Add Mailcow update check script

put to cron.daily to upgrade mailcow and get additional check_mk output for updates and ssl certificates by acme

conf/README.md

@@ -153,10 +153,10 @@ ZMB_ADMIN_PASS='Start!123'
 ```
 Please use 'single quotation marks' to avoid unexpected behaviour.
 `zmb-ad` domain administrator has to meet the password complexity policy, if password is too weak, domain provisioning will fail.
-### ZMB_SHARES
+### ZMB_SHARE
-Defines the names of your Zamba shares
+Defines the name of your Zamba share
 ```bash
-ZMB_SHARES="share1,share2"
+ZMB_SHARE="share"
 ```
 <br>
 

conf/zamba.conf.example

@@ -114,8 +114,8 @@ ZMB_ADMIN_PASS='Start!123'
 # Name of the "domain admins" group (depends on your Active Directory language, valid on zmb-cups, lower case)
 ZMB_DOMAIN_ADMINS="domain admins"
 
-# Defines the names of your Zamba shares in a comma separated list
+# Defines the name of your Zamba share
-ZMB_SHARES="share1,share2"
+ZMB_SHARE="share"
 
 ############### Mailpiler-Section ###############
 

scripts/create-service-account

@@ -36,7 +36,7 @@ ldbmodify -H /var/lib/samba/private/sam.ldb <<EOF
 dn: $DN
 changetype: modify
 replace: userWorkstations
-userWorkstations: "NOWORKSTATION"
+userWorkstations: NONE
 EOF
 
 echo

scripts/mailcow-update-checkmk-acme.sh

@@ -0,0 +1,159 @@
+#!/bin/bash
+
+DEBUG_LOG="/tmp/mailcow_debug.log"
+echo "" > "$DEBUG_LOG"
+
+debug() {
+    echo "[DEBUG] $1"
+    echo "[DEBUG] $1" >> "$DEBUG_LOG"
+}
+
+debug "Starte Mailcow Check Script"
+
+MAILCOW_PATH="/opt/mailcow-dockerized"
+SPOOL_DIR="/var/lib/check_mk_agent/spool"
+INTERVAL_SECONDS=87000
+SPOOL_FILE="${SPOOL_DIR}/${INTERVAL_SECONDS}_mailcow_update"
+CERT_DIR="${MAILCOW_PATH}/data/assets/ssl"
+
+mkdir -p "$SPOOL_DIR"
+TMP_FILE="$(mktemp)"
+
+debug "Spool-Datei: $SPOOL_FILE"
+debug "Temporäre Datei: $TMP_FILE"
+
+# KORREKTER Header für Checkmk Local Checks
+echo "<<<local>>>" > "$TMP_FILE"
+
+debug "Wechsle ins Mailcow-Verzeichnis: $MAILCOW_PATH"
+if ! cd "$MAILCOW_PATH"; then
+    echo "2 Mailcow_Update - ERROR: Verzeichnis $MAILCOW_PATH nicht gefunden" >> "$TMP_FILE"
+    echo "3 Mailcow_Version - UNKNOWN: Verzeichnis nicht gefunden" >> "$TMP_FILE"
+    mv "$TMP_FILE" "$SPOOL_FILE"
+    exit 2
+fi
+
+NOW="$(date '+%Y-%m-%d %H:%M:%S')"
+debug "Aktuelle Zeit: $NOW"
+
+debug "Lese Mailcow Git-Version aus..."
+GIT_TAG=$(git describe --tags --abbrev=0 2>/dev/null)
+GIT_COMMIT=$(git rev-parse --short HEAD 2>/dev/null)
+
+debug "GIT_TAG=$GIT_TAG"
+debug "GIT_COMMIT=$GIT_COMMIT"
+
+if [[ -n "$GIT_TAG" ]]; then
+    echo "0 Mailcow_Version - OK: Version $GIT_TAG ($GIT_COMMIT)" >> "$TMP_FILE"
+else
+    echo "0 Mailcow_Version - OK: Commit $GIT_COMMIT (kein Tag)" >> "$TMP_FILE"
+fi
+
+###############################################################################
+# UPDATE-CHECK
+###############################################################################
+
+debug "Führe update.sh --check aus..."
