diff --git a/lib/configfiles/gentoo.xml b/lib/configfiles/gentoo.xml
index 8c564ccb..f75ea87f 100644
--- a/lib/configfiles/gentoo.xml
+++ b/lib/configfiles/gentoo.xml
@@ -319,6 +319,542 @@ mail	IN		A	<SERVERIP>
 					<command><![CDATA[rc-update add named default]]></command>
 					<command><![CDATA[/etc/init.d/named restart]]></command>
 				</daemon>
+				<daemon name="powerdns" title="PowerDNS via bind-backend">
+					<install><![CDATA[emerge net-dns/pdns]]></install>
+					<file name="/etc/powerdns/pdns.conf" backup="true">
+						<content><![CDATA[
+# Autogenerated configuration file template
+#################################
+# allow-axfr-ips	Allow zonetransfers only to these subnets
+#
+allow-axfr-ips=<NAMESERVERS>
+
+#################################
+# allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
+#
+# allow-dnsupdate-from=127.0.0.0/8,::1
+
+#################################
+# allow-recursion	List of subnets that are allowed to recurse
+#
+allow-recursion=127.0.0.1
+
+#################################
+# also-notify	When notifying a domain, also notify these nameservers
+#
+# also-notify=
+
+#################################
+# any-to-tcp	Answer ANY queries with tc=1, shunting to TCP
+#
+# any-to-tcp=no
+
+#################################
+# cache-ttl	Seconds to store packets in the PacketCache
+#
+# cache-ttl=20
+
+#################################
+# carbon-interval	Number of seconds between carbon (graphite) updates
+#
+# carbon-interval=30
+
+#################################
+# carbon-ourname	If set, overrides our reported hostname for carbon stats
+#
+# carbon-ourname=
+
+#################################
+# carbon-server	If set, send metrics in carbon (graphite) format to this server
+#
+# carbon-server=
+
+#################################
+# chroot	If set, chroot to this directory for more security
+#
+# chroot=
+
+#################################
+# config-dir	Location of configuration directory (pdns.conf)
+#
+config-dir=/etc/powerdns
+
+#################################
+# config-name	Name of this virtual configuration - will rename the binary image
+#
+# config-name=
+
+#################################
+# control-console	Debugging switch - don't use
+#
+# control-console=no
+
+#################################
+# daemon	Operate as a daemon
+#
+daemon=yes
+
+#################################
+# default-ksk-algorithms	Default KSK algorithms
+#
+# default-ksk-algorithms=rsasha256
+
+#################################
+# default-ksk-size	Default KSK size (0 means default)
+#
+# default-ksk-size=0
+
+#################################
+# default-soa-mail	mail address to insert in the SOA record if none set in the backend
+#
+# default-soa-mail=
+
+#################################
+# default-soa-name	name to insert in the SOA record if none set in the backend
+#
+# default-soa-name=a.misconfigured.powerdns.server
+
+#################################
+# default-ttl	Seconds a result is valid if not set otherwise
+#
+# default-ttl=3600
+
+#################################
+# default-zsk-algorithms	Default ZSK algorithms
+#
+# default-zsk-algorithms=rsasha256
+
+#################################
+# default-zsk-size	Default ZSK size (0 means default)
+#
+# default-zsk-size=0
+
+#################################
+# direct-dnskey	Fetch DNSKEY RRs from backend during DNSKEY synthesis
+#
+# direct-dnskey=no
+
+#################################
+# disable-axfr	Disable zonetransfers but do allow TCP queries
+#
+disable-axfr=yes
+
+#################################
+# disable-axfr-rectify	Disable the rectify step during an outgoing AXFR. Only required for regression testing.
+#
+# disable-axfr-rectify=no
+
+#################################
+# disable-tcp	Do not listen to TCP queries
+#
+# disable-tcp=no
+
+#################################
+# distributor-threads	Default number of Distributor (backend) threads to start
+#
+# distributor-threads=3
+
+#################################
+# do-ipv6-additional-processing	Do AAAA additional processing
+#
+# do-ipv6-additional-processing=yes
+
+#################################
+# edns-subnet-processing	If we should act on EDNS Subnet options
+#
+# edns-subnet-processing=no
+
+#################################
+# entropy-source	If set, read entropy from this file
+#
+# entropy-source=/dev/urandom
+
+#################################
+# experimental-api-key	REST API Static authentication key (required for API use)
+#
+# experimental-api-key=
+
+#################################
+# experimental-api-readonly	If the JSON API should disallow data modification
+#
+# experimental-api-readonly=no
+
+#################################
+# experimental-dname-processing	If we should support DNAME records
+#
+# experimental-dname-processing=no
+
+#################################
+# experimental-dnsupdate	Enable/Disable DNS update (RFC2136) support. Default is no.
+#
+# experimental-dnsupdate=no
+
+#################################
+# experimental-json-interface	If the webserver should serve JSON data
+#
+# experimental-json-interface=no
+
+#################################
+# experimental-logfile	Filename of the log file for JSON parser
+#
+# experimental-logfile=/var/log/pdns.log
+
+#################################
+# forward-dnsupdate	A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
+#
+# forward-dnsupdate=yes
+
+#################################
+# guardian	Run within a guardian process
+#
+guardian=yes
+
+#################################
+# include-dir	Include *.conf files from this directory
+#
+# include-dir=
+
+#################################
+# launch	Which backends to launch and order to query them in
+#
+launch=bind
+
+#################################
+# load-modules	Load this module - supply absolute or relative path
+#
+# load-modules=
+
+#################################
+# local-address	Local IP addresses to which we bind
+#
+local-address=<SERVERIP>,127.0.0.1
+
+#################################
+# local-address-nonexist-fail	Fail to start if one or more of the local-address's do not exist on this server
+#
+# local-address-nonexist-fail=yes
+
+#################################
+# local-ipv6	Local IP address to which we bind
+#
+# local-ipv6=
+
+#################################
+# local-ipv6-nonexist-fail	Fail to start if one or more of the local-ipv6 addresses do not exist on this server
+#
+# local-ipv6-nonexist-fail=yes
+
+#################################
+# local-port	The port on which we listen
+#
+local-port=53
+
+#################################
+# log-dns-details	If PDNS should log DNS non-erroneous details
+#
+log-dns-details=yes
+
+#################################
+# log-dns-queries	If PDNS should log all incoming DNS queries
+#
+# log-dns-queries=no
+
+#################################
+# logging-facility	Log under a specific facility
+#
+# logging-facility=
+
+#################################
+# loglevel	Amount of logging. Higher is more. Do not set below 3
+#
+# loglevel=4
+
+#################################
+# lua-prequery-script	Lua script with prequery handler
+#
+# lua-prequery-script=
+
+#################################
+# master	Act as a master
+#
+master=yes
+
+#################################
+# max-cache-entries	Maximum number of cache entries
+#
+# max-cache-entries=1000000
+
+#################################
+# max-ent-entries	Maximum number of empty non-terminals in a zone
+#
+# max-ent-entries=100000
+
+#################################
+# max-nsec3-iterations	Limit the number of NSEC3 hash iterations
+#
+# max-nsec3-iterations=500
+
+#################################
+# max-queue-length	Maximum queuelength before considering situation lost
+#
+# max-queue-length=5000
+
+#################################
+# max-signature-cache-entries	Maximum number of signatures cache entries
+#
+# max-signature-cache-entries=
+
+#################################
+# max-tcp-connections	Maximum number of TCP connections
+#
+# max-tcp-connections=10
+
+#################################
+# module-dir	Default directory for modules
+#
+module-dir=/usr/lib/powerdns/pdns/
+
+#################################
+# negquery-cache-ttl	Seconds to store negative query results in the QueryCache
+#
+# negquery-cache-ttl=60
+
+#################################
+# no-shuffle	Set this to prevent random shuffling of answers - for regression testing
+#
+# no-shuffle=off
+
+#################################
+# only-notify	Only send AXFR NOTIFY to these IP addresses or netmasks
+#
+# only-notify=0.0.0.0/0,::/0
+
+#################################
+# out-of-zone-additional-processing	Do out of zone additional processing
+#
+# out-of-zone-additional-processing=yes
+
+#################################
+# overload-queue-length	Maximum queuelength moving to packetcache only
+#
+# overload-queue-length=0
+
+#################################
+# pipebackend-abi-version	Version of the pipe backend ABI
+#
+# pipebackend-abi-version=1
+
+#################################
+# prevent-self-notification	Don't send notifications to what we think is ourself
+#
+# prevent-self-notification=yes
+
+#################################
+# query-cache-ttl	Seconds to store query results in the QueryCache
+#
+# query-cache-ttl=20
+
+#################################
+# query-local-address	Source IP address for sending queries
+#
+# query-local-address=0.0.0.0
+
+#################################
+# query-local-address6	Source IPv6 address for sending queries
+#
+# query-local-address6=::
+
+#################################
+# query-logging	Hint backends that queries should be logged
+#
+# query-logging=no
+
+#################################
+# queue-limit	Maximum number of milliseconds to queue a query
+#
+# queue-limit=1500
+
+#################################
+# receiver-threads	Default number of receiver threads to start
+#
+# receiver-threads=1
+
+#################################
+# recursive-cache-ttl	Seconds to store packets for recursive queries in the PacketCache
+#
+# recursive-cache-ttl=10
+
+#################################
+# recursor	If recursion is desired, IP address of a recursing nameserver
+#
+# recursor=no
+
+#################################
+# retrieval-threads	Number of AXFR-retrieval threads for slave operation
+#
+# retrieval-threads=2
+
+#################################
+# reuseport	Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
+#
+# reuseport=no
+
+#################################
+# security-poll-suffix	Domain name from which to query security update notifications
+#
+# security-poll-suffix=secpoll.powerdns.com.
