Niver > ServNest

README.md

@@ -1,19 +1,19 @@
-# Niver system images generator
+# ServNest system images generator
 
-This is the sources to build system images of Niver using mkosi. You can then use them with systemd-nspawn.
+This is the sources to build system images of ServNest using mkosi. You can then use them with systemd-nspawn.
 
 ## Usage
 
 This generator allows to build images for both Arch Linux and Debian Testing, you can replace `<sysid>` by either `arch` or `debian` in the following examples. Note that mkosi may require tools that are not available on your distribution.
 
-You can generate a new image in `/var/lib/machines/niver-<sysid>` by running `mkosi --force -d <sysid>` from this directory (`--force` will erase an already existing image).
+You can generate a new image in `/var/lib/machines/servnest-<sysid>` by running `mkosi --force -d <sysid>` from this directory (`--force` will erase an already existing image).
 
-You will need to copy `mkosi.nspawn` into `/etc/systemd/nspawn/niver-<sysid>.nspawn` to allow the container to use network without restrictions.
+You will need to copy `mkosi.nspawn` into `/etc/systemd/nspawn/servnest-<sysid>.nspawn` to allow the container to use network without restrictions.
 
 You can then boot the container:
 ```
-machinectl start niver-<sysid>
-machinectl shell niver-<sysid>
+machinectl start servnest-<sysid>
+machinectl shell servnest-<sysid>
 ```
 
 The full explanation of the structure in this repository can be found on the mkosi manpage. Here is a summary of what mkosi will do in this repository:
@@ -27,4 +27,4 @@ The full explanation of the structure in this repository can be found on the mko
 
 ## License
 
-Niver system images generator is ethical libre software: you can use, redistribute or modify it under the terms of the CNPL-NAv7+ as found in LICENSE.md or at <https://git.pixie.town/thufie/npl-builder>.
+ServNest system images generator is ethical libre software: you can use, redistribute or modify it under the terms of the CNPL-NAv7+ as found in LICENSE.md or at <https://git.pixie.town/thufie/npl-builder>.

mkosi.default

@@ -3,7 +3,7 @@ Autologin = yes
 
 [Output]
 Format = directory
-Hostname = niver.test
+Hostname = servnest.test
 
 [Content]
 BasePackages = yes

mkosi.default.d/arch/mkosi.default

@@ -4,7 +4,7 @@ Distribution = arch
 
 
 [Output]
-Output = /var/lib/machines/niver-arch
+Output = /var/lib/machines/servnest-arch
 
 [Content]
 Packages =

mkosi.default.d/debian/mkosi.default

@@ -4,7 +4,7 @@ Release = testing
 Mirror = https://deb.debian.org/debian
 
 [Output]
-Output = /var/lib/machines/niver-debian
+Output = /var/lib/machines/servnest-debian
 
 [Content]
 Packages =
@@ -16,3 +16,4 @@ Packages =
 	golang-1.18
 	openssh-server
 	iputils-ping
+	gettext

mkosi.extra/etc/knot/knot-primary.conf

@@ -24,30 +24,33 @@ remote:
     key: "primary-to-secondary."
 
 policy:
-  - id: "niver"
+  - id: "servnest"
     algorithm: "ed25519"
     nsec3: "on"
     nsec3-iterations: 10
 
 template:
-  - id: "niver"
-    storage: "/srv/niver/ns"
+  - id: "servnest"
+    storage: "/srv/servnest/ns"
     file: "%s.zone"
     zonefile-load: "whole"
     journal-content: "all"
     dnssec-signing: "on"
-    dnssec-policy: "niver"
+    dnssec-policy: "servnest"
     catalog-role: "member"
-    catalog-zone: "niver.test.invalid."
+    catalog-zone: "servnest.test.invalid."
 
 zone:
-  - domain: "niver.test.invalid."
+  - domain: "servnest.test.invalid."
     notify: "secondary"
     zonefile-load: "whole"
     journal-content: "all"
     catalog-role: "generate"
 
-  - domain: "niver.test."
-    template: "niver"
-    storage: "/srv/niver/reg"
+  - domain: "servnest.test."
+    template: "servnest"
+    storage: "/srv/servnest/reg"
+  - domain: "test.servnest.test."
+    template: "servnest"
+    storage: "/srv/servnest/reg"
 

mkosi.extra/etc/knot/knot-secondary.conf

@@ -24,14 +24,14 @@ remote:
     key: "primary-to-secondary."
 
