first release

2023-02-24 18:58:36 +01:00 · 2023-02-24 18:58:36 +01:00 · 04eb618baa
parent 1af720662b
commit 04eb618baa
13 changed files with 434 additions and 0 deletions
--- a/86
+++ b/86
@ -0,0 +1,86 @@
 02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
 cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
 apache_conf = $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf.orig
 pi_log = $(CHROOT)/var/log/privacyidea/privacyidea.log
 radius_dict = $(CHROOT)/etc/raddb/dictionary.orig
 radius_module = $(CHROOT)/etc/raddb/mods-enabled/perl-privacyidea
 radius_site = $(CHROOT)/etc/raddb/sites-enabled/privacyidea
 systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer
 	cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/
 	cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
 $(02firstboot): appliance/02firstboot.start
 	mkdir -p $(CHROOT)/etc/local.d
 	cp $< $@
 	touch $(CHROOT)/02firstboot
 $(cert-renew.sh): appliance/cert-renew.sh
 	mkdir -p $(CHROOT)/etc/ssl
 	cp $< $@
 $(apache_conf): $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	sed -i 's:APACHE2_OPTS=\":APACHE2_OPTS=\"-D WSGI :' $(CHROOT)/etc/conf.d/apache2
 	mv $(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf $(apache_conf)
 	# vor </VirtualHost> Zeilen einfügen:
 	sed '/<\/VirtualHost>/Q' $(apache_conf) >$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "    <Directory />" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "        Require all granted" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "        Options FollowSymLinks" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "        AllowOverride None" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "    </Directory>" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "    WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "    WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "    WSGIProcessGroup privacyidea" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "    WSGIPassAuthorization On" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	echo "" >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	grep -A 9999 '<\/VirtualHost>' $(apache_conf) >>$(CHROOT)/etc/apache2/vhosts.d/00_default_ssl_vhost.conf
 	touch $(apache_conf)
 $(pi_log):
 	touch $(CHROOT)/var/log/privacyidea/privacyidea.log
 	RUN chown privacyidea:root /var/log/privacyidea/privacyidea.log
 $(radius_dict): $(CHROOT)/etc/privacyidea/dictionary
 	if ! test -e $(radius_dict); \
 		then mv $(CHROOT)/etc/raddb/dictionary $(radius_dict); \
 	fi
 	cp -f $(CHROOT)/etc/privacyidea/dictionary $(CHROOT)/etc/raddb/dictionary
 	RUN chown root:radius /etc/raddb/dictionary
 	chmod 640 $(CHROOT)/etc/raddb/dictionary
 	touch $(radius_dict)
 $(radius_module): $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea
 	cp $(CHROOT)/etc/privacyidea/freeradius3/mods-perl-privacyidea $(CHROOT)/etc/raddb/mods-available/perl-privacyidea
 	rm $(CHROOT)/etc/raddb/mods-enabled/eap
 	ln -s ../mods-available/perl-privacyidea $(radius_module)
 $(radius_site): $(CHROOT)/etc/privacyidea/freeradius3/privacyidea
 	cp $(CHROOT)/etc/privacyidea/freeradius3/privacyidea $(CHROOT)/etc/raddb/sites-available/privacyidea
 	RUN chown root:radius /etc/raddb/sites-available/privacyidea
 	chmod 640 $(CHROOT)/etc/raddb/sites-available/privacyidea
 	rm $(CHROOT)/etc/raddb/sites-enabled/*
 	ln -s ../sites-available/privacyidea $(radius_site)
 $(CHROOT)/var/lib/mysql: mariadb/my.cnf.root
 	# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
 	sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
 	echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
 	echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
 	echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
 	echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
 	echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
 	echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
 	echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
 	cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf
 	chmod 0600 $(CHROOT)/root/.my.cnf
 	rm -rf $(CHROOT)/var/lib/mysql/*
 	RUN bash -c 'yes gentoo | emerge --config dev-db/mariadb'
 preinstall:
 postinstall: systemd-units $(apache_conf) $(02firstboot) $(cert-renew.sh) $(pi_log) $(radius_dict) $(radius_module) $(radius_site) $(CHROOT)/var/lib/mysql
--- a/appliance/02firstboot.start
+++ b/appliance/02firstboot.start
@ -0,0 +1,155 @@
 #!/bin/bash
 # variables
 LABEL="DATA"
 DATABASE_PASS=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16)
 PI_SECRET_KEY=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16)
 PI_PEPPER=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16)
 ADMIN_PASS="privacyidea"
 TLD="example.com"
 HOST="privacyidea"
 ORGNAME="privacyIDEA example"
 # start
 set -e
 [ -e /01firstboot ] && exit 0
 [ -e /02firstboot ] || exit 0
 # privacyIDEA configuration
 if [ ! -d "/$LABEL/etc/privacyidea" ]; then
    echo 'Create privacyIDEA configfile...'