+
+#################################
+# send-root-referral	Send out old-fashioned root-referral instead of ServFail in case of no authority
+#
+# send-root-referral=no
+
+#################################
+# server-id	Returned when queried for 'server.id' TXT or NSID, defaults to hostname - disabled or custom
+#
+# server-id=
+
+#################################
+# setgid	If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid	If set, change user id to this uid for more security
+#
+setuid=pdns
+
+#################################
+# signing-threads	Default number of signer threads to start
+#
+# signing-threads=3
+
+#################################
+# slave	Act as a slave
+#
+# slave=no
+
+#################################
+# slave-cycle-interval	Reschedule failed SOA serial checks once every .. seconds
+#
+# slave-cycle-interval=60
+
+#################################
+# slave-renotify	If we should send out notifications for slaved updates
+#
+# slave-renotify=no
+
+#################################
+# soa-expire-default	Default SOA expire
+#
+# soa-expire-default=604800
+
+#################################
+# soa-minimum-ttl	Default SOA minimum ttl
+#
+# soa-minimum-ttl=3600
+
+#################################
+# soa-refresh-default	Default SOA refresh
+#
+# soa-refresh-default=10800
+
+#################################
+# soa-retry-default	Default SOA retry
+#
+# soa-retry-default=3600
+
+#################################
+# socket-dir	Where the controlsocket will live
+#
+socket-dir=/var/run
+
+#################################
+# tcp-control-address	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-address=
+
+#################################
+# tcp-control-port	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-port=53000
+
+#################################
+# tcp-control-range	If set, remote control of PowerDNS is possible over these networks only
+#
+# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
+
+#################################
+# tcp-control-secret	If set, PowerDNS can be controlled over TCP after passing this secret
+#
+# tcp-control-secret=
+
+#################################
+# traceback-handler	Enable the traceback handler (Linux only)
+#
+# traceback-handler=yes
+
+#################################
+# trusted-notification-proxy	IP address of incoming notification proxy
+#
+# trusted-notification-proxy=
+
+#################################
+# udp-truncation-threshold	Maximum UDP response size before we truncate
+#
+# udp-truncation-threshold=1680
+
+#################################
+# version-string	PowerDNS version in packets - full, anonymous, powerdns or custom
+#
+version-string=powerdns
+
+#################################
+# webserver	Start a webserver for monitoring
+#
+# webserver=no
+
+#################################
+# webserver-address	IP Address of webserver to listen on
+#
+# webserver-address=127.0.0.1
+
+#################################
+# webserver-allow-from	Webserver access is only allowed from these subnets
+#
+# webserver-allow-from=0.0.0.0/0,::/0
+
+#################################
+# webserver-password	Password required for accessing the webserver
+#
+# webserver-password=
+
+#################################
+# webserver-port	Port of webserver to listen on
+#
+# webserver-port=8081
+
+#################################
+# webserver-print-arguments	If the webserver should print arguments
+#
+# webserver-print-arguments=no
+
+# include froxlor-bind-specific config
+include=/etc/powerdns/pdns_froxlor.conf
+]]>
+						</content>
+					</file>
+					<file name="/etc/powerdns/pdns_froxlor.conf" chown="root:0"
+						chmod="644">
+						<content><![CDATA[
+#local-ipv6=YOUR_IPv6_(if_any)
+bind-config=<BIND_CONFIG_PATH>named.conf
+bind-check-interval=180
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+				</daemon>
 			</service>
 			<!-- SMTP services -->
 			<service type="smtp" title="{{lng.admin.configfiles.smtp}}">
diff --git a/lib/configfiles/trusty.xml b/lib/configfiles/trusty.xml
new file mode 100644
index 00000000..443d9307
--- /dev/null
+++ b/lib/configfiles/trusty.xml
@@ -0,0 +1,1571 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<froxlor>
+	<distribution name="Ubuntu" version="Trusty, 14.04">
+		<services>
+			<!-- HTTP -->
+			<service type="http" title="{{lng.admin.configfiles.http}}">
+				<!-- general HTTP commands -->
+				<general>
+					<commands index="1">
+						<command>
+							<visibility mode="isdir">{{settings.system.apacheconf_vhost}}
+							</visibility>
+							<content><![CDATA[mkdir -p {{settings.system.apacheconf_vhost}}]]></content>
+						</command>
+						<command>
+							<visibility mode="isfile">{{settings.system.apacheconf_vhost}}
+							</visibility>
+							<content><![CDATA[touch {{settings.system.apacheconf_vhost}}]]></content>
+						</command>
+						<command><![CDATA[chown root:0 {{settings.system.apacheconf_vhost}}]]></command>
+						<command><![CDATA[chmod 0600 {{settings.system.apacheconf_vhost}}]]></command>
+						<command>
+							<visibility mode="isdir">{{settings.system.apacheconf_diroptions}}
+							</visibility>
+							<content><![CDATA[mkdir -p {{settings.system.apacheconf_diroptions}}]]></content>
+						</command>
+						<command>
+							<visibility mode="isfile">{{settings.system.apacheconf_diroptions}}
+							</visibility>
+							<content><![CDATA[touch {{settings.system.apacheconf_diroptions}}]]></content>
+						</command>
+						<command><![CDATA[chown root:0 {{settings.system.apacheconf_diroptions}}]]></command>
+						<command><![CDATA[chmod 0600 {{settings.system.apacheconf_diroptions}}]]></command>
+						<command><![CDATA[mkdir -p {{settings.system.documentroot_prefix}}]]></command>
+						<command><![CDATA[mkdir -p {{settings.system.logfiles_directory}}]]></command>
+						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_tmpdir}}]]></command>
+						<command><![CDATA[chmod 1777 {{settings.system.mod_fcgid_tmpdir}}]]></command>
+						<command>
+							<visibility mode="notempty">{{settings.system.deactivateddocroot}}
+							</visibility>
+							<content><![CDATA['mkdir -p {{settings.system.deactivateddocroot}}]]></content>
+						</command>
+						<command><![CDATA[a2dismod userdir]]></command>
+					</commands>
+				</general>
+				<!-- HTTP Apache -->
+				<daemon name="apache" version="2.2" title="Apache 2.2"
+					default="true">
+					<install><![CDATA[apt-get install apache2]]></install>
+					<include>//service[@type='http']/general/commands</include>
+					<file name="/etc/apache2/mods-enabled/fastcgi.conf">
+						<visibility mode="true">{{settings.phpfpm.enabled}}
+						</visibility>
+						<content><![CDATA[
+<IfModule mod_fastcgi.c>
+    FastCgiIpcDir <FPM_IPCDIR>
+
+    <Location "/fastcgiphp">
+        Order Deny,Allow
+        Deny from All
+        # Prevent accessing this path directly
+        Allow from env=REDIRECT_STATUS
+    </Location>
+</IfModule>
+]]>
+						</content>
+					</file>
+					<command><![CDATA[service apache2 restart]]></command>
+				</daemon>
+				<daemon name="apache" version="2.4" title="Apache 2.4">
+					<include>//service[@type='http']/daemon[@name='apache'][@version='2.2']
+					</include>
+				</daemon>
+				<!-- HTTP Lighttpd -->
+				<daemon name="lighttpd" title="LigHTTPd">
+					<install><![CDATA[apt-get install lighttpd]]></install>
+					<file name="/etc/lighttpd/lighttpd.conf">
+						<content><![CDATA[
+###############################################################################
+# Default lighttpd.conf for Froxlor.
