diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..ca12cf5 --- /dev/null +++ b/Makefile @@ -0,0 +1,86 @@ +02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start +cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh +apache_conf = $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf.orig +pi_log = $(CHROOT)/var/log/privacyidea/privacyidea.log +radius_dict = $(CHROOT)/etc/raddb/dictionary.orig +radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea +radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea + +systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer + cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/ + cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/ + +$(02firstboot): appliance/02firstboot.start + mkdir -p $(CHROOT)/etc/local.d + cp $< $@ + touch $(CHROOT)/02firstboot + +$(cert-renew.sh): appliance/cert-renew.sh + mkdir -p $(CHROOT)/etc/ssl + cp $< $@ + +$(apache_conf): $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + sed -i 's:APACHE2_OPTS=\":APACHE2_OPTS=\"-D WSGI :' $(CHROOT)/etc/conf.d/apache2 + + mv $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf $(apache_conf) + # vor Zeilen einfügen: + sed '/<\/VirtualHost>/Q' $(apache_conf) >$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo " " >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo " Require all granted" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo " Options FollowSymLinks" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo " AllowOverride None" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo " " >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo " WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo " WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo " WSGIProcessGroup privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo " WSGIPassAuthorization On" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + grep -A 9999 '<\/VirtualHost>' $(apache_conf) >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf + + touch $(apache_conf) + +$(pi_log): + touch $(CHROOT)/var/log/privacyidea/privacyidea.log + RUN chown privacyidea:root /var/log/privacyidea/privacyidea.log + +$(radius_dict): $(CHROOT)/etc/privacyidea/dictionary + if ! test -e $(radius_dict); \ + then mv $(CHROOT)/etc/raddb/dictionary $(radius_dict); \ + fi + cp -f $(CHROOT)/etc/privacyidea/dictionary $(CHROOT)/etc/raddb/dictionary + RUN chown root:radius /etc/raddb/dictionary + chmod 640 $(CHROOT)/etc/raddb/dictionary + touch $(radius_dict) + +$(radius_module): $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea + cp $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea $(CHROOT)/etc/raddb/mods-available/perl-privacyidea + rm $(CHROOT)/etc/raddb/mods-enabled/eap + ln -s ../mods-available/perl-privacyidea $(radius_module) + +$(radius_site): $(CHROOT)/etc/privacyidea/freeradius3/privacyidea + cp $(CHROOT)/etc/privacyidea/freeradius3/privacyidea $(CHROOT)/etc/raddb/sites-available/privacyidea + RUN chown root:radius /etc/raddb/sites-available/privacyidea + chmod 640 $(CHROOT)/etc/raddb/sites-available/privacyidea + rm $(CHROOT)/etc/raddb/sites-enabled/* + ln -s ../sites-available/privacyidea $(radius_site) + +$(CHROOT)/var/lib/mysql: mariadb/my.cnf.root + # MariaDB-Konfiguration ($$, weil make ein $ entfernt) + sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf + chmod 0600 $(CHROOT)/root/.my.cnf + rm -rf $(CHROOT)/var/lib/mysql/* + RUN bash -c 'yes gentoo | emerge --config dev-db/mariadb' + + +preinstall: + +postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql diff --git a/appliance/02firstboot.start b/appliance/02firstboot.start new file mode 100755 index 0000000..3143cc6 --- /dev/null +++ b/appliance/02firstboot.start @@ -0,0 +1,155 @@ +#!