From 29a9892ca6ce258332bdbde68702f88d1093218b Mon Sep 17 00:00:00 2001
From: Oliver <oliver@odoo4projects.com>
Date: Sun, 24 Aug 2025 20:24:37 +0200
Subject: [PATCH] fixes

---
 alpine/template                               | 50 ++++++++++++------
 app/etc/certs/dev.crt                         | 30 -----------
 app/etc/certs/dev.key                         | 52 -------------------
 app/firewall                                  | 11 ++++
 app/host_vars/{vault => }/boston              |  0
 app/host_vars/ca.crt                          |  5 ++
 app/host_vars/dev                             |  4 --
 app/host_vars/dev/dev                         |  0
 app/host_vars/dev/dev.crt                     |  6 +++
 app/host_vars/dev/dev.env                     |  2 +
 app/host_vars/dev/dev.key                     |  3 ++
 app/host_vars/dev/dev.pub                     |  0
 app/host_vars/{vault => }/london              |  0
 app/host_vars/{vault => }/mumbai              |  0
 app/host_vars/{vault => }/saopaulo            |  0
 app/onboarding                                | 38 ++++++++++----
 app/templates/.bashrc                         |  8 +++
 app/templates/hostname                        |  2 +-
 .../init.d/{ping_check => ping_service}       |  0
 app/templates/nebula/ca.crt                   |  1 +
 app/templates/nebula/config.yml               |  2 +-
 app/templates/nebula/host.crt                 |  1 +
 app/templates/nebula/host.key                 |  1 +
 app/templates/ssh/id_ed25519                  |  1 +
 app/templates/ssh/id_ed25519.pub              |  1 +
 app/update                                    |  2 +-
 26 files changed, 107 insertions(+), 113 deletions(-)
 delete mode 100644 app/etc/certs/dev.crt
 delete mode 100644 app/etc/certs/dev.key
 create mode 100644 app/firewall
 rename app/host_vars/{vault => }/boston (100%)
 create mode 100644 app/host_vars/ca.crt
 delete mode 100644 app/host_vars/dev
 create mode 100644 app/host_vars/dev/dev
 create mode 100644 app/host_vars/dev/dev.crt
 create mode 100644 app/host_vars/dev/dev.env
 create mode 100644 app/host_vars/dev/dev.key
 create mode 100644 app/host_vars/dev/dev.pub
 rename app/host_vars/{vault => }/london (100%)
 rename app/host_vars/{vault => }/mumbai (100%)
 rename app/host_vars/{vault => }/saopaulo (100%)
 create mode 100644 app/templates/.bashrc
 rename app/templates/init.d/{ping_check => ping_service} (100%)
 create mode 100644 app/templates/nebula/ca.crt
 create mode 100644 app/templates/nebula/host.crt
 create mode 100644 app/templates/nebula/host.key
 create mode 100644 app/templates/ssh/id_ed25519
 create mode 100644 app/templates/ssh/id_ed25519.pub

diff --git a/alpine/template b/alpine/template
index dc3e164..886b38e 100755
--- a/alpine/template
+++ b/alpine/template
@@ -5,37 +5,57 @@ if [ "$#" -ne 2 ]; then
   exit 1
 fi
 
+keys=(NEBULA_CA API_KEY HOSTNAME NEBULA_CRT NEBULA_KEY SSH_PRIVATE SSH_PUBLIC)
+
+NEBULA_CA=$(<"$host_vars_dir/ca.crt")
+
 localfile="$1"
 remotefile="$2"
-remotetmp="/var/tmp/4server"
-
-
+remotetmp_base="/var/tmp/4server"
 
 while read -r host; do
   echo "Processing host: $host"
 
-  host_env_file="$host_vars_dir/$host"
+  host_env_file="$host_vars_dir/$host/$host.env"
 
   if [ ! -f "$host_env_file" ]; then
     echo "Warning: env file for host '$host' not found at $host_env_file. Skipping."
     continue
   fi
 
