Correction & update scripts

2023-05-15 23:16:25 +02:00 · 2023-05-15 23:16:25 +02:00 · 7f34b60582
parent b8fbc07a97
commit 7f34b60582
24 changed files with 740 additions and 512 deletions
--- a/add_domain_with_acme.sh
+++ b/add_domain_with_acme.sh
@ -4,24 +4,23 @@
 gen_nginx_acme_conf(){
    domain=$1
    alt_domain=$2
-    nginx_run=`rcctl check nginx`
+    nginx_conf_file="/etc/nginx/sites-enabled/$domain"
    [ ! -f $nginx_conf_file ] || rm $nginx_conf_file;
-    if [ "$nginx_run" == "nginx(ok)" ]; then
+    mkdir /var/www/htdocs/$domain
-        cat > test/$domain <<EOF
+    rcctl check nginx
    if [ $? == 0 ]; then
        cat > $nginx_conf_file <<EOF
 server {
    listen 80;
    server_name $alt_domain $domain;
    include snippets/acme-challenge.conf;
-
+    root /htdocs/$domain;
    root /htdocs;
 }
 EOF
-
+        rcctl reload nginx
 #        rcctl restart nginx
    else
-        echo "Service NGINX not runnig"
+        echo "Service NGINX not running"
        exit 1
    fi
@ -30,8 +29,12 @@ EOF
 gen_acme_client_conf(){
    domain=$1
    alt_domain=$2
    acme_conf_file="my_configuration/ssl/$domain-acme-client.conf"
    # If the file exist, do nothing
    [ ! -f $acme_conf_file ] || echo "Domain already configured !"; exit 1;
    if [ "$alt_domain" == "" ]; then
-        cat >> my_configuration/ssl/$domain-acme-client.conf <<EOF
+        cat >> $acme_conf_file <<EOF
 domain $domain {
        domain key "/etc/ssl/private/$domain.key"
@ -41,7 +44,7 @@ domain $domain {
 EOF
    else
-        cat >> my_configuration/ssl/$domain-acme-client.conf <<EOF
+        cat >> $acme_conf_file <<EOF
 domain $domain {
        alternative names { $alt_domain }
@ -55,40 +58,39 @@ EOF
 }
 add_acme_domain_to_conf(){
    domain=$1
    egrep "domain $domain" -A5 /etc/acme-client.conf > /tmp/acme-client.conf
    cp -v /etc/acme-client.conf /etc/acme-client.conf.old
    cp -v /tmp/acme-client.conf /etc/acme-client.conf
 }
 install_utils(){
    cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
    chmod u+x /usr/local/bin/renew_https_certificate
 }
-get_certificate(){
+get_certificate()
 {
    domain=$1
    /usr/local/bin/renew_https_certificate $domain
 }
-usage(){
+usage()
 {
    print "This program ask 3 arguments : \n"
    print "First is email with domain name the second is list of alternatives domains with \" \"  \n"
    print "the last arguments is for share the ssl cert with xmpp daemon add xmpp at the end or not"
    print "\t $0 domain.tld \"a.domain.tld b.domain.tld c.domain.tld\""
 }
 if [ -z $1 ];
 then
    usage
    exit 3;
 fi
 if [ -e /etc/acme-client.conf ]; then
    echo ok
 else
    echo nok
 fi
 domain=$1
 alt_domain=$2
--- a/configure_firewall.sh
+++ b/configure_firewall.sh
@ -2,7 +2,7 @@
 . ./myserver.conf
-install_package(){
+install_firewall_packages(){
    pkg_add ssh_guard curl
    useradd -s /sbin/nologin -d /var/empty _pfbadhost
    ftp https://geoghegan.ca/pub/pf-badhost/0.5/pf-badhost.sh
@ -32,60 +32,36 @@ EOF
 set_basic_configuration(){
-    cat > my_configuration/pf.conf <<EOF
+    cp -v default_configruation/pf.conf my_configuration/pf.conf
 #Filtres badhosts et sshguard
 table <pfbadhost> persist file "/etc/pf-badhost.txt"
 table <sshguard> persist
 ## Table pour les batards de bruteforceurs
 table <bruteforce> persist
 set block-policy drop                  # bloque silencieusement
 set skip on lo                         # En local on s'en fou on surveille rien
 set limit table-entries 400000
 set limit states 100000
 ## Traitement des paquets ##
 # Paquets partiels on vire
 match all scrub (max-mss 1440 no-df random-id reassemble tcp)
 antispoof quick for egress         # Protection vol d'ip
 antispoof quick for lo0            # Protection vol d'ip
 # Port build user does not need network
 block return out log proto {tcp udp} user _pbuild
 # On bloque tout par défault
 block
 block quick on egress from <pfbadhost>
 block in from <sshguard>
 block log quick from <bruteforce> label "brutes"
 pass out on egress proto { tcp udp icmp ipv6-icmp } modulate state
 EOF
 }
 set_open_service(){
    cat >> my_configuration/pf.conf <<EOF
 #déclaration des variables
 web_ports = "{ http https }"
 #On évite les bruteforces
 pass in quick on egress proto { tcp, udp } from <whitelist> to port $web_ports
 pass in on egress proto tcp to port $web_ports flags S/SA keep state \
                                (max-src-conn 100, max-src-conn-rate 15/5, \
                                 overload <http_abusive_hosts> flush)
 EOF
-    if [ "$SERVICE_MAIL" == "yes" ]; then
+    cat >> my_configuration/pf.conf
-        echo "mail_ports = \"{ smtp submission imap }\"" >> default_configuration/pf.conf
+    EOF
    fi
-    if [ "$SERVICE_XMPP" == "yes" ]; then