/bin/bash + +# variables +LABEL="DATA" +DATABASE_PASS=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16) +PI_SECRET_KEY=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16) +PI_PEPPER=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16) +ADMIN_PASS="privacyidea" +TLD="example.com" +HOST="privacyidea" +ORGNAME="privacyIDEA example" + +# start +set -e + +[ -e /01firstboot ] && exit 0 +[ -e /02firstboot ] || exit 0 + +# privacyIDEA configuration +if [ ! -d "/$LABEL/etc/privacyidea" ]; then + echo 'Create privacyIDEA configfile...' + mkdir -p /$LABEL/etc/privacyidea + chown privacyidea /$LABEL/etc/privacyidea + cp /etc/privacyidea/pi.cfg /$LABEL/etc/privacyidea/pi.cfg.orig + mv /etc/privacyidea/pi.cfg /$LABEL/etc/privacyidea/pi.cfg + ln -s /$LABEL/etc/privacyidea/pi.cfg /etc/privacyidea/pi.cfg + sed -i "s/^SUPERUSER_REALM = .*/SUPERUSER_REALM = ['admin']/" /$LABEL/etc/privacyidea/pi.cfg + sed -i "s/^SQLALCHEMY_DATABASE_URI = .*/SQLALCHEMY_DATABASE_URI = 'mysql:\/\/pi:$DATABASE_PASS@localhost\/pi'/" /$LABEL/etc/privacyidea/pi.cfg + sed -i "s/^SECRET_KEY = .*/SECRET_KEY = '$PI_SECRET_KEY'/" /$LABEL/etc/privacyidea/pi.cfg + sed -i "s/^PI_PEPPER = .*/PI_PEPPER = \"$PI_PEPPER\"/" /$LABEL/etc/privacyidea/pi.cfg + sed -i "s/^PI_ENCFILE = .*/PI_ENCFILE = '\/etc\/privacyidea\/enckey'/" /$LABEL/etc/privacyidea/pi.cfg + sed -i "s/^PI_AUDIT_KEY_PRIVATE = .*/PI_AUDIT_KEY_PRIVATE = '\/etc\/privacyidea\/private.pem'/" /$LABEL/etc/privacyidea/pi.cfg + sed -i "s/^PI_AUDIT_KEY_PUBLIC = .*/PI_AUDIT_KEY_PUBLIC = '\/etc\/privacyidea\/public.pem'/" /$LABEL/etc/privacyidea/pi.cfg + echo "SQLALCHEMY_TRACK_MODIFICATIONS = False" >> /$LABEL/etc/privacyidea/pi.cfg + + echo 'Create privacyIDEA encryption and audit keys...' + rm -rf /etc/privacyidea/enckey + pi-manage create_enckey + mv /etc/privacyidea/enckey /$LABEL/etc/privacyidea/enckey + chown privacyidea /$LABEL/etc/privacyidea/enckey + ln -s /$LABEL/etc/privacyidea/enckey /etc/privacyidea/enckey + + rm -rf /etc/privacyidea/public.pem /etc/privacyidea/private.pem + pi-manage create_audit_keys + mv /etc/privacyidea/private.pem /$LABEL/etc/privacyidea/private.pem + mv /etc/privacyidea/public.pem /$LABEL/etc/privacyidea/public.pem + chown privacyidea /$LABEL/etc/privacyidea/*.pem + ln -s /$LABEL/etc/privacyidea/private.pem /etc/privacyidea/private.pem + ln -s /$LABEL/etc/privacyidea/public.pem /etc/privacyidea/public.pem +else + if [ ! -L /etc/privacyidea/pi.cfg ]; then + rm -rf /$LABEL/etc/privacyidea/pi.cfg.orig + mv /etc/privacyidea/pi.cfg /$LABEL/etc/privacyidea/pi.cfg.orig + else + rm -rf /etc/privacyidea/pi.cfg + fi + ln -s /$LABEL/etc/privacyidea/pi.cfg /etc/privacyidea/pi.cfg + + rm -rf /etc/privacyidea/enckey + ln -s /$LABEL/etc/privacyidea/enckey /etc/privacyidea/enckey + + rm -rf /etc/privacyidea/public.pem /etc/privacyidea/private.pem + ln -s /$LABEL/etc/privacyidea/private.pem /etc/privacyidea/private.pem + ln -s /$LABEL/etc/privacyidea/public.pem /etc/privacyidea/public.pem +fi + + +# Database +systemctl stop mariadb +if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then + echo 'Initialize MariaDB...' + mkdir -p "/$LABEL/var/lib" + rm -rf "/$LABEL/var/lib/mysql" + if [ ! -L /var/lib/mysql ]; then + rm -rf "/$LABEL/var/lib/mysql.orig" + cp -a "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig" + mv "/var/lib/mysql" "/$LABEL/var/lib/mysql" + ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" + elif [ -d "/$LABEL/var/lib/mysql.orig" ]; then + cp -a "/$LABEL/var/lib/mysql.orig" "/$LABEL/var/lib/mysql" + rm -rf "/var/lib/mysql" + ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" + else + echo '### ERROR initialize database !!! ###' + exit 1 + fi + systemctl start mariadb + sleep 5 + + echo 'Create privacyIDEA database...' + mysql -u root -e "CREATE USER 'pi'@'localhost' IDENTIFIED BY '$DATABASE_PASS'" + mysql -u root -e "CREATE DATABASE pi DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;" + mysql -u root -e "GRANT ALL PRIVILEGES ON pi.