Cleaned up and merge other Linux snippit repo

Meged https://git.bprieshof.nl/brammp/linux into ./Linux

Linux/Scripts/Deb11Upgrade_Basic.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+#####################################################################
+# @description:                                                     #
+#   Debian 10 to Debian 11 upgrade tool for basic debian 10 system  #
+#                                                                   #
+# @author: Bram Prieshof                                            #
+#####################################################################
+
+#ScriptVars
+UpgradeDist=deb11
+InstalledOptions=("${SelectedOptions[@]}" "${EnabledAons[@]}")
+Sysup2Date=no
+
+#OS Detection
+dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release")
+dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")
+
+if [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
+ CurDist=deb10
+else
+ echo "This OS in not eligible for this upgrade"
+ exit
+fi
+
+#PackageManager-config
+PKGM=apt
+PKGUC="$PKGM update"
+PKGUP="$PKGM upgrade -y"
+PKGI="${PKGM} install -y --no-install-recommends"
+
+#Update current release
+if [ $Sysup2Date = no ]; then
+    echo "The system will now update the packages for the current release"
+    read -r -s -p $'Press enter to continue, or ctrl+c to quit'
+    $PKGUC
+    DEBIAN_FRONTEND=noninteractive $PKGUP -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
+    $PKGM dist-upgrade -y
+    $PKGM clean all
+    $PKGM autoremove -y
+    sed -i -e '/Sysup2Date=no/c\Sysup2Date=yes' "$0"
+    echo "The current release is up to date,"
+    echo "please reboot the system and re-run this scipt to continue"
+    exit
+fi
+
+echo "The system will now update the repositories to the new release and update all packages"
+read -r -s -p $'Press enter to continue, or ctrl+c to quit'
+
+#Update Debian repo's
+sed -i -e 's/buster/bullseye/g' -e 's#http://security.debian.org/debian-security#https://deb.debian.org/debian-security#g' -e 's#http://security.debian.org#https://deb.debian.org/debian-security#g' -e 's#bullseye/updates#bullseye-security#g'   /etc/apt/sources.list
+#Update Hetzner mirrror repo's
+sed -i -e 's/buster/bullseye/g' /etc/apt/sources.list.d/hetzner* -e 's#bullseye/updates#bullseye-security#g' /etc/apt/sources.list.d/hetzner*
+
+#Running updates
+$PKGM update
+DEBIAN_FRONTEND=noninteractive $PKGUP --without-new-pkgs -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
+DEBIAN_FRONTEND=noninteractive $PKGM full-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
+$PKGM autoremove -y
+
+echo "Upgrade finished, please reboot the system"

Linux/Scripts/GenMultiDomainSelfSignedCert.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+#Generate mutidomain self-signed certificate
+##brammp 2023##
+
+HostName=$(hostname)
+IPAddress=$(hostname -i)
+ServiceName=xRDP
+
+#OpenSSL Config
+cat <<EOF > customopenssl.cnf
+[req]
+distinguished_name = req_distinguished_name
+# The extensions to add to the self signed cert
+x509_extensions = v3_ca
+# Run non-interactively
+prompt = no
+#distinguished_name = req_distinguished_name
+#req_extensions     = req_ext
+
+[req_distinguished_name]
+# Certificate subject
+countryName = NL
+#stateOrProvinceName =
+#localityName = Sunnyvale
+organizationName = Home
+#organizationalUnitName =
+commonName = $ServiceName
+#emailAddress =
+
+[v3_ca]
+# Extensions for a typical CA - PKIX recommendation.
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always, issuer
+basicConstraints = CA:true
+
+[ v3_req ]
+# Extensions to add to a certificate request
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = $HostName
+DNS.2 = $IPAddress
+EOF
+
+#Generate Cert
+openssl genrsa -out key.pem 2048
+openssl req -new -out csr.pem -key key.pem -config customopenssl.cnf
+openssl x509 -req -days 3650 -in csr.pem -signkey key.pem -out cert.pem -extensions v3_req -extfile customopenssl.cnf
+
+
+# Cleanup
+rm -f customopenssl.cnf csr.pem