    mkdir -p /$LABEL/etc/privacyidea
    chown privacyidea /$LABEL/etc/privacyidea
    cp /etc/privacyidea/pi.cfg /$LABEL/etc/privacyidea/pi.cfg.orig
    mv /etc/privacyidea/pi.cfg /$LABEL/etc/privacyidea/pi.cfg
    ln -s /$LABEL/etc/privacyidea/pi.cfg /etc/privacyidea/pi.cfg
    sed -i "s/^SUPERUSER_REALM = .*/SUPERUSER_REALM = ['admin']/" /$LABEL/etc/privacyidea/pi.cfg
    sed -i "s/^SQLALCHEMY_DATABASE_URI = .*/SQLALCHEMY_DATABASE_URI = 'mysql:\/\/pi:$DATABASE_PASS@localhost\/pi'/" /$LABEL/etc/privacyidea/pi.cfg
    sed -i "s/^SECRET_KEY = .*/SECRET_KEY = '$PI_SECRET_KEY'/" /$LABEL/etc/privacyidea/pi.cfg
    sed -i "s/^PI_PEPPER = .*/PI_PEPPER = \"$PI_PEPPER\"/" /$LABEL/etc/privacyidea/pi.cfg
    sed -i "s/^PI_ENCFILE = .*/PI_ENCFILE = '\/etc\/privacyidea\/enckey'/" /$LABEL/etc/privacyidea/pi.cfg
    sed -i "s/^PI_AUDIT_KEY_PRIVATE = .*/PI_AUDIT_KEY_PRIVATE = '\/etc\/privacyidea\/private.pem'/" /$LABEL/etc/privacyidea/pi.cfg
    sed -i "s/^PI_AUDIT_KEY_PUBLIC = .*/PI_AUDIT_KEY_PUBLIC = '\/etc\/privacyidea\/public.pem'/" /$LABEL/etc/privacyidea/pi.cfg
    echo "SQLALCHEMY_TRACK_MODIFICATIONS = False" >> /$LABEL/etc/privacyidea/pi.cfg
    echo 'Create privacyIDEA encryption and audit keys...'