-  declare -A vars=()
-  while IFS='=' read -r key value; do
-    [[ -z "$key" || -z "$value" ]] && continue
-    vars["$key"]="$value"
-  done < "$host_env_file"
+  # Load host environment variables (supports multi-line)
+  set -a
+  source "$host_env_file"
+  set +a
 
-  content=$(cat "$localfile")
 
-  for key in "${!vars[@]}"; do
-    content=$(echo "$content" | sed "s|{$key}|${vars[$key]}|g")
-  done
+  NEBULA_KEY=$(<"$host_vars_dir/$host/$host.key")
+  NEBULA_CRT=$(<"$host_vars_dir/$host/$host.crt")
 
+  SSH_PRIVATE=$(<"$host_vars_dir/$host/$host")
+  SSH_PUBLIC=$(<"$host_vars_dir/$host/$host.pub")
+  
+content=$(<"$localfile")
+
+for key in "${keys[@]}"; do
+    value="${!key}"  # indirect reference
+    # Replace placeholder {{KEY}} with value using Bash's parameter expansion
+    content="${content//\{\{$key\}\}/$value}"
+done
+
+
+
+
+
+  # Copy content to remote temporary file
+  remotetmp="${remotetmp_base}_${host}"
   echo "Copying to $host:$remotefile"
-  echo "$content" | ssh "$host" "cat > $remotetmp"
-  rex doas mv $remotetmp $remotefile
+  echo "$content" | ssh "$host" "cat > '$remotetmp'"
+
+  # Move temporary file to final location with doas
+  ssh "$host" "doas mv '$remotetmp' '$remotefile'"
 
 done < "$hosts_file"
 