Linux/Scripts/MicroNas/Centos-MicroNas.sh

@@ -0,0 +1,58 @@
+#ProxmoxCT Note use privileged container with nesting enabled  #
+
+#EPEL Repo
+rpm --rebuilddb
+dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
+
+#Webmin repo
+cat << 'EOF' >> /etc/yum.repos.d/webmin.repo 
+[Webmin]
+name=Webmin
+#baseurl=https://download.webmin.com/download/yum
+mirrorlist=https://download.webmin.com/download/yum/mirrorlist
+enabled=1
+EOF
+rpm --import https://download.webmin.com/jcameron-key.asc
+
+#Install
+dnf --setopt=install_weak_deps=False --best --refresh -y install samba samba-common cronie nfs-utils webmin openssh-server nano nload htop avahi wsdd
+
+#Webin config
+service webmin stop
+systemctl start webmin
+sed -i -e '/port=/c\port=80' -e 's/ssl=/c\ssl=0/g' -e 's/ipv6=/c\ipv6=0/g' /etc/webmin/miniserv.conf
+echo "servers=Services & Tools" >> /etc/webmin/webmin.catnames
+cat << 'EOF' >> /etc/webmin/webmin.cats
+filter=cluster 
+exports=servers
+filemin=servers
+useradmin=servers
+mailboxes=
+EOF
+
+#Samba config
+sed -i -e '/map to guest =/c\map to guest = never' /etc/samba/smb.conf
+
+#Avahi config
+cat << 'EOF' >> /etc/avahi/services/smb.service
+<?xml version="1.0" standalone='no'?>
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+ <name replace-wildcards="yes">%h</name>
+ <service>
+   <type>_smb._tcp</type>
+   <port>445</port>
+ </service>
+ <service>
+   <type>_device-info._tcp</type>
+   <port>0</port>
+   <txt-record>model=RackMac</txt-record>
+ </service>
+</service-group>
+EOF
+
+#Restart services
+service webmin stop
+systemctl enable --now smb nfs-server webmin avahi-daemon wsdd
+systemctl restart smb nfs-server webmin avahi-daemon wsdd

Linux/Scripts/MicroNas/Debian-MicroNas.sh

@@ -0,0 +1,55 @@
+#ProxmoxCT Note use privileged container with nesting enabled  #
+
+#Prerequisite packages
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends wget gnupg2 apt-transport-https -y
+
+#Webin repo
+wget -qO - https://download.webmin.com/jcameron-key.asc | sudo apt-key add -
+echo "deb https://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list
+
+#Wsdd(Web Service Discovery host daemon) repo
+wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key|apt-key add -
+echo "deb https://pkg.ltec.ch/public/ `lsb_release -cs` main" > /etc/apt/sources.list.d/wsdd.list
+
+#Install
+apt update
+debconf-set-selections <<<"samba-common samba-common/do_debconf boolean true"
+apt install --no-install-recommends samba samba-vfs-modules cron nfs-kernel-server webmin openssh-server nano nload htop avahi-daemon avahi-utils wsdd -y
+
+#Webmin config
+sed -i -e '/port=/c\port=80' -e 's/ssl=/c\ssl=0/g' -e 's/ipv6=/c\ipv6=0/g' /etc/webmin/miniserv.conf
+echo "servers=Services & Tools" >> /etc/webmin/webmin.catnames
+cat << 'EOF' >> /etc/webmin/webmin.cats
+filter=cluster 
+exports=servers
+filemin=servers
+useradmin=servers
+mailboxes=
+EOF
+
+
+#Samba config
+sed -i -e '/map to guest =/c\map to guest = never' /etc/samba/smb.conf
+
+#Avahi config
+cat << 'EOF' >> /etc/avahi/services/smb.service
+<?xml version="1.0" standalone='no'?>
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+ <name replace-wildcards="yes">%h</name>
+ <service>
+   <type>_smb._tcp</type>
+   <port>445</port>
+ </service>
+ <service>
+   <type>_device-info._tcp</type>
+   <port>0</port>
+   <txt-record>model=RackMac</txt-record>
+ </service>
+</service-group>
+EOF
+
+#Restart services
+systemctl enable --now smbd nfs-kernel-server webmin avahi-daemon wsdd
+systemctl restart smbd nfs-kernel-server webmin avahi-daemon wsdd

Linux/Scripts/Mysql-alternate-Repo-Setup-DebUbu.sh

@@ -0,0 +1,5 @@
+Dist=$(grep -oP '(?<=^ID=).+' /etc/os-release | tr -d '"')
+DistVersion=$(grep -oP '(?<=^VERSION_CODENAME=).+' /etc/os-release | tr -d '"')
+
+wget -qO - http://repo.mysql.com/RPM-GPG-KEY-mysql | apt-key add -
+echo "deb http://repo.mysql.com/apt/"$Dist"/ "$DistVersion" mysql-8.0" >/etc/apt/sources.list.d/mysql.list

Linux/Scripts/Ufw-AddCustomRule-SSH_4242.sh

@@ -0,0 +1,39 @@
+###############################################################
+# @description:                                               #
+#   Add Custom rule to UFW for limiting ssh(4242/tcp)         #
+#                                                             #
+# @author: Bram Prieshof                                      #
+###############################################################
+
+#Sed in a function to detect line from $FindLine and insert the content of $AddLine on a new line above the match
+UpdateFile () {
+    file="$1"
+    sed -i 's/'"$FindLine"'/'"$AddLine"'\n&/g' $file
+    unset FindLine AddLine
+}
+
+#Delete Existng SSH(4242/tcp) rule(s)
+ufw delete limit 4242/tcp
+
+#Add needed filters (IPv4)
+FindLine="# End required lines"
+AddLine=":ufw-user-limit - [0:0]\n:ufw-user-limit-accept - [0:0]"
+UpdateFile /etc/ufw/after.rules
+
+#Add needed filters (IPv6)
+FindLine="# End required lines"
+AddLine=":ufw6-user-limit - [0:0]\n:ufw6-user-limit-accept - [0:0]"
+UpdateFile /etc/ufw/after6.rules
+
+#Add custom SSH(4242/tcp) limit rule (IPv4)
+FindLine="# don't delete the 'COMMIT' line or these rules won't be processed"
+AddLine="### SSH limit tcp\n-A ufw-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --set\n-A ufw-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 15 -j ufw-user-limit\n-A ufw-after-input -p tcp --dport 4242 -j ufw-user-limit-accept\n"
+UpdateFile /etc/ufw/after.rules
+
+#Add custom SSH(4242/tcp) limit rule (IPv6)
+FindLine="# don't delete the 'COMMIT' line or these rules won't be processed"
+AddLine="### SSH limit tcp\n-A ufw6-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --set\n-A ufw6-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 15 -j ufw6-user-limit\n-A ufw6-after-input -p tcp --dport 4242 -j ufw6-user-limit-accept\n"
+UpdateFile /etc/ufw/after6.rules
+
+#Reload ufw rules
+ufw reload