    rm -rf /etc/privacyidea/enckey
    pi-manage create_enckey
    mv /etc/privacyidea/enckey /$LABEL/etc/privacyidea/enckey
    chown privacyidea /$LABEL/etc/privacyidea/enckey
    ln -s /$LABEL/etc/privacyidea/enckey /etc/privacyidea/enckey
    rm -rf /etc/privacyidea/public.pem /etc/privacyidea/private.pem
    pi-manage create_audit_keys
    mv /etc/privacyidea/private.pem /$LABEL/etc/privacyidea/private.pem
    mv /etc/privacyidea/public.pem /$LABEL/etc/privacyidea/public.pem
    chown privacyidea /$LABEL/etc/privacyidea/*.pem
    ln -s /$LABEL/etc/privacyidea/private.pem /etc/privacyidea/private.pem
    ln -s /$LABEL/etc/privacyidea/public.pem /etc/privacyidea/public.pem
 else
    if [ ! -L /etc/privacyidea/pi.cfg ]; then
        rm -rf /$LABEL/etc/privacyidea/pi.cfg.orig
        mv /etc/privacyidea/pi.cfg /$LABEL/etc/privacyidea/pi.cfg.orig
    else
        rm -rf /etc/privacyidea/pi.cfg
    fi
    ln -s /$LABEL/etc/privacyidea/pi.cfg /etc/privacyidea/pi.cfg
    rm -rf /etc/privacyidea/enckey
    ln -s /$LABEL/etc/privacyidea/enckey /etc/privacyidea/enckey
    rm -rf /etc/privacyidea/public.pem /etc/privacyidea/private.pem
    ln -s /$LABEL/etc/privacyidea/private.pem /etc/privacyidea/private.pem
    ln -s /$LABEL/etc/privacyidea/public.pem /etc/privacyidea/public.pem
 fi
 # Database
 systemctl stop mariadb
 if [ ! -d "/$LABEL/var/lib/mysql/pi" ]; then
    echo 'Initialize MariaDB...'
    mkdir -p "/$LABEL/var/lib"
    rm -rf "/$LABEL/var/lib/mysql"
    if [ ! -L /var/lib/mysql ]; then
        rm -rf "/$LABEL/var/lib/mysql.orig"
        cp -a "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig"
        mv "/var/lib/mysql" "/$LABEL/var/lib/mysql"
        ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
    elif [ -d "/$LABEL/var/lib/mysql.orig" ]; then
        cp -a "/$LABEL/var/lib/mysql.orig" "/$LABEL/var/lib/mysql"
        rm -rf "/var/lib/mysql"
        ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
    else
        echo '### ERROR initialize database !!! ###'
        exit 1
    fi
    systemctl start mariadb
    sleep 5
    echo 'Create privacyIDEA database...'
    mysql -u root -e "CREATE USER 'pi'@'localhost' IDENTIFIED BY '$DATABASE_PASS'"
    mysql -u root -e "CREATE DATABASE pi DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;"
    mysql -u root -e "GRANT ALL PRIVILEGES ON pi.* TO 'pi'@'localhost' IDENTIFIED by '$DATABASE_PASS';"
    mysql -u root -e "FLUSH PRIVILEGES;"
    pi-manage createdb
    pi-manage admin add -p "$ADMIN_PASS" admin
 else
    echo 'Start MariaDB...'
    if [ ! -L /var/lib/mysql ]; then
        rm -rf "/$LABEL/var/lib/mysql.orig"
        mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig"
    else
        rm -f "/var/lib/mysql"
    fi
    ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
    systemctl start mariadb
 fi
 if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
    # angepaßtes Zertifikat vorhanden (kein example)
    if [ ! -L /etc/ssl/cert-renew.sh ]; then
        rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig"
        mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig"
    else
        rm -f "/etc/ssl/cert-renew.sh"
    fi
    ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh"
 else
    echo 'Create example certificate...'
    mkdir -p "/$LABEL/CERTS/KEYS/"
    mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
    echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
    echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
    echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
    echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
    echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
    echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
    openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
    cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
    touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
 fi
 rm -rf /etc/ssl/apache2
 mkdir -p /etc/ssl
 ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2"
 /etc/ssl/cert-renew.sh
 systemctl enable mariadb
 systemctl enable freeradius
 systemctl enable apache2
 systemctl restart freeradius
 systemctl restart apache2
 echo
 echo "Success!"