 template:
-  - id: "niver"
+  - id: "servnest"
     storage: "/var/lib/knot"
     file: "%s.zone"
     master: "primary"
 
 zone:
-  - domain: "niver.test.invalid."
+  - domain: "servnest.test.invalid."
     master: "primary"
     catalog-role: interpret
-    catalog-template: "niver"
+    catalog-template: "servnest"
 

mkosi.extra/etc/knot/knot.conf

@@ -13,21 +13,24 @@ database:
     storage: "/var/lib/knot"
 
 policy:
-  - id: "niver"
+  - id: "servnest"
     algorithm: "ed25519"
     nsec3: "on"
     nsec3-iterations: 10
 
 template:
-  - id: "niver"
-    storage: "/srv/niver/ns"
+  - id: "servnest"
+    storage: "/srv/servnest/ns"
     file: "%s.zone"
     zonefile-load: "whole"
     journal-content: "all"
     dnssec-signing: "on"
-    dnssec-policy: "niver"
+    dnssec-policy: "servnest"
 
 zone:
-  - domain: "niver.test."
-    template: "niver"
-    storage: "/srv/niver/reg"
+  - domain: "servnest.test."
+    template: "servnest"
+    storage: "/srv/servnest/reg"
+  - domain: "test.servnest.test."
+    template: "servnest"
+    storage: "/srv/servnest/reg"

mkosi.extra/etc/nginx/inc/errors.conf

@@ -3,21 +3,21 @@ recursive_error_pages on;
 # 403 Forbidden
 error_page 403 @403;
 location @403 {
-	root /srv/niver/errors;
+	root /srv/servnest/errors;
 	try_files /403.html =500;
 }
 
 # 404 Not Found
 error_page 404 @local404;
 location @local404 {
-	try_files /404.html /404.md /404.gmi @niver404;
+	try_files /404.html /404.md /404.gmi @servnest404;
 }
-location @niver404 {
-	root /srv/niver/errors;
+location @servnest404 {
+	root /srv/servnest/errors;
 	try_files /404.php =500;
 	index /404.php;
 	fastcgi_split_path_info ^(.+\.php)(/.+)$;
-	fastcgi_pass unix:/run/php-fpm/niver.sock;
+	fastcgi_pass unix:/run/php-fpm/servnest.sock;
 	include inc/fastcgi.conf;
 	fastcgi_index /404.php;
 }
@@ -25,48 +25,48 @@ location @niver404 {
 # 405 Method Not Allowed
 error_page 405 @405;
 location @405 {
-	root /srv/niver/errors;
+	root /srv/servnest/errors;
 	try_files /405.html =500;
 }
 
 # 410 Gone
 error_page 410 @410;
 location @410 {
-	root /srv/niver/errors;
+	root /srv/servnest/errors;
 	try_files /410.html =500;
 }
 
 # 418 I'm a teapot
 error_page 418 @418;
 location @418 {
-	root /srv/niver/errors;
+	root /srv/servnest/errors;
 	try_files /418.html =500;
 }
 
 # 500 Internal Server Error
 error_page 500 @500;
 location @500 {
-	root /srv/niver/errors;
+	root /srv/servnest/errors;
 	try_files /500.html =500;
 }
 
 # 502 Bad Gateway
 error_page 502 @502;
 location @502 {
-	root /srv/niver/errors;
+	root /srv/servnest/errors;
 	try_files /502.html =500;
 }
 
 # 503 Service Unavailable
 error_page 503 @503;
 location @503 {
-	root /srv/niver/errors;
+	root /srv/servnest/errors;
 	try_files /503.html =500;
 }
 
 # 504 Gateway Timeout
 error_page 504 @504;
 location @504 {
-	root /srv/niver/errors;
+	root /srv/servnest/errors;
 	try_files /504.html =500;
 }

mkosi.extra/etc/nginx/nginx.conf

@@ -30,9 +30,9 @@ http {
     		"" 0;
     		default 1;
 	}
-	log_format niver '|$time_local| [$remote_addr]@$server_name {$ssl_protocol $ssl_cipher} $status $body_bytes_sent "$request" "$http_user_agent"';
+	log_format servnest '|$time_local| [$remote_addr]@$server_name {$ssl_protocol $ssl_cipher} $status $body_bytes_sent "$request" "$http_user_agent"';
 	error_log /var/log/nginx/error.log notice;
-	access_log /var/log/nginx/access.log niver if=$loggable;
+	access_log /var/log/nginx/access.log servnest if=$loggable;
 