Linux/Scripts/Web/kweb.sh

@@ -0,0 +1,10 @@
+service php-fpm53 stop
+service php-fpm54 stop
+service php-fpm55 stop
+service php-fpm56 stop
+service php-fpm70 stop
+service php-fpm71 stop
+service php-fpm72 stop
+service php-fpm73 stop
+service httpd stop
+service nginx stop

Linux/Scripts/Web/rweb.sh

@@ -0,0 +1,10 @@
+service php-fpm53 restart
+service php-fpm54 restart
+service php-fpm55 restart
+service php-fpm56 restart
+service php-fpm70 restart
+service php-fpm71 restart
+service php-fpm72 restart
+service php-fpm73 restart
+service httpd restart
+service nginx restart

Linux/Scripts/Web/servstat.sh

@@ -0,0 +1,10 @@
+service php-fpm53 status
+service php-fpm54 status
+service php-fpm55 status
+service php-fpm56 status
+service php-fpm70 status
+service php-fpm71 status
+service php-fpm72 status
+service php-fpm73 status
+service httpd status
+service nginx status

Linux/Scripts/Web/sweb.sh

@@ -0,0 +1,10 @@
+service php-fpm53 start
+service php-fpm54 start
+service php-fpm55 start
+service php-fpm56 start
+service php-fpm70 start
+service php-fpm71 start
+service php-fpm72 start
+service php-fpm73 start
+service httpd start
+service nginx start

Linux/Scripts/detect-os-V1.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+source /etc/os-release
+
+#echo used Vars for testing only
+echo $VERSION
+
+#formaring $VERSION to a useable fromat
+VERSION=$(echo $VERSION | grep -o '[0-9]\+.' | tr -d '\n')
+
+#echo used Vars for testing only
+echo $ID
+echo $VERSION
+
+#example if statement
+
+if [ "$ID" = "debian" ]; then
+	echo "Execute Commands"
+elif [ "$ID" = "ubuntu" ]; then
+    echo "Executue Ubuntu version detection"
+    if [[ "$VERSION" == "18.04"* ]]; then
+            echo "this ubuntu Ubuntu 18.04"
+		elif [[ "$VERSION" == "16.04"* ]]; then
+        	echo "this ubuntu 16.04"
+        else 
+            echo "this version of ubuntu is not yet supported"
+      fi  
+elif [ "$ID" = "centos" ]; then
+    echo "Executue Centos Commands"
+elif [ "$ID" = "rhel" ]; then
+    echo "Executue Red hat enterpise Linux Commands"
+else 
+	echo "this OS is not yet supported"
+fi

Linux/Scripts/detect-os-V2.sh

@@ -0,0 +1,21 @@
+dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release")
+dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")
+
+if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then
+ echo "Ubuntu 18.04 Detected"
+ shortdist=ubu1804
+elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then
+ echo "Ubuntu 20.04 Detected"
+ shortdist=ubu2004 
+elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
+ echo "Debian 10 Detected"
+ shortdist=deb10 
+elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
+ echo "Centos 8 Detected"
+ shortdist=cent10 
+else
+ echo "This OS in not supported"
+fi
+
+unset dist_ver
+unset dist

Linux/Scripts/git-UpdateCheck.sh

@@ -0,0 +1,18 @@
+#Git update checker
+## Will folow localy checked-out branch
+## Make sure localy altered files (config,upload folder, etc) are setup in .gitignore
+git remote update
+
+UPSTREAM=${1:-'@{u}'}
+LOCAL=$(git rev-parse @)
+REMOTE=$(git rev-parse "$UPSTREAM")
+BASE=$(git merge-base @ "$UPSTREAM")
+
+if [ $LOCAL = $REMOTE ]; then
+    echo "Up-to-date"
+elif [ $LOCAL = $BASE ]; then
+    echo "Update available, Pulling form git"
+    git pull
+else
+    echo "Diverged"
+fi