+    [ "$SERVICE_MAIL" == "yes" ] &&
        echo "mail_ports = \"{ smtp submission imap }\"" >> default_configuration/pf.conf
    [ "$SERVICE_XMPP" == "yes" ] &&
        echo "xmmp_ports = \"{ 5222 5269 }\"" >> default_configuration/pf.conf
    fi
    echo "ssh_port = \"$SSH_PORT\"" >> default_configuration/pf.conf
    [ "$SERVICE_TURN" == "yes" ] &&
 	echo "turn_port = \"TURN_PORT\"" >> default_configuration/pf.conf
    cat >> my_configuration/pf.conf <<EOF
 ## Anti bruteforce
@ -95,13 +71,14 @@ EOF
 pass in on egress proto tcp to port \$ssh_port modulate state \\
  (max-src-conn 5, max-src-conn-rate 15/5, overload <bruteforce> flush global)
-#web
+pass in quick on egress proto { tcp, udp } from <whitelist> to port $web_ports
-pass in on egress proto tcp to port \$web_ports modulate state \\
+pass in on egress proto tcp to port $web_ports flags S/SA keep state \
-    (max-src-conn 60, max-src-conn-rate 60/1, overload <bruteforce> flush global)
+     	   	  	   (max-src-conn 100, max-src-conn-rate 15/5, \
 			   overload <http_abusive_hosts> flush)			    
 EOF
-    if [ "$SERVICE_MAIL" == "yes" ]; then
+    [ "$SERVICE_MAIL" == "yes" ] &&
        cat >> my_configuration/pf.conf <<EOF
 # mails
 ## antispam
@ -110,19 +87,27 @@ pass in on egress proto tcp to port \$mail_ports modulate state \\
 pass out log on egress proto tcp to any port smtp
 EOF
    fi
-    if [ "$SERVICE_XMPP" == "yes" ]; then
+    [ "$SERVICE_XMPP" == "yes" ] &&
        cat >> my_configuration/pf.conf <<EOF
 # XMPP
 pass in on egress proto tcp to port \$xmpp_ports modulate state \\
  (max-src-conn 15, max-src-conn-rate 15/5, overload <bruteforce> flush global)
 EOF
-    fi
+
    [ "$SERVICE_TURN" == "yes" ] &&
 	cat >> my_configuration/pf.conf <<EOF
 pass in on egress proto tcp to port $turn_port modulate state \
  (max-src-conn 20, max-src-conn-rate 30/1, overload <bruteforce> flush global)
 pass in on egress proto udp to port $turn_port 
 EOF
 }
-install_pf_and_enable(){
+install_conf_and_enable(){
    pfctl -nf my_configuration/pf.conf
    if [ $? == 0 ]; then
        cp -v /etc/pf.conf /etc/pf.old
@ -134,5 +119,14 @@ install_pf_and_enable(){
 }
 if [ "$1" == "gen-config-only" ];
 then
    set_basic_configuration
    set_open_service
 elif [ "$1" == "install" ];
 then
    install_firewall_packages
    set_basic_configuration
    set_open_service
    install_conf_and_enable
 fi
--- a/configure_mail_service.sh
+++ b/configure_mail_service.sh
@ -5,176 +5,21 @@
 install_mails_services_pkg()
 {
-    pkg_add dovecot dovecot-pigeonhole opensmtpd-filter-rspamd \
+    pkg_add dovecot dovecot-pigeonhole opensmtpd-filter-rspamd redis-6.2.12\
            opensmtpd-extras-6.7.1v0 opensmtpd-filter-dkimsign-0.5 rspamd-3.2 
 }
 gen_mails_service_configuration()
 {
-
+    cp -v default_configuration/opensmtpd/smtpd.conf.example my_configuration/opensmtpd/smtpd.conf
-    #Generate opensmtpd configuration
+    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/opensmtpd/smtpd.conf
-    cat > my_configuration/mail/smtpd.conf <<EOF
+    cp -v default_configuration/opensmtpd/spamd.conf.example my_configuration/opensmtpd/spamd.conf
-# See smtpd.conf(5) for more information.
+    cp -v default_configuration/dovecot/dovecot.conf.example my_configuration/dovecot/dovecot.conf
-
+    cp -v default_configuration/dovecot/local.conf.example my_configuration/dovecot/dovecot.conf
 # To accept external mail, replace with: listen on all
 #
 # les Certificats
 pki "cert_mail" cert "/etc/ssl/$DOMAIN.crt"
 pki "cert_mail" key "/etc/ssl/private/$DOMAIN.key"
 table aliases file:/etc/mail/aliases
 table passwd file:/etc/mail/passwd
 table virtuals file:/etc/mail/virtuals
 filter "rspamd" proc-exec "filter-rspamd"
 filter "dkimsign" proc-exec "filter-dkimsign -d $DOMAIN -s dkim -k /etc/mail/dkim/$DOMAIN-private.key" user _dkimsign group _dkimsign
 # Activation du check du reverse DNS
 #filter check_rdns phase connect match !rdns disconnect "550 no rDNS available"
 #filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS available"
 # To accept external mail, replace with: listen on all
 listen on all tls pki "cert_mail" hostname "$DOMAIN" filter  rspamd
 listen on all port submission tls-require pki "cert_mail" auth <passwd> filter dkimsign
 action "local_mail" mbox alias <aliases>
 action "domain_mail" maildir "/var/vmail/$DOMAIN/%{dest.user:lowercase}" virtual <virtuals>
 action "outbound" relay
 # Uncomment the following to accept external mail for domain "example.org"
 match from any for domain "$DOMAIN" action "domain_mail"
 match from local for local action "local_mail"
 match auth from any for any action "outbound"
 EOF
    #Generate spamd configuration
    cat > my_configuration/mail/spamd.conf <<EOF
 all:\
        :nixspam:
 # Nixspam recent sources list.
 # Mirrored from http://www.heise.de/ix/nixspam
 nixspam:\
        :black:\
        :msg="Your address %A is in the nixspam list\n\
        See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
        :method=https:\
        :file=www.openbsd.org/spamd/nixspam.gz
 # An example of a list containing addresses which should not talk to spamd.
 #
 #override:\
 #       :white:\
 #       :method=file:\
 #       :file=/var/db/override.txt:
 EOF
    ## Generate Dovecot configuration
    cat > my_configuration/dovecot/local.conf <<EOF
 listen = *
 protocols = imap
 first_valid_uid = 1000
 first_valid_gid = 1000
 mail_location = maildir:/var/vmail/%d/%n
 mail_plugin_dir = /usr/local/lib/dovecot
 disable_plaintext_auth = yes
 managesieve_notify_capability = mailto
 managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex  imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
 mbox_write_locks = fcntl
 mmap_disable = yes
 namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
  auto = subscribe
  special_use = \Archive
  }
  mailbox Drafts {
  auto = subscribe
  special_use = \Drafts
  }
  mailbox Junk {
  auto = subscribe
  special_use = \Junk
  }
  mailbox Sent {
  auto = subscribe
  special_use = \Sent
  }
  mailbox Trash {
  auto = subscribe
  special_use = \Trash
  }
  prefix =
 }
-service auth {
+gen_dkim_keys()
-    user = $default_internal_user
+{
    group = _maildaemons
 }
 passdb {
  args = scheme=blf-crypt /etc/mail/passwd
  driver = passwd-file
 }
 plugin {
  imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_name = *
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
  sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
 }
 protocols = imap sieve
 service imap-login {
  inet_listener imap {
  port = 143
  }
 }
 ssl = required
 ssl_min_protocol = TLSv1.2
 ssl_cipher_list = EECDH+AESGCM
 ssl_prefer_server_ciphers = yes
 #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
 ssl_cert = </etc/ssl/$DOMAIN.crt
 ssl_key = </etc/ssl/private/$DOMAIN.key
 userdb {
    driver = static
    args = uid=vmail gid=vmail home=/var/vmail/%d/%n/
 }
 protocol imap {
  mail_plugins = " imap_sieve"
 }
 EOF
 }
 gen_dkim_keys(){
    # Generate dkim key
    openssl genrsa -out my_configuration/mail/$DOMAIN-private.key 2048
    openssl rsa -in my_configuration/mail/$DOMAIN-private.key -pubout | \
@ -237,11 +82,12 @@ EOF
 install_mails_services_configuration()
 {
-    cp my_configuration/mail/smtpd.conf /etc/mail/smtpd.conf
+    cp -v my_configuration/mail/smtpd.conf /etc/mail/smtpd.conf
-    cp my_configuration/dovecot/local.conf /etc/dovecot/local.conf
+    cp -v my_configuration/dovecot/dovecot.conf /etc/dovecot/
    cp -v my_configuration/dovecot/local.conf /etc/dovecot/local.conf
    mkdir /etc/mail/dkim/
-    cp my_configuration/mail/$DOMAIN-private.key /etc/mail/dkim/
+    cp -v my_configuration/mail/$DOMAIN-private.key /etc/mail/dkim/
-    cp my_configuration/mail/$DOMAIN-public.key /etc/mail/dkim/
+    cp -v my_configuration/mail/$DOMAIN-public.key /etc/mail/dkim/
    chown -R _dkimsign /etc/mail/dkim/
    touch /etc/mail/virtuals
    touch /etc/mail/passwd
@ -259,7 +105,7 @@ make_system_mails_services_requirements()
    usermod -G _maildaemons _dovecot
    usermod -G _maildaemons _smtpd
-    cp /etc/login.conf /etc/login.conf.old
+    cp /etc/login.conf /etc/login.conf.orig
    cat >> /etc/login.conf <<EOF
 dovecot:\
    :openfiles-cur=1024:\
@ -269,13 +115,21 @@ EOF
 }
 make_directory_configuration()
 {
    mkdir my_configuration/mail
    mkdir my_configuration/dovecot
 }
 if [ "$1" == "gen-config-only" ];
 then
    gen_mails_service_configuration
    gen_dkim_keys
 elif [ "$1" == "install" ];
 then
    install_mails_services_pkg
    gen_mails_service_configuration
    gen_dkim_keys
 gen_mails_service_utils
    install_mails_services_configuration
    make_system_mails_services_requirements
    rcctl enable redis
--- a/default_configuration/dovecot/dovecot.conf.example
+++ b/default_configuration/dovecot/dovecot.conf.example
@ -0,0 +1,101 @@
 ## Dovecot configuration file
 # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
 # "doveconf -n" command gives a clean output of the changed settings. Use it
 # instead of copy&pasting files when posting to the Dovecot mailing list.
 # '#' character and everything after it is treated as comments. Extra spaces
 # and tabs are ignored. If you want to use either of these explicitly, put the
 # value inside quotes, eg.: key = "# char and trailing whitespace  "
 # Most (but not all) settings can be overridden by different protocols and/or
 # source/destination IPs by placing the settings inside sections, for example:
 # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
 # Default values are shown for each setting, it's not required to uncomment
 # those. These are exceptions to this though: No sections (e.g. namespace {})
 # or plugin settings are added by default, they're listed only as examples.
 # Paths are also just examples with the real defaults being based on configure
 # options. The paths listed here are for configure --prefix=/usr
 # --sysconfdir=/etc --localstatedir=/var
 # Protocols we want to be serving.
 protocols = imap 
 # A comma separated list of IPs or hosts where to listen in for connections. 
 # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
 # If you want to specify non-default ports or anything more complex,
 # edit conf.d/master.conf.
 listen = *, ::
 # Base directory where to store runtime data.
 #base_dir = /var/dovecot/
 # Name of this instance. In multi-instance setup doveadm and other commands
 # can use -i <instance_name> to select which instance is used (an alternative
 # to -c <config_path>). The instance name is also added to Dovecot processes
 # in ps output.
 #instance_name = dovecot
 # Greeting message for clients.
 #login_greeting = Dovecot ready.