+
+
diff --git a/app/etc/certs/dev.crt b/app/etc/certs/dev.crt
deleted file mode 100644
index 1750a20..0000000
--- a/app/etc/certs/dev.crt
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFNzCCAx+gAwIBAgIUCIJuU/7oPy1PrksppEPukIs4MfgwDQYJKoZIhvcNAQEL
-BQAwEjEQMA4GA1UEAwwHKi5sb2NhbDAeFw0yNTA4MDgyMTMyMzlaFw0yNjA4MDgy
-MTMyMzlaMBIxEDAOBgNVBAMMByoubG9jYWwwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQC+uBU5mo8h8LK00Hrw9AtaPI2yXBaVh5S8KrAJ0eoUSxc0gg7q
-dwsD9+boyaDbiePcllTLvmIKqX8K2TbiucEaqNGzJauop0+UZjjCQrzuq+cD6xPh
-+1bzcWN+oLubUtv4wi3mRNCtP56YyM4c72OweXB9Mhi9Z8e2caTjCLdcCS10i5Oy
-NWYZFhnjBxXJoElTt4HZFLDj60Iqi9thVGO4virv7VBwOvAKaCgOOuagPtISgHO7
-1t1hV9TNTHRcE37xpOZT6moPsEBitkszwPx24SgATGrG5J8UbDJ5EdY+kA4wD0mU
-hi9pUWaRlKWQjqRRszvsSnbQUPHORHSUFFpycworeNUBCmTs5jm0/+RqI4TLTUX6
-ZbJ6azgGpgbJtMbMlywW1Yuy9ACrSP/jncKekiR+0uQ5s+y2crT+aeuzHsyMtUUn
-TI1ExsOE/QWGH7MV298D+jvSSWg4WTf3dzAiFsDxP4JtDZ1NmDwm6Pjmano1Y57g
-uU++4RvYN6YKxDnkcWXIZFpUvW+dr7oLZaOcqwCx4KVCFo4e2qqigYgWgz8r05iE
-ngj7UZO70n3dZrkL4Iu2tFATHLBy1SYZIu3ewZodOeK54q63bYtVFj7ECAE4Eb7J
-6DgjOtN3GH9E2aKMjzFRvWzItRufLWIycPN/tAOh6dOPuX9oZQf71sxe3wIDAQAB
-o4GEMIGBMB0GA1UdDgQWBBSGznETTeVc5FVFEGbdVUzR5jfQADAfBgNVHSMEGDAW
-gBSGznETTeVc5FVFEGbdVUzR5jfQADAPBgNVHRMBAf8EBTADAQH/MC4GA1UdEQQn
-MCWCCWFwcC5sb2NhbIIJYXBpLmxvY2Fsgg10cmFlZmlrLmxvY2FsMA0GCSqGSIb3
-DQEBCwUAA4ICAQCl+LRB+6Rz0EJFbZnhLWvumY2KegS+QkB6YUDycJIuq/2Q9RWB
-Z0yV94asZcvHE21/BHhnMk4Qa2PsQn8gQIGCAhj+/2DVt5mGwWVgoes1gtAg6okH
-YYKhTljjfpMFqyp/lyzanzF4VdnhzDKpaRLxKwuCf0xe9V03S4/fri/tVjxpjUyc
-eaTgfDlzJgQu2rZZz8dG7fltCEhl9gBGbQ3WWaSDYOW49UXqS3LR0eBZ4s/RAG7Z
-LiBIKzOFQjLplaODsCOpOguzRfL6O2WXDADbuh7XAQmmhkfsuruPvP/5E1G1hb6K
-khsKyiYo4WLpdGJACezN/jmQVcqULz8iLI/jRaoT5g3dwvBkzyolIF+A6a33D3Ph
-vQd5ta6BT/EWTBp4T5MSyvd03rkqV0oCHeF+wTQ3iR4b5jrxlVtqCFlsK32NrB9e
-ZAboJitgxLgs6ZKXhoxCGjtZdpgYyxqgEOtJazzNitNxB8Xyb3hCc2t7VPpRUfUa
-gyddQFd1yZmhPZqhugXI+LL7xO7HHyrz+CwqeWkObJNDRIe6Me4Rxo9H0ZQfjLa1
-fAgxubtAsGr0AwQSg3X/PamEhVdjvCBCtadgHQZQLaP7ilPBcER/xBQ1jbI1LYzF
-BTCypCFykXbDxxbOwzhwRLoUHzWS2XAYT7vOHE60AokMKwArz9s3Hu+wUg==
------END CERTIFICATE-----
diff --git a/app/etc/certs/dev.key b/app/etc/certs/dev.key
deleted file mode 100644
index 44e4adb..0000000
--- a/app/etc/certs/dev.key