Linux/Scripts/sftpSpliting.sh

@@ -0,0 +1,43 @@
+###
+#Declarring vars for testing
+domain=Domain.exp
+###
+
+#Pre-confiuring Env
+webname=$(sed -e 's/\.[a-z]*$//' <<< $domain)
+webname=$(sed 's/\./-/g'  <<< $webname)
+apt install bindfs -y
+
+
+#creating SFTP-user 
+groupadd $webname
+useradd $webname -g $webname
+mkdir -p /home/$webname/.ssh
+echo "ExampleKey" >> /home/$webname/.ssh/authorized_keys
+chown -R $webname:$webname /home/$webname
+
+
+#creating folder and setting mount
+mkdir -p /web/$webname/html
+chmod 755 /web
+chmod 755 /web/$webname
+chown $webname:$webname /web/$webname/html
+mkdir -p /var/www/$domain
+chown www-data:www-data /var/www/$domain
+echo "bindfs#/var/www/$domain /web/$webname/html fuse force-user=${webname},force-group=${webname},create-for-user=www-data,create-for-group=www-data,create-with-perms=0770,chgrp-ignore,chown-ignore,chmod-ignore 0 0" >> /etc/fstab
+
+
+#Configuring sshd for SFTP only user
+sed -i 's/Subsystem\s*sftp\s*\/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/g' /etc/ssh/sshd_config
+cat <<EOF >> /etc/ssh/sshd_config
+#Begin of $webname 
+   Match User $webname
+   ChrootDirectory /web/$webname
+   ForceCommand internal-sftp
+   X11Forwarding no
+   AllowTcpForwarding no
+#End of $webname 
+EOF
+service sshd restart
+
+mount -a

Linux/Scripts/tc/Setup-TC-Generic-Kiosk.sh

@@ -0,0 +1,168 @@
+#!/bin/bash
+
+#########Tested on#########
+##     Debian 9(i386)    ##
+# Hp t5740e               #
+##     Debian 9(amd64)   ##
+# Dell Optiplex Fx160     #
+###########################
+
+
+echo "Debian 9 Thin client install script."
+echo "Full url including http(s)://:"
+read url
+
+
+apt update
+
+# get software
+apt install xorg chromium openbox lightdm nedit locales spacefm sudo gmessage unattended-upgrades plymouth plymouth-themes -y
+
+# dir
+mkdir -p /home/kiosk/.config/openbox
+
+mkdir -p /home/kiosk/Bureaublad
+# create group
+groupadd kiosk
+
+# create user if not exists
+id -u kiosk &>/dev/null || useradd -m kiosk -g kiosk -s /bin/bash 
+
+# rights
+chown -R kiosk:kiosk /home/kiosk
+
+# create config
+echo oldurl=${url} > /var/log/browserurl.log
+
+sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
+
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/gui/grub-4x3.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-4x3.png
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/gui/grub-16x9.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-16x9.png
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/gui/joy-ictm.tar.gz -O /tmp/joy-ictm.tar.gz
+tar -zxf /tmp/joy-ictm.tar.gz -C /usr/share/plymouth/themes/
+
+sed -i 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|g' /etc/default/grub
+sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT="quiet"|GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"|g' /etc/default/grub
+update-grub
+plymouth-set-default-theme -R joy-ictm
+
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/20auto-upgrades -O /etc/apt/apt.conf.d/20auto-upgrades
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/50unattended-upgrades -O /etc/apt/apt.conf.d/50unattended-upgrades