* TO 'pi'@'localhost' IDENTIFIED by '$DATABASE_PASS';" + mysql -u root -e "FLUSH PRIVILEGES;" + + pi-manage createdb + pi-manage admin add -p "$ADMIN_PASS" admin + +else + echo 'Start MariaDB...' + if [ ! -L /var/lib/mysql ]; then + rm -rf "/$LABEL/var/lib/mysql.orig" + mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig" + else + rm -f "/var/lib/mysql" + fi + ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" + systemctl start mariadb +fi + +if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then + # angepaßtes Zertifikat vorhanden (kein example) + if [ ! -L /etc/ssl/cert-renew.sh ]; then + rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig" + mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig" + else + rm -f "/etc/ssl/cert-renew.sh" + fi + ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh" +else + echo 'Create example certificate...' + mkdir -p "/$LABEL/CERTS/KEYS/" + mkdir -p "/$LABEL/CERTS/$HOST.$TLD" + echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem" + cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem" + touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem" +fi + +rm -rf /etc/ssl/apache2 +mkdir -p /etc/ssl +ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2" + +/etc/ssl/cert-renew.sh + +systemctl enable mariadb +systemctl enable freeradius +systemctl enable apache2 + +systemctl restart freeradius +systemctl restart apache2 + +echo +echo "Success!" +echo "Do not forget to upgrade the MySQL database and the privacyIDEA Schema:" +echo " # mysql_upgrade" +echo " # privacyidea-schema-upgrade /usr/lib/privacyidea/migrations" +echo + +rm /02firstboot diff --git a/appliance/MySQL-Backup.sh b/appliance/MySQL-Backup.sh new file mode 100755 index 0000000..19ccfc9 --- /dev/null +++ b/appliance/MySQL-Backup.sh @@ -0,0 +1,32 @@ +#!/bin/bash +PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" + +DIR="/DATA/Backup/MySQL" + +if [ -z $1 ]; then + echo "database name missing! use --all for all db's" + exit 1; +elif [ $1 = '--all' ]; then + echo "full backup" + for i in `mysqlshow --defaults-file=/root/.my.cnf | awk '{print $2}' | grep -v Databases`; do + if [ "$i" != "information_schema" ] && [ "$i" != "performance_schema" ]; then + if test -f ${DIR}/${i}.sql; then + echo "Move ${DIR}/${i}.sql to ${DIR}/${i}.sql.1" + mv ${DIR}/${i}.sql ${DIR}/${i}.sql.1 + fi + echo "dump ${i} to ${DIR}/${i}.sgl" + mysqldump --defaults-file=/root/.my.cnf --single-transaction --events --opt -QF -r${DIR}/${i}.sql $i + chmod 600 ${DIR}/${i}.sql + fi + done; +elif [ -n $1 ]; then + echo "Starting backup of $1" + if test -f $DIR/$1.sql; then + echo "Move $DIR/$1.sql to $DIR/$1.sql.1" + mv ${DIR}/${1}.sql ${DIR}/${1}.sql.1 + fi + mysqldump --defaults-file=/root/.my.cnf --single-transaction --opt -QF -r${DIR}/${1}.sql $1 + chmod 600 ${DIR}/${1}.sql +fi +echo "Done" +exit 0; diff --git a/appliance/backup.service b/appliance/backup.service new file mode 100644 index 0000000..13ca921 --- /dev/null +++ b/appliance/backup.service @@ -0,0 +1,8 @@ +[Unit] +Description=execute backup tasks +RefuseManualStart=no +RefuseManualStop=yes + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/MySQL-Backup.sh --all diff --git a/appliance/backup.timer b/appliance/backup.timer new file mode 100644 index 0000000..ec59929 --- /dev/null +++ b/appliance/backup.timer @@ -0,0 +1,12 @@ +[Unit] +Description=execute backup tasks +RefuseManualStart=no +RefuseManualStop=no + +[Timer] +Persistent=false +OnCalendar=Sun *-*-* 02:19:00 +Unit=backup.service + +[Install] +WantedBy=default.target diff --git a/appliance/cert-renew.service b/appliance/cert-renew.service new file mode 100644 index 0000000..59ec86d --- /dev/null +++ b/appliance/cert-renew.service @@ -0,0 +1,8 @@ +[Unit] +Description=renew certificates from git store +RefuseManualStart=no +RefuseManualStop=yes + +[Service] +Type=oneshot +ExecStart=/etc/ssl/cert-renew.sh diff --git a/appliance/cert-renew.sh b/appliance/cert-renew.sh new file mode 100755 index 0000000..a17939e --- /dev/null +++ b/appliance/cert-renew.