 echo "Do not forget to upgrade the MySQL database and the privacyIDEA Schema:"
 echo "   # mysql_upgrade"
 echo "   # privacyidea-schema-upgrade /usr/lib/privacyidea/migrations"
 echo
 rm /02firstboot
--- a/appliance/MySQL-Backup.sh
+++ b/appliance/MySQL-Backup.sh
@ -0,0 +1,32 @@
 #!/bin/bash
 PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
 DIR="/DATA/Backup/MySQL"
 if [ -z $1 ]; then
 echo "database name missing! use --all for all db's"
 exit 1;
 elif [ $1 = '--all' ]; then
 echo "full backup"
 for i in `mysqlshow --defaults-file=/root/.my.cnf | awk '{print $2}' | grep -v Databases`; do
  if [ "$i" != "information_schema" ] && [ "$i" != "performance_schema" ]; then
   if test -f ${DIR}/${i}.sql; then
    echo "Move ${DIR}/${i}.sql to ${DIR}/${i}.sql.1"
    mv ${DIR}/${i}.sql ${DIR}/${i}.sql.1
   fi
   echo "dump ${i} to ${DIR}/${i}.sgl"
   mysqldump --defaults-file=/root/.my.cnf --single-transaction --events --opt -QF -r${DIR}/${i}.sql $i
   chmod 600 ${DIR}/${i}.sql
  fi
 done;
 elif [ -n $1 ]; then
 echo "Starting backup of $1"
 if test -f $DIR/$1.sql; then
  echo "Move $DIR/$1.sql to $DIR/$1.sql.1"
  mv ${DIR}/${1}.sql ${DIR}/${1}.sql.1
 fi
 mysqldump --defaults-file=/root/.my.cnf --single-transaction --opt -QF -r${DIR}/${1}.sql $1
 chmod 600 ${DIR}/${1}.sql
 fi
 echo "Done"
 exit 0;
--- a/appliance/backup.service
+++ b/appliance/backup.service
@ -0,0 +1,8 @@
 [Unit]
 Description=execute backup tasks
 RefuseManualStart=no
 RefuseManualStop=yes
 [Service]
 Type=oneshot
 ExecStart=/usr/local/bin/MySQL-Backup.sh --all
--- a/appliance/backup.timer
+++ b/appliance/backup.timer
@ -0,0 +1,12 @@
 [Unit]
 Description=execute backup tasks
 RefuseManualStart=no
 RefuseManualStop=no
 [Timer]
 Persistent=false
 OnCalendar=Sun *-*-* 02:19:00
 Unit=backup.service
 [Install]
 WantedBy=default.target
--- a/appliance/cert-renew.service
+++ b/appliance/cert-renew.service
@ -0,0 +1,8 @@
 [Unit]
 Description=renew certificates from git store
 RefuseManualStart=no
 RefuseManualStop=yes
 [Service]
 Type=oneshot
 ExecStart=/etc/ssl/cert-renew.sh
--- a/appliance/cert-renew.sh
+++ b/appliance/cert-renew.sh
@ -0,0 +1,52 @@
 #!/bin/bash
 HOST="privacyidea"
 TLD="example.com"
 FQDN="$HOST.$TLD"
 LABEL="DATA"
 CERT_DIR=/$LABEL/CERTS
 CERT_APACHE=/$LABEL/etc/ssl/apache2
 GETREPO=""
 GETUSER=""
 GETPASS=""
 function getCurrentVersion() {
 # Get hash from latest revision
  git log --format=format:%H -1
 }
 cd $CERT_DIR
 if [ -z "$GETREPO" ]; then
  GIT_REVISION=0
  GIT_NEW_REVISION=1
  cd $FQDN
 elif [ ! -d "$FQDN" ]; then
  GIT_REVISION=0
  git clone "https://$GETUSER:$GETPASS@$GETREPO"
  cd $FQDN
  GIT_NEW_REVISION=$(getCurrentVersion)
 else
  cd $FQDN
  GIT_REVISION=$(getCurrentVersion)
  git commit -m "CRON: auto commit"
  git fetch
  git merge origin/master -m "Auto Merge"
  GIT_NEW_REVISION=$(getCurrentVersion)
 fi
 echo "old: $GIT_REVISION"
 echo "new: $GIT_NEW_REVISION"
 if [ $GIT_REVISION != $GIT_NEW_REVISION ]
 then
  echo "Update Apache certificate..."
