvars_from_env
+# ------------------------------------------------------------------------------
+
+
+# EOF

modules/conf_ceph.sh

@@ -21,7 +21,7 @@
 # higher priority.
 # ------------------------------------------------------------------------------
 
-export VER_conf_ceph="1.0.1"
+export VER_conf_ceph="1.0.2"
 export DEP_conf_ceph=""
 
 conf_ceph()
@@ -65,14 +65,18 @@ conf_ceph()
         prnt I "Adding ceph entries to /etc/fstab"
         tag_file /etc/fstab
         echo >> /etc/fstab
-        local srvlist=${CEPH_SRV_NAMES/ /,}
+        local srvlist=${CEPH_SRV_NAMES// /,}
+
+        prnt I "Fetching secret $CEPH_SECRET..."
         local secret
         secret=$(fetch_secret "$CEPH_SECRET")
         if ! grep -q "$srvlist" /etc/fstab; then
             echo "# Ceph :" >> /etc/fstab
             for mnt in $CEPH_MOUNTS; do
-                mkdir -pv "$mnt"
-                echo "$srvlist:/    $(eval echo \$CEPH_MP_$mnt)       ceph    defaults,_netdev,name=admin,secret=$secret,id=$mnt  0 0" >> /etc/fstab
+                local mp=$(eval echo \$CEPH_MP_$mnt)
+                mkdir -pv "$mp"
+                echo "$srvlist:/    $mp       ceph    defaults,_netdev,name=admin,secret=$secret,mds_namespace=$mnt  0 0" >> /etc/fstab
+                unset mp
             done
         else
             prnt W "Ceph entry already in /etc/fstab, nothing to do"
@@ -89,7 +93,10 @@ conf_ceph()
         if ! grep -q "$SMBSRV" /etc/fstab; then
             echo "# Samba:" >> /etc/fstab
             for mnt in $CEPH_MOUNTS; do
-                echo "//$SMBSRV/$mnt       $(eval echo \$CEPH_MP_$mnt)     cifs    defaults,_netdev,username=root,password=        0 0" >> /etc/fstab
+                local mp=$(eval echo \$CEPH_MP_$mnt)
+                mkdir -pv $mp
+                echo "//$SMBSRV/$mnt       $mp     cifs    defaults,_netdev,username=root,password=        0 0" >> /etc/fstab
+                unset $mp
             done
         else
             prnt W "Samba entry already in /etc/fstab, nothing to do"

modules/conf_network.sh

@@ -100,11 +100,10 @@ conf_network()
 	fi
     done
 
-    prnt I "Trying to raise down iface up. Allready configured iface will require a reboot"
-    ifup -a || true && prnt W "Ignoring errors here."
+    prnt I "Restart network to apply changes"
+    svc_restart networking || true && prnt W "Ignoring errors here."
 
     unset iface if_file
-    export NEED_REBOOT=true
 }
 
 precheck_conf_network()
@@ -119,7 +118,7 @@ precheck_conf_network()
 		die 175
 	    else
 		if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
-		    prnt W "The IPv4 iface $iface, is already configured, a reboot will be required."
+		    prnt W "The IPv4 iface $iface, is already configured, a reboot could be required."
 		fi
 	    fi
 	    if [[ -z $(eval echo \$NET4_MODE_$iface) ]]; then
@@ -157,7 +156,7 @@ precheck_conf_network()
 		die 175
 	    else
 		if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
-		    prnt W "The IPv6 iface $iface, is already configured, a reboot will be required."
+		    prnt W "The IPv6 iface $iface, is already configured, a reboot could be required."
 		fi
 	    fi
 	    if [[ -z $(eval echo \$NET6_MODE_$iface) ]]; then

modules/conf_ntp.sh

@@ -11,7 +11,7 @@
 #  * NTPSERVERS: list of NTP servers
 # ------------------------------------------------------------------------------
 
-export VER_conf_ntp="0.1.6"
+export VER_conf_ntp="0.2.0"
 export DEP_conf_ntp=""
 
 conf_ntp()
@@ -21,16 +21,13 @@ conf_ntp()
 	systemctl disable systemd-timesyncd || true
     fi
 