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +HOST="privacyidea" +TLD="example.com" +FQDN="$HOST.$TLD" +LABEL="DATA" + +CERT_DIR=/$LABEL/CERTS +CERT_APACHE=/$LABEL/etc/ssl/apache2 +GETREPO="" +GETUSER="" +GETPASS="" + +function getCurrentVersion() { +# Get hash from latest revision + git log --format=format:%H -1 +} + +cd $CERT_DIR + +if [ -z "$GETREPO" ]; then + GIT_REVISION=0 + GIT_NEW_REVISION=1 + cd $FQDN +elif [ ! -d "$FQDN" ]; then + GIT_REVISION=0 + git clone "https://$GETUSER:$GETPASS@$GETREPO" + cd $FQDN + GIT_NEW_REVISION=$(getCurrentVersion) +else + cd $FQDN + GIT_REVISION=$(getCurrentVersion) + git commit -m "CRON: auto commit" + git fetch + git merge origin/master -m "Auto Merge" + GIT_NEW_REVISION=$(getCurrentVersion) +fi + +echo "old: $GIT_REVISION" +echo "new: $GIT_NEW_REVISION" + +if [ $GIT_REVISION != $GIT_NEW_REVISION ] +then + echo "Update Apache certificate..." + mkdir -p $CERT_APACHE + cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_APACHE/server.crt + cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_APACHE/server.key + echo "Restarting Apache..." + systemctl is-active --quiet apache2 && systemctl restart apache2 +fi + +exit 0 diff --git a/appliance/cert-renew.timer b/appliance/cert-renew.timer new file mode 100644 index 0000000..fa2ee54 --- /dev/null +++ b/appliance/cert-renew.timer @@ -0,0 +1,12 @@ +[Unit] +Description=renew certificates from git store +RefuseManualStart=no +RefuseManualStop=no + +[Timer] +Persistent=false +OnCalendar=Sun *-*-* 04:03:00 +Unit=cert-renew.service + +[Install] +WantedBy=default.target diff --git a/mariadb/my.cnf.root b/mariadb/my.cnf.root new file mode 100644 index 0000000..b5ac578 --- /dev/null +++ b/mariadb/my.cnf.root @@ -0,0 +1,11 @@ +[mysqladmin] +user = root +password = gentoo + +[mysql] +user = root +password = gentoo + +[client] +user = root +password = gentoo diff --git a/package.accept_keywords b/package.accept_keywords new file mode 100644 index 0000000..e90be0f --- /dev/null +++ b/package.accept_keywords @@ -0,0 +1,31 @@ +# privacyIDEA +dev-perl/URI-Encode +dev-python/responses +dev-python/pyusb +dev-python/imagesize +dev-python/cookies +dev-python/python-gnupg +dev-python/ldap3 +dev-python/yubiotp +dev-python/pycrypto +dev-python/mysql-connector-python +dev-python/pytest-cov +dev-python/sphinx +dev-python/sphinxcontrib-applehelp +dev-python/sphinxcontrib-devhelp +dev-python/sphinxcontrib-jsmath +dev-python/sphinxcontrib-htmlhelp +dev-python/sphinxcontrib-serializinghtml +dev-python/sphinxcontrib-qthelp +dev-python/smpplib +dev-python/grpcio-tools + +# grunt, wird nur zur privacyIDEA-Translation benötigt +dev-nodejs/* + +### stable kann kein python3 +##net-fs/samba +##sys-libs/ldb +##sys-libs/talloc +##sys-libs/tdb +##sys-libs/tevent diff --git a/package.use b/package.use new file mode 100644 index 0000000..b790fbc --- /dev/null +++ b/package.use @@ -0,0 +1,19 @@ +# privacyIDEA +www-apps/privacyidea -translation +dev-python/sqlalchemy -sqlite +dev-python/netaddr -cli +dev-python/numpy lapack +dev-libs/c-blosc hdf5 +sys-devel/gcc fortran +sci-libs/hdf5 -cxx -fortran -hl + +# RADIUS (ohne Samba kein rlm_mschap.so) +net-dialup/freeradius kerberos ldap mysql python samba +net-dns/bind-tools gssapi +net-fs/samba ads gnutls ldap python winbind +sys-libs/ldb ldap python +sys-libs/tdb python +sys-libs/tevent python + +# LDAP +net-nds/openldap overlays perl sasl diff --git a/va-privacyidea.cfg b/va-privacyidea.cfg new file mode 100644 index 0000000..bbdcb0e --- /dev/null +++ b/va-privacyidea.cfg @@ -0,0 +1,2 @@ +REPO_NAMES += unitas-privacyidea +REPO_URI_unitas-privacyidea = https://git.unitas-network.de/Gentoo/unitas-privacyidea.git diff --git a/world b/world new file mode 100644 index 0000000..fc444c9 --- /dev/null +++ b/world @@ -0,0 +1,6 @@ +app-crypt/certbot-apache +dev-db/mariadb +net-dialup/freeradius +www-apps/privacyidea +www-apps/privacyideaadm +www-servers/apache