+UPDATE_CHECK=$(./update.sh --check 2>&1)
+RET=$?
+debug "Update Check Rückgabecode: $RET"
+
+EXIT_CODE=0
+
+if echo "$UPDATE_CHECK" | grep -q "No updates available"; then
+    debug "Kein Update verfügbar."
+    echo "0 Mailcow_Update - OK: Kein Update verfügbar ($NOW)" >> "$TMP_FILE"
+else
+    debug "Update verfügbar! Starte Update..."
+
+    UPDATE_OUTPUT=$(./update.sh --force --skip-ping-check 2>&1)
+    EXIT_CODE=$?
+
+    if [ "$EXIT_CODE" -eq 0 ]; then
+        debug "Update erfolgreich."
+        echo "0 Mailcow_Update - OK: Update erfolgreich durchgeführt ($NOW)" >> "$TMP_FILE"
+    else
+        debug "Update fehlgeschlagen."
+        echo "2 Mailcow_Update - CRITICAL: Update fehlgeschlagen ($NOW)" >> "$TMP_FILE"
+        echo "$UPDATE_OUTPUT" >> "$TMP_FILE"
+    fi
+fi
+
+###############################################################################
+# SSL-ZERTIFIKATE PRÜFEN (mit SANs)
+###############################################################################
+
+debug "Beginne SSL-Zertifikat-Scan unter: $CERT_DIR"
+debug "Ignoriere Verzeichnis: $CERT_DIR/backups"
+debug "Ignoriere Datei: $CERT_DIR/acme/account.pem"
+debug "Ignoriere Dateien: key.pem, dhparams.pem"
+
+if [ ! -d "$CERT_DIR" ]; then
+    echo "3 Mailcow_Certificates - UNKNOWN: SSL-Verzeichnis fehlt" >> "$TMP_FILE"
+else
+
+    while IFS= read -r -d '' CERT_FILE; do
+        debug "Prüfe Zertifikat: $CERT_FILE"
+
+        REL_PATH="${CERT_FILE#${CERT_DIR}/}"
+        CERT_NAME="${REL_PATH//\//_}"
+
+        # Ablaufdatum lesen
+        END_DATE_RAW=$(openssl x509 -enddate -noout -in "$CERT_FILE" 2>/dev/null | cut -d= -f2)
+
+        # SANs extrahieren
+        SANS=$(openssl x509 -noout -text -in "$CERT_FILE" \
+             | grep -A1 "Subject Alternative Name" \
+             | tail -n1 \
+             | sed 's/DNS://g' \
+             | sed 's/, /,/g' \
+             | xargs)
+
+        debug "SANs: $SANS"
+
+        if [ -z "$END_DATE_RAW" ]; then
+            echo "3 Mailcow_Cert_${CERT_NAME} - UNKNOWN: Kein Ablaufdatum ($CERT_FILE)" >> "$TMP_FILE"
+            continue
+        fi
+
+        END_EPOCH=$(date -d "$END_DATE_RAW" +%s 2>/dev/null)
+        NOW_EPOCH=$(date +%s)
+        SECONDS_LEFT=$((END_EPOCH - NOW_EPOCH))
+        DAYS_LEFT=$((SECONDS_LEFT / 86400))
+
+        debug "Noch $DAYS_LEFT Tage gültig"
+
+        if [ "$SECONDS_LEFT" -le 0 ]; then
+            STATE=2; STATE_TEXT="CRITICAL"; MSG="abgelaufen"
+        elif [ "$DAYS_LEFT" -le 14 ]; then
+            STATE=2; STATE_TEXT="CRITICAL"; MSG="läuft in <=14 Tagen ab"
+        elif [ "$DAYS_LEFT" -le 30 ]; then
+            STATE=1; STATE_TEXT="WARNING"; MSG="läuft bald ab"
+        else
+            STATE=0; STATE_TEXT="OK"; MSG="gültig"
+        fi
+
+        echo "${STATE} Mailcow_Cert_${CERT_NAME} - ${STATE_TEXT}: ${MSG}, Ablauf: ${END_DATE_RAW}, SANs: ${SANS}" >> "$TMP_FILE"
+
+    done < <(
+        find "$CERT_DIR" \