+
+if [ -e "/etc/lightdm/lightdm.conf" ]; then
+  mv /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.backup
+fi
+cat > /etc/lightdm/lightdm.conf << EOF
+[SeatDefaults]
+autologin-user=kiosk
+EOF
+
+# create autostart
+if [ -e "/home/kiosk/.config/openbox/autostart" ]; then
+  mv /home/kiosk/.config/openbox/autostart /home/kiosk/.config/openbox/autostart.backup
+fi
+
+cat > /home/kiosk/.config/openbox/autostart << EOF
+#!/bin/bash
+sleep 1; spacefm --desktop &
+  chromium \
+    --no-first-run \
+    --disable \
+    --disable-translate \
+    --disable-infobars \
+    --disable-suggestions-service \
+    --disable-save-password-bubble \
+    --disable-session-crashed-bubble \
+    --incognito \
+	"${url}"
+EOF
+
+#creating app files
+
+cat > /home/kiosk/Bureaublad/chromium.desktop << EOF
+[Desktop Entry]
+Version=1.0
+Name=Chromium 
+GenericName=Web Browser
+GenericName[nl]=Webbrowser
+Comment=Access the Internet
+Comment[nl]=Verbinding maken met internet
+Exec=/usr/bin/chromium --no-first-run --disable --disable-translate --disable-infobars --disable-suggestions-service --disable-save-password-bubble --disable-session-crashed-bubble --incognito ${url}
+Terminal=false
+X-MultipleArgs=false
+Type=Application
+Icon=chromium.png
+Categories=Network;WebBrowser;
+MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;
+StartupWMClass=chromium
+StartupNotify=true
+EOF
+
+cat > /home/kiosk/Bureaublad/nedit.desktop << EOF
+[Desktop Entry]
+Version=1.0
+Name=NEdit
+Name[en]=NEdit 
+Name[nl]=NEdit
+Exec=nedit-nc %F
+Icon=nedit
+Terminal=false
+Type=Application
+MimeType=text/plain;
+Categories=Motif;Utility;TextTools;
+Keywords=Customizable;Scripts;Powerful;
+GenericName=Text Editor
+GenericName[en]=Text Editor
+GenericName[nl]=Tekstverwerker
+EOF
+
+cat > /home/kiosk/Bureaublad/shutdown.desktop << EOF
+[Desktop Entry]
+Encoding=UTF-8
+Version=1.0
+Type=Application
+Terminal=false
+Exec=shutdown-menu
+Name=Shutdown
+Icon=/usr/share/icons/Adwaita/64x64/actions/system-shutdown-symbolic.symbolic.png
+EOF
+
+cp -r /home/kiosk/Bureaublad/ /home/kiosk/Desktop
+
+# rights for apps folder
+chown -R kiosk:kiosk /home/kiosk/Bureaublad
+chown -R kiosk:kiosk /home/kiosk/Desktop
+
+
+# setting user power privileges
+cat > /etc/sudoers.d/powerctl << EOF
+# Cmnd alias specification
+Cmnd_Alias      SHUTDOWN = /sbin/shutdown
+Cmnd_Alias      REBOOT = /sbin/reboot
+
+# User privilege specification
+kiosk ALL=SHUTDOWN
+kiosk ALL=NOPASSWD: SHUTDOWN
+kiosk ALL=REBOOT
+kiosk ALL=NOPASSWD: REBOOT
+EOF
+
+cat > /usr/bin/shutdown-menu << EOF
+gmessage "Weet u zeker dat u de computer wilt afsluiten?" -center -title "Shutdown" -font "Sans bold 10" -default "Cancel" -buttons "_Annuleren":1,"_Opnieuw opstarten":3,"_Afsluiten":4 >/dev/null
+
+case \$? in
+1)
+echo "Exit";;
+3)
+pkill spacefm
+sudo shutdown -r now;;
+4)
+pkill spacefm
+sudo shutdown -h now;;
+esac
+EOF
+chmod 775 /usr/bin/shutdown-menu
+
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/update-url.sh -O /root/update-url.sh 
+
+echo "Done!"