 	# Disable useless/dangerous features
 	etag off;
@@ -56,9 +56,9 @@ http {
 	# OCSP Stapling
 	#ssl_stapling on;
 	#ssl_stapling_verify on;
-	#ssl_trusted_certificate /etc/letsencrypt/live/niver.test/chain.pem;
+	#ssl_trusted_certificate /etc/letsencrypt/live/servnest.test/chain.pem;
 
 	# Include other configuration
 	include sites/*.conf;
-	include /srv/niver/nginx/*.conf;
+	include /srv/servnest/nginx/*.conf;
 }

mkosi.extra/etc/nginx/sites/default-server.conf

@@ -2,21 +2,21 @@ server {
 	listen [::1]:42443 ssl http2 default_server;
 	listen 127.0.0.1:42443 ssl http2 default_server;
 
-	ssl_certificate /etc/ssl/certs/niver.crt;
-	ssl_certificate_key /etc/ssl/private/niver.key;
+	ssl_certificate /etc/ssl/certs/servnest.crt;
+	ssl_certificate_key /etc/ssl/private/servnest.key;
 
 	ssl_stapling off;
 
-	root /srv/niver/errors;
+	root /srv/servnest/errors;
 	try_files index.php index.html $uri $uri/;
 	index index.php index.html;
 
 	location / {
-		root /srv/niver/errors;
+		root /srv/servnest/errors;
 		try_files /index.php =500;
 		index index.php;
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		fastcgi_pass unix:/run/php-fpm/niver.sock;
+		fastcgi_pass unix:/run/php-fpm/servnest.sock;
 		include /etc/nginx/inc/fastcgi.conf;
 	}
 

mkosi.extra/etc/nginx/sites/http.conf

@@ -9,15 +9,15 @@ server {
 	# Display an explanation page
 	error_page 403 @http403;
 	location @http403 {
-		root /srv/niver/errors;
+		root /srv/servnest/errors;
 		try_files /http.php =500;
 		index http.php;
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		fastcgi_pass unix:/run/php-fpm/niver.sock;
+		fastcgi_pass unix:/run/php-fpm/servnest.sock;
 		include inc/fastcgi.conf;
 	}
 
 	location /.well-known/acme-challenge {
-		root /srv/niver/acme/;
+		root /srv/servnest/acme/;
 	}
 }

mkosi.extra/etc/nginx/sites/niver.test.conf

@@ -1,9 +1,9 @@
 server {
 	listen [::1]:42443 ssl http2;
 	listen 127.0.0.1:42443 ssl http2;
-	server_name niver.test;
+	server_name servnest.test;
 
-	root /srv/niver/core;
+	root /srv/servnest/core;
 
 	include inc/tls.conf;
 	include inc/errors.conf;
@@ -12,19 +12,19 @@ server {
 
 	location / {
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		fastcgi_pass unix:/run/php-fpm/niver.sock;
+		fastcgi_pass unix:/run/php-fpm/servnest.sock;
 		include inc/fastcgi.conf;
 		try_files /router.php =500;
 	}
 
 	location /css {
-		alias /srv/niver/core/css;
+		alias /srv/servnest/core/css;
 	}
 
 	location /docs {
-		alias /srv/niver/docs;
+		alias /srv/servnest/docs;
 	}
 
-	ssl_certificate /etc/ssl/certs/niver.crt;
-	ssl_certificate_key /etc/ssl/private/niver.key;
+	ssl_certificate /etc/ssl/certs/servnest.crt;
+	ssl_certificate_key /etc/ssl/private/servnest.key;
 }

mkosi.extra/etc/nginx/sites/servnest.test.conf

@@ -0,0 +1,30 @@
+server {
+	listen [::1]:42443 ssl http2;
+	listen 127.0.0.1:42443 ssl http2;
+	server_name servnest.test;
+
+	root /srv/servnest/core;
+
+	include inc/tls.conf;
+	include inc/errors.conf;
+
+	more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
+
+	location / {
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_pass unix:/run/php-fpm/servnest.sock;
+		include inc/fastcgi.conf;
+		try_files /router.php =500;
+	}
+
+	location /css {
+		alias /srv/servnest/core/css;
+	}
+
+	location /docs {
+		alias /srv/servnest/docs;
+	}
+
+	ssl_certificate /etc/ssl/certs/servnest.crt;
+	ssl_certificate_key /etc/ssl/private/servnest.key;
+}

mkosi.extra/etc/nginx/sites/sftpgo-auth.conf

@@ -1,14 +1,14 @@
 server {
 	listen [::1]:8055;
 