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC+uBU5mo8h8LK0
-0Hrw9AtaPI2yXBaVh5S8KrAJ0eoUSxc0gg7qdwsD9+boyaDbiePcllTLvmIKqX8K
-2TbiucEaqNGzJauop0+UZjjCQrzuq+cD6xPh+1bzcWN+oLubUtv4wi3mRNCtP56Y
-yM4c72OweXB9Mhi9Z8e2caTjCLdcCS10i5OyNWYZFhnjBxXJoElTt4HZFLDj60Iq
-i9thVGO4virv7VBwOvAKaCgOOuagPtISgHO71t1hV9TNTHRcE37xpOZT6moPsEBi
-tkszwPx24SgATGrG5J8UbDJ5EdY+kA4wD0mUhi9pUWaRlKWQjqRRszvsSnbQUPHO
-RHSUFFpycworeNUBCmTs5jm0/+RqI4TLTUX6ZbJ6azgGpgbJtMbMlywW1Yuy9ACr
-SP/jncKekiR+0uQ5s+y2crT+aeuzHsyMtUUnTI1ExsOE/QWGH7MV298D+jvSSWg4
-WTf3dzAiFsDxP4JtDZ1NmDwm6Pjmano1Y57guU++4RvYN6YKxDnkcWXIZFpUvW+d
-r7oLZaOcqwCx4KVCFo4e2qqigYgWgz8r05iEngj7UZO70n3dZrkL4Iu2tFATHLBy
-1SYZIu3ewZodOeK54q63bYtVFj7ECAE4Eb7J6DgjOtN3GH9E2aKMjzFRvWzItRuf
-LWIycPN/tAOh6dOPuX9oZQf71sxe3wIDAQABAoICAFzKl5kVN/qdb3VF0esV8cgP
-miljYKGT+6upYUkF1svU1Q95D+TH0pY1sSUlpJvr9O9IPS18DZt+aA9RK8EX+3oL
-FSwCcgh2juN28LqjWeUNwjJH176lWOLNEklzzpN9twTLBSX56UXBpFpVqOKvHmOo
-UjC3hQ3yRlrf5AeKIBwpYvJHTq7wCCLAfAvXUKRu1f5jVEvYI1BhECo/LZenRXWH
-IMDnR7GzG0MU9hgmVDs3FWJnGOgVXFSWNTVFs39xBNxxDJdbgAruCAV/CAvAI5V7
-asjqZTEr3rJDCjOZmBGMaTq81WHr/3lQX4UJO5yfqhcOC2OlvzUPjPZ8m/PIC1C4
-rOg6EqEA5X+VOspxbJGQVlsA1R1CkI499s5CERWQ8Z9Gb5kr4/SzKBnp8DAbngNR
-rZxuT4pch7rHZgEDiW8h18aRN3LDvjUPF2pvowEKPRmdQJ6xTi22GuyL3pl3M8Wg
-3snIl0sdfsnarWTV545bm1nIZ+4agfIzRjIc+Z4ACx3k9NBObkHxdq3Grscgl+cr
-OtuQYt7T0EDfPOGqXgZ2/imdtovIYOz7BHzlchZGIFmgtSFfgZCGcWQWiXdlGmOC
-EJQ9gwqLmCG4i1V8UIb2NQXPF77rHpOz/psptCxj7gvTwp8yFURL6hdqoUpzl7l+
-H3QGUAl1N6vvCJry0HLBAoIBAQDmue87L+x6BBg+0g2SAO0Ivl5w2Q4KKGZREgld
-7CGVyDCcZGs1EHsATZgNPUH0L9rjegTtSzarGdLPSTnDdc6mataS++3YdmWRYKxo
-8so3L074FLW3acisP8YdsH99jrwkrYAm130whIkk8cEZAlSYd3uVj7RypN/WDDWm
-UOmGWrQYBduGF3/JvnFbLIbassfzc7Yx2jgFDyFpQur6ZNDK3YUbjGALe07D/TO6
-k4AN7NUg8J8e/nF5J2HOtGUTlHScouz3AhJFbBtGJMh2zPburR7iAU4oSCAwbiiG
-3AsVqndt1iTUqkEeHUBogx9OiXfLccXxdZkXNz42Tv7ezYePAoIBAQDTnEJJV/sm
-NDhMkPjKFLprdpP7n6nNlECXrNogHGTTOiXMUcgVl/CuX8cfOc7ExfJ91Bh2XqN2
-H9tgOzlTWEcRORFAJv2ZRSBTfVQAboL1ncZTMXlDR3SqPVC7GC53gk4IAbm2Rs59
-jqHqZJdGMHAK747zQAPO8c5qCUgDAO8hP7mrdBU9+Tj9lA0vNyGq4uUqoepUvado
-Suk3CggsVjcVffzBIm8u0QHNHVUg3hVHycJTQwSIyWbej/eCx1ZD5/9olO6aREHS
-lKr0Bm4+1AdlkXgJE/eoABQa1fiUgEjPbi9q4ORjpFbMbcvnb9Z6sf2VvTZn/wj6