 # Space separated list of trusted network ranges. Connections from these
 # IPs are allowed to override their IP addresses and ports (for logging and
 # for authentication checks). disable_plaintext_auth is also ignored for
 # these networks. Typically you'd specify your IMAP proxy servers here.
 #login_trusted_networks =
 # Space separated list of login access check sockets (e.g. tcpwrap)
 #login_access_sockets = 
 # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
 # proxying. This isn't necessary normally, but may be useful if the destination
 # IP is e.g. a load balancer's IP.
 #auth_proxy_self =
 # Show more verbose process titles (in ps). Currently shows user name and
 # IP address. Useful for seeing who are actually using the IMAP processes
 # (eg. shared mailboxes or if same uid is used for multiple accounts).
 #verbose_proctitle = no
 # Should all processes be killed when Dovecot master process shuts down.
 # Setting this to "no" means that Dovecot can be upgraded without
 # forcing existing client connections to close (although that could also be
 # a problem if the upgrade is e.g. because of a security fix).
 #shutdown_clients = yes
 # If non-zero, run mail commands via this many connections to doveadm server,
 # instead of running them directly in the same process.
 #doveadm_worker_count = 0
 # UNIX socket or host:port used for connecting to doveadm server
 #doveadm_socket_path = doveadm-server
 # Space separated list of environment variables that are preserved on Dovecot
 # startup and passed down to all of its child processes. You can also give
 # key=value pairs to always set specific settings.
 #import_environment = TZ
 ##
 ## Dictionary server settings
 ##
 # Dictionary can be used to store key=value lists. This is used by several
 # plugins. The dictionary can be accessed either directly or though a
 # dictionary server. The following dict block maps dictionary names to URIs
 # when the server is used. These can then be referenced using URIs in format
 # "proxy::<name>".
 dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
 }
 # Most of the actual configuration gets included below. The filenames are
 # first sorted by their ASCII value and parsed in that order. The 00-prefixes
 # in filenames are intended to make it easier to understand the ordering.
 #!include conf.d/*.conf
 # A config file can also tried to be included without giving an error if
 # it's not found:
 !include_try local.conf
--- a/default_configuration/dovecot/local.conf.example
+++ b/default_configuration/dovecot/local.conf.example
@ -0,0 +1,89 @@
 listen = *
 protocols = imap
 first_valid_uid = 1000
 first_valid_gid = 1000
 mail_location = maildir:/var/vmail/%d/%n
 mail_plugin_dir = /usr/local/lib/dovecot
 disable_plaintext_auth = yes
 managesieve_notify_capability = mailto
 managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex  imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
 mbox_write_locks = fcntl
 mmap_disable = yes
 namespace inbox {
  inbox = yes
  location =
  mailbox Archive {
  auto = subscribe
  special_use = \Archive
  }
  mailbox Drafts {
  auto = subscribe
  special_use = \Drafts
  }
  mailbox Junk {
  auto = subscribe
  special_use = \Junk
  }
  mailbox Sent {
  auto = subscribe
  special_use = \Sent
  }
  mailbox Trash {
  auto = subscribe
  special_use = \Trash
  }
  prefix =
 }
 service auth {
    user = $default_internal_user
    group = _maildaemons
 }
 passdb {
  args = scheme=blf-crypt /etc/mail/passwd
  driver = passwd-file
 }
 plugin {
  imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_name = *
  sieve = file:~/sieve;active=~/.dovecot.sieve
  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
  sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
  sieve_plugins = sieve_imapsieve sieve_extprograms
 }
 protocols = imap sieve
 service imap-login {
  inet_listener imap {
  port = 143
  }
 }
 ssl = required
 ssl_min_protocol = TLSv1.2
 ssl_cipher_list = EECDH+AESGCM
 ssl_prefer_server_ciphers = yes
 #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
 ssl_cert = </etc/ssl/kitoy.me.crt
 ssl_key = </etc/ssl/private/kitoy.me.key
 userdb {
    driver = static
    args = uid=vmail gid=vmail home=/var/vmail/%d/%n/ 
 }
 protocol imap {
  mail_plugins = " imap_sieve"
 }
--- a/default_configuration/nginx/nginx.conf.example
+++ b/default_configuration/nginx/nginx.conf.example
@ -0,0 +1,52 @@
 user www;
 worker_processes auto;
 pid /var/www/run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 events {
        worker_connections 768;
        # multi_accept on;
 }
 http {
        ##
        # Basic Settings
        ##
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        ##
        # SSL Settings
        ##
        ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;
        ##
        # Logging Settings
        ##
        access_log /var/www/logs/nginx/access.log;
        error_log /var/www/logs/nginx/error.log;
        ##
        # Gzip Settings
        ##
        gzip on;
         ##
        # Virtual Host Configs
        ##
        include /etc/nginx/sites-enabled/*;
 }
--- a/default_configuration/nginx/nginx.conf.example~
+++ b/default_configuration/nginx/nginx.conf.example~
@ -0,0 +1,52 @@
 user www;
 worker_processes auto;
 pid /var/www/run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 events {
        worker_connections 768;
        # multi_accept on;
 }
 http {
        ##
        # Basic Settings
        ##
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        ##
        # SSL Settings
        ##
        ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;
        ##
        # Logging Settings
        ##
        access_log /var/www/logsnginx/access.log;
        error_log /var/www/logs/nginx/error.log;
        ##
        # Gzip Settings
        ##
        gzip on;
         ##
        # Virtual Host Configs
        ##
        include /etc/nginx/sites-enabled/*;
 }
--- a/default_configuration/nginx/site-available/example
+++ b/default_configuration/nginx/site-available/example
@ -0,0 +1,39 @@
 server {
        listen 80;
        server_name __DOMAIN__;
        #Ajout pour les certificats letsencrypt
        include snippets/acme-challenge.conf;
        return 301 https://$http_host$request_uri;
        root /html/$DOMAIN;
 }
 server {
    listen 443 ssl http2;
    server_name __DOMAIN__;
    ssl_certificate         /etc/ssl/__DOMAIN__.crt;
    ssl_certificate_key     /etc/ssl/private/__DOMAIN__.key;
   #Ajout d'une configuration ssl securise
   include snippets/secure-ssl.conf;
    # Speeds things up a little bit when resuming a session
    # ssl_session_timeout 5m;
    # ssl_session_cache shared:SSL:5m;
        # Ajout pour le certificat letsencrypt
        include snippets/acme-challenge.conf;
        # Ajout pour securiser les headers
        include snippets/secure-headers.conf;
 }
    # Path to the root of your installation
   root /html/$DOMAIN;
 }
--- a/default_configuration/nginx/site-available/example~
+++ b/default_configuration/nginx/site-available/example~
@ -0,0 +1,39 @@
 server {
        listen 80;
        server_name $DOMAIN;
        #Ajout pour les certificats letsencrypt
        include snippets/acme-challenge.conf;
        return 301 https://$http_host$request_uri;
        root /html/$DOMAIN;
 }
 server {
    listen 443 ssl http2;
    server_name $DOMAIN;
    ssl_certificate         /etc/ssl/$DOMAIN.crt;
    ssl_certificate_key     /etc/ssl/private/$DOMAIN.key;
   #Ajout d'une configuration ssl securise
   include snippets/secure-ssl.conf;
    # Speeds things up a little bit when resuming a session
    # ssl_session_timeout 5m;
    # ssl_session_cache shared:SSL:5m;
        # Ajout pour le certificat letsencrypt
        include snippets/acme-challenge.conf;
        # Ajout pour securiser les headers
        include snippets/secure-headers.conf;
 }
    # Path to the root of your installation
   root /html/$DOMAIN;