-	root /srv/niver/core;
+	root /srv/servnest/core;
 
 	include inc/errors.conf;
 
 	location / {
 		try_files /sftpgo-auth.php =500;
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		fastcgi_pass unix:/run/php-fpm/niver.sock;
+		fastcgi_pass unix:/run/php-fpm/servnest.sock;
 		include inc/fastcgi.conf;
 	}
 }

mkosi.extra/etc/nginx/sites/subdomain.conf

@@ -1,12 +1,12 @@
 server {
 	listen [::1]:42443 ssl http2;
 	listen 127.0.0.1:42443 ssl http2;
-	server_name "~^(?<subdomain>[a-z0-9]{1,32})\.ht\.niver\.test$";
+	server_name "~^(?<subdomain>[a-z0-9]{1,32})\.ht\.servnest\.test$";
 
 	include inc/ht-tls.conf;
 
-	ssl_certificate /etc/ssl/certs/niver.crt;
-	ssl_certificate_key /etc/ssl/private/niver.key;
+	ssl_certificate /etc/ssl/certs/servnest.crt;
+	ssl_certificate_key /etc/ssl/private/servnest.key;
 
-	root /srv/niver/subdomain/${subdomain}/;
+	root /srv/servnest/subdomain/${subdomain}/;
 }

mkosi.extra/etc/nginx/sites/subpath.conf

@@ -1,12 +1,12 @@
 server {
 	listen [::1]:42443 ssl http2;
 	listen 127.0.0.1:42443 ssl http2;
-	server_name ht.niver.test;
+	server_name ht.servnest.test;
 
 	include inc/ht-tls.conf;
 
-	ssl_certificate /etc/ssl/certs/niver.crt;
-	ssl_certificate_key /etc/ssl/private/niver.key;
+	ssl_certificate /etc/ssl/certs/servnest.crt;
+	ssl_certificate_key /etc/ssl/private/servnest.key;
 
-	root /srv/niver/subpath/;
+	root /srv/servnest/subpath/;
 }

mkosi.extra/etc/php/php-fpm.d/niver.conf

@@ -1,4 +1,4 @@
-[niver]
+[servnest]
 
 user = $pool
 group = knot

mkosi.extra/etc/php/php-fpm.d/servnest.conf

@@ -0,0 +1,24 @@
+[servnest]
+
+user = $pool
+group = knot
+
+listen = /run/php-fpm/$pool.sock
+
+listen.owner = nginx
+listen.group = nginx
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+access.log = /var/log/php/$pool-access.log
+
+catch_workers_output = yes
+decorate_workers_output = yes
+
+clear_env = yes
+
+security.limit_extensions = .php

mkosi.extra/etc/sudoers.d/niver

@@ -1,9 +0,0 @@
-niver ALL=(root)   NOPASSWD: /usr/bin/systemctl  reload nginx
-niver ALL=(root)   NOPASSWD: /usr/bin/systemctl  reload tor
-niver ALL=(root)   NOPASSWD: /usr/bin/chgrp     ^sftpgo /srv/niver/ht/[0-9a-f]{64} --no-dereference$
-niver ALL=(root)   NOPASSWD: /usr/bin/certbot   ^certonly( --test-cert)? --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
-niver ALL=(root)   NOPASSWD: /usr/bin/certbot   ^delete --quiet --cert-name ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
-niver ALL=(sftpgo) NOPASSWD: /usr/bin/rm        ^--recursive /srv/niver/ht/[0-9a-f]{64}$
-niver ALL=(tor)    NOPASSWD: /usr/bin/cat       ^/srv/niver/tor-keys/[0-9a-f]{64}/[a-zA-Z0-9_-]{1,64}/hostname$
-niver ALL=(tor)    NOPASSWD: /usr/bin/mkdir     ^--mode=0700 /srv/niver/tor-keys/[0-9a-f]{64}$
-niver ALL=(tor)    NOPASSWD: /usr/bin/rm        ^--recursive /srv/niver/tor-keys/[0-9a-f]{64}(/[a-zA-Z0-9_-]{1,64})?$