+###############################################################################
+var.basedir  = "/var/www"
+var.logdir   = "/var/log/lighttpd"
+var.statedir = "/var/lib/lighttpd"
+
+server.modules = (
+	"mod_rewrite",
+	"mod_redirect",
+	"mod_alias",
+	"mod_access",
+	"mod_auth",
+	"mod_fastcgi",
+	"mod_cgi",
+	"mod_accesslog"
+)
+
+server.username      = "www-data"
+server.groupname     = "www-data"
+server.document-root = var.basedir
+server.pid-file      = "/var/run/lighttpd.pid"
+accesslog.filename   = var.logdir + "/access.log"
+server.errorlog      = var.logdir  + "/error.log"
+
+server.indexfiles    = ("index.php", "index.html",
+						"index.htm", "default.htm")
+						
+server.name			 = "<SERVERNAME>"
+server.port          = 80
+server.bind          = "<SERVERIP>"
+url.access-deny = ("~", ".inc")
+
+fastcgi.server = (
+".php" => (
+		"localhost" => (
+			"socket" => "/tmp/lighttpd-fcgi-sock-lighttpd",
+			"broken-scriptfilename" => "enable",
+			"bin-path" => "/usr/bin/php5-cgi",
+			"min-procs" => 1,
+			"max-procs" => 1,
+			"max-load-per-proc" => 4,
+			"idle-timeout" => 60,
+			"bin-environment" => (
+				"UID" => "www-data",
+				"GID" => "www-data",
+				"PHP_FCGI_CHILDREN" => "0",
+				"PHP_FCGI_MAX_REQUESTS" => "10000"
+			),
+			"bin-copy-environment" => ( "" )
+		)
+	)
+)
+
+#### external configuration files
+## mimetype mapping
+include_shell "/usr/share/lighttpd/create-mime.assign.pl"
+]]>
+						</content>
+					</file>
+					<include>//service[@type='http']/general/commands</include>
+					<command>
+						<visibility mode="isdir">{{settings.system.apacheconf_vhost}}
+						</visibility>
+						<content><![CDATA[echo -e \'\\ninclude_shell "cat {{settings.system.apacheconf_vhost}}*.conf"\' >> /etc/lighttpd/lighttpd.conf]]></content>
+					</command>
+					<command>
+						<visibility mode="isfile">{{settings.system.apacheconf_vhost}}
+						</visibility>
+						<content><![CDATA[echo -e \'\\ninclude "{{settings.system.apacheconf_vhost}}"\' >> /etc/lighttpd/lighttpd.conf]]></content>
+					</command>
+					<command>
+						<visibility mode="isdir">{{settings.system.apacheconf_diroptions}}
+						</visibility>
+						<content><![CDATA[echo -e \'\\ninclude_shell "cat {{settings.system.apacheconf_diroptions}}*.conf"\' >> /etc/lighttpd/lighttpd.conf]]></content>
+					</command>
+					<command>
+						<visibility mode="isfile">{{settings.system.apacheconf_diroptions}}
+						</visibility>
+						<content><![CDATA[echo -e \'\\ninclude "{{settings.system.apacheconf_diroptions}}"\' >> /etc/lighttpd/lighttpd.conf]]></content>
+					</command>
+					<command><![CDATA[lighty-disable-mod cgi]]></command>
+					<command><![CDATA[lighty-disable-mod fastcgi]]></command>
+					<command><![CDATA[service lighttpd restart]]></command>
+				</daemon>
+				<!-- HTTP Nginx -->
+				<daemon name="nginx" title="nginx">
+					<install><![CDATA[apt-get install nginx php5-cli]]></install>
+					<install>
+						<visibility mode="false">{{settings.phpfpm.enabled}}
+						</visibility>
+						<visibility mode="false">{{settings.system.mod_fcgid}}
+						</visibility>
+						<content><![CDATA[apt-get install php5-cgi]]></content>
+					</install>
+					<command><![CDATA[rm /etc/nginx/sites-enabled/default]]></command>
+					<file name="/etc/nginx/nginx.conf">
+						<content><![CDATA[
+user www-data;
+worker_processes  4;
+
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    access_log  /var/log/nginx/access.log;
+
+    sendfile        on;
+    tcp_nodelay     on;
+
+    keepalive_timeout  65;
+
+    gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}
+]]>
+						</content>
+					</file>
+					<file name="/etc/nginx/fastcgi_params">
+						<content><![CDATA[
+fastcgi_index index.php;
+
+fastcgi_connect_timeout 65;
+fastcgi_send_timeout    180;
+fastcgi_read_timeout    180;
+
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;
+]]>
+						</content>
+					</file>
+					<file name="/etc/init.d/php-fcgi" chmod="u+x">
+						<visibility mode="false">{{settings.phpfpm.enabled}}
+						</visibility>
+						<visibility mode="false">{{settings.system.mod_fcgid}}
+						</visibility>
+						<content><![CDATA[
+#!/bin/bash
+BIND="127.0.0.1:8888"
+USER="www-data"
+PHP_FCGI_CHILDREN="15"
+PHP_FCGI_MAX_REQUESTS="1000"
+
+PHP_CGI="/usr/bin/php-cgi"
+PHP_CGI_NAME="$(basename ${PHP_CGI})"
+PHP_CGI_ARGS="- USER=${USER} PATH=/usr/bin PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN} PHP_FCGI_MAX_REQUESTS=${PHP_FCGI_MAX_REQUESTS} ${PHP_CGI} -b ${BIND}"
+RETVAL="0"
+
+start() {
+      echo -n "Starting PHP FastCGI: "
+      start-stop-daemon --quiet --start --background --chuid "$USER" --exec /usr/bin/env -- $PHP_CGI_ARGS
+      RETVAL="$?"
+      echo "${PHP_CGI_NAME}."
+}
+stop() {
+      echo -n "Stopping PHP FastCGI: "
+      killall -q -w -u ${USER} ${PHP_CGI}
+      RETVAL="$?"
+      echo "${PHP_CGI_NAME}."
+}
+
+case "$1" in
+    start)
+      start
+  ;;
+    stop)
+      stop
+  ;;
+    restart)
+      stop
+      start
+  ;;
+    *)
+      echo "Usage: php-fastcgi {start|stop|restart}"
+      exit 1
+  ;;
+esac
+exit "$RETVAL"
+]]>
+						</content>
+					</file>
+					<include>//service[@type='http']/general/commands</include>
+					<command><![CDATA[chmod u+x /etc/init.d/php-fcgi]]></command>
+					<command><![CDATA[service php-fcgi restart]]></command>
+					<command><![CDATA[service nginx restart]]></command>
+				</daemon>
+			</service>
+			<!--DNS -->
+			<service type="dns" title="{{lng.admin.configfiles.dns}}">
+				<!--Bind9 -->
+				<daemon name="bind" title="Bind9 nameserver">
+					<install><![CDATA[apt-get install bind9]]></install>
+					<command><![CDATA[echo "include \"{{settings.system.bindconf_directory}}froxlor_bind.conf\";" >> /etc/bind/named.conf]]></command>
+					<command><![CDATA[touch {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
+					<command><![CDATA[chown root:bind {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
+					<command><![CDATA[chmod 0600 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
+					<command><![CDATA[service bind9 restart]]></command>
+				</daemon>
+				<daemon name="powerdns" title="PowerDNS via bind-backend">
+					<install><![CDATA[apt-get install pdns-server]]></install>
+					<file name="/etc/powerdns/pdns.conf" backup="true">
+						<content><![CDATA[
+allow-recursion=127.0.0.1
+config-dir=/etc/powerdns
+daemon=yes
+guardian=yes
+launch=bind
+lazy-recursion=yes
+local-port=53
+master=yes
+module-dir=/usr/lib/powerdns
+setgid=pdns
+setuid=pdns
+socket-dir=/var/run
+version-string=powerdns
+bind-config=<BIND_CONFIG_PATH>named.conf
+bind-check-interval=300
+include=/etc/powerdns/pdns_froxlor.conf
+]]>
+						</content>
+					</file>
+					<file name="/etc/powerdns/pdns_froxlor.conf" chown="root:0"
+						chmod="644">
+						<content><![CDATA[
+allow-axfr-ips=<NAMESERVERS>
+#local-ipv6=YOUR_IPv6_(if_any)
+bind-config=<BIND_CONFIG_PATH>named.conf
+bind-check-interval=180
+log-dns-details=yes
+local-address=<SERVERIP>,127.0.0.1
+]]>
+						</content>
+					</file>
+					<command><![CDATA[service pdns restart]]></command>
+				</daemon>
+			</service>
+			<!-- SMTP services -->
+			<service type="smtp" title="{{lng.admin.configfiles.smtp}}">
+				<!-- general SMTP commands -->
+				<general>
+					<commands index="1">
+						<command>
+							<visibility mode="groupnotexists">{{settings.system.vmail_gid}}
+							</visibility>
+							<content><![CDATA[groupadd -g {{settings.system.vmail_gid}} vmail]]></content>
+						</command>
+						<command>
+							<visibility mode="usernotexists">{{settings.system.vmail_uid}}
+							</visibility>
+							<content><![CDATA[useradd -u {{settings.system.vmail_uid}} -g vmail vmail]]></content>
+						</command>
+					</commands>
+					<installs index="1">
+						<install><![CDATA[apt-get install postfix postfix-mysql]]></install>
+					</installs>
+					<commands index="2">
+						<command><![CDATA[mkdir -p /var/spool/postfix/etc/pam.d]]></command>
+						<command><![CDATA[mkdir -p /var/spool/postfix/var/run/mysqld]]></command>
+						<command><![CDATA[mkdir -p {{settings.system.vmail_homedir}}]]></command>
+						<command><![CDATA[chown -R {{settings.system.vmail_uid}}:{{settings.system.vmail_gid}} {{settings.system.vmail_homedir}}]]></command>
+						<command><![CDATA[chmod 0750  {{settings.system.vmail_homedir}}]]></command>
+					</commands>
+					<files index="0">
+						<file name="/etc/postfix/mysql-virtual_alias_maps.cf" chown="root:postfix"
+							chmod="0640">
+							<content><![CDATA[
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+hosts = <SQL_HOST>
+query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destination) <> ''
+]]>
+							</content>
+						</file>
+						<file name="/etc/postfix/mysql-virtual_mailbox_domains.cf"
+							chown="root:postfix" chmod="0640">
+							<content><![CDATA[
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+hosts = <SQL_HOST>
+query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain = '1'
+]]>
+							</content>
+						</file>
+						<file name="/etc/postfix/mysql-virtual_mailbox_maps.cf"
+							chown="root:postfix" chmod="0640">
+							<content><![CDATA[
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+expansion_limit = 1
+hosts = <SQL_HOST>
+query = SELECT CONCAT(homedir,maildir) FROM mail_users WHERE email = '%s'
+]]>
+							</content>
+						</file>
+						<file name="/etc/postfix/mysql-virtual_sender_permissions.cf"
+							chown="root:postfix" chmod="0640">
+							<content><![CDATA[
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+hosts = <SQL_HOST>
+query = SELECT DISTINCT username FROM mail_users WHERE email in ((SELECT mail_virtual.email_full FROM mail_virtual WHERE mail_virtual.email = '%s' UNION SELECT mail_virtual.destination FROM mail_virtual WHERE mail_virtual.email = '%s'));
+]]>
+							</content>
+						</file>
+						<file name="/etc/postfix/mysql-virtual_uid_maps.cf" chown="root:postfix"
+							chmod="0640">
+							<content><![CDATA[
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+expansion_limit = 1
+hosts = <SQL_HOST>
+query = SELECT uid FROM mail_users WHERE email = '%s'
+]]>
+							</content>
+						</file>
+						<file name="/etc/postfix/mysql-virtual_gid_maps.cf" chown="root:postfix"
+							chmod="0640">
+							<content><![CDATA[
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+expansion_limit = 1
+hosts = <SQL_HOST>
+query = SELECT gid FROM mail_users WHERE email = '%s'
+]]>
+							</content>
+						</file>
+						<file name="/etc/aliases" backup="true">
+							<content><![CDATA[
+# /etc/aliases
+mailer-daemon: postmaster
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
+noc: root
+security: root
+
+# change this to a valid e-mail address you can access
+root:               root@<SERVERNAME>
+]]>
+							</content>
+						</file>
+					</files>
+					<commands index="3">
+						<command><![CDATA[newaliases]]></command>
+						<command><![CDATA[service postfix restart]]></command>
+					</commands>
+				</general>
+				<!-- postfix with dovecot -->
+				<daemon name="postfix_dovecot" title="Postfix with dovecot"
+					default="true">
+					<include>//service[@type='smtp']/general/commands[@index=1]
+					</include>
+					<include>//service[@type='smtp']/general/installs[@index=1]
+					</include>
+					<include>//service[@type='smtp']/general/commands[@index=2]
+					</include>
+					<file name="/etc/postfix/main.cf" chown="root:root" chmod="0644"
+						backup="true">
+						<content><![CDATA[
+## General Postfix configuration
+# should be the default domain from your provider eg. "server100.provider.tld"
+mydomain = <SERVERNAME>
+
+# should be different from $mydomain eg. "mail.$mydomain"
+myhostname = mail.$mydomain
+
+mydestination = $myhostname,
+	$mydomain,
+	localhost.$myhostname,
+	localhost.$mydomain,
+	localhost
+mynetworks = 127.0.0.0/8
+inet_interfaces = all
+append_dot_mydomain = no
+biff = no
+
+# Postfix performance settings
+default_destination_concurrency_limit = 20
+local_destination_concurrency_limit = 2
+
+# SMTPD Settings
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+smtpd_helo_required = yes
+smtpd_recipient_restrictions = permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unauth_destination,
+	reject_unauth_pipelining,
+	reject_non_fqdn_recipient
+smtpd_sender_restrictions = permit_mynetworks,
+	reject_sender_login_mismatch,
+	permit_sasl_authenticated, 
+	reject_unknown_helo_hostname, 
+	reject_unknown_recipient_domain, 
+	reject_unknown_sender_domain
+smtpd_client_restrictions = permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unknown_client_hostname
+
+# Postfix 2.10 requires this option. Postfix < 2.10 ignores this.