 }
--- a/default_configuration/opensmtpd/smtpd.conf.example
+++ b/default_configuration/opensmtpd/smtpd.conf.example
@ -0,0 +1,31 @@
 # See smtpd.conf(5) for more information.
 # To accept external mail, replace with: listen on all
 #
 # Les certificats
 pki "cert_mail" cert "/etc/ssl/__DOMAIN__.crt"
 pki "cert_mail" key "/etc/ssl/private/__DOMAIN__.key"
 table aliases file:/etc/mail/aliases
 table passwd file:/etc/mail/passwd
 table virtuals file:/etc/mail/virtuals
 filter "rspamd" proc-exec "filter-rspamd"
 filter "dkimsign" proc-exec "filter-dkimsign -d __DOMAIN__ -s dkim -k /etc/mail/dkim/__DOMAIN__-private.key" user _dkimsign group _dkimsign
 # Activation du check du reverse DNS
 #filter check_rdns phase connect match !rdns disconnect "550 no rDNS available"
 #filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS available"
 listen on all tls pki "cert_mail" hostname "__DOMAIN__" filter  rspamd
 listen on all port submission tls-require pki "cert_mail" auth <passwd> filter dkimsign
 action "local_mail" mbox alias <aliases>
 action "domain_mail" maildir "/var/vmail/__DOMAIN__/%{dest.user:lowercase}" virtual <virtuals>
 action "outbound" relay
 match from any for domain "__DOMAIN__" action "domain_mail"
 match from local for local action "local_mail"
 match auth from any for any action "outbound"
--- a/default_configuration/opensmtpd/smtpd.conf.example~
+++ b/default_configuration/opensmtpd/smtpd.conf.example~
@ -0,0 +1,37 @@
 # See smtpd.conf(5) for more information.
 # To accept external mail, replace with: listen on all
 #
 # les Certificats
 pki "cert_mail" cert "/etc/ssl/__DOMAIN__.crt"
 pki "cert_mail" key "/etc/ssl/private/__DOMAIN__.key"
 table aliases file:/etc/mail/aliases
 table passwd file:/etc/mail/passwd
 table virtuals file:/etc/mail/virtuals
 filter "rspamd" proc-exec "filter-rspamd"
 filter "dkimsign" proc-exec "filter-dkimsign -d $DOMAIN -s dkim -k /etc/mail/dkim/__DOMAIN__-private.key" user _dkimsign group _dkimsign
 # Activation du check du reverse DNS
 #filter check_rdns phase connect match !rdns disconnect "550 no rDNS available"
 #filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS available"
 # To accept external mail, replace with: listen on all
 listen on all tls pki "cert_mail" hostname "__DOMAIN__" filter  rspamd
 listen on all port submission tls-require pki "cert_mail" auth <passwd> filter dkimsign
 action "local_mail" mbox alias <aliases>
 action "domain_mail" maildir "/var/vmail/__DOMAIN__/%{dest.user:lowercase}" virtual <virtuals>
 action "outbound" relay
 # Uncomment the following to accept external mail for domain "example.org"
 match from any for domain "__DOMAIN__" action "domain_mail"
 match from local for local action "local_mail"
 match auth from any for any action "outbound"
--- a/default_configuration/opensmtpd/smtpd.conf~
+++ b/default_configuration/opensmtpd/smtpd.conf~
@ -0,0 +1,37 @@
 # See smtpd.conf(5) for more information.
 # To accept external mail, replace with: listen on all
 #
 # les Certificats
 pki "cert_mail" cert "/etc/ssl/$DOMAIN.crt"
 pki "cert_mail" key "/etc/ssl/private/$DOMAIN.key"
 table aliases file:/etc/mail/aliases
 table passwd file:/etc/mail/passwd
 table virtuals file:/etc/mail/virtuals
 filter "rspamd" proc-exec "filter-rspamd"
 filter "dkimsign" proc-exec "filter-dkimsign -d $DOMAIN -s dkim -k /etc/mail/dkim/$DOMAIN-private.key" user _dkimsign group _dkimsign
 # Activation du check du reverse DNS
 #filter check_rdns phase connect match !rdns disconnect "550 no rDNS available"
 #filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS available"
 # To accept external mail, replace with: listen on all
 listen on all tls pki "cert_mail" hostname "$DOMAIN" filter  rspamd
 listen on all port submission tls-require pki "cert_mail" auth <passwd> filter dkimsign
 action "local_mail" mbox alias <aliases>
 action "domain_mail" maildir "/var/vmail/$DOMAIN/%{dest.user:lowercase}" virtual <virtuals>
 action "outbound" relay
 # Uncomment the following to accept external mail for domain "example.org"
 match from any for domain "$DOMAIN" action "domain_mail"
 match from local for local action "local_mail"
 match auth from any for any action "outbound"
--- a/default_configuration/opensmtpd/spamd.conf.example
+++ b/default_configuration/opensmtpd/spamd.conf.example
@ -0,0 +1,19 @@
 all:\
        :nixspam:
 # Nixspam recent sources list.
 # Mirrored from http://www.heise.de/ix/nixspam
 nixspam:\
        :black:\
        :msg="Your address %A is in the nixspam list\n\
        See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
        :method=https:\
        :file=www.openbsd.org/spamd/nixspam.gz
 # An example of a list containing addresses which should not talk to spamd.
 #
 #override:\
 #       :white:\
 #       :method=file:\
 #       :file=/var/db/override.txt:
--- a/default_configuration/pf.conf
+++ b/default_configuration/pf.conf
@ -1,10 +1,12 @@
 #Filtres badhosts et sshguard
 table <pfbadhost> persist file "/etc/pf-badhost.txt"
 table <sshguard> persist
 table <whitelist> persist
 ## Table pour les batards de bruteforceurs
 table <bruteforce> persist
-
+table <http_abusive_hosts> persist
 set block-policy drop                  # bloque silencieusement
 set skip on lo                         # En local on s'en fou on surveille rien
@ -30,30 +32,3 @@ block in from <sshguard>
 block log quick from <bruteforce> label "brutes"
 pass out on egress proto { tcp udp icmp ipv6-icmp } modulate state
 #déclaration des variables
 web_ports = "{ http https }"
 mail_ports = "{ smtp submission imap }"
 xmpp_ports = "{ 5222 5269 }"
 ssh_port = "42420"
 ## Anti bruteforce
 ### SSH
 #### Limite à 5 connexions simultanne par IP source
 #### Limite à 15 tentatives de connexion toutes les 5 minutes
 pass in on egress proto tcp to port $ssh_port  modulate state \
  (max-src-conn 5, max-src-conn-rate 15/5, overload <bruteforce> flush global)
 #web
 pass in on egress proto tcp to port $web_ports modulate state \
    (max-src-conn 60, max-src-conn-rate 60/1, overload <bruteforce> flush global)
 # mails
 ## antispam
 pass in on egress proto tcp to port  $mail_ports modulate state \
  (max-src-conn-rate 20/5, overload <bruteforce> flush global)
 pass out log on egress proto tcp to any port smtp
 # XMPP
 pass in on egress proto tcp to port $xmpp_ports modulate state \
  (max-src-conn 15, max-src-conn-rate 15/5, overload <bruteforce> flush global)
--- a/default_configuration/php/php-fpm.conf
+++ b/default_configuration/php/php-fpm.conf
@ -15,10 +15,10 @@ listen.owner = www
 listen.group = www
 listen.mode = 0660
 pm = dynamic
-pm.max_children = 5
+pm.max_children = 10
-pm.start_servers = 2
+pm.start_servers = 4
 pm.min_spare_servers = 1
-pm.max_spare_servers = 3
+pm.max_spare_servers = 6
 chroot = /var/www
 env[HOSTNAME] = $HOSTNAME
 env[PATH] = /usr/local/bin:/usr/bin:/bin
--- a/default_configuration/pywallter/pywallter.rc
+++ b/default_configuration/pywallter/pywallter.rc
@ -1,15 +1,11 @@
 #!/bin/ksh
-daemon="/usr/local/bin/python3"
+daemon="/usr/local/bin/python3 wsgi.py"
-daemon_flags="wsgi.py"
+daemon_execdir="/home/pywallter/pywallter"
 daemon_user="pywallter"
 location="/home/pywallter/pywallter"
 . /etc/rc.d/rc.subr
 rc_start() {
        ${rcexec} "cd ${location}; ${daemon} ${daemon_flags}"
 }
 rc_bg=YES
 rc_cmd $1
--- a/install_nextcloud.sh
+++ b/install_nextcloud.sh
@ -5,24 +5,24 @@
 install_package_nextcloud()
 {
-    pkg_add php-bz2-8.0.26 php-curl-8.0.26 php-gd-8.0.26 php-gmp-8.0.26 \
+    pkg_add php-bz2-8.1.18 php-curl-8.1.18 php-gd-8.1.18 php-gmp-8.1.18 \
-            php-intl-8.0.26 php-pdo_pgsql-8.0.26 php-zip-8.0.26 \
+            php-intl-8.1.18 php-pdo_pgsql-8.1.18 php-zip-8.1.18 \
            pecl80-imagick-3.7.0p1 pecl80-redis-5.3.7p0 \
-            nextcloud-24.0.5
+            nextcloud-25.0.6
 }
 enable_nextlcoud_php_modules(){
    #enable modules
-    ln -s /etc/php-8.0.sample/gd.ini /etc/php-8.0/gd.ini
+    ln -s /etc/php-8.1.sample/gd.ini /etc/php-8.1/gd.ini
-    ln -s /etc/php-8.0.sample/imagick.ini /etc/php-8.0/imagick.ini
+    ln -s /etc/php-8.1.sample/imagick.ini /etc/php-8.1/imagick.ini
-    ln -s /etc/php-8.0.sample/opcache.ini /etc/php-8.0/opcache.ini
+    ln -s /etc/php-8.1.sample/opcache.ini /etc/php-8.1/opcache.ini
-    ln -s /etc/php-8.0.sample/curl.ini /etc/php-8.0/curl.ini
+    ln -s /etc/php-8.1.sample/curl.ini /etc/php-8.1/curl.ini
-    ln -s /etc/php-8.0.sample/gmp.ini /etc/php-8.0/gmp.ini
+    ln -s /etc/php-8.1.sample/gmp.ini /etc/php-8.1/gmp.ini
-    ln -s /etc/php-8.0.sample/intl.ini /etc/php-8.0/intl.ini
+    ln -s /etc/php-8.1.sample/intl.ini /etc/php-8.1/intl.ini
-    ln -s /etc/php-8.0.sample/redis.ini /etc/php-8.0/redis.ini
+    ln -s /etc/php-8.1.sample/redis.ini /etc/php-8.1/redis.ini
-    ln -s /etc/php-8.0.sample/bz2.ini /etc/php-8.0/bz2.ini
+    ln -s /etc/php-8.1.sample/bz2.ini /etc/php-8.1/bz2.ini
-    ln -s /etc/php-8.0.sample/zip.ini /etc/php-8.0/zip.ini
+    ln -s /etc/php-8.1.sample/zip.ini /etc/php-8.1/zip.ini
-    ln -s /etc/php-8.0.sample/pdo_pgsql.ini /etc/php-8.0/pdo_pgsql.ini
+    ln -s /etc/php-8.1.sample/pdo_pgsql.ini /etc/php-8.1/pdo_pgsql.ini
    restart_php_service
 }
@ -35,7 +35,7 @@ create_nextcloud_db(){
    psql template1 postgres -c "CREATE USER $nextcloud_db_user WITH PASSWORD '$nextcloud_db_pass' CREATEDB ;"
    psql template1 postgres -c "CREATE DATABASE $nextcloud_db_name TEMPLATE template1 ENCODING 'UTF8' ;"
    psql template1 postgres -c "GRANT ALL PRIVILEGES ON DATABASE $nextcloud_db_name TO $nextcloud_db_user;"
-    psql template1 postgres -c "GRANT ALL PRIVILEGES ON SCHEMA public TO $nextcloud_db_user ;"
+    psql template1 postgres -c "ALTER DATABASE $nextcloud_db_name OWNER TO nextcloud_db_user;"
 }
@ -79,14 +79,23 @@ install_nextcloud(){
         /var/cron/tabs/root
 }
 mkdir my_configuration/nextcloud
-check_services_for_nextlcoud
+
 if [ "$1" == "gen-config-only" ];
 then
    check_services_for_nextcloud
