privacyidea: add letsencrypt, sudo ssh forward

privacyidea/Makefile

@@ -19,6 +19,8 @@ postinstall: base/timesyncd.conf base/firstboot.start
 	cp base/firstboot.start $(CHROOT)/etc/local.d/firstboot.start
 	touch $(CHROOT)/firstboot
 	sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers
+	sed -i 's#^auth.*$$#auth [success=2 default=ignore] pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth    include         system-auth#' $(CHROOT)/etc/pam.d/sudo
+	echo "Defaults   env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock
 	$(inroot) useradd -m -G users,wheel -s /bin/bash --comment="virtual appliance admin" --uid 2000 admin
 	$(inroot) passwd -d admin; $(inroot) passwd -e admin
 	$(inroot) systemctl enable tmux@root.service

privacyidea/make.conf

@@ -1,6 +1,6 @@
 CFLAGS="-O2 -pipe"
 CXXFLAGS="-O2 -pipe"
-USE="hardened justify pie ssp urandom xattr -fortran -jit -orc -pch -pic -prelink -profile -tcc"
+USE="hardened justify pie ssp urandom xattr -fortran -pch -pic -prelink -profile -tcc"
 MAKEOPTS="-j5"
 PYTHON_TARGETS="python3_6"
 PYTHON_SINGLE_TARGET="python3_6"

privacyidea/package.use

@@ -33,3 +33,6 @@ sci-libs/hdf5 -cxx -fortran -hl
 # RADIUS (ohne Samba kein rlm_mschap.so)
 net-dialup/freeradius kerberos ldap mysql -python samba
 net-fs/samba ads gnutls ldap winbind
+
+# LDAP
+net-nds/openldap overlays perl sasl

privacyidea/world

@@ -8,6 +8,7 @@ net-analyzer/zabbix
 sys-auth/pam_ssh_agent_auth
 sys-fs/mdadm
 sys-power/acpid
+app-crypt/certbot-apache
 dev-db/mariadb
 www-apps/privacyidea
 www-apps/privacyideaadm