+    NTP_SERV=${NTP_SERV:-ntp}
     prnt I "Installing ntp daemon..."
-    pkginst ntp
+    pkginst $NTP_SERV
     prnt I "Stopping service ntp..."
-    if [[ -n $NTP_SERV ]]; then
-	svc_stop $NTP_SERV
-    else
-	svc_stop ntp
-    fi
+    svc_stop $NTP_SERV
 
-    if [[ -n $NTP_SERV ]]; then
+    if [[ $NTP_SERV == ntpsec ]]; then
 	local conf_file="/etc/$NTP_SERV/ntp.conf"
     else
 	local conf_file="/etc/ntp.conf"

modules/install_mkagent.sh

@@ -18,18 +18,93 @@
 export VER_install_mkagent="0.1.0"
 export DEP_install_mkagent=""
 
+
+# ------------------------------------------------------------------------------
+# Extract CheckMK version from the server
+get_checkmk_version_from_server()
+{
+    local ip="$1"
+    local site="${2:-$MK_SITE}"
+    local proto out v header
+    local re_version='[0-9]+\.[0-9]+(\.[0-9]+)?p?[0-9]+'
+
+    [[ -n "$MK_VERSION" ]] && { printf '%s' "$MK_VERSION"; return 0; }
+
+    for proto in http https; do
+        # 1) Tentative via version.py (souvent non protégée)
+        if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/version.py" 2>/dev/null); then
+            v=$(grep -oE "$re_version" <<<"$out" | head -n1)
+            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
+        fi
+
+        # 2) Tentative via login.py (page de connexion)
+        if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/login.py" 2>/dev/null); then
+            v=$(grep -oE "$re_version" <<<"$out" | grep -vE '2\.[0-9]{1,3}\.[0-9]{2,3}' | head -n1)
+            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
+        fi
+
+        # 3) En-têtes HTTP éventuels
+        header=$(curl -fsSI --max-time 3 "$proto://$ip/$site/" 2>/dev/null || true)
+        if [[ -n "$header" ]]; then
+            v=$(grep -oiE "$re_version" <<<"$header" | head -n1)
+            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
+        fi
+
+        # 4) Fallback : page d'accueil, mais filtrer les faux positifs du JS
+        out=$(curl -fsS --max-time 5 "$proto://$ip/$site/" 2>/dev/null || true)
+        if [[ -n "$out" ]]; then
+            # Filtre plus strict : commence par 1.x ou 2.x et max 2 chiffres après le point
+            v=$(grep -oE "$re_version" <<<"$out" \
+                | grep -E '^2\.[0-9]+(\.[0-9]+)?p?[0-9]*$' \
+                | grep -vE '\.[0-9]{3,}' \
+                | head -n1)
+            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
+        fi
+    done
+
+    return 1
+}
+
 install_mkagent()
 {
-    # Download and install agent
-    wget "$MK_URL" -O /tmp/check-mk-agent_latest_all.deb
-    pkginst /tmp/check-mk-agent_latest_all.deb
-    rm /tmp/check-mk-agent_latest_all.deb
+    local debfile="/tmp/check-mk-agent_latest_all.deb"
+    prnt I "Downloading CheckMK agent from: $MK_URL"
 
-    # Activate correct service depending on system configuration
+    # try primary URL
+    if ! wget -q "$MK_URL" -O "$debfile"; then
+        prnt W "Primary download failed. Attempting to detect server version and fallback..."
+        local mkver
+        mkver=$(get_checkmk_version_from_server "$MK_SERVER_IP" 2>/dev/null || true)
+
+        if [[ -n "$mkver" ]]; then
+            prnt I "Detected Check_MK version: $mkver — building fallback URL"
+            # replace the literal 'latest' token in MK_URL with the detected version
+            local fallback_url
+            fallback_url="${MK_URL/latest/$mkver-1}"
+            prnt I "Trying fallback URL: $fallback_url"
+            if ! wget -q "$fallback_url" -O "$debfile"; then
+                prnt E "Fallback download with version $mkver failed."
+                die 163
+            fi
+        else
+            prnt E "Unable to detect Check_MK version on $MK_SERVER_IP and primary download failed."
+            die 163
+        fi
+    fi
+
+    # On non-systemd systems, install xinetd before the .deb to avoid postinst failures
+    if ! pidof systemd >/dev/null; then
+        pkginst xinetd
+    fi
+
+    # Install agent package
+    pkginst "$debfile"
+    rm -f "$debfile"
+
+    # Enable service depending on init system
     if pidof systemd >/dev/null; then
         systemctl enable --now check-mk-agent.socket
     else
-        pkginst xinetd
         backup_dist /etc/xinetd.d/check-mk-agent
         install_file cmk/check_mk /etc/xinetd.d/check-mk-agent
         tag_file /etc/xinetd.d/check-mk-agent
@@ -37,28 +112,30 @@ install_mkagent()
         svc_restart xinetd
     fi
 