    configure_nginx_service    
 elif [ "$1" == "install" ];
 then
    check_services_for_nextcloud
    configure_nginx_service
    install_package_nextcloud
    enable_nextlcoud_php_modules
 configure_nginx_service
    create_nextcloud_db
    install_configuration_files_nextcloud
    install_nextcloud
    restart_webserver_service
 fi
--- a/install_nginx_service.sh
+++ b/install_nginx_service.sh
@ -10,61 +10,8 @@ install_nginx_package()
 gen_nginx_configuration()
 {
-    cat > my_configuration/nginx/nginx.conf <<EOF
+    cp -v default_configuration/nginx/nginx.conf.example my_configuration/nginx/nginx.conf
-user www;
+    openssl dhparam -out my_configuration/nginx/dhparam.pem 2048
 worker_processes auto;
 pid /var/www/run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 events {
        worker_connections 768;
        # multi_accept on;
 }
 http {
        ##
        # Basic Settings
        ##
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        ##
        # SSL Settings
        ##
        ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;
        ##
        # Logging Settings
        ##
        access_log /var/www/logsnginx/access.log;
        error_log /var/www/logs/nginx/error.log;
        ##
        # Gzip Settings
        ##
        gzip on;
         ##
        # Virtual Host Configs
        ##
        include /etc/nginx/sites-enabled/*;
 }
 EOF
    openssl dhparam -out default_configuration/nginx/dhparam.pem 2048
 }
@ -72,57 +19,18 @@ EOF
 make_default_homepage()
 {
-    cat > my_configuration/nginx/site-available/$DOMAIN <<EOF
+    cp -v default_configuration/nginx/site-avalaible/example \
-server {
+       my_configuration/nginx/site-available/$DOMAIN
-        listen 80;
+    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/nginx/site-available/$DOMAIN
        server_name $DOMAIN;
        #Ajout pour les certificats letsencrypt
        include snippets/acme-challenge.conf;
        return 301 https://$http_host$request_uri;
        root /html/$DOMAIN;
 }
 server {
    listen 443 ssl http2;
    server_name $DOMAIN;
    ssl_certificate         /etc/ssl/$DOMAIN.crt;
    ssl_certificate_key     /etc/ssl/private/$DOMAIN.key;
   #Ajout d'une configuration ssl securise
   include snippets/secure-ssl.conf;
    # Speeds things up a little bit when resuming a session
    # ssl_session_timeout 5m;
    # ssl_session_cache shared:SSL:5m;
        # Ajout pour le certificat letsencrypt
        include snippets/acme-challenge.conf;
        # Ajout pour securiser les headers
        include snippets/secure-headers.conf;
 }
    # Path to the root of your installation
   root /html/$DOMAIN;
 }
 EOF
 }
 install_nginx_configuration(){
-    mkdir /etc/nginx/sites-enabled/
+    mkdir -v /etc/nginx/sites-enabled/
-    mkdir /etc/nginx/sites-available/
+    mkdir -v /etc/nginx/sites-available/
-    mkdir /etc/nginx/snippets/
+    mkdir -v /etc/nginx/snippets/
-    cp my_configuration/nginx/nginx.conf /etc/nginx/nginx.conf
+    cp -v my_configuration/nginx/nginx.conf /etc/nginx/nginx.conf
-    cp my_configuration/nginx/dhparam.pem /etc/nginx/dhparam.pem
+    cp -v my_configuration/nginx/dhparam.pem /etc/nginx/dhparam.pem
-    cp my_configuration/nginx/snippets/* /etc/nginx/snippets/
+    cp -v my_configuration/nginx/snippets/* /etc/nginx/snippets/
 }
 install_chroot_env()
@ -130,23 +38,21 @@ install_chroot_env()
    mkdir /var/www/etc/ssl/
    install -m 444 -o root -g bin /etc/resolv.conf /var/www/etc/
    install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl/
 }
 add_logs_to_newssyslog(){
    cp -v /etc/newsyslog.conf /etc/newsyslog.conf.old
-    egrep -v "nginx" /etc/newsyslog.conf > /tmp/newsyslog.conf
+    egrep -v "nginx|httpd" /etc/newsyslog.conf > /tmp/newsyslog.conf
    cat >> /tmp/newsyslog.conf <<EOF
 /var/www/logs/access.log                644  2     *    \$W0   Z /var/www/run/nginx.pid SIGUSR1
 /var/www/logs/error.log                 644  2     250  *     Z /var/www/run/nginx.pid SIGUSR1
 EOF
    mv /tmp/newsyslog.conf /etc/newsyslog.conf
 }
 mkdir my_configuration/nginx/
-install_nginx_package
+#install_nginx_package
 gen_nginx_configuration
-install_chroot_env
+#install_chroot_env
-install_nginx_configuration
+#install_nginx_configuration
-restart_webserver_service
+#restart_webserver_service
--- a/install_php.sh
+++ b/install_php.sh
@ -2,42 +2,11 @@
 install_php_package()
 {
-    pkg_add php-8.0.26
+    pkg_add php-8.1.18
 }
 gen_php_configuration(){
-    cat > my_configuration/php/php-fpm.conf <<EOF
+    cp -v default_configuration/php/php-fpm.conf my_configuration/php/php-fpm.conf 
 ;;;;;;;;;;;;;;;;;;;;;
 ; FPM Configuration ;
 ;;;;;;;;;;;;;;;;;;;;;
 [global]
 error_log = log/php-fpm.log
 ;;;;;;;;;;;;;;;;;;;;
 ; Pool Definitions ;
 ;;;;;;;;;;;;;;;;;;;;
 include=/etc/php-fpm.d/*.conf
 [www]
 user = www
 group = www
 listen = /var/www/run/php-fpm.sock
 listen.owner = www
 listen.group = www
 listen.mode = 0660
 pm = dynamic
 pm.max_children = 5
 pm.start_servers = 2
 pm.min_spare_servers = 1
 pm.max_spare_servers = 3
 chroot = /var/www
 env[HOSTNAME] = \$HOSTNAME
 env[PATH] = /usr/local/bin:/usr/bin:/bin
 env[TMP] = /tmp
 env[TMPDIR] = /tmp
 env[TEMP] = /tmp
 EOF
 }
 install_configurations_files()
@ -53,7 +22,13 @@ start_php_service()
 }
 mkdir my_configuration/php/
 if [ "$1" == "gen-config-only" ];
 then
    gen_php_configuration
 elif [ "$1" == "install" ];
 then
    install_php_package
    gen_php_configuration
    install_configurations_files
    start_php_service
 fi
--- a/install_postgresql_service.sh
+++ b/install_postgresql_service.sh
@ -2,46 +2,41 @@