-K4JtX50o+YuxAoIBAQCa/RvvLmo0LLv8ty3Wfji8PuVB+QytViYlH3CbXxvQegHt
-jKdXphJ6SaVyf0vmtJ7dYAIfRP8cQOSTyiS7YE/JCsvJQOKtHhtsZPxsI2wjVew+
-Sesnoi/jRZPYLc/2kANiwAnuDaNTDDT0VFHacu5Q3TJvbXFR8d9K8ji32HKGhjek
-S4sDsJVu+Dc9f9O25ZHbwEcLhgNLorZW91TRjxeSruvTbaC3FcX7cgNlud+zevxQ
-fFLnhxTCxem16Qhc9sS+09NKumF7sPtBS0Q+ScE246RzPV07QfgdkGI49Weczj4b
-0lY7ZYMIr62shyhooX+PcoX9hXmpVrq70KT1FiuRAoIBAQDAN8Gys9usIWU+j7We
-guOvuB/GQotQ9akS3e2pm4EuqjQpe+Q/USxMiS3sPGuJLLIQAHhUFbVwGJICwOla
-vuaXS3pTBtf3wOYTUNXcKoaFK9M6QMeBCMh914Kc4ONcpZ3SAhc67uik/soviz4q
-gNdV57O3XF/ZPKcehN3H9LJDRoqWprSg/eD53uF3ESJhAwfeCQQ+A6SsxNdBqrgv
-5gTVXgMZQPkz0qFLO6jXWUSFWE1PqqHUyvXJl4biYcYHmxbTXe27beNIsMj1L143
-bgxmA5TA0kV1ctTQZ6sM4dbBrboe4Lg1ltNNkTLWQS3XeBT8Tsq7/tudu6YXSfIN
-hViRAoIBAHGypG9v+vToWta0AT4CC3eOvNjzKGtr26oycFsXqQE8Q6ZKohcG0UNj
-QnfawjyVhSdq2hS0O0uZuhyeea9nBtL8y8u120rvS10C71er7hG2ywscdJ4Hr5WX
-D27RC+U7AwMbcqEy3Vs9vo2c5cBivLGWf/R3SgCecwxX8APysuSXod7DKhNviS4P
-f8t8Tui//+PkNV6brOLvu0kITypoFhp9qAexgAuLTXOPNEILugcsfusBwPEjSdAR
-LBh1fxSrGPCcRqo+8N4qorki1IE0l/bJBj3p2vREgItmq+OC0KT47Ye0BVJJtrrU
-YV/U3ImFkT12e6nwfgrMRfQCZrRsp9g=
------END PRIVATE KEY-----
diff --git a/app/firewall b/app/firewall
new file mode 100644
index 0000000..8e9d5ab
--- /dev/null
+++ b/app/firewall
@@ -0,0 +1,11 @@
+#! ----------- install ufe
+rex doas rc-update add ufw
+rex doas rc-service ufw start
+rex doas ufw default deny incoming
+rex doas ufw default allow outgoing
+
+rex doas ufw allow 80/tcp
+rex doas ufw allow 443/tcp
+rex doas ufw enable
+rex doas ufw status verbose
+
diff --git a/app/host_vars/vault/boston b/app/host_vars/boston
similarity index 100%
rename from app/host_vars/vault/boston
rename to app/host_vars/boston
diff --git a/app/host_vars/ca.crt b/app/host_vars/ca.crt
new file mode 100644
index 0000000..bf88e8e
--- /dev/null
+++ b/app/host_vars/ca.crt
@@ -0,0 +1,5 @@
+-----BEGIN NEBULA CERTIFICATE-----
+Cj8KDU9ET080cHJvamVjdHMoqNOhvgYwqKTJogg6IDv7w4DxfOvLDJ6WgjE3V8MZ
+k1I6t5GjmBmnyd0Wf0UqQAESQAzBFnjUsemshOlFCJisKbXdqBR83/Fl5aS0xSQj
+ZcDIpmgPnslBHTo8oPJLWeuU0Qd9IHNfdQvam2j6YnzVQAE=
+-----END NEBULA CERTIFICATE-----
diff --git a/app/host_vars/dev b/app/host_vars/dev
deleted file mode 100644
index cb3c613..0000000
--- a/app/host_vars/dev