mkosi.extra/etc/sudoers.d/servnest

@@ -0,0 +1,9 @@
+servnest ALL=(root)   NOPASSWD: /usr/bin/systemctl  reload nginx
+servnest ALL=(root)   NOPASSWD: /usr/bin/systemctl  reload tor
+servnest ALL=(root)   NOPASSWD: /usr/bin/chgrp     ^sftpgo /srv/servnest/ht/[0-9a-f]{64} --no-dereference$
+servnest ALL=(root)   NOPASSWD: /usr/bin/certbot   ^certonly( --test-cert)? --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/servnest/acme --domain ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
+servnest ALL=(root)   NOPASSWD: /usr/bin/certbot   ^delete --quiet --cert-name ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
+servnest ALL=(sftpgo) NOPASSWD: /usr/bin/rm        ^--recursive /srv/servnest/ht/[0-9a-f]{64}$
+servnest ALL=(tor)    NOPASSWD: /usr/bin/cat       ^/srv/servnest/tor-keys/[0-9a-f]{64}/[a-zA-Z0-9_-]{1,64}/hostname$
+servnest ALL=(tor)    NOPASSWD: /usr/bin/mkdir     ^--mode=0700 /srv/servnest/tor-keys/[0-9a-f]{64}$
+servnest ALL=(tor)    NOPASSWD: /usr/bin/rm        ^--recursive /srv/servnest/tor-keys/[0-9a-f]{64}(/[a-zA-Z0-9_-]{1,64})?$

mkosi.extra/etc/tor/torrc

@@ -5,4 +5,4 @@ DataDirectory /var/lib/tor
 HiddenServiceNonAnonymousMode 1
 HiddenServiceSingleHopMode 1
 
-%include /srv/niver/tor-config/*
+%include /srv/servnest/tor-config/*

mkosi.postinst

@@ -3,47 +3,47 @@ source /etc/os-release
 
 # Create system users
 useradd -U -r -s /usr/sbin/nologin nginx
-useradd -U -r -s /usr/sbin/nologin niver
+useradd -U -r -s /usr/sbin/nologin servnest
 useradd -U -r -s /usr/sbin/nologin sftpgo
 
 # Set proper permissions
 
 chown -R knot:knot /var/lib/knot/confdb
 chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb
-usermod -aG knot niver
+usermod -aG knot servnest
 
 chown -R knot:knot /var/log/knot
 chmod -R u=rwX,g=,o= /var/log/knot
 
-chown -R niver:knot /srv/niver/ns
-chmod -R u=rwX,g=rwX,o= /srv/niver/ns
-chown -R niver:knot /srv/niver/reg
-chmod -R u=rwX,g=rwX,o= /srv/niver/reg
+chown -R servnest:knot /srv/servnest/ns
+chmod -R u=rwX,g=rwX,o= /srv/servnest/ns
+chown -R servnest:knot /srv/servnest/reg
+chmod -R u=rwX,g=rwX,o= /srv/servnest/reg
 
-chown -R niver:nginx /srv/niver/nginx /srv/niver/subpath /srv/niver/subdomain
-chmod -R u=rwX,g=rX,o= /srv/niver/nginx /srv/niver/subpath /srv/niver/subdomain
+chown -R servnest:nginx /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
+chmod -R u=rwX,g=rX,o= /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
 
 chown -R sftpgo:sftpgo /etc/sftpgo
 chmod -R u=rX,g=rX,o=rX /etc/sftpgo
 chmod u=r,g=,o= /etc/sftpgo/ed25519
 
-chown -R niver:sftpgo /srv/niver/ht
-chmod -R u=rwX,g=rwX,o=rX /srv/niver/ht
+chown -R servnest:sftpgo /srv/servnest/ht
+chmod -R u=rwX,g=rwX,o=rX /srv/servnest/ht
 
 if [[ $ID = "debian" ]]; then
-	chown -R niver:debian-tor /srv/niver/tor-config
-	chown -R debian-tor:debian-tor /srv/niver/tor-keys
+	chown -R servnest:debian-tor /srv/servnest/tor-config
+	chown -R debian-tor:debian-tor /srv/servnest/tor-keys
 else
-	chown -R niver:tor /srv/niver/tor-config
-	chown -R tor:tor /srv/niver/tor-keys
+	chown -R servnest:tor /srv/servnest/tor-config
+	chown -R tor:tor /srv/servnest/tor-keys
 fi
-chmod -R u=rwX,g=rX,o= /srv/niver/tor-config
-chmod -R u=rwX,g=,o= /srv/niver/tor-keys
+chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config
+chmod -R u=rwX,g=,o= /srv/servnest/tor-keys
 