+          -path "${CERT_DIR}/backups" -prune -o \
+          -type f \
+          ! -path "$CERT_DIR/acme/account.pem" \
+          ! -name "key.pem" \
+          ! -name "dhparams.pem" \
+          \( -name "*.crt" -o -name "*.pem" -o -name "*.cert" \) \
+          -print0
+    )
+fi
+
+###############################################################################
+# SPEICHERN
+###############################################################################
+
+debug "Speichere Spool-Datei: $SPOOL_FILE"
+mv "$TMP_FILE" "$SPOOL_FILE"
+
+debug "Script fertig. Exit-Code: $EXIT_CODE"
+exit "$EXIT_CODE"
+

scripts/nextcloud-for-mailcow-dockerized.conf

@@ -1,44 +0,0 @@
-server {
-    listen 80;
-    listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-
-    server_name cloud.domain.tld;
-
-    ssl_certificate     /etc/ssl/mail/cert.pem;
-    ssl_certificate_key /etc/ssl/mail/key.pem;
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    # HTTP → HTTPS
-    if ($scheme = http) {
-        return 301 https://$host$request_uri;
-    }
-
-    location / {
-        proxy_pass https://cloud.domain.tld;
-
-        # Hostname & Forwarded-Header sauber durchreichen
-        proxy_set_header Host 192.168.178.253;        # explizit der Upstream-Name
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;  # TLS endet hier
-        proxy_set_header X-Forwarded-Host $host;   # also cloud.domain.tld
-        proxy_set_header X-Forwarded-Port 443;
-        proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host";
-        proxy_set_header Referrer-Policy "no-referrer";
-
-        proxy_connect_timeout 600;
-        proxy_send_timeout 600;
-        proxy_read_timeout 600;
-        send_timeout 600;
-        client_max_body_size 10G;
-    }
-
-    # CalDAV/CardDAV Redirects
-    location /.well-known/carddav { return 301 https://$host/remote.php/dav; }
-    location /.well-known/caldav { return 301 https://$host/remote.php/dav; }
-}

src/functions.sh

@@ -24,71 +24,29 @@ apt_repo() {
     apt_key_url=$2
     apt_key_path=/usr/share/keyrings/${apt_name}.gpg
     apt_repo_url=$3
-    apt_suites=$4
-    apt_components=$5
-    tmp_key_file=$(mktemp)
-    if ! curl -fsSL -o "${tmp_key_file}" "${apt_key_url}"; then
-        echo "❌ Fehler beim Herunterladen des Schlüssels."
-        rm -f "${tmp_key_file}"
-        exit 1
-    fi
-    if file "${tmp_key_file}" | grep -q "ASCII"; then
-        echo "🔍 Format erkannt: ASCII. Konvertiere den Schlüssel..."
-        # Wenn es ASCII ist, konvertiere es mit --dearmor
-        if sudo gpg --dearmor -o "${apt_key_path}" "${tmp_key_file}"; then
-            echo "✅ Schlüssel erfolgreich nach ${apt_key_path} konvertiert."
-        else
-            echo "❌ Fehler bei der Konvertierung des ASCII-Schlüssels."
-            rm -f "${tmp_key_file}" # Temporäre Datei aufräumen
-            exit 1
-        fi
-    else
-        echo "🔍 Format erkannt: Binär. Kopiere den Schlüssel direkt..."