  mkdir -p $CERT_APACHE
  cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_APACHE/server.crt
  cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_APACHE/server.key
  echo "Restarting Apache..."
  systemctl is-active --quiet apache2 && systemctl restart apache2
 fi
 exit 0
--- a/appliance/cert-renew.timer
+++ b/appliance/cert-renew.timer
@ -0,0 +1,12 @@
 [Unit]
 Description=renew certificates from git store
 RefuseManualStart=no
 RefuseManualStop=no
 [Timer]
 Persistent=false
 OnCalendar=Sun *-*-* 04:03:00
 Unit=cert-renew.service
 [Install]
 WantedBy=default.target
--- a/mariadb/my.cnf.root
+++ b/mariadb/my.cnf.root
@ -0,0 +1,11 @@
 [mysqladmin]
 user        = root
 password    = gentoo
 [mysql]
 user        = root
 password    = gentoo
 [client]
 user        = root
 password    = gentoo
--- a/package.accept_keywords
+++ b/package.accept_keywords
@ -0,0 +1,31 @@
 # privacyIDEA
 dev-perl/URI-Encode
 dev-python/responses
 dev-python/pyusb
 dev-python/imagesize
 dev-python/cookies
 dev-python/python-gnupg
 dev-python/ldap3
 dev-python/yubiotp
 dev-python/pycrypto
 dev-python/mysql-connector-python
 dev-python/pytest-cov
 dev-python/sphinx
 dev-python/sphinxcontrib-applehelp
 dev-python/sphinxcontrib-devhelp
 dev-python/sphinxcontrib-jsmath
 dev-python/sphinxcontrib-htmlhelp
 dev-python/sphinxcontrib-serializinghtml
 dev-python/sphinxcontrib-qthelp
 dev-python/smpplib
 dev-python/grpcio-tools
 # grunt, wird nur zur privacyIDEA-Translation benötigt
 dev-nodejs/*
 ### stable kann kein python3
 ##net-fs/samba
 ##sys-libs/ldb
 ##sys-libs/talloc
 ##sys-libs/tdb
 ##sys-libs/tevent
--- a/package.use
+++ b/package.use
@ -0,0 +1,19 @@
 # privacyIDEA
 www-apps/privacyidea -translation
 dev-python/sqlalchemy -sqlite
 dev-python/netaddr -cli
 dev-python/numpy lapack
 dev-libs/c-blosc hdf5
 sys-devel/gcc fortran
 sci-libs/hdf5 -cxx -fortran -hl
 # RADIUS (ohne Samba kein rlm_mschap.so)
 net-dialup/freeradius kerberos ldap mysql python samba
 net-dns/bind-tools gssapi
 net-fs/samba ads gnutls ldap python winbind
 sys-libs/ldb ldap python
 sys-libs/tdb python
 sys-libs/tevent python
 # LDAP
 net-nds/openldap overlays perl sasl
--- a/va-privacyidea.cfg
+++ b/va-privacyidea.cfg
@ -0,0 +1,2 @@
 REPO_NAMES += unitas-privacyidea
 REPO_URI_unitas-privacyidea = https://git.unitas-network.de/Gentoo/unitas-privacyidea.git
--- a/6
+++ b/6
@ -0,0 +1,6 @@
 app-crypt/certbot-apache
 dev-db/mariadb
 net-dialup/freeradius
 www-apps/privacyidea
 www-apps/privacyideaadm
 www-servers/apache
		`@ -0,0 +1,2 @@`
							`REPO_NAMES += unitas-privacyidea`
							`REPO_URI_unitas-privacyidea = https://git.unitas-network.de/Gentoo/unitas-privacyidea.git`