Add dual-stack IPv4/IPv6 network support for TKL v19

conf/turnkey.d/confconsole-autorun

@@ -2,12 +2,20 @@
 
 # copy in confconsole auto start file
 mkdir -p /root/.bashrc.d/
-cp /usr/share/confconsole/autostart/confconsole-auto \
-    /root/.bashrc.d/confconsole-auto
-# should already be executable, but just in case
-chmod +x /root/.bashrc.d/confconsole-auto
+if [ -f /usr/share/confconsole/autostart/confconsole-auto ]; then
+    cp /usr/share/confconsole/autostart/confconsole-auto \
+        /root/.bashrc.d/confconsole-auto
+    # should already be executable, but just in case
+    chmod +x /root/.bashrc.d/confconsole-auto
+else
+    echo "Warning: confconsole-auto file not found, skipping copy"
+fi
 
 # autostart "once"
 CONF=/etc/confconsole/confconsole.conf
-sed -i "s|^#autostart|autostart|g" $CONF
-sed -i "s|^autostart.*|autostart once|g" $CONF
+if [ -f "$CONF" ]; then
+    sed -i "s|^#autostart|autostart|g" $CONF
+    sed -i "s|^autostart.*|autostart once|g" $CONF
+else
+    echo "Warning: $CONF not found, skipping autostart configuration"
+fi

conf/turnkey.d/dpkg-vendor

@@ -4,4 +4,4 @@
 # returns the correct string
 
 rm -rf /etc/dpkg/origins/default
-ln -s /etc/dpkg/origins/TurnKey /etc/dpkg/origins/default
+ln -sf /etc/dpkg/origins/TurnKey /etc/dpkg/origins/default

conf/turnkey.d/etckeeper

@@ -2,5 +2,6 @@
 # un-initialize etckeeper
 
 echo "inithooks.conf" >> /etc/.gitignore
+mkdir -p /etc/etckeeper/uninit.d
 etckeeper uninit -f
 

conf/turnkey.d/fail2ban-fixes

@@ -4,6 +4,7 @@
 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024305
 
 CONF=/etc/fail2ban/fail2ban.conf
+[ -f "$CONF" ] || exit 0
 if ! grep -q '^allowipv6' $CONF; then
     sed -i '\|^\[Definition\]|a \\nallowipv6 = auto' $CONF
 fi
@@ -27,7 +28,7 @@ cat > fail2ban.patch <<EOF
  cmnfailre-failed-pub-ignore =
 
 EOF
-git apply fail2ban.patch
+git apply --check fail2ban.patch 2>/dev/null && git apply fail2ban.patch || echo "patch already applied, skipping"
 rm fail2ban.patch
 
 cat > /etc/cron.weekly/fail2ban <<EOF

conf/turnkey.d/monit

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-ln -s /etc/monit/monitrc.d/system /etc/monit/conf.d/system
+ln -sf /etc/monit/monitrc.d/system /etc/monit/conf.d/system

conf/turnkey.d/roothome

@@ -1,7 +1,7 @@
 #!/bin/bash -e
 
 # harden ssh client directories
-mkdir -m 0700 /etc/skel/.ssh
+mkdir -p -m 0700 /etc/skel/.ssh
 cp -dRn /etc/skel/.ssh /root
 
 cp /etc/skel/.bashrc /root

conf/turnkey.d/webmin-conf

@@ -26,3 +26,4 @@ update_or_add no_tls1_1 1
 update_or_add no_tls1_2
 update_or_add extracas
 update_or_add ssl_hsts 0
+update_or_add ipv6 1

conf/turnkey.d/webmin-history

@@ -1,5 +1,6 @@
 #!/bin/sh -e
-
-mkdir -p /etc/webmin/system-status/history
-mv /etc/webmin/system-status/history /var/webmin/
-ln -s /var/webmin/history /etc/webmin/system-status/history 
+if [ ! -L /etc/webmin/system-status/history ]; then
+    mkdir -p /etc/webmin/system-status/history
+    mv /etc/webmin/system-status/history /var/webmin/
+fi
+ln -sf /var/webmin/history /etc/webmin/system-status/history