-        # Wenn es kein ASCII ist, gehen wir von Binär aus und verschieben die Datei
-        if sudo mv "${tmp_key_file}" "${apt_key_path}"; then
-            echo "✅ Schlüssel erfolgreich nach ${apt_key_path} kopiert."
-        else
-            echo "❌ Fehler beim Kopieren des binären Schlüssels."
-            rm -f "${tmp_key_file}"
-            exit 1
-        fi
-    fi
 
-    if [[ $(lsb_release -r | cut -f2) -gt 12 ]]; then
+    wget -q -O - ${apt_key_url} | gpg --dearmor -o ${apt_key_path}
-        cat << EOF > /etc/apt/sources.list.d/${apt_name}.sources
+    echo "deb [signed-by=${apt_key_path}] ${apt_repo_url}" > /etc/apt/sources.list.d/${apt_name}.list
-Types: deb
-URIs: $apt_repo_url
-Suites: $apt_suites
-Components: $apt_components
-Enabled: yes
-Signed-By: $apt_key_path
-EOF
-    else
-        echo "deb [signed-by=${apt_key_path}] ${apt_repo_url} ${apt_suites} ${apt_components}" > /etc/apt/sources.list.d/${apt_name}.list
-    fi
 }
-
 #### Set repo and install Nginx ####
 inst_nginx() {
-    apt_repo "nginx" "https://nginx.org/keys/nginx_signing.key" "http://nginx.org/packages/mainline/debian" "$(lsb_release -cs)" "nginx"
+    apt_repo "nginx" "https://nginx.org/keys/nginx_signing.key" "http://nginx.org/packages/mainline/debian $(lsb_release -cs) nginx"
     apt update && DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends nginx
 }
-
 #### Set repo and install PHP ####
 inst_php() {
-    apt_repo "php" "https://packages.sury.org/php/apt.gpg" "https://packages.sury.org/php/" "$(lsb_release -sc)" "main"
+    curl -sSLo /usr/share/keyrings/sury_php.gpg https://packages.sury.org/php/apt.gpg
+    echo "deb [signed-by=/usr/share/keyrings/sury_php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/sury_php.list
     apt update && DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends php-common php$NEXTCLOUD_PHP_VERSION-{fpm,gd,curl,pgsql,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,mysql,redis,smbclient,sqlite3,cli,common,opcache,readline}
 }
-
 #### Set repo and install Postgresql ####
 inst_postgresql() {
-    apt_repo "postgresql" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" "http://apt.postgresql.org/pub/repos/apt" "$(lsb_release -cs)-pgdg" "main"
+    apt_repo "postgresql" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" "http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main"
     apt update && DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends postgresql-$POSTGRES_VERSION
 }
-
 #### Set repo and install Crowdsec ####
 inst_crowdsec() {
-    apt_repo "crowdsec" "https://packagecloud.io/crowdsec/crowdsec/gpgkey" "https://packagecloud.io/crowdsec/crowdsec/any" "any" "main"
+    apt_repo "crowdsec" "https://packagecloud.io/crowdsec/crowdsec/gpgkey" " https://packagecloud.io/crowdsec/crowdsec/any any main"
     apt update && DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends crowdsec
     DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends crowdsec-firewall-bouncer-nftables
 }

src/lxc-base.sh

@@ -24,7 +24,29 @@ EOF
 locale-gen $LXC_LOCALE 
 
 # Generate sources
-if [ "$LXC_TEMPLATE_VERSION" == "debian-12-standard" ] ; then
+if [ "$LXC_TEMPLATE_VERSION" == "debian-10-standard" ] ; then
+
+cat << EOF > /etc/apt/sources.list
+deb http://deb.debian.org/debian/ buster main contrib
+
+deb http://deb.debian.org/debian/ buster-updates main contrib
+
+# security updates
+deb http://security.debian.org/debian-security buster/updates main contrib
+EOF
+
+elif [ "$LXC_TEMPLATE_VERSION" == "debian-11-standard" ] ; then
+
+cat << EOF > /etc/apt/sources.list
+deb http://deb.debian.org/debian/ bullseye main contrib
+
+deb http://deb.debian.org/debian/ bullseye-updates main contrib
+
+# security updates
+deb http://security.debian.org/debian-security bullseye-security main contrib
+EOF
+
+elif [ "$LXC_TEMPLATE_VERSION" == "debian-12-standard" ] ; then
 
 cat << EOF > /etc/apt/sources.list
 deb http://deb.debian.org/debian/ bookworm main contrib
@@ -34,24 +56,6 @@ deb http://deb.debian.org/debian/ bookworm-updates main contrib
 # security updates
 deb http://security.debian.org/debian-security bookworm-security main contrib
 EOF
-elif [ "$LXC_TEMPLATE_VERSION" == "debian-13-standard" ] ; then
-
-if [ -f /etc/apt/sources.list ] ; then rm /etc/apt/sources.list ; fi
-cat << EOF > /etc/apt/sources.list.d/debian.sources
-Types: deb deb-src
-URIs: https://deb.debian.org/debian
-Suites: trixie trixie-updates
-Components: main non-free-firmware contrib non-free
-Enabled: yes
-Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
-
-Types: deb deb-src
-URIs: https://security.debian.org/debian-security
-Suites: trixie-security
-Components: main non-free-firmware contrib non-free
-Enabled: yes
-Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
-EOF
 
 else echo "LXC Debian Version false. Please check configuration files!" ; exit
 fi

src/matrix/install-service.sh

@@ -154,6 +154,6 @@ systemctl restart matrix-synapse
 
 rm /var/www/element-release-key.asc /var/www/element-$MATRIX_ELEMENT_VERSION.tar.gz /var/www/element-$MATRIX_ELEMENT_VERSION.tar.gz.asc
 
-register_new_matrix_user -a -u $MATRIX_ADMIN_USER -p "$MATRIX_ADMIN_PASSWORD" -c /etc/matrix-synapse/conf.d/registration.yaml http://127.0.0.1:8008
+register_new_matrix_user -a -u $MATRIX_ADMIN_USER -p \'$MATRIX_ADMIN_PASSWORD\' -c /etc/matrix-synapse/conf.d/registration.yaml http://127.0.0.1:8008
 
 echo -e "Your matrix installation is now complete. Please login into your element:\nLogin:\t\t$MATRIX_ADMIN_USER\nPassword:\t$MATRIX_ADMIN_PASSWORD\n\n"

src/zammad/install-service.sh

@@ -39,17 +39,16 @@ ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/nginx/ssl/fullchain.pem
 ln -sf /etc/ssl/private/ssl-cert-snakeoil.key /etc/nginx/ssl/privkey.pem
 ln -sf /etc/nginx/dhparam.pem /etc/nginx/ssl/dhparam.pem
 
-echo "Customizing nginx configuration..."