+# The option is intentionally left empty.
+smtpd_relay_restrictions = 
+
+# Maximum size of Message in bytes (50MB)
+message_size_limit = 52428800
+
+## SASL Auth Settings
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_local_domain = $myhostname
+broken_sasl_auth_clients = yes
+## Dovecot Settings for deliver, SASL Auth and virtual transport
+smtpd_sasl_type = dovecot
+virtual_transport = dovecot
+dovecot_destination_recipient_limit = 1
+smtpd_sasl_path = private/dovecot-auth
+
+# Virtual delivery settings
+virtual_mailbox_base = <VIRTUAL_MAILBOX_BASE>
+virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
+virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
+virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
+smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
+virtual_uid_maps = static:<VIRTUAL_UID_MAPS>
+virtual_gid_maps = static:<VIRTUAL_GID_MAPS>
+
+# Local delivery settings
+local_transport = local
+alias_maps = $alias_database
+
+# Default Mailbox size, is set to 0 which means unlimited!
+mailbox_size_limit = 0
+virtual_mailbox_limit = 0
+
+### TLS settings
+###
+## TLS for outgoing mails from the server to another server
+#smtp_tls_security_level = may
+#smtp_tls_note_starttls_offer = yes
+## TLS for email client
+#smtpd_tls_security_level = may
+#smtpd_tls_cert_file = /etc/ssl/server/<SERVERNAME>.pem
+#smtpd_tls_key_file = $smtpd_tls_cert_file
+#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+#smtpd_tls_loglevel = 1
+#smtpd_tls_received_header = yes
+
+debugger_command =
+         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+         ddd $daemon_directory/$process_name $process_id & sleep 5
+]]>
+						</content>
+					</file>
+					<include>//service[@type='smtp']/general/files[@index=0]</include>
+					<file name="/etc/postfix/master.cf" chown="root:root" chmod="0644"
+						backup="true" mode="append">
+						<content><![CDATA[
+# Add these lines to be able to use dovecot as delivery agent
+# Dovecot LDA
+dovecot	  unix	-	n	n	-	-	pipe
+	flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
+]]>
+						</content>
+					</file>
+					<include>//service[@type='smtp']/general/commands[@index=3]
+					</include>
+				</daemon>
+				<!-- postfix with courier -->
+				<daemon name="postfix_courier" title="Postfix with courier">
+					<include>//service[@type='smtp']/general/commands[@index=1]
+					</include>
+					<include>//service[@type='smtp']/general/installs[@index=1]
+					</include>
+					<install><![CDATA[apt-get install libsasl2-2 libsasl2-modules libsasl2-modules-sql]]></install>
+					<include>//service[@type='smtp']/general/commands[@index=2]
+					</include>
+					<file name="/etc/postfix/main.cf" chown="root:root" chmod="0644"
+						backup="true">
+						<content><![CDATA[
+## General Postfix configuration
+# should be the default domain from your provider eg. "server100.provider.tld"
+mydomain = <SERVERNAME>
+
+# should be different from $mydomain eg. "mail.$mydomain"
+myhostname = mail.$mydomain
+
+mydestination = $myhostname,
+	$mydomain,
+	localhost.$myhostname,
+	localhost.$mydomain,
+	localhost
+mynetworks = 127.0.0.0/8
+inet_interfaces = all
+append_dot_mydomain = no
+biff = no
+
+# Postfix performance settings
+default_destination_concurrency_limit = 20
+local_destination_concurrency_limit = 2
+
+# SMTPD Settings
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+smtpd_helo_required = yes
+smtpd_recipient_restrictions = permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unauth_destination,
+	reject_unauth_pipelining,
+	reject_non_fqdn_recipient
+smtpd_sender_restrictions = permit_mynetworks,
+	reject_sender_login_mismatch,
+	permit_sasl_authenticated, 
+	reject_unknown_helo_hostname, 
+	reject_unknown_recipient_domain, 
+	reject_unknown_sender_domain
+smtpd_client_restrictions = permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unknown_client_hostname
+
+# Postfix 2.10 requires this option. Postfix < 2.10 ignores this.
+# The option is intentionally left empty.
+smtpd_relay_restrictions = 
+
+# Maximum size of Message in bytes (50MB)
+message_size_limit = 52428800
+
+## SASL Auth Settings
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_local_domain = $myhostname
+broken_sasl_auth_clients = yes
+
+# Virtual delivery settings
+virtual_mailbox_base = <VIRTUAL_MAILBOX_BASE>
+virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
+virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
+virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
+smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_permissions.cf
+virtual_uid_maps = static:<VIRTUAL_UID_MAPS>
+virtual_gid_maps = static:<VIRTUAL_GID_MAPS>
+
+# Local delivery settings
+local_transport = local
+alias_maps = $alias_database
+
+# Default Mailbox size, is set to 0 which means unlimited!
+mailbox_size_limit = 0
+virtual_mailbox_limit = 0
+
+### TLS settings
+###
+## TLS for outgoing mails from the server to another server
+#smtp_tls_security_level = may
+#smtp_tls_note_starttls_offer = yes
+## TLS for email client
+#smtpd_tls_security_level = may
+#smtpd_tls_cert_file = /etc/ssl/server/<SERVERNAME>.pem
+#smtpd_tls_key_file = $smtpd_tls_cert_file
+#smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+#smtpd_tls_loglevel = 1
+#smtpd_tls_received_header = yes
+
+debugger_command =
+         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+         ddd $daemon_directory/$process_name $process_id & sleep 5
+]]>
+						</content>
+					</file>
+					<include>//service[@type='smtp']/general/files[@index=0]</include>
+					<file name="/etc/postfix/sasl/smtpd.conf" chown="root:root"
+						chmod="0600">
+						<content><![CDATA[
+pwcheck_method: auxprop
+auxprop_plugin: sql
+allowanonymouslogin: no
+allowplaintext: yes
+mech_list: plain login cram-md5 digest-md5
+sql_engine: mysql
+sql_hostnames: <SQL_HOST>
+sql_user: <SQL_UNPRIVILEGED_USER>
+sql_passwd: <SQL_UNPRIVILEGED_PASSWORD>
+sql_database: <SQL_DB>
+sql_select: SELECT password FROM mail_users WHERE username='%u@%r' OR email='%u@%r'
+]]>
+						</content>
+					</file>
+					<include>//service[@type='smtp']/general/commands[@index=3]
+					</include>
+				</daemon>
+			</service>
+			<!-- IMAP/POP3 services -->
+			<service type="mail" title="{{lng.admin.configfiles.mail}}">
+				<!-- Dovecot -->
+				<daemon name="dovecot" version="2" title="Dovecot" default="true">
+					<install><![CDATA[apt-get install dovecot-imapd dovecot-pop3d dovecot-mysql mail-stack-delivery]]></install>
+					<file name="/etc/dovecot/conf.d/01-mail-stack-delivery.conf"
+						chown="root:root" chmod="0640" backup="true">
+						<content><![CDATA[
+# Some general options
+protocols = imap pop3 sieve
+disable_plaintext_auth = no
+ssl = yes
+ssl_cert = </etc/ssl/certs/ssl-mail.pem
+ssl_key = </etc/ssl/private/ssl-mail.key
+ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
+mail_location = maildir:~/Maildir
+auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
+
+# IMAP configuration
+protocol imap {
+        mail_plugins = quota imap_quota
+        mail_max_userip_connections = 10
+	imap_client_workarounds = delay-newmail
+	
+	# IMAP logout format string:
+	#  %i - total number of bytes read from client
+	#  %o - total number of bytes sent to client
+	imap_logout_format = in=%i out=%o
+}
+
+# POP3 configuration
+protocol pop3 {
+        mail_max_userip_connections = 10
+        pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
+	pop3_uidl_format = UID%u-%v
+	mail_plugins = quota
+	
+	# POP3 logout format string:
+	# %i - total number of bytes read from client
+	# %o - total number of bytes sent to client
+	# %t - number of TOP commands
+	# %p - number of bytes sent to client as a result of TOP command
+	# %r - number of RETR commands
+	# %b - number of bytes sent to client as a result of RETR command
+	# %d - number of deleted messages
+	# %m - number of messages (before deletion)
+	# %s - mailbox size in bytes (before deletion)
+	# %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
+	pop3_logout_format = in=%i out=%o top=%t/%p retr=%r/%b del=%d/%m size=%s
+}
+
+# LDA configuration
+protocol lda {
+        postmaster_address = postmaster@<SERVERNAME>
+	mail_plugins = sieve quota
+        quota_full_tempfail = yes
+        deliver_log_format = msgid=%m: %$
+        rejection_reason = Your message to <%t> was automatically rejected:%n%r
+}
+
+# Plugins configuration
+plugin {
+        sieve=~/.dovecot.sieve
+        sieve_dir=~/sieve
+	quota = maildir
+}
+
+# Authentication configuration
+auth_mechanisms = plain login
+
+service auth {
+  # Postfix smtp-auth
+  unix_listener /var/spool/postfix/private/dovecot-auth {
+    mode = 0660
+    user = postfix
+    group = postfix
+  }
+}
+]]>
+						</content>
+					</file>
+					<file name="/etc/dovecot/conf.d/10-auth.conf" chown="root:root"
+						chmod="0600" backup="true">
+						<content><![CDATA[
+##
+## Authentication processes
+##
+
+# Disable LOGIN command and all other plaintext authentications unless
+# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
+# matches the local IP (ie. you're connecting from the same computer), the
+# connection is considered secure and plaintext authentication is allowed.