 install_postresql_packages()
 {
-    pkg_add postgresql-client-14.5 postgresql-server-14.5
+    pkg_add postgresql-client-15.2 postgresql-server-15.2
 }
 configure_postgresql_service()
 {
-    cat > my_configuration/postgresql/pg_hba.conf <<EOF
+    cp -v default_configuration/postgresql/pg_hba.conf my_configuration/postgresql/pg_hba.conf    
-# TYPE  DATABASE        USER            ADDRESS                 METHOD
+}
-local   all     postgres        trust
+make_data_directory()
-# "local" is for Unix domain socket connections only
+{
 #local   all             all                                     md5
 # IPv4 local connections:
 host    all             all             127.0.0.1/32            md5
 # IPv6 local connections:
 host    all             all             ::1/128                 md5
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
 local   replication     all                                     md5
 host    replication     all             127.0.0.1/32            md5
 host    replication     all             ::1/128                 md5
 EOF
    su -m _postgresql -c "mkdir /var/postgresql/data"
    echo $postgresql_root_password > /tmp/passwordpsql.txt
-    su -m _postgresql -c "initdb -D /var/postgresql/data -U postgres -A md5 -E UTF8 --pwfile=/tmp/passwordpsql.txt"
+    [ ! -d "/var/postgresql/data" ] || mv /var/postgresql/data /var/postgresql/data.old
    su -m _postgresql -c "initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 --pwfile=/tmp/passwordpsql.txt"
    rm /tmp/passwordpsql.txt 
 }
-install_postgresql_configurations_files(){
+install_postgresql_configurations_files()
 {
    cp -v my_configuration/postgresql/pg_hba.conf /var/postgresql/data/pg_hba.conf
 }
-start_postgresql_service(){
+start_postgresql_service()
 {
    rcctl start postgresql
 }
-mkdir my_configuration/postgresql/
+
-#install_postresql_packages
+if [ "$1" == "gen-config-only" ];
 then
    configure_postgresql_service
 elif [ "$1" == "install" ];
 then
    install_postresql_packages
    configure_postgresql_service
    install_postgresql_configurations_files
    start_postgresql_service
 fi
--- a/install_pywallter.sh
+++ b/install_pywallter.sh
@ -28,11 +28,22 @@ DOSSIER_APP = "./users/"
 DATABASE = "./base.db"
 EXT_IMG= {'.jpg', '.JPG', '.png', '.PNG', '.gif', '.GIF', '.bmp', '.BMP', '.jpeg', '.JPEG' }
 SIGNIN_ENABLE = True
 XMPP_SERVER = True
 MAIL_SERVER = True
 SETUID='doas'
 EOF
    if [ SERVICE_MAIL = "yes" ];
       then
 	   echo "MAIL_SERVER = True" >> my_configuration/pywallter/config.py
       else
 	   echo "MAIL_SERVER = False" >> my_configuration/pywallter/config.py
    fi
    if [ SERVICE_XMPP = "yes" ];
    then
 	echo "XMPP_SERVER = True" >> my_configuration/pywallter/config.py
    else
 	echo "XMPP_SERVER = False" >> myconfiguration/pywallter/config.py
    fi
 }
@ -58,7 +69,15 @@ EOF
 }
 mkdir my_configuration/pywallter/
 if [ "$1" == "gen-config-only" ];
 then
    gen_pywallter_configuration_app
    gen_nginx_pywallter_app
 elif [ "$1" == "install" ];
 then
    gen_pywallter_configuration_app
    gen_nginx_pywallter_app
    install_pywallter_app
    install_pywallter_configuration_files
 fi
--- a/install_xmpp_service.sh
+++ b/install_xmpp_service.sh
@ -13,11 +13,11 @@ install_prosody_package(){
 gen_prosody_configuration(){
-    cp -v default_configuration/xmpp/prosody.cfg.lua.example default_configuration/xmpp/prosody.cfg.lua
+    cp -v default_configuration/xmpp/prosody.cfg.lua.example my_configuration/xmpp/prosody.cfg.lua
-    sed -i "s/__DOMAIN__/$DOMAIN/g" default_configuration/xmpp/prosody.cfg.lua
+    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/xmpp/prosody.cfg.lua
-    cp -v default_configuration/xmpp/virtualHosts/example.com.conf default_configuration/xmpp/virtualHosts/$DOMAIN.conf
+    cp -v default_configuration/xmpp/virtualHosts/example.com.conf my_configuration/xmpp/virtualHosts/$DOMAIN.conf
-    sed -i "s/__DOMAIN__/$DOMAIN/g" default_configuration/xmpp/virtualHosts/$DOMAIN.conf
+    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/xmpp/virtualHosts/$DOMAIN.conf
-    sed -i "s/__xmpp_passphrase_for_filesuploads__/$xmpp_passphrase_for_filesuploads/g" default_configuration/xmpp/virtualHosts/$DOMAIN.conf
+    sed -i "s/__xmpp_passphrase_for_filesuploads__/$xmpp_passphrase_for_filesuploads/g" my_configuration/xmpp/virtualHosts/$DOMAIN.conf
 }
@ -28,7 +28,6 @@ install_xmpp_certs_ssl(){
    install -o _prosody -g _prosody my_configuration/xmpp/dh-2048.pem /etc/prosody/certs/dh-2048.pem
    install -o _prosody -g _prosody /etc/ssl/private/"$DOMAIN".key /etc/prosody/certs/"$DOMAIN".key;
    install -o _prosody -g _prosody /etc/ssl/"$DOMAIN".crt /etc/prosody/certs/"$DOMAIN".crt;
 }
 install_prosody_modules(){
@ -45,7 +44,6 @@ install_prosody_modules(){
 gen_nginx_configuration_files_upload(){
    cp -v default_configuration/xmpp/nginx.conf.sample my_configuration/xmpp/upload.$DOMAIN
    cp -v default_configuration/xmpp/share.php.sample my_configuration/xmpp/share.php
    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/xmpp/upload.$DOMAIN
@ -82,6 +80,7 @@ install_xmpp_configurations_files(){
 mkdir my_configuration/xmpp
 if [ "$1" == "gen-config-only" ];
 then
    gen_prosody_configuration
@ -97,3 +96,11 @@ then
    rcctl enable prosody
    rcctl start prosody
 fi
 if [ "$1" == "gen-config-only" ];
 then
    #code
 elif [ "$1" == "install" ];
 then
    #Code
 fi
--- a/utils.sh
+++ b/utils.sh
@ -6,7 +6,7 @@ restart_mails_service()
 }
 restart_php_service(){
-    rcctl restart php80_fpm
+    rcctl restart php81_fpm
 }
 restart_postgresql_service(){