+sed -e "s|server_name example.com;|server_name ${LXC_HOSTNAME}.${LXC_DOMAIN};|g" \
-sed -e "s|$(grep -m1 server_name /opt/zammad/contrib/nginx/zammad_ssl.conf)|server_name ${LXC_HOSTNAME}.${LXC_DOMAIN};|g" \
+ -e "s|ssl_certificate /etc/nginx/ssl/example.com-fullchain.pem;|ssl_certificate /etc/nginx/ssl/fullchain.pem;|g" \
- -e "s|$(grep -m1 ssl_certificate /opt/zammad/contrib/nginx/zammad_ssl.conf)|ssl_certificate /etc/nginx/ssl/fullchain.pem;|g" \
+ -e "s|ssl_certificate_key /etc/nginx/ssl/example.com-privkey.pem;|ssl_certificate_key /etc/nginx/ssl/privkey.pem;|g" \
- -e "s|$(grep -m1 ssl_certificate_key /opt/zammad/contrib/nginx/zammad_ssl.conf)|ssl_certificate_key /etc/nginx/ssl/privkey.pem;|g" \
+ -e "s|ssl_protocols TLSv1.2;|ssl_protocols TLSv1.2 TLSv1.3;|g" \
- -e "s|$(grep -m1 ssl_protocols /opt/zammad/contrib/nginx/zammad_ssl.conf)|ssl_protocols TLSv1.2 TLSv1.3;|g" \
+ -e "s|ssl_trusted_certificate /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem;|#  ssl_trusted_certificate /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem;|g" \
- -e "s|$(grep -m1 ssl_dhparam /opt/zammad/contrib/nginx/zammad_ssl.conf)|ssl_dhparam /etc/nginx/ssl/dhparam.pem;|g" \
- -e "s|$(grep -m1 ssl_trusted_certificate /opt/zammad/contrib/nginx/zammad_ssl.conf)|#  ssl_trusted_certificate /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem;|g" \
  /opt/zammad/contrib/nginx/zammad_ssl.conf > /etc/nginx/sites-available/zammad_ssl.conf
 
 ln -sf /etc/nginx/sites-available/zammad_ssl.conf /etc/nginx/sites-enabled/
 
+
 # configure elasticsearch
 /usr/share/elasticsearch/bin/elasticsearch-plugin install -b ingest-attachment
 

src/zmb-member/install-service.sh

@@ -75,13 +75,8 @@ cat > /etc/samba/smb.conf <<EOF
 	shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(weekly\)\{0,1\}\(monthly\)\{0,1\}\(backup\)\{0,1\}\(manual\)\{0,1\}
 	shadow: delimiter = -20
 
-EOF
-
-IFS=',' read -r -a ZMB_SHARES_ARRAY <<< "$ZMB_SHARES"
-for ZMB_SHARE in "${ZMB_SHARES_ARRAY[@]}"
-do
-    cat >> /etc/samba/smb.conf << EOF
 [$ZMB_SHARE]
+	comment = Main Share
 	path = /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 	read only = No
 	create mask = 0660
@@ -89,7 +84,6 @@ do
 	inherit acls = Yes
 
 EOF
-done
 
 systemctl restart smbd
 
@@ -102,10 +96,6 @@ systemctl restart winbind nmbd
 wbinfo -u
 wbinfo -g
 
-unset ZMB_SHARE
-
-for ZMB_SHARE in "${ZMB_SHARES_ARRAY[@]}"
-do
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 
 # originally 'domain users' was set, added variable for domain admins group, samba wiki recommends separate group e.g. 'unix admins'
@@ -113,6 +103,5 @@ do
 
 setfacl -Rm u:${ZMB_ADMIN_USER@L}:rwx,g:"${ZMB_DOMAIN_ADMINS@L}":rwx,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 setfacl -Rdm u:${ZMB_ADMIN_USER@L}:rwx,g:"${ZMB_DOMAIN_ADMINS@L}":rwx,o::- /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
-done
 
 systemctl restart smbd nmbd winbind wsdd

src/zmb-standalone/install-service.sh

@@ -65,9 +65,6 @@ EOF
 
 net conf import /etc/samba/import.template
 
-IFS=',' read -r -a ZMB_SHARES_ARRAY <<< "$ZMB_SHARES"
-for ZMB_SHARE in "${ZMB_SHARES_ARRAY[@]}"
-do
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 chmod -R 770 /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
 chown -R $USER:root /$LXC_SHAREFS_MOUNTPOINT/$ZMB_SHARE
@@ -77,6 +74,5 @@ do
 net conf setparm $ZMB_SHARE browseable yes
 net conf setparm $ZMB_SHARE createmask 0660
 net conf setparm $ZMB_SHARE directorymask 0770
-done
 
 systemctl restart smbd nmbd wsdd