Linux/Scripts/tc/Setup-TC-t510-Kiosk.sh

@@ -0,0 +1,176 @@
+#!/bin/bash
+
+#######Made for:#######
+##     Debian 9      ##
+# Hp t510             #
+#######################
+
+echo "Debian 9 Thin client install script."
+echo "Full url including http(s)://:"
+read url
+
+apt-get update
+
+
+# get software
+apt-get install xorg chromium openbox lightdm nedit locales spacefm sudo gmessage unattended-upgrades plymouth plymouth-themes xserver-xorg-video-openchrome -y
+
+# dir
+mkdir -p /home/kiosk/.config/openbox
+mkdir -p /home/kiosk/Bureaublad
+
+# create group
+groupadd kiosk
+
+# create user if not exists
+id -u kiosk &>/dev/null || useradd -m kiosk -g kiosk -s /bin/bash 
+
+# rights
+chown -R kiosk:kiosk /home/kiosk
+
+# create config
+echo oldurl=${url} > /var/log/browserurl.log
+
+sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
+
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/gui/grub-4x3.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-4x3.png
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/gui/grub-16x9.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-16x9.png
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/gui/joy-ictm.tar.gz -O /tmp/joy-ictm.tar.gz
+tar -zxf /tmp/joy-ictm.tar.gz -C /usr/share/plymouth/themes/
+
+sed -i 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|g' /etc/default/grub
+sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT="quiet"|GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"|g' /etc/default/grub
+update-grub
+plymouth-set-default-theme -R joy-ictm
+
+
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/20auto-upgrades -O /etc/apt/apt.conf.d/20auto-upgrades
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/config/50unattended-upgrades -O /etc/apt/apt.conf.d/50unattended-upgrades
+
+if [ -e "/etc/lightdm/lightdm.conf" ]; then
+  mv /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.backup
+fi
+cat > /etc/lightdm/lightdm.conf << EOF
+[SeatDefaults]
+autologin-user=kiosk
+EOF
+
+# create autostart
+if [ -e "/home/kiosk/.config/openbox/autostart" ]; then
+  mv /home/kiosk/.config/openbox/autostart /home/kiosk/.config/openbox/autostart.backup
+fi
+
+cat > /home/kiosk/.config/openbox/autostart << EOF
+#!/bin/bash
+sleep 1; spacefm --desktop &
+  chromium \
+    --no-first-run \
+    --disable \
+    --disable-translate \
+    --disable-infobars \
+    --disable-suggestions-service \
+    --disable-save-password-bubble \
+    --disable-session-crashed-bubble \
+    --incognito \
+	"${url}"
+EOF
+
+#creating app files
+
+cat > /home/kiosk/Bureaublad/chromium.desktop << EOF
+[Desktop Entry]
+Version=1.0
+Name=Chromium 
+GenericName=Web Browser
+GenericName[nl]=Webbrowser
+Comment=Access the Internet
+Comment[nl]=Verbinding maken met internet
+Exec=/usr/bin/chromium --no-first-run --disable --disable-translate --disable-infobars --disable-suggestions-service --disable-save-password-bubble --disable-session-crashed-bubble --incognito ${url}
+Terminal=false
+X-MultipleArgs=false
+Type=Application
+Icon=chromium.png
+Categories=Network;WebBrowser;
+MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;
+StartupWMClass=chromium
+StartupNotify=true
+EOF
+
+cat > /home/kiosk/Bureaublad/nedit.desktop << EOF
+[Desktop Entry]
+Version=1.0
+Name=NEdit
+Name[en]=NEdit 
+Name[nl]=NEdit
+Exec=nedit-nc %F
+Icon=nedit
+Terminal=false
+Type=Application
+MimeType=text/plain;
+Categories=Motif;Utility;TextTools;
+Keywords=Customizable;Scripts;Powerful;
+GenericName=Text Editor
+GenericName[en]=Text Editor
+GenericName[nl]=Tekstverwerker
+EOF
+
+cat > /home/kiosk/Bureaublad/shutdown.desktop << EOF
+[Desktop Entry]
+Encoding=UTF-8
+Version=1.0
+Type=Application
+Terminal=false
+Exec=shutdown-menu
+Name=Shutdown
+Icon=/usr/share/icons/Adwaita/64x64/actions/system-shutdown-symbolic.symbolic.png
+EOF
+
+cp -r /home/kiosk/Bureaublad/ /home/kiosk/Desktop
+
+# rights for apps folder
+chown -R kiosk:kiosk /home/kiosk/Bureaublad
+chown -R kiosk:kiosk /home/kiosk/Desktop
+
+
+# setting user power privileges
+cat > /etc/sudoers.d/powerctl << EOF
+# Cmnd alias specification
+Cmnd_Alias      SHUTDOWN = /sbin/shutdown
+Cmnd_Alias      REBOOT = /sbin/reboot
+
+# User privilege specification
+kiosk ALL=SHUTDOWN
+kiosk ALL=NOPASSWD: SHUTDOWN
+kiosk ALL=REBOOT
+kiosk ALL=NOPASSWD: REBOOT
+EOF
+
+cat > /usr/bin/shutdown-menu << EOF
+gmessage "Weet u zeker dat u de computer wilt afsluiten?" -center -title "Shutdown" -font "Sans bold 10" -default "Cancel" -buttons "_Annuleren":1,"_Opnieuw opstarten":3,"_Afsluiten":4 >/dev/null
+
+case \$? in
+1)
+echo "Exit";;
+3)
+pkill spacefm
+sudo shutdown -r now;;
+4)
+pkill spacefm
+sudo shutdown -h now;;
+esac
+EOF
+chmod 775 /usr/bin/shutdown-menu
+
+
+wget https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/update-url.sh -O /root/update-url.sh 
+
+cat > /etc/modprobe.d/blacklist-framebuffer.conf << EOF
+blacklist tridentfb
+blacklist vesafb
+blacklist vfb
+blacklist viafb
+blacklist vt8623fb
+blacklist udlfb
+EOF
+
+echo "Done!"

Linux/Scripts/tc/config/20auto-upgrades

@@ -0,0 +1,4 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";

Linux/Scripts/tc/config/50unattended-upgrades

@@ -0,0 +1,25 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";
+Unattended-Upgrade::Mail "root";
+
+// Automatically upgrade packages from these 
+Unattended-Upgrade::Origins-Pattern {
+      "o=Debian,a=stable";
+      "o=Debian,a=stable-updates";
+      "o=Debian,a=proposed-updates";
+      "origin=Debian,codename=${distro_codename},label=Debian-Security";
+};
+
+// You can specify your own packages to NOT automatically upgrade here
+Unattended-Upgrade::Package-Blacklist {
+//      "vim";
+//      "libc6";
+//      "libc6-dev";
+//      "libc6-i686";
+
+};
+
+Unattended-Upgrade::MailOnlyOnError "false";
+Unattended-Upgrade::Automatic-Reboot "false";