+#disable_plaintext_auth = yes
+
+# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
+# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
+#auth_cache_size = 0
+# Time to live for cached data. After TTL expires the cached record is no
+# longer used, *except* if the main database lookup returns internal failure.
+# We also try to handle password changes automatically: If user's previous
+# authentication was successful, but this one wasn't, the cache isn't used.
+# For now this works only with plaintext authentication.
+#auth_cache_ttl = 1 hour
+# TTL for negative hits (user not found, password mismatch).
+# 0 disables caching them completely.
+#auth_cache_negative_ttl = 1 hour
+
+# Space separated list of realms for SASL authentication mechanisms that need
+# them. You can leave it empty if you don't want to support multiple realms.
+# Many clients simply use the first one listed here, so keep the default realm
+# first.
+#auth_realms =
+
+# Default realm/domain to use if none was specified. This is used for both
+# SASL realms and appending @domain to username in plaintext logins.
+#auth_default_realm = 
+
+# List of allowed characters in username. If the user-given username contains
+# a character not listed in here, the login automatically fails. This is just
+# an extra check to make sure user can't exploit any potential quote escaping
+# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
+# set this value to empty.
+#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
+
+# Username character translations before it's looked up from databases. The
+# value contains series of from -> to characters. For example "#@/@" means
+# that '#' and '/' characters are translated to '@'.
+#auth_username_translation =
+
+# Username formatting before it's looked up from databases. You can use
+# the standard variables here, eg. %Lu would lowercase the username, %n would
+# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
+# "-AT-". This translation is done after auth_username_translation changes.
+#auth_username_format =
+
+# If you want to allow master users to log in by specifying the master
+# username within the normal username string (ie. not using SASL mechanism's
+# support for it), you can specify the separator character here. The format
+# is then <username><separator><master username>. UW-IMAP uses "*" as the
+# separator, so that could be a good choice.
+#auth_master_user_separator =
+
+# Username to use for users logging in with ANONYMOUS SASL mechanism
+#auth_anonymous_username = anonymous
+
+# Maximum number of dovecot-auth worker processes. They're used to execute
+# blocking passdb and userdb queries (eg. MySQL and PAM). They're
+# automatically created and destroyed as needed.
+#auth_worker_max_count = 30
+
+# Host name to use in GSSAPI principal names. The default is to use the
+# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
+# entries.
+#auth_gssapi_hostname =
+
+# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
+# default (usually /etc/krb5.keytab) if not specified. You may need to change
+# the auth service to run as root to be able to read this file.
+#auth_krb5_keytab = 
+
+# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
+# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
+#auth_use_winbind = no
+
+# Path for Samba's ntlm_auth helper binary.
+#auth_winbind_helper_path = /usr/bin/ntlm_auth
+
+# Time to delay before replying to failed authentications.
+#auth_failure_delay = 2 secs
+
+# Require a valid SSL client certificate or the authentication fails.
+#auth_ssl_require_client_cert = no
+
+# Take the username from client's SSL certificate, using 
+# X509_NAME_get_text_by_NID() which returns the subject's DN's
+# CommonName. 
+#auth_ssl_username_from_cert = no
+
+# Space separated list of wanted authentication mechanisms:
+#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
+#   gss-spnego
+# NOTE: See also disable_plaintext_auth setting.
+auth_mechanisms = plain login
+
+##
+## Password and user databases
+##
+
+#
+# Password database is used to verify user's password (and nothing more).
+# You can have multiple passdbs and userdbs. This is useful if you want to
+# allow both system users (/etc/passwd) and virtual users to login without
+# duplicating the system users into virtual database.
+#
+# <doc/wiki/PasswordDatabase.txt>
+#
+# User database specifies where mails are located and what user/group IDs
+# own them. For single-UID configuration use "static" userdb.
+#
+# <doc/wiki/UserDatabase.txt>
+
+#!include auth-deny.conf.ext
+#!include auth-master.conf.ext
+
+#!include auth-system.conf.ext
+!include auth-sql.conf.ext
+#!include auth-ldap.conf.ext
+#!include auth-passwdfile.conf.ext
+#!include auth-checkpassword.conf.ext
+#!include auth-vpopmail.conf.ext
+#!include auth-static.conf.ext
+]]>
+						</content>
+					</file>
+					<file name="/etc/dovecot/dovecot-sql.conf.ext" chown="root:0"
+						chmod="0640" backup="true">
+						<content><![CDATA[
+driver = mysql
+connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
+default_pass_scheme = CRYPT
+password_query = SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid,  CONCAT('maildir:', homedir, maildir) AS userdb_mail, CONCAT('maildir:storage=', (quota*1024)) as userdb_quota FROM mail_users WHERE (username = '%u' OR email = '%u') AND ((imap = 1 AND '%Ls' = 'imap') OR (pop3 = 1 AND '%Ls' = 'pop3') OR '%Ls' = 'smtp' OR '%Ls' = 'sieve')
+user_query = SELECT CONCAT(homedir, maildir) AS home, CONCAT('maildir:', homedir, maildir) AS mail, uid, gid, CONCAT('maildir:storage=', (quota*1024)) as quota FROM mail_users WHERE (username = '%u' OR email = '%u')
+iterate_query = SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3 = 1)
+]]>
+						</content>
+					</file>
+					<command><![CDATA[service dovecot restart]]></command>
+				</daemon>
+				<!-- Courier -->
+				<daemon name="courier" title="Courier" default="true">
+					<install><![CDATA[apt-get install courier-pop courier-imap courier-authlib-mysql]]></install>
+					<file name="/etc/courier/authdaemonrc" chown="root:0" chmod="0600"
+						backup="true">
+						<content><![CDATA[
+##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
+#
+# Copyright 2000-2001 Double Precision, Inc.  See COPYING for
+# distribution information.
+#
+# authdaemonrc created from authdaemonrc.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# This file configures authdaemond, the resident authentication daemon.
+#
+# Comments in this file are ignored.  Although this file is intended to
+# be sourced as a shell script, authdaemond parses it manually, so
+# the acceptable syntax is a bit limited.  Multiline variable contents,
+# with the \ continuation character, are not allowed.  Everything must
+# fit on one line.  Do not use any additional whitespace for indentation,
+# or anything else.
+
+##NAME: authmodulelist:0
+#
+# The authentication modules that are linked into authdaemond.  The
+# default list is installed.  You may selectively disable modules simply
+# by removing them from the following list.  The available modules you
+# can use are: authcustom authcram authuserdb authldap authmysql authpam
+
+authmodulelist="authmysql"
+
+##NAME: authmodulelistorig:1
+#
+# This setting is used by Courier's webadmin module, and should be left
+# alone
+
+authmodulelistorig="authcustom authcram authuserdb authldap authmysql authpam"
+
+##NAME: daemons:0
+#
+# The number of daemon processes that are started.  authdaemon is typically
+# installed where authentication modules are relatively expensive: such
+# as authldap, or authmysql, so it's better to have a number of them running.
+# PLEASE NOTE:  Some platforms may experience a problem if there's more than
+# one daemon.  Specifically, SystemV derived platforms that use TLI with
+# socket emulation.  I'm suspicious of TLI's ability to handle multiple
+# processes accepting connections on the same filesystem domain socket.