conf/turnkey.d/webmin-lets-enc

@@ -1,7 +1,9 @@
 #/bin/bash -e
-
 # Disable Webmin Let's Encrypt config - via patch
-
-cd /usr/share/webmin/webmin
-git apply /usr/local/src/webmin.patch
-rm /usr/local/src/webmin.patch
+if [ -f /usr/local/src/webmin.patch ]; then
+    cd /usr/share/webmin/webmin
+    git apply /usr/local/src/webmin.patch
+    rm /usr/local/src/webmin.patch
+else
+    echo "webmin.patch not found, skipping (may already be applied)"
+fi

conf/turnkey.d/webmin-theme

@@ -1,12 +1,12 @@
 #!/bin/sh -e
-
 set ${WEBMIN_THEME:=authentic-theme}
-
 CONF_DIR=/etc/webmin
 LOGO_DIR=$CONF_DIR/$WEBMIN_THEME
-
 echo "theme=$WEBMIN_THEME" >> $CONF_DIR/config
 echo "preroot=$WEBMIN_THEME" >> $CONF_DIR/miniserv.conf
-
-mv $LOGO_DIR/tkl-logo-white.png $LOGO_DIR/logo.png
-mv $LOGO_DIR/tkl-logo-black.png $LOGO_DIR/logo_welcome.png
+if [ -f $LOGO_DIR/tkl-logo-white.png ]; then
+    mv $LOGO_DIR/tkl-logo-white.png $LOGO_DIR/logo.png
+    mv $LOGO_DIR/tkl-logo-black.png $LOGO_DIR/logo_welcome.png
+else
+    echo "TKL logos not found in overlay, skipping webmin theme logos"
+fi

mk/turnkey/apache.mk

@@ -1,2 +1,2 @@
 COMMON_OVERLAYS += apache
-COMMON_CONF += apache-vhost apache-headers apache-security
+COMMON_CONF += apache-vhost apache-headers apache-security apache-ssl

overlays/turnkey.d/dhcpcd-noauto/etc/systemd/system/dhcpcd.service

@@ -0,0 +1 @@
+/dev/null

overlays/turnkey.d/interfaces/etc/network/interfaces

@@ -6,8 +6,10 @@ iface lo inet loopback
 
 auto eth0
 iface eth0 inet dhcp
+iface eth0 inet6 dhcp
  hostname _UNCONFIGURED_
 
 allow-hotplug eth1
 iface eth1 inet dhcp
+iface eth1 inet6 dhcp
  hostname _UNCONFIGURED_

overlays/turnkey.d/networking/etc/gai.conf

@@ -0,0 +1,2 @@
+# Prefer IPv4 for external connections (v19)
+precedence ::ffff:0:0/96  100

plans/net

@@ -4,6 +4,6 @@ bind9-host           # Version of 'host' bundled with BIND 9.X
 netbase              # Basic TCP/IP networking system
 net-tools            # The NET-3 networking toolkit
 iproute2             # networking and traffic control tools
-udhcpc               # very small DHCP client
+dhcpcd               # Also very small DHCPv4 and DHCPv6 client
 traceroute           # Traces the route taken by packets over a tcp/ip network
 iputils-ping         # Tools to test the reachability of network hosts

plans/turnkey/base

@@ -26,7 +26,7 @@ dbus
 /* seed entropy in early boot (especially useful when live booting).       */
 jitterentropy-rngd
 
-//tklbam                  /* still depends on py2 for now */
+tklbam
 
 hubdns
 inithooks
@@ -41,7 +41,9 @@ etckeeper
 git
 
 lsb-release
+locales
 localepurge
+mawk
 man-db
 screen
 dtach
@@ -96,3 +98,7 @@ python3-requests        /* confconsole lets encrypt recommends (actually depends
 //ifndef CHROOT_ONLY
 acpi-support-base
 //endif
+
+/* IPv6 support for Webmin (v19) */
+libsocket6-perl
+libio-socket-ssl-perl

plans/turnkey/postgresql

@@ -0,0 +1,2 @@
+postgresql
+webmin-postgresql