Linux/Scripts/tc/debian-generic-preseed.txt

@@ -0,0 +1,277 @@
+#### Contents of the preconfiguration file (for stretch)
+### Localization
+# Preseeding only locale sets language, country and locale.
+#d-i debian-installer/locale string en_US
+
+# The values can also be preseeded individually for greater flexibility.
+d-i debian-installer/language string nl
+d-i debian-installer/country string NL
+d-i debian-installer/locale string nl_NL.UTF-8
+# Optionally specify additional locales to be generated.
+#d-i localechooser/supported-locales multiselect en_US.UTF-8, nl_NL.UTF-8
+
+# Keyboard selection.
+d-i keyboard-configuration/xkb-keymap select us
+# d-i keyboard-configuration/toggle select No toggling
+
+### Network configuration
+# Disable network configuration entirely. This is useful for cdrom
+# installations on non-networked devices where the network questions,
+# warning and long timeouts are a nuisance.
+#d-i netcfg/enable boolean false
+
+# netcfg will choose an interface that has link if possible. This makes it
+# skip displaying a list if there is more than one interface.
+d-i netcfg/choose_interface select auto
+
+# To pick a particular interface instead:
+#d-i netcfg/choose_interface select eth1
+
+# To set a different link detection timeout (default is 3 seconds).
+# Values are interpreted as seconds.
+#d-i netcfg/link_wait_timeout string 10
+
+# If you have a slow dhcp server and the installer times out waiting for
+# it, this might be useful.
+#d-i netcfg/dhcp_timeout string 60
+#d-i netcfg/dhcpv6_timeout string 60
+
+# If you prefer to configure the network manually, uncomment this line and
+# the static network configuration below.
+#d-i netcfg/disable_autoconfig boolean true
+
+
+# Any hostname and domain names assigned from dhcp take precedence over
+# values set here. However, setting the values still prevents the questions
+# from being shown, even if values come from dhcp.
+d-i netcfg/get_hostname string Thin-Client
+d-i netcfg/get_domain string 
+
+# If you want to force a hostname, regardless of what either the DHCP
+# server returns or what the reverse DNS entry for the IP is, uncomment
+# and adjust the following line.
+#d-i netcfg/hostname string somehost
+
+# Disable that annoying WEP key dialog.
+d-i netcfg/wireless_wep string
+# The wacky dhcp hostname that some ISPs use as a password of sorts.
+#d-i netcfg/dhcp_hostname string radish
+
+# If non-free firmware is needed for the network or other hardware, you can
+# configure the installer to always try to load it, without prompting. Or
+# change to false to disable asking.
+#d-i hw-detect/load_firmware boolean true
+
+### Network console
+# Use the following settings if you wish to make use of the network-console
+# component for remote installation over SSH. This only makes sense if you
+# intend to perform the remainder of the installation manually.
+#d-i anna/choose_modules string network-console
+#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key
+#d-i network-console/password password r00tme
+#d-i network-console/password-again password r00tme
+
+### Mirror settings
+# If you select ftp, the mirror/country string does not need to be set.
+#d-i mirror/protocol string ftp
+d-i mirror/country string manual
+d-i mirror/http/hostname string ftp.nl.debian.org
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+# Suite to install.
+#d-i mirror/suite string testing
+# Suite to use for loading installer components (optional).
+#d-i mirror/udeb/suite string testing
+
+### Account setup
+# Skip creation of a root account (normal user account will be able to
+# use sudo).
+#d-i passwd/root-login boolean false
+# Alternatively, to skip creation of a normal user account.
+d-i passwd/make-user boolean false
+
+# Root password, either in clear text
+#d-i passwd/root-password password r00tme
+#d-i passwd/root-password-again password r00tme
+# or encrypted using a crypt(3)  hash.
+#d-i passwd/root-password-crypted password [crypt(3) hash]
+
+
+### Clock and time zone setup
+# Controls whether or not the hardware clock is set to UTC.
+d-i clock-setup/utc boolean true
+
+# You may set this to any valid setting for $TZ; see the contents of
+# /usr/share/zoneinfo/ for valid values.
+d-i time/zone string Europe/Amsterdam
+
+# Controls whether to use NTP to set the clock during the install
+d-i clock-setup/ntp boolean true
+# NTP server to use. The default is almost always fine here.
+#d-i clock-setup/ntp-server string ntp.example.com
+
+### Partitioning
+## Partitioning example
+# If the system has free space you can choose to only partition that space.
+# This is only honoured if partman-auto/method (below) is not set.
+#d-i partman-auto/init_automatically_partition select biggest_free
+
+# Alternatively, you may specify a disk to partition. If the system has only
+# one disk the installer will default to using that, but otherwise the device
+# name must be given in traditional, non-devfs format (so e.g. /dev/sda
+# and not e.g. /dev/discs/disc0/disc).
+# For example, to use the first SCSI/SATA hard disk:
+#d-i partman-auto/disk string /dev/sda
+# In addition, you'll need to specify the method to use.
+# The presently available methods are:
+# - regular: use the usual partition types for your architecture
+# - lvm:     use LVM to partition the disk
+# - crypto:  use LVM within an encrypted partition
+d-i partman-auto/method string regular
+
+# If one of the disks that are going to be automatically partitioned
+# contains an old LVM configuration, the user will normally receive a
+# warning. This can be preseeded away...
+#d-i partman-lvm/device_remove_lvm boolean true
+# The same applies to pre-existing software RAID array:
+d-i partman-md/device_remove_md boolean true
+# And the same goes for the confirmation to write the lvm partitions.
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+
+# You can choose one of the three predefined partitioning recipes:
+# - atomic: all files in one partition
+# - home:   separate /home partition
+# - multi:  separate /home, /var, and /tmp partitions