-chown -R niver:nginx /srv/niver/core /srv/niver/errors
-chmod -R u=rX,g=rX,o= /srv/niver/core /srv/niver/errors
-chown -R niver:niver /srv/niver/core/db
-chmod -R u=rwX,g=,o= /srv/niver/core/db
+chown -R servnest:nginx /srv/servnest/core /srv/servnest/errors
+chmod -R u=rX,g=rX,o= /srv/servnest/core /srv/servnest/errors
+chown -R servnest:servnest /srv/servnest/core/db
+chmod -R u=rwX,g=,o= /srv/servnest/core/db
 
 # Load configuration in Knot database
 sudo -u knot knotc conf-import /etc/knot/knot.conf
@@ -53,11 +53,11 @@ sudo -u knot knotc conf-import /etc/knot/knot.conf
 export PHP_INI=/etc/php/php.ini
 
 if [[ $ID = "debian" ]]; then
-	rm /etc/php/8.1/fpm/php-fpm.conf
-	ln -s /etc/php/php-fpm.conf /etc/php/8.1/fpm/php-fpm.conf
-	ln -s /etc/php/php-fpm.d/ /etc/php/8.1/fpm/pool.d
+	rm /etc/php/8.2/fpm/php-fpm.conf
+	ln -s /etc/php/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf
+	ln -s /etc/php/php-fpm.d/ /etc/php/8.2/fpm/pool.d
 
-	export PHP_INI=/etc/php/8.1/fpm/php.ini
+	export PHP_INI=/etc/php/8.2/fpm/php.ini
 fi
 
 # Configure PHP-FPM properly
@@ -67,6 +67,7 @@ expose_php = Off
 display_errors = On
 extension = pdo_sqlite
 extension = sodium
+extension = gettext
 zend_extension = opcache
 opcache.jit_buffer_size = 32M
 EOF
@@ -75,10 +76,10 @@ EOF
 
 if [[ $ID = "debian" ]]; then
 	sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
-	sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/niver
-	sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/niver
-	sed -i 's/tor_service = "tor"/tor_service = "tor@default"/' /srv/niver/core/config.ini
-	sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/niver/core/config.ini
+	sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest
+	sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest
+	sed -i 's/tor_service = "tor"/tor_service = "tor@default"/' /srv/servnest/core/config.ini
+	sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini
 fi
 
 # Start SystemD services at startup

mkosi.prepare

@@ -8,15 +8,15 @@ rm -r /etc/nginx/*
 rm -r /etc/ssh/*
 rm /etc/tor/torrc
 if [[ $ID = "debian" ]]; then
-	rm -r /etc/php/8.1/fpm/pool.d
-	rm /usr/lib/tmpfiles.d/php8.1-fpm.conf
+	rm -r /etc/php/8.2/fpm/pool.d
+	rm /usr/lib/tmpfiles.d/php8.2-fpm.conf
 fi
 if [[ $ID = "arch" ]]; then
 	rm /etc/php/php-fpm.d/*
 fi
 
 # Generate default self-signed TLS key pair
-openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
+openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt
 
 # Generate OpenSSH server key pair
 ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
@@ -29,7 +29,12 @@ fp=($(ssh-keygen -l -f /etc/sftpgo/ed25519))
 echo ${fp[1]} > /etc/sftpgo/ed25519.fp
 ssh-keygen -lv -f /etc/sftpgo/ed25519 | tail -n +2 > /etc/sftpgo/ed25519.asciiart
 # Generate SSHFP record
-echo ht.niver.test. 86400 SSHFP 4 2 $(cut -d ' ' -f 2 /etc/sftpgo/ed25519.pub | base64 -d | sha256sum | cut -d ' ' -f 1) >> /srv/niver/reg/niver.test.zone
+echo ht.servnest.test. 86400 SSHFP 4 2 $(cut -d ' ' -f 2 /etc/sftpgo/ed25519.pub | base64 -d | sha256sum | cut -d ' ' -f 1) >> /srv/servnest/reg/servnest.test.zone
 