+#
+# You may need to increase daemons if as your system load increases.  Symptoms
+# include sporadic authentication failures.  If you start getting
+# authentication failures, increase daemons.  However, the default of 5
+# SHOULD be sufficient.  Bumping up daemon count is only a short-term
+# solution.  The permanent solution is to add more resources: RAM, faster
+# disks, faster CPUs...
+
+daemons=5
+
+##NAME: version:0
+#
+# When you have multiple versions of authdaemond.* installed, authdaemond
+# just picks the first one it finds.  Set "version" to override that.
+# For example:  version=authdaemond.plain
+
+version=""
+
+##NAME: authdaemonvar:0
+#
+# authdaemonvar is here, but is not used directly by authdaemond.  It's
+# used by various configuration and build scripts, so don't touch it!
+
+authdaemonvar=/var/run/courier/authdaemon
+]]>
+						</content>
+					</file>
+					<file name="/etc/courier/authmysqlrc" chown="root:0" chmod="0600"
+						backup="true">
+						<content><![CDATA[
+MYSQL_SERVER <SQL_HOST>
+MYSQL_USERNAME <SQL_UNPRIVILEGED_USER>
+MYSQL_PASSWORD <SQL_UNPRIVILEGED_PASSWORD>
+MYSQL_PORT 3306
+MYSQL_DATABASE <SQL_DB>
+MYSQL_USER_TABLE mail_users
+MYSQL_CRYPT_PWFIELD password_enc
+MYSQL_UID_FIELD uid
+MYSQL_GID_FIELD gid
+MYSQL_LOGIN_FIELD username
+MYSQL_HOME_FIELD homedir
+MYSQL_MAILDIR_FIELD maildir
+MYSQL_QUOTA_FIELD (quota*1024*1024)
+MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3)
+]]>
+						</content>
+					</file>
+					<command><![CDATA[service courier-authdaemon restart]]></command>
+					<command><![CDATA[service courier-pop restart]]></command>
+				</daemon>
+			</service>
+			<!-- FTP services -->
+			<service type="ftp" title="{{lng.admin.configfiles.ftp}}">
+				<!-- Proftpd -->
+				<daemon name="proftpd" title="ProFTPd" default="true">
+					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql]]></install>
+					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
+						backup="true">
+						<content><![CDATA[
+#
+# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
+# To really apply changes reload proftpd after modifications.
+# 
+
+# Includes DSO modules
+Include /etc/proftpd/modules.conf
+
+# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
+UseIPv6				on
+
+ServerName			"<SERVERNAME> FTP Server"
+ServerType			standalone
+DeferWelcome			off
+
+MultilineRFC2228		on
+DefaultServer			on
+ShowSymlinks			on
+
+TimeoutNoTransfer		600
+TimeoutStalled			600
+TimeoutIdle			1200
+
+DisplayLogin                    welcome.msg
+DisplayChdir               	.message true
+ListOptions                	"-l"
+
+DenyFilter			\*.*/
+
+# Use this to jail all users in their homes 
+# DefaultRoot			~
+
+# Users require a valid shell listed in /etc/shells to login.
+# Use this directive to release that constrain.
+# RequireValidShell		off
+
+# Port 21 is the standard FTP port.
+Port				21
+
+# In some cases you have to specify passive ports range to by-pass
+# firewall limitations. Ephemeral ports can be used for that, but
+# feel free to use a more narrow range.
+# PassivePorts                  49152 65534
+
+# If your host was NATted, this option is useful in order to
+# allow passive tranfers to work. You have to use your public
+# address and opening the passive ports used on your firewall as well.
+# MasqueradeAddress		1.2.3.4
+
+# This is useful for masquerading address with dynamic IPs:
+# refresh any configured MasqueradeAddress directives every 8 hours
+<IfModule mod_dynmasq.c>
+# DynMasqRefresh 28800
+</IfModule>
+
+# To prevent DoS attacks, set the maximum number of child processes
+# to 30.  If you need to allow more than 30 concurrent connections
+# at once, simply increase this value.  Note that this ONLY works
+# in standalone mode, in inetd mode you should use an inetd server
+# that allows you to limit maximum number of processes per service
+# (such as xinetd)
+MaxInstances			30
+
+# Set the user and group that the server normally runs at.
+User				proftpd
+Group				nogroup
+
+# Umask 022 is a good standard umask to prevent new files and dirs
+# (second parm) from being group and world writable.
+Umask				022  022
+# Normally, we want files to be overwriteable.
+AllowOverwrite			on
+
+# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
+# PersistentPasswd		off
+
+# This is required to use both PAM-based authentication and local passwords
+# AuthOrder			mod_auth_pam.c* mod_auth_unix.c
+
+# Be warned: use of this directive impacts CPU average load!
+# Uncomment this if you like to see progress and transfer rate with ftpwho
+# in downloads. That is not needed for uploads rates.
+#
+# UseSendFile			off
+
+TransferLog /var/log/proftpd/xferlog
+SystemLog   /var/log/proftpd/proftpd.log
+
+# Allow up- and downloads to be continued
+AllowRetrieveRestart	On
+AllowStoreRestart		On
+
+<IfModule mod_quotatab.c>
+QuotaEngine on
+</IfModule>
+
+<IfModule mod_ratio.c>
+Ratios off
+</IfModule>
+
+
+# Delay engine reduces impact of the so-called Timing Attack described in
+# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
+# It is on by default. 
+<IfModule mod_delay.c>
+DelayEngine off
+</IfModule>
+
+<IfModule mod_ctrls.c>
+ControlsEngine        off
+ControlsMaxClients    2
+ControlsLog           /var/log/proftpd/controls.log
+ControlsInterval      5
+ControlsSocket        /var/run/proftpd/proftpd.sock
+</IfModule>
+
+<IfModule mod_ctrls_admin.c>
+AdminControlsEngine off
+</IfModule>
+
+#
+# Alternative authentication frameworks
+#
+#Include /etc/proftpd/ldap.conf
+Include /etc/proftpd/sql.conf
+
+#
+# This is used for FTPS connections
+#
+#Include /etc/proftpd/tls.conf
+]]>
+						</content>
+					</file>
+					<file name="/etc/proftpd/modules.conf" chown="root:0" chmod="0644"
+						backup="true">
+						<content><![CDATA[
+#
+# This file is used to manage DSO modules and features.
+#
+
+# This is the directory where DSO modules reside
+
+ModulePath /usr/lib/proftpd
+
+# Allow only user root to load and unload modules, but allow everyone
+# to see which modules have been loaded
+
+ModuleControlsACLs insmod,rmmod allow user root
+ModuleControlsACLs lsmod allow user *
+
+LoadModule mod_ctrls_admin.c
+LoadModule mod_tls.c
+
+# Install proftpd-mod-mysql or proftpd-mod-pgsql to use this
+LoadModule mod_sql.c
+
+# Install proftpd-mod-ldap to use this
+#LoadModule mod_ldap.c
+
+#
+# 'SQLBackend mysql' or 'SQLBackend postgres' directives are required 
+# to have SQL authorization working. You can also comment out the
+# unused module here, in alternative.