-    # Install apt plugin (for Debian)
+    # Debian plugin
     if [[ $PKG_MAN == "apt-get" ]]; then
         mkdir -pv /usr/lib/check_mk_agent/plugins/3600
         install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/3600/mk_apt
     fi
 
-    # Cmk > 2.1, configure agent
+    # Registration (if secret provided)
     if [[ -n $MK_SECRET ]]; then
         local secret
+        prnt I "Fetching secret $MK_SECRET..."
         secret=$(fetch_secret "$MK_SECRET")
-
         if [[ -e /var/lib/cmk-agent/cmk-agent-ctl.gz ]]; then
-            gunzip -f /var/lib/cmk-agent/cmk-agent-ctl.gz
-            chmod +x /var/lib/cmk-agent/cmk-agent-ctl
+            gunzip -v -f  /var/lib/cmk-agent/cmk-agent-ctl.gz
+            chmod -v +x /var/lib/cmk-agent/cmk-agent-ctl
         fi
-        if [[ -e /var/lib/cmk-agent/cmk-agent-ctl ]]; then
+        if [[ -x /var/lib/cmk-agent/cmk-agent-ctl ]]; then
             /var/lib/cmk-agent/cmk-agent-ctl register \
                 --hostname "$HOSTNAME" \
                 --server "$MK_SERVER_IP" \
                 --site "$MK_SITE" \
                 --user "$MK_USER" \
                 --password "$secret"
+        else
+            prnt W "Agent control tool not found; skipping registration."
         fi
         unset secret
     else

modules/upgrade_dist.sh

@@ -18,12 +18,14 @@
 # TODO: This is Debian only, make this universal (at least yum/dnf compatible)
 # ------------------------------------------------------------------------------
 
-export VER_upgrade_dist="0.2.5"
+export VER_upgrade_dist="0.3.0"
 
 # As aptitude might fail if clock is too far from real time, we need to depend
 # on ntp
 export DEP_upgrade_dist="conf_ntp"
 
+export SOURCE_EXT="${SOURCE_EXT:-list}"
+
 upgrade_dist()
 {
     local proxyfile=/etc/apt/apt.conf.d/00proxy
@@ -67,7 +69,12 @@ upgrade_dist()
     fi
 
     # Remplace source.list from dist with ours (be smarter)
-    install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list
+    if [[ NO_MAIN_SOURCE == true ]]; then
+        install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list.d/debian.${SOURCE_EXT}"
+    else
+	# We don't use SOURCE_EXT
+        install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list"
+    fi
 
     prnt I "Updating package list..."
     pkgupdt
@@ -96,6 +103,10 @@ precheck_upgrade_dist()
         die 160
     fi
     file_must_exists pkgman/${SYS_DIST}_${SYS_VER}.list
+    if [[ -z $NO_MAIN_SOURCE ]]; then
+        prnt E "A required variable to configure apt is not defined."
+        die 160
+    fi
 }
 
 cron_upgrade_dist()

repo/common/pkgman/devuan_5.list

@@ -6,4 +6,4 @@ deb http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-f
 deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
 
 deb http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
-deb-src http://fr.deb.devuan.org/merged daedalus-securtity main contrib non-free non-free-firmware
+deb-src http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware

repo/common/pkgman/devuan_6.list

@@ -0,0 +1,10 @@
+deb http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
+deb-src http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
+
+deb http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
+deb-src http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
+
+# excalibur-updates, to get updates before a point release is made;
+# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
+deb http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib
+deb-src http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib