ininitial froxlor commit;

'reverted' old-style update-process;
removed billing-classes, -functions and -templates;
some sql-fixes;

templates/misc/configfiles/gentoo/awstats/etc_apache_vhosts_05_awstats.conf

@@ -0,0 +1,14 @@
+ScriptAlias /awstats/ "/usr/lib/cgi-bin/"
+ScriptAlias /awstats "/usr/lib/cgi-bin/awstats.pl"
+ScriptAlias /awstats.pl "/usr/lib/cgi-bin/awstats.pl"
+Alias /awstats-icon/ "/usr/share/awstats/icon/"
+
+<Directory "/usr/lib/cgi-bin">
+    Options ExecCGI
+    AllowOverride None
+    <IfModule mod_access.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+</Directory>
+

templates/misc/configfiles/gentoo/awstats/etc_awstats_awstats.model.conf.syscp

@@ -0,0 +1,9 @@
+LogFile="{LOG_FILE}"
+LogType=W
+LogFormat = 1
+LogSeparator=" "
+SiteDomain="{SITE_DOMAIN}"
+HostAliases="{HOST_ALIASES}"
+
+# Include local configuration options identical for all virtual hosts
+Include "/etc/awstats/awstats.conf.local"

templates/misc/configfiles/gentoo/awstats/etc_awstats_awstats.model_log_sql.conf.syscp

@@ -0,0 +1,9 @@
+LogFile="{LOG_FILE}"
+LogType=W
+LogFormat = "%host %virtualname %logname %time1 %methodurl %code %bytesd %refererquot %uaquot"
+LogSeparator=" "
+SiteDomain="{SITE_DOMAIN}"
+HostAliases="{HOST_ALIASES}"
+
+# Include local configuration options identical for all virtual hosts
+Include "/etc/awstats/awstats.conf.local"

templates/misc/configfiles/gentoo/awstats/etc_cron.d_awstats

@@ -0,0 +1,6 @@
+#
+# Set PATH, otherwise restart-scripts won't find start-stop-daemon
+#
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+*/10 * * * * apache [ -x /usr/bin/awstats_updateall.pl ] && /usr/bin/awstats_updateall.pl now -awstatsprog=/usr/lib/cgi-bin/awstats.pl -configdir=/etc/awstats -excludeconf=awstats.model.conf.syscp,awstats.conf

templates/misc/configfiles/gentoo/awstats/etc_cron.d_awstats_log_sql

@@ -0,0 +1,6 @@
+#
+# Set PATH, otherwise restart-scripts won't find start-stop-daemon
+#
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+45 0 * * * apache [ -x /usr/bin/awstats_updateall.pl ] && /usr/bin/awstats_updateall.pl now -awstatsprog=/usr/lib/cgi-bin/awstats.pl -configdir=/etc/awstats -excludeconf=awstats.model.conf.syscp,awstats.conf

templates/misc/configfiles/gentoo/awstats/etc_lighttpd_syscp-awstats.conf

@@ -0,0 +1,19 @@
+#alias.url += (
+#  "/js/awstats_misc_tracker.js" => "/usr/share/awstats/wwwroot/js/awstats_misc_tracker.js"
+#)
+
+$HTTP["url"] =~ "^/awstats" {
+  alias.url += (
+     "/awstats/"      => "<AWSTATS_PATH>",
+     "/awstats"       => "<AWSTATS_PATH>awstats.pl",
+     "/awstats.pl"    => "<AWSTATS_PATH>awstats.pl"
+#     "/awstatsicons/" => "/usr/share/awstats/wwwroot/icon/"
+  )
+
+  index-file.names = ( "awstatstotals.php" )
+
+  cgi.assign = (
+    ".pl" => "/usr/bin/perl",
+    ".cgi" => "/usr/bin/perl"
+  )
+}

templates/misc/configfiles/gentoo/bind/etc_bind_default.zone

@@ -0,0 +1,21 @@
+$TTL 1W 
+@ IN SOA ns root ( 
+	2004060501 ; serial 
+	8H ; refresh 
+	2H ; retry 
+	1W ; expiry 
+	11h) ; minimum 
+
+	IN		NS		ns 
+	IN		MX		10 mail 
+
+	IN		A		<SERVERIP> 
+	IN		MX		10 mail 
+
+*	IN		A		<SERVERIP>
+	IN		MX		10 mail 
+
+ns	IN		A		<SERVERIP> 
+
+mail	IN		A		<SERVERIP>
+		IN		MX	10 mail 

templates/misc/configfiles/gentoo/courier/etc_courier-imap_imapd

@@ -0,0 +1,376 @@
+##VERSION: $Id: imapd.dist.in,v 1.32 2004/11/25 04:57:04 mrsam Exp $
+#
+# imapd created from imapd.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+#  Copyright 1998 - 2004 Double Precision, Inc.  See COPYING for
+#  distribution information.
+#
+#  This configuration file sets various options for the Courier-IMAP server
+#  when used with the couriertcpd server.
+#  A lot of the stuff here is documented in the manual page for couriertcpd.
+#
+#  NOTE - do not use \ to split long variable contents on multiple lines.
+#  This will break the default imapd.rc script, which parses this file.
+#
+##NAME: ADDRESS:0
+#
+#  Address to listen on, can be set to a single IP address.
+#
+# ADDRESS=127.0.0.1
+
+ADDRESS=0
+
+##NAME: PORT:1
+#
+#  Port numbers that connections are accepted on.  The default is 143,
+#  the standard IMAP port.
+#
+#  Multiple port numbers can be separated by commas.  When multiple port
+#  numbers are used it is possible to select a specific IP address for a
+#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
+#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+#  The previous ADDRESS setting is a default for ports that do not have
+#  a specified IP address.
+
+PORT=143
+
+##NAME: AUTHSERVICE:0
+#
+#  It's possible to authenticate using a different 'service' parameter
+#  depending on the connection's port.  This only works with authentication
+#  modules that use the 'service' parameter, such as PAM.  Example:
+#
+#  AUTHSERVICE143=imap
+#  AUTHSERVICE993=imaps
+
+##NAME: MAXDAEMONS:0
+#
+#  Maximum number of IMAP servers started
+#
+
+MAXDAEMONS=50
+
+##NAME: MAXPERIP:0
+#
+#  Maximum number of connections to accept from the same IP address
+
+MAXPERIP=10
+
+##NAME: PIDFILE:0
+#
+#  File where couriertcpd will save its process ID
+#
+
+PIDFILE=/var/run/imapd.pid
+
+##NAME: TCPDOPTS:0
+#
+# Miscellaneous couriertcpd options that shouldn't be changed.
+#
+
+TCPDOPTS="-nodnslookup -noidentlookup"
+
+##NAME: IMAP_CAPABILITY:1
+#
+# IMAP_CAPABILITY specifies what most of the response should be to the
+# CAPABILITY command.
+#
+# If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1
+# authentication (see INSTALL), set IMAP_CAPABILITY as follows:
+#
+# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
+#
+
+IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
+
+##NAME: KEYWORDS_CAPABILITY:0
+#
+# IMAP_KEYWORDS=1 enables custom IMAP keywords.  Set this option to 0 to
+# disable custom keywords.
+
+IMAP_KEYWORDS=1
+
+##NAME: SMAP1_CAPABILITY:0
+#
+# EXPERIMENTAL
+#
+# To enable the experimental "Simple Mail Access Protocol" extensions,
+# uncomment the following setting.
+#
+# SMAP_CAPABILITY=SMAP1
+
+##NAME: IMAP_CAPABILITY_ORIG:1
+#
+# For use by webadmin
+
+IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
+
+##NAME: IMAP_PROXY:0
+#
+# Enable proxying.  See README.proxy
+
+IMAP_PROXY=0
+
+##NAME: IMAP_PROXY_FOREIGN:0
+#
+# Proxying to non-Courier servers.  Re-sends the CAPABILITY command after
+# logging in to the remote server.  May not work with all IMAP clients.
+
+IMAP_PROXY_FOREIGN=0
+
+##NAME: IMAP_IDLE_TIMEOUT:0
+#
+# This setting controls how often
+# the server polls for changes to the folder, in IDLE mode (in seconds).
+
+IMAP_IDLE_TIMEOUT=60
+
+##NAME: IMAP_CAPABILITY_TLS:0
+#
+# The following setting will advertise SASL PLAIN authentication after
+# STARTTLS is established.  If you want to allow SASL PLAIN authentication
+# with or without TLS then just comment this out, and add AUTH=PLAIN to
+# IMAP_CAPABILITY
+
+IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
+
+##NAME: IMAP_TLS_ORIG:0
+#
+# For use by webadmin
+
+IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
+
+##NAME: IMAP_DISABLETHREADSORT:0
+#
+# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -
+# server side sorting and threading.
+#
+# Those capabilities will still be advertised, but the server will reject
+# them.  Set this option if you want to disable all the extra load from
+# server-side threading and sorting.  Not advertising those capabilities
+# will simply result in the clients reading the entire folder, and sorting
+# it on the client side.  That will still put some load on the server.
+# advertising these capabilities, but rejecting the commands, will stop this
+# silliness.
+#
+
+IMAP_DISABLETHREADSORT=0
+
+##NAME: IMAP_CHECK_ALL_FOLDERS:0
+#
+# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new
+# mail in every folder.  Not all IMAP clients use the IMAP's new mail
+# indicator, but some do.  Normally new mail is checked only in INBOX,
+# because it is a comparatively time consuming operation, and it would be
+# a complete waste of time unless mail filters are used to deliver
+# mail directly to folders.
+#
+# When IMAP clients are used which support new mail indication, and when
+# mail filters are used to sort incoming mail into folders, setting
+# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new
+# mail in folders.  Note that this will result in slightly more load on the
+# server.
+#
+
+IMAP_CHECK_ALL_FOLDERS=0
+
+##NAME: IMAP_OBSOLETE_CLIENT:0
+#
+# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean
+# what \\HasNoChildren really means.
+
+IMAP_OBSOLETE_CLIENT=0
+
+##NAME: IMAP_UMASK:0
+#
+# IMAP_UMASK sets the umask of the server process.  The value of IMAP_UMASK is
+# simply passed to the "umask" command.  The default value is 022.
+#
+# This feature is mostly useful for shared folders, where the file permissions
+# of the messages may be important.
+
+IMAP_UMASK=027
+
+##NAME: IMAP_ULIMITD:0
+#
+# IMAP_ULIMITD sets the maximum size of the data segment of the server
+# process.  The value of IMAP_ULIMITD is simply passed to the "ulimit -d"
+# command (or ulimit -v).  The argument to ulimi sets the upper limit on the
+# size of the data segment of the server process, in kilobytes.  The default
+# value of 65536 sets a very generous limit of 64 megabytes, which should
+# be more than plenty for anyone.
+#
+# This feature is used as an additional safety check that should stop
+# any potential denial-of-service attacks that exploit any kind of
+# a memory leak to exhaust all the available memory on the server.
+# It is theoretically possible that obscenely huge folders will also
+# result in the server running out of memory when doing server-side
+# sorting (by my calculations you have to have at least 100,000 messages
+# in a single folder, for that to happen).
+
+IMAP_ULIMITD=65536
+
+##NAME: IMAP_USELOCKS:0
+#
+# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent
+# multiple access to the same folder.  This incurs slight additional
+# overhead.  Concurrent multiple access will still work without this setting,
+# however occasionally a minor race condition may result in an IMAP client
+# downloading the same message twice, or a keyword update will fail.
+#
+# IMAP_USELOCKS=1 is strongly recommended when shared folders are used.
+
+IMAP_USELOCKS=1
+
+##NAME: IMAP_SHAREDINDEXFILE:0
+#
+# The index of all accessible folders.  Do not change this setting unless
+# you know what you're doing.  See README.sharedfolders for additional
+# information.
+
+IMAP_SHAREDINDEXFILE=/etc/courier-imap/shared/index
+
+##NAME: IMAP_ENHANCEDIDLE:0
+#
+# If Courier was compiled with the File Alteration Monitor, setting
+# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple
+# clients may open the same folder concurrently, and receive updates to
+# folder contents in realtime.  See the imapd(8) man page for additional
+# information.
+#
+# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included
+# in the IMAP_CAPABILITY list.
+#
+
+IMAP_ENHANCEDIDLE=0
+
+##NAME: IMAP_TRASHFOLDERNAME:0
+#
+# The name of the magic trash Folder.  For MSOE compatibility,
+# you can set IMAP_TRASHFOLDERNAME="Deleted Items".
+#
+# IMPORTANT:  If you change this, you must also change IMAP_EMPTYTRASH
+
+IMAP_TRASHFOLDERNAME=Trash
+
+##NAME: IMAP_EMPTYTRASH:0
+#
+# The following setting is optional, and causes messages from the given
+# folder to be automatically deleted after the given number of days.
+# IMAP_EMPTYTRASH is a comma-separated list of folder:days.  The default
+# setting, below, purges 7 day old messages from the Trash folder.
+# Another useful setting would be:
+#
+# IMAP_EMPTYTRASH=Trash:7,Sent:30
+#
+# This would also delete messages from the Sent folder (presumably copies
+# of sent mail) after 30 days.  This is a global setting that is applied to
+# every mail account, and is probably useful in a controlled, corporate
+# environment.
+#
+# Important: the purging is controlled by CTIME, not MTIME (the file time
+# as shown by ls).  It is perfectly ordinary to see stuff in Trash that's
+# a year old.  That's the file modification time, MTIME, that's displayed.
+# This is generally when the message was originally delivered to this
+# mailbox.  Purging is controlled by a different timestamp, CTIME, which is
+# changed when the file is moved to the Trash folder (and at other times too).
+#
+# You might want to disable this setting in certain situations - it results
+# in a stat() of every file in each folder, at login and logout.
+#
+
+IMAP_EMPTYTRASH=Trash:7
+
+##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0
+#
+# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash.  This
+# effectively allows an undo of message deletion by fishing the deleted
+# mail from trash.  Trash can be manually expunged as usually, and mail
+# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.
+#
+# NOTE: shared folders are still expunged as usual.  Shared folders are
+# not affected.
+#
+
+IMAP_MOVE_EXPUNGE_TO_TRASH=0
+
+
+##NAME: OUTBOX:0
+#
+# The next set of options deal with the "Outbox" enhancement.
+# Uncomment the following setting to create a special folder, named
+# INBOX.Outbox
+#
+# OUTBOX=.Outbox
+
+##NAME: SENDMAIL:0
+#
+# If OUTBOX is defined, mail can be sent via the IMAP connection by copying
+# a message to the INBOX.Outbox folder.  For all practical matters,
+# INBOX.Outbox looks and behaves just like any other IMAP folder.  If this
+# folder doesn't exist it must be created by the IMAP mail client, just
+# like any other IMAP folder.  The kicker: any message copied or moved to
+# this folder is will be E-mailed by the Courier-IMAP server, by running
+# the SENDMAIL program.  Therefore, messages copied or moved to this
+# folder must be well-formed RFC-2822 messages, with the recipient list
+# specified in the To:, Cc:, and Bcc: headers.  Courier-IMAP relies on
+# SENDMAIL to read the recipient list from these headers (and delete the Bcc:
+# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the
+# message piped on standard input.  $SENDER will be the return address
+# of the message, which is set by the authentication module.
+#
+# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing.
+#
+
+SENDMAIL=/usr/sbin/sendmail
+
+##NAME: HEADERFROM:0
+#
+# For administrative and oversight purposes, the return address, $SENDER
+# will also be saved in the X-IMAP-Sender mail header.  This header gets
+# added to the sent E-mail (but it doesn't get saved in the copy of the
+# message that's saved in the folder)
+#
+# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive
+# the magic OUTBOX treatment.  Therefore advance LARTing is in order for
+# _all_ of your lusers, until every one of them is aware of this.  Otherwise if
+# OUTBOX is left at its default setting - a folder name that might be used
+# accidentally - some people may be in for a rude surprise.  You can redefine
+# the name of the magic folder by changing OUTBOX, above.  You should do that
+# and pick a less-obvious name.  Perhaps brand it with your organizational
+# name ( OUTBOX=.WidgetsAndSonsOutbox )
+
+HEADERFROM=X-IMAP-Sender
+
+##NAME: IMAPDSTART:0
+#
+# IMAPDSTART is not used directly.  Rather, this is a convenient flag to
+# be read by your system startup script in /etc/rc.d, like this:
+#
+#  . /etc/courier-imap/imapd
+#
+#  case x$IMAPDSTART in
+#  x[yY]*)
+#        /usr/lib/courier-imap/imapd.rc start
+#        ;;
+#  esac
+#
+# The default setting is going to be NO, so you'll have to manually flip
+# it to yes.
+
+IMAPDSTART=YES
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+#Hardwire a value for ${MAILDIR}
+MAILDIR=.maildir
+MAILDIRPATH=.maildir
+#Put any program for ${PRERUN} here
+PRERUN=

templates/misc/configfiles/gentoo/courier/etc_courier-imap_imapd-ssl

@@ -0,0 +1,199 @@
+##VERSION: $Id: imapd-ssl.dist.in,v 1.11 2004/10/21 00:45:35 mrsam Exp $
+#
+# imapd-ssl created from imapd-ssl.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+#  Copyright 2000 - 2004 Double Precision, Inc.  See COPYING for
+#  distribution information.
+#
+#  This configuration file sets various options for the Courier-IMAP server
+#  when used to handle SSL IMAP connections.
+#
+#  SSL and non-SSL connections are handled by a dedicated instance of the
+#  couriertcpd daemon.  If you are accepting both SSL and non-SSL IMAP
+#  connections, you will start two instances of couriertcpd, one on the
+#  IMAP port 143, and another one on the IMAP-SSL port 993.
+#
+#  Download OpenSSL from http://www.openssl.org/
+#
+##NAME: SSLPORT:1
+#
+#  Options in the imapd-ssl configuration file AUGMENT the options in the
+#  imapd configuration file.  First the imapd configuration file is read,
+#  then the imapd-ssl configuration file, so we do not have to redefine
+#  anything.
+#
+#  However, some things do have to be redefined.  The port number is
+#  specified by SSLPORT, instead of PORT.  The default port is port 993.
+#
+#  Multiple port numbers can be separated by commas.  When multiple port
+#  numbers are used it is possibly to select a specific IP address for a
+#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
+#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+#  The SSLADDRESS setting is a default for ports that do not have
+#  a specified IP address.
+
+SSLPORT=993
+
+##NAME: SSLADDRESS:0
+#
+#  Address to listen on, can be set to a single IP address.
+#
+# SSLADDRESS=127.0.0.1
+
+SSLADDRESS=0
+
+##NAME: SSLPIDFILE:0
+#
+# That's the SSL IMAP port we'll listen on.
+# Feel free to redefine MAXDAEMONS, TCPDOPTS, and MAXPERIP.
+
+SSLPIDFILE=/var/run/imapd-ssl.pid
+
+##NAME: IMAPDSSLSTART:0
+#
+# Different pid files, so that both instances of couriertcpd can coexist
+# happily.
+#
+# You can also redefine IMAP_CAPABILITY, although I can't
+# think of why you'd want to do that.
+#
+#
+# Ok, the following settings are new to imapd-ssl:
+#
+#  Whether or not to start IMAP over SSL on simap port:
+
+IMAPDSSLSTART=YES
+
+##NAME: IMAPDSTARTTLS:0
+#
+#  Whether or not to implement IMAP STARTTLS extension instead:
+
+IMAPDSTARTTLS=YES
+
+##NAME: IMAP_TLS_REQUIRED:1
+#
+# Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
+# (this option advertises the LOGINDISABLED IMAP capability, until STARTTLS
+# is issued).
+
+IMAP_TLS_REQUIRED=0
+
+#########################################################################
+#
+# The following variables configure IMAP over SSL.  If OpenSSL is available
+# during configuration, the couriertls helper gets compiled, and upon
+# installation a dummy TLS_CERTFILE gets generated.  courieresmtpd will
+# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
+# and COURIERTLS exist.
+#
+# WARNING: Peer certificate verification has NOT yet been tested.  Proceed
+# at your own risk.  Only the basic SSL/TLS functionality is known to be
+# working. Keep this in mind as you play with the following variables.
+#
+##NAME: COURIERTLS:0
+#
+
+COURIERTLS=/usr/sbin/couriertls
+
+##NAME: TLS_PROTOCOL:0
+# 
+# TLS_PROTOCOL sets the protocol version.  The possible versions are:
+#
+# SSL2 - SSLv2
+# SSL3 - SSLv3
+# TLS1 - TLS1
+
+TLS_PROTOCOL=SSL3
+
+##NAME: TLS_STARTTLS_PROTOCOL:0
+# 
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
+# extension, as opposed to IMAP over SSL on port 993.
+#
+
+TLS_STARTTLS_PROTOCOL=TLS1
+
+##NAME: TLS_CIPHER_LIST:0
+#
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+
+##NAME: TLS_TIMEOUT:0
+# TLS_TIMEOUT is currently not implemented, and reserved for future use.
+# This is supposed to be an inactivity timeout, but its not yet implemented.
+#
+
+##NAME: TLS_DHCERTFILE:0
+#
+# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
+# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
+# you must generate a DH pair that will be used.  In most situations the
+# DH pair is to be treated as confidential, and the file specified by
+# TLS_DHCERTFILE must not be world-readable.
+#
+# TLS_DHCERTFILE=
+
+##NAME: TLS_CERTFILE:0
+#
+# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable.
+#
+TLS_CERTFILE=/etc/ssl/server/<SERVERNAME>.pem
+
+##NAME: TLS_TRUSTCERTS:0
+#
+# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+# pathname can be a file or a directory. If a file, the file should
+# contain a list of trusted certificates, in PEM format. If a
+# directory, the directory should contain the trusted certificates,
+# in PEM format, one per file and hashed using OpenSSL's c_rehash
+# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
+# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
+# to PEER or REQUIREPEER).
+#
+#
+# TLS_TRUSTCERTS=
+
+##NAME: TLS_VERIFYPEER:0
+#
+# TLS_VERIFYPEER - how to verify client certificates.  The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the client certificate, if one's presented
+#
+# REQUIREPEER - require a client certificate, fail if one's not presented
+#
+#
+TLS_VERIFYPEER=NONE
+
+##NAME: TLS_CACHE:0
+#
+# A TLS/SSL session cache may slightly improve response for IMAP clients
+# that open multiple SSL sessions to the server.  TLS_CACHEFILE will be
+# automatically created, TLS_CACHESIZE bytes long, and used as a cache
+# buffer.
+#
+# This is an experimental feature and should be disabled if it causes
+# problems with SSL clients.  Disable SSL caching by commenting out the
+# following settings:
+
+TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
+TLS_CACHESIZE=524288
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+#Hardwire a value for ${MAILDIR}
+MAILDIRPATH=.maildir

templates/misc/configfiles/gentoo/courier/etc_courier-imap_pop3d

@@ -0,0 +1,127 @@
+##VERSION: $Id: pop3d.dist.in,v 1.11 2004/10/30 15:39:38 mrsam Exp $
+#
+# pop3d created from pop3d.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+#  Copyright 1998 - 2004 Double Precision, Inc.  See COPYING for
+#  distribution information.
+#
+#  Courier POP3 daemon configuration
+#
+##NAME: PIDFILE:0
+#
+
+PIDFILE=/var/run/pop3d.pid
+
+##NAME: MAXDAEMONS:0
+#
+#  Maximum number of POP3 servers started
+#
+
+MAXDAEMONS=50
+
+##NAME: MAXPERIP:4
+#
+#  Maximum number of connections to accept from the same IP address
+
+MAXPERIP=5
+
+##NAME: POP3AUTH:1
+#
+# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
+# variable:
+#
+# POP3AUTH="LOGIN"
+#
+# If you have configured the CRAM-MD5 or CRAM-SHA1, set POP3AUTH to something
+# like this:
+#
+# POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
+
+POP3AUTH=""
+
+##NAME: POP3AUTH_ORIG:0
+#
+# For use by webadmin
+
+POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1"
+
+##NAME: POP3AUTH_TLS:1
+#
+# To also advertise SASL PLAIN if SSL is enabled, uncomment the
+# POP3AUTH_TLS environment variable:
+#
+# POP3AUTH_TLS="LOGIN PLAIN"
+
+POP3AUTH_TLS=""
+
+##NAME: POP3AUTH_TLS_ORIG:0
+#
+# For use by webadmin
+
+POP3AUTH_TLS_ORIG="LOGIN PLAIN"
+
+##NAME: POP3_PROXY:0
+#
+# Enable proxying.  See README.proxy
+
+POP3_PROXY=0
+
+##NAME: PORT:1
+#
+# Port to listen on for connections.  The default is port 110.
+#
+#  Multiple port numbers can be separated by commas.  When multiple port
+#  numbers are used it is possibly to select a specific IP address for a
+#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
+#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+#  The ADDRESS setting is a default for ports that do not have a specified
+#  IP address.
+
+PORT=110
+
+##NAME: ADDRESS:0
+#
+# IP address to listen on.  0 means all IP addresses.
+
+ADDRESS=0
+
+##NAME: TCPDOPTS:0
+#
+# Other couriertcpd(1) options.  The following defaults should be fine.
+#
+
+TCPDOPTS="-nodnslookup -noidentlookup"
+
+##NAME: POP3DSTART:0
+#
+# POP3DSTART is not referenced anywhere in the standard Courier programs
+# or scripts.  Rather, this is a convenient flag to be read by your system
+# startup script in /etc/rc.d, like this:
+#
+#  . /etc/courier-imap/pop3d
+#  case x$POP3DSTART in
+#  x[yY]*)
+#        /usr/lib/courier-imap/pop3d.rc start
+#        ;;
+#  esac
+#
+# The default setting is going to be NO, until Courier is shipped by default
+# with enough platforms so that people get annoyed with having to flip it to
+# YES every time.
+
+POP3DSTART=YES
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+#Hardwire a value for ${MAILDIR}
+MAILDIR=.maildir
+MAILDIRPATH=.maildir
+#Put any program for ${PRERUN} here
+PRERUN=

templates/misc/configfiles/gentoo/courier/etc_courier-imap_pop3d-ssl

@@ -0,0 +1,186 @@
+##VERSION: $Id: pop3d-ssl.dist.in,v 1.12 2004/10/21 00:45:35 mrsam Exp $
+#
+# pop3d-ssl created from pop3d-ssl.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+#  Copyright 2000-2004 Double Precision, Inc.  See COPYING for
+#  distribution information.
+#
+#  This configuration file sets various options for the Courier-IMAP server
+#  when used to handle SSL POP3 connections.
+#
+#  SSL and non-SSL connections are handled by a dedicated instance of the
+#  couriertcpd daemon.  If you are accepting both SSL and non-SSL POP3
+#  connections, you will start two instances of couriertcpd, one on the
+#  POP3 port 110, and another one on the POP3-SSL port 995.
+#
+#  Download OpenSSL from http://www.openssl.org/
+#
+##NAME: SSLPORT:0
+#
+#  Options in the pop3d-ssl configuration file AUGMENT the options in the
+#  pop3d configuration file.  First the pop3d configuration file is read,
+#  then the pop3d-ssl configuration file, so we do not have to redefine
+#  anything.
+#
+#  However, some things do have to be redefined.  The port number is
+#  specified by SSLPORT, instead of PORT.  The default port is port 995.
+#
+#  Multiple port numbers can be separated by commas.  When multiple port
+#  numbers are used it is possibly to select a specific IP address for a
+#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
+#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
+#  The SSLADDRESS setting is a default for ports that do not have
+#  a specified IP address.
+
+SSLPORT=995
+
+##NAME: SSLADDRESS:0
+#
+#  Address to listen on, can be set to a single IP address.
+#
+# SSLADDRESS=127.0.0.1
+
+SSLADDRESS=0
+
+##NAME: SSLPIDFILE:0
+#
+#
+#
+
+SSLPIDFILE=/var/run/pop3d-ssl.pid
+
+##NAME: POP3DSSLSTART:0
+#
+#  Whether or not to start POP3 over SSL on spop3 port:
+
+POP3DSSLSTART=YES
+
+##NAME: POP3_STARTTLS:0
+#
+# Whether or not to implement the POP3 STLS extension:
+
+POP3_STARTTLS=YES
+
+##NAME: POP3_TLS_REQUIRED:1
+#
+# Set POP3_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
+# (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS
+# is issued).
+
+POP3_TLS_REQUIRED=0
+
+##NAME: COURIERTLS:0
+#
+# The following variables configure POP3 over SSL.  If OpenSSL is available
+# during configuration, the couriertls helper gets compiled, and upon
+# installation a dummy TLS_CERTFILE gets generated.  courieresmtpd will
+# automatically advertise the ESMTP STARTTLS extension if both TLS_CERTFILE
+# and COURIERTLS exist.
+#
+# WARNING: Peer certificate verification has NOT yet been tested.  Proceed
+# at your own risk.  Only the basic SSL/TLS functionality is known to be
+# working. Keep this in mind as you play with the following variables.
+
+COURIERTLS=/usr/sbin/couriertls
+
+##NAME: TLS_PROTOCOL:0
+# 
+# TLS_PROTOCOL sets the protocol version.  The possible versions are:
+#
+# SSL2 - SSLv2
+# SSL3 - SSLv3
+# TLS1 - TLS1
+
+TLS_PROTOCOL=SSL3
+
+##NAME: TLS_STARTTLS_PROTOCOL:0
+# 
+# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS
+# extension, as opposed to POP3 over SSL on port 995.
+#
+
+TLS_STARTTLS_PROTOCOL=TLS1
+
+##NAME: TLS_CIPHER_LIST:0
+#
+# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
+# OpenSSL library.  In most situations you can leave TLS_CIPHER_LIST
+# undefined
+#
+# TLS_CIPHER_LIST="ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
+
+##NAME: TLS_TIMEOUT:0
+# TLS_TIMEOUT is currently not implemented, and reserved for future use.
+# This is supposed to be an inactivity timeout, but its not yet implemented.
+#
+
+##NAME: TLS_DHCERTFILE:0
+#
+# TLS_DHCERTFILE - PEM file that stores our Diffie-Hellman cipher pair.
+# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA
+# you must generate a DH pair that will be used.  In most situations the
+# DH pair is to be treated as confidential, and the file specified by
+# TLS_DHCERTFILE must not be world-readable.
+#
+# TLS_DHCERTFILE=
+
+##NAME: TLS_CERTFILE:0
+#
+# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
+# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
+# treated as confidential, and must not be world-readable.
+#
+TLS_CERTFILE=/etc/ssl/server/<SERVERNAME>.pem
+
+##NAME: TLS_TRUSTCERTS:0
+#
+# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname.
+# pathname can be a file or a directory. If a file, the file should
+# contain a list of trusted certificates, in PEM format. If a
+# directory, the directory should contain the trusted certificates,
+# in PEM format, one per file and hashed using OpenSSL's c_rehash
+# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying
+# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set
+# to PEER or REQUIREPEER).
+#
+#
+# TLS_TRUSTCERTS=
+
+##NAME: TLS_VERIFYPEER:0
+#
+# TLS_VERIFYPEER - how to verify client certificates.  The possible values of
+# this setting are:
+#
+# NONE - do not verify anything
+#
+# PEER - verify the client certificate, if one's presented
+#
+# REQUIREPEER - require a client certificate, fail if one's not presented
+#
+#
+TLS_VERIFYPEER=NONE
+
+##NAME: TLS_CACHE:0
+#
+# A TLS/SSL session cache may slightly improve response for long-running
+# POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE
+# bytes long, and used as a cache buffer.
+#
+# This is an experimental feature and should be disabled if it causes
+# problems with SSL clients.  Disable SSL caching by commenting out the
+# following settings:
+
+TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache
+TLS_CACHESIZE=524288
+
+##NAME: MAILDIRPATH:0
+#
+# MAILDIRPATH - directory name of the maildir directory.
+#
+MAILDIRPATH=Maildir
+
+#Hardwire a value for ${MAILDIR}
+MAILDIRPATH=.maildir

templates/misc/configfiles/gentoo/courier/etc_courier_authlib_authdaemonrc

@@ -0,0 +1,93 @@
+##VERSION: $Id: authdaemonrc.in,v 1.12 2005/07/05 12:25:08 mrsam Exp $
+#
+# Copyright 2000-2005 Double Precision, Inc.  See COPYING for
+# distribution information.
+#
+# authdaemonrc created from authdaemonrc.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# This file configures authdaemond, the resident authentication daemon.
+#
+# Comments in this file are ignored.  Although this file is intended to
+# be sourced as a shell script, authdaemond parses it manually, so
+# the acceptable syntax is a bit limited.  Multiline variable contents,
+# with the \ continuation character, are not allowed.  Everything must
+# fit on one line.  Do not use any additional whitespace for indentation,
+# or anything else.
+
+##NAME: authmodulelist:2
+#
+# The authentication modules that are linked into authdaemond.  The
+# default list is installed.  You may selectively disable modules simply
+# by removing them from the following list.  The available modules you
+# can use are: authuserdb authpam authshadow authmysql authcustom authpipe
+
+authmodulelist="authmysql"
+
+##NAME: authmodulelistorig:3
+#
+# This setting is used by Courier's webadmin module, and should be left
+# alone
+
+authmodulelistorig="authuserdb authpam authshadow authmysql authcustom authpipe"
+
+##NAME: daemons:0
+#
+# The number of daemon processes that are started.  authdaemon is typically
+# installed where authentication modules are relatively expensive: such
+# as authldap, or authmysql, so it's better to have a number of them running.
+# PLEASE NOTE:  Some platforms may experience a problem if there's more than
+# one daemon.  Specifically, SystemV derived platforms that use TLI with
+# socket emulation.  I'm suspicious of TLI's ability to handle multiple
+# processes accepting connections on the same filesystem domain socket.
+#
+# You may need to increase daemons if as your system load increases.  Symptoms
+# include sporadic authentication failures.  If you start getting
+# authentication failures, increase daemons.  However, the default of 5
+# SHOULD be sufficient.  Bumping up daemon count is only a short-term
+# solution.  The permanent solution is to add more resources: RAM, faster
+# disks, faster CPUs...
+
+daemons=5
+
+##NAME: authdaemonvar:2
+#
+# authdaemonvar is here, but is not used directly by authdaemond.  It's
+# used by various configuration and build scripts, so don't touch it!
+
+authdaemonvar=/var/lib/courier/authdaemon
+
+##NAME: DEBUG_LOGIN:0
+#
+# Dump additional diagnostics to syslog
+#
+# DEBUG_LOGIN=0   - turn off debugging
+# DEBUG_LOGIN=1   - turn on debugging
+# DEBUG_LOGIN=2   - turn on debugging + log passwords too
+#
+# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
+#
+# Note that most information is sent to syslog at level 'debug', so
+# you may need to modify your /etc/syslog.conf to be able to see it.
+
+DEBUG_LOGIN=0
+
+##NAME: DEFAULTOPTIONS:0
+#
+# A comma-separated list of option=value pairs. Each option is applied
+# to an account if the account does not have its own specific value for
+# that option. So for example, you can set
+#   DEFAULTOPTIONS="disablewebmail=1,disableimap=1"
+# and then enable webmail and/or imap on individual accounts by setting
+# disablewebmail=0 and/or disableimap=0 on the account.
+
+DEFAULTOPTIONS=""
+
+##NAME: LOGGEROPTS:0
+#
+# courierlogger(1) options, e.g. to set syslog facility
+#
+
+LOGGEROPTS=""

templates/misc/configfiles/gentoo/courier/etc_courier_authlib_authmysqlrc

@@ -0,0 +1,13 @@
+MYSQL_SERVER <SQL_HOST>
+MYSQL_USERNAME <SQL_UNPRIVILEGED_USER>
+MYSQL_PASSWORD <SQL_UNPRIVILEGED_PASSWORD>
+MYSQL_PORT 0
+MYSQL_DATABASE <SQL_DB>
+MYSQL_USER_TABLE mail_users
+MYSQL_CRYPT_PWFIELD password_enc
+MYSQL_UID_FIELD <VIRTUAL_UID_MAPS>
+MYSQL_GID_FIELD <VIRTUAL_GID_MAPS>
+MYSQL_LOGIN_FIELD username
+MYSQL_HOME_FIELD "<VIRTUAL_MAILBOX_BASE>"
+MYSQL_MAILDIR_FIELD maildir
+MYSQL_QUOTA_FIELD (quota*1024*1024)

templates/misc/configfiles/gentoo/cron/etc_cron.d_syscp

@@ -0,0 +1,16 @@
+#
+# Set PATH, otherwise restart-scripts won't find start-stop-daemon
+#
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+#
+# Regular cron jobs for the syscp package
+#
+# Please check that all following paths are correct
+#
+*/5 * * * *	root	/usr/lib/php5/bin/php -q -c /etc/php/syscp-cronjob/php.ini /var/www/syscp/scripts/cron_tasks.php
+0 0 * * *	root	/usr/lib/php5/bin/php -q -c /etc/php/syscp-cronjob/php.ini /var/www/syscp/scripts/cron_traffic.php
+30 0 * * *	root	/usr/lib/php5/bin/php -q -c /etc/php/syscp-cronjob/php.ini /var/www/syscp/scripts/cron_ticketarchive.php
+0 1 * * *	root	/usr/lib/php5/bin/php -q -c /etc/php/syscp-cronjob/php.ini /var/www/syscp/scripts/cron_used_tickets_reset.php
+*/5 * * * *	root	/usr/lib/php5/bin/php -q -c /etc/php/syscp-cronjob/php.ini /var/www/syscp/scripts/cron_autoresponder.php
+*/5 * * * *	root	/usr/lib/php5/bin/php -q -c /etc/php/syscp-cronjob/php.ini /var/www/syscp/scripts/cron_apsinstaller.php
+*/30 * * * *	root	/usr/lib/php5/bin/php -q -c /etc/php/syscp-cronjob/php.ini /var/www/syscp/scripts/cron_apsupdater.php

templates/misc/configfiles/gentoo/cron/etc_php_syscp-cronjob_php.ini

@@ -0,0 +1,61 @@
+short_open_tag = On
+asp_tags = Off
+precision = 14
+output_buffering = Off
+allow_call_time_pass_reference = Off
+safe_mode = Off
+safe_mode_gid = Off
+safe_mode_include_dir = "/usr/share/php/:/usr/share/php4/:/usr/share/php5/"
+safe_mode_allowed_env_vars = PHP_
+safe_mode_protected_env_vars = LD_LIBRARY_PATH
+open_basedir =
+disable_functions =
+disable_classes =
+expose_php = Off
+max_execution_time = 180
+max_input_time = 120
+memory_limit = 32M
+post_max_size = 32M
+error_reporting = E_ALL & ~E_NOTICE
+display_errors = On
+display_startup_errors = Off
+log_errors = Off
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+report_memleaks = On
+track_errors = Off
+html_errors = Off
+variables_order = "GPCS"
+register_globals = Off
+register_argc_argv = Off
+gpc_order = "GPC"
+magic_quotes_gpc = Off
+magic_quotes_runtime = Off
+magic_quotes_sybase = Off
+include_path = ".:/usr/share/php/:/usr/share/php4/:/usr/share/php5/"
+enable_dl = Off
+file_uploads = On
+upload_tmp_dir = "/tmp/"
+upload_max_filesize = 32M
+allow_url_fopen = On
+session.save_handler = files
+session.save_path = "/tmp/"
+session.use_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.bug_compat_42 = 0
+session.bug_compat_warn = 1
+session.referer_check =
+session.entropy_length = 16
+session.entropy_file = /dev/urandom
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0

templates/misc/configfiles/gentoo/cron/etc_php_syscp-vhost_php.ini

@@ -0,0 +1,61 @@
+short_open_tag = On
+asp_tags = Off
+precision = 14
+output_buffering = 4096
+allow_call_time_pass_reference = Off
+safe_mode = Off
+safe_mode_gid = Off
+safe_mode_include_dir = "/usr/share/php/:/usr/share/php4/:/usr/share/php5/"
+safe_mode_allowed_env_vars = PHP_
+safe_mode_protected_env_vars = LD_LIBRARY_PATH
+open_basedir = "/var/www/syscp/:/var/www/syscp-suphp/syscp/:/var/www/syscpwebs/:/usr/share/php/:/usr/share/php4/:/usr/share/php5/"
+disable_functions = exec,passthru,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate
+disable_classes =
+expose_php = Off
+max_execution_time = 30
+max_input_time = 60
+memory_limit = 16M
+post_max_size = 12M
+error_reporting = E_ALL & ~E_NOTICE
+display_errors = Off
+display_startup_errors = Off
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+report_memleaks = On
+track_errors = Off
+html_errors = Off
+variables_order = "GPCS"
+register_globals = Off
+register_argc_argv = Off
+gpc_order = "GPC"
+magic_quotes_gpc = Off
+magic_quotes_runtime = Off
+magic_quotes_sybase = Off
+include_path = ".:/usr/share/php/:/usr/share/php4/:/usr/share/php5/"
+enable_dl = Off
+file_uploads = On
+upload_tmp_dir = "/var/www/syscp-suphp/syscp/"
+upload_max_filesize = 32M
+allow_url_fopen = Off
+session.save_handler = files
+session.save_path = "/var/www/syscp-suphp/syscp/"
+session.use_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.bug_compat_42 = 0
+session.bug_compat_warn = 1
+session.referer_check =
+session.entropy_length = 16
+session.entropy_file = /dev/urandom
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0

templates/misc/configfiles/gentoo/dkim/dkim-filter.conf

@@ -0,0 +1,3 @@
+Syslog			yes
+Domain			/etc/postfix/dkim/domains
+KeyList			/etc/postfix/dkim/dkim-keys.conf

templates/misc/configfiles/gentoo/dovecot/etc_dovecot_dovecot-sql.conf

@@ -0,0 +1,5 @@
+driver = mysql
+connect = host=<SQL_HOST> dbname=<SQL_DB> user=<SQL_UNPRIVILEGED_USER> password=<SQL_UNPRIVILEGED_PASSWORD>
+default_pass_scheme = CRYPT
+password_query = "SELECT username AS user, password_enc AS password, CONCAT(homedir, maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid, CONCAT('*:storage=', quota,'M') AS userdb_quota_rule FROM mail_users WHERE username = '%u' OR email = '%u'"
+user_query = "SELECT CONCAT(homedir, maildir) AS home, uid, gid, CONCAT('*:storage=', quota,'M') AS quota_rule FROM mail_users WHERE username = '%u' OR email = '%u'"

templates/misc/configfiles/gentoo/dovecot/etc_dovecot_dovecot.conf

@@ -0,0 +1,72 @@
+base_dir = /var/run/dovecot
+protocols = imap pop3 <SSLPROTOCOLS>
+listen = *
+mail_access_groups = vmail
+mail_debug = no
+## Uncomment this line to allow Plaintext Logins from foreign IP if the Connection doesn't use TLS
+disable_plaintext_auth = no
+
+### SSL Settings
+### After setting this options, set disable_plaintext_auth to yes (see above)
+### and add imaps pop3s to the protocols
+#ssl_cert_file = /etc/ssl/server/<SERVERNAME>.pem
+#ssl_key_file = /etc/ssl/server/<SERVERNAME>.key
+## This is an example with CACerts class3 cert!
+#ssl_ca_file = /path/to/cacert.class3.crt
+#ssl_cipher_list = ALL:!LOW:!SSLv2
+
+protocol imap {
+	mail_plugins = quota imap_quota
+}
+
+protocol pop3 {
+    # Uncomment this line if you are migrating from Courier also see Migration from Courier
+    pop3_uidl_format = UID%u-%v
+    mail_plugins = quota
+    
+}
+protocol lda {
+	# postmaster is the one in charge of the mail system. MUST be set to a vailid address!
+    postmaster_address = <postmaster-address>
+    auth_socket_path = /var/run/dovecot/auth-master
+    mail_plugins = quota
+    sendmail_path = /usr/sbin/sendmail
+}
+
+auth default {
+    mechanisms = plain login
+    passdb sql {
+        args = /etc/dovecot/dovecot-sql.conf
+    }
+    
+    userdb prefetch {
+    }
+    
+    userdb sql {
+        args = /etc/dovecot/dovecot-sql.conf
+    }
+    
+    user = vmail
+    socket listen {
+    	# Postfix uses the client socket for SMTP Auth
+        client {
+            # Assuming the default Postfix $queue_directory setting
+            path = /var/spool/postfix/private/auth
+            mode = 0660
+            # Assuming the default Postfix user and group
+            user = postfix
+            group = postfix
+        }
+        # Note that we're setting a master socket. SMTP AUTH for Postfix and Exim uses client sockets.
+        master {
+			path = /var/run/dovecot/auth-master
+			mode = 0660
+			user = vmail
+			group = vmail
+    }
+        
+    }
+}
+plugin {
+	quota = maildir:User Quota
+}

templates/misc/configfiles/gentoo/libnss/etc_libnss-mysql-root.cfg

@@ -0,0 +1,2 @@
+username	<SQL_UNPRIVILEGED_USER>
+password	<SQL_UNPRIVILEGED_PASSWORD>

templates/misc/configfiles/gentoo/libnss/etc_libnss-mysql.cfg

@@ -0,0 +1,38 @@
+getpwnam    SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
+            FROM ftp_users \
+            WHERE username='%1$s' \
+            LIMIT 1
+getpwuid    SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
+            FROM ftp_users \
+            WHERE uid='%1$u' \
+            LIMIT 1
+getspnam    SELECT username,password,UNIX_TIMESTAMP()-10,'1','2','7','-1','-1','0' \
+            FROM ftp_users \
+            WHERE username='%1$s' \
+            LIMIT 1
+getpwent    SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
+            FROM ftp_users
+getspent    SELECT username,password,UNIX_TIMESTAMP()-10,'1','2','7','-1','-1','0' \
+            FROM ftp_users
+getgrnam    SELECT groupname,'x',gid \
+            FROM ftp_groups \
+            WHERE groupname='%1$s' \
+            LIMIT 1
+getgrgid    SELECT groupname,'x',gid \
+            FROM ftp_groups \
+            WHERE gid='%1$u' \
+            LIMIT 1
+getgrent    SELECT groupname,'x',gid \
+            FROM ftp_groups
+memsbygid   SELECT username \
+            FROM ftp_users \
+            WHERE gid='%1$u'
+gidsbymem   SELECT gid \
+            FROM ftp_users \
+            WHERE username='%1$s'
+
+host		<SQL_HOST>
+database	<SQL_DB>
+username	<SQL_UNPRIVILEGED_USER>
+password	<SQL_UNPRIVILEGED_PASSWORD>
+socket		/var/run/mysqld/mysqld.sock

templates/misc/configfiles/gentoo/libnss/etc_nsswitch.conf

@@ -0,0 +1,6 @@
+# Make sure that `passwd`, `group` and `shadow` have mysql in their lines 
+# You should place mysql at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat mysql
+group:          compat mysql
+shadow:         compat mysql

templates/misc/configfiles/gentoo/lighttpd/etc_lighttpd.conf

@@ -0,0 +1,55 @@
+###############################################################################
+# Default lighttpd.conf for SysCP.
+###############################################################################
+var.basedir  = "/var/www"
+var.logdir   = "/var/log/lighttpd"
+var.statedir = "/var/lib/lighttpd"
+
+server.modules = (
+	"mod_rewrite",
+	"mod_redirect",
+	"mod_alias",
+	"mod_access",
+	"mod_auth",
+	"mod_fastcgi",
+	"mod_accesslog"
+)
+
+server.username      = "lighttpd"
+server.groupname     = "lighttpd"
+server.document-root = var.basedir
+server.pid-file      = "/var/run/lighttpd.pid"
+accesslog.filename   = var.logdir + "/access.log"
+server.errorlog      = var.logdir  + "/error.log"
+
+server.indexfiles    = ("index.php", "index.html",
+						"index.htm", "default.htm")
+						
+server.name			 = "<SERVERNAME>"
+server.port          = 80
+server.bind          = "<SERVERIP>"
+url.access-deny = ("~", ".inc")
+
+include "mime-types.conf"
+include "syscp-vhosts.conf"
+
+fastcgi.server = (
+".php" => (
+		"localhost" => (
+			"socket" => "/tmp/lighttpd-fcgi-sock-lighttpd",
+			"broken-scriptfilename" => "enable",
+			"bin-path" => "/usr/bin/php-cgi",
+			"min-procs" => 1,
+			"max-procs" => 1,
+			"max-load-per-proc" => 4,
+			"idle-timeout" => 60,
+			"bin-environment" => (
+				"UID" => "lighttpd",
+				"GID" => "lighttpd",
+				"PHP_FCGI_CHILDREN" => "0",
+				"PHP_FCGI_MAX_REQUESTS" => "10000"
+			),
+			"bin-copy-environment" => ( "" )
+		)
+	)
+)

templates/misc/configfiles/gentoo/postfix/etc_postfix_main.cf

@@ -0,0 +1,111 @@
+# Postfix programs paths settings
+command_directory = /usr/sbin
+daemon_directory = /usr/lib/postfix
+program_directory = /usr/lib/postfix
+sendmail_path = /usr/sbin/sendmail
+
+## General Postfix configuration
+# should be the default domain from your provider eg. "server100.provider.tld"
+mydomain = <SERVERNAME>
+
+# should be different from $mydomain eg. "mail.$mydomain"
+myhostname = <SERVERNAME>
+
+mydestination = $myhostname,
+	$mydomain,
+	localhost.$myhostname,
+	localhost.$mydomain,
+	localhost
+mynetworks = 127.0.0.0/8
+inet_interfaces = all
+append_dot_mydomain = no
+biff = no
+
+# Postfix performance settings
+default_destination_concurrency_limit = 20
+local_destination_concurrency_limit = 2
+
+# SMTPD Settings
+smtpd_banner = $myhostname ESMTP $mail_name (Gentoo/GNU)
+smtpd_helo_required = yes
+smtpd_recipient_restrictions = permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unauth_destination,
+	reject_unauth_pipelining,
+	reject_non_fqdn_recipient
+smtpd_sender_restrictions = permit_mynetworks,
+	permit_sasl_authenticated, 
+	reject_unknown_hostname, 
+	reject_unknown_recipient_domain, 
+	reject_unknown_sender_domain
+smtpd_client_restrictions = permit_mynetworks,
+	permit_sasl_authenticated,
+	reject_unknown_client
+# Maximum size of Message in bytes (50MB)
+message_size_limit = 52428800
+
+## SASL Auth Settings
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_local_domain = $myhostname
+smtpd_sasl_security_options = noanonymous
+broken_sasl_auth_clients = yes
+## Dovecot Settings for deliver, SASL Auth and virtual transport
+## uncomment those line to use Dovecot
+#mailbox_command = /usr/libexec/dovecot/deliver
+#smtpd_sasl_type = dovecot
+#smtpd_sasl_path = private/auth
+#virtual_transport = dovecot
+#dovecot_destination_recipient_limit = 1
+
+# Virtual delivery settings
+virtual_mailbox_base = <VIRTUAL_MAILBOX_BASE>
+virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
+virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
+virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
+virtual_uid_maps = static:<VIRTUAL_UID_MAPS>
+virtual_gid_maps = static:<VIRTUAL_GID_MAPS>
+
+# Local delivery settings
+local_transport = local
+alias_database = hash:/etc/mail/aliases
+alias_maps = $alias_database
+
+# Default Mailbox size, is set to 0 which means unlimited!
+mailbox_size_limit = 0
+
+### TLS settings
+###
+## TLS for outgoing mails from the server to another server
+#smtp_use_tls = yes
+#smtp_tls_note_starttls_offer = yes
+## TLS for email client
+#smtpd_tls_cert_file = /etc/ssl/server/<SERVERNAME>.pem
+#smtpd_tls_key_file = /etc/ssl/server/<SERVERNAME>.pem
+#smtpd_tls_CAfile = /etc/ssl/cacert.class3.crt  # Just an example for CACert.org
+#smtpd_tls_auth_only = no
+#smtpd_tls_loglevel = 1
+#smtpd_tls_received_header = yes
+#smtpd_tls_session_cache_timeout = 3600s
+#tls_random_source = dev:/dev/urandom
+
+### Quota Settings with vda useflag
+## I use only virtual as localdelivery... This permit me to have full
+## virtual domain hosting without using a lots of maps
+#virtual_transport = virtual
+## Generate maildirsize files or not
+#virtual_create_maildirsize = yes
+## I use Courier IMAP compatibles files.
+#virtual_mailbox_extended = yes
+## Limits only INBOX part (usefull when
+## using when you have IMAP users)
+#virtual_mailbox_limit_inbox = yes
+## maps of soft disk quotas
+#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
+#virtual_mailbox_limit_override = yes
+#virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later.
+#virtual_overquota_bounce = yes
+
+debugger_command =
+         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+         ddd $daemon_directory/$process_name $process_id & sleep 5
+

templates/misc/configfiles/gentoo/postfix/etc_postfix_master.cf

@@ -0,0 +1,4 @@
+# Add this lines to be able to use dovecot as delivery agent
+# Dovecot LDA
+dovecot	  unix	-	n	n	-	-	pipe
+	flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d ${recipient}

templates/misc/configfiles/gentoo/postfix/etc_postfix_mysql-virtual_alias_maps.cf

@@ -0,0 +1,8 @@
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+table = mail_virtual
+select_field = destination
+where_field = email
+additional_conditions = and destination <> '' and destination <> ' '
+hosts = <SQL_HOST> 

templates/misc/configfiles/gentoo/postfix/etc_postfix_mysql-virtual_mailbox_domains.cf

@@ -0,0 +1,8 @@
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+table = panel_domains
+select_field = domain
+where_field = domain
+additional_conditions = and isemaildomain = '1'
+hosts = <SQL_HOST> 

templates/misc/configfiles/gentoo/postfix/etc_postfix_mysql-virtual_mailbox_maps.cf

@@ -0,0 +1,7 @@
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+table = mail_users
+select_field = maildir
+where_field = email
+hosts = <SQL_HOST> 

templates/misc/configfiles/gentoo/postfix/etc_sasl2_smtpd.conf

@@ -0,0 +1,12 @@
+pwcheck_method: auxprop
+auxprop_plugin: sql
+allowanonymouslogin: no
+allowplaintext: yes
+mech_list: PLAIN LOGIN
+password_format: crypt
+sql_engine: mysql
+sql_hostnames: <SQL_HOST>
+sql_user: <SQL_UNPRIVILEGED_USER>
+sql_passwd: <SQL_UNPRIVILEGED_PASSWORD>
+sql_database: <SQL_DB>
+sql_select: SELECT password_enc FROM mail_users WHERE username='%u@%r' OR email='%u@%r'

templates/misc/configfiles/gentoo/postfix/mysql-virtual_mailbox_limit_maps.cf

@@ -0,0 +1,7 @@
+user = <SQL_UNPRIVILEGED_USER>
+password = <SQL_UNPRIVILEGED_PASSWORD>
+dbname = <SQL_DB>
+table = mail_users
+select_field = (quota*1024*1024)
+where_field = email
+hosts = <SQL_HOST>

templates/misc/configfiles/gentoo/proftpd/etc_proftpd_proftpd.conf

@@ -0,0 +1,94 @@
+# Server settings
+ServerName				"<SERVERNAME> FTP Server"
+ServerType				standalone
+ServerIdent				off
+DefaultServer			on
+Port					21
+MaxInstances			50
+
+# General settings
+DeferWelcome			on
+MultilineRFC2228		on
+ShowSymlinks			on
+AllowOverwrite			on
+AllowStoreRestart		on
+AllowRetrieveRestart		on
+UseReverseDNS			off
+IdentLookups			off
+ListOptions				"-al"
+DisplayChdir			.message
+UseIPv6				off
+
+# Modules settings
+#DelayEngine				off
+
+# Timeout settings
+TimeoutLogin			120
+TimeoutNoTransfer		600
+TimeoutStalled			600
+TimeoutIdle				600
+
+# Security settings
+RootLogin				off
+RequireValidShell		off
+User					syscpftpd
+Group					syscpftpd
+Umask					133 022
+DefaultRoot				~
+DenyFilter				\*.*/
+
+# Per-Directory settings
+<Directory /*>
+Umask					133 022
+AllowOverwrite			on
+</Directory>
+
+# SQL settings
+SQLAuthTypes Crypt
+SQLAuthenticate users* groups*
+SQLConnectInfo <SQL_DB>@<SQL_HOST> <SQL_UNPRIVILEGED_USER> <SQL_UNPRIVILEGED_PASSWORD>
+SQLUserInfo ftp_users username password uid gid homedir shell
+SQLGroupInfo ftp_groups groupname gid members
+SQLUserWhereClause "login_enabled = 'y'"
+
+SQLLog PASS login
+SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users
+
+SQLLog RETR download
+SQLNamedQuery download UPDATE "down_count=down_count+1, down_bytes=down_bytes+%b WHERE username='%u'" ftp_users
+
+SQLLog STOR upload
+SQLNamedQuery upload UPDATE "up_count=up_count+1, up_bytes=up_bytes+%b WHERE username='%u'" ftp_users
+
+# TLS settings
+#<IfModule mod_tls.c>
+#TLSEngine					on
+#TLSLog						/var/log/proftpd-tls.log
+#TLSProtocol					SSLv23
+#TLSTimeoutHandshake				120
+# Really important for WinClients
+#TLSOptions					NoCertRequest
+#TLSRSACertificateFile		/etc/ssl/server/<SERVERNAME>.crt
+#TLSRSACertificateKeyFile	/etc/ssl/server/<SERVERNAME>.key
+# Authenticate client that want to use FTP over TLS?
+#TLSVerifyClient			off
+# Uncomment the following line to force tls login
+#TLSRequired				off
+#</IfModule>
+
+# LOG settings
+# Logging Formats
+LogFormat default "%h %1 %u %t \"%r\" %s %b"
+LogFormat auth "%v [%P] %h %t \"%r\" %s"
+LogFormat write "%h %l %u %t \"%r\" %s %b"
+# Activate Logging
+# all logins
+ExtendedLog /var/log/proftpd-auth.log AUTH auth
+# file/dir access
+ExtendedLog /var/log/proftpd-access.log WRITE,READ write
+# everything (be careful, generates_ very_ big logfiles)
+#ExtendedLog /var/log/proftpd-all.log ALL default
+
+# make proftpd faster / do not perform ident and reverse dns lookup
+UseReverseDNS off
+IdentLookups off 

templates/misc/configfiles/gentoo/xinetd/etc_xinet.d_syscp

@@ -0,0 +1,11 @@
+service syscp
+{
+        id              = syscp
+        socket_type     = dgram
+        protocol        = tcp
+        wait            = no
+        user            = root
+        server          = /usr/bin/php
+        server_args     = -q /var/www/syscp/scripts/cron_tasks.php
+        only_from       = 127.0.0.1
+}