+#
+
+# Install proftpd-mod-mysql to use this
+LoadModule mod_sql_mysql.c
+
+# Install proftpd-mod-pgsql to use this
+#LoadModule mod_sql_postgres.c
+
+#LoadModule mod_radius.c
+LoadModule mod_quotatab.c
+LoadModule mod_quotatab_file.c
+
+# Install proftpd-mod-ldap to use this
+#LoadModule mod_quotatab_ldap.c
+
+# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
+LoadModule mod_quotatab_sql.c
+LoadModule mod_quotatab_radius.c
+LoadModule mod_wrap.c
+LoadModule mod_rewrite.c
+LoadModule mod_load.c
+LoadModule mod_ban.c
+LoadModule mod_wrap2.c
+LoadModule mod_wrap2_file.c
+# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
+#LoadModule mod_wrap2_sql.c
+LoadModule mod_dynmasq.c
+
+
+# keep this module the last one
+LoadModule mod_ifsession.c
+]]>
+						</content>
+					</file>
+					<file name="/etc/proftpd/sql.conf" chown="root:0" chmod="0600"
+						backup="true">
+						<content><![CDATA[
+<IfModule mod_sql.c>
+DefaultRoot ~
+RequireValidShell off
+AuthOrder mod_sql.c
+
+SQLBackend mysql
+SQLEngine on
+SQLAuthenticate on
+
+SQLAuthTypes Crypt
+SQLAuthenticate users* groups*
+SQLConnectInfo <SQL_DB>@<SQL_HOST> <SQL_UNPRIVILEGED_USER> <SQL_UNPRIVILEGED_PASSWORD>
+SQLUserInfo ftp_users username password uid gid homedir shell
+SQLGroupInfo ftp_groups groupname gid members
+SQLUserWhereClause "login_enabled = 'y'"
+
+SQLLog PASS login
+SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users
+
+SQLLog RETR download
+SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users
+
+SQLLog STOR upload
+SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users
+
+QuotaEngine on
+QuotaShowQuotas on
+QuotaDisplayUnits Mb
+QuotaLock /var/lock/ftpd.quotatab.lock
+QuotaLimitTable sql:/get-quota-limit
+QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
+SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimits.quota_type, ftp_quotalimits.per_session, ftp_quotalimits.limit_type, panel_customers.diskspace*1024 AS bytes_in_avail, ftp_quotalimits.bytes_out_avail, ftp_quotalimits.bytes_xfer_avail, ftp_quotalimits.files_in_avail, ftp_quotalimits.files_out_avail, ftp_quotalimits.files_xfer_avail FROM ftp_users, ftp_quotalimits, panel_customers WHERE ftp_users.username = '%{0}' AND panel_customers.loginname = SUBSTRING_INDEX('%{0}', 'ftp', 1) AND quota_type ='%{1}'"
+SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
+SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
+SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
+
+</IfModule>
+]]>
+						</content>
+					</file>
+					<command><![CDATA[service proftpd restart]]></command>
+				</daemon>
+				<!-- Pureftpd -->
+				<daemon name="pureftpd" title="PureFTPd">
+					<install><![CDATA[apt-get install pure-ftpd-common pure-ftpd-mysql]]></install>
+					<file name="/etc/pure-ftpd/conf/MinUID" chown="root:0" chmod="0644">
+						<content><![CDATA[
+1000
+]]>
+						</content>
+					</file>
+					<file name="/etc/pure-ftpd/conf/MySQLConfigFile" chown="root:0"
+						chmod="0644">
+						<content><![CDATA[
+/etc/pure-ftpd/db/mysql.conf
+]]>
+						</content>
+					</file>
+					<file name="/etc/pure-ftpd/conf/NoAnonymous" chown="root:0"
+						chmod="0644">
+						<content><![CDATA[
+yes
+]]>
+						</content>
+					</file>
+					<file name="/etc/pure-ftpd/conf/MaxIdleTime" chown="root:0"
+						chmod="0644">
+						<content><![CDATA[
+15
+]]>
+						</content>
+					</file>
+					<file name="/etc/pure-ftpd/conf/ChrootEveryone" chown="root:0"
+						chmod="0644">
+						<content><![CDATA[
+yes
+]]>
+						</content>
+					</file>
+					<file name="/etc/pure-ftpd/conf/PAMAuthentication" chown="root:0"
+						chmod="0644">
+						<content><![CDATA[
+no
+]]>
+						</content>
+					</file>
+					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
+						chmod="0640" backup="true">
+						<content><![CDATA[
+MYSQLServer	<SQL_HOST>
+MYSQLUser       <SQL_UNPRIVILEGED_USER>
+MYSQLPassword   <SQL_UNPRIVILEGED_PASSWORD>
+MYSQLDatabase   <SQL_DB>
+MYSQLCrypt      any
+
+MYSQLGetPW      SELECT password FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLGetUID     SELECT uid FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLGetGID     SELECT gid FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MYSQLGetDir     SELECT homedir FROM ftp_users WHERE username="\L" AND login_enabled="y"
+MySQLGetQTASZ 	SELECT panel_customers.diskspace/1024 AS QuotaSize FROM panel_customers, ftp_users WHERE username = "\L" AND panel_customers.loginname = SUBSTRING_INDEX('\L', 'ftp', 1)
+]]>
+						</content>
+					</file>
+					<file name="/etc/pure-ftpd/conf/CustomerProof" chown="root:0"
+						chmod="0644">
+						<content><![CDATA[
+1
+]]>
+						</content>
+					</file>
+					<file name="/etc/pure-ftpd/conf/Bind" chown="root:0" chmod="0644">
+						<content><![CDATA[
+21
+]]>
+						</content>
+					</file>
+					<file name="/etc/default/pure-ftpd-common" chown="root:0"
+						chmod="0644" backup="true">
+						<content><![CDATA[
+STANDALONE_OR_INETD=standalone
+VIRTUALCHROOT=false
+UPLOADSCRIPT=
+UPLOADUID=
+UPLOADGID=
+]]>
+						</content>
+					</file>
+					<command><![CDATA[service pure-ftpd-mysql restart]]></command>
+				</daemon>
+			</service>
+			<!-- System tools/services -->
+			<service type="system" title="{{lng.admin.configfiles.etc}}">
+				<!-- Cronjob -->
+				<daemon name="cron" title="Cronjob for froxlor" mandatory="true">
+					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
+						<content><![CDATA[
+#
+# Set PATH, otherwise restart-scripts won't find start-stop-daemon
+#
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+#
+# Regular cron jobs for the froxlor package
+#
+# Please check that all following paths are correct
+#
+*/5 * * * *	root	/usr/bin/nice -n 5 /usr/bin/php5 -q <BASE_PATH>scripts/froxlor_master_cronjob.php
+]]>
+						</content>
+					</file>
+					<command><![CDATA[{{settings.system.crondreload}}]]></command>
+				</daemon>
+				<!-- AWstats -->
+				<daemon name="awstats" title="Awstats (webalizer alternative)">
+					<install><![CDATA[apt-get install awstats]]></install>
+					<command><![CDATA[cp /usr/share/awstats/tools/awstats_buildstaticpages.pl {{settings.system.awstats_path}}]]></command>
+					<command><![CDATA[mv {{settings.system.awstats_conf}}/awstats.conf {{settings.system.awstats_conf}}/awstats.model.conf]]></command>
+					<command><![CDATA[sed -i.bak \'s/^DirData/# DirData/\' {{settings.system.awstats_conf}}/awstats.model.conf]]></command>
+					<command><![CDATA[sed -i.bak \'s|^\\(DirIcons=\\).*$|\\1\\"/awstats-icon\\"|\' {{settings.system.awstats_conf}}/awstats.model.conf]]></command>
+					<command><![CDATA[rm /etc/cron.d/awstats]]></command>
+				</daemon>
+				<!-- libnss-mysql -->
+				<daemon name="libnss" title="libnss-mysql (required for FCGID/php-fpm)">
+					<install><![CDATA[apt-get install libnss-mysql-bg nscd]]></install>
+					<file name="/etc/libnss-mysql.cfg" chown="root:root" chmod="0600"
+						backup="true">
+						<content><![CDATA[
+getpwnam    SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
+            FROM ftp_users \
+            WHERE username='%1$s' \
+            AND login_enabled = 'Y' \
+            LIMIT 1
+getpwuid    SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
+            FROM ftp_users \
+            WHERE uid='%1$u' \
+            AND login_enabled = 'Y' \
+            LIMIT 1
+getspnam    SELECT username,password,FLOOR(UNIX_TIMESTAMP()/86400-1),'1','99999','7','-1','-1','0' \
+            FROM ftp_users \
+            WHERE username='%1$s' \
+            AND login_enabled = 'Y' \
+            LIMIT 1
+getpwent    SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
+            FROM ftp_users
+getspent    SELECT username,password,FLOOR(UNIX_TIMESTAMP()/86400-1),'1','99999','7','-1','-1','0' \
+            FROM ftp_users
+getgrnam    SELECT groupname,'x',gid \
+            FROM ftp_groups \
+            WHERE groupname='%1$s' \
+            LIMIT 1
+getgrgid    SELECT groupname,'x',gid \
+            FROM ftp_groups \
+            WHERE gid='%1$u' \
+            LIMIT 1
+getgrent    SELECT groupname,'x',gid \
+            FROM ftp_groups
+memsbygid   SELECT members \
+            FROM ftp_groups \
+            WHERE gid='%1$u'
+gidsbymem   SELECT CONCAT_WS(',', gid) as gid \
+            FROM ftp_groups \
+            WHERE FIND_IN_SET('%1$s', members)
+
+host		<SQL_HOST>
+database	<SQL_DB>
+username	<SQL_UNPRIVILEGED_USER>
+password	<SQL_UNPRIVILEGED_PASSWORD>
+socket		/var/run/mysqld/mysqld.sock
+]]>
+						</content>
+					</file>
+					<file name="/etc/libnss-mysql-root.cfg" chown="root:root"
+						chmod="0600" backup="true">
+						<content><![CDATA[
+username	<SQL_UNPRIVILEGED_USER>
+password	<SQL_UNPRIVILEGED_PASSWORD>
+]]>
+						</content>
+					</file>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have mysql in their lines 
+# You should place mysql at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat mysql
+group:          compat mysql
+shadow:         compat mysql
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[service nscd restart]]></command>
+				</daemon>
+				<!-- Logrotate -->
+				<daemon name="logrotate" title="Logrotate">
+					<install><![CDATA[apt-get install logrotate]]></install>
+					<file name="/etc/logrotate.d/froxlor" chown="root:root" chmod="0644">
+						<content><![CDATA[
+#
+# Froxlor logrotate snipet
+#
+<CUSTOMER_LOGS>*.log {
+  missingok
+  weekly
+  rotate 4
+  compress
+  delaycompress
+  notifempty
+  create
+  sharedscripts
+  postrotate
+  <WEBSERVER_RELOAD_CMD> > /dev/null 2>&1 || true
+  endscript
+}
+]]>
+						</content>
+					</file>
+				</daemon>
+				<!-- FCGID -->
+				<daemon name="fcgid" title="FCGID (alternative to mod_php)">
+					<install><![CDATA[apt-get install apache2-suexec libapache2-mod-fcgid php5-cgi]]></install>
+					<command><![CDATA[a2enmod suexec fcgid]]></command>
+					<commands index="1">
+						<visibility mode="true">{{settings.system.mod_fcgid_ownvhost}}
+						</visibility>
+						<command><![CDATA[groupadd -f {{settings.system.mod_fcgid_httpgroup}}]]></command>
+						<command><![CDATA[useradd -s /bin/false -g {{settings.system.mod_fcgid_httpgroup}} {{settings.system.mod_fcgid_httpuser}}]]></command>
+						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_configdir}}]]></command>
+						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_tmpdir}}]]></command>
+						<command><![CDATA[a2dismod php5]]></command>
+					</commands>
+					<!-- instead of just restarting apache, we let the cronjob do all the 
+						dirty work -->
+					<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
+				</daemon>
+				<!-- PHP-FPM -->
+				<daemon name="php-fpm" title="PHP-FPM (alternative to mod_php)">
+					<commands index="1">
+						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
+						</visibility>