 # Create database
-sqlite3 /srv/niver/core/db/niver.db < /srv/niver/core/db/schema.sql
+sqlite3 /srv/servnest/core/db/servnest.db < /srv/servnest/core/db/schema.sql
+
+sqlite3 /srv/servnest/core/db/servnest.db <<< "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';"
+
+# Create translation Machine Objects files
+msgfmt /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.po -o /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo

mkosi.skeleton/etc/hosts

@@ -1,2 +1,2 @@
-::1 niver.test
-127.0.0.1 niver.test
+::1 servnest.test
+127.0.0.1 servnest.test

mkosi.skeleton/etc/sftpgo/banner.txt

@@ -1 +0,0 @@
-Niver

mkosi.skeleton/etc/sftpgo/sftpgo.toml

@@ -32,7 +32,7 @@ address = "127.0.0.1"
 
 [data_provider]
 driver = "memory"
-users_base_dir = "/srv/niver/ht"
+users_base_dir = "/srv/servnest/ht"
 external_auth_hook = "http://[::1]:8055/sftpgo-auth.php"
 external_auth_scope = 1
 naming_rules = 1

mkosi.skeleton/etc/systemd/system/php-fpm.service.d/override.conf

@@ -1,2 +1,2 @@
 [Service]
-ReadWritePaths=/srv/niver
+ReadWritePaths=/srv/servnest

mkosi.skeleton/etc/systemd/system/tor.service.d/override.conf

@@ -1,4 +1,4 @@
 [Service]
-ReadWritePaths=/srv/niver/tor-keys
+ReadWritePaths=/srv/servnest/tor-keys
 # To allow reloading service on Arch Linux
 CapabilityBoundingSet=CAP_KILL

mkosi.skeleton/srv/niver/reg/niver.test.zone

@@ -1,8 +0,0 @@
-niver.test.     10800 SOA  ns1.niver.test. admin.niver.test. 0 21600 7200 3628800 3600
-niver.test.     86400 NS   ns1.niver.test.
-niver.test.     10800 A    127.0.0.1
-niver.test.     10800 AAAA ::1
-ns1.niver.test. 10800 A    127.0.0.1
-ns1.niver.test. 10800 AAAA ::1
-ht.niver.test.  10800 A    127.0.0.1
-ht.niver.test.  10800 AAAA ::1

mkosi.skeleton/srv/servnest/core

@@ -0,0 +1 @@
+Subproject commit 3b97b3cc2f249b4f71b2fa4580fb4df25f47ed9e

mkosi.skeleton/srv/servnest/docs

@@ -0,0 +1 @@
+Subproject commit fbe714909c09701253c3f7e6254a2fab42b35161

mkosi.skeleton/srv/servnest/errors/default-ip.en.html

@@ -8,7 +8,7 @@
 	<body>
 		<h1>Nothing here</h1>
 		<p>
-			You reached Niver's default site using IP address. There's nothing for you here.
+			You reached the default site of this server using IP address. There's nothing for you here.
 		</p>
 		<small>HTTP <code>404</code></small>
 	</body>

mkosi.skeleton/srv/servnest/reg/servnest.test.zone

@@ -0,0 +1,9 @@
+servnest.test.      10800 SOA  ns1.servnest.test. admin.servnest.test. 0 21600 7200 3628800 3600
+servnest.test.      86400 NS   ns1.servnest.test.
+servnest.test.      10800 A    127.0.0.1
+servnest.test.      10800 AAAA ::1
+test.servnest.test. 86400 NS   ns1.servnest.test.
+ns1.servnest.test.  10800 A    127.0.0.1
+ns1.servnest.test.  10800 AAAA ::1
+ht.servnest.test.   10800 A    127.0.0.1
+ht.servnest.test.   10800 AAAA ::1

mkosi.skeleton/srv/servnest/reg/test.servnest.test.zone

@@ -0,0 +1,4 @@
+test.servnest.test.     10800 SOA  ns1.servnest.test. admin.servnest.test. 0 21600 7200 3628800 3600
+test.servnest.test.     86400 NS   ns1.servnest.test.
+test.servnest.test.     10800 A    127.0.0.1
+test.servnest.test.     10800 AAAA ::1