+d-i partman-auto/choose_recipe select atomic
+
+
+
+# This makes partman automatically partition without confirmation.
+d-i partman-md/confirm boolean true
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+## Controlling how partitions are mounted
+# The default is to mount by UUID, but you can also choose "traditional" to
+# use traditional device names, or "label" to try filesystem labels before
+# falling back to UUIDs.
+#d-i partman/mount_style select uuid
+
+### Base system installation
+# Configure APT to not install recommended packages by default. Use of this
+# option can result in an incomplete system and should only be used by very
+# experienced users.
+#d-i base-installer/install-recommends boolean false
+
+# The kernel image (meta) package to be installed; "none" can be used if no
+# kernel is to be installed.
+#d-i base-installer/kernel/image string linux-image-686
+
+### Apt setup
+# You can choose to install non-free and contrib software.
+d-i apt-setup/non-free boolean true
+d-i apt-setup/contrib boolean true
+
+# Uncomment this to add multiarch configuration for i386
+#d-i apt-setup/multiarch string i386
+
+
+### Package selection
+tasksel tasksel/first multiselect standard
+
+# Individual additional packages to install
+d-i pkgsel/include string openssh-server xorg chromium openbox lightdm nedit locales spacefm sudo gmessage unattended-upgrades plymouth plymouth-themes
+
+# Some versions of the installer can report back on what software you have
+# installed, and what software you use. The default is not to report back,
+# but sending reports helps the project determine what software is most
+# popular and include it on CDs.
+#popularity-contest popularity-contest/participate boolean false
+
+### Boot loader installation
+# Grub is the default boot loader (for x86). If you want lilo installed
+# instead, uncomment this:
+#d-i grub-installer/skip boolean true
+# To also skip installing lilo, and install no bootloader, uncomment this
+# too:
+#d-i lilo-installer/skip boolean true
+
+
+# This is fairly safe to set, it makes grub install automatically to the MBR
+# if no other operating system is detected on the machine.
+###d-i grub-installer/only_debian boolean true
+
+# This one makes grub-installer install to the MBR if it also finds some other
+# OS, which is less safe as it might not be able to boot that other OS.
+###d-i grub-installer/with_other_os boolean true
+
+# Due notably to potential USB sticks, the location of the MBR can not be
+# determined safely in general, so this needs to be specified:
+#d-i grub-installer/bootdev  string /dev/sda
+# To install to the first device (assuming it is not a USB stick):
+#d-i grub-installer/bootdev  string default
+
+
+# Use the following option to add additional boot parameters for the
+# installed system (if supported by the bootloader installer).
+# Note: options passed to the installer will be added automatically.
+#d-i debian-installer/add-kernel-opts string nousb
+
+### Finishing up the installation
+# During installations from serial console, the regular virtual consoles
+# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
+# line to prevent this.
+#d-i finish-install/keep-consoles boolean true
+
+# Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
+
+# This will prevent the installer from ejecting the CD during the reboot,
+# which is useful in some situations.
+#d-i cdrom-detect/eject boolean false
+
+# This is how to make the installer shutdown when finished, but not
+# reboot into the installed system.
+#d-i debian-installer/exit/halt boolean true
+# This will power off the machine instead of just halting it.
+#d-i debian-installer/exit/poweroff boolean true
+
+### Preseeding other packages
+# Depending on what software you choose to install, or if things go wrong
+# during the installation process, it's possible that other questions may
+# be asked. You can preseed those too, of course. To get a list of every
+# possible question that could be asked during an install, do an
+# installation, and then run these commands:
+#   debconf-get-selections --installer > file
+#   debconf-get-selections >> file
+
+
+#### Advanced options
+### Running custom commands during the installation
+# d-i preseeding is inherently not secure. Nothing in the installer checks
+# for attempts at buffer overflows or other exploits of the values of a
+# preconfiguration file like this one. Only use preconfiguration files from
+# trusted locations! To drive that home, and because it's generally useful,
+# here's a way to run any shell command you'd like inside the installer,
+# automatically.
+
+# This first command is run as early as possible, just after
+# preseeding is read.
+#d-i preseed/early_command string anna-install some-udeb
+# This command is run immediately before the partitioner starts. It may be
+# useful to apply dynamic partitioner preseeding that depends on the state
+# of the disks (which may not be visible when preseed/early_command runs).
+#d-i partman/early_command \
+#       string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
+# This command is run just before the install finishes, but when there is
+# still a usable /target directory. You can chroot to /target and use it
+# directly, or use the apt-install and in-target commands to easily install
+# packages and run commands in the target system.
+d-i preseed/late_command string \
+in-target wget -O /root/Setup-TC-Generic-Kiosk.sh https://git.bprieshof.nl/brammp/SnipitRepo/raw/branch/main/Linux/Scripts/tc/Setup-TC-Generic-Kiosk.sh # ; \
+#in-target bash /root/Setup-TC-Generic-Kiosk.sh
+

Linux/Scripts/tc/update-url.sh

@@ -0,0 +1,13 @@
+echo "Thin client url updater."
+echo "enter the full url including http(s)://"
+read url
+
+source /var/log/browserurl.log
+
+sed -i "s|$oldurl|$url|g" /home/kiosk/Bureaublad/chromium.desktop
+sed -i "s|$oldurl|$url|g" /home/kiosk/Desktop/chromium.desktop
+sed -i "s|$oldurl|$url|g" /home/kiosk/.config/openbox/autostart
+
+echo oldurl=${url} > /var/log/browserurl.log
+
+echo "Done!"