+++ /dev/null
@@ -1,4 +0,0 @@
-API_KEY=4h6lDzAOVksuCqmhEB3
-hostname="dev"
-nebula_key="123"
-nebula_cert="456"
diff --git a/app/host_vars/dev/dev b/app/host_vars/dev/dev
new file mode 100644
index 0000000..e69de29
diff --git a/app/host_vars/dev/dev.crt b/app/host_vars/dev/dev.crt
new file mode 100644
index 0000000..340c7db
--- /dev/null
+++ b/app/host_vars/dev/dev.crt
@@ -0,0 +1,6 @@
+-----BEGIN NEBULA CERTIFICATE-----
+CmYKA2RldhIKk5KghQyA/v//DyIDYmVlKI+YrcUGMKekyaIIOiAXY9FKiA1V6ayD
+Vx9Ce9UK3YcCF93DNP68WPixdl9LZUognXOojuxdSXZ4IG4v3A8HJ/77YSYnV/il
+ywmZ6V2khEESQHUVytAPARrJ0KxKPolUot6cl+UNMo5HOMqg2kxiRZBIUTp5XIME
+WfrYcdjlS9af7I34439r6gs4bA2LDGaaMQs=
+-----END NEBULA CERTIFICATE-----
diff --git a/app/host_vars/dev/dev.env b/app/host_vars/dev/dev.env
new file mode 100644
index 0000000..b5bac41
--- /dev/null
+++ b/app/host_vars/dev/dev.env
@@ -0,0 +1,2 @@
+API_KEY=4h6lDzAOVksuCqmhEB3
+HOSTNAME="dev"
diff --git a/app/host_vars/dev/dev.key b/app/host_vars/dev/dev.key
new file mode 100644
index 0000000..60f5ec9
--- /dev/null
+++ b/app/host_vars/dev/dev.key
@@ -0,0 +1,3 @@
+-----BEGIN NEBULA X25519 PRIVATE KEY-----
+96/m6SrUsGWzT6atNvnopzygGhIAaXbBCXT8KAvwKp8=
+-----END NEBULA X25519 PRIVATE KEY-----
diff --git a/app/host_vars/dev/dev.pub b/app/host_vars/dev/dev.pub
new file mode 100644
index 0000000..e69de29
diff --git a/app/host_vars/vault/london b/app/host_vars/london
similarity index 100%
rename from app/host_vars/vault/london
rename to app/host_vars/london
diff --git a/app/host_vars/vault/mumbai b/app/host_vars/mumbai
similarity index 100%
rename from app/host_vars/vault/mumbai
rename to app/host_vars/mumbai
diff --git a/app/host_vars/vault/saopaulo b/app/host_vars/saopaulo
similarity index 100%
rename from app/host_vars/vault/saopaulo
rename to app/host_vars/saopaulo
diff --git a/app/onboarding b/app/onboarding
index b8de7c0..e9c805b 100755
--- a/app/onboarding
+++ b/app/onboarding
@@ -1,23 +1,27 @@
 #!/bin/bash
-template templates/hosthostname /etc/hostname
+template templates/hostname /etc/hostname
+
+
+rex doas apk update
+rex doas apk add bash doas openssh
+
+
 # ass swap file ????
-# ------ create user 4server
-
-
 # ------ disable root user and login
 