+						<command><![CDATA[# add "non-free" after all occurances of "main" in /etc/apt/sources.list]]></command>
+						<command><![CDATA[# this is needed for libapache2-mod-fastcgi to install]]></command>
+					</commands>
+					<install>
+						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
+						</visibility>
+						<content><![CDATA[apt-get install apache2-suexec libapache2-mod-fastcgi]]></content>
+					</install>
+					<install><![CDATA[apt-get install php5-fpm]]></install>
+					<commands index="2">
+						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
+						</visibility>
+						<command><![CDATA[a2enmod suexec fastcgi actions]]></command>
+					</commands>
+					<commands index="3">
+						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
+						</visibility>
+						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						</visibility>
+						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
+						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
+					</commands>
+					<commands index="4">
+						<visibility mode="equals" value="apache2">{{settings.system.webserver}}
+						</visibility>
+						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
+						</visibility>
+						<command><![CDATA[a2dismod php5]]></command>
+					</commands>
+					<!-- instead of just restarting apache, we let the cronjob do all the 
+						dirty work -->
+					<command><![CDATA[php {{const.FROXLOR_INSTALL_DIR}}/scripts/froxlor_master_cronjob.php --force]]></command>
+				</daemon>
+			</service>
+		</services>
+	</distribution>
+</froxlor>
diff --git a/lib/configfiles/wheezy.xml b/lib/configfiles/wheezy.xml
index 0af06b7a..a9539b9c 100644
--- a/lib/configfiles/wheezy.xml
+++ b/lib/configfiles/wheezy.xml
@@ -343,6 +343,345 @@ exit "$RETVAL"
 					<command><![CDATA[chmod 0600 {{settings.system.bindconf_directory}}froxlor_bind.conf]]></command>
 					<command><![CDATA[/etc/init.d/bind9 restart]]></command>
 				</daemon>
+				<daemon name="powerdns" title="PowerDNS via bind-backend">
+					<install><![CDATA[apt-get install pdns-server]]></install>
+					<file name="/etc/powerdns/pdns.conf" backup="true">
+						<content><![CDATA[
+# Autogenerated configuration file template
+#################################
+# allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
+#                   IP addresses
+#
+allow-axfr-ips=<NAMESERVERS>
+
+#################################
+# allow-recursion	List of netmasks that are allowed to recurse
+#
+allow-recursion=127.0.0.1
+
+#################################
+# allow-recursion-override   Local data even about hosts that don't exist will
+#                            override the internet. (on/off)
+#
+# allow-recursion-override=
+
+#################################
+# cache-ttl	Seconds to store packets in the PacketCache
+#
+# cache-ttl=20
+
+#################################
+# chroot	If set, chroot to this directory for more security
+#
+# chroot=/var/spool/powerdns
+
+#################################
+# config-dir	Location of configuration directory (pdns.conf)
+#
+config-dir=/etc/powerdns
+
+#################################
+# config-name	Name of this virtual configuration - will rename the binary image
+#
+# config-name=
+
+#################################
+# control-console	Debugging switch - don't use
+#
+# control-console=no
+
+#################################
+# daemon	Operate as a daemon
+#
+daemon=yes
+
+#################################
+# default-soa-name	name to insert in the SOA record if none set in the backend
+#
+# default-soa-name=a.misconfigured.powerdns.server
+
+#################################
+# disable-axfr	Disable zonetransfers but do allow TCP queries
+#
+disable-axfr=yes
+
+#################################
+# disable-tcp	Do not listen to TCP queries
+#
+# disable-tcp=no
+
+#################################
+# distributor-threads	Default number of Distributor (backend) threads to start
+#
+# distributor-threads=3
+
+#################################
+# fancy-records	Process URL and MBOXFW records
+#
+# fancy-records=no
+
+#################################
+# guardian	Run within a guardian process
+#
+guardian=yes
+
+#################################
+# launch	Which backends to launch and order to query them in
+#
+launch=bind
+
+#################################
+# lazy-recursion	Only recurse if question cannot be answered locally
+#
+lazy-recursion=yes
+
+#################################
+# load-modules	Load this module - supply absolute or relative path
+#
+# load-modules=
+
+#################################
+# local-address	Local IP address to which we bind
+#
+local-address=<SERVERIP>,127.0.0.1
+
+#################################
+# local-ipv6	Local IP address to which we bind
+#
+# local-ipv6=
+
+#################################
+# local-port	The port on which we listen
+#
+local-port=53
+
+#################################
+# log-dns-details	If PDNS should log failed update requests
+#
+log-dns-details=yes
+
+#################################
+# log-failed-updates	If PDNS should log failed update requests
+#
+# log-failed-updates=
+
+#################################
+# logfile	Logfile to use
+#
+# logfile=/var/log/pdns.log
+
+#################################
+# logging-facility	Log under a specific facility
+#
+# logging-facility=
+
+#################################
+# loglevel	Amount of logging. Higher is more. Do not set below 3
+#
+# loglevel=4
+
+#################################
+# master	Act as a master
+#
+master=yes
+
+#################################
+# max-queue-length	Maximum queuelength before considering situation lost
+#
+# max-queue-length=5000
+
+#################################
+# max-tcp-connections	Maximum number of TCP connections
+#
+# max-tcp-connections=10
+
+#################################
+# module-dir	Default directory for modules
+#
+module-dir=/usr/lib/powerdns
+
+#################################
+# negquery-cache-ttl	Seconds to store packets in the PacketCache
+#
+# negquery-cache-ttl=60
+
+#################################
+# out-of-zone-additional-processing	Do out of zone additional processing
+#
+# out-of-zone-additional-processing=no
+
+#################################
+# query-cache-ttl	Seconds to store packets in the PacketCache
+#
+# query-cache-ttl=20
+
+#################################
+# query-logging	Hint backends that queries should be logged
+#
+# query-logging=no
+
+#################################
+# queue-limit	Maximum number of milliseconds to queue a query
+#
+# queue-limit=1500
+
+#################################
+# query-local-address   The IP address to use as a source address for sending
+#                       queries.
+# query-local-address=
+
+#################################
+# receiver-threads	Number of receiver threads to launch
+#
+# receiver-threads=1
+
+#################################
+# recursive-cache-ttl	Seconds to store packets in the PacketCache
+#
+# recursive-cache-ttl=10
+
+#################################
+# recursor	If recursion is desired, IP address of a recursing nameserver
+#
+# recursor=
+
+#################################
+# setgid	If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid	If set, change user id to this uid for more security
+#
+setuid=pdns
+
+#################################
+# skip-cname	Do not perform CNAME indirection for each query
+#
+# skip-cname=no
+
+#################################
+# slave	Act as a slave
+#
+# slave=no
+
+#################################
+# slave-cycle-interval	Reschedule failed SOA serial checks once every .. seconds
+#
+# slave-cycle-interval=60
+
+#################################
+# smtpredirector	Our smtpredir MX host
+#
+# smtpredirector=a.misconfigured.powerdns.smtp.server
+
+#################################
+# soa-minimum-ttl	Default SOA mininum ttl
+#
+# soa-minimum-ttl=3600
+
+#################################
+# soa-refresh-default  Default SOA refresh
+#
+# soa-refresh-default=10800
+
+#################################
+# soa-retry-default    Default SOA retry
+#
+# soa-retry-default=3600
+
+#################################
+# soa-expire-default   Default SOA expire
+#
+# soa-expire-default=604800
+
+#################################
+# soa-serial-offset	Make sure that no SOA serial is less than this number
+#
+# soa-serial-offset=0
+
+#################################
+# socket-dir	Where the controlsocket will live
+#
+socket-dir=/var/run
+
+#################################
+# strict-rfc-axfrs	Perform strictly rfc compliant axfrs (very slow)
+#
+# strict-rfc-axfrs=no
+
+#################################
+# urlredirector	Where we send hosts to that need to be url redirected
+#
+# urlredirector=127.0.0.1
+
+#################################
+# use-logfile	Use a log file
+#
+# use-logfile=yes
+
+#################################
+# webserver	Start a webserver for monitoring
+#
+# webserver=no
+
+#################################
+# webserver-address	IP Address of webserver to listen on
+#
+# webserver-address=127.0.0.1
+
+#################################
+# webserver-password	Password required for accessing the webserver
+#
+# webserver-password=
+
+#################################
+# webserver-port	Port of webserver to listen on
+#
+# webserver-port=8081
+
+#################################
+# webserver-print-arguments	If the webserver should print arguments
+#
+# webserver-print-arguments=no
+
+#################################
+# wildcard-url	Process URL and MBOXFW records
+#
+# wildcard-url=no
+
+#################################
+# wildcards	Honor wildcards in the database
+#
+# wildcards=
+
+#################################
+# version-string   What should PowerDNS return for version
+#                  allowed methods are anonymous / powerdns / full / custom
+version-string=powerdns
+
+include=/etc/powerdns/pdns.d
+]]>
+						</content>
+					</file>
+					<file name="/etc/powerdns/bindbackend.conf" backup="true">
+						<content><![CDATA[
+# Bind backend configuration
+
+# Location of the Bind configuration file to parse.
+bind-config=<BIND_CONFIG_PATH>named.conf
+
+# How often to check for zone changes. See 'Operation' section.
+bind-check-interval=180
+
+# Uncomment to enable Huffman compression on zone data.
+# Currently saves around 20% of memory actually used, but slows down operation.
+# bind-enable-huffman
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/pdns restart]]></command>
+				</daemon>
 			</service>
 			<!-- SMTP services -->
 			<service type="smtp" title="{{lng.admin.configfiles.smtp}}">
@@ -4208,7 +4547,6 @@ no
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
 						chmod="0640" backup="true">
 						<content><![CDATA[
-
 ##############################################
 #                                            #
 # Sample Pure-FTPd Mysql configuration file. #