 
 # ----- install nabula
 echo "prsync nebula bin"
-prsync -h "$hosts_file" -avz ./templates/nebula/nebula /4server/nebula
+prsync -h "$hosts_file" -avz ./sbin/nebula /4server/nebula
 rex doas mv /4server/nebula /usr/bin/ 
 
 rex doas mkdir -p /etc/nebula
 rex doas chmod 700 /etc/nebula
 
-template templates/nebula/nebula.yml /etc/nebula/config.yml
+template templates/nebula/config.yml /etc/nebula/config.yml
 template templates/nebula/host.key /etc/nebula/host.key            
 template templates/nebula/host.crt /etc/nebula/host.crt
+template templates/nebula/ca.crt /etc/nebula/ca.crt
 
 rex doas chmod 700 /etc/nebula
 
@@ -34,6 +38,22 @@ rex doas rc-update add ping_service default
 rex doas rc-service ping_service restart
 
 
-#! ----------- install ufe
-- ssh, 8080 only on nebula
-- only 80, 443 to the world
+# ADD USER 4SERVER
+rex doas adduser -D -s /bin/bash 4server
+
+SSH_DIR="/home/4server/.ssh"
+rex doas mkdir -p "$SSH_DIR"
+rex doas chmod 700 "$SSH_DIR"
+rex doas chown 4server:4server "$SSH_DIR"
+
+template templates/ssh/id_ed25519 /home/4server/.ssh/id_ed25519
+template templates/ssh/id_ed25519.pub /home/4server/.ssh/id_ed25519.pub
+rex "doas bash -c 'chmod 700 /home/4server/.ssh/*'"
+rex "doas bash -c 'chown -R 4server:4server /home/4server/.ssh/*'"
+
+template templates/.bashrc /home/4server/.bashrc
+rex doas mkdir -p /etc/doas.d
+
+rex "doas sh -c 'grep -q \"permit nopass 4server as root\" /etc/doas.d/4server.conf 2>/dev/null || echo \"permit nopass 4server as root\" | tee -a /etc/doas.d/4server.conf > /dev/null'"
+
+
diff --git a/app/templates/.bashrc b/app/templates/.bashrc
new file mode 100644
index 0000000..ae664fe
--- /dev/null
+++ b/app/templates/.bashrc
@@ -0,0 +1,8 @@
+# ~/.bashrc
+
+echo "Server {{HOSTNAME}}"
+
+
+export PS1="\[\e[32m\]\h:\w\$\[\e[0m\] "
+df -h .
+
diff --git a/app/templates/hostname b/app/templates/hostname
index 12ef44b..5332dc4 100644
--- a/app/templates/hostname
+++ b/app/templates/hostname
@@ -1 +1 @@
-{{hostname}}
+{{HOSTNAME}}
diff --git a/app/templates/init.d/ping_check b/app/templates/init.d/ping_service
similarity index 100%
rename from app/templates/init.d/ping_check
rename to app/templates/init.d/ping_service
diff --git a/app/templates/nebula/ca.crt b/app/templates/nebula/ca.crt
new file mode 100644
index 0000000..814039a
--- /dev/null
+++ b/app/templates/nebula/ca.crt
@@ -0,0 +1 @@
+{{NEBULA_CA}}
diff --git a/app/templates/nebula/config.yml b/app/templates/nebula/config.yml
index f886d82..01b56b8 100644
--- a/app/templates/nebula/config.yml
+++ b/app/templates/nebula/config.yml
@@ -20,7 +20,7 @@ relay:
 
 tun:
   disabled: false
-  dev: nebula1
+  dev: nebula2
   drop_local_broadcast: false
   drop_multicast: false
   tx_queue: 500
diff --git a/app/templates/nebula/host.crt b/app/templates/nebula/host.crt
new file mode 100644
index 0000000..a19c09a
--- /dev/null
+++ b/app/templates/nebula/host.crt
@@ -0,0 +1 @@
+{{NEBULA_CRT}}
diff --git a/app/templates/nebula/host.key b/app/templates/nebula/host.key
new file mode 100644
index 0000000..8ca51de
--- /dev/null
+++ b/app/templates/nebula/host.key
@@ -0,0 +1 @@
+{{NEBULA_KEY}}
diff --git a/app/templates/ssh/id_ed25519 b/app/templates/ssh/id_ed25519
new file mode 100644
index 0000000..2846a8f
--- /dev/null
+++ b/app/templates/ssh/id_ed25519
@@ -0,0 +1 @@
+{{SSH_PRIVATE}}
diff --git a/app/templates/ssh/id_ed25519.pub b/app/templates/ssh/id_ed25519.pub
new file mode 100644
index 0000000..0ac1014
--- /dev/null
+++ b/app/templates/ssh/id_ed25519.pub
@@ -0,0 +1 @@
+{{ssh_public}}
diff --git a/app/update b/app/update
index 891cd28..435bd7b 100755
--- a/app/update
+++ b/app/update
@@ -10,7 +10,7 @@ template templates/hosts /etc/hosts
 ### PACKAGES
 template templates/repositories /etc/apk/repositories            
 rex doas apk update && upgrade
-rex doas apk add python3 build-base python3-dev linux-headers py3-pip gcc g++ musl-dev libffi-dev make jq rsync mc vim docker docker-compose htop linux-lts sqlite bash postgresql16-client
+rex doas apk add openssh ufw python3 build-base python3-dev linux-headers py3-pip gcc g++ musl-dev libffi-dev make jq rsync mc vim docker docker-compose htop linux-lts sqlite bash postgresql16-client
 
 rex doas pip install  --break-system-packages --no-cache-dir "uvicorn[standard]" fastapi pydantic psutil